* feat(lxc): Implement support for container's "protection flag"
The Proxmox VE types already has the `protection` API parameter [1],
but it is not exposed to the provider users.
This pull request implements the missing logic to make it available in
order to allow to protect containers against deletion/update operations,
including the container's disks.
[1]: https://github.com/bpg/terraform-provider-proxmox/blob/v0.63.0/proxmox/nodes/containers/containers_types.go#L59
Relates GH-1126
Signed-off-by: Sven Greb <development@svengreb.de>
* Update example/resource_virtual_environment_container.tf
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Sven Greb <development@svengreb.de>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(acme): implement CRUD API for proxmox cluster ACME plugins
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* feat(acme): implement acme_plugins data source
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* feat(acme): implement acme_plugin data source
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* feat(acme): implement plugin resource creation
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* feat(acme): implement plugin resource read
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* feat(acme): implement plugin resource update
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* feat(acme): implement plugin resource deletion
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* feat(acme): implement plugin resource import
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* docs(acme): generate documentation
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* fix: apply suggestions from code review
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* refactor: extract common fields into BasePluginData
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* fix: restrict plugin resource to type=dns only
because type=standalone is not configurable and always enabled by
default.
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* fix: remove unused 'nodes' property
https://github.com/bpg/terraform-provider-proxmox/pull/1479/files#r1710916265
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* fix: remove "delete" property
https://github.com/bpg/terraform-provider-proxmox/pull/1479/files#r1710908809
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* feat: implement attribute deletion
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* fix: ignore empty lines in dns plugin data
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* fix: partial revert of code review suggestions
Joining the values with a string literal would produce \\n instead of \n
and splitting at \\n doesn't match a newline.
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* refactor: extract acme plugin models into separate file
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
* fix: format disable parameter as int
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
---------
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(file): Add support to set the file mode
GH-733 [1] implemented basic support for hook scripts, but the authors
"did not manage to find time to work on" [2] also including support to
set the file mode. This small but important feature makes the use of the
`proxmox_virtual_environment_container.hook_script_file_id` [3] and
`virtual_environment_vm.hook_script_file_id` [34] attributes basically
useless when not combined with the manual step of making the uploaded
file executable (manually running `chmod +x /path/to/script` or using
other methods, based on the storage backend). Using the
`hook_script_file_id` on its own also causes all planned and applies
changes in the same execution to not be saved in the state because the
Proxmox VE API responses with a HTTP `500` because the uploaded and
assigned file is not executable.
This pull request implements the missing feature to set the file mode
by adding a new `file_mode` attribute of type `string` where an
octal-formatted value can be passed, e.g. `0700` or only `600`.
Note that the support for the octal prefixes `0o` and `0x` are not
supported to reduced the complexity, even though Go of course support
it, including the used `os.FileMode` type [5].
Changing the file mode also causes the file to be replaced, which is
true for almost any attribute in the `proxmox_virtual_environment_file`
resource, to ensure that the file mode can also be changed after the
initial creation.
