* feat(acme): implement CRUD API for proxmox cluster ACME
* feat(acme): implement acme_accounts data source
* feat(acme): implement acme_account data source
* fix(acme): wait for task status on account creation
* feat(acme): implement account resource creation
* feat(acme): implement account read
* fix(acme): wait for task status on account update
* feat(acme): implement account update
* fix(acme): wait for task status on account deletion
* feat(acme): implement account deletion
* feat(acme): implement account import
* feat(acme): provide correctly typed API response for `account` field
* feat(acme): implement account schema for acme_account data source
* fix(acme): read `location` into state in acme_account resource
* fix(acme): ensure `name` of acme_account resource can't be changed
* docs(acme): generate documentation
* feat(acme): read back ACME account details from API
* Revert "fix(acme): ensure `name` of acme_account resource can't be changed"
* fix(acme): provide default for acme account name
* fix(acme): acme account name can't be changed
* chore(acme): update resource doc to clarify PVE auth requirements
* chore(acme): add `created_at` attr to the resource, sort model fields & schema attributes alphabetically
---------
Signed-off-by: Björn Brauer <zaubernerd@zaubernerd.de>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(nodes): Initial support to manage APT repositories
> Summary
This commit implements initial support for managing APT repositories
which is (currently) limited to…
- …adding "standard" repositories to allow to configure it.
- toggling the activation status (enabled/disabled) of any configured
repository.
+ !WARNING!
+ Note that deleting or modifying a repository in any other way is
+ (sadly) not possible (yet?)!
+ The limited functionality is due to the (current) capabilities of
+ the Proxmox VE APT repository API [1] itself.
>> Why are there two resources for one API entity?
Even though an APT repository should be seen as a single API entity, it
was required to implement standard repositories as dedicated
`proxmox_virtual_environment_apt_standard_repository`. This is because
standard repositories must be configured (added) first to the default
source list files because their activation status can be toggled. This
is handled by the HTTP `PUT` request, but the modifying request is
`POST` which would require two calls within the same Terraform execution
cycle. I tried to implement it in a single resource and it worked out
mostly after some handling some edges cases, but in the end there were
still too many situations an edge cases where it might break due to
Terraform state drifts between states. In the end the dedicated
resources are way cleaner and easier to use without no complexity and
conditional attribute juggling for practitioners.
>> Other "specialties"
Unfortunately the Proxmox VE API responses to HTTP `GET` requests with
four larger arrays which are, more or less, kind of connected to each
other, but they also somehow stand on their own. This means that there
is a `files` array that contains the `repositories` again which again
contains all repositories with their metadata of every source file. On
the other hand available standard repositories are listed in the
`standard-repos` array, but their activation status is only stored when
they have already been added through a `PUT` request. The `infos` array
is more less useless.
So in order to get the required data and store them in the state the
`importFromAPI` methods of the models must loop through all the
deep-nested arrays and act based on specific attributes like a matching
file path, comparing it to the activation status and so on.
In the end the implementation is really stable after testing it with all
possible conditions and state combinations.
@bpg if you'd like me to create a small data logic flow chart to make it
easier to understand some parts of the code let me know. I can make my
local notes "shareable" which I created to not loose track of the logic.
>> What is the way to manage the activation status of a "standard" repository?
Because the two resources are modular and scoped they can be simply
combined to manage an APT "standard" repository, e.g. toggling its
activation status. The following examples are also included in the
documentations.
```hcl
// This resource ensure that the "no-subscription" standard repository
// is added to the source list.
// It represents the `PUT` API request.
resource "proxmox_virtual_environment_apt_standard_repository" "example" {
handle = "no-subscription"
node = "pve"
}
// This resource allows to actually modify the activation status of the
// standard repository as it represents the `POST`.
// Using the values from the dedicated standard repository resource
// makes sure that Terraform correctly resolves dependency order.
resource "proxmox_virtual_environment_apt_repository" "example" {
enabled = true
file_path = proxmox_virtual_environment_apt_standard_repository.example.file_path
index = proxmox_virtual_environment_apt_standard_repository.example.index
node = proxmox_virtual_environment_apt_standard_repository.example.node
}
```
[1]: https://pve.proxmox.com/pve-docs/api-viewer/#/nodes/{node}/apt/repositories
---------
Signed-off-by: Sven Greb <development@svengreb.de>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(cluster): Implement initial support for "hardware mappings"
Right now it is alredy possible to use a mapped resource [1], but there
is no dedicated `proxmox_virtual_environment_cluster_hardware_mapping`
resource but this step must still be done manually (or automated through
other ways that interact with the Proxmox API).
This commit implements support for "hardware mapping" resources and data
sources for the, currently, available bus types PCI and USB, based on
the Proxmox VE API documentations [2].
There are some "specialities" in these resources and data sources:
1. The Proxmox VE API attribute, but this implementations names it
"comment" since this naming is generally across the Proxmox VE web UI
and API documentations. This still follows the Terraform
"best practices" [3] as it improves the user experience by matching
the field name to the naming used in the human-facing interfaces.
2. Like in point 1, the name of the attribute of "node checks
diagnostics" for USB hardware mappings is "errors" in the Proxmox VE
API while it is "checks" for hardware mappings of type PCI.
The second naming pattern is also generally used across the
Proxmox VE web UI and API documentations, including the "check_node"
attribute that is also implemented in the
"proxmox_virtual_environment_hardware_mappings" data source.
Therefore, this implementation named both attributes "checks" which
still follows the Terraform "best practices" [3] as it improves the
user experience by matching the field name to the naming used in the
human-facing interfaces.
3. This implmenetation comes with the "unique" feature of allowing
comments (named "descriptions" by the Proxmox VE API) for an entry in
a device map which is not possible through the web UI at all but only
adding a comment for the whole mapping entry instead.
Note that this implementation also adds another point in the
"Known Issues" documentation since it is only possible to map a
PCI/USB device using the `root` PAM account, but this is still better
than having to manually configure it through the web UI or by
interacting with the Proxmox VE API on other ways.
[1]: https://github.com/bpg/terraform-provider-proxmox/pull/500
[2]: https://pve.proxmox.com/pve-docs/api-viewer/#/cluster/mapping/pci
[3]: https://developer.hashicorp.com/terraform/plugin/best-practices/hashicorp-provider-design-principles#resource-and-attribute-schema-should-closely-match-the-underlying-api
Signed-off-by: Sven Greb <development@svengreb.de>
* fix linter
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Sven Greb <development@svengreb.de>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(provider): add support for private key authentication for SSH
Also fix bunch of issues with acceptance tests
---------
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(provider): add support for SOCKS5 proxy for SSH connection.
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* fix: linter
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
For SSH access, try in order:
- IPv4 address of the interface with IPv4 Gateway (if there is one)
- IPv6 address of the interface with IPv6 Gateway (if there is one)
- fallback to the first interface with IPv4 address
Signed-off-by: Oto Petřík <oto.petrik@gmail.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
* feat(provider): configure temp directory
Resource 'proxmox_virtual_environment_file' often requires lot of disk
space in /tmp, which can be space-limited.
Instead of requiring to set TMPDIR environment variable before running
terraform, make it a provider configuration option.
Signed-off-by: Oto Petřík <oto.petrik@gmail.com>
* fix: lint error, align names in the `client` struct
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---------
Signed-off-by: Oto Petřík <oto.petrik@gmail.com>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
