From 41f35e69fedf2884370f7e39c7483b9f5f16d44b Mon Sep 17 00:00:00 2001 From: Pavel Boldyrev <627562+bpg@users.noreply.github.com> Date: Sun, 8 Jun 2025 10:58:11 -0400 Subject: [PATCH] shore(docs): update API Token auth section (#1991) - Added MD059 rule to .markdownlint.json for better markdown formatting. - Updated CODE_OF_CONDUCT.md to format email address as a link. - Consolidated privilege descriptions in docs/index.md for clarity. - Improved formatting in docs/resources/virtual_environment_vm.md for better readability. * add `gh` to devcontainer * remove wakatime --------- Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- .markdownlint.json | 3 ++- CODE_OF_CONDUCT.md | 2 +- README.md | 1 - docs/index.md | 2 +- docs/resources/virtual_environment_vm.md | 23 +++++++---------------- 6 files changed, 12 insertions(+), 21 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 51d09f56..2adf64a0 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -3,7 +3,7 @@ FROM golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91 ARG GOLANGCI_LINT_VERSION=2.1.6 # renovate: depName=golangci/golangci-lint datasource=github-releases RUN apt update && apt upgrade -y && \ - apt-get install --no-install-recommends -y ca-certificates curl gnupg lsb-release jq zsh neovim && \ + apt-get install --no-install-recommends -y ca-certificates curl gnupg lsb-release jq zsh neovim gh && \ chsh -s $(which zsh) && \ sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" && \ rm -rf /var/lib/apt/lists/* diff --git a/.markdownlint.json b/.markdownlint.json index 4bd67a9c..c9cf11b9 100644 --- a/.markdownlint.json +++ b/.markdownlint.json @@ -3,5 +3,6 @@ "MD013": false, "MD025": false, "MD033": false, - "MD041": false + "MD041": false, + "MD059": false } diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 25441928..86816aae 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -34,7 +34,7 @@ This Code of Conduct applies both within project spaces and in public spaces whe ## Enforcement -Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at bpg.github.com.tn75g@passmail.net. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at . All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. diff --git a/README.md b/README.md index 2fa132d1..847de1ee 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ [![Go Report Card](https://goreportcard.com/badge/github.com/bpg/terraform-provider-proxmox)](https://goreportcard.com/report/github.com/bpg/terraform-provider-proxmox) [![Conventional Commits](https://img.shields.io/badge/conventional%20commits-v1.0.0-ff69b4)](https://www.conventionalcommits.org/en/v1.0.0/) [![CodeRabbit Pull Request Reviews](https://img.shields.io/coderabbit/prs/github/bpg/terraform-provider-proxmox?utm_source=oss&utm_medium=github&utm_campaign=bpg%2Fterraform-provider-proxmox&color=FF570A&link=https%3A%2F%2Fcoderabbit.ai&label=CodeRabbit+Reviews)](https://www.coderabbit.ai/) -[![Wakatime](https://wakatime.com/badge/github/bpg/terraform-provider-proxmox.svg)](https://wakatime.com/@a51a1a51-85c3-497b-b88a-3b310a709909/projects/vdtgmpvjom) A Terraform / OpenTofu Provider that adds support for Proxmox Virtual Environment. diff --git a/docs/index.md b/docs/index.md index 785eb2cd..6535c8d6 100644 --- a/docs/index.md +++ b/docs/index.md @@ -205,7 +205,7 @@ You can create an API Token for a user via the Proxmox UI, or via the command li - Create a role for the user (you can skip this step if you want to use any of the existing roles): ```sh - sudo pveum role add Terraform -privs "Datastore.Allocate Datastore.AllocateSpace Datastore.AllocateTemplate Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify SDN.Use VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Migrate VM.Monitor VM.PowerMgmt User.Modify" + sudo pveum role add Terraform -privs "Mapping.Audit Mapping.Modify Mapping.Use Permissions.Modify Pool.Allocate Pool.Audit Realm.AllocateUser Realm.Allocate SDN.Allocate SDN.Audit Sys.Audit Sys.Console