Merge pull request #1429 from Tinyblargon/lxc-ssh

Tinyblargon · web-flow · commit 4876183bc2c1 · 2025-10-16T22:12:16.000+02:00
Feat: new LXC `ssh_public_keys`
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/Telmate/terraform-provider-proxmox/v2
 go 1.24
 
 require (
-	github.com/Telmate/proxmox-api-go v0.0.0-20251014200358-2a5959153a7b
+	github.com/Telmate/proxmox-api-go v0.0.0-20251016192144-4a331a14ad5c
 	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-cty v1.5.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.37.0
diff --git a/go.sum b/go.sum
@@ -4,8 +4,8 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/ProtonMail/go-crypto v1.2.0 h1:+PhXXn4SPGd+qk76TlEePBfOfivE0zkWFenhGhFLzWs=
 github.com/ProtonMail/go-crypto v1.2.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
-github.com/Telmate/proxmox-api-go v0.0.0-20251014200358-2a5959153a7b h1:RQb2k6bWPNdKjhf9I2W9hgD7d6A7S6mDcJtpIC7tf+A=
-github.com/Telmate/proxmox-api-go v0.0.0-20251014200358-2a5959153a7b/go.mod h1:HGPbpwiVsrpYYuQAygnnU04ZdGLYc8fdP9qhJIBw2Bg=
+github.com/Telmate/proxmox-api-go v0.0.0-20251016192144-4a331a14ad5c h1:ous4SCwB2bwCuY9SmroHCJpT4JVh8eKYhHDp+3ULqSI=
+github.com/Telmate/proxmox-api-go v0.0.0-20251016192144-4a331a14ad5c/go.mod h1:HGPbpwiVsrpYYuQAygnnU04ZdGLYc8fdP9qhJIBw2Bg=
 github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
 github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
diff --git a/proxmox/Internal/resource/guest/clone/schema.go b/proxmox/Internal/resource/guest/clone/schema.go
@@ -4,6 +4,7 @@ import (
 	pveSDK "github.com/Telmate/proxmox-api-go/proxmox"
 	errorMSG "github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/errormsg"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/lxc/password"
+	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/lxc/ssh_public_keys"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/lxc/template"
 	"github.com/hashicorp/go-cty/cty"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -29,7 +30,7 @@ func Schema() *schema.Schema {
 		ForceNew:      true,
 		MaxItems:      1,
 		MinItems:      1,
-		ConflictsWith: []string{template.Root, password.Root},
+		ConflictsWith: []string{template.Root, password.Root, ssh_public_keys.Root},
 		Elem: &schema.Resource{
 			Schema: map[string]*schema.Schema{
 				SchemaID: {
diff --git a/proxmox/Internal/resource/guest/lxc/lxc_tags/terraform.go b/proxmox/Internal/resource/guest/lxc/lxc_tags/terraform.go
@@ -6,6 +6,10 @@ import (
 )
 
 func Terraform(tags *pveSDK.Tags, d *schema.ResourceData) {
+	if tags == nil {
+		d.Set(Root, nil)
+		return
+	}
 	tagSet := make([]any, len(*tags))
 	for i := range *tags {
 		tagSet[i] = string((*tags)[i])
diff --git a/proxmox/Internal/resource/guest/lxc/password/schema.go b/proxmox/Internal/resource/guest/lxc/password/schema.go
@@ -11,5 +11,5 @@ func Schema() *schema.Schema {
 		Type:      schema.TypeString,
 		Sensitive: true,
 		Optional:  true,
-		WriteOnly: true}
+		ForceNew:  true}
 }
diff --git a/proxmox/Internal/resource/guest/lxc/password/sdk.go b/proxmox/Internal/resource/guest/lxc/password/sdk.go
@@ -5,13 +5,9 @@ import (
 )
 