[1]: https://github.com/bpg/terraform-provider-proxmox/pull/733
[2]: https://github.com/bpg/terraform-provider-proxmox/pull/733#issuecomment-2096716738
[3]: https://registry.terraform.io/providers/bpg/proxmox/latest/docs/resources/virtual_environment_container#hook_script_file_id
[4]: https://registry.terraform.io/providers/bpg/proxmox/latest/docs/resources/virtual_environment_vm#hook_script_file_id
[5]: https://pkg.go.dev/os#FileMode
Related to GH-570
Related to GH-733
Signed-off-by: Sven Greb <development@svengreb.de>
---------
Signed-off-by: Sven Greb <development@svengreb.de>
* feat(acme): implement CRUD API for proxmox cluster ACME
* feat(acme): implement acme_accounts data source
* feat(acme): implement acme_account data source
* fix(acme): wait for task status on account creation
* feat(acme): implement account resource creation
* feat(acme): implement account read
* fix(acme): wait for task status on account update
* feat(acme): implement account update
* fix(acme): wait for task status on account deletion
* feat(acme): implement account deletion
* feat(acme): implement account import
* feat(acme): provide correctly typed API response for `account` field
* feat(acme): implement account schema for acme_account data source
* fix(acme): read `location` into state in acme_account resource
* fix(acme): ensure `name` of acme_account resource can't be changed
* docs(acme): generate documentation
* feat(acme): read back ACME account details from API
* Revert "fix(acme): ensure `name` of acme_account resource can't be changed"
* fix(acme): provide default for acme account name
* fix(acme): acme account name can't be changed
* chore(acme): update resource doc to clarify PVE auth requirements
* chore(acme): add `created_at` attr to the resource, sort model fields & schema attributes alphabetically
---------
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* document role privileges required by proxmox_virtual_environment_download_file resource
* move the new section to the download_file resource doc
---------
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: windowsrefund <mtf8>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(nodes): Initial support to manage APT repositories
> Summary
This commit implements initial support for managing APT repositories
which is (currently) limited to…
- …adding "standard" repositories to allow to configure it.
- toggling the activation status (enabled/disabled) of any configured
repository.
+ !WARNING!
+ Note that deleting or modifying a repository in any other way is
+ (sadly) not possible (yet?)!
+ The limited functionality is due to the (current) capabilities of
+ the Proxmox VE APT repository API [1] itself.
>> Why are there two resources for one API entity?
Even though an APT repository should be seen as a single API entity, it
was required to implement standard repositories as dedicated
`proxmox_virtual_environment_apt_standard_repository`. This is because
standard repositories must be configured (added) first to the default
source list files because their activation status can be toggled. This
is handled by the HTTP `PUT` request, but the modifying request is
`POST` which would require two calls within the same Terraform execution
cycle. I tried to implement it in a single resource and it worked out
mostly after some handling some edges cases, but in the end there were
still too many situations an edge cases where it might break due to
Terraform state drifts between states. In the end the dedicated
resources are way cleaner and easier to use without no complexity and
conditional attribute juggling for practitioners.
>> Other "specialties"
Unfortunately the Proxmox VE API responses to HTTP `GET` requests with
four larger arrays which are, more or less, kind of connected to each
other, but they also somehow stand on their own. This means that there
is a `files` array that contains the `repositories` again which again
contains all repositories with their metadata of every source file. On
the other hand available standard repositories are listed in the
`standard-repos` array, but their activation status is only stored when
they have already been added through a `PUT` request. The `infos` array
is more less useless.
So in order to get the required data and store them in the state the
`importFromAPI` methods of the models must loop through all the
deep-nested arrays and act based on specific attributes like a matching
file path, comparing it to the activation status and so on.
In the end the implementation is really stable after testing it with all
possible conditions and state combinations.
@bpg if you'd like me to create a small data logic flow chart to make it
easier to understand some parts of the code let me know. I can make my
local notes "shareable" which I created to not loose track of the logic.
>> What is the way to manage the activation status of a "standard" repository?
Because the two resources are modular and scoped they can be simply
combined to manage an APT "standard" repository, e.g. toggling its
activation status. The following examples are also included in the
documentations.
```hcl
// This resource ensure that the "no-subscription" standard repository
// is added to the source list.
// It represents the `PUT` API request.
resource "proxmox_virtual_environment_apt_standard_repository" "example" {
handle = "no-subscription"
node = "pve"
}
// This resource allows to actually modify the activation status of the
// standard repository as it represents the `POST`.
// Using the values from the dedicated standard repository resource
// makes sure that Terraform correctly resolves dependency order.
resource "proxmox_virtual_environment_apt_repository" "example" {
enabled = true
file_path = proxmox_virtual_environment_apt_standard_repository.example.file_path
index = proxmox_virtual_environment_apt_standard_repository.example.index
node = proxmox_virtual_environment_apt_standard_repository.example.node
}
```
[1]: https://pve.proxmox.com/pve-docs/api-viewer/#/nodes/{node}/apt/repositories
---------
Signed-off-by: Sven Greb <development@svengreb.de>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(vm): implement filtering in vms data source.
