feat(terraform): allow warp web tls to be set via warp_web_tls_key & …

…warp_web_tls_cert vars
mrzzy · Jun 22, 2022 · 143633b · 143633b
1 parent 0aee754
commit 143633b
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 2 deletions.
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -92,9 +92,16 @@ module "warp_vm" {
   ]
   disk_size_gb = var.warp_disk_size_gb
 
-  web_tls_cert = module.tls_cert.full_chain_cert
-  web_tls_key  = module.tls_cert.private_key
+  web_tls_cert = (
+    length(var.warp_web_tls_cert) > 0 ? var.warp_web_tls_cert :
+    module.tls_cert.full_chain_cert
+  )
+  web_tls_key = (
+    length(var.warp_web_tls_key) > 0 ? var.warp_web_tls_key :
+    module.tls_cert.full_chain_key
+  )
 }
+
 locals {
   warp_ip = (
     module.warp_vm.external_ip == null ?

diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -27,6 +27,29 @@ variable "warp_disk_size_gb" {
   default     = 10
 }
 
+variable "warp_web_tls_cert" {
+  type        = string
+  description = <<-EOF
+  Full chain TLS certificate used to verify WARP VM identity when connecting
+  via its Web Terminal. The certificate should be encoded in the PEM format.
+
+  By default, uses a ACME server issued TLS certificate.
+  EOF
+  default     = ""
+}
+
+variable "warp_web_tls_key" {
+  type        = string
+  sensitive   = true
+  description = <<-EOF
+  Private key of the TLS certificate used by the WARP VM's Web Terminal.
+  The private key should be encoded in the PEM format.
+
+  By default, users the private key of the ACME server issued TLS certificate.
+  EOF
+  default     = ""
+}
+
 variable "gcp_service_account_key" {
   type        = string
   sensitive   = true