Skip to content

Commit

Permalink
hashicorp#27228: Support smb3_protocol_encryption_enabled part of azu…
Browse files Browse the repository at this point in the history
…rerm_netapp_volume
  • Loading branch information
harshavmb committed Sep 2, 2024
1 parent 4563450 commit 64ebb23
Show file tree
Hide file tree
Showing 3 changed files with 150 additions and 0 deletions.
10 changes: 10 additions & 0 deletions internal/services/netapp/netapp_volume_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,13 @@ func resourceNetAppVolume() *pluginsdk.Resource {
ForceNew: true,
},

"smb3_protocol_encryption_enabled": {
Type: pluginsdk.TypeBool,
Optional: true,
Description: "SMB3 encryption option should be used only for SMB/DualProtocol volumes. Using it for any other workloads is not supported.",
ForceNew: true,
},

"security_style": {
Type: pluginsdk.TypeString,
Optional: true,
Expand Down Expand Up @@ -405,6 +412,7 @@ func resourceNetAppVolumeCreate(d *pluginsdk.ResourceData, meta interface{}) err
subnetID := d.Get("subnet_id").(string)
kerberosEnabled := d.Get("kerberos_enabled").(bool)
smbContiuouslyAvailable := d.Get("smb_continuous_availability_enabled").(bool)
smbEncryption := d.Get("smb3_protocol_encryption_enabled").(bool)
networkFeatures := volumes.NetworkFeatures(d.Get("network_features").(string))

smbNonBrowsable := volumes.SmbNonBrowsableDisabled
Expand Down Expand Up @@ -533,6 +541,7 @@ func resourceNetAppVolumeCreate(d *pluginsdk.ResourceData, meta interface{}) err
SubnetId: subnetID,
KerberosEnabled: &kerberosEnabled,
SmbContinuouslyAvailable: &smbContiuouslyAvailable,
SmbEncryption: &smbEncryption,
NetworkFeatures: &networkFeatures,
SmbNonBrowsable: &smbNonBrowsable,
SmbAccessBasedEnumeration: &smbAccessBasedEnumeration,
Expand Down Expand Up @@ -741,6 +750,7 @@ func resourceNetAppVolumeRead(d *pluginsdk.ResourceData, meta interface{}) error
d.Set("subnet_id", props.SubnetId)
d.Set("kerberos_enabled", props.KerberosEnabled)
d.Set("smb_continuous_availability_enabled", props.SmbContinuouslyAvailable)
d.Set("smb3_protocol_encryption_enabled", props.SmbEncryption)
d.Set("network_features", string(pointer.From(props.NetworkFeatures)))
d.Set("protocols", props.ProtocolTypes)
d.Set("security_style", string(pointer.From(props.SecurityStyle)))
Expand Down
138 changes: 138 additions & 0 deletions internal/services/netapp/netapp_volume_resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,22 @@ func TestAccNetAppVolume_basic(t *testing.T) {
})
}

func TestAccNetAppVolume_smbEncryption(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_netapp_volume", "test")
r := NetAppVolumeResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.smbEncryption(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("smb3_protocol_encryption_enabled").HasValue("true"),
),
},
data.ImportStep(),
})
}

func TestAccNetAppVolume_availabilityZone(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_netapp_volume", "test")
r := NetAppVolumeResource{}
Expand Down Expand Up @@ -507,6 +523,33 @@ resource "azurerm_netapp_volume" "test" {
`, template, data.RandomInteger, data.RandomInteger)
}

func (NetAppVolumeResource) smbEncryption(data acceptance.TestData) string {
template := NetAppVolumeResource{}.templateSmbEncryption(data)
return fmt.Sprintf(`
%s
resource "azurerm_netapp_volume" "test" {
name = "acctest-NetAppVolume-smbencryption-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
account_name = azurerm_netapp_account.test.name
pool_name = azurerm_netapp_pool.test.name
volume_path = "my-unique-file-path-%d"
service_level = "Standard"
subnet_id = azurerm_subnet.test.id
storage_quota_in_gb = 100
throughput_in_mibps = 1.562
protocols = ["CIFS"]
smb3_protocol_encryption_enabled = true
tags = {
"CreatedOnDate" = "2022-07-08T23:50:21Z",
"SkipASMAzSecPack" = "true"
}
}
`, template, data.RandomInteger, data.RandomInteger)
}

func (NetAppVolumeResource) availabilityZone(data acceptance.TestData) string {
template := NetAppVolumeResource{}.template(data)
return fmt.Sprintf(`
Expand Down Expand Up @@ -1160,6 +1203,101 @@ resource "azurerm_netapp_pool" "test_secondary" {
`, r.template(data), data.RandomInteger, "eastus2")
}

