From 16931fceb66e503ede4655096c775e230002013f Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Wed, 20 Mar 2024 16:01:46 -0500 Subject: [PATCH 01/15] add missing ad properties --- .../netapp/netapp_account_resource.go | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/internal/services/netapp/netapp_account_resource.go b/internal/services/netapp/netapp_account_resource.go index 9094a8099e68..1ed593619504 100644 --- a/internal/services/netapp/netapp_account_resource.go +++ b/internal/services/netapp/netapp_account_resource.go @@ -105,6 +105,23 @@ func resourceNetAppAccount() *pluginsdk.Resource { Type: pluginsdk.TypeString, Optional: true, }, + "site_name": { + Type: pluginsdk.TypeString, + Optional: true, + Default: "Default-First-Site-Name", + Description: "The AD Site Name under which lookups should occur. If blank, defaults to 'Default-First-Site-Name'", + }, + "ad_name": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "DNS name of the Active Directory controller", + }, + "kdc_ip": { + Type: pluginsdk.TypeString, + Optional: true, + ValidateFunc: validation.IsIPv4Address, + Description: "IP address of the KDC server (usually same the DC)", + }, }, }, }, @@ -306,6 +323,9 @@ func expandNetAppActiveDirectories(input []interface{}) *[]netappaccounts.Active Password: utils.String(v["password"].(string)), SmbServerName: utils.String(v["smb_server_name"].(string)), Username: utils.String(v["username"].(string)), + Site: utils.String(v["site_name"].(string)), + AdName: utils.String(v["ad_name"].(string)), + KdcIP: utils.String(v["kdc_ip"].(string)), } results = append(results, result) From a94c6a72eb35b35b49064fe47db8a6d4a75a6024 Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Wed, 20 Mar 2024 16:12:14 -0500 Subject: [PATCH 02/15] improve test --- internal/services/netapp/netapp_account_resource_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/internal/services/netapp/netapp_account_resource_test.go b/internal/services/netapp/netapp_account_resource_test.go index d99bf2957173..30fba0dbb1fa 100644 --- a/internal/services/netapp/netapp_account_resource_test.go +++ b/internal/services/netapp/netapp_account_resource_test.go @@ -234,6 +234,9 @@ resource "azurerm_netapp_account" "test" { dns_servers = ["1.2.3.4"] domain = "westcentralus.com" organizational_unit = "OU=FirstLevel" + site_name = "My-Site-Name" + ad_name = "My-AD-Server" + kdc_ip = "192.168.1.1" } tags = { From 6f399c7784c2d0880d7b0e3ceded418573104ce0 Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Wed, 20 Mar 2024 16:22:44 -0500 Subject: [PATCH 03/15] add more missing props --- .../netapp/netapp_account_resource.go | 36 +++++++++++++------ .../netapp/netapp_account_resource_test.go | 30 +++++++++++----- 2 files changed, 46 insertions(+), 20 deletions(-) diff --git a/internal/services/netapp/netapp_account_resource.go b/internal/services/netapp/netapp_account_resource.go index 1ed593619504..60dc23747dd5 100644 --- a/internal/services/netapp/netapp_account_resource.go +++ b/internal/services/netapp/netapp_account_resource.go @@ -114,13 +114,25 @@ func resourceNetAppAccount() *pluginsdk.Resource { "ad_name": { Type: pluginsdk.TypeString, Optional: true, - Description: "DNS name of the Active Directory controller", + Description: "Name of the active directory machine. This optional parameter is used only while creating kerberos volume.", }, "kdc_ip": { Type: pluginsdk.TypeString, Optional: true, ValidateFunc: validation.IsIPv4Address, - Description: "IP address of the KDC server (usually same the DC)", + Description: "IP address of the KDC server (usually same the DC). This optional parameter is used only while creating kerberos volume.", + }, + "enable_aes_encryption": { + Type: pluginsdk.TypeBool, + Optional: true, + Default: false, + Description: "If enabled, AES encryption will be enabled for SMB communication.", + }, + "allow_local_nfs_users_with_ldap": { + Type: pluginsdk.TypeBool, + Optional: true, + Default: false, + Description: "If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes.", }, }, }, @@ -317,15 +329,17 @@ func expandNetAppActiveDirectories(input []interface{}) *[]netappaccounts.Active dns := strings.Join(*utils.ExpandStringSlice(v["dns_servers"].([]interface{})), ",") result := netappaccounts.ActiveDirectory{ - Dns: utils.String(dns), - Domain: utils.String(v["domain"].(string)), - OrganizationalUnit: utils.String(v["organizational_unit"].(string)), - Password: utils.String(v["password"].(string)), - SmbServerName: utils.String(v["smb_server_name"].(string)), - Username: utils.String(v["username"].(string)), - Site: utils.String(v["site_name"].(string)), - AdName: utils.String(v["ad_name"].(string)), - KdcIP: utils.String(v["kdc_ip"].(string)), + Dns: utils.String(dns), + Domain: utils.String(v["domain"].(string)), + OrganizationalUnit: utils.String(v["organizational_unit"].(string)), + Password: utils.String(v["password"].(string)), + SmbServerName: utils.String(v["smb_server_name"].(string)), + Username: utils.String(v["username"].(string)), + Site: utils.String(v["site_name"].(string)), + AdName: utils.String(v["ad_name"].(string)), + KdcIP: utils.String(v["kdc_ip"].(string)), + AesEncryption: utils.Bool(v["enable_aes_encryption"].(bool)), + AllowLocalNfsUsersWithLdap: utils.Bool(v["allow_local_nfs_users_with_ldap"].(bool)), } results = append(results, result) diff --git a/internal/services/netapp/netapp_account_resource_test.go b/internal/services/netapp/netapp_account_resource_test.go index 30fba0dbb1fa..9a194423b703 100644 --- a/internal/services/netapp/netapp_account_resource_test.go +++ b/internal/services/netapp/netapp_account_resource_test.go @@ -85,6 +85,16 @@ func testAccNetAppAccount_complete(t *testing.T) { Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), check.That(data.ResourceName).Key("active_directory.#").HasValue("1"), + check.That(data.ResourceName).Key("active_directory.0.username").HasValue("aduser"), + check.That(data.ResourceName).Key("active_directory.0.password").HasValue("aduserpwd"), + check.That(data.ResourceName).Key("active_directory.0.smb_server_name").HasValue("SMBSERVER"), + check.That(data.ResourceName).Key("active_directory.0.dns_servers.#").HasValue("2"), + check.That(data.ResourceName).Key("active_directory.0.domain").HasValue("westcentralus.com"), + check.That(data.ResourceName).Key("active_directory.0.organizational_unit").HasValue("OU=FirstLevel"), + check.That(data.ResourceName).Key("active_directory.0.site_name").HasValue("My-Site-Name"), + check.That(data.ResourceName).Key("active_directory.0.ad_name").HasValue("My-AD-Server"), + check.That(data.ResourceName).Key("active_directory.0.enable_aes_encryption").HasValue("true"), + check.That(data.ResourceName).Key("active_directory.0.allow_local_nfs_users_with_ldap").HasValue("true"), check.That(data.ResourceName).Key("tags.