Merge branch 'lxc:main' into main

.github/workflows/test.yml

@@ -60,7 +60,7 @@ jobs:
 
           INCUS_TOKEN=$(incus config trust add terraform --quiet)
           incus remote add localhost "${INCUS_TOKEN}"
-  
+
           incus remote add docker https://docker.io --protocol=oci
 
       - name: Configure OVN

.golangci.yml

@@ -8,6 +8,7 @@ linters:
   enable:
     - godot
     - gofmt
+    - goimports
     - misspell
     - whitespace
     - gci
@@ -16,3 +17,6 @@ linters-settings:
     sections:
       - standard
       - default
+      - prefix(github.com/lxc/terraform-provider-incus)
+  goimports:
+    local-prefixes: github.com/lxc/terraform-provider-incus

Makefile

@@ -65,7 +65,7 @@ static-analysis:
 .PHONY: update-gomod
 update-gomod:
 	$(GO) get -t -v -d -u ./...
-	$(GO) mod tidy --go=1.21
+	$(GO) mod tidy --go=1.22.7
 	$(GO) get toolchain@none
 	@echo "Dependencies updated"
 

docs/resources/certificate.md

@@ -0,0 +1,53 @@
+# incus_certificate
+
+Manages an Incus certificate.
+
+## Example Usage
+
+```hcl
+resource "incus_certificate" "client1" {
+  name        = "client1"
+  certificate = file("${path.module}/metrics.crt")
+}
+```
+
+## Project Restriction Example
+
+```hcl
+resource "incus_project" "project1" {
+  name = "project1"
+}
+
+resource "incus_certificate" "prometheus" {
+  name        = "prometheus"
+  description = "Prometheus Node Exporter Access"
+  restricted  = true
+  projects    = [incus_project.project1.name]
+  type        = "metrics"
+  certificate = file("${path.module}/metrics.crt")
+}
+```
+
+## Argument Reference
+
+* `name` - **Required** - Name of the certificate.
+
+* `certificate` - **Required** - The certificate.
+
+* `description` - *Optional* - Description of the certificate.
+
+* `type` - *Optional* - The type of certificate to create. Can be one of: client,
+  or metrics. If no type is specified, a client certificate is created.
+
+* `projects` - *Optional* -  List of projects to restrict the certificate to.
+
+* `restricted` - *Optional* -  Restrict the certificate to one or more projects.
+
+* `remote` - *Optional* - The remote in which the resource will be created. If
+  not provided, the provider's default remote will be used.
+
+## Attribute Reference
+
+The following attributes are exported:
+
+* `fingerprint` - The fingerprint of the certificate.

