From 6df2d1d3db89f8088e5b65becc6fb87bf8ee566f Mon Sep 17 00:00:00 2001
From: Ben Drucker <bvdrucker@gmail.com>
Date: Thu, 23 Aug 2018 15:15:24 -0700
Subject: [PATCH 1/3] create explicit "create_ca" var for statically specifying
 intent to pass ca_cert

---
 tls-k8s.tf   |  4 ++--
 variables.tf | 11 +++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/tls-k8s.tf b/tls-k8s.tf
index 0f92238a..ca546f43 100644
--- a/tls-k8s.tf
+++ b/tls-k8s.tf
@@ -13,14 +13,14 @@
 
 # Kubernetes CA (tls/{ca.crt,ca.key})
 resource "tls_private_key" "kube-ca" {
-  count = "${var.ca_certificate == "" ? 1 : 0}"
+  count = "${var.create_ca == 1 ? 1 : 0}"
 
   algorithm = "RSA"
   rsa_bits  = "2048"
 }
 
 resource "tls_self_signed_cert" "kube-ca" {
-  count = "${var.ca_certificate == "" ? 1 : 0}"
+  count = "${var.create_ca == 1 ? 1 : 0}"
 
   key_algorithm   = "${tls_private_key.kube-ca.algorithm}"
   private_key_pem = "${tls_private_key.kube-ca.private_key_pem}"
diff --git a/variables.tf b/variables.tf
index 0964c15c..c33e3ce7 100644
--- a/variables.tf
+++ b/variables.tf
@@ -81,6 +81,17 @@ variable "trusted_certs_dir" {
   default     = "/usr/share/ca-certificates"
 }
 
+variable "create_ca" {
+  description = "Toggles creation of a CA (when ca_certificate is omitted)"
+  default     = true
+}
+
+variable "ca_certificate" {
+  description = "Existing PEM-encoded CA certificate (generated if blank)"
+  type        = "string"
+  default     = ""
+}
+
 variable "ca_certificate" {
   description = "Existing PEM-encoded CA certificate (generated if blank)"
   type        = "string"

From bb8b93c40086c7441af024d1073636b8c29262e5 Mon Sep 17 00:00:00 2001
From: Ben Drucker <bvdrucker@gmail.com>
Date: Thu, 23 Aug 2018 15:17:56 -0700
Subject: [PATCH 2/3] clarify description

---
 variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/variables.tf b/variables.tf
index c33e3ce7..6f892cd3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -82,7 +82,7 @@ variable "trusted_certs_dir" {
 }
 
 variable "create_ca" {
-  description = "Toggles creation of a CA (when ca_certificate is omitted)"
+  description = "Toggles creation of a CA (omit ca_certificate when true)"
   default     = true
 }
 

From 97d6131631825e6763c9c5db9ab2b6ef5de7c294 Mon Sep 17 00:00:00 2001
From: Ben Drucker <bvdrucker@gmail.com>
Date: Thu, 23 Aug 2018 15:22:06 -0700
Subject: [PATCH 3/3] fix duplicated var

---
 variables.tf | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/variables.tf b/variables.tf
index 6f892cd3..476c5a00 100644
--- a/variables.tf
+++ b/variables.tf
@@ -92,12 +92,6 @@ variable "ca_certificate" {
   default     = ""
 }
 
-variable "ca_certificate" {
-  description = "Existing PEM-encoded CA certificate (generated if blank)"
-  type        = "string"
-  default     = ""
-}
-
 variable "ca_key_alg" {
   description = "Algorithm used to generate ca_key (required if ca_cert is specified)"
   type        = "string"