feat: add username template variable to cloud-init.yml.tera

Replace hardcoded 'torrust' username with dynamic {{ username }} variable.

- Update CloudInitContext to use Username type with validation
- Modify cloud-init template to use {{ username }} variable
- Update cloud-init renderer to extract username from SSH credentials
- Fix all documentation examples to use Username::new()
- Add proper import statements for Username type

Breaking change: CloudInitContext API now requires username parameter
and uses typed Username instead of raw strings for better validation.

Author: josecelano

src/e2e/containers/provisioned.rs

@@ -23,7 +23,7 @@
 //!     StoppedProvisionedContainer, ContainerError,
 //!     actions::{SshWaitAction, SshKeySetupAction}
 //! };
-//! use torrust_tracker_deploy::shared::ssh::SshCredentials;
+//! use torrust_tracker_deploy::shared::{Username, ssh::SshCredentials};
 //! use std::path::PathBuf;
 //! use std::time::Duration;
 //! use std::net::SocketAddr;
@@ -33,7 +33,7 @@
 //!     let stopped = StoppedProvisionedContainer::default();
 //!     
 //!     // Transition to running state
-//!     let running = stopped.start().await?;
+//!     let running = stopped.start(None).await?;
 //!     
 //!     // Get connection details
 //!     let socket_addr = running.ssh_socket_addr();
@@ -46,7 +46,7 @@
 //!     let ssh_credentials = SshCredentials::new(
 //!         PathBuf::from("/path/to/private_key"),
 //!         PathBuf::from("/path/to/public_key.pub"),
-//!         "torrust".to_string(),
+//!         Username::new("torrust").unwrap(),
 //!     );
 //!     let ssh_key_setup_action = SshKeySetupAction::new();
 //!     ssh_key_setup_action.execute(&running, &ssh_credentials).await?;

src/e2e/tasks/container/cleanup_infrastructure.rs

@@ -43,7 +43,7 @@ use crate::e2e::containers::RunningProvisionedContainer;
 /// #[tokio::main]
 /// async fn main() -> anyhow::Result<()> {
 ///     let stopped_container = StoppedProvisionedContainer::default();
-///     let running_container = stopped_container.start().await?;
+///     let running_container = stopped_container.start(None).await?;
 ///     
 ///     // ... perform tests ...
 ///     

src/e2e/tasks/run_configuration_validation.rs

@@ -59,6 +59,7 @@ use crate::shared::ssh::SshConnection;
 /// ```rust,no_run
 /// use torrust_tracker_deploy::e2e::tasks::run_configuration_validation::run_configuration_validation;
 /// use torrust_tracker_deploy::config::SshCredentials;
+/// use torrust_tracker_deploy::shared::username::Username;
 /// use std::net::{IpAddr, Ipv4Addr, SocketAddr};
 ///
 /// #[tokio::main]
@@ -67,7 +68,7 @@ use crate::shared::ssh::SshConnection;
 ///     let ssh_credentials = SshCredentials::new(
 ///         "./id_rsa".into(),
 ///         "./id_rsa.pub".into(),
-///         "testuser".to_string()
+///         Username::new("testuser").unwrap()
 ///     );
 ///     
 ///     run_configuration_validation(socket_addr, &ssh_credentials).await?;

src/infrastructure/template/wrappers/tofu/lxd/cloud_init/context.rs

@@ -8,26 +8,35 @@ use std::fs;
 use std::path::Path;
 use thiserror::Error;
 
+use crate::shared::Username;
+
 /// Errors that can occur when creating a `CloudInitContext`
 #[derive(Error, Debug, Clone)]
 pub enum CloudInitContextError {
     #[error("SSH public key is required but not provided")]
     MissingSshPublicKey,
+    #[error("Username is required but not provided")]
+    MissingUsername,
+    #[error("Invalid username: {0}")]
+    InvalidUsername(String),
     #[error("Failed to read SSH public key from file: {0}")]
     SshPublicKeyReadError(String),
 }
 
-/// Template context for Cloud Init configuration with SSH public key
+/// Template context for Cloud Init configuration with SSH public key and username
 #[derive(Debug, Clone, Serialize)]
 pub struct CloudInitContext {
     /// SSH public key content to be injected into cloud-init configuration
     pub ssh_public_key: String,
+    /// Username to be created in the cloud-init configuration
+    pub username: Username,
 }
 
 /// Builder for `CloudInitContext` with fluent interface
 #[derive(Debug, Default)]
 pub struct CloudInitContextBuilder {
     ssh_public_key: Option<String>,
+    username: Option<Username>,
 }
 
 impl CloudInitContextBuilder {
@@ -38,6 +47,20 @@ impl CloudInitContextBuilder {
         self
     }
 
