shore(docs): update API Token auth section (#1991)

bpg · web-flow · commit 41f35e69fedf · 2025-06-08T10:58:11.000-04:00
- Added MD059 rule to .markdownlint.json for better markdown formatting.
- Updated CODE_OF_CONDUCT.md to format email address as a link.
- Consolidated privilege descriptions in docs/index.md for clarity.
- Improved formatting in docs/resources/virtual_environment_vm.md for better readability.

* add `gh` to devcontainer
* remove wakatime

---------

Signed-off-by: Pavel Boldyrev &lt;627562+bpg@users.noreply.github.com&gt;
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -3,7 +3,7 @@ FROM golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91
 ARG GOLANGCI_LINT_VERSION=2.1.6 # renovate: depName=golangci/golangci-lint datasource=github-releases
 
 RUN apt update && apt upgrade -y && \
-    apt-get install --no-install-recommends -y ca-certificates curl gnupg lsb-release jq zsh neovim && \
+    apt-get install --no-install-recommends -y ca-certificates curl gnupg lsb-release jq zsh neovim gh && \
     chsh -s $(which zsh) && \
     sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" && \
     rm -rf /var/lib/apt/lists/*
diff --git a/.markdownlint.json b/.markdownlint.json
@@ -3,5 +3,6 @@
     "MD013": false,
     "MD025": false,
     "MD033": false,
-    "MD041": false
+    "MD041": false,
+    "MD059": false
 }
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -34,7 +34,7 @@ This Code of Conduct applies both within project spaces and in public spaces whe
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at bpg.github.com.tn75g@passmail.net. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at <bpg.github.com.tn75g@passmail.net>. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
 
 Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
 
diff --git a/README.md b/README.md
@@ -7,7 +7,6 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/bpg/terraform-provider-proxmox)](https://goreportcard.com/report/github.com/bpg/terraform-provider-proxmox)
 [![Conventional Commits](https://img.shields.io/badge/conventional%20commits-v1.0.0-ff69b4)](https://www.conventionalcommits.org/en/v1.0.0/)
 [![CodeRabbit Pull Request Reviews](https://img.shields.io/coderabbit/prs/github/bpg/terraform-provider-proxmox?utm_source=oss&utm_medium=github&utm_campaign=bpg%2Fterraform-provider-proxmox&color=FF570A&link=https%3A%2F%2Fcoderabbit.ai&label=CodeRabbit+Reviews)](https://www.coderabbit.ai/)
-[![Wakatime](https://wakatime.com/badge/github/bpg/terraform-provider-proxmox.svg)](https://wakatime.com/@a51a1a51-85c3-497b-b88a-3b310a709909/projects/vdtgmpvjom)
 
 A Terraform / OpenTofu Provider that adds support for Proxmox Virtual Environment.
 
diff --git a/docs/index.md b/docs/index.md
@@ -205,7 +205,7 @@ You can create an API Token for a user via the Proxmox UI, or via the command li
 - Create a role for the user (you can skip this step if you want to use any of the existing roles):
 
     ```sh
-    sudo pveum role add Terraform -privs "Datastore.Allocate Datastore.AllocateSpace Datastore.AllocateTemplate Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify SDN.Use VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Migrate VM.Monitor VM.PowerMgmt User.Modify"
+    sudo pveum role add Terraform -privs "Mapping.Audit Mapping.Modify Mapping.Use Permissions.Modify Pool.Allocate Pool.Audit Realm.AllocateUser Realm.Allocate SDN.Allocate SDN.Audit Sys.Audit Sys.Console Sys.Incoming Sys.Modify Sys.AccessNetwork Sys.PowerMgmt Sys.Syslog User.Modify Group.Allocate SDN.Use VM.Allocate VM.Audit VM.Backup VM.Clone VM.Config.CDROM VM.Config.CPU VM.Config.Cloudinit VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Console VM.Migrate VM.Monitor VM.PowerMgmt VM.Snapshot.Rollback VM.Snapshot Datastore.Allocate Datastore.AllocateSpace Datastore.AllocateTemplate Datastore.Audit"
     ```
 
