feat(lxc): Add unprivileged option (#225)

* feat: Add unprivileged parameter for containers * feat: make modifying the unprivileged option recreate the resource * feat: add unprivileged to tests * docs: Add unprivileged argument --------- Co-authored-by: cditchfield <cditchfield@thoughtmachine.net> Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
2025-08-22 19:38:35 +00:00 · 2023-02-05 22:30:05 +00:00 · 2023-02-05 22:30:05 +00:00 · 19185611b3
commit 19185611b3
parent a72fd27a13
3 changed files with 15 additions and 0 deletions
--- a/docs/resources/virtual_environment_container.md
+++ b/docs/resources/virtual_environment_container.md
@ -169,6 +169,8 @@ output "ubuntu_container_public_key" {
  difference on the resource. You may use the `ignore_changes` lifecycle
  meta-argument to ignore changes to this attribute.
 - `template` - (Optional) Whether to create a template (defaults to `false`).
+- `unprivileged` - (Optional) Whether the container runs as unprivileged on
+the host (defaults to `false`).
 - `vm_id` - (Optional) The virtual machine identifier

 ## Attribute Reference
--- a/proxmoxtf/resource_virtual_environment_container.go
+++ b/proxmoxtf/resource_virtual_environment_container.go
@ -50,6 +50,7 @@ const (
 	dvResourceVirtualEnvironmentContainerPoolID                            = ""
 	dvResourceVirtualEnvironmentContainerStarted                           = true
 	dvResourceVirtualEnvironmentContainerTemplate                          = false
+	dvResourceVirtualEnvironmentContainerUnprivileged                      = false
 	dvResourceVirtualEnvironmentContainerVMID                              = -1

 	maxResourceVirtualEnvironmentContainerNetworkInterfaces = 8
@ -105,6 +106,7 @@ const (
 	mkResourceVirtualEnvironmentContainerStarted                           = "started"
 	mkResourceVirtualEnvironmentContainerTags                              = "tags"
 	mkResourceVirtualEnvironmentContainerTemplate                          = "template"
+	mkResourceVirtualEnvironmentContainerUnprivileged                      = "unprivileged"
 	mkResourceVirtualEnvironmentContainerVMID                              = "vm_id"
 )

@ -576,6 +578,13 @@ func resourceVirtualEnvironmentContainer() *schema.Resource {
 				ForceNew:    true,
 				Default:     dvResourceVirtualEnvironmentContainerTemplate,
 			},
+			mkResourceVirtualEnvironmentContainerUnprivileged: {
+				Type:        schema.TypeBool,
+				Description: "Whether the container runs as unprivileged on the host",
+				Optional:    true,
+				ForceNew:    true,
+				Default:     dvResourceVirtualEnvironmentContainerUnprivileged,
+			},
 			mkResourceVirtualEnvironmentContainerVMID: {
 				Type:             schema.TypeInt,
 				Description:      "The VM identifier",
@ -1203,6 +1212,7 @@ func resourceVirtualEnvironmentContainerCreateCustom(
 	started := proxmox.CustomBool(d.Get(mkResourceVirtualEnvironmentContainerStarted).(bool))
 	tags := d.Get(mkResourceVirtualEnvironmentContainerTags).([]interface{})
 	template := proxmox.CustomBool(d.Get(mkResourceVirtualEnvironmentContainerTemplate).(bool))
+	unprivileged := proxmox.CustomBool(d.Get(mkResourceVirtualEnvironmentContainerUnprivileged).(bool))
 	vmID := d.Get(mkResourceVirtualEnvironmentContainerVMID).(int)

 	if vmID == -1 {
@ -1231,6 +1241,7 @@ func resourceVirtualEnvironmentContainerCreateCustom(
 		Swap:                 &memorySwap,
 		Template:             &template,
 		TTY:                  &consoleTTYCount,
+		Unprivileged:         &unprivileged,
 		VMID:                 &vmID,
 	}

--- a/proxmoxtf/resource_virtual_environment_container_test.go
+++ b/proxmoxtf/resource_virtual_environment_container_test.go
@ -38,6 +38,7 @@ func TestResourceVirtualEnvironmentContainerSchema(t *testing.T) {
 		mkResourceVirtualEnvironmentContainerStarted,
 		mkResourceVirtualEnvironmentContainerTags,
 		mkResourceVirtualEnvironmentContainerTemplate,
+		mkResourceVirtualEnvironmentContainerUnprivileged,
 		mkResourceVirtualEnvironmentContainerVMID,
 	})

@ -52,6 +53,7 @@ func TestResourceVirtualEnvironmentContainerSchema(t *testing.T) {
 		mkResourceVirtualEnvironmentContainerStarted:         schema.TypeBool,
 		mkResourceVirtualEnvironmentContainerTags:            schema.TypeList,
 		mkResourceVirtualEnvironmentContainerTemplate:        schema.TypeBool,
+		mkResourceVirtualEnvironmentContainerUnprivileged:    schema.TypeBool,
 		mkResourceVirtualEnvironmentContainerVMID:            schema.TypeInt,
 	})