Add role: create-api-user

.editorconfig

@@ -13,4 +13,6 @@ insert_final_newline = true
 
 [*.md]
 trim_trailing_whitespace = false
+
+[*.{yml,md}]
 indent_size = 2

playbooks/create-api-user.yml

@@ -0,0 +1,12 @@
+---
+
+# * This playbook will use the root user account that
+# * has an ssh key to create a new user for API access
+
+- name: Create Proxmox API User
+  gather_facts: false
+  hosts: proxmox_hosts
+  roles:
+    - role: create-api-user
+
+...

playbooks/inventories/group_vars/all.yml

@@ -0,0 +1,9 @@
+---
+
+#~ always loaded ~#
+
+api_user_name: terraform
+api_user_role: PVEVMAdmin  # Virtual Machine Administrator
+api_object_path: /vms  # Access to VMs
+
+...

playbooks/inventories/inventory.yml

@@ -0,0 +1,6 @@
+proxmox_hosts:
+  hosts:
+    vulpes.c0de.online:
+    proxmox.c0de.online:
+  vars:
+    ansible_user: root

playbooks/roles/create-api-user/meta/argument_spec.yml

@@ -0,0 +1,53 @@
+---
+
+# roles/create-api-user/meta/argument_specs.yml
+
+argument_specs:
+  main:
+    author:
+      - Code Fox
+    short_description: Creates an API user in proxmox using SSH key auth
+    description:
+      - Creates an API user in proxmox using SSH key auth
+      - The root user should already exist, and have an ssh key configured
+      - If nothing is provided, a provisioning group will be created, with
+      - an ansible user that has NoAccess
+      - Group permission assignment should be preferred
+
+    options:
+      api_user_role:
+        type: str
+        required: false
+        default: NoAccess
+        description:
+          - The Proxmox role to assign to the group
+          - By default NoAccess is allowed
+          - Default Roles can be found in the documentation
+          - https://pve.proxmox.com/wiki/User_Management#pveum_permission_management
+
+      api_group_name:
+        type: str
+        required: false
+        default: provisioning
+        description:
+          - The group that will be assigned permissions
+          - Users get their permissions from the group
+          - Subsequent runs will put the users in the same group
+
+      api_user_name:
+        type: str
+        required: false
+        default: ansible
+        description: The user-name of the account that will get an API token
+
+      api_object_path:
+        type: str
+        required: false
+        default: /
+        description:
+          - The path to resources in the Proxmox Object Permission schema
+          - The default is all objects
+          - More details can be found in the documentation in the objects and paths section
+          - https://pve.proxmox.com/wiki/User_Management#pveum_permission_management
+
+...

requirements.txt

@@ -5,10 +5,13 @@ ansible-lint==6.22.2
 attrs==23.2.0
 black==23.12.1
 bracex==2.4
+certifi==2023.11.17
 cffi==1.16.0
+charset-normalizer==3.3.2
 click==8.1.7
 cryptography==41.0.7
 filelock==3.13.1
+idna==3.6
 Jinja2==3.1.3
 jsonschema==4.21.1
 jsonschema-specifications==2023.12.1
@@ -19,15 +22,18 @@ mypy-extensions==1.0.0
 packaging==23.2
 pathspec==0.12.1
 platformdirs==4.1.0
+proxmoxer==2.0.1
 pycparser==2.21
 Pygments==2.17.2
 PyYAML==6.0.1
 referencing==0.32.1
+requests==2.31.0
 resolvelib==1.0.1
 rich==13.7.0
 rpds-py==0.17.1
 ruamel.yaml==0.18.5
 ruamel.yaml.clib==0.2.8
 subprocess-tee==0.4.1
+urllib3==2.1.0
 wcmatch==8.5
 yamllint==1.33.0