diff --git a/github_deploy_keys.tf b/github_deploy_keys.tf index 76b7aa3..a8fed24 100644 --- a/github_deploy_keys.tf +++ b/github_deploy_keys.tf @@ -1,14 +1,27 @@ -// This file implements GitHub Deploy Keys functionality for the repository +// Generate SSH keys when create is true +resource "tls_private_key" "deploy_key" { + for_each = { + for k, v in var.deploy_keys : k => v + if v.create == true + } + + algorithm = "RSA" + rsa_bits = 4096 +} +// Create GitHub deploy keys for all entries resource "github_repository_deploy_key" "deploy_key" { - for_each = { for k, v in var.deploy_keys : k => v } + for_each = { + for k, v in var.deploy_keys : k => v + } title = each.value.title repository = local.github_repo.name - key = each.value.key + key = each.value.create ? tls_private_key.deploy_key[each.key].public_key_openssh : each.value.key read_only = each.value.read_only depends_on = [ - github_repository.repo + github_repository.repo, + data.github_repository.existing ] -} \ No newline at end of file +} diff --git a/outputs.tf b/outputs.tf index 5afc19d..78c4f3d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -57,3 +57,12 @@ output "template" { description = "Template repository this repository was created from" value = local.github_repo.template } + + +output "generated_deploy_keys" { + description = "Generated private keys for deploy keys with create=true" + value = { + for k, v in tls_private_key.deploy_key : k => v.private_key_pem + } + sensitive = true +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 21c9187..47e5469 100644 --- a/variables.tf +++ b/variables.tf @@ -413,8 +413,12 @@ variable "deploy_keys" { description = "List of SSH deploy keys to add to the repository" type = list(object({ title = string - key = string + key = optional(string, "") + # The key is optional because it can be generated + # by the module itself if create is set to true + # and the key is not provided read_only = optional(bool, true) + create = optional(bool, false) })) default = [] }