Add the ability to specify privateKey contents to AutomationAPI (#5557)

Fixes: #5383

CHANGELOG.md

@@ -40,6 +40,9 @@ CHANGELOG
   
 - [cli] Validate cloudUrl formats before `pulumi login` and throw an error if incorrect format specified
   [#5550](https://github.com/pulumi/pulumi/pull/5545)
+  
+- [automation api] Add support for passing a private ssh key for git authentication that doesn't rely on a file path
+  [#5557](https://github.com/pulumi/pulumi/pull/5557)
 
 - [cli] Improve user experience when pulumi plugin rm --all finds no plugins
   to remove. The previous behaviour was an error and should not be so.

sdk/go/x/auto/example_test.go

@@ -244,6 +244,24 @@ func ExampleGitRepo_privateKeyPath() {
 	NewStackRemoteSource(ctx, stackName, repo)
 }
 
+func ExampleGitRepo_privateKey() {
+	ctx := context.Background()
+	pName := "go_remote_proj"
+	stackName := FullyQualifiedStackName("myOrg", pName, "myStack")
+
+	repo := GitRepo{
+		URL:         "git@github.com:pulumi/test-repo.git",
+		ProjectPath: "goproj",
+		Auth: &GitAuth{
+			SSHPrivateKey: "<PRIVATE KEY FILE CONTENTS HERE>",
+			Password:      "PrivateKeyPassword",
+		},
+	}
+
+	// initialize a stack from the git repo, specifying our project override
+	NewStackRemoteSource(ctx, stackName, repo)
+}
+
 func ExampleGitRepo_usernameAndPassword() {
 	ctx := context.Background()
 	pName := "go_remote_proj"

sdk/go/x/auto/git.go

@@ -34,16 +34,27 @@ func setupGitRepo(ctx context.Context, workDir string, repoArgs *GitRepo) (strin
 
 		authDetails := repoArgs.Auth
 		// Each of the authentication options are mutually exclusive so let's check that only 1 is specified
-		if (authDetails.SSHPrivateKeyPath != "" && authDetails.PersonalAccessToken != "") ||
-			(authDetails.SSHPrivateKeyPath != "" && authDetails.Username != "") ||
-			(authDetails.PersonalAccessToken != "" && authDetails.Username != "") {
+		if authDetails.SSHPrivateKeyPath != "" && authDetails.Username != "" ||
+			authDetails.PersonalAccessToken != "" && authDetails.Username != "" ||
+			authDetails.PersonalAccessToken != "" && authDetails.SSHPrivateKeyPath != "" ||
+			authDetails.Username != "" && authDetails.SSHPrivateKey != "" {
 			return "", errors.New("please specify one authentication option of `Personal Access Token`, " +
-				"`Username\\Password` or `SSH Private Key Path`")
+				"`Username\\Password`, `SSH Private Key Path` or `SSH Private Key`")
 		}
 
 		// Firstly we will try to check that an SSH Private Key Path has been specified
 		if authDetails.SSHPrivateKeyPath != "" {
 			publicKeys, err := ssh.NewPublicKeysFromFile("git", repoArgs.Auth.SSHPrivateKeyPath, repoArgs.Auth.Password)
+			if err != nil {
+				return "", errors.Wrap(err, "unable to use SSH Private Key Path")
+			}
+
+			cloneOptions.Auth = publicKeys
+		}
+
+		// Then we check if the details of a SSH Private Key as passed
+		if authDetails.SSHPrivateKey != "" {
+			publicKeys, err := ssh.NewPublicKeys("git", []byte(repoArgs.Auth.SSHPrivateKey), repoArgs.Auth.Password)
 			if err != nil {
 				return "", errors.Wrap(err, "unable to use SSH Private Key")
 			}

sdk/go/x/auto/local_workspace.go

@@ -633,6 +633,11 @@ type GitAuth struct {
 	// git@github.com:org/repository.git - if the url is not in this format, then an error
 	// `unable to clone repo: invalid auth method` will be returned
 	SSHPrivateKeyPath string
+	// The (contents) private key for access to the git repo.
+	// When using `SSHPrivateKey`, the URL of the repository must be in the format
+	// git@github.com:org/repository.git - if the url is not in this format, then an error
+	// `unable to clone repo: invalid auth method` will be returned
+	SSHPrivateKey string
 	// The password that pairs with a username or as part of an SSH Private Key
 	Password string
 	// PersonalAccessToken is a Git personal access token in replacement of your password