From 968697f476d2beb1ecc534cbfcf3db1040a775ab Mon Sep 17 00:00:00 2001
From: Antoine Ogereau <antoine.ogereau@claranet.com>
Date: Fri, 22 Nov 2024 11:14:51 +0100
Subject: [PATCH] AZ-1484 -  linux-vm - cover edge case with admin password

---
 README.md    | 1 +
 r-vm.tf      | 2 +-
 variables.tf | 7 +++++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e1e3bb0..4ee80eb 100644
--- a/README.md
+++ b/README.md
@@ -292,6 +292,7 @@ module "vm" {
 | default\_tags\_enabled | Option to enable or disable default tags. | `bool` | `true` | no |
 | diagnostics\_storage\_account\_name | Name of the Storage Account in which store boot diagnostics and for legacy monitoring agent. | `string` | n/a | yes |
 | diagnostics\_storage\_account\_sas\_token | SAS token of the Storage Account in which store vm diagnostics. Used only with legacy monitoring agent, set to `null` if not needed. | `string` | `null` | no |
+| disable\_password\_authentication | Option to disable or enable password authentication if admin password is not set | `bool` | `true` | no |
 | encryption\_at\_host\_enabled | Should all disks (including the temporary disk) attached to the Virtual Machine be encrypted by enabling Encryption at Host? List of compatible VM sizes: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli#finding-supported-vm-sizes. | `bool` | `false` | no |
 | environment | Project environment. | `string` | n/a | yes |
 | extensions\_extra\_tags | Extra tags to set on the VM extensions. | `map(string)` | `{}` | no |
diff --git a/r-vm.tf b/r-vm.tf
index b961914..f1cdec5 100644
--- a/r-vm.tf
+++ b/r-vm.tf
@@ -61,7 +61,7 @@ resource "azurerm_linux_virtual_machine" "vm" {
   custom_data = var.custom_data
   user_data   = var.user_data
 
-  disable_password_authentication = var.admin_password != null ? false : true
+  disable_password_authentication = var.admin_password != null ? false : var.disable_password_authentication
 
   dynamic "admin_ssh_key" {
     for_each = var.ssh_public_key != null ? ["fake"] : []
diff --git a/variables.tf b/variables.tf
index 073da58..a9fa74e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -273,3 +273,10 @@ variable "patching_reboot_setting" {
   default     = "IfRequired"
   nullable    = false
 }
+
+## Disable password authentication
+variable "disable_password_authentication" {
+  description = "Option to disable or enable password authentication if admin password is not set"
+  type        = bool
+  default     = true
+}