From 9b34c485ab6ee8e29e8df2269d7789820a980558 Mon Sep 17 00:00:00 2001
From: Sven Greb <development@svengreb.de>
Date: Sun, 8 Sep 2024 17:08:13 +0200
Subject: [PATCH] feat(lxc): Implement support for container's "protection
 flag" (#1512)

* feat(lxc): Implement support for container's "protection flag"

The Proxmox VE types already has the `protection` API parameter [1],
but it is not exposed to the provider users.
This pull request implements the missing logic to make it available in
order to allow to protect containers against deletion/update operations,
including the container's disks.

[1]: https://github.com/bpg/terraform-provider-proxmox/blob/v0.63.0/proxmox/nodes/containers/containers_types.go#L59

Relates GH-1126

Signed-off-by: Sven Greb <development@svengreb.de>

* Update example/resource_virtual_environment_container.tf

Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>

---------

Signed-off-by: Sven Greb <development@svengreb.de>
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---
 .../virtual_environment_container.md          |  1 +
 .../resource_virtual_environment_container.tf |  4 ++-
 proxmoxtf/resource/container/container.go     | 36 +++++++++++++++++++
 .../resource/container/container_test.go      |  2 ++
 4 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/docs/resources/virtual_environment_container.md b/docs/resources/virtual_environment_container.md
index eaae3e64..c2df7d02 100644
--- a/docs/resources/virtual_environment_container.md
+++ b/docs/resources/virtual_environment_container.md
@@ -202,6 +202,7 @@ output "ubuntu_container_public_key" {
         - `ubuntu` - Ubuntu.
         - `unmanaged` - Unmanaged.
 - `pool_id` - (Optional) The identifier for a pool to assign the container to.
+- `protection` - (Optional) Whether to set the protection flag of the container (defaults to `false`). This will prevent the container itself and its disk for remove/update operations.
 - `started` - (Optional) Whether to start the container (defaults to `true`).
 - `startup` - (Optional) Defines startup and shutdown behavior of the container.
     - `order` - (Required) A non-negative number defining the general startup
diff --git a/example/resource_virtual_environment_container.tf b/example/resource_virtual_environment_container.tf
index a501650e..1639dabb 100644
--- a/example/resource_virtual_environment_container.tf
+++ b/example/resource_virtual_environment_container.tf
@@ -85,7 +85,9 @@ resource "proxmox_virtual_environment_container" "example" {
 
   node_name = data.proxmox_virtual_environment_nodes.example.names[0]
   pool_id   = proxmox_virtual_environment_pool.example.id
-  vm_id     = 2043
+  # Set the protection flag to prevent the deletion/update operations for the container and its disks.
+  # protection = true
+  vm_id      = 2043
 }
 
 output "resource_proxmox_virtual_environment_container_example_id" {
diff --git a/proxmoxtf/resource/container/container.go b/proxmoxtf/resource/container/container.go
index 6575c08f..aff825f9 100644
--- a/proxmoxtf/resource/container/container.go
+++ b/proxmoxtf/resource/container/container.go
@@ -73,6 +73,7 @@ const (
 	dvNetworkInterfaceMTU               = 0
 	dvOperatingSystemType               = "unmanaged"
 	dvPoolID                            = ""
+	dvProtection                        = false
 	dvStarted                           = true
 	dvStartupOrder                      = -1
 	dvStartupUpDelay                    = -1
@@ -153,6 +154,7 @@ const (
 	mkOperatingSystemTemplateFileID     = "template_file_id"
 	mkOperatingSystemType               = "type"
 	mkPoolID                            = "pool_id"
+	mkProtection                        = "protection"
 	mkStarted                           = "started"
 	mkStartup                           = "startup"
 	mkStartupOrder                      = "order"
@@ -782,6 +784,14 @@ func Container() *schema.Resource {
 				ForceNew:    true,
 				Default:     dvPoolID,
 			},
+			mkProtection: {
+				Type: schema.TypeBool,
+				Description: "Whether to set the protection flag of the container. " +
+					"This will prevent the container itself and its disk for remove/update operations.",
+				Optional: true,
+				ForceNew: false,
+				Default:  dvProtection,
+			},
 			mkStarted: {
 				Type:        schema.TypeBool,
 				Description: "Whether to start the container",
@@ -1037,6 +1047,9 @@ func containerCreateClone(ctx context.Context, d *schema.ResourceData, m interfa
 	startOnBoot := types.CustomBool(d.Get(mkStartOnBoot).(bool))
 	updateBody.StartOnBoot = &startOnBoot
 
