From 19185611b37c85a071ac4d3fd0c9a6b865b7c28d Mon Sep 17 00:00:00 2001
From: Cameron <68611194+1-cameron@users.noreply.github.com>
Date: Sun, 5 Feb 2023 22:30:05 +0000
Subject: [PATCH] feat(lxc): Add unprivileged option (#225)

* feat: Add unprivileged parameter for containers

* feat: make modifying the unprivileged option recreate the resource

* feat: add unprivileged to tests

* docs: Add unprivileged argument

---------

Co-authored-by: cditchfield <cditchfield@thoughtmachine.net>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---
 docs/resources/virtual_environment_container.md       |  2 ++
 proxmoxtf/resource_virtual_environment_container.go   | 11 +++++++++++
 .../resource_virtual_environment_container_test.go    |  2 ++
 3 files changed, 15 insertions(+)

diff --git a/docs/resources/virtual_environment_container.md b/docs/resources/virtual_environment_container.md
index 3e3c2bef..479ef0af 100644
--- a/docs/resources/virtual_environment_container.md
+++ b/docs/resources/virtual_environment_container.md
@@ -169,6 +169,8 @@ output "ubuntu_container_public_key" {
   difference on the resource. You may use the `ignore_changes` lifecycle
   meta-argument to ignore changes to this attribute.
 - `template` - (Optional) Whether to create a template (defaults to `false`).
+- `unprivileged` - (Optional) Whether the container runs as unprivileged on
+the host (defaults to `false`).
 - `vm_id` - (Optional) The virtual machine identifier
 
 ## Attribute Reference
diff --git a/proxmoxtf/resource_virtual_environment_container.go b/proxmoxtf/resource_virtual_environment_container.go
index 04ee4e2c..0ad80438 100644
--- a/proxmoxtf/resource_virtual_environment_container.go
+++ b/proxmoxtf/resource_virtual_environment_container.go
@@ -50,6 +50,7 @@ const (
 	dvResourceVirtualEnvironmentContainerPoolID                            = ""
 	dvResourceVirtualEnvironmentContainerStarted                           = true
 	dvResourceVirtualEnvironmentContainerTemplate                          = false
+	dvResourceVirtualEnvironmentContainerUnprivileged                      = false
 	dvResourceVirtualEnvironmentContainerVMID                              = -1
 
 	maxResourceVirtualEnvironmentContainerNetworkInterfaces = 8
@@ -105,6 +106,7 @@ const (
 	mkResourceVirtualEnvironmentContainerStarted                           = "started"
 	mkResourceVirtualEnvironmentContainerTags                              = "tags"
 	mkResourceVirtualEnvironmentContainerTemplate                          = "template"
+	mkResourceVirtualEnvironmentContainerUnprivileged                      = "unprivileged"
 	mkResourceVirtualEnvironmentContainerVMID                              = "vm_id"
 )
 
@@ -576,6 +578,13 @@ func resourceVirtualEnvironmentContainer() *schema.Resource {
 				ForceNew:    true,
 				Default:     dvResourceVirtualEnvironmentContainerTemplate,
 			},
+			mkResourceVirtualEnvironmentContainerUnprivileged: {
+				Type:        schema.TypeBool,
+				Description: "Whether the container runs as unprivileged on the host",
+				Optional:    true,
+				ForceNew:    true,
+				Default:     dvResourceVirtualEnvironmentContainerUnprivileged,
+			},
 			mkResourceVirtualEnvironmentContainerVMID: {
 				Type:             schema.TypeInt,
 				Description:      "The VM identifier",
@@ -1203,6 +1212,7 @@ func resourceVirtualEnvironmentContainerCreateCustom(
 	started := proxmox.CustomBool(d.Get(mkResourceVirtualEnvironmentContainerStarted).(bool))
 	tags := d.Get(mkResourceVirtualEnvironmentContainerTags).([]interface{})
 	template := proxmox.CustomBool(d.Get(mkResourceVirtualEnvironmentContainerTemplate).(bool))
+	unprivileged := proxmox.CustomBool(d.Get(mkResourceVirtualEnvironmentContainerUnprivileged).(bool))
 	vmID := d.Get(mkResourceVirtualEnvironmentContainerVMID).(int)
 
 	if vmID == -1 {
@@ -1231,6 +1241,7 @@ func resourceVirtualEnvironmentContainerCreateCustom(
 		Swap:                 &memorySwap,
 		Template:             &template,
 		TTY:                  &consoleTTYCount,
+		Unprivileged:         &unprivileged,
 		VMID:                 &vmID,
 	}
 
diff --git a/proxmoxtf/resource_virtual_environment_container_test.go b/proxmoxtf/resource_virtual_environment_container_test.go
index 4ad03bad..d8ded6cf 100644
--- a/proxmoxtf/resource_virtual_environment_container_test.go
+++ b/proxmoxtf/resource_virtual_environment_container_test.go
@@ -38,6 +38,7 @@ func TestResourceVirtualEnvironmentContainerSchema(t *testing.T) {
 		mkResourceVirtualEnvironmentContainerStarted,
 		mkResourceVirtualEnvironmentContainerTags,
 		mkResourceVirtualEnvironmentContainerTemplate,
+		mkResourceVirtualEnvironmentContainerUnprivileged,
 		mkResourceVirtualEnvironmentContainerVMID,
 	})
 
@@ -52,6 +53,7 @@ func TestResourceVirtualEnvironmentContainerSchema(t *testing.T) {
 		mkResourceVirtualEnvironmentContainerStarted:         schema.TypeBool,
 		mkResourceVirtualEnvironmentContainerTags:            schema.TypeList,
 		mkResourceVirtualEnvironmentContainerTemplate:        schema.TypeBool,
+		mkResourceVirtualEnvironmentContainerUnprivileged:    schema.TypeBool,
 		mkResourceVirtualEnvironmentContainerVMID:            schema.TypeInt,
 	})