Skip to content

Instantly share code, notes, and snippets.

@kral2
Last active March 8, 2020 01:53
Show Gist options
  • Save kral2/737b0617c1f1dfa12ab606918ef1c698 to your computer and use it in GitHub Desktop.
Save kral2/737b0617c1f1dfa12ab606918ef1c698 to your computer and use it in GitHub Desktop.
Generate RSA key pair in pem format, then add it as OCI API key to specified user using Terraform
/*
Last update : March, 2020
Author: cetin.ardal
Description: Add OCI API key to specified user.
*/
# OCI Home Region
provider "oci" {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.fingerprint
private_key_path = var.private_key_path
region = var.region
}
variable "tenancy_ocid" {}
variable "user_ocid" {}
variable "fingerprint" {}
variable "private_key_path" {}
variable "compartment_ocid" {}
variable "region" {}
variable "target_user" {
default = {
ocid = "<target_user_ocid>"
api_key = "/path/to/public-key.pem"
}
}
data "oci_identity_user" "target_user" {
user_id = var.target_user.ocid
}
resource "oci_identity_api_key" "target_user" {
key_value = file(var.target_user.api_key)
user_id = var.target_user.ocid
}
output "target_user" {
value = {
user = data.oci_identity_user.target_user.name
ocid = oci_identity_api_key.target_user.user_id
key_fingerprint = oci_identity_api_key.target_user.fingerprint
}
}
#!/bin/sh
# Last update : March, 2020
# Author: cetin.ardal
# Description: Generate RSA key pair in pem format.
KEY_NAME=my_rsa_key
openssl genrsa -out $KEY_NAME.pem 2048
chmod go-rwx $KEY_NAME.pem
openssl rsa -pubout -in $KEY_NAME.pem -out ${KEY_NAME}_public.pem
/*
Last update : May, 2018
Author: cetin.ardal
Description: Assign value to Terraform variables.
Any variable for which you define a value needs to exist in the terraform configuration (ideally declared inside *variables.tf)
*/
/*----------------------------------------------------------------------------
HOW TO USE THIS FILE
1. Edit variables values below to fit your environment
2. rename this file to "terraform.tfvars" (remove the .SAMPLE extension)
3. keep this file in the same folder as your terraform *.tf files
4. Add the renamed tfvars file to your .gitignore. Your team don't want you to share it and ruin their local repo.
5. Keep your RSA private key outside of your terraform work folder!
----------------------------------------------------------------------------*/
# Oracle Cloud Infrastructure (OCI) connection information
/* REFERENCE BLOCK
# Don't forget to update this section. Your future you will thank you.
Tenant name : <tenancy>
User name : <user>
Compartment : root/<compartment>
*/
# See online documentation for information about how to populate the variables below
# https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm
tenancy_ocid = "<my_tenant_ocid>"
user_ocid = "<my_user_ocid>"
fingerprint = "<my_api_key_fingerprint>"
private_key_path = "../path/to/private_key.pem"
compartment_ocid = "<my_compartment_ocid>"
region = "<my_region>"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment