diff --git a/go.mod b/go.mod index 92cf3bb6f0..1c6f49f1af 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( github.com/IBM/secrets-manager-go-sdk/v2 v2.0.15 github.com/IBM/vmware-go-sdk v0.1.5 github.com/IBM/vpc-beta-go-sdk v0.8.0 - github.com/IBM/vpc-go-sdk v0.71.1 + github.com/IBM/vpc-go-sdk v0.72.0 github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 github.com/akamai/AkamaiOPEN-edgegrid-golang/v5 v5.0.0 diff --git a/go.sum b/go.sum index 233e95d239..f27cb730d8 100644 --- a/go.sum +++ b/go.sum @@ -169,10 +169,8 @@ github.com/IBM/vmware-go-sdk v0.1.5 h1:aQbwcJBceaaauuIoJ0OJn+ttwjb+QTX6XV9Jbrdpj github.com/IBM/vmware-go-sdk v0.1.5/go.mod h1:OyQKRInGGsBaOyE5LIZCqH7b1DZ01BvIYa8BgGy+wWo= github.com/IBM/vpc-beta-go-sdk v0.8.0 h1:cEPpv4iw3Ba5W2d0AWg3TIbKeJ8y1nPuUuibR5Jt9eE= github.com/IBM/vpc-beta-go-sdk v0.8.0/go.mod h1:hORgIyTFRzXrZIK9IohaWmCRBBlYiDRagsufi7M6akE= -github.com/IBM/vpc-go-sdk v0.70.1 h1:6NsbRkiA5gDNxe7cjNx8Pi1j9s0PlhwNQj29wsKZxAo= -github.com/IBM/vpc-go-sdk v0.70.1/go.mod h1:K3vVlje72PYE3ZRt1iouE+jSIq+vCyYzT1HiFC06hUA= -github.com/IBM/vpc-go-sdk v0.71.1 h1:SP5/uQs5JDb1QRvSJ1QC2BzE+BHEMq4jd2+JEcRuieE= -github.com/IBM/vpc-go-sdk v0.71.1/go.mod h1:K3vVlje72PYE3ZRt1iouE+jSIq+vCyYzT1HiFC06hUA= +github.com/IBM/vpc-go-sdk v0.72.0 h1:3Pj7nNuYmlaRPiMyC/5Uro3+5hzNBM6v2Lrq5UABBkQ= +github.com/IBM/vpc-go-sdk v0.72.0/go.mod h1:K3vVlje72PYE3ZRt1iouE+jSIq+vCyYzT1HiFC06hUA= github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56 h1:vuquMR410psHNax14XKNWa0Ae/kYgWJcXi0IFuX60N0= github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56/go.mod h1:Zb3OT4l0mf7P/GOs2w2Ilj5sdm5Whoq3pa24dAEBHFc= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= diff --git a/ibm/service/vpc/data_source_ibm_is_share.go b/ibm/service/vpc/data_source_ibm_is_share.go index c5232ebeb5..646a7025d7 100644 --- a/ibm/service/vpc/data_source_ibm_is_share.go +++ b/ibm/service/vpc/data_source_ibm_is_share.go @@ -35,12 +35,28 @@ func DataSourceIbmIsShare() *schema.Resource { ExactlyOneOf: []string{"share", "name"}, Description: "Name of the share.", }, + "availability_mode": { + Type: schema.TypeString, + Computed: true, + Description: "Availability mode of the share.", + }, "allowed_transit_encryption_modes": { Type: schema.TypeList, Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, Description: "Allowed transit encryption modes", }, + "allowed_access_protocols": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: "Allowed access protocols for this share", + }, + "bandwidth": { + Type: schema.TypeInt, + Computed: true, + Description: "The bandwidth for this share.", + }, "created_at": { Type: schema.TypeString, Computed: true, @@ -590,6 +606,11 @@ func DataSourceIbmIsShare() *schema.Resource { }, }, }, + "storage_generation": { + Type: schema.TypeInt, + Computed: true, + Description: "The storage generation for this share", + }, }, } } @@ -699,12 +720,27 @@ func dataSourceIbmIsShareRead(context context.Context, d *schema.ResourceData, m if share.AccessControlMode != nil { d.Set("access_control_mode", *share.AccessControlMode) } + if share.AvailabilityMode != nil { + if err = d.Set("availability_mode", *share.AvailabilityMode); err != nil { + return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share", "read", "set-availability_mode").GetDiag() + } + } if !core.IsNil(share.AllowedTransitEncryptionModes) { if err = d.Set("allowed_transit_encryption_modes", share.AllowedTransitEncryptionModes); err != nil { err = fmt.Errorf("Error setting allowed_transit_encryption_modes: %s", err) return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share", "read", "set-allowed_transit_encryption_modes").GetDiag() } } + if !core.IsNil(share.AllowedAccessProtocols) { + if err = d.Set("allowed_access_protocols", share.AllowedAccessProtocols); err != nil { + err = fmt.Errorf("Error setting allowed_access_protocols: %s", err) + return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share", "read", "set-allowed_access_protocols").GetDiag() + } + } + if err = d.Set("bandwidth", share.Bandwidth); err != nil { + err = fmt.Errorf("Error setting bandwidth: %s", err) + return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share", "read", "set-bandwidth").GetDiag() + } if err = d.Set("accessor_binding_role", share.AccessorBindingRole); err != nil { err = fmt.Errorf("Error setting accessor_binding_role: %s", err) return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share", "read", "set-accessor_binding_role").GetDiag() @@ -821,6 +857,10 @@ func dataSourceIbmIsShareRead(context context.Context, d *schema.ResourceData, m if err = d.Set("source_snapshot", sourceSnapshot); err != nil { return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting source_snapshot: %s", err), "(Data) ibm_is_share", "read", "set-source_snapshot").GetDiag() } + + if err := d.Set("storage_generation", flex.IntValue(share.StorageGeneration)); err != nil { + return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting storage_generation: %s", err), "(Data) ibm_is_share", "read", "set-storage_generation").GetDiag() + } accesstags, err := flex.GetGlobalTagsUsingCRN(meta, *share.CRN, "", isAccessTagType) if err != nil { tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting shares (%s) access tags: %s", d.Id(), err), "(Data) ibm_is_share", "read") diff --git a/ibm/service/vpc/data_source_ibm_is_share_accessor_binding_test.go b/ibm/service/vpc/data_source_ibm_is_share_accessor_binding_test.go index 70ffb32cbf..c1baf76fe2 100644 --- a/ibm/service/vpc/data_source_ibm_is_share_accessor_binding_test.go +++ b/ibm/service/vpc/data_source_ibm_is_share_accessor_binding_test.go @@ -26,7 +26,7 @@ func TestAccIBMIsShareAccessorBindingDataSourceBasic(t *testing.T) { vpcname := fmt.Sprintf("tf-vpc-name-%d", acctest.RandIntRange(10, 100)) shareName := fmt.Sprintf("tf-share-%d", acctest.RandIntRange(10, 100)) shareName1 := fmt.Sprintf("tf-share1-%d", acctest.RandIntRange(10, 100)) - tEMode1 := "user_managed" + tEMode1 := "ipsec" resource.Test(t, resource.TestCase{ PreCheck: func() { acc.TestAccPreCheck(t) }, Providers: acc.TestAccProviders, diff --git a/ibm/service/vpc/data_source_ibm_is_share_accessor_bindings_test.go b/ibm/service/vpc/data_source_ibm_is_share_accessor_bindings_test.go index 6af1a6f07d..093012fe4e 100644 --- a/ibm/service/vpc/data_source_ibm_is_share_accessor_bindings_test.go +++ b/ibm/service/vpc/data_source_ibm_is_share_accessor_bindings_test.go @@ -27,7 +27,7 @@ func TestAccIBMIsShareAccessorBindingsDataSourceBasic(t *testing.T) { vpcname := fmt.Sprintf("tf-vpc-name-%d", acctest.RandIntRange(10, 100)) shareName := fmt.Sprintf("tf-share-%d", acctest.RandIntRange(10, 100)) shareName1 := fmt.Sprintf("tf-share1-%d", acctest.RandIntRange(10, 100)) - tEMode1 := "user_managed" + tEMode1 := "ipsec" resource.Test(t, resource.TestCase{ PreCheck: func() { acc.TestAccPreCheck(t) }, Providers: acc.TestAccProviders, diff --git a/ibm/service/vpc/data_source_ibm_is_share_mount_target.go b/ibm/service/vpc/data_source_ibm_is_share_mount_target.go index 22b1a9a7ca..867e0f219c 100644 --- a/ibm/service/vpc/data_source_ibm_is_share_mount_target.go +++ b/ibm/service/vpc/data_source_ibm_is_share_mount_target.go @@ -42,6 +42,11 @@ func DataSourceIBMIsShareTarget() *schema.Resource { ExactlyOneOf: []string{"mount_target", "mount_target_name"}, Description: "The share target name.", }, + "access_protocol": { + Type: schema.TypeString, + Computed: true, + Description: "The protocol to use to access the share for this share mount target.", + }, "transit_encryption": { Type: schema.TypeString, Computed: true, @@ -368,6 +373,12 @@ func dataSourceIBMIsShareTargetRead(context context.Context, d *schema.ResourceD err = fmt.Errorf("Error setting resource_type: %s", err) return flex.DiscriminatedTerraformErrorf(err, err.Error(), "(Data) ibm_is_share_mount_target", "read", "set-resource_type").GetDiag() } + if shareTarget.AccessProtocol != nil { + if err := d.Set("access_protocol", *shareTarget.AccessProtocol); err != nil { + err = fmt.Errorf("Error setting access_protocol: %s", err) + return flex.DiscriminatedTerraformErrorf(err, err.Error(), "(Data) ibm_is_share_mount_target", "read", "set-access_protocol").GetDiag() + } + } if shareTarget.TransitEncryption != nil { if err = d.Set("transit_encryption", *shareTarget.TransitEncryption); err != nil { err = fmt.Errorf("Error setting transit_encryption: %s", err) diff --git a/ibm/service/vpc/data_source_ibm_is_share_mount_targets.go b/ibm/service/vpc/data_source_ibm_is_share_mount_targets.go index 0f2f1a786c..3028d7541b 100644 --- a/ibm/service/vpc/data_source_ibm_is_share_mount_targets.go +++ b/ibm/service/vpc/data_source_ibm_is_share_mount_targets.go @@ -43,6 +43,11 @@ func DataSourceIBMIsShareTargets() *schema.Resource { Computed: true, Description: "The access control mode for the share", }, + "access_protocol": { + Type: schema.TypeString, + Computed: true, + Description: "The protocol to use to access the share for this share mount target.", + }, "name": { Type: schema.TypeString, Computed: true, @@ -346,6 +351,9 @@ func dataSourceShareMountTargetCollectionTargetsToMap(targetsItem vpcv1.ShareMou if targetsItem.AccessControlMode != nil { targetsMap["access_control_mode"] = *targetsItem.AccessControlMode } + if targetsItem.AccessProtocol != nil { + targetsMap["access_protocol"] = *targetsItem.AccessProtocol + } if targetsItem.CreatedAt != nil { targetsMap["created_at"] = targetsItem.CreatedAt.String() } diff --git a/ibm/service/vpc/data_source_ibm_is_share_profile.go b/ibm/service/vpc/data_source_ibm_is_share_profile.go index 500d917cd7..570e20ce40 100644 --- a/ibm/service/vpc/data_source_ibm_is_share_profile.go +++ b/ibm/service/vpc/data_source_ibm_is_share_profile.go @@ -26,6 +26,139 @@ func DataSourceIbmIsShareProfile() *schema.Resource { Required: true, Description: "The file share profile name.", }, + "allowed_access_protocols": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "default": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The default allowed access protocol modes for shares with this profile.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The type for this profile field.", + }, + "values": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The possible allowed access protocols for shares with this profile.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "allowed_transit_encryption_modes": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "default": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The default allowed transit encryption modes for shares with this profile.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The type for this profile field.", + }, + "values": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The allowed transit encryption modes for a share with this profile", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "availability_modes": { + Type: schema.TypeList, + Computed: true, + Description: "The data availability mode of a share with this profile..", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "default": { + Type: schema.TypeString, + Computed: true, + Description: "The default data availability mode for this profile.", + }, + "type": { + Type: schema.TypeString, + Computed: true, + Description: "The type for this profile field.", + }, + "value": { + Type: schema.TypeString, + Computed: true, + Description: "The value for this profile field", + }, + "values": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: "The permitted values for this profile field.", + }, + }, + }, + }, + "bandwidth": { + Type: schema.TypeList, + Computed: true, + Description: "The permitted capacity range (in gigabytes) for a share with this profile.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "default": { + Type: schema.TypeInt, + Computed: true, + Description: "The default capacity.", + }, + "max": { + Type: schema.TypeInt, + Computed: true, + Description: "The max capacity.", + }, + "min": { + Type: schema.TypeInt, + Computed: true, + Description: "The min capacity.", + }, + "step": { + Type: schema.TypeInt, + Computed: true, + Description: "The increment step value for this profile field.", + }, + "type": { + Type: schema.TypeString, + Computed: true, + Description: "The type for this profile field.", + }, + "value": { + Type: schema.TypeInt, + Computed: true, + Description: "The value for this profile field", + }, + "values": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeInt}, + Description: "The permitted values for this profile field.", + }, + }, + }, + }, "capacity": { Type: schema.TypeList, Computed: true, @@ -152,7 +285,46 @@ func dataSourceIbmIsShareProfileRead(context context.Context, d *schema.Resource log.Printf("[DEBUG] %s", tfErr.GetDebugMessage()) return tfErr.GetDiag() } - + if shareProfile.AllowedAccessProtocols != nil { + allowedAccessprotocolsList := []map[string]interface{}{} + allowedAccessprotocols := shareProfile.AllowedAccessProtocols.