From 336b5842feb64b0232610dd565cb634f799f20d8 Mon Sep 17 00:00:00 2001 From: Grant Gongaware Date: Tue, 13 Aug 2019 14:50:35 -0700 Subject: [PATCH 1/3] Temporary Revert "Use OTP 2FA", Not acting backward compatible This reverts commit d596852f8c41fd7811fbaeb52390a5a6f4895b9a. --- README.md | 8 +------- examples/cloudinit_example.tf | 1 - examples/lxc_example.tf | 1 - proxmox/provider.go | 12 +++--------- proxmox/provisioner.go | 2 +- proxmox/resource_vm_qemu.go | 1 - 6 files changed, 5 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 193d4c59..9600eec4 100644 --- a/README.md +++ b/README.md @@ -37,11 +37,7 @@ export PM_API_URL="https://xxxx.com:8006/api2/json" export PM_USER=user@pam export PM_PASS=password ``` -If a 2FA OTP code is required -```bash -# Optional 2FA OTP code -export PM_OTP=otpcode -``` + ## Run @@ -62,8 +58,6 @@ provider "proxmox" { pm_api_url = "https://proxmox-server01.example.com:8006/api2/json" pm_password = "secret" pm_user = "terraform-user@pve" - //Optional - pm_otp = "otpcode" */ } diff --git a/examples/cloudinit_example.tf b/examples/cloudinit_example.tf index b36c68ad..f7ee97ba 100644 --- a/examples/cloudinit_example.tf +++ b/examples/cloudinit_example.tf @@ -3,7 +3,6 @@ provider "proxmox" { pm_api_url = "https://proxmox-server01.example.com:8006/api2/json" pm_password = "secret" pm_user = "terraform-user@pve" - pm_otp = "" } resource "proxmox_vm_qemu" "cloudinit-test" { diff --git a/examples/lxc_example.tf b/examples/lxc_example.tf index 199a21ff..4829f188 100644 --- a/examples/lxc_example.tf +++ b/examples/lxc_example.tf @@ -3,7 +3,6 @@ provider "proxmox" { pm_api_url = "https://proxmox.org/api2/json" pm_password = "supersecret" pm_user = "terraform-user@pve" - pm_otp = "" } resource "proxmox_lxc" "lxc-test" { diff --git a/proxmox/provider.go b/proxmox/provider.go index 8b9f52ba..c829ddc8 100644 --- a/proxmox/provider.go +++ b/proxmox/provider.go @@ -54,12 +54,6 @@ func Provider() *schema.Provider { Optional: true, Default: false, }, - "pm_otp": { - Type: schema.TypeString, - Required: true, - DefaultFunc: schema.EnvDefaultFunc("PM_OTP", nil), - Description: "OTP 2FA code (if required)", - }, }, ResourcesMap: map[string]*schema.Resource{ @@ -75,7 +69,7 @@ func Provider() *schema.Provider { } func providerConfigure(d *schema.ResourceData) (interface{}, error) { - client, err := getClient(d.Get("pm_api_url").(string), d.Get("pm_user").(string), d.Get("pm_password").(string), d.Get("pm_otp").(string), d.Get("pm_tls_insecure").(bool)) + client, err := getClient(d.Get("pm_api_url").(string), d.Get("pm_user").(string), d.Get("pm_password").(string), d.Get("pm_tls_insecure").(bool)) if err != nil { return nil, err } @@ -90,13 +84,13 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { }, nil } -func getClient(pm_api_url string, pm_user string, pm_password string, pm_otp string, pm_tls_insecure bool) (*pxapi.Client, error) { +func getClient(pm_api_url string, pm_user string, pm_password string, pm_tls_insecure bool) (*pxapi.Client, error) { tlsconf := &tls.Config{InsecureSkipVerify: true} if !pm_tls_insecure { tlsconf = nil } client, _ := pxapi.NewClient(pm_api_url, nil, tlsconf) - err := client.Login(pm_user, pm_password, pm_otp) + err := client.Login(pm_user, pm_password) if err != nil { return nil, err } diff --git a/proxmox/provisioner.go b/proxmox/provisioner.go index 8fc41a86..b27c3d37 100644 --- a/proxmox/provisioner.go +++ b/proxmox/provisioner.go @@ -45,7 +45,7 @@ func applyFn(ctx context.Context) error { vmr.SetNode(targetNode) client := currentClient if client == nil { - client, err = getClient(connInfo["pm_api_url"], connInfo["pm_user"], connInfo["pm_password"], connInfo["pm_otp"], connInfo["pm_tls_insecure"] == "true") + client, err = getClient(connInfo["pm_api_url"], connInfo["pm_user"], connInfo["pm_password"], connInfo["pm_tls_insecure"] == "true") if err != nil { return err } diff --git a/proxmox/resource_vm_qemu.go b/proxmox/resource_vm_qemu.go index 79ec9306..680157cc 100644 --- a/proxmox/resource_vm_qemu.go +++ b/proxmox/resource_vm_qemu.go @@ -888,7 +888,6 @@ func initConnInfo( "pm_api_url": client.ApiUrl, "pm_user": client.Username, "pm_password": client.Password, - "pm_otp": client.Otp, "pm_tls_insecure": "true", // TODO - pass pm_tls_insecure state around, but if we made it this far, default insecure }) return nil From c8a7b20574ad4bd82699f08597051caa6a7ca7f2 Mon Sep 17 00:00:00 2001 From: Grant Gongaware Date: Wed, 14 Aug 2019 08:01:07 -0700 Subject: [PATCH 2/3] Revert "Temporary Revert "Use OTP 2FA", Not acting backward compatible" This reverts commit 336b5842feb64b0232610dd565cb634f799f20d8. --- README.md | 8 +++++++- examples/cloudinit_example.tf | 1 + examples/lxc_example.tf | 1 + proxmox/provider.go | 12 +++++++++--- proxmox/provisioner.go | 2 +- proxmox/resource_vm_qemu.go | 1 + 6 files changed, 20 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 9600eec4..193d4c59 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,11 @@ export PM_API_URL="https://xxxx.com:8006/api2/json" export PM_USER=user@pam export PM_PASS=password ``` - +If a 2FA OTP code is required +```bash +# Optional 2FA OTP code +export PM_OTP=otpcode +``` ## Run @@ -58,6 +62,8 @@ provider "proxmox" { pm_api_url = "https://proxmox-server01.example.com:8006/api2/json" pm_password = "secret" pm_user = "terraform-user@pve" + //Optional + pm_otp = "otpcode" */ } diff --git a/examples/cloudinit_example.tf b/examples/cloudinit_example.tf index f7ee97ba..b36c68ad 100644 --- a/examples/cloudinit_example.tf +++ b/examples/cloudinit_example.tf @@ -3,6 +3,7 @@ provider "proxmox" { pm_api_url = "https://proxmox-server01.example.com:8006/api2/json" pm_password = "secret" pm_user = "terraform-user@pve" + pm_otp = "" } resource "proxmox_vm_qemu" "cloudinit-test" { diff --git a/examples/lxc_example.tf b/examples/lxc_example.tf index 4829f188..199a21ff 100644 --- a/examples/lxc_example.tf +++ b/examples/lxc_example.tf @@ -3,6 +3,7 @@ provider "proxmox" { pm_api_url = "https://proxmox.org/api2/json" pm_password = "supersecret" pm_user = "terraform-user@pve" + pm_otp = "" } resource "proxmox_lxc" "lxc-test" { diff --git a/proxmox/provider.go b/proxmox/provider.go index c829ddc8..8b9f52ba 100644 --- a/proxmox/provider.go +++ b/proxmox/provider.go @@ -54,6 +54,12 @@ func Provider() *schema.Provider { Optional: true, Default: false, }, + "pm_otp": { + Type: schema.TypeString, + Required: true, + DefaultFunc: schema.EnvDefaultFunc("PM_OTP", nil), + Description: "OTP 2FA code (if required)", + }, }, ResourcesMap: map[string]*schema.Resource{ @@ -69,7 +75,7 @@ func Provider() *schema.Provider { } func providerConfigure(d *schema.ResourceData) (interface{}, error) { - client, err := getClient(d.Get("pm_api_url").