+    /// Set the username for the cloud-init configuration
+    ///
+    /// # Errors
+    /// Returns an error if the username is invalid according to Linux naming requirements
+    pub fn with_username<S: Into<String>>(
+        mut self,
+        username: S,
+    ) -> Result<Self, CloudInitContextError> {
+        let username = Username::new(username)
+            .map_err(|e| CloudInitContextError::InvalidUsername(e.to_string()))?;
+        self.username = Some(username);
+        Ok(self)
+    }
+
     /// Set the SSH public key by reading from a file path
     ///
     /// # Errors
@@ -68,15 +91,32 @@ impl CloudInitContextBuilder {
             .ssh_public_key
             .ok_or(CloudInitContextError::MissingSshPublicKey)?;
 
-        Ok(CloudInitContext { ssh_public_key })
+        let username = self
+            .username
+            .ok_or(CloudInitContextError::MissingUsername)?;
+
+        Ok(CloudInitContext {
+            ssh_public_key,
+            username,
+        })
     }
 }
 
 impl CloudInitContext {
-    /// Creates a new `CloudInitContext` with SSH public key content
-    #[must_use]
-    pub fn new(ssh_public_key: String) -> Self {
-        Self { ssh_public_key }
+    /// Creates a new `CloudInitContext` with SSH public key content and username
+    ///
+    /// # Errors
+    /// Returns an error if the username is invalid according to Linux naming requirements
+    pub fn new<S: Into<String>>(
+        ssh_public_key: String,
+        username: S,
+    ) -> Result<Self, CloudInitContextError> {
+        let username = Username::new(username)
+            .map_err(|e| CloudInitContextError::InvalidUsername(e.to_string()))?;
+        Ok(Self {
+            ssh_public_key,
+            username,
+        })
     }
 
     /// Creates a new builder for `CloudInitContext` with fluent interface
@@ -90,6 +130,12 @@ impl CloudInitContext {
     pub fn ssh_public_key(&self) -> &str {
         &self.ssh_public_key
     }
+
+    /// Get the username
+    #[must_use]
+    pub fn username(&self) -> &str {
+        self.username.as_str()
+    }
 }
 
 #[cfg(test)]
@@ -101,38 +147,48 @@ mod tests {
     #[test]
     fn it_should_create_cloud_init_context_with_ssh_key() {
         let ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC... [email protected]";
-        let context = CloudInitContext::new(ssh_key.to_string());
+        let username = "testuser";
+        let context = CloudInitContext::new(ssh_key.to_string(), username).unwrap();
 
         assert_eq!(context.ssh_public_key(), ssh_key);
+        assert_eq!(context.username(), username);
     }
 
     #[test]
     fn it_should_build_context_with_builder_pattern() {
         let ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC... [email protected]";
+        let username = "testuser";
         let context = CloudInitContext::builder()
             .with_ssh_public_key(ssh_key.to_string())
+            .with_username(username)
+            .unwrap()
             .build()
             .unwrap();
 
         assert_eq!(context.ssh_public_key(), ssh_key);
+        assert_eq!(context.username(), username);
     }
 
     #[test]
     fn it_should_read_ssh_key_from_file() {
         let temp_dir = TempDir::new().unwrap();
         let key_file = temp_dir.path().join("test_key.pub");
         let ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC... [email protected]\n";
+        let username = "testuser";
 
         fs::write(&key_file, ssh_key).unwrap();
 
         let context = CloudInitContext::builder()
             .with_ssh_public_key_from_file(&key_file)
             .unwrap()
+            .with_username(username)
+            .unwrap()
             .build()
             .unwrap();
 
         // Should trim the trailing newline
         assert_eq!(context.ssh_public_key(), ssh_key.trim());
+        assert_eq!(context.username(), username);
     }
 
     #[test]
@@ -146,6 +202,20 @@ mod tests {
         ));
     }
 
+    #[test]
+    fn it_should_fail_when_username_is_missing() {
+        let ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC... [email protected]";
+        let result = CloudInitContext::builder()
+            .with_ssh_public_key(ssh_key.to_string())
+            .build();
+
+        assert!(result.is_err());
+        assert!(matches!(
+            result.unwrap_err(),
+            CloudInitContextError::MissingUsername
+        ));
+    }
+
     #[test]
     fn it_should_fail_when_ssh_key_file_does_not_exist() {
         let result =
@@ -161,9 +231,40 @@ mod tests {
     #[test]
     fn it_should_serialize_to_json() {
         let ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC... [email protected]";
-        let context = CloudInitContext::new(ssh_key.to_string());
+        let username = "testuser";
+        let context = CloudInitContext::new(ssh_key.to_string(), username).unwrap();
 
