From 11797c4029b9e39f8ea35d33e7c7f4bf24e661a8 Mon Sep 17 00:00:00 2001
From: pp <paul.palam@gmail.com>
Date: Fri, 22 Nov 2019 17:43:26 +0200
Subject: [PATCH] Add variable to allow a pre-generated SSH key to be passed to
 the ACM module

 * Fix #329
---
 modules/acm/README.md    | 1 +
 modules/acm/main.tf      | 2 +-
 modules/acm/variables.tf | 6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/modules/acm/README.md b/modules/acm/README.md
index bef7eccd53..9960667669 100644
--- a/modules/acm/README.md
+++ b/modules/acm/README.md
@@ -53,6 +53,7 @@ By default, this module will attempt to download the ACM operator from Google di
 | operator\_path | Path to the operator yaml config. If unset, will download from GCS releases. | string | `"null"` | no |
 | policy\_dir | Subfolder containing configs in ACM Git repo | string | n/a | yes |
 | project\_id | The project in which the resource belongs. | string | n/a | yes |
+| ssh\_auth\_key | Key for Git authentication. Overrides 'create_ssh_key' variable. Can be set using 'file(path/to/file)'-function. | string | `"null"` | no |
 | sync\_branch | ACM repo Git branch | string | `"master"` | no |
 | sync\_repo | ACM Git repo address | string | n/a | yes |
 
diff --git a/modules/acm/main.tf b/modules/acm/main.tf
index 3a78172ad6..69b5755337 100644
--- a/modules/acm/main.tf
+++ b/modules/acm/main.tf
@@ -18,7 +18,7 @@ locals {
   cluster_endpoint       = "https://${var.cluster_endpoint}"
   token                  = data.google_client_config.default.access_token
   cluster_ca_certificate = data.google_container_cluster.primary.master_auth.0.cluster_ca_certificate
-  private_key            = var.create_ssh_key ? tls_private_key.git_creds[0].private_key_pem : ""
+  private_key            = var.create_ssh_key && var.ssh_auth_key == null ? tls_private_key.git_creds[0].private_key_pem : var.ssh_auth_key
   download_operator      = var.operator_path == null ? true : false
   operator_path          = local.download_operator ? "${path.module}/config-management-operator.yaml" : var.operator_path
 }
diff --git a/modules/acm/variables.tf b/modules/acm/variables.tf
index 513556364d..d56f20b073 100644
--- a/modules/acm/variables.tf
+++ b/modules/acm/variables.tf
@@ -62,6 +62,12 @@ variable "create_ssh_key" {
   default     = true
 }
 
+variable "ssh_auth_key" {
+  description = "Key for Git authentication. Overrides 'create_ssh_key' variable. Can be set using 'file(path/to/file)'-function."
+  type        = string
+  default     = null
+}
+
 variable "enable_policy_controller" {
   description = "Whether to enable the ACM Policy Controller on the cluster"
   type        = bool