improve ssh_key handling
firecyberice opened this issue · 4 comments
Use-cases
When I create a ssh-key with terraform I need to save it to a file to be usable by:
resource "ionoscloud_server" "example" {
name = "Server Example"
ssh_key_path = ["path/to/key1", "path/to/key2"]
...
}
Attempted Solutions
I would prefer to have something like ssh_keys = ["ssh key 1", "ssh key 2"] instead. Please note the plural form keys as it is an array and not just a single key(string)
Proposal
For backwards compatibility one can adjust the resource like depicted in this example.
cat main.tf
// Current way of handling keys
variable "ssh_key_path" {
type = list(string)
default = [
"id_rsa.pub",
"id_rsa2.pub"
]
}
resource "local_file" "ssh_pub" {
for_each = toset(var.ssh_key_path)
content = format("ssh rsa ... %s", each.value)
file_permission = 0600
filename = each.value
}
// New way of handling keys
variable "ssh_key" {
type = list(string)
default = ["ssh rsa ... keyA", "ssh rsa ... keyB"]
}
locals {
// This for loop can also be added directly to the ionos resource
path_content = try([for i in var.ssh_key_path : trim(file(i),
"\n")], ["a", "b"])
}
output "keys" {
value = {
path = var.ssh_key_path
path_content = local.path_content
key_content = var.ssh_key
}
}
You just need to execute:
terraform fmt && terraform init && terraform validate
terraform apply -auto-approve # to create the demo key files
terraform apply -auto-approve # to create the correct output
terraform output -json keys | jq '.'
# cleanup afterwards
terraform destroy -auto-approve
rm -rf .terraform terraform.tfstate* .terraform.lock.hcl
References:
Other Cloud providers also reference the file content directly. And they manage sshkeys as dedicated resources.
Thanks for creating this, it's an interesting suggestion. We will take a look and prioritize accordingly.
Maybe we can allow ssk_key_path to take also keys directly, not only files and put a note that it will be renamed at a certain date to ssh_keys.
re-open until release