(*vpcv1.ShareProfileAllowedAccessProtocols) + allowedAccessprotocolsMap := dataSourceShareProfileAllowedAccessProtocolToMap(*allowedAccessprotocols) + allowedAccessprotocolsList = append(allowedAccessprotocolsList, allowedAccessprotocolsMap) + if err = d.Set("allowed_access_protocols", allowedAccessprotocolsList); err != nil { + err = fmt.Errorf("Error setting allowed_access_protocols: %s", err) + return flex.DiscriminatedTerraformErrorf(err, err.Error(), "(Data) ibm_is_share_profile", "read", "set-allowed_access_protocols").GetDiag() + } + } + if shareProfile.AllowedTransitEncryptionModes != nil { + allowedTEMList := []map[string]interface{}{} + allowedTEM := shareProfile.AllowedTransitEncryptionModes.(*vpcv1.ShareProfileAllowedTransitEncryptionModes) + allowedTEMMap := dataSourceShareProfileAllowedTransitEncryptionToMap(*allowedTEM) + allowedTEMList = append(allowedTEMList, allowedTEMMap) + if err = d.Set("allowed_transit_encryption_modes", allowedTEMList); err != nil { + err = fmt.Errorf("Error setting allowed_transit_encryption_modes: %s", err) + return flex.DiscriminatedTerraformErrorf(err, err.Error(), "(Data) ibm_is_share_profile", "read", "set-allowed_transit_encryption_modes").GetDiag() + } + } + if shareProfile.AvailabilityModes != nil { + availabilityModesList := []map[string]interface{}{} + availabilityModes := shareProfile.AvailabilityModes.(*vpcv1.ShareProfileAvailabilityModes) + availabilityModesMap := dataSourceShareProfileAvailabilityModesToMap(*availabilityModes) + availabilityModesList = append(availabilityModesList, availabilityModesMap) + if err = d.Set("availability_modes", availabilityModesList); err != nil { + err = fmt.Errorf("Error setting availability_modes: %s", err) + return flex.DiscriminatedTerraformErrorf(err, err.Error(), "(Data) ibm_is_share_profile", "read", "set-availability_modes").GetDiag() + } + } + if shareProfile.Bandwidth != nil { + bandwidthList := []map[string]interface{}{} + bandwidth := shareProfile.Bandwidth.(*vpcv1.ShareProfileBandwidth) + bandwidthMap := dataSourceShareProfileBandwidthToMap(*bandwidth) + bandwidthList = append(bandwidthList, bandwidthMap) + if err = d.Set("bandwidth", bandwidthList); err != nil { + err = fmt.Errorf("Error setting bandwidth: %s", err) + return flex.DiscriminatedTerraformErrorf(err, err.Error(), "(Data) ibm_is_share_profile", "read", "set-bandwidth").GetDiag() + } + } if shareProfile.Capacity != nil { capacityList := []map[string]interface{}{} capacity := shareProfile.Capacity.(*vpcv1.ShareProfileCapacity) @@ -215,10 +387,18 @@ func dataSourceShareProfileCapacityToMap(capacity vpcv1.ShareProfileCapacity) (c // if capacity.Default != nil { // capacityMap["default"] = int(*capacity.Default) // } - capacityMap["max"] = capacity.Max - capacityMap["min"] = capacity.Min - capacityMap["step"] = capacity.Step - capacityMap["type"] = capacity.Type + if capacity.Max != nil { + capacityMap["max"] = capacity.Max + } + if capacity.Min != nil { + capacityMap["min"] = capacity.Min + } + if capacity.Step != nil { + capacityMap["step"] = capacity.Step + } + if capacity.Type != nil { + capacityMap["type"] = capacity.Type + } if capacity.Value != nil { capacityMap["value"] = int(*capacity.Value) } @@ -231,6 +411,99 @@ func dataSourceShareProfileCapacityToMap(capacity vpcv1.ShareProfileCapacity) (c } return capacityMap } +func dataSourceShareProfileBandwidthToMap(bandwidth vpcv1.ShareProfileBandwidth) (bandwidthMap map[string]interface{}) { + bandwidthMap = map[string]interface{}{} + if bandwidth.Default != nil { + bandwidthMap["default"] = int(*bandwidth.Default) + } + + if bandwidth.Max != nil { + bandwidthMap["max"] = *bandwidth.Max + } + if bandwidth.Min != nil { + bandwidthMap["min"] = *bandwidth.Min + } + if bandwidth.Step != nil { + bandwidthMap["step"] = *bandwidth.Step + } + if bandwidth.Type != nil { + bandwidthMap["type"] = *bandwidth.Type + } + + if bandwidth.Value != nil { + bandwidthMap["value"] = bandwidth.Value + } + if bandwidth.Values != nil { + bandwidthMap["values"] = bandwidth.Values + } + return bandwidthMap +} +func dataSourceShareProfileAllowedAccessProtocolToMap(allowedAccessProtocol vpcv1.ShareProfileAllowedAccessProtocols) (allowedAccessProtocolMap map[string]interface{}) { + allowedAccessProtocolMap = map[string]interface{}{} + + if allowedAccessProtocol.Type != nil { + allowedAccessProtocolMap["type"] = allowedAccessProtocol.Type + } + defaults := []string{} + if len(allowedAccessProtocol.Default) > 0 { + for _, value := range allowedAccessProtocol.Default { + defaults = append(defaults, value) + } + allowedAccessProtocolMap["default"] = defaults + } + values := []string{} + if len(allowedAccessProtocol.Values) > 0 { + for _, value := range allowedAccessProtocol.Values { + values = append(values, value) + } + allowedAccessProtocolMap["values"] = values + } + return allowedAccessProtocolMap +} + +func dataSourceShareProfileAllowedTransitEncryptionToMap(transitEncryptionModes vpcv1.ShareProfileAllowedTransitEncryptionModes) (transitEncryptionModesMap map[string]interface{}) { + transitEncryptionModesMap = map[string]interface{}{} + + if transitEncryptionModes.Type != nil { + transitEncryptionModesMap["type"] = transitEncryptionModes.Type + } + defaults := []string{} + if len(transitEncryptionModes.Default) > 0 { + for _, value := range transitEncryptionModes.Default { + defaults = append(defaults, value) + } + transitEncryptionModesMap["default"] = defaults + } + values := []string{} + if len(transitEncryptionModes.Values) > 0 { + for _, value := range transitEncryptionModes.Values { + values = append(values, value) + } + transitEncryptionModesMap["values"] = values + } + return transitEncryptionModesMap +} +func dataSourceShareProfileAvailabilityModesToMap(availabilityModes vpcv1.ShareProfileAvailabilityModes) (availabilityModesMap map[string]interface{}) { + availabilityModesMap = map[string]interface{}{} + + if availabilityModes.Type != nil { + availabilityModesMap["type"] = availabilityModes.Type + } + if