func (NetAppVolumeResource) templateSmbEncryption(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
alias = "all1"
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
}
resource "azurerm_resource_group" "test" {
name = "acctestRG-netapp-%d"
location = "%s"
tags = {
"CreatedOnDate" = "2022-07-08T23:50:21Z",
"SkipASMAzSecPack" = "true",
"SkipNRMSNSG" = "true"
}
}
resource "azurerm_virtual_network" "test" {
name = "acctest-VirtualNetwork-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
address_space = ["10.6.0.0/16"]
tags = {
"CreatedOnDate" = "2022-07-08T23:50:21Z",
"SkipASMAzSecPack" = "true"
}
}
resource "azurerm_subnet" "test" {
name = "acctest-Subnet-%d"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.test.name
address_prefixes = ["10.6.2.0/24"]
delegation {
name = "testdelegation"
service_delegation {
name = "Microsoft.Netapp/volumes"
actions = ["Microsoft.Network/networkinterfaces/*", "Microsoft.Network/virtualNetworks/subnets/join/action"]
}
}
}
resource "azurerm_netapp_account" "test" {
name = "acctest-NetAppAccount-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
active_directory {
username = "aduser"
password = "aduserpwd"
smb_server_name = "SMB-SERVER"
dns_servers = ["1.2.3.4", "1.2.3.5"]
domain = "westcentralus.com"
organizational_unit = "OU=FirstLevel"
site_name = "My-Site-Name"
kerberos_ad_name = "My-AD-Server"
kerberos_kdc_ip = "192.168.1.1"
aes_encryption_enabled = true
local_nfs_users_with_ldap_allowed = true
ldap_over_tls_enabled = true
server_root_ca_certificate = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNZekNDQWN5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREF1TVFzd0NRWURWUVFHRXdKVlV6RU0gCk1Bb0dBMVVFQ2hNRFNVSk5NUkV3RHdZRFZRUUxFd2hNYjJOaGJDQkRRVEFlRncwNU9URXlNakl3TlRBd01EQmEgCkZ3MHdNREV5TWpNd05EVTVOVGxhTUM0eEN6QUpCZ05WQkFZVEFsVlRNUXd3Q2dZRFZRUUtFd05KUWsweEVUQVAgCkJnTlZCQXNUQ0V4dlkyRnNJRU5CTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMmJaRW8gCjd4R2FYMi8wR0hrck5GWnZseEJvdTl2MUptdC9QRGlUTVB2ZThyOUZlSkFRMFFkdkZTVC8wSlBRWUQyMHJIMGIgCmltZERMZ05kTnlubXlSb1MyUy9JSW5mcG1mNjlpeWMyRzBUUHlSdm1ISWlPWmJkQ2QrWUJIUWkxYWRrajE3TkQgCmNXajZTMTR0VnVyRlg3M3p4MHNOb01TNzlxM3R1WEtyRHN4ZXV3SURBUUFCbzRHUU1JR05NRXNHQ1ZVZER3R0cgCitFSUJEUVErRXp4SFpXNWxjbUYwWldRZ1lua2dkR2hsSUZObFkzVnlaVmRoZVNCVFpXTjFjbWwwZVNCVFpYSjIgClpYSWdabTl5SUU5VEx6TTVNQ0FvVWtGRFJpa3dEZ1lEVlIwUEFRSC9CQVFEQWdBR01BOEdBMVVkRXdFQi93UUYgCk1BTUJBZjh3SFFZRFZSME9CQllFRkozK29jUnlDVEp3MDY3ZExTd3IvbmFseDZZTU1BMEdDU3FHU0liM0RRRUIgCkJRVUFBNEdCQU1hUXp0K3phajFHVTc3eXpscjhpaU1CWGdkUXJ3c1paV0pvNWV4bkF1Y0pBRVlRWm1PZnlMaU0gCkQ2b1lxK1puZnZNMG44Ry9ZNzlxOG5od3Z1eHBZT25SU0FYRnA2eFNrcklPZVp0Sk1ZMWgwMExLcC9KWDNOZzEgCnN2WjJhZ0UxMjZKSHNRMGJoek41VEtzWWZid2ZUd2ZqZFdBR3k2VmYxbllpL3JPK3J5TU8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLSA="
ldap_signing_enabled = true
}
tags = {
"CreatedOnDate" = "2022-07-08T23:50:21Z",
"SkipASMAzSecPack" = "true"
}
}
resource "azurerm_netapp_pool" "test" {
name = "acctest-NetAppPool-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
account_name = azurerm_netapp_account.test.name
service_level = "Standard"
size_in_tb = 4
qos_type = "Manual"
tags = {
"CreatedOnDate" = "2022-07-08T23:50:21Z",
"SkipASMAzSecPack" = "true"
}
}
`, data.RandomInteger, "westeurope", data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger)
}

func (NetAppVolumeResource) template(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
Expand Down
2 changes: 2 additions & 0 deletions website/docs/r/netapp_volume.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,8 @@ The following arguments are supported:

* `smb_continuous_availability_enabled` - (Optional) Enable SMB Continuous Availability.

* `smb3_protocol_encryption_enabled` - (Optional) Enable SMB encryption.

* `tags` - (Optional) A mapping of tags to assign to the resource.

-> **Note:** It is highly recommended to use the **lifecycle** property as noted in the example since it will prevent an accidental deletion of the volume if the `protocols` argument changes to a different protocol type.
Expand Down

0 comments on commit 64ebb23

Please sign in to comment.