Skip to content

Commit 13543ac

Browse files
raazanandraazanand
authored
All squash support (#15115)
1 parent 757ebf8 commit 13543ac

File tree

2 files changed

+364
-0
lines changed

2 files changed

+364
-0
lines changed

mmv1/products/netapp/Volume.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -191,6 +191,18 @@ properties:
191191
type: Boolean
192192
description: |
193193
If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode. The 'kerberos5pReadOnly' value is ignored if this is enabled.
194+
- name: 'squashMode'
195+
type: Enum
196+
description: |-
197+
SquashMode defines how remote user privileges are restricted when accessing an NFS export. It controls how the user identities (like root) are mapped to anonymous users to limit access and enforce security.
198+
enum_values:
199+
- 'NO_ROOT_SQUASH'
200+
- 'ROOT_SQUASH'
201+
- 'ALL_SQUASH'
202+
- name: 'anonUid'
203+
type: Integer
204+
description: |-
205+
An integer representing the anonymous user ID. Range is 0 to 4294967295. Required when `squash_mode` is `ROOT_SQUASH` or `ALL_SQUASH`.
194206
- name: 'protocols'
195207
type: Array
196208
description: |

mmv1/third_party/terraform/services/netapp/resource_netapp_volume_test.go.tmpl

Lines changed: 352 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -970,4 +970,356 @@ data "google_compute_network" "default" {
970970
}
971971
`, context)
972972
}
973+
974+
func TestAccNetappVolume_volumeExportPolicyWithSquashMode(t *testing.T) {
975+
context := map[string]interface{}{
976+
"network_name": acctest.BootstrapSharedServiceNetworkingConnection(t, "gcnv-network-config-3", acctest.ServiceNetworkWithParentService("netapp.servicenetworking.goog")),
977+
"random_suffix": acctest.RandString(t, 10),
978+
}
979+
acctest.VcrTest(t, resource.TestCase{
980+
PreCheck: func() { acctest.AccTestPreCheck(t) },
981+
ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
982+
CheckDestroy: testAccCheckNetappVolumeDestroyProducer(t),
983+
ExternalProviders: map[string]resource.ExternalProvider{
984+
"time": {},
985+
},
986+
Steps: []resource.TestStep{
987+
{
988+
Config: testAccNetappVolume_volumeExportPolicyWithSquashMode_noRootSquash(context),
989+
},
990+
{
991+
ResourceName: "google_netapp_volume.test_volume",
992+
ImportState: true,
993+
ImportStateVerify: true,
994+
ImportStateVerifyIgnore: []string{"restore_parameters", "location", "name", "deletion_policy", "labels", "terraform_labels"},
995+
},
996+
{
997+
Config: testAccNetappVolume_volumeExportPolicyWithSquashMode_rootSquash(context),
998+
},
999+
{
1000+
ResourceName: "google_netapp_volume.test_volume",
1001+
ImportState: true,
1002+
ImportStateVerify: true,
1003+
ImportStateVerifyIgnore: []string{"restore_parameters", "location", "name", "deletion_policy", "labels", "terraform_labels"},
1004+
},
1005+
{
1006+
Config: testAccNetappVolume_volumeExportPolicyWithSquashMode_allSquash(context),
1007+
},
1008+
{
1009+
ResourceName: "google_netapp_volume.test_volume",
1010+
ImportState: true,
1011+
ImportStateVerify: true,
1012+
ImportStateVerifyIgnore: []string{"restore_parameters", "location", "name", "deletion_policy", "labels", "terraform_labels"},
1013+
},
1014+
{
1015+
Config: testAccNetappVolume_volumeExportPolicyWithSquashMode_noRootSquash_ReadNoneAccessType(context),
1016+
},
1017+
{
1018+
ResourceName: "google_netapp_volume.test_volume",
1019+
