diff --git a/internal/services/netapp/netapp_volume_resource.go b/internal/services/netapp/netapp_volume_resource.go index 4d3dad53e7e9..d77fceefae42 100644 --- a/internal/services/netapp/netapp_volume_resource.go +++ b/internal/services/netapp/netapp_volume_resource.go @@ -149,6 +149,13 @@ func resourceNetAppVolume() *pluginsdk.Resource { ForceNew: true, }, + "smb3_protocol_encryption_enabled": { + Type: pluginsdk.TypeBool, + Optional: true, + Description: "SMB3 encryption option should be used only for SMB/DualProtocol volumes. Using it for any other workloads is not supported.", + ForceNew: true, + }, + "security_style": { Type: pluginsdk.TypeString, Optional: true, @@ -405,6 +412,7 @@ func resourceNetAppVolumeCreate(d *pluginsdk.ResourceData, meta interface{}) err subnetID := d.Get("subnet_id").(string) kerberosEnabled := d.Get("kerberos_enabled").(bool) smbContiuouslyAvailable := d.Get("smb_continuous_availability_enabled").(bool) + smbEncryption := d.Get("smb3_protocol_encryption_enabled").(bool) networkFeatures := volumes.NetworkFeatures(d.Get("network_features").(string)) smbNonBrowsable := volumes.SmbNonBrowsableDisabled @@ -533,6 +541,7 @@ func resourceNetAppVolumeCreate(d *pluginsdk.ResourceData, meta interface{}) err SubnetId: subnetID, KerberosEnabled: &kerberosEnabled, SmbContinuouslyAvailable: &smbContiuouslyAvailable, + SmbEncryption: &smbEncryption, NetworkFeatures: &networkFeatures, SmbNonBrowsable: &smbNonBrowsable, SmbAccessBasedEnumeration: &smbAccessBasedEnumeration, @@ -741,6 +750,7 @@ func resourceNetAppVolumeRead(d *pluginsdk.ResourceData, meta interface{}) error d.Set("subnet_id", props.SubnetId) d.Set("kerberos_enabled", props.KerberosEnabled) d.Set("smb_continuous_availability_enabled", props.SmbContinuouslyAvailable) + d.Set("smb3_protocol_encryption_enabled", props.SmbEncryption) d.Set("network_features", string(pointer.From(props.NetworkFeatures))) d.Set("protocols", props.ProtocolTypes) d.Set("security_style", string(pointer.From(props.SecurityStyle))) diff --git a/internal/services/netapp/netapp_volume_resource_test.go b/internal/services/netapp/netapp_volume_resource_test.go index 195da0a711cb..67741b47f512 100644 --- a/internal/services/netapp/netapp_volume_resource_test.go +++ b/internal/services/netapp/netapp_volume_resource_test.go @@ -35,6 +35,22 @@ func TestAccNetAppVolume_basic(t *testing.T) { }) } +func TestAccNetAppVolume_smbEncryption(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_netapp_volume", "test") + r := NetAppVolumeResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.smbEncryption(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("smb3_protocol_encryption_enabled").HasValue("true"), + ), + }, + data.ImportStep(), + }) +} + func TestAccNetAppVolume_availabilityZone(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_netapp_volume", "test") r := NetAppVolumeResource{} @@ -507,6 +523,33 @@ resource "azurerm_netapp_volume" "test" { `, template, data.RandomInteger, data.RandomInteger) } +func (NetAppVolumeResource) smbEncryption(data acceptance.TestData) string { + template := NetAppVolumeResource{}.templateSmbEncryption(data) + return fmt.Sprintf(` +%s + +resource "azurerm_netapp_volume" "test" { + name = "acctest-NetAppVolume-smbencryption-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + account_name = azurerm_netapp_account.test.name + pool_name = azurerm_netapp_pool.test.name + volume_path = "my-unique-file-path-%d" + service_level = "Standard" + subnet_id = azurerm_subnet.test.id + storage_quota_in_gb = 100 + throughput_in_mibps = 1.562 + protocols = ["CIFS"] + smb3_protocol_encryption_enabled = true + + tags = { + "CreatedOnDate" = "2022-07-08T23:50:21Z", + "SkipASMAzSecPack" = "true" + } +} +`, template, data.RandomInteger, data.RandomInteger) +} + func (NetAppVolumeResource) availabilityZone(data acceptance.TestData) string { template := NetAppVolumeResource{}.template(data) return fmt.Sprintf(` @@ -1160,6 +1203,101 @@ resource "azurerm_netapp_pool" "test_secondary" { `, r.template(data), data.RandomInteger, "eastus2") } +func (NetAppVolumeResource) templateSmbEncryption(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + