From 25f0dd183b2e28a6d5a146e400e4e974ea0397e2 Mon Sep 17 00:00:00 2001 From: Will Smith Date: Thu, 25 Apr 2024 21:01:21 +0000 Subject: [PATCH] Added SSH key generation feature to AWS and OCI --- aws/multi_region/aws_key_pairs/README.md | 36 +++++++++++++++ aws/multi_region/aws_key_pairs/main.tf | 4 ++ aws/multi_region/aws_key_pairs/outputs.tf | 4 ++ aws/multi_region/aws_key_pairs/providers.tf | 9 ++++ aws/multi_region/aws_key_pairs/variables.tf | 9 ++++ aws/multi_region/deployment.tf | 51 +++++++++++++++++++-- aws/multi_region/outputs.tf | 4 ++ aws/multi_region/ssh_keys/README.md | 36 +++++++++++++++ aws/multi_region/ssh_keys/main.tf | 4 ++ aws/multi_region/ssh_keys/outputs.tf | 17 +++++++ aws/multi_region/ssh_keys/providers.tf | 13 ++++++ aws/multi_region/ssh_keys/variables.tf | 9 ++++ aws/standard/deployment.tf | 2 +- aws/standard/module/agent.tf | 2 +- aws/standard/module/db.tf | 2 +- aws/standard/module/guac_rdp.tf | 2 +- aws/standard/module/kms.tf | 4 ++ aws/standard/module/provider.tf | 4 ++ aws/standard/module/ssh_keys.tf | 16 +++++++ aws/standard/module/webapp.tf | 2 +- aws/standard/output.tf | 6 +++ digitalocean/single_server/module/dns.tf | 2 +- oci/single_server/deployment.tf | 6 +++ oci/single_server/module/instance.tf | 2 +- oci/single_server/module/ssh_keys.tf | 16 +++++++ oci/standard/deployment.tf | 6 +++ oci/standard/module/agent.tf | 2 +- oci/standard/module/bastion.tf | 2 +- oci/standard/module/cpx.tf | 2 +- oci/standard/module/db.tf | 2 +- oci/standard/module/ssh_keys.tf | 16 +++++++ oci/standard/module/webapp.tf | 2 +- 32 files changed, 277 insertions(+), 17 deletions(-) create mode 100644 aws/multi_region/aws_key_pairs/README.md create mode 100644 aws/multi_region/aws_key_pairs/main.tf create mode 100644 aws/multi_region/aws_key_pairs/outputs.tf create mode 100644 aws/multi_region/aws_key_pairs/providers.tf create mode 100644 aws/multi_region/aws_key_pairs/variables.tf create mode 100644 aws/multi_region/ssh_keys/README.md create mode 100644 aws/multi_region/ssh_keys/main.tf create mode 100644 aws/multi_region/ssh_keys/outputs.tf create mode 100644 aws/multi_region/ssh_keys/providers.tf create mode 100644 aws/multi_region/ssh_keys/variables.tf create mode 100644 aws/standard/module/kms.tf create mode 100644 aws/standard/module/ssh_keys.tf create mode 100644 oci/single_server/module/ssh_keys.tf create mode 100644 oci/standard/module/ssh_keys.tf diff --git a/aws/multi_region/aws_key_pairs/README.md b/aws/multi_region/aws_key_pairs/README.md new file mode 100644 index 0000000..8c1602b --- /dev/null +++ b/aws/multi_region/aws_key_pairs/README.md @@ -0,0 +1,36 @@ +# ssh_keys + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | ~> 1.0 | +| [tls](#requirement\_tls) | ~> 4.0 | + +## Providers + +| Name | Version | +|------|---------| +| [tls](#provider\_tls) | 4.0.4 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [tls_private_key.ssh_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [ssh\_key\_info](#output\_ssh\_key\_info) | SSH Keys for use with Kasm Deployment | + diff --git a/aws/multi_region/aws_key_pairs/main.tf b/aws/multi_region/aws_key_pairs/main.tf new file mode 100644 index 0000000..8fb41c1 --- /dev/null +++ b/aws/multi_region/aws_key_pairs/main.tf @@ -0,0 +1,4 @@ +resource "aws_key_pair" "ssh_keys" { + key_name = "${var.project_name}-ssh-key" + public_key = var.ssh_authorized_keys +} \ No newline at end of file diff --git a/aws/multi_region/aws_key_pairs/outputs.tf b/aws/multi_region/aws_key_pairs/outputs.tf new file mode 100644 index 0000000..82e92c5 --- /dev/null +++ b/aws/multi_region/aws_key_pairs/outputs.tf @@ -0,0 +1,4 @@ +output "aws_key_pair_name" { + description = "The name of an aws keypair to use." + value = aws_key_pair.ssh_keys.key_name +} \ No newline at end of file diff --git a/aws/multi_region/aws_key_pairs/providers.tf b/aws/multi_region/aws_key_pairs/providers.tf new file mode 100644 index 0000000..a8d9277 --- /dev/null +++ b/aws/multi_region/aws_key_pairs/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } +} diff --git a/aws/multi_region/aws_key_pairs/variables.tf b/aws/multi_region/aws_key_pairs/variables.tf new file mode 100644 index 0000000..6e7c1b4 --- /dev/null +++ b/aws/multi_region/aws_key_pairs/variables.tf @@ -0,0 +1,9 @@ +variable "ssh_authorized_keys" { + description = "The SSH Public Keys to be installed on the OCI compute instance" + type = string +} + +variable "project_name" { + description = "The name of the deployment (e.g dev, staging). A short single word" + type = string +} \ No newline at end of file diff --git a/aws/multi_region/deployment.tf b/aws/multi_region/deployment.tf index 29c27f8..b0e5920 100644 --- a/aws/multi_region/deployment.tf +++ b/aws/multi_region/deployment.tf @@ -1,3 +1,14 @@ +########################################################### +# Define SSH Keys to use for Deployment +# This key pair will be replicated across each region below +########################################################### +module "ssh_keys" { + source = "./ssh_keys" + + ssh_authorized_keys = var.ssh_authorized_keys + project_name = var.project_name +} + ########################################################### # Define a primary region. # This will house the Kasm Workspaces DB, and a set of @@ -22,7 +33,7 @@ module "primary_region" { admin_password = var.admin_password manager_token = var.manager_token service_registration_token = var.service_registration_token - aws_key_pair = var.aws_key_pair + aws_key_pair = module.primary_aws_key_pairs.aws_key_pair_name aws_domain_name = var.aws_domain_name web_access_cidrs = var.web_access_cidrs create_aws_ssm_iam_role = var.create_aws_ssm_iam_role @@ -61,7 +72,7 @@ module "primary_region_webapps_and_agents" { redis_password = var.redis_password manager_token = var.manager_token service_registration_token = var.service_registration_token - aws_key_pair = var.aws_key_pair + aws_key_pair = module.primary_aws_key_pairs.aws_key_pair_name kasm_db_ip = module.primary_region.kasm_db_ip primary_vpc_id = module.primary_region.primary_vpc_id certificate_arn = module.primary_region.certificate_arn @@ -69,6 +80,12 @@ module "primary_region_webapps_and_agents" { aws_ssm_instance_profile_name = var.aws_ssm_instance_profile_name } +module "primary_aws_key_pairs" { + source = "./aws_key_pairs" + ssh_authorized_keys = module.ssh_keys.ssh_public_key + project_name = var.project_name +} + ##################################################################### # # Add a webapp and agent module for each additional region desired. @@ -84,6 +101,7 @@ module "region2_webapps" { webapp_instance_type = var.webapp_instance_type webapp_hdd_size_gb = var.webapp_hdd_size_gb swap_size = var.swap_size + aws_key_pair = module.region2_aws_key_pairs.aws_key_pair_name ec2_ami = var.primary_region_ec2_ami_id webapp_subnet_ids = module.primary_region.webapp_subnet_ids webapp_security_group_id = module.primary_region.webapp_security_group_id @@ -94,7 +112,7 @@ module "region2_webapps" { database_password = var.database_password redis_password = var.redis_password manager_token = var.manager_token - aws_key_pair = var.aws_key_pair + kasm_db_ip = module.primary_region.kasm_db_ip primary_vpc_id = module.primary_region.primary_vpc_id certificate_arn = module.primary_region.certificate_arn @@ -120,7 +138,7 @@ module "region2_agents" { aws_domain_name = var.aws_domain_name project_name = var.project_name kasm_build = var.kasm_build - aws_key_pair = var.aws_key_pair + aws_key_pair = module.region2_aws_key_pairs.aws_key_pair_name manager_token = var.manager_token service_registration_token = var.service_registration_token aws_ssm_instance_profile_name = var.aws_ssm_instance_profile_name @@ -131,6 +149,18 @@ module "region2_agents" { } } +module "region2_aws_key_pairs" { + source = "./aws_key_pairs" + + ssh_authorized_keys = module.ssh_keys.ssh_public_key + project_name = var.project_name + + providers = { + aws = aws.region2 + } +} + + ######################################################################### # # Uncomment the below section and update the provider and the settings @@ -158,7 +188,7 @@ module "region2_agents" { # database_password = var.database_password # redis_password = var.redis_password # manager_token = var.manager_token -# aws_key_pair = var.aws_key_pair +# aws_key_pair = module.region2_aws_key_pairs # kasm_db_ip = module.primary_region.kasm_db_ip # primary_vpc_id = module.primary_region.primary_vpc_id # certificate_arn = module.primary_region.certificate_arn @@ -195,3 +225,14 @@ module "region2_agents" { # aws = aws.region3 # } # } + +# module "region3_aws_key_pairs" { +# source = "./aws_key_pairs" + +# ssh_authorized_keys = module.ssh_keys.ssh_public_key +# project_name = var.project_name + +# providers = { +# aws = aws.region3 +# } +# } \ No newline at end of file diff --git a/aws/multi_region/outputs.tf b/aws/multi_region/outputs.tf index 776357b..0ff0b93 100644 --- a/aws/multi_region/outputs.tf +++ b/aws/multi_region/outputs.tf @@ -16,6 +16,10 @@ Proxy address: ${join("", slice(split("-", var.secondary_regio ZONE } +output "ssh_keys" { + description = "SSH Keys to be used with your Kasm Deployment" + value = module.ssh_keys.ssh_key_info +} ######################################################################### # # Uncomment the below section and update the provider and the settings diff --git a/aws/multi_region/ssh_keys/README.md b/aws/multi_region/ssh_keys/README.md new file mode 100644 index 0000000..8c1602b --- /dev/null +++ b/aws/multi_region/ssh_keys/README.md @@ -0,0 +1,36 @@ +# ssh_keys + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | ~> 1.0 | +| [tls](#requirement\_tls) | ~> 4.0 | + +## Providers + +| Name | Version | +|------|---------| +| [tls](#provider\_tls) | 4.0.4 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [tls_private_key.ssh_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [ssh\_key\_info](#output\_ssh\_key\_info) | SSH Keys for use with Kasm Deployment | + diff --git a/aws/multi_region/ssh_keys/main.tf b/aws/multi_region/ssh_keys/main.tf new file mode 100644 index 0000000..859d1aa --- /dev/null +++ b/aws/multi_region/ssh_keys/main.tf @@ -0,0 +1,4 @@ +resource "tls_private_key" "ssh_key" { + count = var.ssh_authorized_keys == "" ? 1 : 0 + algorithm = "ED25519" +} diff --git a/aws/multi_region/ssh_keys/outputs.tf b/aws/multi_region/ssh_keys/outputs.tf new file mode 100644 index 0000000..96ca61d --- /dev/null +++ b/aws/multi_region/ssh_keys/outputs.tf @@ -0,0 +1,17 @@ +output "ssh_key_info" { + description = "SSH Keys for use with Kasm Deployment" + value = <<-SSHKEYS + SSH Keys: + %{if var.ssh_authorized_keys == ""} + Public Key: ${tls_private_key.ssh_key[0].public_key_openssh} + Private Key: + ${tls_private_key.ssh_key[0].private_key_openssh} + %{endif} + SSHKEYS +} + +output "ssh_public_key" { + description = "The name of an aws keypair to use." + value = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys + +} \ No newline at end of file diff --git a/aws/multi_region/ssh_keys/providers.tf b/aws/multi_region/ssh_keys/providers.tf new file mode 100644 index 0000000..a93c06f --- /dev/null +++ b/aws/multi_region/ssh_keys/providers.tf @@ -0,0 +1,13 @@ +terraform { + required_version = "~> 1.0" + required_providers { + tls = { + source = "hashicorp/tls" + version = "~> 4.0" + } + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } +} diff --git a/aws/multi_region/ssh_keys/variables.tf b/aws/multi_region/ssh_keys/variables.tf new file mode 100644 index 0000000..6e7c1b4 --- /dev/null +++ b/aws/multi_region/ssh_keys/variables.tf @@ -0,0 +1,9 @@ +variable "ssh_authorized_keys" { + description = "The SSH Public Keys to be installed on the OCI compute instance" + type = string +} + +variable "project_name" { + description = "The name of the deployment (e.g dev, staging). A short single word" + type = string +} \ No newline at end of file diff --git a/aws/standard/deployment.tf b/aws/standard/deployment.tf index 2a8c189..66d1abf 100644 --- a/aws/standard/deployment.tf +++ b/aws/standard/deployment.tf @@ -1,6 +1,5 @@ module "standard" { source = "./module" - aws_key_pair = var.aws_key_pair aws_region = var.aws_region aws_domain_name = var.aws_domain_name project_name = var.project_name @@ -23,6 +22,7 @@ module "standard" { cpx_hdd_size_gb = var.cpx_hdd_size_gb ec2_ami = var.ec2_ami_id swap_size = var.swap_size + ssh_authorized_keys = var.ssh_authorized_keys web_access_cidrs = var.web_access_cidrs database_password = var.database_password diff --git a/aws/standard/module/agent.tf b/aws/standard/module/agent.tf index 045739b..f48219a 100644 --- a/aws/standard/module/agent.tf +++ b/aws/standard/module/agent.tf @@ -5,7 +5,7 @@ resource "aws_instance" "agent" { instance_type = var.agent_instance_type vpc_security_group_ids = [aws_security_group.agent.id] subnet_id = aws_subnet.agent.id - key_name = var.aws_key_pair + key_name = aws_key_pair.ssh_keys.key_name iam_instance_profile = one(aws_iam_instance_profile.this[*].id) associate_public_ip_address = true diff --git a/aws/standard/module/db.tf b/aws/standard/module/db.tf index 5bc6f56..89e88d5 100644 --- a/aws/standard/module/db.tf +++ b/aws/standard/module/db.tf @@ -3,7 +3,7 @@ resource "aws_instance" "db" { instance_type = var.db_instance_type vpc_security_group_ids = [aws_security_group.db.id] subnet_id = aws_subnet.db.id - key_name = var.aws_key_pair + key_name = aws_key_pair.ssh_keys.key_name iam_instance_profile = one(aws_iam_instance_profile.this[*].id) root_block_device { diff --git a/aws/standard/module/guac_rdp.tf b/aws/standard/module/guac_rdp.tf index d21f4ab..ac876be 100644 --- a/aws/standard/module/guac_rdp.tf +++ b/aws/standard/module/guac_rdp.tf @@ -5,7 +5,7 @@ resource "aws_instance" "cpx" { instance_type = var.cpx_instance_type vpc_security_group_ids = aws_security_group.cpx[*].id subnet_id = one(aws_subnet.cpx[*].id) - key_name = var.aws_key_pair + key_name = aws_key_pair.ssh_keys.key_name iam_instance_profile = one(aws_iam_instance_profile.this[*].id) root_block_device { diff --git a/aws/standard/module/kms.tf b/aws/standard/module/kms.tf new file mode 100644 index 0000000..831138b --- /dev/null +++ b/aws/standard/module/kms.tf @@ -0,0 +1,4 @@ +resource "aws_key_pair" "ssh_keys" { + key_name = "${var.project_name}-ssh-key" + public_key = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys +} \ No newline at end of file diff --git a/aws/standard/module/provider.tf b/aws/standard/module/provider.tf index d50a6bd..e67f361 100644 --- a/aws/standard/module/provider.tf +++ b/aws/standard/module/provider.tf @@ -6,5 +6,9 @@ terraform { source = "hashicorp/aws" version = "~> 5.0" } + tls = { + source = "hashicorp/tls" + version = "~> 4.0" + } } } diff --git a/aws/standard/module/ssh_keys.tf b/aws/standard/module/ssh_keys.tf new file mode 100644 index 0000000..e7e0034 --- /dev/null +++ b/aws/standard/module/ssh_keys.tf @@ -0,0 +1,16 @@ +resource "tls_private_key" "ssh_key" { + count = var.ssh_authorized_keys == "" ? 