ImportState: true,
1020+
ImportStateVerify: true,
1021+
ImportStateVerifyIgnore: []string{"restore_parameters", "location", "name", "deletion_policy", "labels", "terraform_labels"},
1022+
},
1023+
{
1024+
Config: testAccNetappVolume_volumeExportPolicyWithSquashMode_rootSquash_readOnlyAccessType(context),
1025+
},
1026+
{
1027+
ResourceName: "google_netapp_volume.test_volume",
1028+
ImportState: true,
1029+
ImportStateVerify: true,
1030+
ImportStateVerifyIgnore: []string{"restore_parameters", "location", "name", "deletion_policy", "labels", "terraform_labels"},
1031+
},
1032+
{
1033+
Config: testAccNetappVolume_volumeExportPolicyWithSquashMode_rootSquash_readNoneAccessType(context),
1034+
},
1035+
{
1036+
ResourceName: "google_netapp_volume.test_volume",
1037+
ImportState: true,
1038+
ImportStateVerify: true,
1039+
ImportStateVerifyIgnore: []string{"restore_parameters", "location", "name", "deletion_policy", "labels", "terraform_labels"},
1040+
},
1041+
},
1042+
})
1043+
}
1044+
1045+
func testAccNetappVolume_volumeExportPolicyWithSquashMode_noRootSquash(context map[string]interface{}) string {
1046+
return acctest.Nprintf(`
1047+
resource "google_netapp_storage_pool" "default" {
1048+
provider = google-beta
1049+
name = "tf-test-pool%{random_suffix}"
1050+
location = "us-west2"
1051+
service_level = "PREMIUM"
1052+
capacity_gib = "2048"
1053+
network = data.google_compute_network.default.id
1054+
}
1055+
resource "time_sleep" "wait_3_minutes" {
1056+
depends_on = [google_netapp_storage_pool.default]
1057+
create_duration = "3m"
1058+
}
1059+
resource "google_netapp_volume" "test_volume" {
1060+
provider = google-beta
1061+
location = "us-west2"
1062+
name = "tf-test-test-volume%{random_suffix}"
1063+
capacity_gib = "100"
1064+
share_name = "tf-test-test-volume%{random_suffix}"
1065+
storage_pool = google_netapp_storage_pool.default.name
1066+
protocols = ["NFSV3"]
1067+
export_policy {
1068+
rules {
1069+
access_type = "READ_WRITE"
1070+
allowed_clients = "0.0.0.0/0"
1071+
has_root_access = "true"
1072+
kerberos5_read_only = false
1073+
kerberos5_read_write = false
1074+
kerberos5i_read_only = false
1075+
kerberos5i_read_write = false
1076+
kerberos5p_read_only = false
1077+
kerberos5p_read_write = false
1078+
nfsv3 = true
1079+
nfsv4 = false
1080+
squash_mode = "NO_ROOT_SQUASH"
1081+
}
1082+
}
1083+
}
1084+
data "google_compute_network" "default" {
1085+
provider = google-beta
1086+
name = "%{network_name}"
1087+
}
1088+
`, context)
1089+
}
1090+
1091+
func testAccNetappVolume_volumeExportPolicyWithSquashMode_noRootSquash_ReadNoneAccessType(context map[string]interface{}) string {
1092+
return acctest.Nprintf(`
1093+
resource "google_netapp_storage_pool" "default" {
1094+
provider = google-beta
1095+
name = "tf-test-pool%{random_suffix}"
1096+
location = "us-west2"
1097+
service_level = "PREMIUM"
1098+
capacity_gib = "2048"
1099+
network = data.google_compute_network.default.id
1100+
}
1101+
resource "time_sleep" "wait_3_minutes" {
1102+
depends_on = [google_netapp_storage_pool.default]
1103+
create_duration = "3m"
1104+
}
1105+
resource "google_netapp_volume" "test_volume" {
1106+
provider = google-beta
1107+
location = "us-west2"
1108+
name = "tf-test-test-volume%{random_suffix}"
1109+
capacity_gib = "100"
1110+
share_name = "tf-test-test-volume%{random_suffix}"
1111+
storage_pool = google_netapp_storage_pool.default.name