availabilityModes.Default != nil { + availabilityModesMap["default"] = availabilityModes.Default + } + if availabilityModes.Value != nil { + availabilityModesMap["value"] = availabilityModes.Value + } + values := []string{} + if len(availabilityModes.Values) > 0 { + for _, value := range availabilityModes.Values { + values = append(values, value) + } + availabilityModesMap["values"] = values + } + return availabilityModesMap +} // dataSourceIbmIsShareProfileID returns a reasonable ID for the list. func dataSourceIbmIsShareProfileID(d *schema.ResourceData) string { diff --git a/ibm/service/vpc/data_source_ibm_is_share_profiles.go b/ibm/service/vpc/data_source_ibm_is_share_profiles.go index ee7c3f5cfb..5c27970353 100644 --- a/ibm/service/vpc/data_source_ibm_is_share_profiles.go +++ b/ibm/service/vpc/data_source_ibm_is_share_profiles.go @@ -27,6 +27,139 @@ func DataSourceIbmIsShareProfiles() *schema.Resource { Description: "Collection of share profiles.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "allowed_access_protocols": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "default": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The default allowed access protocol modes for shares with this profile.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The type for this profile field.", + }, + "values": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The possible allowed access protocols for shares with this profile.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "allowed_transit_encryption_modes": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "default": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The default allowed transit encryption modes for shares with this profile.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The type for this profile field.", + }, + "values": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The allowed transit encryption modes for a share with this profile", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "availability_modes": { + Type: schema.TypeList, + Computed: true, + Description: "The data availability mode of a share with this profile..", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "default": { + Type: schema.TypeString, + Computed: true, + Description: "The default data availability mode for this profile.", + }, + "type": { + Type: schema.TypeString, + Computed: true, + Description: "The type for this profile field.", + }, + "value": { + Type: schema.TypeString, + Computed: true, + Description: "The value for this profile field", + }, + "values": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: "The permitted values for this profile field.", + }, + }, + }, + }, + "bandwidth": { + Type: schema.TypeList, + Computed: true, + Description: "The permitted bandwidth (in megabits per second) for a share with this profile", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "default": { + Type: schema.TypeInt, + Computed: true, + Description: "The default capacity.", + }, + "max": { + Type: schema.TypeInt, + Computed: true, + Description: "The max capacity.", + }, + "min": { + Type: schema.TypeInt, + Computed: true, + Description: "The min capacity.", + }, + "step": { + Type: schema.TypeInt, + Computed: true, + Description: "The increment step value for this profile field.", + }, + "type": { + Type: schema.TypeString, + Computed: true, + Description: "The type for this profile field.", + }, + "value": { + Type: schema.TypeInt, + Computed: true, + Description: "The value for this profile field", + }, + "values": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeInt}, + Description: "The permitted values for this profile field.", + }, + }, + }, + }, "capacity": { Type: schema.TypeList, Computed: true, @@ -211,6 +344,36 @@ func dataSourceShareProfileCollectionProfilesToMap(profilesItem vpcv1.ShareProfi if profilesItem.ResourceType != nil { profilesMap["resource_type"] = profilesItem.ResourceType } + + if profilesItem.AllowedAccessProtocols != nil { + allowedAccessprotocolsList := []map[string]interface{}{} + allowedAccessprotocols := profilesItem.AllowedAccessProtocols.(*vpcv1.ShareProfileAllowedAccessProtocols) + allowedAccessprotocolsMap := dataSourceShareProfileAllowedAccessProtocolToMap(*allowedAccessprotocols) + allowedAccessprotocolsList = append(allowedAccessprotocolsList, allowedAccessprotocolsMap) + profilesMap["allowed_access_protocols"] = allowedAccessprotocolsList + } + if profilesItem.AllowedTransitEncryptionModes != nil { + allowedTEMList := []map[string]interface{}{} + allowedTEM := profilesItem.AllowedTransitEncryptionModes.(*vpcv1.ShareProfileAllowedTransitEncryptionModes) + allowedTEMMap := dataSourceShareProfileAllowedTransitEncryptionToMap(*allowedTEM) + allowedTEMList = append(allowedTEMList, allowedTEMMap) + profilesMap["allowed_transit_encryption_modes"] = allowedTEMList + } + if profilesItem.AvailabilityModes != nil { + availabilityModesList := []map[string]interface{}{} + availabilityModes := profilesItem.AvailabilityModes.(*vpcv1.ShareProfileAvailabilityModes) + availabilityModesMap := dataSourceShareProfileAvailabilityModesToMap(*availabilityModes) + availabilityModesList = append(availabilityModesList, availabilityModesMap) + profilesMap["availability_modes"] = availabilityModesList + } + if profilesItem.Bandwidth != nil { + bandwidthList := []map[string]interface{}{} + bandwidth := profilesItem.Bandwidth.(*vpcv1.ShareProfileBandwidth) + bandwidthMap := dataSourceShareProfileBandwidthToMap(*bandwidth) + bandwidthList = append(bandwidthList, bandwidthMap) + profilesMap["bandwidth"] = bandwidthList + } + if profilesItem.Capacity != nil { capacityList := []map[string]interface{}{} capacity := profilesItem.Capacity.