diff --git a/mmv1/products/netapp/activeDirectory.yaml b/mmv1/products/netapp/activeDirectory.yaml new file mode 100644 index 000000000000..ffe9a7042a42 --- /dev/null +++ b/mmv1/products/netapp/activeDirectory.yaml @@ -0,0 +1,179 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'activeDirectory' +description: | + ActiveDirectory is the public representation of the active directory config. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/netapp/volumes/docs/configure-and-use/active-directory/about-ad' + api: 'https://cloud.google.com/netapp/volumes/docs/reference/rest/v1/projects.locations.activeDirectories' +base_url: projects/{{project}}/locations/{{location}}/activeDirectories +self_link: projects/{{project}}/locations/{{location}}/activeDirectories/{{name}} +create_url: projects/{{project}}/locations/{{location}}/activeDirectories?activeDirectoryId={{name}} +create_verb: :POST +update_url: projects/{{project}}/locations/{{location}}/activeDirectories/{{name}} +update_verb: :PATCH +update_mask: true +delete_url: projects/{{project}}/locations/{{location}}/activeDirectories/{{name}} +delete_verb: :DELETE +autogen_async: true +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + base_url: '{{op_id}}' +id_format: 'projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}' +import_format: ['projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}'] +parameters: + - !ruby/object:Api::Type::String + name: 'location' + required: true + immutable: true + url_param_only: true + description: | + Name of the region for the policy to apply to. + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name of the Active Directory pool. Needs to be unique per location. + required: true + immutable: true + url_param_only: true +examples: + - !ruby/object:Provider::Terraform::Examples + name: 'netapp_active_directory_full' + primary_resource_id: 'test_active_directory_full' + skip_test: true + vars: + active_directory_full_name: 'test-active-directory-full' +properties: + # Fields go here + - !ruby/object:Api::Type::String + name: 'createTime' + description: | + Create time of the active directory. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z". + output: true + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The state of the Active Directory policy (not the Active Directory itself). + values: + - :STATE_UNSPECIFIED + - :CREATING + - :READY + - :UPDATING + - :DELETING + - :IN_USE + - :ERROR + output: true + - !ruby/object:Api::Type::String + name: 'domain' + description: | + Fully qualified domain name for the Active Directory domain. + required: true + - !ruby/object:Api::Type::String + name: 'site' + description: | + Specifies an Active Directory site to manage domain controller selection. + Use when Active Directory domain controllers in multiple regions are configured. Defaults to `Default-First-Site-Name` if left empty. + required: false + - !ruby/object:Api::Type::String + name: 'dns' + description: | + Comma separated list of DNS server IP addresses for the Active Directory domain. + required: true + - !ruby/object:Api::Type::String + name: 'netBiosPrefix' + description: | + NetBIOS name prefix of the server to be created. + A five-character random ID is generated automatically, for example, -6f9a, and appended to the prefix. The full UNC share path will have the following format: + `\\NetBIOS_PREFIX-ABCD.DOMAIN_NAME\SHARE_NAME` + required: true + - !ruby/object:Api::Type::String + name: 'organizationalUnit' + description: | + Name of the Organizational Unit where you intend to create the computer account for NetApp Volumes. + Defaults to `CN=Computers` if left empty. + required: false + default_from_api: true + - !ruby/object:Api::Type::Boolean + name: 'aesEncryption' + description: | + Enables AES-128 and AES-256 encryption for Kerberos-based communication with Active Directory. + required: false + default_value: true + - !ruby/object:Api::Type::String + name: 'username' + description: | + Username for the Active Directory account with permissions to create the compute account within the specified organizational unit. + required: true + - !ruby/object:Api::Type::String + name: 'password' + description: | + Password for specified username. Note - Manual changes done to the password will not be detected. Terraform will not re-apply the password, unless you use a new password in Terraform. + required: true + sensitive: true + ignore_read: true + - !ruby/object:Api::Type::Array + name: 'backupOperators' + description: | + Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list. + required: false + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'securityOperators' + description: | + Domain accounts that require elevated privileges such as `SeSecurityPrivilege` to manage security logs. Comma-separated list. + required: false + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'kdcHostname' + description: | + Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only requried for volumes using kerberized NFSv4.1 + required: false + - !ruby/object:Api::Type::String + name: 'kdcIp' + description: | + IP address of the Active Directory server