User Story 124432 (#236)

* Replaced password with SSH key

quickstart/101-vm-cluster-linux/main.tf

@@ -78,20 +78,6 @@ resource "random_pet" "azurerm_linux_virtual_machine_name" {
   prefix = "vm"
 }
 
-resource "random_password" "password" {
-  count       = var.password == null ? 1 : 0
-  length      = 20
-  special     = true
-  min_numeric = 1
-  min_upper   = 1
-  min_lower   = 1
-  min_special = 1
-}
-
-locals {
-  password = try(random_password.password[0].result, var.password)
-}
-
 resource "azurerm_linux_virtual_machine" "test" {
   count                 = 2
   name                  = "${random_pet.azurerm_linux_virtual_machine_name.id}${count.index}"
@@ -114,16 +100,19 @@ resource "azurerm_linux_virtual_machine" "test" {
     version   = "latest"
   }
 
+  admin_ssh_key {
+    username   = coalesce(var.username, "azureuser")
+    public_key = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
+  }
+
   os_disk {
     caching              = "ReadWrite"
     storage_account_type = "Standard_LRS"
     name                 = "myosdisk${count.index}"
   }
 
-  computer_name                   = "hostname"
+  computer_name  = "hostname"
-  admin_username                  = var.user_name
+  admin_username = coalesce(var.username, "azureuser")
-  admin_password                  = local.password
-  disable_password_authentication = false
 }
 
 resource "azurerm_managed_disk" "test" {

quickstart/101-vm-cluster-linux/outputs.tf

@@ -12,9 +12,4 @@ output "subnet_name" {
 
 output "linux_virtual_machine_names" {
   value = [for s in azurerm_linux_virtual_machine.test : s.name[*]]
-}
-
-output "linux_virtual_machine_password" {
-  sensitive = true
-  value     = local.password
 }

quickstart/101-vm-cluster-linux/providers.tf

@@ -1,6 +1,10 @@
 terraform {
   required_version = ">=1.0"
   required_providers {
+    azapi = {
+      source  = "azure/azapi"
+      version = "~>1.5"
+    }
     azurerm = {
       source  = "hashicorp/azurerm"
       version = "~>3.0"

quickstart/101-vm-cluster-linux/readme.md

@@ -14,8 +14,9 @@ This template deploys a Linux VM cluster on Azure.
 - [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface)
 - [azurerm_managed_disk](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/managed_disk)
 - [azurerm_availability_set](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/availability_set)
-- [random_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password)
 - [azurerm_linux_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine)
+- [azapi_resource](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource)
+- [azapi_resource_action](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource_action)
 
 ## Variables
 
@@ -23,8 +24,7 @@ This template deploys a Linux VM cluster on Azure.
 |-|-|-|
 | `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
 | `resource_group_location` | Location of the resource group. | eastus |
-| `user_name` | The username for the local account that will be created on the new VM. | |
+| `username` | The username for the local account that will be created on the new VM. | azureadmin |
-| `password` | The password for the local account that will be created on the new VM. | |
 
 ## Example
 

quickstart/101-vm-cluster-linux/ssh.tf

@@ -0,0 +1,25 @@
+resource "random_pet" "ssh_key_name" {
+  prefix    = "ssh"
+  separator = ""
+}
+
+resource "azapi_resource" "ssh_public_key" {
+  type      = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  name      = random_pet.ssh_key_name.id
+  location  = "westus3"
+  parent_id = azurerm_resource_group.rg.id
+}
+
+resource "azapi_resource_action" "ssh_public_key_gen" {
+  type        = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  resource_id = azapi_resource.ssh_public_key.id
+  action      = "generateKeyPair"
+  method      = "POST"
+
+  response_export_values = ["publicKey"]
+}
+
+output "key_data" {
+  value     = azapi_resource.ssh_public_key.body
+  sensitive = true
+}

quickstart/101-vm-cluster-linux/variables.tf

@@ -10,15 +10,8 @@ variable "resource_group_name_prefix" {
   default     = "rg"
 }
 
-variable "user_name" {
+variable "username" {
   type        = string
-  description = "The username for the local account that will be created on the new vm."
+  description = "The username for the local account that will be created on the new VM."
   default     = "azureadmin"
-}
+}
-
-variable "password" {
-  type        = string
-  description = "The password for the local account that will be created on the new vm."
-  sensitive   = true
-  default     = null
-}