+	protection := types.CustomBool(d.Get(mkProtection).(bool))
+	updateBody.Protection = &protection
+
 	updateBody.StartupBehavior = containerGetStartupBehavior(d)
 
 	console := d.Get(mkConsole).([]interface{})
@@ -1672,6 +1685,7 @@ func containerCreateCustom(ctx context.Context, d *schema.ResourceData, m interf
 	operatingSystemType := operatingSystemBlock[mkOperatingSystemType].(string)
 
 	poolID := d.Get(mkPoolID).(string)
+	protection := types.CustomBool(d.Get(mkProtection).(bool))
 	started := types.CustomBool(d.Get(mkStarted).(bool))
 	startOnBoot := types.CustomBool(d.Get(mkStartOnBoot).(bool))
 	startupBehavior := containerGetStartupBehavior(d)
@@ -1709,6 +1723,7 @@ func containerCreateCustom(ctx context.Context, d *schema.ResourceData, m interf
 		NetworkInterfaces:    networkInterfaceArray,
 		OSTemplateFileVolume: &operatingSystemTemplateFileID,
 		OSType:               &operatingSystemType,
+		Protection:           &protection,
 		RootFS:               rootFS,
 		Start:                &started,
 		StartOnBoot:          &startOnBoot,
@@ -2559,6 +2574,22 @@ func containerRead(ctx context.Context, d *schema.ResourceData, m interface{}) d
 		diags = append(diags, diag.FromErr(err)...)
 	}
 
+	currentProtection := types.CustomBool(d.Get(mkProtection).(bool))
+
+	//nolint:gosimple
+	if len(clone) == 0 || currentProtection != dvProtection {
+		if containerConfig.Protection != nil {
+			e = d.Set(
+				mkProtection,
+				bool(*containerConfig.Protection),
+			)
+		} else {
+			e = d.Set(mkProtection, false)
+		}
+
+		diags = append(diags, diag.FromErr(e)...)
+	}
+
 	currentTags := d.Get(mkTags).([]interface{})
 
 	if len(clone) == 0 || len(currentTags) > 0 {
@@ -3000,6 +3031,11 @@ func containerUpdate(ctx context.Context, d *schema.ResourceData, m interface{})
 		rebootRequired = true
 	}
 
+	if d.HasChange(mkProtection) {
+		protection := types.CustomBool(d.Get(mkProtection).(bool))
+		updateBody.Protection = &protection
+	}
+
 	if d.HasChange(mkTags) {
 		tagString := containerGetTagsString(d)
 		updateBody.Tags = &tagString
diff --git a/proxmoxtf/resource/container/container_test.go b/proxmoxtf/resource/container/container_test.go
index 03dc1591..3cb4b945 100644
--- a/proxmoxtf/resource/container/container_test.go
+++ b/proxmoxtf/resource/container/container_test.go
@@ -44,6 +44,7 @@ func TestContainerSchema(t *testing.T) {
 		mkMountPoint,
 		mkOperatingSystem,
 		mkPoolID,
+		mkProtection,
 		mkStarted,
 		mkTags,
 		mkTemplate,
@@ -63,6 +64,7 @@ func TestContainerSchema(t *testing.T) {
 		mkMountPoint:       schema.TypeList,
 		mkOperatingSystem:  schema.TypeList,
 		mkPoolID:           schema.TypeString,
+		mkProtection:       schema.TypeBool,
 		mkStarted:          schema.TypeBool,
 		mkTags:             schema.TypeList,
 		mkTemplate:         schema.TypeBool,