(*vpcv1.ShareProfileCapacity) diff --git a/ibm/service/vpc/data_source_ibm_is_share_snapshots.go b/ibm/service/vpc/data_source_ibm_is_share_snapshots.go index 2345e4680c..1e6d6e3f28 100644 --- a/ibm/service/vpc/data_source_ibm_is_share_snapshots.go +++ b/ibm/service/vpc/data_source_ibm_is_share_snapshots.go @@ -366,12 +366,13 @@ func DataSourceIBMIsShareSnapshotsShareSnapshotToMap(model *vpcv1.ShareSnapshot) if model.UserTags != nil { modelMap["user_tags"] = model.UserTags } - zoneMap, err := DataSourceIBMIsShareSnapshotsZoneReferenceToMap(model.Zone) - if err != nil { - return modelMap, err + if model.Zone != nil { + zoneMap, err := DataSourceIBMIsShareSnapshotsZoneReferenceToMap(model.Zone) + if err != nil { + return modelMap, err + } + modelMap["zone"] = []map[string]interface{}{zoneMap} } - modelMap["zone"] = []map[string]interface{}{zoneMap} - if model.UserTags != nil { modelMap["tags"] = model.UserTags } diff --git a/ibm/service/vpc/data_source_ibm_is_share_test.go b/ibm/service/vpc/data_source_ibm_is_share_test.go index afdcf8a495..dc9b36beab 100644 --- a/ibm/service/vpc/data_source_ibm_is_share_test.go +++ b/ibm/service/vpc/data_source_ibm_is_share_test.go @@ -31,6 +31,7 @@ func TestAccIbmIsShareDataSourceBasic(t *testing.T) { resource.TestCheckResourceAttrSet("data.ibm_is_share.is_share", "lifecycle_state"), resource.TestCheckResourceAttrSet("data.ibm_is_share.is_share", "name"), resource.TestCheckResourceAttrSet("data.ibm_is_share.is_share", "profile"), + resource.TestCheckResourceAttrSet("data.ibm_is_share.is_share", "storage_generation"), resource.TestCheckResourceAttrSet("data.ibm_is_share.is_share", "resource_group"), resource.TestCheckResourceAttrSet("data.ibm_is_share.is_share", "resource_type"), resource.TestCheckResourceAttrSet("data.ibm_is_share.is_share", "size"), diff --git a/ibm/service/vpc/data_source_ibm_is_shares.go b/ibm/service/vpc/data_source_ibm_is_shares.go index b53a4d6fea..deb2ad415b 100644 --- a/ibm/service/vpc/data_source_ibm_is_shares.go +++ b/ibm/service/vpc/data_source_ibm_is_shares.go @@ -45,11 +45,27 @@ func DataSourceIbmIsShares() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, Description: "Allowed transit encryption modes", }, + "availability_mode": { + Type: schema.TypeString, + Computed: true, + Description: "Availability mode of the share.", + }, "access_control_mode": { Type: schema.TypeString, Computed: true, Description: "The access control mode for the share", }, + "allowed_access_protocols": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: "Allowed access protocols for this share", + }, + "bandwidth": { + Type: schema.TypeInt, + Computed: true, + Description: "The bandwidth for this share.", + }, "created_at": { Type: schema.TypeString, Computed: true, @@ -561,6 +577,11 @@ func DataSourceIbmIsShares() *schema.Resource { }, }, }, + "storage_generation": { + Type: schema.TypeInt, + Computed: true, + Description: "The storage generation for this share", + }, }, }, }, @@ -715,6 +736,15 @@ func dataSourceShareCollectionSharesToMap(meta interface{}, sharesItem vpcv1.Sha if !core.IsNil(sharesItem.AllowedTransitEncryptionModes) { sharesMap["allowed_transit_encryption_modes"] = sharesItem.AllowedTransitEncryptionModes } + if sharesItem.AvailabilityMode != nil { + sharesMap["availability_mode"] = *sharesItem.AvailabilityMode + } + if !core.IsNil(sharesItem.AllowedAccessProtocols) { + sharesMap["allowed_access_protocols"] = sharesItem.AllowedAccessProtocols + } + if sharesItem.Bandwidth != nil { + sharesMap["bandwidth"] = sharesItem.Bandwidth + } if sharesItem.AccessorBindingRole != nil { sharesMap["accessor_binding_role"] = sharesItem.AccessorBindingRole } @@ -773,6 +803,9 @@ func dataSourceShareCollectionSharesToMap(meta interface{}, sharesItem vpcv1.Sha sourceSnapshot = append(sourceSnapshot, modelMap) } sharesMap["source_snapshot"] = sourceSnapshot + + sharesMap["storage_generation"] = flex.IntValue(sharesItem.StorageGeneration) + accesstags, err := flex.GetGlobalTagsUsingCRN(meta, *sharesItem.CRN, "", isAccessTagType) if err != nil { log.Printf( diff --git a/ibm/service/vpc/data_source_ibm_is_shares_test.go b/ibm/service/vpc/data_source_ibm_is_shares_test.go index 34fd6f9c78..0d86136401 100644 --- a/ibm/service/vpc/data_source_ibm_is_shares_test.go +++ b/ibm/service/vpc/data_source_ibm_is_shares_test.go @@ -52,6 +52,7 @@ func TestAccIbmIsSharesDataSourceAllArgs(t *testing.T) { resource.TestCheckResourceAttrSet("data.ibm_is_shares.is_shares", "shares.0.name"), resource.TestCheckResourceAttrSet("data.ibm_is_shares.is_shares", "shares.0.resource_type"), resource.TestCheckResourceAttrSet("data.ibm_is_shares.is_shares", "shares.0.size"), + resource.TestCheckResourceAttrSet("data.ibm_is_shares.is_shares", "shares.0.storage_generation"), resource.TestCheckResourceAttrSet("data.ibm_is_shares.is_shares", "shares.0.accessor_binding_role"), resource.TestCheckResourceAttrSet("data.ibm_is_shares.is_shares", "total_count"), ), diff --git a/ibm/service/vpc/resource_ibm_is_share.go b/ibm/service/vpc/resource_ibm_is_share.go index b669859369..45d8ec3a59 100644 --- a/ibm/service/vpc/resource_ibm_is_share.go +++ b/ibm/service/vpc/resource_ibm_is_share.go @@ -31,6 +31,12 @@ const ( IsFileShareReplicationRoleReplica = "replica" ) +func normalizeValue(value string) string { + if value == "user_managed" { + return "ipsec" + } + return value +} func ResourceIbmIsShare() *schema.Resource { return &schema.Resource{ CreateContext: resourceIbmIsShareCreate, @@ -54,12 +60,48 @@ func ResourceIbmIsShare() *schema.Resource { Schema: map[string]*schema.Schema{ "allowed_transit_encryption_modes": { - Type: schema.TypeList, - Optional: true, - Computed: true, - Elem: &schema.Schema{Type: schema.TypeString}, + Type: schema.TypeSet, + Optional: true, + Computed: true, + Set: func(v interface{}) int { + str := v.(string) + normalized := normalizeValue(str) + return schema.HashString(normalized) + }, + Elem: &schema.Schema{ + Type: schema.TypeString, + DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { + if old == "user_managed" && new == "ipsec" { + return true + } + if old == "ipsec" && new == "user_managed" { + return true + } + return false + }, + }, Description: "Allowed transit encryption modes", }, + "allowed_access_protocols": { + Type: schema.TypeList, + Optional: true, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + ConflictsWith: []string{"replica_share", "origin_share", "source_share"}, + Description: "The access protocols to allow for this share", + }, + "availability_mode": { + Type: schema.TypeString, + Computed: true, + Description: "Availability mode of the share.", + }, + "bandwidth": { + Type: schema.TypeInt, + Optional: true, + Computed: true, + ConflictsWith: []string{"replica_share", "origin_share", "source_share"}, + Description: "The bandwidth for the file share.", + }, "encryption_key": { Type: schema.TypeString, Optional: true, @@ -123,6 +165,12 @@ func ResourceIbmIsShare() *schema.Resource { Description: "The share targets for this file share.Share targets mounted from a replica must be mounted read-only.