docs/resources/instance.md

@@ -89,13 +89,49 @@ resource "incus_instance" "instance2" {
 }
 ```
 
+## Example to create a new instance from an instance backup
+
+```hcl
+resource "incus_instance" "instance1" {
+  project = "default"
+  name    = "instance1"
+  source_file = "/path/to/backup.tar.gz"
+}
+```
+
+## Example to create a new instance from an instance backup with storage
+
+In order to provide the storage pool name for an instance, which is created
+from a backup exactly one `device` configuration of `type = "disk"` might be
+provided. The name of the pool is given as the `pool` attribute in
+`properties`. Additionally the property `path = "/"` is required.
+
+```hcl
+resource "incus_instance" "instance1" {
+  project = "default"
+  name    = "instance1"
+  source_file = "/path/to/backup.tar.gz"
+
+  device = {
+    name = "storage"
+    type = "disk"
+    properties = {
+      path = "/"
+      pool = "pool-name"
+    }
+  }
+}
+```
+
 ## Argument Reference
 
 * `name` - **Required** - Name of the instance.
 
 * `image` - *Optional* - Base image from which the instance will be created. Must
   specify [an image accessible from the provider remote](https://linuxcontainers.org/incus/docs/main/reference/image_servers/).
 
+* `source_file` - *Optional* - The souce backup file from which the instance should be restored. For handling of storage pool, see examples.
+
 * `source_instance` - *Optional* - The source instance from which the instance will be created. See reference below.
 
 * `description` - *Optional* - Description of the instance.
@@ -110,20 +146,20 @@ resource "incus_instance" "instance2" {
   If `running` is set to false or instance is already running (on update), this value has no effect. Defaults to `true`.
 
 * `profiles` - *Optional* - List of Incus config profiles to apply to the new
-	instance. Profile `default` will be applied if profiles are not set (are `null`).
+  instance. Profile `default` will be applied if profiles are not set (are `null`).
   However, if an empty array (`[]`) is set as a value, no profiles will be applied.
 
 * `device` - *Optional* - Device definition. See reference below.
 
 * `file` - *Optional* - File to upload to the instance. See reference below.
 
 * `config` - *Optional* - Map of key/value pairs of
-	[instance config settings](https://linuxcontainers.org/incus/docs/main/reference/instance_options/).
+  [instance config settings](https://linuxcontainers.org/incus/docs/main/reference/instance_options/).
 
 * `project` - *Optional* - Name of the project where the instance will be spawned.
 
 * `remote` - *Optional* - The remote in which the resource will be created. If
-	not provided, the provider's default remote will be used.
+  not provided, the provider's default remote will be used.
 
 * `target` - *Optional* - Specify a target node in a cluster.
 
@@ -140,21 +176,21 @@ The `device` block supports:
 * `name` - **Required** - Name of the device.
 
 * `type` - **Required** - Type of the device Must be one of none, disk, nic,
-	unix-char, unix-block, usb, gpu, infiniband, proxy, unix-hotplug, tpm, pci.
+  unix-char, unix-block, usb, gpu, infiniband, proxy, unix-hotplug, tpm, pci.
 
 * `properties`- **Required** - Map of key/value pairs of
-	[device properties](https://linuxcontainers.org/incus/docs/main/reference/devices/).
+  [device properties](https://linuxcontainers.org/incus/docs/main/reference/devices/).
 
 The `file` block supports:
 
-* `content` - *__Required__ unless source_path is used* - The _contents_ of the file.
-	Use the `file()` function to read in the content of a file from disk.
+* `content` - **Required** unless source_path is used* - The _contents_ of the file.
+  Use the `file()` function to read in the content of a file from disk.
 
-* `source_path` - *__Required__ unless content is used* - The source path to a file to
-	copy to the instance.
+* `source_path` - **Required** unless content is used* - The source path to a file to
+  copy to the instance.
 
 * `target_path` - **Required** - The absolute path of the file on the instance,
-	including the filename.
+  including the filename.
 
 * `uid` - *Optional* - The UID of the file. Must be an unquoted integer.
 
@@ -163,7 +199,7 @@ The `file` block supports:
 * `mode` - *Optional* - The octal permissions of the file, must be quoted. Defaults to `0755`.
 
 * `create_directories` - *Optional* - Whether to create the directories leading
-	to the target if they do not exist.
+  to the target if they do not exist.
 
 ## Attribute Reference
 
@@ -240,5 +276,5 @@ import {
 * The instance resource `config` includes some keys that can be automatically generated by the Incus.
   If these keys are not explicitly defined by the user, they will be omitted from the Terraform
   state and treated as computed values.
-    - `image.*`
-    - `volatile.*`
+  * `image.*`
+  * `volatile.*`

docs/resources/network_integration.md

@@ -0,0 +1,62 @@
+# incus_network_integration
+
+Manage integrations between the local Incus deployment and remote networks hosted on Incus or other platforms. Currently available only for [OVN networks](https://linuxcontainers.org/incus/docs/main/reference/network_ovn/#network-ovn).
+
+## Basic Example
+
+```hcl
+resource "incus_network_integration" "this" {
+    name   = "ovn-region"
+    type   = "ovn"
+
+    config = {
+        "ovn.northbound_connection" = "tcp:[192.0.2.12]:6645,tcp:[192.0.3.13]:6645,tcp:[192.0.3.14]:6645"
+        "ovn.southbound_connection" = "tcp:[192.0.2.12]:6646,tcp:[192.0.3.13]:6646,tcp:[192.0.3.14]:6646"
+    }
+}
+```
+
+## Peer Example
+
+```hcl
+resource "incus_network" "default" {
+  name = "default"
+  type = "ovn"
+
+  config = {
+    "ipv4.address" = "192.168.2.0/24"
+    "ipv4.nat"     = "true"
+  }
+}
+
+resource "incus_network_integration" "this" {
+    name   = "ovn-region"
+    type   = "ovn"
+
+    config = {
+        "ovn.northbound_connection" = "tcp:[192.0.2.12]:6645,tcp:[192.0.3.13]:6645,tcp:[192.0.3.14]:6645"
+        "ovn.southbound_connection" = "tcp:[192.0.2.12]:6646,tcp:[192.0.3.13]:6646,tcp:[192.0.3.14]:6646"
+    }
+}
+
+resource "incus_network_peer" "this" {
+    name               = "ovn-peer"
+    network            = incus_network.default.name
+    target_integration = incus_network_integration.this.name
+}
+```
+
+## Argument Reference
+
+* `name` - **Required** - Name of the network integration.
+
+* `type` **Required** - The type of the network integration. Currently, only supports `ovn` type.
+
+* `description` *Optional* - Description of the network integration.
+
+* `project` - *Optional* - Name of the project where the network will be created.
+
+* `remote` - *Optional* - The remote in which the resource will be created. If
+ not provided, the provider's default remote will be used.
+
+* `config` - *Optional* - Map of key/value pairs of [network integration config settings](https://linuxcontainers.org/incus/docs/main/howto/network_integrations/)

docs/resources/storage_bucket.md

@@ -16,6 +16,16 @@ resource "incus_storage_bucket" "bucket1" {
 }
 ```
 
+## Example to create bucket from backup file 
+
+```hcl
+resource "incus_storage_bucket" "bucket_from_backup" {
+ name        = "restored-bucket"
+ pool        = "default"
+ source_file = "/path/to/backup.tar.gz"
+}
+```
+
 ## Argument Reference
 
 * `name` - **Required** - Name of the storage bucket.
@@ -35,6 +45,8 @@ resource "incus_storage_bucket" "bucket1" {
 
 * `target` - *Optional* - Specify a target node in a cluster.
 
+* `source_file` - *Optional* - Path to a backup file from which the bucket will be created.
+
 
 ## Attribute Reference
 

docs/resources/storage_volume.md

@@ -26,6 +26,16 @@ resource "incus_storage_volume" "volume1_copy" {
 }
 ```
 
+## Example to create volume from backup file 
+
+```hcl
+resource "incus_storage_volume" "volume_from_backup" {
+ name        = "restored-volume"
+ pool        = "default"
+ source_file = "/path/to/volume.backup"
+}
+```
+
 ## Argument Reference
 
 * `name` - **Required** - Name of the storage volume.
@@ -52,6 +62,8 @@ resource "incus_storage_volume" "volume1_copy" {
 
 * `source_volume` - *Optional* - The source volume from which the volume will be created. See reference below.
 
+* `source_file` - *Optional* - Path to a backup file from which the volume will be created.
+
 The `source_volume` block supports:
 
 * `name` - **Required** - Name of the storage volume.