mirrors/terraform-provider-proxmox
0
0
Fork 0
mirror of https://github.com/bpg/terraform-provider-proxmox.git synced 2025-07-06 14:03:58 +00:00
Code

chore: minor cleanups and doc updates (#1108)

Browse Source 
* Fix some obvious errors, remove dead code
* Add instructions for manually adding public key to authorized_keys file
* Add GitHub context dump step and update testacc workflow condition
---------

Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
This commit is contained in:
Pavel Boldyrev 2024-03-09 23:20:44 -05:00 committed by GitHub
parent 1061e0eea7
commit 27dbcad5cd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 31 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.github/workflows/test.yml vendored
View File

@ -26,18 +26,18 @@ jobs:
- '**/*.go' - '**/*.go'
- name: Setup Go - name: Setup Go
if: steps.filter.outputs.go == 'true' if: ${{ steps.filter.outputs.go == 'true' }}
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version-file: "go.mod" go-version-file: "go.mod"
cache-dependency-path: "**/*.sum" cache-dependency-path: "**/*.sum"
- name: Get dependencies - name: Get dependencies
if: steps.filter.outputs.go == 'true' if: ${{ steps.filter.outputs.go == 'true' }}
run: go mod download run: go mod download
- name: Build - name: Build
if: steps.filter.outputs.go == 'true' if: ${{ steps.filter.outputs.go == 'true' }}
run: go vet . && go build -v . run: go vet . && go build -v .
test: test:
@ -45,6 +45,11 @@ jobs:
needs: build needs: build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Dump GitHub context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: echo "$GITHUB_CONTEXT"
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
@ -65,11 +70,11 @@ jobs:
cache-dependency-path: "**/*.sum" cache-dependency-path: "**/*.sum"
- name: Get dependencies - name: Get dependencies
if: steps.filter.outputs.go == 'true' if: ${{ steps.filter.outputs.go == 'true' }}
run: go mod download run: go mod download
- name: Unit tests - name: Unit tests
if: steps.filter.outputs.go == 'true' if: ${{ steps.filter.outputs.go == 'true' }}
timeout-minutes: 10 timeout-minutes: 10
run: go test -v -cover ./... run: go test -v -cover ./...
@ -77,7 +82,7 @@ jobs:
run: make docs && git diff --exit-code run: make docs && git diff --exit-code
testacc: testacc:
if: "!contains(github.head_ref, 'renovate/') && !contains(github.head_ref, 'release-please') && github.repository == 'bpg/terraform-provider-proxmox'" if: ${{ !contains(github.head_ref, 'renovate/') && !contains(github.head_ref, 'release-please') && !contains(github.head_ref, 'dependabot') && github.repository == 'bpg/terraform-provider-proxmox' }}
name: Dispatch Acceptance Tests name: Dispatch Acceptance Tests
needs: build needs: build
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -96,9 +101,9 @@ jobs:
- '**/*.go' - '**/*.go'
- name: Invoke acceptance tests workflow - name: Invoke acceptance tests workflow
if: steps.filter.outputs.go == 'true' if: ${{ steps.filter.outputs.go == 'true' }}
uses: benc-uk/workflow-dispatch@v1 uses: benc-uk/workflow-dispatch@v1
with: with:
workflow: testacc.yml workflow: testacc.yml
ref: ${{ github.event.pull_request.head.ref }} ref: ${{ github.event.pull_request.head.ref }}
inputs: '{"ref": "${{ github.head_ref }}" }' inputs: '{"ref": "${{ github.head_ref }}" }'

3
.vscode/settings.json vendored
View File

@ -5,6 +5,7 @@
"ACPI", "ACPI",
"archlinux", "archlinux",
"armhf", "armhf",
"bodyclose",
"burstable", "burstable",
"capi", "capi",
"CDROM", "CDROM",
@ -33,6 +34,7 @@
"iothreads", "iothreads",
"ivshmem", "ivshmem",
"keyctl", "keyctl",
"knownhosts",
"mbps", "mbps",
"mdev", "mdev",
"nameserver", "nameserver",
@ -51,6 +53,7 @@
"rootfs", "rootfs",
"seabios", "seabios",
"signoff", "signoff",
"skeema",
"SMBIOSSKU", "SMBIOSSKU",
"SMBIOSUUID", "SMBIOSUUID",
"stretchr", "stretchr",

2
docs/index.md
View File

@ -214,6 +214,8 @@ You can configure the `sudo` privilege for the user via the command line on the
ssh-copy-id terraform@<target-node> ssh-copy-id terraform@<target-node>
``` ```
or manually add your public key to the `~/.ssh/authorized_keys` file of the `terraform` user on the target node.
- Test the SSH connection and password-less `sudo`: - Test the SSH connection and password-less `sudo`:
```sh ```sh

