var.admin_username is required, var.admin_ssh_keys.*.username is opti…

…onal and in case its present should be equal to var.admin_username
Azure · Feb 8, 2023 · 85a8a19 · 85a8a19
1 parent cf0a74a
commit 85a8a19
Show file tree

Hide file tree

Showing 8 changed files with 22 additions and 17 deletions.
diff --git a/README.md b/README.md
diff --git a/examples/availability_set/main.tf b/examples/availability_set/main.tf
@@ -57,10 +57,10 @@ module "linux" {
       }
     ]
   }
+  admin_username = "azureuser"
   admin_ssh_keys = [
     {
       public_key = tls_private_key.ssh.public_key_openssh
-      username   = "azureuser"
     }
   ]
   name = "ubuntu-${random_id.id.hex}"

diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -78,10 +78,10 @@ module "linux" {
       }
     ]
   }
+  admin_username = "azureuser"
   admin_ssh_keys = [
     {
       public_key = tls_private_key.ssh.public_key_openssh
-      username   = "azureuser"
     }
   ]
   name = "ubuntu-${random_id.id.hex}"
@@ -162,6 +162,7 @@ module "windows" {
   }
   network_interface_ids = azurerm_network_interface.windows_nic[*].id
   new_network_interface = null
+  admin_username        = "azureuser"
   admin_password        = random_password.win_password.result
   name                  = "windows-${random_id.id.hex}"
   os_disk = {

diff --git a/examples/dedicated_host/main.tf b/examples/dedicated_host/main.tf
@@ -59,10 +59,10 @@ module "dedicate_host_group" {
       }
     ]
   }
+  admin_username = "azureuser"
   admin_ssh_keys = [
     {
       public_key = tls_private_key.ssh.public_key_openssh
-      username   = "azureuser"
     }
   ]
   name = "dhg-${random_id.id.hex}"
@@ -107,10 +107,10 @@ module "dedicate_host" {
       }
     ]
   }
+  admin_username = "azureuser"
   admin_ssh_keys = [
     {
       public_key = tls_private_key.ssh.public_key_openssh
-      username   = "azureuser"
     }
   ]
   name = "dh-${random_id.id.hex}"

diff --git a/examples/extensions/main.tf b/examples/extensions/main.tf
@@ -51,10 +51,10 @@ module "extensions" {
       }
     ]
   }
+  admin_username = "azureuser"
   admin_ssh_keys = [
     {
       public_key = tls_private_key.ssh.public_key_openssh
-      username   = "azureuser"
     }
   ]
   name = "dhg-${random_id.id.hex}"

diff --git a/examples/vmss/main.tf b/examples/vmss/main.tf
@@ -68,10 +68,10 @@ module "linux" {
       }
     ]
   }
+  admin_username = "azureuser"
   admin_ssh_keys = [
     {
       public_key = tls_private_key.ssh.public_key_openssh
-      username   = "azureuser"
     }
   ]
   name = "ubuntu-${random_id.id.hex}"

diff --git a/main.tf b/main.tf
@@ -156,7 +156,7 @@ resource "azurerm_linux_virtual_machine" "vm_linux" {
 
     content {
       public_key = admin_ssh_key.value.public_key
-      username   = admin_ssh_key.value.username
+      username   = admin_ssh_key.value.username == null ? var.admin_username : admin_ssh_key.value.username
     }
   }
   dynamic "boot_diagnostics" {
@@ -261,6 +261,10 @@ resource "azurerm_linux_virtual_machine" "vm_linux" {
       condition     = var.network_interface_ids != null || var.new_network_interface != null
       error_message = "Either `new_network_interface` or `network_interface_ids` must be provided."
     }
+    precondition { #Public keys can only be added to authorized_keys file for 'admin_username' due to a known issue in Linux provisioning agent.
+      condition     = alltrue([for value in var.admin_ssh_keys : false if value.username != var.admin_username && value.username != null])
+      error_message = "`username` in var.admin_ssh_keys should be the same as `admin_username`."
+    }
   }
 }
 

diff --git a/variables.tf b/variables.tf
@@ -1,3 +1,9 @@
+variable "admin_username" {
+  description = "(Required) The admin username of the VM that will be deployed."
+  type        = string
+  nullable    = false
+}
+
 variable "image_os" {
   description = "(Required) Enum flag of virtual machine's os system"
   type        = string
@@ -96,23 +102,17 @@ variable "admin_password" {
 variable "admin_ssh_keys" {
   type = set(object({
     public_key = string
-    username   = string
+    username   = optional(string)
   }))
   description = <<-EOT
   set(object({
     public_key = "(Required) The Public Key which should be used for authentication, which needs to be at least 2048-bit and in `ssh-rsa` format. Changing this forces a new resource to be created."
-    username   = "(Required) The Username for which this Public SSH Key should be configured. Changing this forces a new resource to be created. The Azure VM Agent only allows creating SSH Keys at the path `/home/{username}/.ssh/authorized_keys` - as such this public key will be written to the authorized keys file."
+    username   = "(Optional) The Username for which this Public SSH Key should be configured. Changing this forces a new resource to be created. The Azure VM Agent only allows creating SSH Keys at the path `/home/{admin_username}/.ssh/authorized_keys` - as such this public key will be written to the authorized keys file. If no username is provided this module will use var.admin_username."
   }))
   EOT
   default     = []
 }
 
-variable "admin_username" {
-  description = "The admin username of the VM that will be deployed."
-  type        = string
-  default     = "azureuser"
-}
-
 variable "allow_extension_operations" {
   type        = bool
   description = "(Optional) Should Extension Operations be allowed on this Virtual Machine? Defaults to `false`."