%").HasValue("2"), check.That(data.ResourceName).Key("tags.FoO").HasValue("BaR"), ), @@ -228,15 +238,17 @@ resource "azurerm_netapp_account" "test" { resource_group_name = azurerm_resource_group.test.name active_directory { - username = "aduser" - password = "aduserpwd" - smb_server_name = "SMBSERVER" - dns_servers = ["1.2.3.4"] - domain = "westcentralus.com" - organizational_unit = "OU=FirstLevel" - site_name = "My-Site-Name" - ad_name = "My-AD-Server" - kdc_ip = "192.168.1.1" + username = "aduser" + password = "aduserpwd" + smb_server_name = "SMBSERVER" + dns_servers = ["1.2.3.4"] + domain = "westcentralus.com" + organizational_unit = "OU=FirstLevel" + site_name = "My-Site-Name" + ad_name = "My-AD-Server" + kdc_ip = "192.168.1.1" + enable_aes_encryption = true + allow_local_nfs_users_with_ldap = true } tags = { From 428dbe9d7aa8e56709591d61b5477ca2c3f35d03 Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Wed, 20 Mar 2024 16:27:18 -0500 Subject: [PATCH 04/15] update docs --- internal/services/netapp/netapp_account_resource.go | 2 +- .../services/netapp/netapp_account_resource_test.go | 2 +- website/docs/r/netapp_account.html.markdown | 13 ++++++++++++- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/internal/services/netapp/netapp_account_resource.go b/internal/services/netapp/netapp_account_resource.go index 60dc23747dd5..2ac9d0311d47 100644 --- a/internal/services/netapp/netapp_account_resource.go +++ b/internal/services/netapp/netapp_account_resource.go @@ -109,7 +109,7 @@ func resourceNetAppAccount() *pluginsdk.Resource { Type: pluginsdk.TypeString, Optional: true, Default: "Default-First-Site-Name", - Description: "The AD Site Name under which lookups should occur. If blank, defaults to 'Default-First-Site-Name'", + Description: "The Active Directory site the service will limit Domain Controller discovery to. If blank, defaults to 'Default-First-Site-Name'", }, "ad_name": { Type: pluginsdk.TypeString, diff --git a/internal/services/netapp/netapp_account_resource_test.go b/internal/services/netapp/netapp_account_resource_test.go index 9a194423b703..d95abb8d85e6 100644 --- a/internal/services/netapp/netapp_account_resource_test.go +++ b/internal/services/netapp/netapp_account_resource_test.go @@ -241,7 +241,7 @@ resource "azurerm_netapp_account" "test" { username = "aduser" password = "aduserpwd" smb_server_name = "SMBSERVER" - dns_servers = ["1.2.3.4"] + dns_servers = ["1.2.3.4","1.2.3.5"] domain = "westcentralus.com" organizational_unit = "OU=FirstLevel" site_name = "My-Site-Name" diff --git a/website/docs/r/netapp_account.html.markdown b/website/docs/r/netapp_account.html.markdown index 50d487572f21..fba586a068e6 100644 --- a/website/docs/r/netapp_account.html.markdown +++ b/website/docs/r/netapp_account.html.markdown @@ -85,6 +85,16 @@ The `active_directory` block supports the following: * `organizational_unit` - (Optional) The Organizational Unit (OU) within the Active Directory Domain. +* `site_name` - (Optional) The Active Directory site the service will limit Domain Controller discovery to. If blank, defaults to `Default-First-Site-Name` + +* `ad_name` - (Optional) Name of the active directory machine. This optional parameter is used only while creating a kerberos volume. + +* `kdc_ip` - (Optional) kdc server IP addresses for the active directory machine. This optional parameter is used only while creating a kerberos volume. + +* `enable_aes_encryption` - (Optional) If enabled, AES encryption will be enabled for SMB communication. + +* `allow_local_nfs_users_with_ldap` - (Optional) If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. + --- --- @@ -92,9 +102,10 @@ The `identity` block supports the following: * `type` - (Required) The identity type, which can be `SystemAssigned` or `UserAssigned`. Only one type at a time is supported by Azure NetApp Files. * `identity_ids` - (Optional) The identity id of the user assigned identity to use when type is `UserAssigned` + --- -~> **IMPORTANT:** Changing identity type from `SystemAssigned` to `UserAssigned` is a supported operation but the reverse is not supported from within Terraform Azure NetApp Files module. +~> **IMPORTANT:** Changing identity type from `SystemAssigned` to `UserAssigned` is a supported operation but the reverse is not supported from within Terraform Azure NetApp Files module. ## Attributes Reference From 4dad0f59d0f5db28a23c78cc71cdc1b61c70691a Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Wed, 20 Mar 2024 16:31:05 -0500 Subject: [PATCH 05/15] add defaults --- internal/services/netapp/netapp_account_resource.go | 6 ++++-- website/docs/r/netapp_account.html.markdown | 8 ++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/internal/services/netapp/netapp_account_resource.go b/internal/services/netapp/netapp_account_resource.go index 2ac9d0311d47..686a489e0106 100644 --- a/internal/services/netapp/netapp_account_resource.go +++ b/internal/services/netapp/netapp_account_resource.go @@ -102,8 +102,10 @@ func resourceNetAppAccount() *pluginsdk.Resource { ValidateFunc: validation.StringIsNotEmpty, }, "organizational_unit": { - Type: pluginsdk.TypeString, - Optional: true, + Type: pluginsdk.TypeString, + Optional: true, + Default: "CN=Computers", + Description: "The Organizational Unit (OU) within the Windows Active Directory where machines will be created. If blank, defaults to 'CN=Computers'", }, "site_name": { Type: pluginsdk.TypeString, diff --git a/website/docs/r/netapp_account.html.markdown b/website/docs/r/netapp_account.html.markdown index fba586a068e6..708851b5bcf2 100644 --- a/website/docs/r/netapp_account.html.markdown +++ b/website/docs/r/netapp_account.html.markdown @@ -83,17 +83,17 @@ The `active_directory` block supports the following: * `password` - (Required) The password associated with the `username`. -* `organizational_unit` - (Optional) The Organizational Unit (OU) within the Active Directory Domain. +* `organizational_unit` - (Optional) The Organizational Unit (OU) within the Windows Active Directory where machines will be created. If blank, defaults to `CN=Computers`. -* `site_name` - (Optional) The Active Directory site the service will limit Domain Controller discovery to. If blank, defaults to `Default-First-Site-Name` +* `site_name` - (Optional) The Active Directory site the service will limit Domain Controller discovery to. If blank, defaults to `Default-First-Site-Name`. * `ad_name` - (Optional) Name of the active directory machine. This optional parameter is used only while creating a kerberos volume. * `kdc_ip` - (Optional) kdc server IP addresses for the active directory machine. This optional parameter is used only while creating a kerberos volume. -* `enable_aes_encryption` - (Optional) If enabled, AES encryption will be enabled for SMB communication. +* `enable_aes_encryption` - (Optional) If enabled, AES encryption will be enabled for SMB communication. Defaults to `false`. -* `allow_local_nfs_users_with_ldap` - (Optional) If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. +* `allow_local_nfs_users_with_ldap` - (Optional) If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. Defaults to `false`. --- From d46bdd1c081d12cd037ca2cfa501982ebe2b0893 Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Wed, 20 Mar 2024 16:49:16 -0500 Subject: [PATCH 06/15] add another bool property --- .../netapp/netapp_account_resource.go | 7 ++++++ .../netapp/netapp_account_resource_test.go | 24 ++++++++++--------- website/docs/r/netapp_account.html.markdown | 2 ++ 3 files changed, 22 insertions(+), 11 deletions(-) diff --git a/internal/services/netapp/netapp_account_resource.go b/internal/services/netapp/netapp_account_resource.go index 686a489e0106..45371467f780 100644 --- a/internal/services/netapp/netapp_account_resource.go +++ b/internal/services/netapp/netapp_account_resource.go @@ -136,6 +136,12 @@ func resourceNetAppAccount() *pluginsdk.Resource { Default: false, Description: "If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes.", }, + "encrypt_dc_connections": { + Type: pluginsdk.TypeBool, + Optional: true, + Default: false, + Description: "If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted.", + }, }, }, }, @@ -342,6 +348,7 @@ func expandNetAppActiveDirectories(input []interface{}) *[]netappaccounts.Active KdcIP: utils.String(v["kdc_ip"].