Feature: Add pihole_password resource for managing admin password

[poindexter12]

Summary

Add a pihole_password resource to manage the Pi-hole admin password through Terraform, with built-in handling for the password propagation delay.

Background

Currently, the Pi-hole admin password must be set outside of Terraform (e.g., via Ansible or CLI). This creates a dependency ordering challenge:

1. Ansible creates Pi-hole instance
2. Ansible sets password via pihole setpassword
3. Terraform authenticates to create DNS records

Additionally, there's a ~3 second propagation delay after pihole setpassword before the password is active in the API. If Terraform runs too quickly after password change, authentication fails.

Proposed Solution

Add a pihole_password resource:

resource "pihole_password" "admin" {
  password = var.pihole_password
}

Implementation Details

1. Set password via API - Use the Pi-hole v6 API endpoint to set the password
2. Built-in delay - After setting password, wait ~3-5 seconds before marking resource as created
3. Implicit dependency - Other resources (like pihole_dns_record) should implicitly depend on password being set
4. Idempotency - Check if current password matches before updating (via auth test)

API Reference

Pi-hole v6 stores password in webserver.api.password config. The CLI uses:

pihole-FTL --config webserver.api.password "newpassword"

The equivalent REST API call would need to be identified.

Benefits

• Single source of truth for Pi-hole configuration in Terraform
• Proper dependency ordering handled automatically
• No race conditions between password set and subsequent API calls
• Eliminates need for Ansible/CLI password management

Environment

• Pi-hole: v6.3 / FTL v6.4.1
• Provider: poindexter12/pihole v1.0.0
• Terraform: v1.14.1