diff --git a/config-repo.tf b/config-repo.tf index ca4c97c..2adf20b 100644 --- a/config-repo.tf +++ b/config-repo.tf @@ -20,20 +20,20 @@ resource "oci_devops_repository" "config_repo" { resource "tls_private_key" "rsa_api_key" { algorithm = "RSA" rsa_bits = 4096 - count = (local.use-image ? 0 : 1) + count = (local.use-image && !var.use_existing_api_key ? 0 : 1) } resource "oci_identity_api_key" "user_api_key" { #Required key_value = tls_private_key.rsa_api_key[0].public_key_pem user_id = var.current_user_ocid - count = (local.use-image ? 0 : 1) + count = (local.use-image || var.use_existing_api_key ? 0 : 1) } resource "local_file" "api_private_key" { depends_on = [ tls_private_key.rsa_api_key ] filename = "${path.module}/api-private-key.pem" - content = tls_private_key.rsa_api_key[0].private_key_pem + content = (var.use_existing_api_key ? base64decode(var.api_key) : tls_private_key.rsa_api_key[0].private_key_pem) count = (local.use-image ? 0 : 1) } diff --git a/interface.yaml b/interface.yaml index 7a2ed2c..ced394c 100644 --- a/interface.yaml +++ b/interface.yaml @@ -31,6 +31,8 @@ variableGroups: ###APPLICATION_GROUP### - title: "Stack authentication" variables: + - use_existing_api_key + - api_key - use_existing_vault - new_vault_display_name - vault_compartment_id @@ -203,6 +205,17 @@ variables: and: - use_existing_database # Vault + use_existing_api_key: + type: boolean + title: Use an existing API key + required: true + default: false + description: The API key will be used to authenticate the user when using the OCI devops repository + api_key: + type: file + title: Private key + required: true + visible: use_existing_api_key use_existing_vault: type: boolean title: Use an existing key vault diff --git a/listing/usage-information.html b/listing/usage-information.html index d166022..e480fc9 100644 --- a/listing/usage-information.html +++ b/listing/usage-information.html @@ -51,10 +51,10 @@ -

Stack authentication: a Vault is used to store sensitive information such as authentication tokens - and passwords. The stack can either use an existing vault or create a new one. To use an existing key vault, - the stack will let you select the existing vault and key (AES). To create a new vault you must provide - the user-friendly name of the vault to create.

+

Stack authentication: the stack uses an API key to connect to the repository. A Vault is used + to store sensitive information such as passwords. The stack can either use an existing vault or create a new + one. To use an existing key vault, the stack will let you select the existing vault and key (AES). To create a + new vault you must provide the user-friendly name of the vault to create.

Database: The stack assumes that the persistence is handled by a database and this section lets you configure that database. You can either choose an existing database by selecting the database or create a new one.

@@ -167,7 +167,7 @@ balancer and the application. If you chose to open the load balancer to the internet, the load balancer subnet will be a public subnet and an Internet Gateway will be created. A reserved IP address can be used as the load balancer's public IP. -
  • A certificate can be provided for the application URL
    • +
  • A certificate can be provided for the application URL

    • By default the load balancer is configured with minimum and maximum bandwidth of 10Mbps, the health check diff --git a/screenshots/7_Vault.png b/screenshots/7_Vault.png index 165592a..aa35992 100644 Binary files a/screenshots/7_Vault.png and b/screenshots/7_Vault.png differ diff --git a/usage_instructions.md b/usage_instructions.md index f8fceff..7d5d930 100644 --- a/usage_instructions.md +++ b/usage_instructions.md @@ -42,6 +42,9 @@ The stack supports different kinds of deployments: *source code* deployment, jav ![](./screenshots/7_Vault.png) + +An **API key** is used to authenticate the user when connecting to the code repository. The stack can either create a new API key or use an existing API key if the **private key** is provided. + A **Vault** is used to store sensitive information such as authentication tokens and passwords. The stack can either use an existing vault (which can be in a different compartment) or create a new one. To use an existing key vault : diff --git a/variables.tf b/variables.tf index 7d870a6..f4a6128 100644 --- a/variables.tf +++ b/variables.tf @@ -410,6 +410,16 @@ variable "reserved_ip_address" { default = "" } +variable "use_existing_api_key" { + type = bool + default = false +} + +variable "api_key" { + type = string + default = "none" +} + locals { # application name with branch application_name = (var.branch == "" ? var.application_name : "${var.application_name}-${var.branch}")