Use OTP 2FA

2024-06-29 06:02:36 +00:00 · 2019-08-02 14:01:52 +02:00 · 2019-08-02 14:01:52 +02:00 · d596852f8c
commit d596852f8c
parent 5a325404c8
6 changed files with 20 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -37,7 +37,11 @@ export PM_API_URL="https://xxxx.com:8006/api2/json"
 export PM_USER=user@pam
 export PM_PASS=password
 ```
-
+If a 2FA OTP code is required
+```bash
+# Optional 2FA OTP code
+export PM_OTP=otpcode
+```

 ## Run

@ -58,6 +62,8 @@ provider "proxmox" {
    pm_api_url = "https://proxmox-server01.example.com:8006/api2/json"
    pm_password = "secret"
    pm_user = "terraform-user@pve"
+    //Optional
+    pm_otp = "otpcode"
  */
 }

--- a/examples/cloudinit_example.tf
+++ b/examples/cloudinit_example.tf
@ -3,6 +3,7 @@ provider "proxmox" {
    pm_api_url = "https://proxmox-server01.example.com:8006/api2/json"
    pm_password = "secret"
    pm_user = "terraform-user@pve"
+    pm_otp = ""
 }

 resource "proxmox_vm_qemu" "cloudinit-test" {
--- a/examples/lxc_example.tf
+++ b/examples/lxc_example.tf
@ -3,6 +3,7 @@ provider "proxmox" {
    pm_api_url = "https://proxmox.org/api2/json"
    pm_password = "supersecret"
    pm_user = "terraform-user@pve"
+    pm_otp = ""
 }

 resource "proxmox_lxc" "lxc-test" {
--- a/proxmox/provider.go
+++ b/proxmox/provider.go
@ -54,6 +54,12 @@ func Provider() *schema.Provider {
 				Optional: true,
 				Default:  false,
 			},
+			"pm_otp": {
+				Type:     schema.TypeString,
+				Required: true,
+				DefaultFunc: schema.EnvDefaultFunc("PM_OTP", nil),
+				Description: "OTP 2FA code (if required)",
+			},
 		},

 		ResourcesMap: map[string]*schema.Resource{
@ -69,7 +75,7 @@ func Provider() *schema.Provider {
 }

 func providerConfigure(d *schema.ResourceData) (interface{}, error) {
-	client, err := getClient(d.Get("pm_api_url").(string), d.Get("pm_user").(string), d.Get("pm_password").(string), d.Get("pm_tls_insecure").(bool))
+	client, err := getClient(d.Get("pm_api_url").(string), d.Get("pm_user").(string), d.Get("pm_password").(string), d.Get("pm_otp").(string), d.Get("pm_tls_insecure").(bool))
 	if err != nil {
 		return nil, err
 	}
@ -84,13 +90,13 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	}, nil
 }

-func getClient(pm_api_url string, pm_user string, pm_password string, pm_tls_insecure bool) (*pxapi.Client, error) {
+func getClient(pm_api_url string, pm_user string, pm_password string, pm_otp string, pm_tls_insecure bool) (*pxapi.Client, error) {
 	tlsconf := &tls.Config{InsecureSkipVerify: true}
 	if !pm_tls_insecure {
 		tlsconf = nil
 	}
 	client, _ := pxapi.NewClient(pm_api_url, nil, tlsconf)
-	err := client.Login(pm_user, pm_password)
+	err := client.Login(pm_user, pm_password, pm_otp)
 	if err != nil {
 		return nil, err
 	}
--- a/proxmox/provisioner.go
+++ b/proxmox/provisioner.go
@ -45,7 +45,7 @@ func applyFn(ctx context.Context) error {
 	vmr.SetNode(targetNode)
 	client := currentClient
 	if client == nil {
-		client, err = getClient(connInfo["pm_api_url"], connInfo["pm_user"], connInfo["pm_password"], connInfo["pm_tls_insecure"] == "true")
+		client, err = getClient(connInfo["pm_api_url"], connInfo["pm_user"], connInfo["pm_password"], connInfo["pm_otp"], connInfo["pm_tls_insecure"] == "true")
 		if err != nil {
 			return err
 		}
--- a/proxmox/resource_vm_qemu.go
+++ b/proxmox/resource_vm_qemu.go
@ -839,6 +839,7 @@ func initConnInfo(
 		"pm_api_url":      client.ApiUrl,
 		"pm_user":         client.Username,
 		"pm_password":     client.Password,
+		"pm_otp":          client.Otp,
 		"pm_tls_insecure": "true", // TODO - pass pm_tls_insecure state around, but if we made it this far, default insecure
 	})
 	return nil