feat: add support for private networks (#294)

* feat: add support for private networks

* update webdocs

Author: yfodil

.web-docs/components/builder/scaleway/README.md

@@ -110,6 +110,8 @@ can also be supplied to override the typical auto-generated key:
 
 - `tags` ([]string) - A list of tags to apply on the created image, volumes, and snapshots
 
+- `private_network_ids` ([]string) - A list of private network IDs to attach to the instance during the build
+
 - `api_token` (string) - Deprecated: use SecretKey instead
 
 - `organization_id` (string) - Deprecated: use ProjectID instead
@@ -175,7 +177,6 @@ build {
 }
 ```
 
-
 **JSON**
 
     ```json
@@ -192,7 +193,44 @@ build {
     }
     ```
 
-
 When you do not specify the `ssh_private_key_file`, a temporary SSH keypair
 is generated to connect the server. This key will only allow the `root` user to
 connect the server.
+
+## Private Network Example
+
+If you need to access internal resources (like a private package repository) during the build,
+you can attach the instance to one or more private networks:
+
+**HCL2**
+
+```hcl
+source "scaleway" "with_private_network" {
+  project_id      = "YOUR PROJECT ID"
+  access_key      = "YOUR ACCESS KEY"
+  secret_key      = "YOUR SECRET KEY"
+  image           = "ubuntu_jammy"
+  zone            = "fr-par-1"
+  commercial_type = "DEV1-S"
+  ssh_username    = "root"
+  ssh_private_key_file = "~/.ssh/id_rsa"
+
+  private_network_ids = [
+    "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  ]
+}
+
+build {
+  sources = ["source.scaleway.with_private_network"]
+
+  provisioner "shell" {
+    inline = [
+      "apt-get update",
+      "apt-get install -y curl",
+      "curl http://internal-repo.private.local/package.deb -o /tmp/package.deb"
+    ]
+  }
+}
+```
+
+The private networks are attached after the instance is started and are available to provisioners.

builder/scaleway/builder.go

@@ -104,6 +104,7 @@ func (b *Builder) Run(ctx context.Context, ui packersdk.Ui, hook packersdk.Hook)
 		},
 		new(stepCreateVolume),
 		new(stepCreateServer),
+		new(stepCreatePrivateNICs),
 		new(stepServerInfo),
 		&communicator.StepConnect{
 			Config:    &b.Config.Comm,

builder/scaleway/builder_test.go

@@ -259,3 +259,49 @@ func TestBuilderPrepare_ServerName(t *testing.T) {
 		t.Fatal("should have error")
 	}
 }
+
+func TestBuilderPrepare_PrivateNetworkIDs(t *testing.T) {
+	var b scaleway.Builder
+
+	config := testConfig()
+	expected := []string{
+		"11111111-1111-1111-1111-111111111111",
+		"22222222-2222-2222-2222-222222222222",
+	}
+	config["private_network_ids"] = expected
+
+	_, warnings, err := b.Prepare(config)
+	if len(warnings) > 0 {
+		t.Fatalf("bad: %#v", warnings)
+	}
+
+	if err != nil {
+		t.Fatalf("should not have error: %s", err)
+	}
+
+	if len(b.Config.PrivateNetworkIDs) != len(expected) {
+		t.Fatalf("found %d private networks, expected %d", len(b.Config.PrivateNetworkIDs), len(expected))
+	}
+
+	for i, want := range expected {
+		if got := b.Config.PrivateNetworkIDs[i]; got != want {
+			t.Fatalf("found %s, expected %s", got, want)
+		}
+	}
+}
+
+func TestBuilderPrepare_PrivateNetworkIDsRejectsEmptyValues(t *testing.T) {
+	var b scaleway.Builder
+
+	config := testConfig()
+	config["private_network_ids"] = []string{"valid-id", " "}
+
+	_, warnings, err := b.Prepare(config)
+	if len(warnings) > 0 {
+		t.Fatalf("bad: %#v", warnings)
+	}
+
+	if err == nil {
+		t.Fatal("should have error")
+	}
+}

builder/scaleway/config.go

@@ -7,6 +7,7 @@ import (
 	"errors"
 	"log"
 	"os"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/packer-plugin-sdk/common"
@@ -128,6 +129,9 @@ type Config struct {
 	// A list of tags to apply on the created image, volumes, and snapshots
 	Tags []string `mapstructure:"tags" required:"false"`
 
+	// A list of private network IDs to attach to the instance during the build
+	PrivateNetworkIDs []string `mapstructure:"private_network_ids" required:"false"`
+
 	UserAgent string `mapstructure-to-hcl2:",skip"`
 	ctx       interpolate.Context
 
@@ -336,6 +340,15 @@ func (c *Config) Prepare(raws ...any) ([]string, error) { //nolint:gocyclo
 		}
 	}
 
+	for _, id := range c.PrivateNetworkIDs {
+		if strings.TrimSpace(id) == "" {
+			errs = packersdk.MultiErrorAppend(
+				errs, errors.New("private_network_ids must not contain empty values"))
+
+			break
+		}
+	}
+
 	if errs != nil && len(errs.Errors) > 0 {
 		return warnings, errs
 	}

builder/scaleway/config.hcl2spec.go

@@ -0,0 +1,54 @@
+package scaleway
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/packer-plugin-sdk/multistep"
+	packersdk "github.com/hashicorp/packer-plugin-sdk/packer"
+	"github.com/scaleway/scaleway-sdk-go/api/instance/v1"
+	"github.com/scaleway/scaleway-sdk-go/scw"
+)
+
+type stepCreatePrivateNICs struct{}
+
+func (s *stepCreatePrivateNICs) Run(ctx context.Context, state multistep.StateBag) multistep.StepAction {
+	instanceAPI := instance.NewAPI(state.Get("client").(*scw.Client))
+	ui := state.Get("ui").(packersdk.Ui)
+	c := state.Get("config").(*Config)
+	serverID := state.Get("server_id").(string)
+
+	if len(c.PrivateNetworkIDs) == 0 {
+		return multistep.ActionContinue
+	}
+
+	for _, pnID := range c.PrivateNetworkIDs {
+		ui.Say(fmt.Sprintf("Attaching private network %s...", pnID))
+
+		nicResp, err := instanceAPI.CreatePrivateNIC(&instance.CreatePrivateNICRequest{
+			Zone:             scw.Zone(c.Zone),
+			ServerID:         serverID,
+			PrivateNetworkID: pnID,
+		}, scw.WithContext(ctx))
+		if err != nil {
+			return putErrorAndHalt(state, ui, fmt.Errorf("error attaching private network %s: %w", pnID, err))
+		}
+
+		_, err = instanceAPI.WaitForPrivateNIC(&instance.WaitForPrivateNICRequest{
+			ServerID:     serverID,
+			PrivateNicID: nicResp.PrivateNic.ID,
+			Zone:         scw.Zone(c.Zone),
+		}, scw.WithContext(ctx))
+		if err != nil {
+			return putErrorAndHalt(state, ui, fmt.Errorf("error waiting for private NIC %s: %w", nicResp.PrivateNic.ID, err))
+		}
+
+		ui.Say(fmt.Sprintf("Private network %s attached successfully", pnID))
+	}
+
+	return multistep.ActionContinue
+}
+
+func (s *stepCreatePrivateNICs) Cleanup(_ multistep.StateBag) {
+	// Private NICs are automatically removed when the server is deleted.
+}

builder/scaleway/step_create_private_nics.go

@@ -44,6 +44,8 @@
 
 - `tags` ([]string) - A list of tags to apply on the created image, volumes, and snapshots
 
+- `private_network_ids` ([]string) - A list of private network IDs to attach to the instance during the build
+
 - `api_token` (string) - Deprecated: use SecretKey instead
 
 - `organization_id` (string) - Deprecated: use ProjectID instead

docs-partials/builder/scaleway/Config-not-required.mdx

@@ -81,7 +81,6 @@ build {
 }
 ```
 
