proxmox/scripts/it-ops/proxmox-guarded-write-adapter.sh

#!/usr/bin/env bash
# Phase 3 preview: Proxmox mutations only with production guard + explicit --apply + optional VMID allowlist.
# This script NEVER passes apply by default — it prints the SSH command you would run.
#
# Usage:
#   ./scripts/it-ops/proxmox-guarded-write-adapter.sh --vmid 6205 --action start [--apply]
# Env:
#   PROXMOX_HOST, PROXMOX_OPS_ALLOWED_VMIDS, PROXMOX_SAFE_DEFAULTS, PROXMOX_OPS_APPLY
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# shellcheck source=/dev/null
source "${PROJECT_ROOT}/scripts/lib/load-project-env.sh" 2>/dev/null || true
# shellcheck source=/dev/null
source "${PROJECT_ROOT}/scripts/lib/proxmox-production-guard.sh"

VMID=""
ACTION=""
APPLY_CLI=false
while [[ $# -gt 0 ]]; do
  case "$1" in
    --vmid) VMID="${2:-}"; shift 2 ;;
    --action) ACTION="${2:-}"; shift 2 ;;
    --apply) APPLY_CLI=true; shift ;;
    *) echo "Unknown arg: $1" >&2; exit 2 ;;
  esac
done

[[ -n "$VMID" && -n "$ACTION" ]] || {
  echo "usage: $0 --vmid <VMID> --action start|stop|reboot [--apply]" >&2
  exit 2
}

case "$ACTION" in
  start|stop|reboot) ;;
  *) echo "action must be start|stop|reboot" >&2; exit 2 ;;
esac

HOST="${PROXMOX_HOST:-$(get_host_for_vmid "$VMID" 2>/dev/null || true)}"
[[ -n "$HOST" ]] || HOST="${PROXMOX_HOST_R630_01:-192.168.11.11}"

if ! pguard_vmid_allowed "$VMID"; then
  exit 1
fi

if ! pguard_require_apply_flag "$APPLY_CLI"; then
  echo "[dry-run] Would run on host $HOST:"
  echo "  ssh root@$HOST -- pct $ACTION $VMID"
  echo "Opt-in: pass --apply or set PROXMOX_OPS_APPLY=1 (and keep PROXMOX_OPS_ALLOWED_VMIDS scoped)."
  exit 0
fi

echo "[apply] ssh root@$HOST -- pct $ACTION $VMID"
exec ssh -o BatchMode=yes -o ConnectTimeout=20 "root@${HOST}" "pct $ACTION $VMID"