(string)), AesEncryption: utils.Bool(v["enable_aes_encryption"].(bool)), AllowLocalNfsUsersWithLdap: utils.Bool(v["allow_local_nfs_users_with_ldap"].(bool)), + EncryptDCConnections: utils.Bool(v["encrypt_dc_connections"].(bool)), } results = append(results, result) diff --git a/internal/services/netapp/netapp_account_resource_test.go b/internal/services/netapp/netapp_account_resource_test.go index d95abb8d85e6..5d5aec6108d2 100644 --- a/internal/services/netapp/netapp_account_resource_test.go +++ b/internal/services/netapp/netapp_account_resource_test.go @@ -95,6 +95,7 @@ func testAccNetAppAccount_complete(t *testing.T) { check.That(data.ResourceName).Key("active_directory.0.ad_name").HasValue("My-AD-Server"), check.That(data.ResourceName).Key("active_directory.0.enable_aes_encryption").HasValue("true"), check.That(data.ResourceName).Key("active_directory.0.allow_local_nfs_users_with_ldap").HasValue("true"), + check.That(data.ResourceName).Key("active_directory.0.encrypt_dc_connections").HasValue("true"), check.That(data.ResourceName).Key("tags.%").HasValue("2"), check.That(data.ResourceName).Key("tags.FoO").HasValue("BaR"), ), @@ -238,17 +239,18 @@ resource "azurerm_netapp_account" "test" { resource_group_name = azurerm_resource_group.test.name active_directory { - username = "aduser" - password = "aduserpwd" - smb_server_name = "SMBSERVER" - dns_servers = ["1.2.3.4","1.2.3.5"] - domain = "westcentralus.com" - organizational_unit = "OU=FirstLevel" - site_name = "My-Site-Name" - ad_name = "My-AD-Server" - kdc_ip = "192.168.1.1" - enable_aes_encryption = true - allow_local_nfs_users_with_ldap = true + username = "aduser" + password = "aduserpwd" + smb_server_name = "SMBSERVER" + dns_servers = ["1.2.3.4", "1.2.3.5"] + domain = "westcentralus.com" + organizational_unit = "OU=FirstLevel" + site_name = "My-Site-Name" + ad_name = "My-AD-Server" + kdc_ip = "192.168.1.1" + enable_aes_encryption = true + allow_local_nfs_users_with_ldap = true + encrypt_dc_connections = true } tags = { diff --git a/website/docs/r/netapp_account.html.markdown b/website/docs/r/netapp_account.html.markdown index 708851b5bcf2..966ea9d59d82 100644 --- a/website/docs/r/netapp_account.html.markdown +++ b/website/docs/r/netapp_account.html.markdown @@ -95,6 +95,8 @@ The `active_directory` block supports the following: * `allow_local_nfs_users_with_ldap` - (Optional) If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. Defaults to `false`. +* `encrypt_dc_connections` - (Optional) If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted. Defaults to `false`. + --- --- From 0ce03d795603686e0975a3e690ecf556d238bba6 Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Wed, 20 Mar 2024 16:52:40 -0500 Subject: [PATCH 07/15] doc format --- website/docs/r/netapp_account.html.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/r/netapp_account.html.markdown b/website/docs/r/netapp_account.html.markdown index 966ea9d59d82..f9950aa98f8a 100644 --- a/website/docs/r/netapp_account.html.markdown +++ b/website/docs/r/netapp_account.html.markdown @@ -87,9 +87,9 @@ The `active_directory` block supports the following: * `site_name` - (Optional) The Active Directory site the service will limit Domain Controller discovery to. If blank, defaults to `Default-First-Site-Name`. -* `ad_name` - (Optional) Name of the active directory machine. This optional parameter is used only while creating a kerberos volume. +* `ad_name` - (Optional) Name of the active directory machine. *This optional parameter is used only while creating a Kerberos volume.* -* `kdc_ip` - (Optional) kdc server IP addresses for the active directory machine. This optional parameter is used only while creating a kerberos volume. +* `kdc_ip` - (Optional) kdc server IP addresses for the active directory machine. *This optional parameter is used only while creating a Kerberos volume.* * `enable_aes_encryption` - (Optional) If enabled, AES encryption will be enabled for SMB communication. Defaults to `false`. From 2b6062227f849edf1541383017b7e7998891433f Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Wed, 20 Mar 2024 17:01:55 -0500 Subject: [PATCH 08/15] add more props --- .../services/netapp/netapp_account_resource.go | 14 ++++++++++++++ .../netapp/netapp_account_resource_test.go | 4 ++++ website/docs/r/netapp_account.html.markdown | 4 ++++ 3 files changed, 22 insertions(+) diff --git a/internal/services/netapp/netapp_account_resource.go b/internal/services/netapp/netapp_account_resource.go index 45371467f780..8264973035bb 100644 --- a/internal/services/netapp/netapp_account_resource.go +++ b/internal/services/netapp/netapp_account_resource.go @@ -142,6 +142,18 @@ func resourceNetAppAccount() *pluginsdk.Resource { Default: false, Description: "If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted.", }, + "enable_ldap_over_tls": { + Type: pluginsdk.TypeBool, + Optional: true, + Default: false, + Description: "Specifies whether or not the LDAP traffic needs to be secured via TLS.", + }, + "enable_ldap_signing": { + Type: pluginsdk.TypeBool, + Optional: true, + Default: false, + Description: "Specifies whether or not the LDAP traffic needs to be signed.", + }, }, }, }, @@ -349,6 +361,8 @@ func expandNetAppActiveDirectories(input []interface{}) *[]netappaccounts.Active AesEncryption: utils.Bool(v["enable_aes_encryption"].(bool)), AllowLocalNfsUsersWithLdap: utils.Bool(v["allow_local_nfs_users_with_ldap"].(bool)), EncryptDCConnections: utils.Bool(v["encrypt_dc_connections"].(bool)), + LdapOverTLS: utils.Bool(v["enable_ldap_over_tls"].(bool)), + LdapSigning: utils.Bool(v["enable_ldap_signing"].(bool)), } results = append(results, result) diff --git a/internal/services/netapp/netapp_account_resource_test.go b/internal/services/netapp/netapp_account_resource_test.go index 5d5aec6108d2..c0d219e7b9da 100644 --- a/internal/services/netapp/netapp_account_resource_test.go +++ b/internal/services/netapp/netapp_account_resource_test.go @@ -96,6 +96,8 @@ func testAccNetAppAccount_complete(t *testing.T) { check.That(data.ResourceName).Key("active_directory.0.enable_aes_encryption").HasValue("true"), check.That(data.ResourceName).Key("active_directory.0.allow_local_nfs_users_with_ldap").HasValue("true"), check.That(data.ResourceName).Key("active_directory.0.encrypt_dc_connections").HasValue("true"), + check.That(data.ResourceName).Key("active_directory.0.enable_ldap_over_tls").HasValue("true"), + check.That(data.ResourceName).Key("active_directory.0.enable_ldap_signing").HasValue("true"), check.That(data.ResourceName).Key("tags.