User Story 125263 #238
User Story 125263 #238
Conversation
| resource "azapi_resource" "ssh_public_key" { | ||
| type = "Microsoft.Compute/sshPublicKeys@2022-11-01" | ||
| name = random_pet.ssh_key_name.id | ||
| location = "westus3" |
There was a problem hiding this comment.
Is there any special reason we use hard coded location rather than var.resource_group_location here?
| response_export_values = ["publicKey"] | ||
| } | ||
|
|
||
| output "key_data" { |
There was a problem hiding this comment.
Could we move this output block to outputs.tf file?
And I've tried this output, it's value is empty. If we want to export the generated public key data as output, we can use the following code snippet:
output "key_data" {
value = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
}Since public key data is not a secret and meant to be shared, I just removed sensitive = true.
There was a problem hiding this comment.
Right now, the ssh.tf file is fully encapsulated, meaning that I can drop it into any configuration and it works. I want to keep this pattern instead of having functionality spread across multiple files.
There was a problem hiding this comment.
Right now, the
ssh.tffile is fully encapsulated, meaning that I can drop it into any configuration and it works. I want to keep this pattern instead of having functionality spread across multiple files.
That makes sense to me.
But I think we still need to ensure that value = azapi_resource.ssh_public_key.body could output the public key, and I still think we could remove this sensitive = true because the public key is meant to be shared.
| variable "username" { | ||
| type = string | ||
| description = "The username for the local account that will be created on the new VM." | ||
| default = "azureadmin" |
There was a problem hiding this comment.
The default value is different than the corresponding default value in coalesce function.
| admin_username = "azureuser" | ||
| disable_password_authentication = true | ||
| computer_name = "hostname" | ||
| admin_username = coalesce(var.username, "azureuser") |
There was a problem hiding this comment.
Since we have set default value for var.username already I think we can skip coalesce here and use var.username directly.
There was a problem hiding this comment.
Using the coalesce() function allows us to give the reader two options: variable or random. If the reader blanks out the var, they get a random value - such as if they're testing the code by running it multiple times and can't use the same value twice.
There was a problem hiding this comment.
I understand that you'd like to set a default value for admin_username when var.username is absent, but things would go differently than you thought.
Using the coalesce() function allows us to give the reader two options: variable or random. If the reader blanks out the var, they get a random value
I didn't see any random factors in this case. According to the document:
coalescetakes any number of arguments and returns the first one that isn't null or an empty string.
So when var.username is null or empty string, coalesce function would return azureuser as default value.
variable "username" {
type = string
description = "The username for the local account that will be created on the new VM."
default = "azureadmin"
}If the module's caller omits var.username, then var.username's value would be azureadmin.
admin_username = coalesce(var.username, "azureuser")So when the caller omits var.username, admin_username would be azureadmin, not azureuser.
Btw this is also the reason I suggested a nullable = false for var.username, if we do so, when user set var.username to null on purpose, the var.username's value would still be azureadmin.
|
|
||
| admin_ssh_key { | ||
| username = "azureuser" | ||
| public_key = tls_private_key.example_ssh.public_key_openssh | ||
| username = coalesce(var.username, "azureuser") |
There was a problem hiding this comment.
Using the coalesce() function allows us to give the reader two options: variable or random. If the reader blanks out the var, they get a random value - such as if they're testing the code by running it multiple times and can't use the same value twice.
There was a problem hiding this comment.
variable "username" {
type = string
description = "The username for the local account that will be created on the new VM."
default = "azureadmin"
}If the module's caller omits var.username, then var.username's value would be azureadmin.
admin_username = coalesce(var.username, "azureuser")So when the caller omits var.username, admin_username would be azureadmin, not azureuser.
| } | ||
|
|
||
|
|
||
| variable "username" { |
There was a problem hiding this comment.
Since we've set default value for this variable I think we can set nullable = false for this block too.
There was a problem hiding this comment.
Hi @TomArcherMsft:
- It looks like you've made changes in
101-vm-cluster-linuxfolder, is that correct modification? - The issues I addressed in
101-vm-with-infrastructureare still there. - It'll be unnecessary to use
coalescealong with variable's default value. - I've tested and verified that
output "key_data"block would output an empty object{}. Could we change the value to the following code snippet?:
output "key_data" {
value = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
}| admin_username = "azureuser" | ||
| disable_password_authentication = true | ||
| computer_name = "hostname" | ||
| admin_username = coalesce(var.username, "azureuser") |
There was a problem hiding this comment.
I understand that you'd like to set a default value for admin_username when var.username is absent, but things would go differently than you thought.
Using the coalesce() function allows us to give the reader two options: variable or random. If the reader blanks out the var, they get a random value
I didn't see any random factors in this case. According to the document:
coalescetakes any number of arguments and returns the first one that isn't null or an empty string.
So when var.username is null or empty string, coalesce function would return azureuser as default value.
variable "username" {
type = string
description = "The username for the local account that will be created on the new VM."
default = "azureadmin"
}If the module's caller omits var.username, then var.username's value would be azureadmin.
admin_username = coalesce(var.username, "azureuser")So when the caller omits var.username, admin_username would be azureadmin, not azureuser.
Btw this is also the reason I suggested a nullable = false for var.username, if we do so, when user set var.username to null on purpose, the var.username's value would still be azureadmin.
|
|
||
| admin_ssh_key { | ||
| username = "azureuser" | ||
| public_key = tls_private_key.example_ssh.public_key_openssh | ||
| username = coalesce(var.username, "azureuser") |
There was a problem hiding this comment.
variable "username" {
type = string
description = "The username for the local account that will be created on the new VM."
default = "azureadmin"
}If the module's caller omits var.username, then var.username's value would be azureadmin.
admin_username = coalesce(var.username, "azureuser")So when the caller omits var.username, admin_username would be azureadmin, not azureuser.
| response_export_values = ["publicKey"] | ||
| } | ||
|
|
||
| output "key_data" { |
There was a problem hiding this comment.
Right now, the
ssh.tffile is fully encapsulated, meaning that I can drop it into any configuration and it works. I want to keep this pattern instead of having functionality spread across multiple files.
That makes sense to me.
But I think we still need to ensure that value = azapi_resource.ssh_public_key.body could output the public key, and I still think we could remove this sensitive = true because the public key is meant to be shared.
|
@lonegunmanb I misspoke about the random value. I see your point now :) |
User Story 125263