24
proxmox/ssh/client.go
View File

@ -387,33 +387,33 @@ func (c *client) openNodeShell(ctx context.Context, node ProxmoxNode) (*ssh.Clie
return nil, fmt.Errorf("failed to read %s: %w", khPath, err) return nil, fmt.Errorf("failed to read %s: %w", khPath, err)
} }
// Create a custom permissive hostkey callback which still errors on hosts // Create a custom permissive host key callback which still errors on hosts
// with changed keys, but allows unknown hosts and adds them to known_hosts // with changed keys, but allows unknown hosts and adds them to known_hosts
cb := ssh.HostKeyCallback(func(hostname string, remote net.Addr, key ssh.PublicKey) error { cb := ssh.HostKeyCallback(func(hostname string, remote net.Addr, key ssh.PublicKey) error {
kherr := kh(hostname, remote, key) khErr := kh(hostname, remote, key)
if knownhosts.IsHostKeyChanged(kherr) { if knownhosts.IsHostKeyChanged(khErr) {
return fmt.Errorf("REMOTE HOST IDENTIFICATION HAS CHANGED for host %s! This may indicate a MitM attack", hostname) return fmt.Errorf("REMOTE HOST IDENTIFICATION HAS CHANGED for host %s! This may indicate a MitM attack", hostname)
} }
if knownhosts.IsHostUnknown(kherr) { if knownhosts.IsHostUnknown(khErr) {
f, ferr := os.OpenFile(khPath, os.O_APPEND|os.O_WRONLY, 0o600) f, fErr := os.OpenFile(khPath, os.O_APPEND|os.O_WRONLY, 0o600)
if ferr == nil { if fErr == nil {
defer utils.CloseOrLogError(ctx)(f) defer utils.CloseOrLogError(ctx)(f)
ferr = knownhosts.WriteKnownHost(f, hostname, remote, key) fErr = knownhosts.WriteKnownHost(f, hostname, remote, key)
} }
if ferr == nil { if fErr == nil {
tflog.Info(ctx, fmt.Sprintf("Added host %s to known_hosts", hostname)) tflog.Info(ctx, fmt.Sprintf("Added host %s to known_hosts", hostname))
} else { } else {
tflog.Error(ctx, fmt.Sprintf("Failed to add host %s to known_hosts", hostname), map[string]interface{}{ tflog.Error(ctx, fmt.Sprintf("Failed to add host %s to known_hosts", hostname), map[string]interface{}{
"error": kherr, "error": khErr,
}) })
} }
return nil return nil
} }
return kherr return khErr
}) })
tflog.Info(ctx, fmt.Sprintf("agent is set to %t", c.agent)) tflog.Info(ctx, fmt.Sprintf("agent is set to %t", c.agent))
@ -568,10 +568,10 @@ func (c *client) socks5SSHClient(sshServerAddress string, sshConfig *ssh.ClientC
return nil, fmt.Errorf("failed to dial %s via SOCKS5 proxy %s: %w", sshServerAddress, c.socks5Server, err) return nil, fmt.Errorf("failed to dial %s via SOCKS5 proxy %s: %w", sshServerAddress, c.socks5Server, err)
} }
sshConn, chans, reqs, err := ssh.NewClientConn(conn, sshServerAddress, sshConfig) sshConn, ch, reqs, err := ssh.NewClientConn(conn, sshServerAddress, sshConfig)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to create SSH client connection: %w", err) return nil, fmt.Errorf("failed to create SSH client connection: %w", err)
} }
return ssh.NewClient(sshConn, chans, reqs), nil return ssh.NewClient(sshConn, ch, reqs), nil
} }

11
proxmoxtf/resource/file.go
View File

@ -17,7 +17,6 @@ import (
"net/url" "net/url"
"os" "os"
"path/filepath" "path/filepath"
"regexp"
"sort" "sort"
"strings" "strings"
"time" "time"
@ -29,7 +28,6 @@ import (
"golang.org/x/exp/slices" "golang.org/x/exp/slices"
"github.com/bpg/terraform-provider-proxmox/proxmox/api" "github.com/bpg/terraform-provider-proxmox/proxmox/api"
"github.com/bpg/terraform-provider-proxmox/proxmox/ssh"
"github.com/bpg/terraform-provider-proxmox/proxmoxtf" "github.com/bpg/terraform-provider-proxmox/proxmoxtf"
"github.com/bpg/terraform-provider-proxmox/proxmoxtf/resource/validators" "github.com/bpg/terraform-provider-proxmox/proxmoxtf/resource/validators"
"github.com/bpg/terraform-provider-proxmox/utils" "github.com/bpg/terraform-provider-proxmox/utils"
@ -578,15 +576,6 @@ func fileCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag
return diags return diags
} }
if err != nil {
if matches, e := regexp.MatchString(`cannot move .* Permission denied`, err.Error()); e == nil && matches {
return diag.FromErr(ssh.NewErrUserHasNoPermission(capi.SSH().Username()))
}
diags = append(diags, diag.Errorf("error moving file: %s", err.Error())...)
return diags
}
} }
volID, di := fileGetVolumeID(d) volID, di := fileGetVolumeID(d)

2
proxmoxtf/resource/vm/vm.go
View File

@ -5193,7 +5193,7 @@ func vmUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.D
0, 0,
true, true,
) )
if err != nil { if er != nil {
return diag.FromErr(er) return diag.FromErr(er)
} }