1112+
protocols = ["NFSV3"]
1113+
export_policy {
1114+
rules {
1115+
access_type = "READ_NONE"
1116+
allowed_clients = "0.0.0.0/0"
1117+
has_root_access = "true"
1118+
kerberos5_read_only = false
1119+
kerberos5_read_write = false
1120+
kerberos5i_read_only = false
1121+
kerberos5i_read_write = false
1122+
kerberos5p_read_only = false
1123+
kerberos5p_read_write = false
1124+
nfsv3 = true
1125+
nfsv4 = false
1126+
squash_mode = "NO_ROOT_SQUASH"
1127+
}
1128+
}
1129+
}
1130+
data "google_compute_network" "default" {
1131+
provider = google-beta
1132+
name = "%{network_name}"
1133+
}
1134+
`, context)
1135+
}
1136+
1137+
func testAccNetappVolume_volumeExportPolicyWithSquashMode_allSquash(context map[string]interface{}) string {
1138+
return acctest.Nprintf(`
1139+
resource "google_netapp_storage_pool" "default" {
1140+
provider = google-beta
1141+
name = "tf-test-pool%{random_suffix}"
1142+
location = "us-west2"
1143+
service_level = "PREMIUM"
1144+
capacity_gib = "2048"
1145+
network = data.google_compute_network.default.id
1146+
}
1147+
resource "time_sleep" "wait_3_minutes" {
1148+
depends_on = [google_netapp_storage_pool.default]
1149+
create_duration = "3m"
1150+
}
1151+
resource "google_netapp_volume" "test_volume" {
1152+
provider = google-beta
1153+
location = "us-west2"
1154+
name = "tf-test-test-volume%{random_suffix}"
1155+
capacity_gib = "100"
1156+
share_name = "tf-test-test-volume%{random_suffix}"
1157+
storage_pool = google_netapp_storage_pool.default.name
1158+
protocols = ["NFSV3"]
1159+
export_policy {
1160+
rules {
1161+
access_type = "READ_NONE"
1162+
allowed_clients = "0.0.0.0/0"
1163+
has_root_access = "false"
1164+
kerberos5_read_only = false
1165+
kerberos5_read_write = false
1166+
kerberos5i_read_only = false
1167+
kerberos5i_read_write = false
1168+
kerberos5p_read_only = false
1169+
kerberos5p_read_write = false
1170+
nfsv3 = true
1171+
nfsv4 = false
1172+
squash_mode = "ALL_SQUASH"
1173+
anon_uid = 65534
1174+
}
1175+
}
1176+
}
1177+
1178+
data "google_compute_network" "default" {
1179+
provider = google-beta
1180+
name = "%{network_name}"
1181+
}
1182+
`, context)
1183+
}
1184+
1185+
func testAccNetappVolume_volumeExportPolicyWithSquashMode_rootSquash(context map[string]interface{}) string {
1186+
return acctest.Nprintf(`
1187+
resource "google_netapp_storage_pool" "default" {
1188+
provider = google-beta
1189+
name = "tf-test-pool%{random_suffix}"
1190+
location = "us-west2"
1191+
service_level = "PREMIUM"
1192+
capacity_gib = "2048"
1193+
network = data.google_compute_network.default.id
1194+
}
1195+
resource "time_sleep" "wait_3_minutes" {
1196+
depends_on = [google_netapp_storage_pool.default]
1197+
create_duration = "3m"
1198+
}
1199+
resource "google_netapp_volume" "test_volume" {
1200+
provider = google-beta
1201+
location = "us-west2"
1202+
name = "tf-test-test-volume%{random_suffix}"
1203+
capacity_gib = "100"
1204+
share_name = "tf-test-test-volume%{random_suffix}"
1205+
storage_pool = google_netapp_storage_pool.default.name
1206+
protocols = ["NFSV3"]
1207+
export_policy {
1208+
rules {
1209+
access_type = "READ_WRITE"
1210+
allowed_clients = "0.0.0.0/0"
1211+
has_root_access = "false"
1212+
kerberos5_read_only = false
1213+
kerberos5_read_write = false
1214+
kerberos5i_read_only = false
1215+
kerberos5i_read_write = false
1216+
kerberos5p_read_only = false
