From a586d0381e9c892b4b9aa2a0699f6c039c151ad2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oto=20Pet=C5=99=C3=ADk?= <oto.petrik@gmail.com>
Date: Fri, 10 Nov 2023 02:19:09 +0100
Subject: [PATCH] fix(provider): do not blindly use first IP for SSH (#704)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For SSH access, try in order:
- IPv4 address of the interface with IPv4 Gateway (if there is one)
- IPv6 address of the interface with IPv6 Gateway (if there is one)
- fallback to the first interface with IPv4 address

Signed-off-by: Oto Petřík <oto.petrik@gmail.com>
Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---
 fwprovider/provider.go         | 23 ++++++++++++++++++++++-
 proxmoxtf/provider/provider.go | 23 ++++++++++++++++++++++-
 2 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/fwprovider/provider.go b/fwprovider/provider.go
index 06e8a9062..3f7a6d916 100644
--- a/fwprovider/provider.go
+++ b/fwprovider/provider.go
@@ -407,13 +407,34 @@ func (r *apiResolver) Resolve(ctx context.Context, nodeName string) (ssh.Proxmox
 
 	nodeAddress := ""
 
+	// try IPv4 address on the interface with IPv4 gateway
 	for _, d := range networkDevices {
-		if d.Address != nil {
+		if d.Gateway != nil && d.Address != nil {
 			nodeAddress = *d.Address
 			break
 		}
 	}
 
+	if nodeAddress == "" {
+		// fallback 1: try IPv6 address on the interface with IPv6 gateway
+		for _, d := range networkDevices {
+			if d.Gateway6 != nil && d.Address6 != nil {
+				nodeAddress = *d.Address6
+				break
+			}
+		}
+	}
+
+	if nodeAddress == "" {
+		// fallback 2: use first interface with any IPv4 address
+		for _, d := range networkDevices {
+			if d.Address != nil {
+				nodeAddress = *d.Address
+				break
+			}
+		}
+	}
+
 	if nodeAddress == "" {
 		return ssh.ProxmoxNode{}, fmt.Errorf("failed to determine the IP address of node \"%s\"", nc.NodeName)
 	}
diff --git a/proxmoxtf/provider/provider.go b/proxmoxtf/provider/provider.go
index 3fa5800d0..fe4f1c216 100644
--- a/proxmoxtf/provider/provider.go
+++ b/proxmoxtf/provider/provider.go
@@ -181,13 +181,34 @@ func (r *apiResolver) Resolve(ctx context.Context, nodeName string) (ssh.Proxmox
 
 	nodeAddress := ""
 
+	// try IPv4 address on the interface with IPv4 gateway
 	for _, d := range networkDevices {
-		if d.Address != nil {
+		if d.Gateway != nil && d.Address != nil {
 			nodeAddress = *d.Address
 			break
 		}
 	}
 
+	if nodeAddress == "" {
+		// fallback 1: try IPv6 address on the interface with IPv6 gateway
+		for _, d := range networkDevices {
+			if d.Gateway6 != nil && d.Address6 != nil {
+				nodeAddress = *d.Address6
+				break
+			}
+		}
+	}
+
+	if nodeAddress == "" {
+		// fallback 2: use first interface with any IPv4 address
+		for _, d := range networkDevices {
+			if d.Address != nil {
+				nodeAddress = *d.Address
+				break
+			}
+		}
+	}
+
 	if nodeAddress == "" {
 		return ssh.ProxmoxNode{}, fmt.Errorf("failed to determine the IP address of node \"%s\"", nc.NodeName)
 	}