API key (#30)

* Added possibility to use existing API key

Author: fmeheust

config-repo.tf

@@ -20,20 +20,20 @@ resource "oci_devops_repository" "config_repo" {
 resource "tls_private_key" "rsa_api_key" {
   algorithm = "RSA"
   rsa_bits  = 4096
-  count = (local.use-image ? 0 : 1)
+  count = (local.use-image && !var.use_existing_api_key ? 0 : 1)
 }
 
 resource "oci_identity_api_key" "user_api_key" {
   #Required
   key_value = tls_private_key.rsa_api_key[0].public_key_pem
   user_id = var.current_user_ocid
-  count = (local.use-image ? 0 : 1)
+  count = (local.use-image  || var.use_existing_api_key ? 0 : 1)
 }
 
 resource "local_file" "api_private_key" {
   depends_on = [ tls_private_key.rsa_api_key ]
   filename = "${path.module}/api-private-key.pem"
-  content = tls_private_key.rsa_api_key[0].private_key_pem
+  content = (var.use_existing_api_key ? base64decode(var.api_key) : tls_private_key.rsa_api_key[0].private_key_pem)
   count = (local.use-image ? 0 : 1)
 }
 

interface.yaml

@@ -31,6 +31,8 @@ variableGroups:
   ###APPLICATION_GROUP###
   - title: "Stack authentication"
     variables:
+      - use_existing_api_key
+      - api_key
       - use_existing_vault
       - new_vault_display_name
       - vault_compartment_id
@@ -203,6 +205,17 @@ variables:
       and:
         - use_existing_database
   # Vault
+  use_existing_api_key:
+    type: boolean
+    title: Use an existing API key
+    required: true
+    default: false
+    description: The API key will be used to authenticate the user when using the OCI devops repository
+  api_key:
+    type: file
+    title: Private key
+    required: true
+    visible: use_existing_api_key
   use_existing_vault:
     type: boolean
     title: Use an existing key vault

listing/usage-information.html

@@ -51,10 +51,10 @@
 	</li>
 </ul>
 
-<p><strong>Stack authentication</strong>: a Vault is used to store sensitive information such as authentication tokens
-	and passwords.&nbsp;The stack can either use an existing vault or create a new one.&nbsp;To use an existing key vault,
-	the stack will let you select the existing vault and key (AES). To create a new vault you must provide
-	the&nbsp;user-friendly name of the vault to create.</p>
+<p><strong>Stack authentication</strong>: the stack uses an API key to connect to the repository. A&nbsp;Vault is used
+	to store sensitive information such as passwords.&nbsp;The stack can either use an existing vault or create a new
+	one.&nbsp;To use an existing key vault, the stack will let you select the existing vault and key (AES). To create a
+	new vault you must provide the&nbsp;user-friendly name of the vault to create.</p>
 
 <p><strong>Database</strong>: The stack assumes that the persistence is handled by a database and this section lets you
 	configure that database. You can either choose an existing database by selecting the database or create a new one.</p>
@@ -167,7 +167,7 @@
 		balancer and the application. If you chose to <em>open the load balancer to the internet</em>, the load balancer
 		subnet will be a public subnet and an Internet Gateway will be created. A <strong>reserved IP</strong> address can
 		be used as the load balancer&#39;s public IP.</li>
-	<li>A c<strong>ertificate</strong> can be provided for the application URL</li>
+	<li>A <strong>certificate </strong>can be provided for the application URL</li>
 </ul>
 
 <p>By default the <em>load balancer</em> is configured with minimum and maximum bandwidth of 10Mbps, the health check

screenshots/7_Vault.png

@@ -42,6 +42,9 @@ The stack supports different kinds of deployments: *source code* deployment, jav
 
 ![](./screenshots/7_Vault.png)
 
+
+An **API key** is used to authenticate the user when connecting to the code repository. The stack can either create a new API key or use an existing API key if the **private key** is provided.
+
 A **Vault** is used to store sensitive information such as authentication tokens and passwords. The stack can either use an existing vault (which can be in a different compartment) or create a new one.
 
 To use an existing key vault :

usage_instructions.md

@@ -410,6 +410,16 @@ variable "reserved_ip_address" {
   default = ""
 }
 
+variable "use_existing_api_key" {
+  type = bool
+  default = false
+}
+
+variable "api_key" {
+  type = string
+  default = "none"
+}
+
 locals {
   # application name with branch
   application_name = (var.branch == "" ? var.application_name : "${var.application_name}-${var.branch}")