%").HasValue("2"), check.That(data.ResourceName).Key("tags.FoO").HasValue("BaR"), ), @@ -251,6 +253,8 @@ resource "azurerm_netapp_account" "test" { enable_aes_encryption = true allow_local_nfs_users_with_ldap = true encrypt_dc_connections = true + enable_ldap_over_tls = true + enable_ldap_signing = true } tags = { diff --git a/website/docs/r/netapp_account.html.markdown b/website/docs/r/netapp_account.html.markdown index f9950aa98f8a..edcfc764c3d4 100644 --- a/website/docs/r/netapp_account.html.markdown +++ b/website/docs/r/netapp_account.html.markdown @@ -97,6 +97,10 @@ The `active_directory` block supports the following: * `encrypt_dc_connections` - (Optional) If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted. Defaults to `false`. +* `enable_ldap_over_tls` - (Optional) Specifies whether or not the LDAP traffic needs to be secured via TLS. Defaults to `false`. + +* `enable_ldap_signing` - (Optional) Specifies whether or not the LDAP traffic needs to be signed. Defaults to `false`. + --- --- From baddb92bf92fb346ffd7e330c5ba500189757f63 Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Wed, 20 Mar 2024 22:33:28 -0500 Subject: [PATCH 09/15] remove unsupporter prop, add root ca prop --- .../services/netapp/netapp_account_resource.go | 14 +++++++------- .../netapp/netapp_account_resource_test.go | 6 +++--- website/docs/r/netapp_account.html.markdown | 8 ++++---- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/internal/services/netapp/netapp_account_resource.go b/internal/services/netapp/netapp_account_resource.go index 8264973035bb..a442a21099a2 100644 --- a/internal/services/netapp/netapp_account_resource.go +++ b/internal/services/netapp/netapp_account_resource.go @@ -136,18 +136,18 @@ func resourceNetAppAccount() *pluginsdk.Resource { Default: false, Description: "If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes.", }, - "encrypt_dc_connections": { - Type: pluginsdk.TypeBool, - Optional: true, - Default: false, - Description: "If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted.", - }, "enable_ldap_over_tls": { Type: pluginsdk.TypeBool, Optional: true, Default: false, Description: "Specifies whether or not the LDAP traffic needs to be secured via TLS.", }, + "server_root_ca_certificate": { + Type: pluginsdk.TypeString, + Optional: true, + RequiredWith: []string{"active_directory.0.enable_ldap_over_tls"}, + Description: "When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes.", + }, "enable_ldap_signing": { Type: pluginsdk.TypeBool, Optional: true, @@ -360,8 +360,8 @@ func expandNetAppActiveDirectories(input []interface{}) *[]netappaccounts.Active KdcIP: utils.String(v["kdc_ip"].(string)), AesEncryption: utils.Bool(v["enable_aes_encryption"].(bool)), AllowLocalNfsUsersWithLdap: utils.Bool(v["allow_local_nfs_users_with_ldap"].(bool)), - EncryptDCConnections: utils.Bool(v["encrypt_dc_connections"].(bool)), LdapOverTLS: utils.Bool(v["enable_ldap_over_tls"].(bool)), + ServerRootCACertificate: utils.String(v["server_root_ca_certificate"].(string)), LdapSigning: utils.Bool(v["enable_ldap_signing"].(bool)), } diff --git a/internal/services/netapp/netapp_account_resource_test.go b/internal/services/netapp/netapp_account_resource_test.go index c0d219e7b9da..809fb6e5a33f 100644 --- a/internal/services/netapp/netapp_account_resource_test.go +++ b/internal/services/netapp/netapp_account_resource_test.go @@ -18,7 +18,7 @@ import ( type NetAppAccountResource struct{} -func TestAccNetAppAccount(t *testing.T) { +func TestAccNetAppAccountResource(t *testing.T) { // NOTE: this is a combined test rather than separate split out tests since // Azure allows only one active directory can be joined to a single subscription at a time for NetApp Account. // The CI system runs all tests in parallel, so the tests need to be changed to run one at a time. @@ -95,8 +95,8 @@ func testAccNetAppAccount_complete(t *testing.T) { check.That(data.ResourceName).Key("active_directory.0.ad_name").HasValue("My-AD-Server"), check.That(data.ResourceName).Key("active_directory.0.enable_aes_encryption").HasValue("true"), check.That(data.ResourceName).Key("active_directory.0.allow_local_nfs_users_with_ldap").HasValue("true"), - check.That(data.ResourceName).Key("active_directory.0.encrypt_dc_connections").HasValue("true"), check.That(data.ResourceName).Key("active_directory.0.enable_ldap_over_tls").HasValue("true"), + check.That(data.ResourceName).Key("active_directory.0.server_root_ca_certificate").HasValue("LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNZekNDQWN5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREF1TVFzd0NRWURWUVFHRXdKVlV6RU0gCk1Bb0dBMVVFQ2hNRFNVSk5NUkV3RHdZRFZRUUxFd2hNYjJOaGJDQkRRVEFlRncwNU9URXlNakl3TlRBd01EQmEgCkZ3MHdNREV5TWpNd05EVTVOVGxhTUM0eEN6QUpCZ05WQkFZVEFsVlRNUXd3Q2dZRFZRUUtFd05KUWsweEVUQVAgCkJnTlZCQXNUQ0V4dlkyRnNJRU5CTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMmJaRW8gCjd4R2FYMi8wR0hrck5GWnZseEJvdTl2MUptdC9QRGlUTVB2ZThyOUZlSkFRMFFkdkZTVC8wSlBRWUQyMHJIMGIgCmltZERMZ05kTnlubXlSb1MyUy9JSW5mcG1mNjlpeWMyRzBUUHlSdm1ISWlPWmJkQ2QrWUJIUWkxYWRrajE3TkQgCmNXajZTMTR0VnVyRlg3M3p4MHNOb01TNzlxM3R1WEtyRHN4ZXV3SURBUUFCbzRHUU1JR05NRXNHQ1ZVZER3R0cgCitFSUJEUVErRXp4SFpXNWxjbUYwWldRZ1lua2dkR2hsSUZObFkzVnlaVmRoZVNCVFpXTjFjbWwwZVNCVFpYSjIgClpYSWdabTl5SUU5VEx6TTVNQ0FvVWtGRFJpa3dEZ1lEVlIwUEFRSC9CQVFEQWdBR01BOEdBMVVkRXdFQi93UUYgCk1BTUJBZjh3SFFZRFZSME9CQllFRkozK29jUnlDVEp3MDY3ZExTd3IvbmFseDZZTU1BMEdDU3FHU0liM0RRRUIgCkJRVUFBNEdCQU1hUXp0K3phajFHVTc3eXpscjhpaU1CWGdkUXJ3c1paV0pvNWV4bkF1Y0pBRVlRWm1PZnlMaU0gCkQ2b1lxK1puZnZNMG44Ry9ZNzlxOG5od3Z1eHBZT25SU0FYRnA2eFNrcklPZVp0Sk1ZMWgwMExLcC9KWDNOZzEgCnN2WjJhZ0UxMjZKSHNRMGJoek41VEtzWWZid2ZUd2ZqZFdBR3k2VmYxbllpL3JPK3J5TU8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLSA="), check.That(data.ResourceName).Key("active_directory.0.enable_ldap_signing").HasValue("true"), check.That(data.ResourceName).Key("tags.%").HasValue("2"), check.That(data.ResourceName).Key("tags.FoO").HasValue("BaR"), @@ -252,8 +252,8 @@ resource "azurerm_netapp_account" "test" { kdc_ip = "192.168.1.1" enable_aes_encryption = true allow_local_nfs_users_with_ldap = true - encrypt_dc_connections = true enable_ldap_over_tls = true + server_root_ca_certificate = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNZekNDQWN5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREF1TVFzd0NRWURWUVFHRXdKVlV6RU0gCk1Bb0dBMVVFQ2hNRFNVSk5NUkV3RHdZRFZRUUxFd2hNYjJOaGJDQkRRVEFlRncwNU9URXlNakl3TlRBd01EQmEgCkZ3MHdNREV5TWpNd05EVTVOVGxhTUM0eEN6QUpCZ05WQkFZVEFsVlRNUXd3Q2dZRFZRUUtFd05KUWsweEVUQVAgCkJnTlZCQXNUQ0V4dlkyRnNJRU5CTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMmJaRW8gCjd4R2FYMi8wR0hrck5GWnZseEJvdTl2MUptdC9QRGlUTVB2ZThyOUZlSkFRMFFkdkZTVC8wSlBRWUQyMHJIMGIgCmltZERMZ05kTnlubXlSb1MyUy9JSW5mcG1mNjlpeWMyRzBUUHlSdm1ISWlPWmJkQ2QrWUJIUWkxYWRrajE3TkQgCmNXajZTMTR0VnVyRlg3M3p4MHNOb01TNzlxM3R1WEtyRHN4ZXV3SURBUUFCbzRHUU1JR05NRXNHQ1ZVZER3R0cgCitFSUJEUVErRXp4SFpXNWxjbUYwWldRZ1lua2dkR2hsSUZObFkzVnlaVmRoZVNCVFpXTjFjbWwwZVNCVFpYSjIgClpYSWdabTl5SUU5VEx6TTVNQ0FvVWtGRFJpa3dEZ1lEVlIwUEFRSC9CQVFEQWdBR01BOEdBMVVkRXdFQi93UUYgCk1BTUJBZjh3SFFZRFZSME9CQllFRkozK29jUnlDVEp3MDY3ZExTd3IvbmFseDZZTU1BMEdDU3FHU0liM0RRRUIgCkJRVUFBNEdCQU1hUXp0K3phajFHVTc3eXpscjhpaU1CWGdkUXJ3c1paV0pvNWV4bkF1Y0pBRVlRWm1PZnlMaU0gCkQ2b1lxK1puZnZNMG44Ry9ZNzlxOG5od3Z1eHBZT25SU0FYRnA2eFNrcklPZVp0Sk1ZMWgwMExLcC9KWDNOZzEgCnN2WjJhZ0UxMjZKSHNRMGJoek41VEtzWWZid2ZUd2ZqZFdBR3k2VmYxbllpL3JPK3J5TU8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLSA=" enable_ldap_signing = true } diff --git a/website/docs/r/netapp_account.html.markdown b/website/docs/r/netapp_account.html.markdown index edcfc764c3d4..a363ec38adc0 100644 --- a/website/docs/r/netapp_account.html.markdown +++ b/website/docs/r/netapp_account.html.markdown @@ -91,17 +91,17 @@ The `active_directory` block supports the following: * `kdc_ip` - (Optional) kdc server IP addresses for the active directory machine. *This optional parameter is used only while creating a Kerberos volume.