Expose SSH Private Keys (#91)

Higher level services that have access to the identity resources can do
with it as they require, but not necessarily give it away to end users.

charts/region/Chart.yaml

@@ -4,8 +4,8 @@ description: A Helm chart for deploying Unikorn's Region Controller
 
 type: application
 
-version: v0.1.47-rc4
-appVersion: v0.1.47-rc4
+version: v0.1.47-rc5
+appVersion: v0.1.47-rc5
 
 icon: https://raw.githubusercontent.com/unikorn-cloud/assets/main/images/logos/dark-on-light/icon.png
 

pkg/handler/handler.go

@@ -372,12 +372,19 @@ func (h *Handler) convertIdentity(ctx context.Context, in *unikornv1.Identity) *
 		var openstackIdentity unikornv1.OpenstackIdentity
 
 		if err := h.client.Get(ctx, client.ObjectKey{Namespace: in.Namespace, Name: in.Name}, &openstackIdentity); err == nil {
+			var sshPrivateKey *string
+
+			if len(openstackIdentity.Spec.SSHPrivateKey) > 0 {
+				sshPrivateKey = ptr.To(string(openstackIdentity.Spec.SSHPrivateKey))
+			}
+
 			out.Spec.Openstack = &openapi.IdentitySpecOpenStack{
 				Cloud:         openstackIdentity.Spec.Cloud,
 				UserId:        openstackIdentity.Spec.UserID,
 				ProjectId:     openstackIdentity.Spec.ProjectID,
 				ServerGroupId: openstackIdentity.Spec.ServerGroupID,
 				SshKeyName:    openstackIdentity.Spec.SSHKeyName,
+				SshPrivateKey: sshPrivateKey,
 			}
 
 			if openstackIdentity.Spec.CloudConfig != nil {

pkg/openapi/server.spec.yaml

@@ -915,6 +915,9 @@ components:
         sshKeyName:
           description: Ephemeral SSH key generated for the identity.
           type: string
+        sshPrivateKey:
+          description: Ephemeral SSH private key to be used by higher order services.
+          type: string
     identitySpec:
       description: |-
         A provider specific identity, while the client can list regions to infer the