alias = "all1" + features { + resource_group { + prevent_deletion_if_contains_resources = false + } + } +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-netapp-%d" + location = "%s" + + tags = { + "CreatedOnDate" = "2022-07-08T23:50:21Z", + "SkipASMAzSecPack" = "true", + "SkipNRMSNSG" = "true" + } +} + +resource "azurerm_virtual_network" "test" { + name = "acctest-VirtualNetwork-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + address_space = ["10.6.0.0/16"] + + tags = { + "CreatedOnDate" = "2022-07-08T23:50:21Z", + "SkipASMAzSecPack" = "true" + } +} + +resource "azurerm_subnet" "test" { + name = "acctest-Subnet-%d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefixes = ["10.6.2.0/24"] + + delegation { + name = "testdelegation" + + service_delegation { + name = "Microsoft.Netapp/volumes" + actions = ["Microsoft.Network/networkinterfaces/*", "Microsoft.Network/virtualNetworks/subnets/join/action"] + } + } +} + +resource "azurerm_netapp_account" "test" { + name = "acctest-NetAppAccount-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + active_directory { + username = "aduser" + password = "aduserpwd" + smb_server_name = "SMB-SERVER" + dns_servers = ["1.2.3.4", "1.2.3.5"] + domain = "westcentralus.com" + organizational_unit = "OU=FirstLevel" + site_name = "My-Site-Name" + kerberos_ad_name = "My-AD-Server" + kerberos_kdc_ip = "192.168.1.1" + aes_encryption_enabled = true + local_nfs_users_with_ldap_allowed = true + ldap_over_tls_enabled = true + server_root_ca_certificate = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNZekNDQWN5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREF1TVFzd0NRWURWUVFHRXdKVlV6RU0gCk1Bb0dBMVVFQ2hNRFNVSk5NUkV3RHdZRFZRUUxFd2hNYjJOaGJDQkRRVEFlRncwNU9URXlNakl3TlRBd01EQmEgCkZ3MHdNREV5TWpNd05EVTVOVGxhTUM0eEN6QUpCZ05WQkFZVEFsVlRNUXd3Q2dZRFZRUUtFd05KUWsweEVUQVAgCkJnTlZCQXNUQ0V4dlkyRnNJRU5CTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMmJaRW8gCjd4R2FYMi8wR0hrck5GWnZseEJvdTl2MUptdC9QRGlUTVB2ZThyOUZlSkFRMFFkdkZTVC8wSlBRWUQyMHJIMGIgCmltZERMZ05kTnlubXlSb1MyUy9JSW5mcG1mNjlpeWMyRzBUUHlSdm1ISWlPWmJkQ2QrWUJIUWkxYWRrajE3TkQgCmNXajZTMTR0VnVyRlg3M3p4MHNOb01TNzlxM3R1WEtyRHN4ZXV3SURBUUFCbzRHUU1JR05NRXNHQ1ZVZER3R0cgCitFSUJEUVErRXp4SFpXNWxjbUYwWldRZ1lua2dkR2hsSUZObFkzVnlaVmRoZVNCVFpXTjFjbWwwZVNCVFpYSjIgClpYSWdabTl5SUU5VEx6TTVNQ0FvVWtGRFJpa3dEZ1lEVlIwUEFRSC9CQVFEQWdBR01BOEdBMVVkRXdFQi93UUYgCk1BTUJBZjh3SFFZRFZSME9CQllFRkozK29jUnlDVEp3MDY3ZExTd3IvbmFseDZZTU1BMEdDU3FHU0liM0RRRUIgCkJRVUFBNEdCQU1hUXp0K3phajFHVTc3eXpscjhpaU1CWGdkUXJ3c1paV0pvNWV4bkF1Y0pBRVlRWm1PZnlMaU0gCkQ2b1lxK1puZnZNMG44Ry9ZNzlxOG5od3Z1eHBZT25SU0FYRnA2eFNrcklPZVp0Sk1ZMWgwMExLcC9KWDNOZzEgCnN2WjJhZ0UxMjZKSHNRMGJoek41VEtzWWZid2ZUd2ZqZFdBR3k2VmYxbllpL3JPK3J5TU8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLSA=" + ldap_signing_enabled = true + } + + tags = { + "CreatedOnDate" = "2022-07-08T23:50:21Z", + "SkipASMAzSecPack" = "true" + } +} + +resource "azurerm_netapp_pool" "test" { + name = "acctest-NetAppPool-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + account_name = azurerm_netapp_account.test.name + service_level = "Standard" + size_in_tb = 4 + qos_type = "Manual" + + tags = { + "CreatedOnDate" = "2022-07-08T23:50:21Z", + "SkipASMAzSecPack" = "true" + } +} +`, data.RandomInteger, "westeurope", data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) +} + func (NetAppVolumeResource) template(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/website/docs/r/netapp_volume.html.markdown b/website/docs/r/netapp_volume.html.markdown index 93c43ee988f6..b0fb29206f7a 100644 --- a/website/docs/r/netapp_volume.html.markdown +++ b/website/docs/r/netapp_volume.html.markdown @@ -156,6 +156,8 @@ The following arguments are supported: * `smb_continuous_availability_enabled` - (Optional) Enable SMB Continuous Availability. +* `smb3_protocol_encryption_enabled` - (Optional) Enable SMB encryption. + * `tags` - (Optional) A mapping of tags to assign to the resource. -> **Note:** It is highly recommended to use the **lifecycle** property as noted in the example since it will prevent an accidental deletion of the volume if the `protocols` argument changes to a different protocol type.