From 353f8c465ece8b91f158a0b53d14e5d628575cef Mon Sep 17 00:00:00 2001
From: Corey O'Brien <corey.obrien@rackspace.com>
Date: Wed, 10 May 2017 08:32:55 -0400
Subject: [PATCH] metal: add tectonic_ssh_private_key variable

Allow users to specify the SSH private key via a variable in cases where
ssh-agent isn't available or configured.
---
 examples/terraform.tfvars.metal | 4 ++++
 platforms/metal/remote.tf       | 2 ++
 platforms/metal/variables.tf    | 6 ++++++
 3 files changed, 12 insertions(+)

diff --git a/examples/terraform.tfvars.metal b/examples/terraform.tfvars.metal
index 39449734ef..ccdf77c451 100644
--- a/examples/terraform.tfvars.metal
+++ b/examples/terraform.tfvars.metal
@@ -211,6 +211,10 @@ tectonic_service_cidr = "10.3.0.0/16"
 // Example: `ssh-rsa AAAB3N...`
 tectonic_ssh_authorized_key = ""
 
+// (optional) SSH private key corresponding to tectonic_ssh_authorized_key. If not provided, SSH agent will be used.
+// WARNING: This key will be stored in plain text in the Terraform state.
+// tectonic_ssh_private_key = ""
+
 // If set to true, a vanilla Kubernetes cluster will be deployed, omitting any Tectonic assets.
 tectonic_vanilla_k8s = false
 
diff --git a/platforms/metal/remote.tf b/platforms/metal/remote.tf
index 6d15b12955..145d9c0774 100644
--- a/platforms/metal/remote.tf
+++ b/platforms/metal/remote.tf
@@ -6,6 +6,7 @@ resource "null_resource" "kubeconfig" {
     host    = "${element(concat(var.tectonic_metal_controller_domains, var.tectonic_metal_worker_domains), count.index)}"
     user    = "core"
     timeout = "60m"
+    private_key = "${var.tectonic_ssh_private_key}"
   }
 
   provisioner "file" {
@@ -32,6 +33,7 @@ resource "null_resource" "bootstrap" {
     host    = "${element(var.tectonic_metal_controller_domains, 0)}"
     user    = "core"
     timeout = "60m"
+    private_key = "${var.tectonic_ssh_private_key}"
   }
 
   provisioner "file" {
diff --git a/platforms/metal/variables.tf b/platforms/metal/variables.tf
index 14d29de871..61ece291c4 100644
--- a/platforms/metal/variables.tf
+++ b/platforms/metal/variables.tf
@@ -185,3 +185,9 @@ SSH public key to use as an authorized key.
 Example: `ssh-rsa AAAB3N...`
 EOF
 }
+
+variable "tectonic_ssh_private_key" {
+  type        = "string"
+  description = "SSH private key corresponding to tectonic_ssh_authorized_key. If not provided, SSH agent will be used. WARNING: This key will be stored in plain text in the Terraform state."
+  default     = ""
+}