- name: Create Terraform user
  ansible.builtin.command: pveum user add terraform@pve --password {{ terraform_password }}
  args:
    creates: "/etc/pve/user.cfg" # Prevent re-run errors

- name: Add TerraformProvisioner role
  ansible.builtin.command: >
    pveum role add TerraformProvisioner -privs "VM.Allocate VM.Config.CloudInit VM.Config.Disk VM.Config.Network VM.PowerMgmt VM.Console Datastore.AllocateSpace"
  ignore_errors: true # Might already exist

- name: Assign role to user
  ansible.builtin.command: >
    pveum aclmod / -user terraform@pve -role TerraformProvisioner