1 : 0 + algorithm = "ED25519" +} + +output "ssh_key_info" { + description = "SSH Keys for use with Kasm Deployment" + value = <<-SSHKEYS + SSH Keys: + %{if var.ssh_authorized_keys == ""} + Public Key: ${tls_private_key.ssh_key[0].public_key_openssh} + Private Key: + ${tls_private_key.ssh_key[0].private_key_openssh} + %{endif} + SSHKEYS +} \ No newline at end of file diff --git a/aws/standard/module/webapp.tf b/aws/standard/module/webapp.tf index d29d35c..e00a3cf 100644 --- a/aws/standard/module/webapp.tf +++ b/aws/standard/module/webapp.tf @@ -5,7 +5,7 @@ resource "aws_instance" "webapp" { instance_type = var.webapp_instance_type vpc_security_group_ids = [aws_security_group.webapp.id] subnet_id = aws_subnet.webapp[count.index].id - key_name = var.aws_key_pair + key_name = aws_key_pair.ssh_keys.key_name iam_instance_profile = one(aws_iam_instance_profile.this[*].id) root_block_device { diff --git a/aws/standard/output.tf b/aws/standard/output.tf index f119c29..897d68e 100644 --- a/aws/standard/output.tf +++ b/aws/standard/output.tf @@ -5,3 +5,9 @@ Kam Zone configuration for zone: default Upstream Auth address: ${var.aws_region}-private.${var.aws_domain_name} ZONE } + +output "ssh_key_info" { + description = "SSH Keys to use with Kasm Deployment" + value = module.standard.ssh_key_info + sensitive = true +} diff --git a/digitalocean/single_server/module/dns.tf b/digitalocean/single_server/module/dns.tf index ec051c2..1a6cc6a 100644 --- a/digitalocean/single_server/module/dns.tf +++ b/digitalocean/single_server/module/dns.tf @@ -16,7 +16,7 @@ resource "digitalocean_record" "static" { resource "digitalocean_certificate" "cert" { name = "${var.project_name}-cert" type = "lets_encrypt" - domains = [digitalocean_domain.default.id] + domains = [digitalocean_domain.default.name] lifecycle { create_before_destroy = true diff --git a/oci/single_server/deployment.tf b/oci/single_server/deployment.tf index b4bf79e..3ca37eb 100644 --- a/oci/single_server/deployment.tf +++ b/oci/single_server/deployment.tf @@ -34,3 +34,9 @@ module "kasm" { admin_password = var.admin_password user_password = var.user_password } + +output "ssh_key_info" { + description = "SSH Keys to use with Kasm Deployment" + value = module.standard.ssh_key_info + sensitive = true +} \ No newline at end of file diff --git a/oci/single_server/module/instance.tf b/oci/single_server/module/instance.tf index 578feed..d755ec7 100644 --- a/oci/single_server/module/instance.tf +++ b/oci/single_server/module/instance.tf @@ -24,7 +24,7 @@ resource "oci_core_instance" "kasm_instance" { } metadata = { - ssh_authorized_keys = var.ssh_authorized_keys + ssh_authorized_keys = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys user_data = base64encode(templatefile("${path.module}/userdata/bootstrap.sh", { kasm_build_url = var.kasm_build_url diff --git a/oci/single_server/module/ssh_keys.tf b/oci/single_server/module/ssh_keys.tf new file mode 100644 index 0000000..e7e0034 --- /dev/null +++ b/oci/single_server/module/ssh_keys.tf @@ -0,0 +1,16 @@ +resource "tls_private_key" "ssh_key" { + count = var.ssh_authorized_keys == "" ? 