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "access_protocol": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The protocol to use to access the share for this share mount target.", + }, "id": { Type: schema.TypeString, Computed: true, @@ -138,6 +186,15 @@ func ResourceIbmIsShare() *schema.Resource { Optional: true, Computed: true, Description: "The transit encryption mode.", + DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { + if old == "user_managed" && new == "ipsec" { + return true + } + if old == "ipsec" && new == "user_managed" { + return true + } + return false + }, }, "name": { Type: schema.TypeString, @@ -387,6 +444,12 @@ func ResourceIbmIsShare() *schema.Resource { Description: "The share targets for this replica file share.Share targets mounted from a replica must be mounted read-only.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "access_protocol": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The protocol to use to access the share for this share mount target.", + }, "href": { Type: schema.TypeString, Computed: true, @@ -408,6 +471,15 @@ func ResourceIbmIsShare() *schema.Resource { Optional: true, Computed: true, Description: "The transit encryption mode.", + DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { + if old == "user_managed" && new == "ipsec" { + return true + } + if old == "ipsec" && new == "user_managed" { + return true + } + return false + }, }, "virtual_network_interface": { Type: schema.TypeList, @@ -564,8 +636,8 @@ func ResourceIbmIsShare() *schema.Resource { }, "zone": { Type: schema.TypeString, - Required: true, - ForceNew: true, + Optional: true, + Computed: true, Description: "The name of the zone this replica file share will reside in. Must be a different zone in the same region as the source share.", }, }, @@ -905,7 +977,6 @@ func ResourceIbmIsShare() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, - ForceNew: true, Description: "The globally unique name of the zone this file share will reside in.", }, isFileShareTags: { @@ -978,12 +1049,17 @@ func ResourceIbmIsShare() *schema.Resource { }, }, }, + "storage_generation": { + Type: schema.TypeInt, + Computed: true, + Description: "The storage generation for this share", + }, }, } } func ResourceIbmIsShareValidator() *validate.ResourceValidator { - allowed_transit_encryption_modes := "none, user_managed" + allowed_transit_encryption_modes := "none, user_managed, ipsec, stunnel" validateSchema := make([]validate.ValidateSchema, 1) validateSchema = append(validateSchema, validate.ValidateSchema{ @@ -1059,13 +1135,30 @@ func resourceIbmIsShareCreate(context context.Context, d *schema.ResourceData, m accessControlMode := accessControlModeIntf.(string) sharePrototype.AccessControlMode = &accessControlMode } + if allowedAccessProtocols, ok := d.GetOk("allowed_access_protocols"); ok { + allowedAccessProtocolsList := []string{} + for _, allowedAccessProtocolsIntf := range allowedAccessProtocols.([]interface{}) { + allowedAccessProtocolsList = append(allowedAccessProtocolsList, allowedAccessProtocolsIntf.(string)) + } + sharePrototype.AllowedAccessProtocols = allowedAccessProtocolsList + } + if bandwidthIntf, bandwidthOk := d.GetOk("bandwidth"); bandwidthOk { + bandwidth := int64(bandwidthIntf.(int)) + sharePrototype.Bandwidth = &bandwidth + } if allowedTransitEncryptionModesIntf, ok := d.GetOk("allowed_transit_encryption_modes"); ok { allowedTransitEncryptionModes := []string{} - for _, allowedTransitEncryptionModesItem := range allowedTransitEncryptionModesIntf.([]interface{}) { - allowedTransitEncryptionModes = append(allowedTransitEncryptionModes, allowedTransitEncryptionModesItem.(string)) + allowedTransitEncryptionModesItems := allowedTransitEncryptionModesIntf.(*schema.Set) + for _, allowedTransitEncryptionModesItemIntf := range allowedTransitEncryptionModesItems.List() { + allowedTransitEncryptionModesItem := allowedTransitEncryptionModesItemIntf.(string) + if allowedTransitEncryptionModesItem == "user_managed" { + allowedTransitEncryptionModesItem = "ipsec" + } + allowedTransitEncryptionModes = append(allowedTransitEncryptionModes, allowedTransitEncryptionModesItem) } sharePrototype.AllowedTransitEncryptionModes = allowedTransitEncryptionModes } + if encryptionKeyIntf, ok := d.GetOk("encryption_key"); ok { encryptionKey := encryptionKeyIntf.(string) encryptionKeyIdentity := &vpcv1.EncryptionKeyIdentity{ @@ -1110,6 +1203,7 @@ func resourceIbmIsShareCreate(context context.Context, d *schema.ResourceData, m if replicaShareIntf, ok := d.GetOk("replica_share"); ok { replicaShareMap := replicaShareIntf.([]interface{})[0].(map[string]interface{}) replicaShare := &vpcv1.SharePrototypeShareContext{} + iopsIntf, ok := replicaShareMap["iops"] iops := iopsIntf.(int) if ok && iops != 0 { @@ -1326,10 +1420,28 @@ func resourceIbmIsShareMapToShareMountTargetPrototype(d *schema.ResourceData, sh } } + if accessProtocolIntf, ok := shareTargetPrototypeMap["access_protocol"]; ok && accessProtocolIntf != nil && accessProtocolIntf.(string) != "" { + accessProtocol := accessProtocolIntf.(string) + shareTargetPrototype.AccessProtocol = &accessProtocol + } else { + accessProtocol := "nfs4" + shareTargetPrototype.AccessProtocol = &accessProtocol + } if transitEncryptionIntf, ok := shareTargetPrototypeMap["transit_encryption"]; ok && transitEncryptionIntf != "" { transitEncryption := transitEncryptionIntf.(string) + if transitEncryption == "user_managed" { + transitEncryption = "ipsec" + } shareTargetPrototype.TransitEncryption = &transitEncryption + } else { + shareProfile := d.Get("profile").