* Additional attributes for vm data source (status, template)
* fix qodana CI job condition
---------
Signed-off-by: Konstantin Kornienko <konstantin.kornienko@gmail.com>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
feat(vm2): add initial support for `cdrom`
This is a breaking change comparing to v1 - switching the cdrom schema from a nested block to a nested attribute map.
Improvements comparing to v1:
- support for `ide`, `sata`, `scsi` interfaces
- support for multiple cdroms
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* misc(vm2): add support for `vga`
* fix: use random VM IDs in parallel acc tests
---------
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
This commit implements the `next-id` and `notify` PVE API cluster
options.
The `next-id` attribute allows to control the range for the next free
VM ID. It is implemented as object and can be used in the
`proxmox_virtual_environment_cluster_options` resource and can be used
like this:
```terraform
resource "proxmox_virtual_environment_cluster_options" "options" {
next_id = {
lower = 200
upper = 299
}
}
```
Note that the minimum and maximum values are unfortunately not
documented in the PVE API explorer but can be found in the web UI where
the form fields have validations!
The `notify` PVE API attribute is also an object that has all the PVE
API fields:
```terraform
resource "proxmox_virtual_environment_cluster_options" "options" {
notify = {
ha_fencing_mode = "never"
ha_fencing_target = "default-matcher"
package_updates = "always"
package_updates_target = "default-matcher"
package_replication = "always"
package_replication_target = "default-matcher"
}
}
```terraform
Note that the "fencing" attribute names have been adjusted to better
reflect their meaning since they are scoped to the Proxmox VE HA fencing
feature [1]. All attributes with the `_target` suffix are names for the
Proxmox VE notifications matchers [2].
[1]: https://pve.proxmox.com/wiki/Fencing
[2]: https://pve.proxmox.com/pve-docs/chapter-notifications.html#notification_matchers
---------
Signed-off-by: Sven Greb <development@svengreb.de>
* feat(cluster): Implement initial support for "hardware mappings"
Right now it is alredy possible to use a mapped resource [1], but there
is no dedicated `proxmox_virtual_environment_cluster_hardware_mapping`
resource but this step must still be done manually (or automated through
other ways that interact with the Proxmox API).
This commit implements support for "hardware mapping" resources and data
sources for the, currently, available bus types PCI and USB, based on
the Proxmox VE API documentations [2].
There are some "specialities" in these resources and data sources:
1. The Proxmox VE API attribute, but this implementations names it
"comment" since this naming is generally across the Proxmox VE web UI
and API documentations. This still follows the Terraform
"best practices" [3] as it improves the user experience by matching
the field name to the naming used in the human-facing interfaces.
2. Like in point 1, the name of the attribute of "node checks
diagnostics" for USB hardware mappings is "errors" in the Proxmox VE
API while it is "checks" for hardware mappings of type PCI.
The second naming pattern is also generally used across the
Proxmox VE web UI and API documentations, including the "check_node"
attribute that is also implemented in the
"proxmox_virtual_environment_hardware_mappings" data source.
Therefore, this implementation named both attributes "checks" which
still follows the Terraform "best practices" [3] as it improves the
user experience by matching the field name to the naming used in the
human-facing interfaces.
3. This implmenetation comes with the "unique" feature of allowing
comments (named "descriptions" by the Proxmox VE API) for an entry in
a device map which is not possible through the web UI at all but only
adding a comment for the whole mapping entry instead.
Note that this implementation also adds another point in the
"Known Issues" documentation since it is only possible to map a
PCI/USB device using the `root` PAM account, but this is still better
than having to manually configure it through the web UI or by
interacting with the Proxmox VE API on other ways.