1 : 0 + algorithm = "ED25519" +} + +output "ssh_key_info" { + description = "SSH Keys for use with Kasm Deployment" + value = <<-SSHKEYS + SSH Keys: + %{if var.ssh_authorized_keys == ""} + Public Key: ${tls_private_key.ssh_key[0].public_key_openssh} + Private Key: + ${tls_private_key.ssh_key[0].private_key_openssh} + %{endif} + SSHKEYS +} \ No newline at end of file diff --git a/oci/standard/deployment.tf b/oci/standard/deployment.tf index c36861b..8f2d55b 100644 --- a/oci/standard/deployment.tf +++ b/oci/standard/deployment.tf @@ -44,3 +44,9 @@ module "kasm" { database_password = var.database_password service_registration_token = var.service_registration_token } + +output "ssh_key_info" { + description = "SSH Keys to use with Kasm Deployment" + value = module.standard.ssh_key_info + sensitive = true +} diff --git a/oci/standard/module/agent.tf b/oci/standard/module/agent.tf index d23146b..3c8e76a 100644 --- a/oci/standard/module/agent.tf +++ b/oci/standard/module/agent.tf @@ -27,7 +27,7 @@ resource "oci_core_instance" "agent" { metadata = { - ssh_authorized_keys = var.ssh_authorized_keys + ssh_authorized_keys = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys user_data = base64encode(templatefile("${path.module}/userdata/agent_bootstrap.sh", { kasm_build_url = var.kasm_build_url diff --git a/oci/standard/module/bastion.tf b/oci/standard/module/bastion.tf index 214bd30..02d6663 100644 --- a/oci/standard/module/bastion.tf +++ b/oci/standard/module/bastion.tf @@ -25,6 +25,6 @@ resource "oci_core_instance" "bastion" { } metadata = { - ssh_authorized_keys = var.ssh_authorized_keys + ssh_authorized_keys = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys } } diff --git a/oci/standard/module/cpx.tf b/oci/standard/module/cpx.tf index 58ddc8c..cbd6f0f 100644 --- a/oci/standard/module/cpx.tf +++ b/oci/standard/module/cpx.tf @@ -27,7 +27,7 @@ resource "oci_core_instance" "cpx" { metadata = { - ssh_authorized_keys = var.ssh_authorized_keys + ssh_authorized_keys = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys user_data = base64encode(templatefile("${path.module}/userdata/cpx_bootstrap.sh", { kasm_build_url = var.kasm_build_url diff --git a/oci/standard/module/db.tf b/oci/standard/module/db.tf index 1c8694f..cc8be68 100644 --- a/oci/standard/module/db.tf +++ b/oci/standard/module/db.tf @@ -24,7 +24,7 @@ resource "oci_core_instance" "db" { } metadata = { - ssh_authorized_keys = var.ssh_authorized_keys + ssh_authorized_keys = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys user_data = base64encode(templatefile("${path.module}/userdata/db_bootstrap.sh", { kasm_build_url = var.kasm_build_url diff --git a/oci/standard/module/ssh_keys.tf b/oci/standard/module/ssh_keys.tf new file mode 100644 index 0000000..e7e0034 --- /dev/null +++ b/oci/standard/module/ssh_keys.tf @@ -0,0 +1,16 @@ +resource "tls_private_key" "ssh_key" { + count = var.ssh_authorized_keys == "" ? 1 : 0 + algorithm = "ED25519" +} + +output "ssh_key_info" { + description = "SSH Keys for use with Kasm Deployment" + value = <<-SSHKEYS + SSH Keys: + %{if var.ssh_authorized_keys == ""} + Public Key: ${tls_private_key.ssh_key[0].public_key_openssh} + Private Key: + ${tls_private_key.ssh_key[0].private_key_openssh} + %{endif} + SSHKEYS +} \ No newline at end of file diff --git a/oci/standard/module/webapp.tf b/oci/standard/module/webapp.tf index b881218..eb99776 100644 --- a/oci/standard/module/webapp.tf +++ b/oci/standard/module/webapp.tf @@ -26,7 +26,7 @@ resource "oci_core_instance" "webapp" { } metadata = { - ssh_authorized_keys = var.ssh_authorized_keys + ssh_authorized_keys = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys user_data = base64encode(templatefile("${path.module}/userdata/webapp_bootstrap.sh", { kasm_build_url = var.kasm_build_url