(string) + if shareProfile == "dp2" { + shareTargetPrototype.TransitEncryption = &[]string{"none"}[0] + } else if shareProfile == "rfs" { + shareTargetPrototype.TransitEncryption = &[]string{"stunnel"}[0] + } } + return shareTargetPrototype, nil } @@ -1355,7 +1467,11 @@ func resourceIbmIsShareRead(context context.Context, d *schema.ResourceData, met log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage()) return tfErr.GetDiag() } - + if share.AvailabilityMode != nil { + if err = d.Set("availability_mode", *share.AvailabilityMode); err != nil { + return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share", "read", "set-availability_mode").GetDiag() + } + } if share.EncryptionKey != nil { if err = d.Set("encryption_key", *share.EncryptionKey.CRN); err != nil { return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share", "read", "set-encryption_key").GetDiag() @@ -1366,6 +1482,16 @@ func resourceIbmIsShareRead(context context.Context, d *schema.ResourceData, met return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share", "read", "set-access_control_mode").GetDiag() } } + allowedaccessprotocols := []string{} + if share.AllowedAccessProtocols != nil && len(share.AllowedAccessProtocols) > 0 { + allowedaccessprotocols = share.AllowedAccessProtocols + } + if err = d.Set("allowed_access_protocols", allowedaccessprotocols); err != nil { + return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share", "read", "set-allowed_access_protocols").GetDiag() + } + if err = d.Set("bandwidth", flex.IntValue(share.Bandwidth)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting bandwidth: %s", err)) + } if !core.IsNil(share.AllowedTransitEncryptionModes) { if err = d.Set("allowed_transit_encryption_modes", share.AllowedTransitEncryptionModes); err != nil { err = fmt.Errorf("Error setting allowed_transit_encryption_modes: %s", err) @@ -1473,7 +1599,7 @@ func resourceIbmIsShareRead(context context.Context, d *schema.ResourceData, met } } - if share.Zone != nil { + if share.Zone != nil && share.Zone.Name != nil && *share.Zone.Name != "" { if err = d.Set("zone", *share.Zone.Name); err != nil { return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share", "read", "set-zone").GetDiag() } @@ -1566,7 +1692,9 @@ func resourceIbmIsShareRead(context context.Context, d *schema.ResourceData, met status_reasons = append(status_reasons, status_reason) } d.Set("replication_status_reasons", status_reasons) - + if err := d.Set("storage_generation", flex.IntValue(share.StorageGeneration)); err != nil { + return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting storage_generation: %s", err), "ibm_is_share", "read", "set-storage_generation").GetDiag() + } accesstags, err := flex.GetGlobalTagsUsingCRN(meta, *share.CRN, "", isAccessTagType) if err != nil { log.Printf( @@ -1882,7 +2010,10 @@ func ShareReplicaToMap(context context.Context, vpcClient *vpcv1.VpcV1, d *schem shareReplicaMap["replication_role"] = shareReplica.ReplicationRole shareReplicaMap["profile"] = shareReplica.Profile.Name shareReplicaMap["replication_status"] = shareReplica.ReplicationStatus - shareReplicaMap["zone"] = shareReplica.Zone.Name + + if shareReplica.Zone != nil && shareReplica.Zone.Name != nil && *shareReplica.Zone.Name != "" { + shareReplicaMap["zone"] = shareReplica.Zone.Name + } status_reasons := []map[string]interface{}{} for _, status_reason_item := range shareReplica.ReplicationStatusReasons { status_reason := make(map[string]interface{}) @@ -1965,6 +2096,7 @@ func shareUpdate(vpcClient *vpcv1.VpcV1, context context.Context, d *schema.Reso hasChange := false hasSizeChanged := false + hasBandwidthChanged := false sharePatchModel := &vpcv1.SharePatch{} shareNameSchema := "" shareIopsSchema := "" @@ -2007,8 +2139,12 @@ func shareUpdate(vpcClient *vpcv1.VpcV1, context context.Context, d *schema.Reso sharePatchModel.Size = &size hasChange = true } - } - if shareType == "share" { + if d.HasChange("bandwidth") { + bandwidth := int64(d.Get("bandwidth").(int)) + hasBandwidthChanged = true + sharePatchModel.Bandwidth = &bandwidth + hasChange = true + } if d.HasChange("access_control_mode") { accessControlMode := d.Get("access_control_mode").(string) if accessControlMode != "" { @@ -2018,11 +2154,26 @@ func shareUpdate(vpcClient *vpcv1.VpcV1, context context.Context, d *schema.Reso } if d.HasChange("allowed_transit_encryption_modes") { var allowedTransitEncryptionModes []string - for _, v := range d.Get("allowed_transit_encryption_modes").([]interface{}) { + if allowedTPMModesItemsIntf, ok := d.GetOk("allowed_transit_encryption_modes"); ok { + allowedTPMModesItems := allowedTPMModesItemsIntf.(*schema.Set) + for _, v := range allowedTPMModesItems.List() { + allowedTransitEncryptionModesItem := v.(string) + if allowedTransitEncryptionModesItem == "user_managed" { + allowedTransitEncryptionModesItem = "ipsec" + } + allowedTransitEncryptionModes = append(allowedTransitEncryptionModes, allowedTransitEncryptionModesItem) + } + sharePatchModel.AllowedTransitEncryptionModes = allowedTransitEncryptionModes + hasChange = true + } + } + if d.HasChange("access_control_protocols") { + var access_control_protocols []string + for _, v := range d.Get("access_control_protocols").([]interface{}) { allowedTransitEncryptionModesItem := v.(string) - allowedTransitEncryptionModes = append(allowedTransitEncryptionModes, allowedTransitEncryptionModesItem) + access_control_protocols = append(access_control_protocols, allowedTransitEncryptionModesItem) } - sharePatchModel.AllowedTransitEncryptionModes = allowedTransitEncryptionModes + sharePatchModel.AllowedAccessProtocols = access_control_protocols hasChange = true } } @@ -2082,7 +2233,7 @@ func shareUpdate(vpcClient *vpcv1.VpcV1, context context.Context, d *schema.Reso return err } updateShareOptions.SetSharePatch(sharePatch) - if hasSizeChanged { + if hasSizeChanged || hasBandwidthChanged { _, err = isWaitForShareAvailable(context, vpcClient, d.Id(), d, d.Timeout(schema.TimeoutCreate)) if err != nil { return err diff --git a/ibm/service/vpc/resource_ibm_is_share_delete_accessor_binding_test.go b/ibm/service/vpc/resource_ibm_is_share_delete_accessor_binding_test.go index cc581c92df..9693843df0 100644 --- a/ibm/service/vpc/resource_ibm_is_share_delete_accessor_binding_test.go +++ b/ibm/service/vpc/resource_ibm_is_share_delete_accessor_binding_test.go @@ -22,7 +22,7 @@ func TestAccIbmIsShareDeleteAccessorBinding(t *testing.T) { shareName := fmt.Sprintf("tf-share-%d", acctest.RandIntRange(10, 100)) shareName1 := fmt.Sprintf("tf-share1-%d", acctest.RandIntRange(10, 100)) shareName2 := fmt.Sprintf("tf-share2-%d", acctest.RandIntRange(10, 100)) - tEMode1 := "user_managed" + tEMode1 := "ipsec" // tEMode2 := "none" resource.Test(t, resource.TestCase{ PreCheck: func() { acc.TestAccPreCheck(t) }, diff --git a/ibm/service/vpc/resource_ibm_is_share_mount_target.go