From 543414246ac8d899ba1560407060a0d02aab44e7 Mon Sep 17 00:00:00 2001 From: Hector Rivas Gandara Date: Tue, 22 Mar 2016 18:10:01 +0000 Subject: [PATCH] Upload git ssh public key to git user We want to upload the generated SSH key to the created git user. We use the resource `aws_iam_user_ssh_key` from terraform, implemented in https://github.com/hashicorp/terraform/issues/5744 so this requires an updated version of terraform. We retrieve the generated key as a s3 resource and pass it to terraform as a TF_VAR_ variable. After the key is uploaded, AWS assigns it a unique id which must be used as user for SSH when connecting to the codecommit git repositories. We render and output a full url with that ssh_key_id and the ssh url of the repository, using scp like connect strings. --- concourse/pipelines/create-deployer.yml | 10 ++++++++++ terraform/concourse/codecommit.tf | 6 ++++++ terraform/concourse/git_ssh_key_id | 1 + terraform/concourse/outputs.tf | 5 +++++ terraform/concourse/variables.tf | 4 ++++ 5 files changed, 26 insertions(+) create mode 100644 terraform/concourse/git_ssh_key_id diff --git a/concourse/pipelines/create-deployer.yml b/concourse/pipelines/create-deployer.yml index 67bd9b7192..1b6734ef4a 100644 --- a/concourse/pipelines/create-deployer.yml +++ b/concourse/pipelines/create-deployer.yml @@ -66,6 +66,13 @@ resources: versioned_file: id_rsa region_name: {{aws_region}} + - name: git-ssh-public-key + type: s3-iam + source: + bucket: {{state_bucket}} + versioned_file: git_id_rsa.pub + region_name: {{aws_region}} + - name: concourse-cert type: s3-iam source: @@ -217,6 +224,7 @@ jobs: passed: [vpc] - get: concourse-terraform-state - get: concourse-cert + - get: git-ssh-public-key - task: vpc-terraform-outputs-to-sh config: @@ -270,6 +278,7 @@ jobs: - name: vpc-terraform-outputs - name: concourse-terraform-state - name: generate-concourse-cert + - name: git-ssh-public-key params: VAGRANT_IP: {{vagrant_ip}} TF_VAR_env: {{deploy_env}} @@ -283,6 +292,7 @@ jobs: - | cp generate-concourse-cert/concourse.crt generate-concourse-cert/concourse.key . . vpc-terraform-outputs/tfvars.sh + export TF_VAR_git_rsa_id_pub=$(