Adding access_rules_options to google_lustre_instance (#15898)

Author: NA2047

mmv1/products/lustre/Instance.yaml

@@ -158,3 +158,56 @@ properties:
     description: |-
         The reason why the instance is in a certain state.
     output: true
+  - name: accessRulesOptions
+    type: NestedObject
+    description: |-
+      Access control rules for the Lustre instance. Configures default root
+      squashing behavior and specific access rules based on IP addresses.
+    properties:
+      - name: defaultSquashMode
+        type: Enum
+        required: true
+        description: |-
+          Set to "ROOT_SQUASH" to enable root squashing by default.
+          Other values include "NO_SQUASH".
+        enum_values:
+          - 'ROOT_SQUASH'
+          - 'NO_SQUASH'
+      - name: defaultSquashUid
+        type: Integer
+        description: |-
+          The UID to map the root user to when root squashing is enabled
+          (e.g., 65534 for nobody).
+      - name: defaultSquashGid
+        type: Integer
+        description: |-
+          The GID to map the root user to when root squashing is enabled
+          (e.g., 65534 for nobody).
+      - name: accessRules
+        type: Array
+        description: |-
+          An array of access rule exceptions. Each rule defines IP address ranges
+          that should have different squash behavior than the default.
+        item_type:
+          type: NestedObject
+          properties:
+            - name: name
+              type: String
+              description: |-
+                A unique identifier for the access rule.
+              required: true
+            - name: ipAddressRanges
+              type: Array
+              description: |-
+                An array of IP address strings or CIDR ranges that this rule applies to.
+              required: true
+              item_type:
+                type: String
+            - name: squashMode
+              type: Enum
+              description: |-
+                The squash mode for this specific rule. Currently, only "NO_SQUASH"
+                is supported for exceptions.
+              required: true
+              enum_values:
+                - 'NO_SQUASH'

mmv1/third_party/terraform/services/lustre/resource_lustre_instance_test.go

@@ -80,6 +80,121 @@ data "google_compute_network" "lustre-network" {
 `, context)
 }
 
+func TestAccLustreInstance_withAccessRulesOptions(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"network_name":  acctest.BootstrapSharedTestNetwork(t, "default-vpc"),
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccLustreInstance_withAccessRulesOptions(context),
+			},
+			{
+				ResourceName:            "google_lustre_instance.instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"instance_id", "labels", "gke_support_enabled", "location", "terraform_labels"},
+			},
+			{
+				Config: testAccLustreInstance_withAccessRulesOptionsUpdate(context),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction(
+							"google_lustre_instance.instance",
+							plancheck.ResourceActionUpdate,
+						),
+					},
+				},
+			},
+			{
+				ResourceName:            "google_lustre_instance.instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"instance_id", "labels", "gke_support_enabled", "location", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccLustreInstance_withAccessRulesOptions(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_lustre_instance" "instance" {
+  instance_id                 = "tf-test-my-instance%{random_suffix}"
+  location                    = "us-central1-a"
+  filesystem                  = "testfs"
+  network                     = data.google_compute_network.lustre-network.id
+  gke_support_enabled         = false
+  capacity_gib                = 18000
+  per_unit_storage_throughput = 1000
+  
+  access_rules_options {
+    default_squash_mode 	  = "ROOT_SQUASH"
+	default_squash_uid        = 65534
+    
+    access_rules {
+      name 					  = "admin_hosts"
+      ip_address_ranges       = ["192.168.0.0/24","10.0.1.10/32"]
+      squash_mode 			  = "NO_SQUASH"
+    }
+    
+    access_rules {
+      name 					  = "another_admin"
+      ip_address_ranges 	  = ["172.16.5.0/24"]
+      squash_mode 			  = "NO_SQUASH"
+    }
+  }
+  
+  timeouts {
+    create 					  = "120m"
+  }
+}
+
+data "google_compute_network" "lustre-network" {
+  name = "%{network_name}"
+}
+`, context)
+}
+
+func testAccLustreInstance_withAccessRulesOptionsUpdate(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_lustre_instance" "instance" {
+  instance_id                 = "tf-test-my-instance%{random_suffix}"
+  location                    = "us-central1-a"
+  filesystem                  = "testfs"
+  network                     = data.google_compute_network.lustre-network.id
+  gke_support_enabled         = false
+  capacity_gib                = 18000
+  per_unit_storage_throughput = 1000
+  
+  access_rules_options {
+    default_squash_mode       = "NO_SQUASH"
+    default_squash_uid        = 0
+    default_squash_gid        = 0
+    
+    access_rules {
+      name                    = "updated_admin"
+      ip_address_ranges       = ["10.0.0.0/8"]
+      squash_mode             = "NO_SQUASH"
+    }
+  }
+  
+  timeouts {
+    create 					  = "120m"
+  }
+}
+
+data "google_compute_network" "lustre-network" {
+  name = "%{network_name}"
+}
+`, context)
+}
+
 func TestAccLustreInstance_withKmsKey(t *testing.T) {
 	t.Parallel()