1217+
kerberos5p_read_write = false
1218+
nfsv3 = true
1219+
nfsv4 = false
1220+
squash_mode = "ROOT_SQUASH"
1221+
}
1222+
}
1223+
}
1224+
1225+
data "google_compute_network" "default" {
1226+
provider = google-beta
1227+
name = "%{network_name}"
1228+
}
1229+
`, context)
1230+
}
1231+
1232+
func testAccNetappVolume_volumeExportPolicyWithSquashMode_rootSquash_readOnlyAccessType(context map[string]interface{}) string {
1233+
return acctest.Nprintf(`
1234+
resource "google_netapp_storage_pool" "default" {
1235+
provider = google-beta
1236+
name = "tf-test-pool%{random_suffix}"
1237+
location = "us-west2"
1238+
service_level = "PREMIUM"
1239+
capacity_gib = "2048"
1240+
network = data.google_compute_network.default.id
1241+
}
1242+
resource "time_sleep" "wait_3_minutes" {
1243+
depends_on = [google_netapp_storage_pool.default]
1244+
create_duration = "3m"
1245+
}
1246+
resource "google_netapp_volume" "test_volume" {
1247+
provider = google-beta
1248+
location = "us-west2"
1249+
name = "tf-test-test-volume%{random_suffix}"
1250+
capacity_gib = "100"
1251+
share_name = "tf-test-test-volume%{random_suffix}"
1252+
storage_pool = google_netapp_storage_pool.default.name
1253+
protocols = ["NFSV3"]
1254+
export_policy {
1255+
rules {
1256+
access_type = "READ_ONLY"
1257+
allowed_clients = "0.0.0.0/0"
1258+
has_root_access = "false"
1259+
kerberos5_read_only = false
1260+
kerberos5_read_write = false
1261+
kerberos5i_read_only = false
1262+
kerberos5i_read_write = false
1263+
kerberos5p_read_only = false
1264+
kerberos5p_read_write = false
1265+
nfsv3 = true
1266+
nfsv4 = false
1267+
squash_mode = "ROOT_SQUASH"
1268+
}
1269+
}
1270+
}
1271+
1272+
data "google_compute_network" "default" {
1273+
provider = google-beta
1274+
name = "%{network_name}"
1275+
}
1276+
`, context)
1277+
}
1278+
1279+
func testAccNetappVolume_volumeExportPolicyWithSquashMode_rootSquash_readNoneAccessType(context map[string]interface{}) string {
1280+
return acctest.Nprintf(`
1281+
resource "google_netapp_storage_pool" "default" {
1282+
provider = google-beta
1283+
name = "tf-test-pool%{random_suffix}"
1284+
location = "us-west2"
1285+
service_level = "PREMIUM"
1286+
capacity_gib = "2048"
1287+
network = data.google_compute_network.default.id
1288+
}
1289+
resource "time_sleep" "wait_3_minutes" {
1290+
depends_on = [google_netapp_storage_pool.default]
1291+
create_duration = "3m"
1292+
}
1293+
resource "google_netapp_volume" "test_volume" {
1294+
provider = google-beta
1295+
location = "us-west2"
1296+
name = "tf-test-test-volume%{random_suffix}"
1297+
capacity_gib = "100"
1298+
share_name = "tf-test-test-volume%{random_suffix}"
1299+
storage_pool = google_netapp_storage_pool.default.name
1300+
protocols = ["NFSV3"]
1301+
export_policy {
1302+
rules {
1303+
access_type = "READ_NONE"
1304+
allowed_clients = "0.0.0.0/0"
1305+
has_root_access = "false"
1306+
kerberos5_read_only = false
1307+
kerberos5_read_write = false
1308+
kerberos5i_read_only = false
1309+
kerberos5i_read_write = false
1310+
kerberos5p_read_only = false
1311+
kerberos5p_read_write = false
1312+
nfsv3 = true
1313+
nfsv4 = false
1314+
squash_mode = "ROOT_SQUASH"
1315+
}
1316+
}
1317+
}
1318+
1319+
data "google_compute_network" "default" {
1320+
provider = google-beta
1321+
name = "%{network_name}"
1322+
}
1323+
`, context)
1324+
}
9731325
{{ end }}

0 commit comments

Comments
 (0)