* +~> **IMPORTANT:** If you plan on using **Kerberos** volumes, both `ad_name` and `kdc_ip` are required in order to create the volume. + * `enable_aes_encryption` - (Optional) If enabled, AES encryption will be enabled for SMB communication. Defaults to `false`. * `allow_local_nfs_users_with_ldap` - (Optional) If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. Defaults to `false`. -* `encrypt_dc_connections` - (Optional) If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted. Defaults to `false`. - * `enable_ldap_over_tls` - (Optional) Specifies whether or not the LDAP traffic needs to be secured via TLS. Defaults to `false`. -* `enable_ldap_signing` - (Optional) Specifies whether or not the LDAP traffic needs to be signed. Defaults to `false`. +* `server_root_ca_certificate` - (Optional) When LDAP over SSL/TLS is enabled, the LDAP client is required to have a *base64 encoded Active Directory Certificate Service's self-signed root CA certificate*, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. Required if `enable_ldap_over_tls` is set to `true`. ---- +* `enable_ldap_signing` - (Optional) Specifies whether or not the LDAP traffic needs to be signed. Defaults to `false`. --- The `identity` block supports the following: From 5bedd919fd8fabe4f8d1837a68d35f5142e1e162 Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Wed, 20 Mar 2024 23:03:08 -0500 Subject: [PATCH 10/15] cleanup --- internal/services/netapp/netapp_account_resource.go | 5 +++-- internal/services/netapp/netapp_account_resource_test.go | 4 ++-- website/docs/r/netapp_account.html.markdown | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/internal/services/netapp/netapp_account_resource.go b/internal/services/netapp/netapp_account_resource.go index a442a21099a2..b8caeacdc026 100644 --- a/internal/services/netapp/netapp_account_resource.go +++ b/internal/services/netapp/netapp_account_resource.go @@ -86,8 +86,8 @@ func resourceNetAppAccount() *pluginsdk.Resource { Type: pluginsdk.TypeString, Required: true, ValidateFunc: validation.StringMatch( - regexp.MustCompile(`^[\da-zA-Z]{1,10}$`), - `The smb server name can not be longer than 10 characters in length.`, + regexp.MustCompile(`^[\da-zA-Z\-]{1,10}$`), + `smb_server_name can contain a mix of numbers, upper/lowercase letters, dashes, and be no longer than 10 characters.`, ), }, "username": { @@ -144,6 +144,7 @@ func resourceNetAppAccount() *pluginsdk.Resource { }, "server_root_ca_certificate": { Type: pluginsdk.TypeString, + Sensitive: true, Optional: true, RequiredWith: []string{"active_directory.0.enable_ldap_over_tls"}, Description: "When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes.", diff --git a/internal/services/netapp/netapp_account_resource_test.go b/internal/services/netapp/netapp_account_resource_test.go index 809fb6e5a33f..db64e5f19709 100644 --- a/internal/services/netapp/netapp_account_resource_test.go +++ b/internal/services/netapp/netapp_account_resource_test.go @@ -87,7 +87,7 @@ func testAccNetAppAccount_complete(t *testing.T) { check.That(data.ResourceName).Key("active_directory.#").HasValue("1"), check.That(data.ResourceName).Key("active_directory.0.username").HasValue("aduser"), check.That(data.ResourceName).Key("active_directory.0.password").HasValue("aduserpwd"), - check.That(data.ResourceName).Key("active_directory.0.smb_server_name").HasValue("SMBSERVER"), + check.That(data.ResourceName).Key("active_directory.0.smb_server_name").HasValue("SMB-SERVER"), check.That(data.ResourceName).Key("active_directory.0.dns_servers.#").HasValue("2"), check.That(data.ResourceName).Key("active_directory.0.domain").HasValue("westcentralus.com"), check.That(data.ResourceName).Key("active_directory.0.organizational_unit").HasValue("OU=FirstLevel"), @@ -243,7 +243,7 @@ resource "azurerm_netapp_account" "test" { active_directory { username = "aduser" password = "aduserpwd" - smb_server_name = "SMBSERVER" + smb_server_name = "SMB-SERVER" dns_servers = ["1.2.3.4", "1.2.3.5"] domain = "westcentralus.com" organizational_unit = "OU=FirstLevel" diff --git a/website/docs/r/netapp_account.html.markdown b/website/docs/r/netapp_account.html.markdown index a363ec38adc0..148f99595732 100644 --- a/website/docs/r/netapp_account.html.markdown +++ b/website/docs/r/netapp_account.html.markdown @@ -77,13 +77,13 @@ The `active_directory` block supports the following: * `domain` - (Required) The name of the Active Directory domain. -* `smb_server_name` - (Required) The NetBIOS name which should be used for the NetApp SMB Server, which will be registered as a computer account in the AD and used to mount volumes. +* `smb_server_name` - (Required) The NetBIOS name which should be used for the NetApp SMB Server, which will be registered as a computer account in the AD and used to mount volumes. This value is the prefix that will be applied to the final generated machine name in Active Directory. * `username` - (Required) The Username of Active Directory Domain Administrator. * `password` - (Required) The password associated with the `username`. -* `organizational_unit` - (Optional) The Organizational Unit (OU) within the Windows Active Directory where machines will be created. If blank, defaults to `CN=Computers`. +* `organizational_unit` - (Optional) The Organizational Unit (OU) within Active Directory where machines will be created. If blank, defaults to `CN=Computers`. * `site_name` - (Optional) The Active Directory site the service will limit Domain Controller discovery to. If blank, defaults to `Default-First-Site-Name`. From 387d1399c676dcad3fa83a2bc9dacfe6a0d3a782 Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Thu, 21 Mar 2024 00:04:27 -0500 Subject: [PATCH 11/15] remove text --- website/docs/r/netapp_account.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/netapp_account.html.markdown b/website/docs/r/netapp_account.html.markdown index 148f99595732..688f926d9053 100644 --- a/website/docs/r/netapp_account.html.markdown +++ b/website/docs/r/netapp_account.html.markdown @@ -77,7 +77,7 @@ The `active_directory` block supports the following: * `domain` - (Required) The name of the Active Directory domain. -* `smb_server_name` - (Required) The NetBIOS name which should be used for the NetApp SMB Server, which will be registered as a computer account in the AD and used to mount volumes. This value is the prefix that will be applied to the final generated machine name in Active Directory. +* `smb_server_name` - (Required) The NetBIOS name which should be used for the NetApp SMB Server, which will be registered as a computer account in the AD and used to mount volumes. * `username` - (Required) The Username of Active Directory Domain Administrator. From 244427b8e0ff0c00079861c94b86a0345503d705 Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Thu, 21 Mar 2024 14:03:00 -0500 Subject: [PATCH 12/15] update names --- .../services/netapp/netapp_account_resource.go | 14 +++++++------- .../netapp/netapp_account_resource_test.go | 12 ++++++------ website/docs/r/netapp_account.html.markdown | 8 ++++---- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/internal/services/netapp/netapp_account_resource.go b/internal/services/netapp/netapp_account_resource.go index b8caeacdc026..8ae49260bd51 100644 --- a/internal/services/netapp/netapp_account_resource.go +++ b/internal/services/netapp/netapp_account_resource.go @@ -130,13 +130,13 @@ func resourceNetAppAccount() *pluginsdk.Resource { Default: false, Description: "If enabled, AES encryption will be enabled for SMB communication.", }, - "allow_local_nfs_users_with_ldap": { + "local_nfs_users_with_ldap_allowed": { Type: pluginsdk.TypeBool, Optional: true, Default: false, Description: "If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes.", }, - "enable_ldap_over_tls": { + "ldap_over_tls_enabled": { Type: pluginsdk.TypeBool, Optional: true, Default: false, @@ -146,10 +146,10 @@ func resourceNetAppAccount() *pluginsdk.Resource { Type: pluginsdk.TypeString, Sensitive: true, Optional: true, - RequiredWith: []string{"active_directory.0.enable_ldap_over_tls"}, + RequiredWith: []string{"active_directory.0.ldap_over_tls_enabled"}, Description: "When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes.", }, - "enable_ldap_signing": { + "ldap_signing_enabled": { Type: pluginsdk.TypeBool, Optional: true, Default: false, @@ -360,10 +360,10 @@ func expandNetAppActiveDirectories(input []interface{}) *[]netappaccounts.Active AdName: utils.String(v["ad_name"].