fix(key-pair): add the automatic Key Pair generation

.gitignore

@@ -27,3 +27,6 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+
+# Key Pair files
+keypairs/**/*

README.md

@@ -17,7 +17,7 @@ Terraform project that deploys VSCode Server on Oracle Cloud Infrastructure usin
 - [x] Attach the block volume to the instance
 - [x] Create the instance on free tier (4 vCPU, 24GB memory)
 - [x] Configure the instance and install VSCode Server with Cloud Init
-- [ ] Create automatically the SSH key pair
+- [x] Create automatically the SSH key pair
 - [ ] Mount and format the block volume on `/data` (WIP)
 - [ ] Encrypt the block volume with a KMS key
 - [ ] Configure backups of the block volume only (WIP)

instance.tf

@@ -63,8 +63,8 @@ resource "oci_core_instance" "instance" {
   }
 
   metadata = {
-    #  ssh_authorized_keys = var.ssh_public_key
-    user_data = base64encode(data.template_cloudinit_config.cloudinit.rendered)
+    ssh_authorized_keys = tls_private_key.default[0].public_key_openssh
+    user_data           = base64encode(data.template_cloudinit_config.cloudinit.rendered)
   }
 
   preemptible_instance_config {

keypair.tf

@@ -0,0 +1,75 @@
+locals {
+  key_name = var.keypair_name != null ? var.keypair_name : "${var.namespace}-keypair-${var.stage}"
+
+  public_key_filename = format(
+    "%s%s",
+    local.key_name,
+    var.keypair_public_key_extension
+  )
+
+  public_key_path = format(
+    "%s/%s",
+    var.keypair_public_key_path,
+    local.public_key_filename
+  )
+
+  private_key_filename = format(
+    "%s%s",
+    local.key_name,
+    var.keypair_private_key_extension
+  )
+
+  private_key_path = format(
+    "%s/%s",
+    var.keypair_public_key_path,
+    local.private_key_filename
+  )
+}
+
+# Generate the key pair
+resource "tls_private_key" "default" {
+  count     = var.keypair_public_key != null ? 0 : 1
+  algorithm = var.keypair_key_algorithm
+}
+
+resource "local_file" "public_key_openssh" {
+  count      = var.keypair_public_key != null ? 0 : 1
+  depends_on = [tls_private_key.default]
+  content    = tls_private_key.default[0].public_key_openssh
+  filename   = local.public_key_path
+}
+
+resource "local_file" "private_key_pem" {
+  count      = var.keypair_public_key != null ? 0 : 1
+  depends_on = [tls_private_key.default]
+  content    = tls_private_key.default[0].private_key_pem
+  filename   = local.private_key_path
+}
+
+# Change permission to the Public Key
+resource "null_resource" "public_key_chmod" {
+  count      = var.keypair_public_key != null && var.keypair_chmod_command_public != "" ? 0 : 1
+  depends_on = [local_file.public_key_openssh]
+
+  triggers = {
+    local_file_public_key_openssh = "local_file.public_key_openssh"
+  }
+
+  provisioner "local-exec" {
+    command = format(var.keypair_chmod_command_public, local.public_key_path)
+  }
+}
+
+# Change permission to the Private Key
+resource "null_resource" "private_key_chmod" {
+  count      = var.keypair_private_key != null && var.keypair_chmod_command_private != "" ? 1 : 0
+  depends_on = [local_file.private_key_pem]
+
+  triggers = {
+    local_file_private_key_pem = "local_file.private_key_pem"
+  }
+
+  provisioner "local-exec" {
+    command = format(var.keypair_chmod_command_private, local.private_key_path)
+  }
+}

variables.tf

@@ -108,6 +108,64 @@ variable "vscode_version" {
   default     = "4.4.0"
 }
 
+#############################
+# Key Pairs
+#############################
+
+variable "keypair_name" {
+  type        = string
+  description = "Name of the Key Pair (instance or service for ex.)"
+  default     = null
+}
+
+variable "keypair_public_key" {
+  type        = string
+  description = "A pregenerated OpenSSH-formatted public key. Changing this creates a new keypair. If a public key is not specified, then a public/private key pair will be automatically generated. If a pair is created, then destroying this resource means you will lose access to that keypair forever."
+  default     = null
+}
+
+variable "keypair_public_key_path" {
+  type        = string
+  description = "Path to Public Key directory (e.g. `/keypairs`)"
+  default     = "./keypairs"
+}
+
+variable "keypair_key_algorithm" {
+  type        = string
+  description = "Key Pair algorithm"
+  default     = "RSA"
+}
+
+variable "keypair_private_key" {
+  type        = string
+  description = "A pregenerated OpenSSH-formatted private key. Changing this creates a new keypair. If a private key is not specified, then a public/private key pair will be automatically generated. If a pair is created, then destroying this resource means you will lose access to that keypair forever."
+  default     = null
+}
+
+variable "keypair_private_key_extension" {
+  type        = string
+  description = "Private key extension"
+  default     = ""
+}
+
+variable "keypair_public_key_extension" {
+  type        = string
+  description = "Public key extension"
+  default     = ".pub"
+}
+
+variable "keypair_chmod_command_public" {
+  type        = string
+  description = "Template of the command executed on the public key file"
+  default     = "chmod 600 %v"
+}
+
+variable "keypair_chmod_command_private" {
+  type        = string
+  description = "Template of the command executed on the private key file"
+  default     = "chmod 400 %v"
+}
+
 #############################
 # Labels
 #############################

versions.tf

@@ -10,5 +10,17 @@ terraform {
       source  = "hashicorp/template"
       version = "2.2.0"
     }
+    null = {
+      source  = "hashicorp/null"
+      version = "3.1.1"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = "2.2.2"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "3.4.0"
+    }
   }
 }