         let json = serde_json::to_value(&context).unwrap();
         assert_eq!(json["ssh_public_key"], ssh_key);
+        assert_eq!(json["username"], username);
+    }
+
+    #[test]
+    fn it_should_fail_with_invalid_username() {
+        let ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC... [email protected]";
+        let invalid_username = "123invalid"; // starts with digit
+
+        let result = CloudInitContext::new(ssh_key.to_string(), invalid_username);
+        assert!(result.is_err());
+        assert!(matches!(
+            result.unwrap_err(),
+            CloudInitContextError::InvalidUsername(_)
+        ));
+    }
+
+    #[test]
+    fn it_should_fail_with_builder_when_username_is_invalid() {
+        let ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC... [email protected]";
+        let invalid_username = "@invalid"; // contains @ symbol
+
+        let result = CloudInitContext::builder()
+            .with_ssh_public_key(ssh_key.to_string())
+            .with_username(invalid_username);
+
+        assert!(result.is_err());
+        assert!(matches!(
+            result.unwrap_err(),
+            CloudInitContextError::InvalidUsername(_)
+        ));
     }
 }

src/infrastructure/template/wrappers/tofu/lxd/cloud_init/mod.rs

@@ -75,6 +75,8 @@ mod tests {
     fn create_cloud_init_context(ssh_key: &str) -> CloudInitContext {
         CloudInitContext::builder()
             .with_ssh_public_key(ssh_key.to_string())
+            .with_username("testuser")
+            .unwrap()
             .build()
             .unwrap()
     }

src/infrastructure/tofu/template/renderer/cloud_init.rs

@@ -21,7 +21,7 @@
 //! # use std::path::Path;
 //! # use torrust_tracker_deploy::infrastructure::tofu::template::renderer::cloud_init::CloudInitTemplateRenderer;
 //! # use torrust_tracker_deploy::domain::template::TemplateManager;
-//! # use torrust_tracker_deploy::shared::ssh::credentials::SshCredentials;
+//! # use torrust_tracker_deploy::shared::{Username, ssh::credentials::SshCredentials};
 //! # use std::path::PathBuf;
 //! #
 //! # #[tokio::main]
@@ -174,10 +174,12 @@ impl CloudInitTemplateRenderer {
         let template_file = File::new(Self::CLOUD_INIT_TEMPLATE_FILE, template_content)
             .map_err(|_| CloudInitTemplateError::FileCreationFailed)?;
 
-        // Create cloud-init context with SSH public key
+        // Create cloud-init context with SSH public key and username
         let cloud_init_context = CloudInitContext::builder()
             .with_ssh_public_key_from_file(&ssh_credentials.ssh_pub_key_path)
             .map_err(|_| CloudInitTemplateError::SshKeyReadError)?
+            .with_username(ssh_credentials.ssh_username.as_str())
+            .map_err(|_| CloudInitTemplateError::ContextCreationFailed)?
             .build()
             .map_err(|_| CloudInitTemplateError::ContextCreationFailed)?;
 

src/shared/ssh/connection.rs

@@ -43,7 +43,7 @@ impl SshConnection {
     /// ```rust
     /// # use std::net::{IpAddr, Ipv4Addr, SocketAddr};
     /// # use std::path::PathBuf;
-    /// # use torrust_tracker_deploy::shared::ssh::{SshCredentials, SshConnection};
+    /// # use torrust_tracker_deploy::shared::{Username, ssh::{SshCredentials, SshConnection}};
     /// let credentials = SshCredentials::new(
     ///     PathBuf::from("/home/user/.ssh/deploy_key"),
     ///     PathBuf::from("/home/user/.ssh/deploy_key.pub"),
@@ -70,7 +70,7 @@ impl SshConnection {
     /// ```rust
     /// # use std::net::{IpAddr, Ipv4Addr, SocketAddr};
     /// # use std::path::PathBuf;
-    /// # use torrust_tracker_deploy::shared::ssh::{SshCredentials, SshConnection};
+    /// # use torrust_tracker_deploy::shared::{Username, ssh::{SshCredentials, SshConnection}};
     /// let credentials = SshCredentials::new(
     ///     PathBuf::from("/home/user/.ssh/deploy_key"),
     ///     PathBuf::from("/home/user/.ssh/deploy_key.pub"),

templates/tofu/lxd/cloud-init.yml.tera

@@ -1,6 +1,7 @@
 #cloud-config
 # cloud-init template for LXD containers with dynamic SSH key injection
 # This template uses Tera templating to inject the SSH public key from SshConfig.ssh_pub_key_path
+
 # Commented out for faster VM creation during development
 # package_update: true
 # package_upgrade: true
@@ -13,7 +14,7 @@
 #   - vim
 
 users:
-  - name: torrust
+  - name: {{ username }}
     groups: sudo
     shell: /bin/bash
     sudo: ["ALL=(ALL) NOPASSWD:ALL"]
@@ -24,4 +25,4 @@ users:
 runcmd:
   - echo "VM provisioned successfully" > /tmp/provision_complete
   - systemctl enable ssh
-  - systemctl start ssh
+  - systemctl start ssh