(string), d.Get("pm_user").(string), d.Get("pm_password").(string), d.Get("pm_tls_insecure").(bool)) + client, err := getClient(d.Get("pm_api_url").(string), d.Get("pm_user").(string), d.Get("pm_password").(string), d.Get("pm_otp").(string), d.Get("pm_tls_insecure").(bool)) if err != nil { return nil, err } @@ -84,13 +90,13 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { }, nil } -func getClient(pm_api_url string, pm_user string, pm_password string, pm_tls_insecure bool) (*pxapi.Client, error) { +func getClient(pm_api_url string, pm_user string, pm_password string, pm_otp string, pm_tls_insecure bool) (*pxapi.Client, error) { tlsconf := &tls.Config{InsecureSkipVerify: true} if !pm_tls_insecure { tlsconf = nil } client, _ := pxapi.NewClient(pm_api_url, nil, tlsconf) - err := client.Login(pm_user, pm_password) + err := client.Login(pm_user, pm_password, pm_otp) if err != nil { return nil, err } diff --git a/proxmox/provisioner.go b/proxmox/provisioner.go index b27c3d37..8fc41a86 100644 --- a/proxmox/provisioner.go +++ b/proxmox/provisioner.go @@ -45,7 +45,7 @@ func applyFn(ctx context.Context) error { vmr.SetNode(targetNode) client := currentClient if client == nil { - client, err = getClient(connInfo["pm_api_url"], connInfo["pm_user"], connInfo["pm_password"], connInfo["pm_tls_insecure"] == "true") + client, err = getClient(connInfo["pm_api_url"], connInfo["pm_user"], connInfo["pm_password"], connInfo["pm_otp"], connInfo["pm_tls_insecure"] == "true") if err != nil { return err } diff --git a/proxmox/resource_vm_qemu.go b/proxmox/resource_vm_qemu.go index 680157cc..79ec9306 100644 --- a/proxmox/resource_vm_qemu.go +++ b/proxmox/resource_vm_qemu.go @@ -888,6 +888,7 @@ func initConnInfo( "pm_api_url": client.ApiUrl, "pm_user": client.Username, "pm_password": client.Password, + "pm_otp": client.Otp, "pm_tls_insecure": "true", // TODO - pass pm_tls_insecure state around, but if we made it this far, default insecure }) return nil From 8084bb95c72a0bd7205366b9bc92d76e4cb85a23 Mon Sep 17 00:00:00 2001 From: Grant Gongaware Date: Wed, 14 Aug 2019 08:07:58 -0700 Subject: [PATCH 3/3] Work around OTP being required by default --- proxmox/provider.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/proxmox/provider.go b/proxmox/provider.go index 8b9f52ba..7dbf230c 100644 --- a/proxmox/provider.go +++ b/proxmox/provider.go @@ -55,16 +55,16 @@ func Provider() *schema.Provider { Default: false, }, "pm_otp": { - Type: schema.TypeString, - Required: true, - DefaultFunc: schema.EnvDefaultFunc("PM_OTP", nil), + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("PM_OTP", ""), Description: "OTP 2FA code (if required)", }, }, ResourcesMap: map[string]*schema.Resource{ "proxmox_vm_qemu": resourceVmQemu(), - "proxmox_lxc": resourceLxc(), + "proxmox_lxc": resourceLxc(), // TODO - storage_iso // TODO - bridge // TODO - vm_qemu_template