provider/aws: Add aws_iam_user_ssh_key resource
#5774
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
👍 LGTM! |
jen20
added a commit
that referenced
this pull request
Mar 22, 2016
provider/aws: Add `aws_iam_user_ssh_key` resource
keymon
added a commit
to alphagov/paas-cf
that referenced
this pull request
Mar 22, 2016
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. But terraform does not currently support upload ssh keys, although the PR is in master and will be released soon: hashicorp/terraform#5744 hashicorp/terraform#5774 To workaround this, we implemented the following workaround: 1. One template_file which contains the public key. If it changes, it will run a script `aws-upload-aws-key.sh` to upload the SSH key to the user. The script takes care of duplicates. 2. A template_file resource will read from a `id_rsa_key_id`, and execute a script to query the ID if the file has changed since last execution. This ensures that the file is updated. We must commit a empty file to avoid terraform fail the first run. 3. Another template_file which reads the previous populated `id_rsa_key_id` file. This allows read the file content and expose it as a terraform output. This workaround can be removed and replaced as the resource `aws_iam_user_ssh_key` is supported and released in the official terraform release.
keymon
added a commit
to alphagov/paas-cf
that referenced
this pull request
Mar 23, 2016
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. But terraform does not currently support upload ssh keys, although the PR is in master and will be released soon: hashicorp/terraform#5744 hashicorp/terraform#5774 To workaround this, we implemented the following workaround: 1. One template_file which contains the public key. If it changes, it will run a script `aws-upload-aws-key.sh` to upload the SSH key to the user. The script takes care of duplicates. 2. A template_file resource will read from a `id_rsa_key_id`, and execute a script to query the ID if the file has changed since last execution. This ensures that the file is updated. We must commit a empty file to avoid terraform fail the first run. 3. Another template_file which reads the previous populated `id_rsa_key_id` file. This allows read the file content and expose it as a terraform output. This workaround can be removed and replaced as the resource `aws_iam_user_ssh_key` is supported and released in the official terraform release.
keymon
added a commit
to alphagov/paas-cf
that referenced
this pull request
Mar 23, 2016
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. We use the resource `aws_iam_user_ssh_key` which has been added in this issue and PR: hashicorp/terraform#5744 hashicorp/terraform#5774
keymon
added a commit
to alphagov/paas-cf
that referenced
this pull request
Mar 23, 2016
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. We use the resource `aws_iam_user_ssh_key` which has been added in this issue and PR: hashicorp/terraform#5744 hashicorp/terraform#5774
keymon
added a commit
to alphagov/paas-cf
that referenced
this pull request
Mar 23, 2016
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. We use the resource `aws_iam_user_ssh_key` which has been added in this issue and PR: hashicorp/terraform#5744 hashicorp/terraform#5774
keymon
added a commit
to alphagov/paas-cf
that referenced
this pull request
Mar 23, 2016
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. We use the resource `aws_iam_user_ssh_key` which has been added in this issue and PR: hashicorp/terraform#5744 hashicorp/terraform#5774
keymon
added a commit
to alphagov/paas-cf
that referenced
this pull request
Mar 23, 2016
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. We use the resource `aws_iam_user_ssh_key` which has been added in this issue and PR: hashicorp/terraform#5744 hashicorp/terraform#5774
dcarley
added a commit
to alphagov/paas-docker-cloudfoundry-tools
that referenced
this pull request
Apr 29, 2016
This isn't as big a jump as this individual commit suggests because we were already using a pre-release version of 0.6.15 in 57cc1a9. We are upgrading so that we no longer need to build from source to benefit from these fixes: - hashicorp/terraform#5774 - hashicorp/terraform#5904 The CHANGELOG doesn't mention any backwards-incompatible changes. New checksum has been taken from: - https://releases.hashicorp.com/terraform/0.6.15/terraform_0.6.15_SHA256SUMS
dcarley
added a commit
to alphagov/paas-docker-cloudfoundry-tools
that referenced
this pull request
Apr 29, 2016
This isn't as big a jump as this individual commit suggests because we were already using a pre-release version of 0.6.15 in 57cc1a9. We are upgrading so that we no longer need to build from source to benefit from these fixes: - hashicorp/terraform#5774 - hashicorp/terraform#5904 The CHANGELOG doesn't mention any backwards-incompatible changes. New checksum has been taken from: - https://releases.hashicorp.com/terraform/0.6.15/terraform_0.6.15_SHA256SUMS
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As requested in #5744