feat: sdk migration in progress

terraform/modules/ssh-key/main.tf

@@ -0,0 +1,68 @@
+locals { is_rsa = var.type == "rsa" }
+
+# 1) Create key
+resource "autoglue_ssh_key" "this" {
+  name    = var.name
+  comment = var.comment
+  type    = var.type
+  bits    = local.is_rsa ? var.bits : null
+}
+
+# 2) Optionally download via HTTP (mode=json)
+data "http" "download" {
+  count = var.enable_download ? 1 : 0
+
+  url = "${var.addr}/ssh/${autoglue_ssh_key.this.id}/download?part=${var.download_part}&mode=json"
+
+  # Inherit org_key/org_secret via provider headers — we’re not configuring http headers here
+  # because your API auth for downloads is via X-ORG-KEY / X-ORG-SECRET.
+  # If you require those headers here, add request_headers and pass them from root as inputs.
+  # For org key/secret auth on download, uncomment and add module inputs:
+  request_headers = {
+    "X-ORG-KEY"    = var.org_key
+    "X-ORG-SECRET" = var.org_secret
+    "Accept"       = "application/json"
+  }
+}
+
+locals {
+  dl      = var.enable_download ? jsondecode(one(data.http.download[*].response_body)) : null
+  zip_b64 = coalesce(try(local.dl.zipBase64, null), try(local.dl.zip_base64, null))
+}
+
+resource "null_resource" "mkdirs" {
+  count = var.enable_download ? 1 : 0
+  provisioner "local-exec" { command = "mkdir -p ${var.download_dir}" }
+}
+
+# public only
+resource "local_file" "public_key" {
+  count           = var.enable_download && var.download_part == "public" ? 1 : 0
+  filename        = "${var.download_dir}/${try(local.dl.filenames[0], "id_rsa.pub")}"
+  content         = try(local.dl.publicKey, "")
+  file_permission = "0644"
+  depends_on      = [null_resource.mkdirs]
+}
+
+# private only
+resource "local_sensitive_file" "private_key" {
+  count     = var.enable_download && var.download_part == "private" ? 1 : 0
+  filename  = "${var.download_dir}/${try(local.dl.filenames[0], "id_rsa.pem")}"
+  content   = try(local.dl.privatePEM, "")
+  depends_on = [null_resource.mkdirs]
+}
+
+# both -> zip
+resource "local_sensitive_file" "zip" {
+  count          = var.enable_download && var.download_part == "both" ? 1 : 0
+  filename       = "${var.download_dir}/${try(local.dl.filenames[0], "ssh_key.zip")}"
+  content_base64 = local.zip_b64
+  depends_on     = [null_resource.mkdirs]
+
+  lifecycle {
+    postcondition {
+      condition     = length(try(local.zip_b64, "")) > 0
+      error_message = "API did not return a zip payload for part=both."
+    }
+  }
+}

terraform/modules/ssh-key/outputs.tf

@@ -0,0 +1,12 @@
+output "id"          { value = autoglue_ssh_key.this.id }
+output "public_key"  { value = autoglue_ssh_key.this.public_key }
+output "fingerprint" { value = autoglue_ssh_key.this.fingerprint }
+output "created_at"  { value = autoglue_ssh_key.this.created_at }
+
+output "written_files" {
+  value = compact(concat(
+      var.enable_download && var.download_part == "public"  ? [local_file.public_key[0].filename] : [],
+      var.enable_download && var.download_part == "private" ? [local_sensitive_file.private_key[0].filename] : [],
+      var.enable_download && var.download_part == "both"    ? [local_sensitive_file.zip[0].filename] : []
+  ))
+}

terraform/modules/ssh-key/variables.tf

@@ -0,0 +1,47 @@
+variable "addr" {
+  type = string
+}
+
+variable "org_key"    {
+  type = string
+  sensitive = true
+  default = null
+}
+
+variable "org_secret" {
+  type = string
+  sensitive = true
+  default = null
+}
+
+variable "name" {
+  type = string
+}
+
+variable "comment" {
+  type = string
+}
+
+variable "type" {
+  type = string
+}
+
+variable "enable_download" {
+  type    = bool
+  default = false
+}
+
+variable "download_part" {
+  type    = string
+  default = "both"
+}
+
+variable "download_dir" {
+  type    = string
+  default = "ssh_artifacts"
+}
+
+variable "bits" {
+  type    = number
+  default = null  # null for ed25519
+}

terraform/modules/ssh-key/versions.tf

@@ -0,0 +1,18 @@
+terraform {
+  required_version = ">= 1.5.0"
+
+  required_providers {
+    autoglue = {
+      source = "glueops/autoglue/autoglue"
+    }
+    http = {
+      source = "hashicorp/http"
+    }
+    local = {
+      source = "hashicorp/local"
+    }
+    null = {
+      source = "hashicorp/null"
+    }
+  }
+}