(string)), KdcIP: utils.String(v["kdc_ip"].(string)), AesEncryption: utils.Bool(v["enable_aes_encryption"].(bool)), - AllowLocalNfsUsersWithLdap: utils.Bool(v["allow_local_nfs_users_with_ldap"].(bool)), - LdapOverTLS: utils.Bool(v["enable_ldap_over_tls"].(bool)), + AllowLocalNfsUsersWithLdap: utils.Bool(v["local_nfs_users_with_ldap_allowed"].(bool)), + LdapOverTLS: utils.Bool(v["ldap_over_tls_enabled"].(bool)), ServerRootCACertificate: utils.String(v["server_root_ca_certificate"].(string)), - LdapSigning: utils.Bool(v["enable_ldap_signing"].(bool)), + LdapSigning: utils.Bool(v["ldap_signing_enabled"].(bool)), } results = append(results, result) diff --git a/internal/services/netapp/netapp_account_resource_test.go b/internal/services/netapp/netapp_account_resource_test.go index db64e5f19709..f329abbd9273 100644 --- a/internal/services/netapp/netapp_account_resource_test.go +++ b/internal/services/netapp/netapp_account_resource_test.go @@ -94,10 +94,10 @@ func testAccNetAppAccount_complete(t *testing.T) { check.That(data.ResourceName).Key("active_directory.0.site_name").HasValue("My-Site-Name"), check.That(data.ResourceName).Key("active_directory.0.ad_name").HasValue("My-AD-Server"), check.That(data.ResourceName).Key("active_directory.0.enable_aes_encryption").HasValue("true"), - check.That(data.ResourceName).Key("active_directory.0.allow_local_nfs_users_with_ldap").HasValue("true"), - check.That(data.ResourceName).Key("active_directory.0.enable_ldap_over_tls").HasValue("true"), + check.That(data.ResourceName).Key("active_directory.0.local_nfs_users_with_ldap_allowed").HasValue("true"), + check.That(data.ResourceName).Key("active_directory.0.ldap_over_tls_enabled").HasValue("true"), check.That(data.ResourceName).Key("active_directory.0.server_root_ca_certificate").HasValue("LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNZekNDQWN5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREF1TVFzd0NRWURWUVFHRXdKVlV6RU0gCk1Bb0dBMVVFQ2hNRFNVSk5NUkV3RHdZRFZRUUxFd2hNYjJOaGJDQkRRVEFlRncwNU9URXlNakl3TlRBd01EQmEgCkZ3MHdNREV5TWpNd05EVTVOVGxhTUM0eEN6QUpCZ05WQkFZVEFsVlRNUXd3Q2dZRFZRUUtFd05KUWsweEVUQVAgCkJnTlZCQXNUQ0V4dlkyRnNJRU5CTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMmJaRW8gCjd4R2FYMi8wR0hrck5GWnZseEJvdTl2MUptdC9QRGlUTVB2ZThyOUZlSkFRMFFkdkZTVC8wSlBRWUQyMHJIMGIgCmltZERMZ05kTnlubXlSb1MyUy9JSW5mcG1mNjlpeWMyRzBUUHlSdm1ISWlPWmJkQ2QrWUJIUWkxYWRrajE3TkQgCmNXajZTMTR0VnVyRlg3M3p4MHNOb01TNzlxM3R1WEtyRHN4ZXV3SURBUUFCbzRHUU1JR05NRXNHQ1ZVZER3R0cgCitFSUJEUVErRXp4SFpXNWxjbUYwWldRZ1lua2dkR2hsSUZObFkzVnlaVmRoZVNCVFpXTjFjbWwwZVNCVFpYSjIgClpYSWdabTl5SUU5VEx6TTVNQ0FvVWtGRFJpa3dEZ1lEVlIwUEFRSC9CQVFEQWdBR01BOEdBMVVkRXdFQi93UUYgCk1BTUJBZjh3SFFZRFZSME9CQllFRkozK29jUnlDVEp3MDY3ZExTd3IvbmFseDZZTU1BMEdDU3FHU0liM0RRRUIgCkJRVUFBNEdCQU1hUXp0K3phajFHVTc3eXpscjhpaU1CWGdkUXJ3c1paV0pvNWV4bkF1Y0pBRVlRWm1PZnlMaU0gCkQ2b1lxK1puZnZNMG44Ry9ZNzlxOG5od3Z1eHBZT25SU0FYRnA2eFNrcklPZVp0Sk1ZMWgwMExLcC9KWDNOZzEgCnN2WjJhZ0UxMjZKSHNRMGJoek41VEtzWWZid2ZUd2ZqZFdBR3k2VmYxbllpL3JPK3J5TU8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLSA="), - check.That(data.ResourceName).Key("active_directory.0.enable_ldap_signing").HasValue("true"), + check.That(data.ResourceName).Key("active_directory.0.ldap_signing_enabled").HasValue("true"), check.That(data.ResourceName).Key("tags.%").HasValue("2"), check.That(data.ResourceName).Key("tags.FoO").HasValue("BaR"), ), @@ -251,10 +251,10 @@ resource "azurerm_netapp_account" "test" { ad_name = "My-AD-Server" kdc_ip = "192.168.1.1" enable_aes_encryption = true - allow_local_nfs_users_with_ldap = true - enable_ldap_over_tls = true + local_nfs_users_with_ldap_allowed = true + ldap_over_tls_enabled = true server_root_ca_certificate = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNZekNDQWN5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREF1TVFzd0NRWURWUVFHRXdKVlV6RU0gCk1Bb0dBMVVFQ2hNRFNVSk5NUkV3RHdZRFZRUUxFd2hNYjJOaGJDQkRRVEFlRncwNU9URXlNakl3TlRBd01EQmEgCkZ3MHdNREV5TWpNd05EVTVOVGxhTUM0eEN6QUpCZ05WQkFZVEFsVlRNUXd3Q2dZRFZRUUtFd05KUWsweEVUQVAgCkJnTlZCQXNUQ0V4dlkyRnNJRU5CTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMmJaRW8gCjd4R2FYMi8wR0hrck5GWnZseEJvdTl2MUptdC9QRGlUTVB2ZThyOUZlSkFRMFFkdkZTVC8wSlBRWUQyMHJIMGIgCmltZERMZ05kTnlubXlSb1MyUy9JSW5mcG1mNjlpeWMyRzBUUHlSdm1ISWlPWmJkQ2QrWUJIUWkxYWRrajE3TkQgCmNXajZTMTR0VnVyRlg3M3p4MHNOb01TNzlxM3R1WEtyRHN4ZXV3SURBUUFCbzRHUU1JR05NRXNHQ1ZVZER3R0cgCitFSUJEUVErRXp4SFpXNWxjbUYwWldRZ1lua2dkR2hsSUZObFkzVnlaVmRoZVNCVFpXTjFjbWwwZVNCVFpYSjIgClpYSWdabTl5SUU5VEx6TTVNQ0FvVWtGRFJpa3dEZ1lEVlIwUEFRSC9CQVFEQWdBR01BOEdBMVVkRXdFQi93UUYgCk1BTUJBZjh3SFFZRFZSME9CQllFRkozK29jUnlDVEp3MDY3ZExTd3IvbmFseDZZTU1BMEdDU3FHU0liM0RRRUIgCkJRVUFBNEdCQU1hUXp0K3phajFHVTc3eXpscjhpaU1CWGdkUXJ3c1paV0pvNWV4bkF1Y0pBRVlRWm1PZnlMaU0gCkQ2b1lxK1puZnZNMG44Ry9ZNzlxOG5od3Z1eHBZT25SU0FYRnA2eFNrcklPZVp0Sk1ZMWgwMExLcC9KWDNOZzEgCnN2WjJhZ0UxMjZKSHNRMGJoek41VEtzWWZid2ZUd2ZqZFdBR3k2VmYxbllpL3JPK3J5TU8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLSA=" - enable_ldap_signing = true + ldap_signing_enabled = true } tags = { diff --git a/website/docs/r/netapp_account.html.markdown b/website/docs/r/netapp_account.html.markdown index 688f926d9053..1da8beccfedf 100644 --- a/website/docs/r/netapp_account.html.markdown +++ b/website/docs/r/netapp_account.html.markdown @@ -95,13 +95,13 @@ The `active_directory` block supports the following: * `enable_aes_encryption` - (Optional) If enabled, AES encryption will be enabled for SMB communication. Defaults to `false`. -* `allow_local_nfs_users_with_ldap` - (Optional) If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. Defaults to `false`. +* `local_nfs_users_with_ldap_allowed` - (Optional) If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. Defaults to `false`. -* `enable_ldap_over_tls` - (Optional) Specifies whether or not the LDAP traffic needs to be secured via TLS. Defaults to `false`. +* `ldap_over_tls_enabled` - (Optional) Specifies whether or not the LDAP traffic needs to be secured via TLS. Defaults to `false`. -* `server_root_ca_certificate` - (Optional) When LDAP over SSL/TLS is enabled, the LDAP client is required to have a *base64 encoded Active Directory Certificate Service's self-signed root CA certificate*, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. Required if `enable_ldap_over_tls` is set to `true`. +* `server_root_ca_certificate` - (Optional) When LDAP over SSL/TLS is enabled, the LDAP client is required to have a *base64 encoded Active Directory Certificate Service's self-signed root CA certificate*, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. Required if `ldap_over_tls_enabled` is set to `true`. -* `enable_ldap_signing` - (Optional) Specifies whether or not the LDAP traffic needs to be signed. Defaults to `false`. +* `ldap_signing_enabled` - (Optional) Specifies whether or not the LDAP traffic needs to be signed. Defaults to `false`. --- The `identity` block supports the following: From 3a60dfd9781fac8b50b41e0502efe224b0899238 Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Thu, 21 Mar 2024 14:11:03 -0500 Subject: [PATCH 13/15] fmt --- .../netapp/netapp_account_resource_test.go | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/internal/services/netapp/netapp_account_resource_test.go b/internal/services/netapp/netapp_account_resource_test.go index f329abbd9273..06a7bb4748e0 100644 --- a/internal/services/netapp/netapp_account_resource_test.go +++ b/internal/services/netapp/netapp_account_resource_test.go @@ -241,20 +241,20 @@ resource "azurerm_netapp_account" "test" { resource_group_name = azurerm_resource_group.test.name active_directory { - username = "aduser" - password = "aduserpwd" - smb_server_name = "SMB-SERVER" - dns_servers = ["1.2.3.4", "1.2.3.5"] - domain = "westcentralus.com" - organizational_unit = "OU=FirstLevel" - site_name = "My-Site-Name" - ad_name = "My-AD-Server" - kdc_ip = "192.168.1.1" - enable_aes_encryption = true + username = "aduser" + password = "aduserpwd" + smb_server_name = "SMB-SERVER" + dns_servers = ["1.2.3.4", "1.2.3.5"] + domain = "westcentralus.com" + organizational_unit = "OU=FirstLevel" + site_name = "My-Site-Name" + ad_name = "My-AD-Server" + kdc_ip = "192.168.1.1" + enable_aes_encryption = true local_nfs_users_with_ldap_allowed = true - ldap_over_tls_enabled = true - server_root_ca_certificate = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNZekNDQWN5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREF1TVFzd0NRWURWUVFHRXdKVlV6RU0gCk1Bb0dBMVVFQ2hNRFNVSk5NUkV3RHdZRFZRUUxFd2hNYjJOaGJDQkRRVEFlRncwNU9URXlNakl3TlRBd01EQmEgCkZ3MHdNREV5TWpNd05EVTVOVGxhTUM0eEN6QUpCZ05WQkFZVEFsVlRNUXd3Q2dZRFZRUUtFd05KUWsweEVUQVAgCkJnTlZCQXNUQ0V4dlkyRnNJRU5CTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMmJaRW8gCjd4R2FYMi8wR0hrck5GWnZseEJvdTl2MUptdC9QRGlUTVB2ZThyOUZlSkFRMFFkdkZTVC8wSlBRWUQyMHJIMGIgCmltZERMZ05kTnlubXlSb1MyUy9JSW5mcG1mNjlpeWMyRzBUUHlSdm1ISWlPWmJkQ2QrWUJIUWkxYWRrajE3TkQgCmNXajZTMTR0VnVyRlg3M3p4MHNOb01TNzlxM3R1WEtyRHN4ZXV3SURBUUFCbzRHUU1JR05NRXNHQ1ZVZER3R0cgCitFSUJEUVErRXp4SFpXNWxjbUYwWldRZ1lua2dkR2hsSUZObFkzVnlaVmRoZVNCVFpXTjFjbWwwZVNCVFpYSjIgClpYSWdabTl5SUU5VEx6TTVNQ0FvVWtGRFJpa3dEZ1lEVlIwUEFRSC9CQVFEQWdBR01BOEdBMVVkRXdFQi93UUYgCk1BTUJBZjh3SFFZRFZSME9CQllFRkozK29jUnlDVEp3MDY3ZExTd3IvbmFseDZZTU1BMEdDU3FHU0liM0RRRUIgCkJRVUFBNEdCQU1hUXp0K3phajFHVTc3eXpscjhpaU1CWGdkUXJ3c1paV0pvNWV4bkF1Y0pBRVlRWm1PZnlMaU0gCkQ2b1lxK1puZnZNMG44Ry9ZNzlxOG5od3Z1eHBZT25SU0FYRnA2eFNrcklPZVp0Sk1ZMWgwMExLcC9KWDNOZzEgCnN2WjJhZ0UxMjZKSHNRMGJoek41VEtzWWZid2ZUd2ZqZFdBR3k2VmYxbllpL3JPK3J5TU8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLSA=" - ldap_signing_enabled = true + ldap_over_tls_enabled = true + server_root_ca_certificate = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNZekNDQWN5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREF1TVFzd0NRWURWUVFHRXdKVlV6RU0gCk1Bb0dBMVVFQ2hNRFNVSk5NUkV3RHdZRFZRUUxFd2hNYjJOaGJDQkRRVEFlRncwNU9URXlNakl3TlRBd01EQmEgCkZ3MHdNREV5TWpNd05EVTVOVGxhTUM0eEN6QUpCZ05WQkFZVEFsVlRNUXd3Q2dZRFZRUUtFd05KUWsweEVUQVAgCkJnTlZCQXNUQ0V4dlkyRnNJRU5CTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMmJaRW8gCjd4R2FYMi8wR0hrck5GWnZseEJvdTl2MUptdC9QRGlUTVB2ZThyOUZlSkFRMFFkdkZTVC8wSlBRWUQyMHJIMGIgCmltZERMZ05kTnlubXlSb1MyUy9JSW5mcG1mNjlpeWMyRzBUUHlSdm1ISWlPWmJkQ2QrWUJIUWkxYWRrajE3TkQgCmNXajZTMTR0VnVyRlg3M3p4MHNOb01TNzlxM3R1WEtyRHN4ZXV3SURBUUFCbzRHUU1JR05NRXNHQ1ZVZER3R0cgCitFSUJEUVErRXp4SFpXNWxjbUYwWldRZ1lua2dkR2hsSUZObFkzVnlaVmRoZVNCVFpXTjFjbWwwZVNCVFpYSjIgClpYSWdabTl5SUU5VEx6TTVNQ0FvVWtGRFJpa3dEZ1lEVlIwUEFRSC9CQVFEQWdBR01BOEdBMVVkRXdFQi93UUYgCk1BTUJBZjh3SFFZRFZSME9CQllFRkozK29jUnlDVEp3MDY3ZExTd3IvbmFseDZZTU1BMEdDU3FHU0liM0RRRUIgCkJRVUFBNEdCQU1hUXp0K3phajFHVTc3eXpscjhpaU1CWGdkUXJ3c1paV0pvNWV4bkF1Y0pBRVlRWm1PZnlMaU0gCkQ2b1lxK1puZnZNMG44Ry9ZNzlxOG5od3Z1eHBZT25SU0FYRnA2eFNrcklPZVp0Sk1ZMWgwMExLcC9KWDNOZzEgCnN2WjJhZ0UxMjZKSHNRMGJoek41VEtzWWZid2ZUd2ZqZFdBR3k2VmYxbllpL3JPK3J5TU8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLSA=" + ldap_signing_enabled = true } tags = { From 2fb18fbaa6443f9a0176eea8c45260a49ba3b089 Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Thu, 21 Mar 2024 14:15:01 -0500 Subject: [PATCH 14/15] change names, fmt --- internal/services/netapp/netapp_account_resource.go | 8 ++++---- internal/services/netapp/netapp_account_resource_test.go | 7 ++++--- website/docs/r/netapp_account.html.markdown | 4 ++-- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/internal/services/netapp/netapp_account_resource.go b/internal/services/netapp/netapp_account_resource.go index 8ae49260bd51..d177c11a0939 100644 --- a/internal/services/netapp/netapp_account_resource.go +++ b/internal/services/netapp/netapp_account_resource.go @@ -113,12 +113,12 @@ func resourceNetAppAccount() *pluginsdk.Resource { Default: "Default-First-Site-Name", Description: "The Active Directory site the service will limit Domain Controller discovery to. If blank, defaults to 'Default-First-Site-Name'", }, - "ad_name": { + "kerberos_ad_name": { Type: pluginsdk.TypeString, Optional: true, Description: "Name of the active directory machine. This optional parameter is used only while creating kerberos volume.", }, - "kdc_ip": { + "kerberos_kdc_ip": { Type: pluginsdk.TypeString, Optional: true, ValidateFunc: validation.IsIPv4Address, @@ -357,8 +357,8 @@ func expandNetAppActiveDirectories(input []interface{}) *[]netappaccounts.Active SmbServerName: utils.String(v["smb_server_name"].(string)), Username: utils.String(v["username"].(string)), Site: utils.String(v["site_name"].(string)), - AdName: utils.String(v["ad_name"].(string)), - KdcIP: utils.String(v["kdc_ip"].(string)), + AdName: utils.String(v["kerberos_ad_name"].(string)), + KdcIP: utils.String(v["kerberos_kdc_ip"].(string)), AesEncryption: utils.Bool(v["enable_aes_encryption"].(bool)), AllowLocalNfsUsersWithLdap: utils.Bool(v["local_nfs_users_with_ldap_allowed"].(bool)), LdapOverTLS: utils.Bool(v["ldap_over_tls_enabled"].(bool)), diff --git a/internal/services/netapp/netapp_account_resource_test.go b/internal/services/netapp/netapp_account_resource_test.go index 06a7bb4748e0..61f644693abf 100644 --- a/internal/services/netapp/netapp_account_resource_test.go +++ b/internal/services/netapp/netapp_account_resource_test.go @@ -92,7 +92,8 @@ func testAccNetAppAccount_complete(t *testing.T) { check.That(data.ResourceName).Key("active_directory.0.domain").HasValue("westcentralus.com"), check.That(data.ResourceName).Key("active_directory.0.organizational_unit").HasValue("OU=FirstLevel"), check.That(data.ResourceName).Key("active_directory.0.site_name").HasValue("My-Site-Name"), - check.That(data.ResourceName).Key("active_directory.0.ad_name").HasValue("My-AD-Server"), + check.That(data.ResourceName).Key("active_directory.0.kerberos_ad_name").HasValue("My-AD-Server"), + check.That(data.ResourceName).Key("active_directory.0.kerberos_kdc_ip").HasValue("192.168.1.1"), check.That(data.ResourceName).Key("active_directory.0.enable_aes_encryption").HasValue("true"), check.That(data.ResourceName).Key("active_directory.0.local_nfs_users_with_ldap_allowed").HasValue("true"), check.That(data.ResourceName).Key("active_directory.0.ldap_over_tls_enabled").HasValue("true"), @@ -248,8 +249,8 @@ resource "azurerm_netapp_account" "test" { domain = "westcentralus.com" organizational_unit = "OU=FirstLevel" site_name = "My-Site-Name" - ad_name = "My-AD-Server" - kdc_ip = "192.168.1.1" + kerberos_ad_name = "My-AD-Server" + kerberos_kdc_ip = "192.168.1.1" enable_aes_encryption = true local_nfs_users_with_ldap_allowed = true ldap_over_tls_enabled = true diff --git a/website/docs/r/netapp_account.html.markdown b/website/docs/r/netapp_account.html.markdown index 1da8beccfedf..7d61141853f4 100644 --- a/website/docs/r/netapp_account.html.markdown +++ b/website/docs/r/netapp_account.html.markdown @@ -87,9 +87,9 @@ The `active_directory` block supports the following: * `site_name` - (Optional) The Active Directory site the service will limit Domain Controller discovery to. If blank, defaults to `Default-First-Site-Name`. -* `ad_name` - (Optional) Name of the active directory machine. *This optional parameter is used only while creating a Kerberos volume.