fix password auth

.gitignore

@@ -0,0 +1,36 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+*.tfbackend

files/cloud_init.cfg.tftpl

@@ -1,7 +1,6 @@
 #cloud-config
 hostname: "${name}"
 manage_etc_hosts: true
-ssh_pwauth: ${ssh_pwauth}
 disable_root: false
 ssh_authorized_keys:
 %{ for key in admin_authorized_keys ~}
@@ -12,6 +11,9 @@ chpasswd:
   list: |
     root:root
   expire: False
+ssh_pwauth: true
+%{ else }
+ssh_pwauth: false
 %{ endif }
 %{ if use_host_cert }
 ssh_keys:

main.tf

@@ -9,7 +9,6 @@ terraform {
 locals {
   cloudinit_user_data = templatefile("${path.module}/files/cloud_init.cfg.tftpl", {
     name                  = var.name,
-    ssh_pwauth            = true,
     admin_authorized_keys = var.admin_authorized_keys,
     insecure_password     = var.insecure_password,
     use_host_cert         = var.use_host_cert,