-
 **JSON**
 
     ```json
@@ -98,7 +97,44 @@ build {
     }
     ```
 
-
 When you do not specify the `ssh_private_key_file`, a temporary SSH keypair
 is generated to connect the server. This key will only allow the `root` user to
 connect the server.
+
+## Private Network Example
+
+If you need to access internal resources (like a private package repository) during the build,
+you can attach the instance to one or more private networks:
+
+**HCL2**
+
+```hcl
+source "scaleway" "with_private_network" {
+  project_id      = "YOUR PROJECT ID"
+  access_key      = "YOUR ACCESS KEY"
+  secret_key      = "YOUR SECRET KEY"
+  image           = "ubuntu_jammy"
+  zone            = "fr-par-1"
+  commercial_type = "DEV1-S"
+  ssh_username    = "root"
+  ssh_private_key_file = "~/.ssh/id_rsa"
+
+  private_network_ids = [
+    "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  ]
+}
+
+build {
+  sources = ["source.scaleway.with_private_network"]
+
+  provisioner "shell" {
+    inline = [
+      "apt-get update",
+      "apt-get install -y curl",
+      "curl http://internal-repo.private.local/package.deb -o /tmp/package.deb"
+    ]
+  }
+}
+```
+
+The private networks are attached after the instance is started and are available to provisioners.