used as Kerberos Key Distribution Center. + required: false + - !ruby/object:Api::Type::Boolean + name: 'nfsUsersWithLdap' + description: | + Local UNIX users on clients without valid user information in Active Directory are blocked from access to LDAP enabled volumes. + This option can be used to temporarily switch such volumes to AUTH_SYS authentication (user ID + 1-16 groups). + required: false + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. + required: false + - !ruby/object:Api::Type::Boolean + name: 'ldapSigning' + description: | + Specifies whether or not the LDAP traffic needs to be signed. + required: false + - !ruby/object:Api::Type::Boolean + name: 'encryptDcConnections' + description: | + If enabled, traffic between the SMB server to Domain Controller (DC) will be encrypted. + required: false + - !ruby/object:Api::Type::KeyValueLabels + name: labels + description: | + Labels as key value pairs. Example: `{ "owner": "Bob", "department": "finance", "purpose": "testing" }`. + required: false + - !ruby/object:Api::Type::String + name: 'stateDetails' + description: | + The state details of the Active Directory. + output: true diff --git a/mmv1/templates/terraform/examples/netapp_active_directory_full.tf.erb b/mmv1/templates/terraform/examples/netapp_active_directory_full.tf.erb new file mode 100644 index 000000000000..4c30d9811bcb --- /dev/null +++ b/mmv1/templates/terraform/examples/netapp_active_directory_full.tf.erb @@ -0,0 +1,23 @@ +resource "google_netapp_active_directory" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['active_directory_full_name'] %>" + location = "us-central1" + domain = "ad.internal" + dns = "172.30.64.3" + net_bios_prefix = "smbserver" + username = "user" + password = "pass" + aes_encryption = false + backup_operators = ["test1", "test2"] + description = "ActiveDirectory is the public representation of the active directory config." + encrypt_dc_connections = false + kdc_hostname = "hostname" + kdc_ip = "10.10.0.11" + labels = { + "foo": "bar" + } + ldap_signing = false + nfs_users_with_ldap = false + organizational_unit = "CN=Computers" + security_operators = ["test1", "test2"] + site = "test-site" + } diff --git a/mmv1/third_party/terraform/services/netapp/resource_netapp_active_directory_test.go b/mmv1/third_party/terraform/services/netapp/resource_netapp_active_directory_test.go new file mode 100644 index 000000000000..8f664429a790 --- /dev/null +++ b/mmv1/third_party/terraform/services/netapp/resource_netapp_active_directory_test.go @@ -0,0 +1,115 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package netapp_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + "github.com/hashicorp/terraform-provider-google/google/acctest" +) + +func TestAccNetappactiveDirectory_activeDirectory_FullUpdate(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + Steps: []resource.TestStep{ + { + Config: testAccNetappactiveDirectory_activeDirectoryCreateExample_Full(context), + }, + { + ResourceName: "google_netapp_active_directory.test_active_directory_full", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"location", "name", "pass", "labels", "terraform_labels"}, + }, + { + Config: testAccNetappactiveDirectory_activeDirectoryCreateExample_Update(context), + }, + { + ResourceName: "google_netapp_active_directory.test_active_directory_full", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"location", "name", "pass", "labels", "terraform_labels"}, + }, + }, + }) +} + +func testAccNetappactiveDirectory_activeDirectoryCreateExample_Full(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_netapp_active_directory" "test_active_directory_full" { + name = "tf-test-test-active-directory-full%{random_suffix}" + location = "us-central1" + domain = "ad.internal" + dns = "172.30.64.3" + net_bios_prefix = "smbserver" + username = "user" + password = "pass" + aes_encryption = false + backup_operators = ["test1", "test2"] + description = "ActiveDirectory is the public representation of the active directory config." + encrypt_dc_connections = false + kdc_hostname = "hostname" + kdc_ip = "10.10.0.11" + labels = { + "foo": "bar" + } + ldap_signing = false + nfs_users_with_ldap = false + organizational_unit = "CN=Computers" + security_operators = ["test1", "test2"] + site = "test-site" + } +`, context) +} + +func testAccNetappactiveDirectory_activeDirectoryCreateExample_Update(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_netapp_active_directory" "test_active_directory_full" { + name = "tf-test-test-active-directory-full%{random_suffix}" + location = "us-central1" + domain = "ad.internal" + dns = "172.30.64.3" + net_bios_prefix = "smbup" + username = "user" + password = "pass" + aes_encryption = false + backup_operators = ["test1", "test2"] + description = "ActiveDirectory is the public representation of the active directory config." + encrypt_dc_connections = false + kdc_hostname = "hostname" + kdc_ip = "10.10.0.11" + labels = { + "foo": "bar" + } + ldap_signing = true + nfs_users_with_ldap = true + organizational_unit = "CN=Computers" + security_operators = ["test1", "test2"] + site = "test-site" + } +`, context) +}