[1]: https://github.com/bpg/terraform-provider-proxmox/pull/500
[2]: https://pve.proxmox.com/pve-docs/api-viewer/#/cluster/mapping/pci
[3]: https://developer.hashicorp.com/terraform/plugin/best-practices/hashicorp-provider-design-principles#resource-and-attribute-schema-should-closely-match-the-underlying-api
Signed-off-by: Sven Greb <development@svengreb.de>
* fix linter
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Sven Greb <development@svengreb.de>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(vm): add support for cpu `affinity` attribute (#1148)
It helps to pin VMs to the special cpu.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
* add clarification about the format and permission requirements for `affinity`
* do not add `affinity` property to the API call if is not set
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(vm): add proxmox_virtual_environment_node datasource
It helps to get CPU model, number of cores and sockets.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
* fix node_name ref
* add acceptance test
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* Fix some obvious errors, remove dead code
* Add instructions for manually adding public key to authorized_keys file
* Add GitHub context dump step and update testacc workflow condition
---------
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(vm): add `VLAN` trunk support
Signed-off-by: Jack Hodgkiss <identity@jackhodgkiss.uk>
* update docs
* better error handling
* add trunks to acceptance test
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Jack Hodgkiss <identity@jackhodgkiss.uk>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(file)!: safer snippets upload using SSH input stream
* fixes for acceptance tests on windows
* enable other OS-es for acceptance tests
* update example templates to use api token auth
---------
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(provider): add support for private key authentication for SSH
Also fix bunch of issues with acceptance tests
---------
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* fix(file): use `sudo` for snippets upload
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* fix: linter
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* fix: no more rm -rf
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Signed-off-by: Daniel Schlosser <8429638+Eusebius1920@users.noreply.github.com>
Co-authored-by: Daniel Schlosser <8429638+Eusebius1920@users.noreply.github.com>
* feat(provider): add support for SOCKS5 proxy for SSH connection.
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* fix: linter
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(provider): use `sudo` to execute commands over SSH
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* fix: simplify everything, use sudo per command
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat: add documentation
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* minor doc fix
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* chore: cleanup docs
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Fix incorrect indentation in `disk` block which caused the `size` parameter to render incorrectly.
Signed-off-by: Tom Stokes <tomstokes@radixengineering.com>
* fix(provider): removed ip check/limitation to mkProviderSSHNode
It is now possible to use an FQDN instead of an IP Address when the SSH
node is configured
Changes to be committed:
modified: proxmoxtf/provider/schema.go
Signed-off-by: bitchecker <ciro.deluca@autistici.org>
* fix(docs): Updating documentation after the code updates
Signed-off-by: bitchecker <ciro.deluca@autistici.org>
---------
Signed-off-by: bitchecker <ciro.deluca@autistici.org>
* feat(lxc): allow to update features, add mount type support
Signed-off-by: tarik02 <taras.fomin@gmail.com>
* updates according to the MR
Signed-off-by: tarik02 <taras.fomin@gmail.com>
* update according to the pull request
Signed-off-by: tarik02 <taras.fomin@gmail.com>
---------
Signed-off-by: tarik02 <taras.fomin@gmail.com>
* chore(docs): minor fixes and linting
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* chore(docs): add VM mini-howtos with examples
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* address peer-review feedback
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* vscode settings
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
specify right content type for backups
This now matches with the folder used by proxmox for backups
Also update documentation to reflect the change
Signed-off-by: DanielHabenicht <daniel-habenicht@outlook.de>
* fix(vm): update validation and docs for `machine` attribute.
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* chore: remove certificate resource from acceptance tests
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat: support usb devices for vm; fixes#665
Signed-off-by: Daniel Muehlbachler-Pietrzykowski <daniel@muehlbachler.io>
* chore: fix linter errors
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Daniel Muehlbachler-Pietrzykowski <daniel@muehlbachler.io>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