 func SDK(d *schema.ResourceData) *string {
-	v, ok := d.GetOk(Root)
-	if !ok {
+	v, ok := d.Get(Root).(string)
+	if !ok || v == "" {
 		return nil
 	}
-	password, ok := v.(string)
-	if !ok || password == "" {
-		return nil
-	}
-	return &password
+	return &v
 }
diff --git a/proxmox/Internal/resource/guest/lxc/ssh_public_keys/schema.go b/proxmox/Internal/resource/guest/lxc/ssh_public_keys/schema.go
@@ -0,0 +1,52 @@
+package ssh_public_keys
+
+import (
+	"regexp"
+	"strings"
+
+	pveSDK "github.com/Telmate/proxmox-api-go/proxmox"
+	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/lxc/template"
+	"github.com/hashicorp/go-cty/cty"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	Root string = "ssh_public_keys"
+)
+
+func Schema() *schema.Schema {
+	return &schema.Schema{
+		Type:         schema.TypeString,
+		Optional:     true,
+		ForceNew:     true,
+		RequiredWith: []string{template.Root},
+		DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+			return trim(old) == trim(new)
+		},
+		ValidateDiagFunc: func(i any, p cty.Path) diag.Diagnostics {
+			v := i.(string)
+			if v == "" {
+				return nil
+			}
+			rawKeys := strings.Split(v, "\n")
+			for i := range rawKeys {
+				err := (&pveSDK.AuthorizedKey{}).Parse([]byte(rawKeys[i]))
+				if err != nil {
+					if strings.ReplaceAll(strings.ReplaceAll(rawKeys[i], "\t", ""), " ", "") == "" { // skip empty lines
+						continue
+					}
+					return diag.Diagnostics{{
+						Severity: diag.Error,
+						Summary:  err.Error()}}
+				}
+			}
+			return nil
+		}}
+}
+
+var regexMultipleSpaces = regexp.MustCompile(`\s+`)
+
+func trim(rawKeys string) string {
+	return regexMultipleSpaces.ReplaceAllString(strings.TrimSpace(rawKeys), " ")
+}
diff --git a/proxmox/Internal/resource/guest/lxc/ssh_public_keys/sdk.go b/proxmox/Internal/resource/guest/lxc/ssh_public_keys/sdk.go
@@ -0,0 +1,20 @@
+package ssh_public_keys
+
+import (
+	"strings"
+
+	pveSDK "github.com/Telmate/proxmox-api-go/proxmox"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func SDK(d *schema.ResourceData) []pveSDK.AuthorizedKey {
+	v := d.Get(Root)
+	rawKeys := strings.Split(v.(string), "\n")
+	keys := make([]pveSDK.AuthorizedKey, len(rawKeys))
+	for i := range rawKeys {
+		tmpKey := &pveSDK.AuthorizedKey{}
+		_ = tmpKey.Parse([]byte(rawKeys[i]))
+		keys[i] = *tmpKey
+	}
+	return keys
+}
diff --git a/proxmox/Internal/resource/guest/lxc/template/schema.go b/proxmox/Internal/resource/guest/lxc/template/schema.go
@@ -1,6 +1,7 @@
 package template
 
 import (
+	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/lxc/password"
 	"github.com/hashicorp/go-cty/cty"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -15,10 +16,11 @@ const (
 
 func Schema() *schema.Schema {
 	return &schema.Schema{
-		Type:     schema.TypeList,
-		Optional: true,
-		MaxItems: 1,
-		MinItems: 1,
+		Type:         schema.TypeList,
+		Optional:     true,
+		MaxItems:     1,
+		MinItems:     1,
+		RequiredWith: []string{password.Root},
 		Elem: &schema.Resource{
 			Schema: map[string]*schema.Schema{
 				schemaFile:    subSchemaFile(),
diff --git a/proxmox/resource_lxc_new.go b/proxmox/resource_lxc_new.go
@@ -18,6 +18,7 @@ import (
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/lxc/password"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/lxc/privilege"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/lxc/rootmount"
+	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/lxc/ssh_public_keys"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/lxc/swap"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/lxc/template"
 	"github.com/Telmate/terraform-provider-proxmox/v2/proxmox/Internal/resource/guest/name"
@@ -45,7 +46,6 @@ func ResourceLxcNew() *schema.Resource {
 		CustomizeDiff: reboot.CustomizeDiff(),
 
 		Schema: map[string]*schema.Schema{
-			tags.Root:                    tags.Schema(),
 			architecture.Root:            architecture.Schema(),
 			clone.Root:                   clone.Schema(),
 			cpu.Root:                     cpu.Schema(),
@@ -70,7 +70,9 @@ func ResourceLxcNew() *schema.Resource {
 			reboot.RootAutomaticSeverity: reboot.SchemaAutomaticSeverity(),
 			reboot.RootRequired:          reboot.SchemaRequired(),
 			rootmount.Root:               rootmount.Schema(),
+			ssh_public_keys.Root:         ssh_public_keys.Schema(),
 			swap.Root:                    swap.Schema(),
+			tags.Root:                    tags.Schema(),
 			template.Root:                template.Schema(),
 		},
 		Timeouts: resourceTimeouts(),
@@ -132,8 +134,9 @@ func resourceLxcNewCreate(ctx context.Context, d *schema.ResourceData, meta any)
 	} else {
 		config.Node = &targetNode
 		config.CreateOptions = &pveSDK.LxcCreateOptions{
-			OsTemplate:   template.SDK(d),
-			UserPassword: password.SDK(d)}
+			OsTemplate:    template.SDK(d),
+			PublicSSHkeys: ssh_public_keys.SDK(d),
+			UserPassword:  password.SDK(d)}
 		config.Pool = util.Pointer(pool.SDK(d))
 		vmr, err = config.Create(ctx, client)
 		if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -11,5 +11,5 @@ func Schema() *schema.Schema {`
`11`	`11`	`Type: schema.TypeString,`
`12`	`12`	`Sensitive: true,`
`13`	`13`	`Optional: true,`
`14`		`- WriteOnly: true}`
	`14`	`+ ForceNew: true}`
`15`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -5,13 +5,9 @@ import (`
`5`	`5`	`)`
`6`	`6`
`7`	`7`	`func SDK(d schema.ResourceData) string {`
`8`		`- v, ok := d.GetOk(Root)`
`9`		`- if !ok {`
	`8`	`+ v, ok := d.Get(Root).(string)`
	`9`	`+ if !ok \|\| v == "" {`
`10`	`10`	`return nil`
`11`	`11`	`}`
`12`		`- password, ok := v.(string)`
`13`		`- if !ok \|\| password == "" {`
`14`		`- return nil`
`15`		`- }`
`16`		`- return &password`
	`12`	`+ return &v`
`17`	`13`	`}`