azurerm_netapp_volume - support for the security_style property - F…

…ixes #11370 (#11684)

This PR implements security_style volume property. It Fixes #11370.

azurerm/internal/services/netapp/netapp_volume_data_source.go

@@ -78,6 +78,11 @@ func dataSourceNetAppVolume() *schema.Resource {
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
 
+			"security_style": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
 			"data_protection_replication": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -156,6 +161,8 @@ func dataSourceNetAppVolumeRead(d *schema.ResourceData, meta interface{}) error
 		}
 		d.Set("protocols", protocolTypes)
 
+		d.Set("security_style", props.SecurityStyle)
+
 		if props.UsageThreshold != nil {
 			d.Set("storage_quota_in_gb", *props.UsageThreshold/1073741824)
 		}

azurerm/internal/services/netapp/netapp_volume_resource.go

@@ -118,6 +118,17 @@ func resourceNetAppVolume() *schema.Resource {
 				},
 			},
 
+			"security_style": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				Computed: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					"Unix", // Using hardcoded values instead of SDK enum since no matter what case is passed,
+					"Ntfs", // ANF changes casing to Pascal case in the backend. Please refer to https://github.com/Azure/azure-sdk-for-go/issues/14684
+				}, false),
+			},
+
 			"storage_quota_in_gb": {
 				Type:         schema.TypeInt,
 				Required:     true,
@@ -281,6 +292,15 @@ func resourceNetAppVolumeCreateUpdate(d *schema.ResourceData, meta interface{})
 		protocols = append(protocols, "NFSv3")
 	}
 
+	// Handling security style property
+	securityStyle := d.Get("security_style").(string)
+	if strings.EqualFold(securityStyle, "unix") && len(protocols) == 1 && strings.EqualFold(protocols[0].(string), "cifs") {
+		return fmt.Errorf("Unix security style cannot be used in a CIFS enabled volume for volume %q (Resource Group %q)", name, resourceGroup)
+	}
+	if strings.EqualFold(securityStyle, "ntfs") && len(protocols) == 1 && (strings.EqualFold(protocols[0].(string), "nfsv3") || strings.EqualFold(protocols[0].(string), "nfsv4.1")) {
+		return fmt.Errorf("Ntfs security style cannot be used in a NFSv3/NFSv4.1 enabled volume for volume %q (Resource Group %q)", name, resourceGroup)
+	}
+
 	storageQuotaInGB := int64(d.Get("storage_quota_in_gb").(int) * 1073741824)
 
 	exportPolicyRuleRaw := d.Get("export_policy_rule").([]interface{})
@@ -370,6 +390,7 @@ func resourceNetAppVolumeCreateUpdate(d *schema.ResourceData, meta interface{})
 			ServiceLevel:   netapp.ServiceLevel(serviceLevel),
 			SubnetID:       utils.String(subnetID),
 			ProtocolTypes:  utils.ExpandStringSlice(protocols),
+			SecurityStyle:  netapp.SecurityStyle(securityStyle),
 			UsageThreshold: utils.Int64(storageQuotaInGB),
 			ExportPolicy:   exportPolicyRule,
 			VolumeType:     utils.String(volumeType),
@@ -464,6 +485,7 @@ func resourceNetAppVolumeRead(d *schema.ResourceData, meta interface{}) error {
 		d.Set("service_level", props.ServiceLevel)
 		d.Set("subnet_id", props.SubnetID)
 		d.Set("protocols", props.ProtocolTypes)
+		d.Set("security_style", props.SecurityStyle)
 		if props.UsageThreshold != nil {
 			d.Set("storage_quota_in_gb", *props.UsageThreshold/1073741824)
 		}

azurerm/internal/services/netapp/netapp_volume_resource_test.go

@@ -264,6 +264,7 @@ resource "azurerm_netapp_volume" "test" {
   service_level       = "Standard"
   subnet_id           = azurerm_subnet.test.id
   protocols           = ["NFSv4.1"]
+  security_style      = "Unix"
   storage_quota_in_gb = 100
 
   export_policy_rule {

website/docs/d/netapp_volume.html.markdown

@@ -41,20 +41,22 @@ The following arguments are supported:
 
 The following attributes are exported:
 
-* `data_protection_replication` - A `data_protection_replication` block as defined below.
-
 * `location` - The Azure Region where the NetApp Volume exists.
 
 * `mount_ip_addresses` - A list of IPv4 Addresses which should be used to mount the volume.
 
-* `protocols` - A list of protocol types.
+* `protocols` - A list of protocol types enabled on volume.
 
 * `service_level` - The service level of the file system.
 
 * `subnet_id` - The ID of a Subnet in which the NetApp Volume resides.
 
 * `storage_quota_in_gb` - The maximum Storage Quota in Gigabytes allowed for a file system.
+
+* `security_style` - Volume security style
 
+* `data_protection_replication` - Volume data protection block
+* 
 * `volume_path` - The unique file path of the volume.
 
 ---

website/docs/r/netapp_volume.html.markdown

@@ -70,6 +70,7 @@ resource "azurerm_netapp_volume" "example" {
   service_level       = "Premium"
   subnet_id           = azurerm_subnet.example.id
   protocols           = ["NFSv4.1"]
+  security_style      = "Unix"
   storage_quota_in_gb = 100
 
   # When creating volume from a snapshot
@@ -106,6 +107,8 @@ The following arguments are supported:
 
 * `protocols` - (Optional) The target volume protocol expressed as a list. Supported single value include `CIFS`, `NFSv3`, or `NFSv4.1`. If argument is not defined it will default to `NFSv3`. Changing this forces a new resource to be created and data will be lost. Dual protocol scenario is supported for CIFS and NFSv3, for more information, please refer to [Create a dual-protocol volume for Azure NetApp Files](https://docs.microsoft.com/en-us/azure/azure-netapp-files/create-volumes-dual-protocol) document.
 
+* `security_style` - (Optional) Volume security style, accepted values are `Unix` or `Ntfs`. If not provided, single-protocol volume is created defaulting to `Unix` if it is `NFSv3` or `NFSv4.1` volume, if `CIFS`, it will default to `Ntfs`. In a dual-protocol volume, if not provided, its value will be `Ntfs`.
+
 * `subnet_id` - (Required) The ID of the Subnet the NetApp Volume resides in, which must have the `Microsoft.NetApp/volumes` delegation. Changing this forces a new resource to be created.
 
 * `storage_quota_in_gb` - (Required) The maximum Storage Quota allowed for a file system in Gigabytes.