Add support for ssh_public_key string to align module usage with operator and bastion module

Question

Add support for ssh_public_key string to align module usage with operator and bastion module

calorbeer opened this issue 3 years ago · 4 comments

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Both oracle-terraform-modules bastian and operator modules support ssh public keys to be passed in as strings and as files. terraform-oci-compute-instance only supports files which makes it challenging to write terraform code that automatically assigns ssh keys.
Adding support for ssh_public_key would align all three modules in terms of ssh key usability.

New or Affected Resource(s)

oci_core_instance

Potential Terraform Configuration

Add the following two variables:

variable "ssh_public_key" {
  description = "the content of the ssh public key used to access the compute instance. set this or the ssh_public_key_path"
  default     = ""  
  type        = string
}
variable "ssh_public_key_path" {
  description = "path to the ssh public key used to access the compute instance. set this or the ssh_public_key"
  default     = ""
  type        = string
}

Replace

resource "oci_core_instance" "this" {
...
metadata = {    
  ssh_authorized_keys = file(var.ssh_authorized_keys)
]
...
}

by

resource "oci_core_instance" "this" {
...
metadata = {    
  ssh_authorized_keys = var.ssh_public_key != "" ? var.ssh_public_key : file(var.ssh_public_key_path)
]
...
}

References

Answer 1 · 2021-06-10T08:17:37.000Z

In order to keep backwards compatibility I'd like to propose a different solution:
ssh_authorized_keys is kept however metadata block is changed to

resource "oci_core_instance" "this" {
...
metadata = {
    ssh_authorized_keys = (var.ssh_public_key != "" ? var.ssh_public_key : 
                          (var.ssh_public_key_path != "" ? file(var.ssh_public_key_path) : 
                          (var.ssh_authorized_keys != "" ? file(var.ssh_authorized_keys) : "")))
...
   }
}

Answer 2 · 2021-08-26T19:11:20.000Z

@calorbeer version 2.2.0-RC1 was released. It includes the change you suggested on ssh public keys.
Give it a try when you can and let me know if that works for you :-)

Answer 3 · 2021-09-09T16:43:58.000Z

@kral2 It looks like there's an issue that ssh variables defaults to null. If var.ssh_public_key is set ssh ssh_authorized_keys is set correctly however if it's null the condition is also true and as a result it is set to null. The file statements are never reached. To avoid this the variables either need to default to "" or the conditions have to test for != null and "".

Answer 4 · 2021-09-09T20:08:04.000Z

Thank you for this feedback @calorbeer
I have opened #70, let's continue the discussion there.