chore: fix deployment issues for virtual machine (#966)

<!--- Provide a general summary of your changes in the Title above -->

## Description

<!--- Describe your changes in detail -->
- Use correct ssh key, directly from github secrets as key vault
reference is not supported
- Remove unnecessary property

## Related Issue(s)

- #{issue number}

## Verification

- [ ] **Your** code builds clean without any errors or warnings
- [ ] Manual testing done (required)
- [ ] Relevant automated test added (if you find this hard, leave it and
we'll help out)

## Documentation

- [ ] Documentation is updated (either in `docs`-directory, Altinnpedia
or a separate linked PR in
[altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if
applicable)

.azure/infrastructure/main.bicep

@@ -31,10 +31,10 @@ param sourceKeyVaultResourceGroup string
 @minLength(3)
 param sourceKeyVaultName string
 
-@description('SSH secret key for the ssh jumper')
+@description('SSH public key for the ssh jumper')
 @secure()
 @minLength(3)
-param sourceKeyVaultSshJumperSshSecretKey string
+param sourceKeyVaultSshJumperSshPublicKey string
 
 import { Sku as KeyVaultSku } from '../modules/keyvault/create.bicep'
 param keyVaultSku KeyVaultSku
@@ -64,7 +64,7 @@ var secrets = {
   sourceKeyVaultSubscriptionId: sourceKeyVaultSubscriptionId
   sourceKeyVaultResourceGroup: sourceKeyVaultResourceGroup
   sourceKeyVaultName: sourceKeyVaultName
-  sourceKeyVaultSshSecretKey: sourceKeyVaultSshJumperSshSecretKey
+  sourceKeyVaultSshJumperSshPublicKey: sourceKeyVaultSshJumperSshPublicKey
 }
 
 var namePrefix = 'dp-be-${environment}'
@@ -164,10 +164,7 @@ module sshJumper '../modules/ssh-jumper/main.bicep' = {
     location: location
     subnetId: vnet.outputs.defaultSubnetId
     tags: tags
-    srcKeyVaultName: secrets.sourceKeyVaultName
-    srcKeyVaultSubId: secrets.sourceKeyVaultSubscriptionId
-    srcKeyVaultRGNName: secrets.sourceKeyVaultResourceGroup
-    srcKeyVaultSshSecretKey: secrets.sourceKeyVaultSshSecretKey
+    sshPublicKey: secrets.sourceKeyVaultSshJumperSshPublicKey
   }
 }
 

.azure/infrastructure/production.bicepparam

@@ -11,7 +11,7 @@ param dialogportenPgAdminPassword = readEnvironmentVariable('PG_ADMIN_PASSWORD')
 param sourceKeyVaultSubscriptionId = readEnvironmentVariable('SOURCE_KEY_VAULT_SUBSCRIPTION_ID')
 param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RESOURCE_GROUP')
 param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME')
-param sourceKeyVaultSshJumperSshSecretKey = readEnvironmentVariable('SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY')
+param sshJumperAdminPassword = readEnvironmentVariable('SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY')
 
 // SKUs
 param keyVaultSku = {

.azure/infrastructure/soak.bicepparam

@@ -11,7 +11,7 @@ param dialogportenPgAdminPassword = readEnvironmentVariable('PG_ADMIN_PASSWORD')
 param sourceKeyVaultSubscriptionId = readEnvironmentVariable('SOURCE_KEY_VAULT_SUBSCRIPTION_ID')
 param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RESOURCE_GROUP')
 param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME')
-param sourceKeyVaultSshJumperSshSecretKey = readEnvironmentVariable('SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY')
+param sshJumperAdminPassword = readEnvironmentVariable('SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY')
 
 // SKUs
 param keyVaultSku = {

.azure/infrastructure/staging.bicepparam

@@ -11,7 +11,7 @@ param dialogportenPgAdminPassword = readEnvironmentVariable('PG_ADMIN_PASSWORD')
 param sourceKeyVaultSubscriptionId = readEnvironmentVariable('SOURCE_KEY_VAULT_SUBSCRIPTION_ID')
 param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RESOURCE_GROUP')
 param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME')
-param sourceKeyVaultSshJumperSshSecretKey = readEnvironmentVariable('SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY')
+param sshJumperAdminPassword = readEnvironmentVariable('SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY')
 