* +* `kerberos_ad_name` - (Optional) Name of the active directory machine. -* `kdc_ip` - (Optional) kdc server IP addresses for the active directory machine. *This optional parameter is used only while creating a Kerberos volume.* +* `kerberos_kdc_ip` - (Optional) kdc server IP addresses for the active directory machine. ~> **IMPORTANT:** If you plan on using **Kerberos** volumes, both `ad_name` and `kdc_ip` are required in order to create the volume. From 323830b990840b1e83d496957645796b1e547c7f Mon Sep 17 00:00:00 2001 From: Bruce Harrison Date: Thu, 21 Mar 2024 14:24:39 -0500 Subject: [PATCH 15/15] rename, cleanup --- internal/services/netapp/netapp_account_resource.go | 4 ++-- internal/services/netapp/netapp_account_resource_test.go | 4 ++-- website/docs/r/netapp_account.html.markdown | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/services/netapp/netapp_account_resource.go b/internal/services/netapp/netapp_account_resource.go index d177c11a0939..411d694e2225 100644 --- a/internal/services/netapp/netapp_account_resource.go +++ b/internal/services/netapp/netapp_account_resource.go @@ -124,7 +124,7 @@ func resourceNetAppAccount() *pluginsdk.Resource { ValidateFunc: validation.IsIPv4Address, Description: "IP address of the KDC server (usually same the DC). This optional parameter is used only while creating kerberos volume.", }, - "enable_aes_encryption": { + "aes_encryption_enabled": { Type: pluginsdk.TypeBool, Optional: true, Default: false, @@ -359,7 +359,7 @@ func expandNetAppActiveDirectories(input []interface{}) *[]netappaccounts.Active Site: utils.String(v["site_name"].(string)), AdName: utils.String(v["kerberos_ad_name"].(string)), KdcIP: utils.String(v["kerberos_kdc_ip"].(string)), - AesEncryption: utils.Bool(v["enable_aes_encryption"].(bool)), + AesEncryption: utils.Bool(v["aes_encryption_enabled"].(bool)), AllowLocalNfsUsersWithLdap: utils.Bool(v["local_nfs_users_with_ldap_allowed"].(bool)), LdapOverTLS: utils.Bool(v["ldap_over_tls_enabled"].(bool)), ServerRootCACertificate: utils.String(v["server_root_ca_certificate"].(string)), diff --git a/internal/services/netapp/netapp_account_resource_test.go b/internal/services/netapp/netapp_account_resource_test.go index 61f644693abf..f8de998f8daa 100644 --- a/internal/services/netapp/netapp_account_resource_test.go +++ b/internal/services/netapp/netapp_account_resource_test.go @@ -94,7 +94,7 @@ func testAccNetAppAccount_complete(t *testing.T) { check.That(data.ResourceName).Key("active_directory.0.site_name").HasValue("My-Site-Name"), check.That(data.ResourceName).Key("active_directory.0.kerberos_ad_name").HasValue("My-AD-Server"), check.That(data.ResourceName).Key("active_directory.0.kerberos_kdc_ip").HasValue("192.168.1.1"), - check.That(data.ResourceName).Key("active_directory.0.enable_aes_encryption").HasValue("true"), + check.That(data.ResourceName).Key("active_directory.0.aes_encryption_enabled").HasValue("true"), check.That(data.ResourceName).Key("active_directory.0.local_nfs_users_with_ldap_allowed").HasValue("true"), check.That(data.ResourceName).Key("active_directory.0.ldap_over_tls_enabled").HasValue("true"), check.That(data.ResourceName).Key("active_directory.0.server_root_ca_certificate").HasValue("LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNZekNDQWN5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREF1TVFzd0NRWURWUVFHRXdKVlV6RU0gCk1Bb0dBMVVFQ2hNRFNVSk5NUkV3RHdZRFZRUUxFd2hNYjJOaGJDQkRRVEFlRncwNU9URXlNakl3TlRBd01EQmEgCkZ3MHdNREV5TWpNd05EVTVOVGxhTUM0eEN6QUpCZ05WQkFZVEFsVlRNUXd3Q2dZRFZRUUtFd05KUWsweEVUQVAgCkJnTlZCQXNUQ0V4dlkyRnNJRU5CTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMmJaRW8gCjd4R2FYMi8wR0hrck5GWnZseEJvdTl2MUptdC9QRGlUTVB2ZThyOUZlSkFRMFFkdkZTVC8wSlBRWUQyMHJIMGIgCmltZERMZ05kTnlubXlSb1MyUy9JSW5mcG1mNjlpeWMyRzBUUHlSdm1ISWlPWmJkQ2QrWUJIUWkxYWRrajE3TkQgCmNXajZTMTR0VnVyRlg3M3p4MHNOb01TNzlxM3R1WEtyRHN4ZXV3SURBUUFCbzRHUU1JR05NRXNHQ1ZVZER3R0cgCitFSUJEUVErRXp4SFpXNWxjbUYwWldRZ1lua2dkR2hsSUZObFkzVnlaVmRoZVNCVFpXTjFjbWwwZVNCVFpYSjIgClpYSWdabTl5SUU5VEx6TTVNQ0FvVWtGRFJpa3dEZ1lEVlIwUEFRSC9CQVFEQWdBR01BOEdBMVVkRXdFQi93UUYgCk1BTUJBZjh3SFFZRFZSME9CQllFRkozK29jUnlDVEp3MDY3ZExTd3IvbmFseDZZTU1BMEdDU3FHU0liM0RRRUIgCkJRVUFBNEdCQU1hUXp0K3phajFHVTc3eXpscjhpaU1CWGdkUXJ3c1paV0pvNWV4bkF1Y0pBRVlRWm1PZnlMaU0gCkQ2b1lxK1puZnZNMG44Ry9ZNzlxOG5od3Z1eHBZT25SU0FYRnA2eFNrcklPZVp0Sk1ZMWgwMExLcC9KWDNOZzEgCnN2WjJhZ0UxMjZKSHNRMGJoek41VEtzWWZid2ZUd2ZqZFdBR3k2VmYxbllpL3JPK3J5TU8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLSA="), @@ -251,7 +251,7 @@ resource "azurerm_netapp_account" "test" { site_name = "My-Site-Name" kerberos_ad_name = "My-AD-Server" kerberos_kdc_ip = "192.168.1.1" - enable_aes_encryption = true + aes_encryption_enabled = true local_nfs_users_with_ldap_allowed = true ldap_over_tls_enabled = true server_root_ca_certificate = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNZekNDQWN5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREF1TVFzd0NRWURWUVFHRXdKVlV6RU0gCk1Bb0dBMVVFQ2hNRFNVSk5NUkV3RHdZRFZRUUxFd2hNYjJOaGJDQkRRVEFlRncwNU9URXlNakl3TlRBd01EQmEgCkZ3MHdNREV5TWpNd05EVTVOVGxhTUM0eEN6QUpCZ05WQkFZVEFsVlRNUXd3Q2dZRFZRUUtFd05KUWsweEVUQVAgCkJnTlZCQXNUQ0V4dlkyRnNJRU5CTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMmJaRW8gCjd4R2FYMi8wR0hrck5GWnZseEJvdTl2MUptdC9QRGlUTVB2ZThyOUZlSkFRMFFkdkZTVC8wSlBRWUQyMHJIMGIgCmltZERMZ05kTnlubXlSb1MyUy9JSW5mcG1mNjlpeWMyRzBUUHlSdm1ISWlPWmJkQ2QrWUJIUWkxYWRrajE3TkQgCmNXajZTMTR0VnVyRlg3M3p4MHNOb01TNzlxM3R1WEtyRHN4ZXV3SURBUUFCbzRHUU1JR05NRXNHQ1ZVZER3R0cgCitFSUJEUVErRXp4SFpXNWxjbUYwWldRZ1lua2dkR2hsSUZObFkzVnlaVmRoZVNCVFpXTjFjbWwwZVNCVFpYSjIgClpYSWdabTl5SUU5VEx6TTVNQ0FvVWtGRFJpa3dEZ1lEVlIwUEFRSC9CQVFEQWdBR01BOEdBMVVkRXdFQi93UUYgCk1BTUJBZjh3SFFZRFZSME9CQllFRkozK29jUnlDVEp3MDY3ZExTd3IvbmFseDZZTU1BMEdDU3FHU0liM0RRRUIgCkJRVUFBNEdCQU1hUXp0K3phajFHVTc3eXpscjhpaU1CWGdkUXJ3c1paV0pvNWV4bkF1Y0pBRVlRWm1PZnlMaU0gCkQ2b1lxK1puZnZNMG44Ry9ZNzlxOG5od3Z1eHBZT25SU0FYRnA2eFNrcklPZVp0Sk1ZMWgwMExLcC9KWDNOZzEgCnN2WjJhZ0UxMjZKSHNRMGJoek41VEtzWWZid2ZUd2ZqZFdBR3k2VmYxbllpL3JPK3J5TU8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLSA=" diff --git a/website/docs/r/netapp_account.html.markdown b/website/docs/r/netapp_account.html.markdown index 7d61141853f4..9d1368e2df7f 100644 --- a/website/docs/r/netapp_account.html.markdown +++ b/website/docs/r/netapp_account.html.markdown @@ -93,7 +93,7 @@ The `active_directory` block supports the following: ~> **IMPORTANT:** If you plan on using **Kerberos** volumes, both `ad_name` and `kdc_ip` are required in order to create the volume. -* `enable_aes_encryption` - (Optional) If enabled, AES encryption will be enabled for SMB communication. Defaults to `false`. +* `aes_encryption_enabled` - (Optional) If enabled, AES encryption will be enabled for SMB communication. Defaults to `false`. * `local_nfs_users_with_ldap_allowed` - (Optional) If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. Defaults to `false`.