mirror of
https://github.com/letic/terraform-provider-proxmox.git
synced 2024-09-28 22:16:03 +00:00
Merge pull request #69 from V-Paranoiaque/feature/otp2fa
Allow to connect using OTP 2FA
This commit is contained in:
commit
f560472e32
@ -37,7 +37,11 @@ export PM_API_URL="https://xxxx.com:8006/api2/json"
|
||||
export PM_USER=user@pam
|
||||
export PM_PASS=password
|
||||
```
|
||||
|
||||
If a 2FA OTP code is required
|
||||
```bash
|
||||
# Optional 2FA OTP code
|
||||
export PM_OTP=otpcode
|
||||
```
|
||||
|
||||
## Run
|
||||
|
||||
@ -58,6 +62,8 @@ provider "proxmox" {
|
||||
pm_api_url = "https://proxmox-server01.example.com:8006/api2/json"
|
||||
pm_password = "secret"
|
||||
pm_user = "terraform-user@pve"
|
||||
//Optional
|
||||
pm_otp = "otpcode"
|
||||
*/
|
||||
}
|
||||
|
||||
|
@ -3,6 +3,7 @@ provider "proxmox" {
|
||||
pm_api_url = "https://proxmox-server01.example.com:8006/api2/json"
|
||||
pm_password = "secret"
|
||||
pm_user = "terraform-user@pve"
|
||||
pm_otp = ""
|
||||
}
|
||||
|
||||
resource "proxmox_vm_qemu" "cloudinit-test" {
|
||||
|
@ -3,6 +3,7 @@ provider "proxmox" {
|
||||
pm_api_url = "https://proxmox.org/api2/json"
|
||||
pm_password = "supersecret"
|
||||
pm_user = "terraform-user@pve"
|
||||
pm_otp = ""
|
||||
}
|
||||
|
||||
resource "proxmox_lxc" "lxc-test" {
|
||||
|
@ -54,6 +54,12 @@ func Provider() *schema.Provider {
|
||||
Optional: true,
|
||||
Default: false,
|
||||
},
|
||||
"pm_otp": {
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("PM_OTP", nil),
|
||||
Description: "OTP 2FA code (if required)",
|
||||
},
|
||||
},
|
||||
|
||||
ResourcesMap: map[string]*schema.Resource{
|
||||
@ -69,7 +75,7 @@ func Provider() *schema.Provider {
|
||||
}
|
||||
|
||||
func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
||||
client, err := getClient(d.Get("pm_api_url").(string), d.Get("pm_user").(string), d.Get("pm_password").(string), d.Get("pm_tls_insecure").(bool))
|
||||
client, err := getClient(d.Get("pm_api_url").(string), d.Get("pm_user").(string), d.Get("pm_password").(string), d.Get("pm_otp").(string), d.Get("pm_tls_insecure").(bool))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -84,13 +90,13 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
||||
}, nil
|
||||
}
|
||||
|
||||
func getClient(pm_api_url string, pm_user string, pm_password string, pm_tls_insecure bool) (*pxapi.Client, error) {
|
||||
func getClient(pm_api_url string, pm_user string, pm_password string, pm_otp string, pm_tls_insecure bool) (*pxapi.Client, error) {
|
||||
tlsconf := &tls.Config{InsecureSkipVerify: true}
|
||||
if !pm_tls_insecure {
|
||||
tlsconf = nil
|
||||
}
|
||||
client, _ := pxapi.NewClient(pm_api_url, nil, tlsconf)
|
||||
err := client.Login(pm_user, pm_password)
|
||||
err := client.Login(pm_user, pm_password, pm_otp)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -45,7 +45,7 @@ func applyFn(ctx context.Context) error {
|
||||
vmr.SetNode(targetNode)
|
||||
client := currentClient
|
||||
if client == nil {
|
||||
client, err = getClient(connInfo["pm_api_url"], connInfo["pm_user"], connInfo["pm_password"], connInfo["pm_tls_insecure"] == "true")
|
||||
client, err = getClient(connInfo["pm_api_url"], connInfo["pm_user"], connInfo["pm_password"], connInfo["pm_otp"], connInfo["pm_tls_insecure"] == "true")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -839,6 +839,7 @@ func initConnInfo(
|
||||
"pm_api_url": client.ApiUrl,
|
||||
"pm_user": client.Username,
|
||||
"pm_password": client.Password,
|
||||
"pm_otp": client.Otp,
|
||||
"pm_tls_insecure": "true", // TODO - pass pm_tls_insecure state around, but if we made it this far, default insecure
|
||||
})
|
||||
return nil
|
||||
|
Loading…
Reference in New Issue
Block a user