 // SKUs
 param keyVaultSku = {

.azure/infrastructure/test.bicepparam

@@ -11,7 +11,7 @@ param dialogportenPgAdminPassword = readEnvironmentVariable('PG_ADMIN_PASSWORD')
 param sourceKeyVaultSubscriptionId = readEnvironmentVariable('SOURCE_KEY_VAULT_SUBSCRIPTION_ID')
 param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RESOURCE_GROUP')
 param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME')
-param sourceKeyVaultSshJumperSshSecretKey = readEnvironmentVariable('SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY')
+param sourceKeyVaultSshJumperSshPublicKey = readEnvironmentVariable('SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY')
 
 // SKUs
 param keyVaultSku = {

.azure/modules/ssh-jumper/main.bicep

@@ -10,26 +10,12 @@ param subnetId string
 @description('Tags to be applied to the resource')
 param tags object
 
-@description('The name of the source Key Vault')
-param srcKeyVaultName string
-
-@description('The subscription ID of the source Key Vault')
-param srcKeyVaultSubId string
-
-@description('The resource group name of the source Key Vault')
-param srcKeyVaultRGNName string
-
-@description('The SSH secret key to be used to get the ssh key for the virtual machine')
+@description('The SSH public key to be used for the virtual machine')
 @secure()
-param srcKeyVaultSshSecretKey string
+param sshPublicKey string
 
 var name = '${namePrefix}-ssh-jumper'
 
-resource srcKeyVaultResource 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
-  name: srcKeyVaultName
-  scope: resourceGroup(srcKeyVaultSubId, srcKeyVaultRGNName)
-}
-
 resource publicIp 'Microsoft.Network/publicIPAddresses@2023-11-01' = {
   name: '${name}-ip'
   location: location
@@ -90,7 +76,7 @@ module virtualMachine '../../modules/virtualMachine/main.bicep' = {
   name: name
   params: {
     name: name
-    sshKeyData: srcKeyVaultResource.getSecret(srcKeyVaultSshSecretKey)
+    sshPublicKey: sshPublicKey
     location: location
     tags: tags
     hardwareProfile: {

.azure/modules/virtualMachine/main.bicep

@@ -68,9 +68,9 @@ type StorageProfile = {
 @description('Specifies the storage profile for the virtual machine')
 param storageProfile StorageProfile
 
-@description('Specifies the SSH key data for the virtual machine')
+@description('Specifies the SSH public key for the virtual machine')
 @secure()
-param sshKeyData string
+param sshPublicKey string
 
 resource virtualMachine 'Microsoft.Compute/virtualMachines@2024-03-01' = {
   name: name
@@ -91,7 +91,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2024-03-01' = {
           publicKeys: [
             {
               path: '/home/${name}/.ssh/authorized_keys'
-              keyData: sshKeyData
+              keyData: sshPublicKey
             }
           ]
         }
@@ -107,7 +107,6 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2024-03-01' = {
       }
       secrets: []
       allowExtensionOperations: true
-      requireGuestProvisionSignal: true
     }
     securityProfile: securityProfile
     networkProfile: networkProfile

.github/workflows/action-deploy-infra.yml

@@ -18,7 +18,7 @@ on:
         required: true
       AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP:
         required: true
-      AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY:
+      SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY:
         required: true
 
     inputs:
@@ -100,7 +100,7 @@ jobs:
           SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
           SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
           SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
-          SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY }}
+          SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY }}
         with:
           scope: subscription
           template: ./.azure/infrastructure/main.bicep
@@ -124,7 +124,7 @@ jobs:
           SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
           SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
           SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
-          SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY }}
+          SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY }}
         with:
           scope: subscription
           template: ./.azure/infrastructure/main.bicep

.github/workflows/ci-cd-main.yml

@@ -74,7 +74,7 @@ jobs:
       AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
       AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
       AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
-      AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY }}
+      AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY }}
     with:
       environment: test
       region: norwayeast

.github/workflows/ci-cd-pull-request-release-please.yml

@@ -37,7 +37,7 @@ jobs:
       AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
       AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
       AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
-      AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY }}
+      AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY }}
     with:
       environment: staging
       region: norwayeast

.github/workflows/ci-cd-pull-request.yml

@@ -54,7 +54,7 @@ jobs:
       AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
       AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
       AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
-      AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY }}
+      AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY }}
     with:
       environment: test
       region: norwayeast

.github/workflows/ci-cd-staging.yml

@@ -42,7 +42,7 @@ jobs:
       AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
       AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
       AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
-      AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY }}
+      AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY }}
     with:
       environment: staging
       region: norwayeast

.github/workflows/dispatch-infrastructure.yml

@@ -36,7 +36,7 @@ jobs:
       AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
       AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
       AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
-      AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_SECRET_KEY }}
+      AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY }}
     with:
       environment: ${{ inputs.environment }}
       region: norwayeast