mirrors/terraform-provider-proxmox
0
0
Fork 0
mirror of https://github.com/bpg/terraform-provider-proxmox.git synced 2025-06-30 18:42:58 +00:00
Code
401b39782f
terraform-provider-proxmox/proxmox/virtual_environment_authentication.go
Pavel Boldyrev 98e1cff7fe
feat: Add firewall resources (#246) 
* refactoring existing cluster / firewall API for better composition

* add basic security groups API
fix linter errors

* add rules API

* fix after renaming resourceVirtualEnvironmentClusterIPSet

* fix linter errors

* make linter happy

* even more refactoring

* tidy up datasources

* in refactoring spree

* update examples

* fix firewall resource/datasource & client error handling

* add ipset(s) datasource

* update docs

* add security group resource with rules

* docs

* fix security group update, TODO: rule update

* fix after rebase

* add rule update, extract common rule schema, refactor group

* fix linter  errors

* bump linter for ci

* make alias and ipset reusable

* make security group reusable

* refactor datasources

* add security group datasources

* fix linter errors

* update docs

TODO: documentation for group datasources

* add sg docs, update doc index

* minor cleanup

* fix examples & tests

* stub for firewall-level options and rules

* extract firewall interface

* add firewall options and rules on the cluster level

TODO: issues with rule list management

* refactor all resources format AGAIN, now more flat, without complex subresources

* sort out hierarchy of APIs and remove duplication in API wrappers

* bring back security group

* finally, working rules

* restore cluster firewall option

* add containers support

* add options

* move rules back under security group, update docs

* fix vm_id / container_id attrs

* add examples

* cleanup

* more cleanup


Release-As: 0.17.0-rc1
2023-04-02 18:01:10 -04:00

119 lines
2.9 KiB
Go
Raw Blame History

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
package proxmox
import (
"bytes"
"context"
"encoding/json"
"errors"
"fmt"
"net/http"
"net/url"
"github.com/hashicorp/terraform-plugin-log/tflog"
)
const (
// DefaultRootAccount contains the default username and realm for the root account.
DefaultRootAccount = "root@pam"
)
// Authenticate authenticates against the specified endpoint.
func (c *VirtualEnvironmentClient) Authenticate(ctx context.Context, reset bool) error {
if c.authenticationData != nil && !reset {
return nil
}
var reqBody *bytes.Buffer
if c.OTP != nil {
reqBody = bytes.NewBufferString(fmt.Sprintf(
"username=%s&password=%s&otp=%s",
url.QueryEscape(c.Username),
url.QueryEscape(c.Password),
url.QueryEscape(*c.OTP),
))
} else {
reqBody = bytes.NewBufferString(fmt.Sprintf(
"username=%s&password=%s",
url.QueryEscape(c.Username),
url.QueryEscape(c.Password),
))
}
req, err := http.NewRequestWithContext(
ctx,
http.MethodPost,
fmt.Sprintf("%s/%s/access/ticket", c.Endpoint, basePathJSONAPI),
reqBody,
)
if err != nil {
return errors.New("failed to create authentication request")
}
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
tflog.Debug(ctx, "sending authentication request", map[string]interface{}{
"path": req.URL.Path,
})
res, err := c.httpClient.Do(req)
if err != nil {
return fmt.Errorf("failed to retrieve authentication response: %w", err)
}
err = c.ValidateResponseCode(res)
if err != nil {
return err
}
resBody := VirtualEnvironmentAuthenticationResponseBody{}
err = json.NewDecoder(res.Body).Decode(&resBody)
if err != nil {
return fmt.Errorf("failed to decode authentication response, %w", err)
}
if resBody.Data == nil {
return errors.New("the server did not include a data object in the authentication response")
}
if resBody.Data.CSRFPreventionToken == nil {
return errors.New(
"the server did not include a CSRF prevention token in the authentication response",
)
}
if resBody.Data.Ticket == nil {
return errors.New("the server did not include a ticket in the authentication response")
}
if resBody.Data.Username == "" {
return errors.New("the server did not include the username in the authentication response")
}
c.authenticationData = resBody.Data
return nil
}
// AuthenticateRequest adds authentication data to a new request.
func (c *VirtualEnvironmentClient) AuthenticateRequest(ctx context.Context, req *http.Request) error {
err := c.Authenticate(ctx, false)
if err != nil {
return err
}
req.AddCookie(&http.Cookie{
Name: "PVEAuthCookie",
Value: *c.authenticationData.Ticket,
})
if req.Method != "GET" {
req.Header.Add("CSRFPreventionToken", *c.authenticationData.CSRFPreventionToken)
}
return nil
}
View Git Blame Copy Permalink