feat: can use user/password

Some method in Proxmox required root permissions (account). So we can pass it through cluster config. Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
2026-01-27 10:20:13 +00:00 · 2024-01-03 21:07:10 +02:00
parent 41a7f8d8df
commit ac2f564e43
3 changed files with 28 additions and 7 deletions
--- a/pkg/cluster/client.go
+++ b/pkg/cluster/client.go
@@ -50,7 +50,13 @@ func NewCluster(config *ClustersConfig, hclient *http.Client) (*Cluster, error)
 				return nil, err
 			}

-			client.SetAPIToken(cfg.TokenID, cfg.TokenSecret)
+			if cfg.Username != "" && cfg.Password != "" {
+				if err := client.Login(cfg.Username, cfg.Password, ""); err != nil {
+					return nil, err
+				}
+			} else {
+				client.SetAPIToken(cfg.TokenID, cfg.TokenSecret)
+			}

 			proxmox[cfg.Region] = client
 		}
--- a/pkg/cluster/cloud_config.go
+++ b/pkg/cluster/cloud_config.go
@@ -33,6 +33,8 @@ type ClustersConfig struct {
 		Insecure    bool   `yaml:"insecure,omitempty"`
 		TokenID     string `yaml:"token_id,omitempty"`
 		TokenSecret string `yaml:"token_secret,omitempty"`
+		Username    string `yaml:"username,omitempty"`
+		Password    string `yaml:"password,omitempty"`
 		Region      string `yaml:"region,omitempty"`
 	} `yaml:"clusters,omitempty"`
 }
@@ -48,12 +50,12 @@ func ReadCloudConfig(config io.Reader) (ClustersConfig, error) {
 	}

 	for idx, c := range cfg.Clusters {
-		if c.TokenID == "" {
-			return ClustersConfig{}, fmt.Errorf("cluster #%d: token_id is required", idx+1)
-		}
-
-		if c.TokenSecret == "" {
-			return ClustersConfig{}, fmt.Errorf("cluster #%d: token_secret is required", idx+1)
+		if c.Username != "" && c.Password != "" {
+			if c.TokenID != "" || c.TokenSecret != "" {
+				return ClustersConfig{}, fmt.Errorf("cluster #%d: token_id and token_secret are not allowed when username and password are set", idx+1)
+			}
+		} else if c.TokenID == "" || c.TokenSecret == "" {
+			return ClustersConfig{}, fmt.Errorf("cluster #%d: either username and password or token_id and token_secret are required", idx+1)
 		}

 		if c.Region == "" {
--- a/pkg/cluster/cloud_config_test.go
+++ b/pkg/cluster/cloud_config_test.go
@@ -64,6 +64,19 @@ clusters:
    token_id: "user!token-id"
    token_secret: "secret"
    region: cluster-1
+`))
+	assert.Nil(t, err)
+	assert.NotNil(t, cfg)
+	assert.Equal(t, 1, len(cfg.Clusters))
+
+	// Valid config with one cluster (username/password)
+	cfg, err = cluster.ReadCloudConfig(strings.NewReader(`
+clusters:
+  - url: https://example.com
+    insecure: false
+    username: "user@pam"
+    password: "secret"
+    region: cluster-1
 `))
 	assert.Nil(t, err)
 	assert.NotNil(t, cfg)