Sys.Incoming Sys.Modify Sys.AccessNetwork Sys.PowerMgmt Sys.Syslog User.Modify Group.Allocate SDN.Use VM.Allocate VM.Audit VM.Backup VM.Clone VM.Config.CDROM VM.Config.CPU VM.Config.Cloudinit VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Console VM.Migrate VM.Monitor VM.PowerMgmt VM.Snapshot.Rollback VM.Snapshot Datastore.Allocate Datastore.AllocateSpace Datastore.AllocateTemplate Datastore.Audit" ``` ~> The list of privileges above is only an example, please review it and adjust to your needs. diff --git a/docs/resources/virtual_environment_vm.md b/docs/resources/virtual_environment_vm.md index beec0b21..14331691 100755 --- a/docs/resources/virtual_environment_vm.md +++ b/docs/resources/virtual_environment_vm.md @@ -135,17 +135,13 @@ output "ubuntu_vm_public_key" { - `isa` - ISA Serial Port. - `virtio` - VirtIO (paravirtualized). - `amd_sev` - (Optional) Secure Encrypted Virtualization (SEV) features by AMD CPUs. - - `type` - (Optional) Enable standard SEV with `std` or enable experimental - SEV-ES with the `es` option or enable experimental SEV-SNP with the `snp` option - (defaults to `std`). + - `type` - (Optional) Enable standard SEV with `std` or enable experimental SEV-ES with the `es` option or enable experimental SEV-SNP with the `snp` option (defaults to `std`). - `allow_smt` - (Optional) Sets policy bit to allow Simultaneous Multi Threading (SMT) (Ignored unless for SEV-SNP) (defaults to `true`). - - `kernel_hashes` - (Optional) Add kernel hashes to guest firmware for measured - linux kernel launch (defaults to `false`). + - `kernel_hashes` - (Optional) Add kernel hashes to guest firmware for measured linux kernel launch (defaults to `false`). - `no_debug` - (Optional) Sets policy bit to disallow debugging of guest (defaults to `false`). - - `no_key_sharing` - (Optional) Sets policy bit to disallow key sharing with - other guests (Ignored for SEV-SNP) (defaults to `false`). + - `no_key_sharing` - (Optional) Sets policy bit to disallow key sharing with other guests (Ignored for SEV-SNP) (defaults to `false`). The `amd_sev` setting is only allowed for a `root@pam` authenticated user. - `audio_device` - (Optional) An audio device. @@ -657,6 +653,7 @@ trusts the user to set `agent.enabled` correctly and waits for `qemu-guest-agent` to start. ## AMD SEV + AMD SEV (-ES, -SNP) are security features for AMD processors. SEV-SNP support is included in Proxmox version **8.4**, see [Proxmox Wiki]( https://pve.proxmox.com/wiki/Qemu/KVM_Virtual_Machines#qm_virtual_machines_settings) @@ -665,17 +662,11 @@ for more information. `amd-sev` requires root and therefore `root@pam` auth. -SEV-SNP requires `bios = OVMF` and a supported AMD CPU (`EPYC-v4` for instance), -`machine = q35` is also advised. No EFI disk is required since SEV-SNP uses -consolidated read-only firmware. A configured EFI will be ignored. +SEV-SNP requires `bios = OVMF` and a supported AMD CPU (`EPYC-v4` for instance), `machine = q35` is also advised. No EFI disk is required since SEV-SNP uses consolidated read-only firmware. A configured EFI will be ignored. -All changes made to `amd_sev` will trigger reboots. Removing or adding the -`amd_sev` block will force a replacement of the resource. Modifying the `amd_sev` -block will not trigger replacements. +All changes made to `amd_sev` will trigger reboots. Removing or adding the `amd_sev` block will force a replacement of the resource. Modifying the `amd_sev` block will not trigger replacements. -`allow_smt` is by default set to `true` even if `snp` is not the selected type. -Proxmox will ignore this value when `snp` is not in use. Likewise `no_key_sharing` -is `false` by default but ignored by Proxmox when `snp` is in use. +`allow_smt` is by default set to `true` even if `snp` is not the selected type. Proxmox will ignore this value when `snp` is not in use. Likewise `no_key_sharing` is `false` by default but ignored by Proxmox when `snp` is in use. ## Important Notes