From aecb7d60e3a48fcbaefc41852359766d0dbeb476 Mon Sep 17 00:00:00 2001
From: Tom Archer <tarcher@microsoft.com>
Date: Wed, 12 Jul 2023 18:24:59 -0700
Subject: [PATCH] User Story 124432 (#236)

* Replaced password with SSH key
---
 quickstart/101-vm-cluster-linux/main.tf      | 25 ++++++--------------
 quickstart/101-vm-cluster-linux/outputs.tf   |  5 ----
 quickstart/101-vm-cluster-linux/providers.tf |  4 ++++
 quickstart/101-vm-cluster-linux/readme.md    |  6 ++---
 quickstart/101-vm-cluster-linux/ssh.tf       | 25 ++++++++++++++++++++
 quickstart/101-vm-cluster-linux/variables.tf | 13 +++-------
 6 files changed, 42 insertions(+), 36 deletions(-)
 create mode 100644 quickstart/101-vm-cluster-linux/ssh.tf

diff --git a/quickstart/101-vm-cluster-linux/main.tf b/quickstart/101-vm-cluster-linux/main.tf
index 45033d41..eac733d0 100644
--- a/quickstart/101-vm-cluster-linux/main.tf
+++ b/quickstart/101-vm-cluster-linux/main.tf
@@ -78,20 +78,6 @@ resource "random_pet" "azurerm_linux_virtual_machine_name" {
   prefix = "vm"
 }
 
-resource "random_password" "password" {
-  count       = var.password == null ? 1 : 0
-  length      = 20
-  special     = true
-  min_numeric = 1
-  min_upper   = 1
-  min_lower   = 1
-  min_special = 1
-}
-
-locals {
-  password = try(random_password.password[0].result, var.password)
-}
-
 resource "azurerm_linux_virtual_machine" "test" {
   count                 = 2
   name                  = "${random_pet.azurerm_linux_virtual_machine_name.id}${count.index}"
@@ -114,16 +100,19 @@ resource "azurerm_linux_virtual_machine" "test" {
     version   = "latest"
   }
 
+  admin_ssh_key {
+    username   = coalesce(var.username, "azureuser")
+    public_key = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
+  }
+
   os_disk {
     caching              = "ReadWrite"
     storage_account_type = "Standard_LRS"
     name                 = "myosdisk${count.index}"
   }
 
-  computer_name                   = "hostname"
-  admin_username                  = var.user_name
-  admin_password                  = local.password
-  disable_password_authentication = false
+  computer_name  = "hostname"
+  admin_username = coalesce(var.username, "azureuser")
 }
 
 resource "azurerm_managed_disk" "test" {
diff --git a/quickstart/101-vm-cluster-linux/outputs.tf b/quickstart/101-vm-cluster-linux/outputs.tf
index ef67ce10..381f588c 100644
--- a/quickstart/101-vm-cluster-linux/outputs.tf
+++ b/quickstart/101-vm-cluster-linux/outputs.tf
@@ -12,9 +12,4 @@ output "subnet_name" {
 
 output "linux_virtual_machine_names" {
   value = [for s in azurerm_linux_virtual_machine.test : s.name[*]]
-}
-
-output "linux_virtual_machine_password" {
-  sensitive = true
-  value     = local.password
 }
\ No newline at end of file
diff --git a/quickstart/101-vm-cluster-linux/providers.tf b/quickstart/101-vm-cluster-linux/providers.tf
index 4fd5f6ba..b5075a8a 100644
--- a/quickstart/101-vm-cluster-linux/providers.tf
+++ b/quickstart/101-vm-cluster-linux/providers.tf
@@ -1,6 +1,10 @@
 terraform {
   required_version = ">=1.0"
   required_providers {
+    azapi = {
+      source  = "azure/azapi"
+      version = "~>1.5"
+    }
     azurerm = {
       source  = "hashicorp/azurerm"
       version = "~>3.0"
diff --git a/quickstart/101-vm-cluster-linux/readme.md b/quickstart/101-vm-cluster-linux/readme.md
index 4ad966db..b65cc3b9 100644
--- a/quickstart/101-vm-cluster-linux/readme.md
+++ b/quickstart/101-vm-cluster-linux/readme.md
@@ -14,8 +14,9 @@ This template deploys a Linux VM cluster on Azure.
 - [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface)
 - [azurerm_managed_disk](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/managed_disk)
 - [azurerm_availability_set](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/availability_set)
-- [random_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password)
 - [azurerm_linux_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine)
+- [azapi_resource](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource)
+- [azapi_resource_action](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource_action)
 
 ## Variables
 
@@ -23,8 +24,7 @@ This template deploys a Linux VM cluster on Azure.
 |-|-|-|
 | `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
 | `resource_group_location` | Location of the resource group. | eastus |
-| `user_name` | The username for the local account that will be created on the new VM. | |
-| `password` | The password for the local account that will be created on the new VM. | |
+| `username` | The username for the local account that will be created on the new VM. | azureadmin |
 
 ## Example
 
diff --git a/quickstart/101-vm-cluster-linux/ssh.tf b/quickstart/101-vm-cluster-linux/ssh.tf
new file mode 100644
index 00000000..6e142ef3
--- /dev/null
+++ b/quickstart/101-vm-cluster-linux/ssh.tf
@@ -0,0 +1,25 @@
+resource "random_pet" "ssh_key_name" {
+  prefix    = "ssh"
+  separator = ""
+}
+
+resource "azapi_resource" "ssh_public_key" {
+  type      = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  name      = random_pet.ssh_key_name.id
+  location  = "westus3"
+  parent_id = azurerm_resource_group.rg.id
+}
+
+resource "azapi_resource_action" "ssh_public_key_gen" {
+  type        = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  resource_id = azapi_resource.ssh_public_key.id
+  action      = "generateKeyPair"
+  method      = "POST"
+
+  response_export_values = ["publicKey"]
+}
+
+output "key_data" {
+  value     = azapi_resource.ssh_public_key.body
+  sensitive = true
+}
\ No newline at end of file
diff --git a/quickstart/101-vm-cluster-linux/variables.tf b/quickstart/101-vm-cluster-linux/variables.tf
index c776f82d..c4eabf53 100644
--- a/quickstart/101-vm-cluster-linux/variables.tf
+++ b/quickstart/101-vm-cluster-linux/variables.tf
@@ -10,15 +10,8 @@ variable "resource_group_name_prefix" {
   default     = "rg"
 }
 
-variable "user_name" {
+variable "username" {
   type        = string
-  description = "The username for the local account that will be created on the new vm."
+  description = "The username for the local account that will be created on the new VM."
   default     = "azureadmin"
-}
-
-variable "password" {
-  type        = string
-  description = "The password for the local account that will be created on the new vm."
-  sensitive   = true
-  default     = null
-}
+}
\ No newline at end of file