fix: load static token id and validate token secret
Some checks failed
Terraform Plan / Terraform Plan (push) Failing after 14s

- Store non-sensitive Proxmox token id in terraform.tfvars
- Inject only token secret via workflow-generated secrets.auto.tfvars
- Add variable validations for token id format and non-empty token secret
- Add workflow debug output for token secret length and selected token id
This commit is contained in:
2026-02-27 21:00:44 +00:00
parent c3a0ef251c
commit 59fbbb07df
4 changed files with 22 additions and 12 deletions

View File

@@ -1,9 +1,10 @@
target_node = "flex"
clone_template = "ubuntu-cloudinit"
cores = 1
memory = 1024
disk_size = "15G"
sockets = 1
bridge = "vmbr0"
storage = "Flash"
pm_api_url = "https://100.105.0.115:8006/api2/json"
target_node = "flex"
clone_template = "ubuntu-cloudinit"
cores = 1
memory = 1024
disk_size = "15G"
sockets = 1
bridge = "vmbr0"
storage = "Flash"
pm_api_url = "https://100.105.0.115:8006/api2/json"
pm_api_token_id = "terraform-prov@pve!mytoken"

View File

@@ -1,12 +1,22 @@
variable "pm_api_token_id" {
type = string
description = "Proxmox API token ID (format: user@realm!tokenid)"
validation {
condition = can(regex(".+!.+", trimspace(var.pm_api_token_id)))
error_message = "pm_api_token_id must be in format user@realm!tokenid."
}
}
variable "pm_api_token_secret" {
type = string
sensitive = true
description = "Proxmox API token secret"
validation {
condition = length(trimspace(var.pm_api_token_secret)) > 0
error_message = "pm_api_token_secret cannot be empty. Check your Gitea secret PM_API_TOKEN_SECRET."
}
}
variable "target_node" {