   ~> The list of privileges above is only an example, please review it and adjust to your needs.
diff --git a/docs/resources/virtual_environment_vm.md b/docs/resources/virtual_environment_vm.md
@@ -135,17 +135,13 @@ output "ubuntu_vm_public_key" {
         - `isa` - ISA Serial Port.
         - `virtio` - VirtIO (paravirtualized).
 - `amd_sev` - (Optional) Secure Encrypted Virtualization (SEV) features by AMD CPUs.
-    - `type` - (Optional) Enable standard SEV with `std` or enable experimental 
-        SEV-ES with the `es` option or enable experimental SEV-SNP with the `snp` option 
-        (defaults to `std`).
+    - `type` - (Optional) Enable standard SEV with `std` or enable experimental SEV-ES with the `es` option or enable experimental SEV-SNP with the `snp` option (defaults to `std`).
     - `allow_smt` - (Optional) Sets policy bit to allow Simultaneous Multi Threading (SMT)
         (Ignored unless for SEV-SNP) (defaults to `true`).
-    - `kernel_hashes` - (Optional) Add kernel hashes to guest firmware for measured 
-        linux kernel launch (defaults to `false`).
+    - `kernel_hashes` - (Optional) Add kernel hashes to guest firmware for measured linux kernel launch (defaults to `false`).
     - `no_debug` - (Optional) Sets policy bit to disallow debugging of guest (defaults
         to `false`).
-    - `no_key_sharing` - (Optional) Sets policy bit to disallow key sharing with 
-        other guests (Ignored for SEV-SNP) (defaults to `false`).
+    - `no_key_sharing` - (Optional) Sets policy bit to disallow key sharing with other guests (Ignored for SEV-SNP) (defaults to `false`).
 
     The `amd_sev` setting is only allowed for a `root@pam` authenticated user.
 - `audio_device` - (Optional) An audio device.
@@ -657,6 +653,7 @@ trusts the user to set `agent.enabled` correctly and waits for
 `qemu-guest-agent` to start.
 
 ## AMD SEV
+
 AMD SEV (-ES, -SNP) are security features for AMD processors. SEV-SNP support
 is included in Proxmox version **8.4**, see [Proxmox Wiki](
 https://pve.proxmox.com/wiki/Qemu/KVM_Virtual_Machines#qm_virtual_machines_settings)
@@ -665,17 +662,11 @@ for more information.
 
 `amd-sev` requires root and therefore `root@pam` auth.
 
-SEV-SNP requires `bios = OVMF` and a supported AMD CPU (`EPYC-v4` for instance), 
-`machine = q35` is also advised. No EFI disk is required since SEV-SNP uses 
-consolidated read-only firmware. A configured EFI will be ignored.
+SEV-SNP requires `bios = OVMF` and a supported AMD CPU (`EPYC-v4` for instance), `machine = q35` is also advised. No EFI disk is required since SEV-SNP uses consolidated read-only firmware. A configured EFI will be ignored.
 
-All changes made to `amd_sev` will trigger reboots. Removing or adding the 
-`amd_sev` block will force a replacement of the resource. Modifying the `amd_sev` 
-block will not trigger replacements. 
+All changes made to `amd_sev` will trigger reboots. Removing or adding the `amd_sev` block will force a replacement of the resource. Modifying the `amd_sev` block will not trigger replacements.
 
-`allow_smt` is by default set to `true` even if `snp` is not the selected type. 
-Proxmox will ignore this value when `snp` is not in use. Likewise `no_key_sharing`
-is `false` by default but ignored by Proxmox when `snp` is in use.
+`allow_smt` is by default set to `true` even if `snp` is not the selected type. Proxmox will ignore this value when `snp` is not in use. Likewise `no_key_sharing` is `false` by default but ignored by Proxmox when `snp` is in use.
 
 ## Important Notes
 

Original file line number	Diff line number	Diff line change
`@@ -3,5 +3,6 @@`
`3`	`3`	`"MD013": false,`
`4`	`4`	`"MD025": false,`
`5`	`5`	`"MD033": false,`
`6`		`- "MD041": false`
	`6`	`+ "MD041": false,`
	`7`	`+ "MD059": false`
`7`	`8`	`}`
-Original file line number
+Diff line change
 ## Enforcement
 -Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [email protected]. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
 +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at <[email protected]>. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
 Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.