b/ibm/service/vpc/resource_ibm_is_share_mount_target.go index 82c4e18709..226812b9a2 100644 --- a/ibm/service/vpc/resource_ibm_is_share_mount_target.go +++ b/ibm/service/vpc/resource_ibm_is_share_mount_target.go @@ -35,6 +35,12 @@ func ResourceIBMIsShareMountTarget() *schema.Resource { ForceNew: true, Description: "The file share identifier.", }, + "access_protocol": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The protocol to use to access the share for this share mount target.", + }, "name": { Type: schema.TypeString, Required: true, @@ -47,6 +53,15 @@ func ResourceIBMIsShareMountTarget() *schema.Resource { ForceNew: true, Computed: true, Description: "The transit encryption mode.", + DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { + if old == "user_managed" && new == "ipsec" { + return true + } + if old == "ipsec" && new == "user_managed" { + return true + } + return false + }, }, "access_control_mode": { Type: schema.TypeString, @@ -344,9 +359,36 @@ func resourceIBMIsShareMountTargetCreate(context context.Context, d *schema.Reso name := nameIntf.(string) shareMountTargetPrototype.Name = &name } + if accessProtocolIntf, ok := d.GetOk("access_protocol"); ok { + accessProtocol := accessProtocolIntf.(string) + shareMountTargetPrototype.AccessProtocol = &accessProtocol + } else { + accessProtocol := "nfs4" + shareMountTargetPrototype.AccessProtocol = &accessProtocol + } if transitEncryptionIntf, ok := d.GetOk("transit_encryption"); ok { transitEncryption := transitEncryptionIntf.(string) + if transitEncryption == "user_managed" { + transitEncryption = "ipsec" + } shareMountTargetPrototype.TransitEncryption = &transitEncryption + } else { + getShareOptions := &vpcv1.GetShareOptions{ + ID: &shareId, + } + share, _, err := vpcClient.GetShareWithContext(context, getShareOptions) + if err != nil || share == nil { + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetShareWithContext failed: %s", err.Error()), "ibm_is_share_mount_target", "create") + log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage()) + return tfErr.GetDiag() + } + if share != nil && share.Profile != nil && share.Profile.Name != nil { + if *share.Profile.Name == "dp2" { + shareMountTargetPrototype.TransitEncryption = &[]string{"ipsec"}[0] + } else if *share.Profile.Name == "rfs" { + shareMountTargetPrototype.TransitEncryption = &[]string{"stunnel"}[0] + } + } } createShareMountTargetOptions.ShareMountTargetPrototype = shareMountTargetPrototype shareTarget, response, err := vpcClient.CreateShareMountTargetWithContext(context, createShareMountTargetOptions) @@ -425,7 +467,11 @@ func resourceIBMIsShareMountTargetRead(context context.Context, d *schema.Resour return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("[ERROR] Error setting transit_encryption: %s", err), "ibm_is_share_mount_target", "read", "set-transit_encryption").GetDiag() } } - + if shareTarget.AccessProtocol != nil { + if err = d.Set("access_protocol", *shareTarget.AccessProtocol); err != nil { + return diag.FromErr(fmt.Errorf("Error setting access_protocol: %s", err)) + } + } if err = d.Set("created_at", shareTarget.CreatedAt.String()); err != nil { return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("[ERROR] Error setting created_at: %s", err), "ibm_is_share_mount_target", "read", "set-created_at").GetDiag() } diff --git a/ibm/service/vpc/resource_ibm_is_share_mount_target_test.go b/ibm/service/vpc/resource_ibm_is_share_mount_target_test.go index 833b0a2756..9ae3614bea 100644 --- a/ibm/service/vpc/resource_ibm_is_share_mount_target_test.go +++ b/ibm/service/vpc/resource_ibm_is_share_mount_target_test.go @@ -68,6 +68,31 @@ func TestAccIBMIsShareMountTargetTransitEncryptionBasic(t *testing.T) { }) } +func TestAccIBMIsShareMountTargetTransitEncryptionIpsec(t *testing.T) { + var conf vpcv1.ShareMountTarget + vpcname := fmt.Sprintf("tf-vpc-name-%d", acctest.RandIntRange(10, 100)) + targetName := fmt.Sprintf("tf-target-%d", acctest.RandIntRange(10, 100)) + sname := fmt.Sprintf("tf-fs-name-%d", acctest.RandIntRange(10, 100)) + vniName := fmt.Sprintf("tf-fs-vni-%d", acctest.RandIntRange(10, 100)) + primaryIPName := fmt.Sprintf("tf-fs-pipname-%d", acctest.RandIntRange(10, 100)) + subnetName := fmt.Sprintf("tf-fs-subnetn-%d", acctest.RandIntRange(10, 100)) + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIbmIsShareTargetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMIsShareTargetTransitEncryptionConfigIpsec(vpcname, sname, vniName, subnetName, primaryIPName, targetName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIbmIsShareTargetExists("ibm_is_share_mount_target.is_share_target", conf), + resource.TestCheckResourceAttr("ibm_is_share_mount_target.is_share_target", "name", targetName), + resource.TestCheckResourceAttr("ibm_is_share_mount_target.is_share_target", "transit_encryption", "user_managed"), + ), + }, + }, + }) +} + func TestAccIbmIsShareMountTargetVNISubnet(t *testing.T) { var conf vpcv1.ShareMountTarget vpcname := fmt.Sprintf("tf-vpc-name-%d", acctest.RandIntRange(10, 100)) @@ -507,7 +532,45 @@ func testAccCheckIBMIsShareTargetTransitEncryptionConfigBasic(vpcName, sname, vn } resource "ibm_is_share_mount_target" "is_share_target" { share = ibm_is_share.is_share.id - transit_encryption = "user_managed" + transit_encryption = "ipsec" + virtual_network_interface { + name = "%s" + primary_ip { + name = "%s" + } + subnet = ibm_is_subnet.testacc_subnet.id + } + name = "%s" + } + `, sname, acc.ShareProfileName, vpcName, subnetName, acc.ISCIDR, vniName, primaryIPName, targetName) +} + +func testAccCheckIBMIsShareTargetTransitEncryptionConfigIpsec(vpcName, sname, vniName, subnetName, primaryIPName, targetName string) string { + return fmt.Sprintf(` + data "ibm_resource_group" "group" { + is_default = "true" + } + resource "ibm_is_share" "is_share" { + access_control_mode = "security_group" + allowed_access_protocols = ["nfs4] + zone = "us-south-1" + size = 200 + name = "%s" + profile = "%s" + } + resource "ibm_is_vpc" "testacc_vpc" { + name = "%s" + } + resource "ibm_is_subnet" "testacc_subnet" { + name = "%s" + vpc = ibm_is_vpc.testacc_vpc.id + zone = "us-south-1" + ipv4_cidr_block = "%s" + } + resource "ibm_is_share_mount_target" "is_share_target" { + share = ibm_is_share.is_share.id + transit_encryption = "ipsec" + access_protocol = "nfs4" virtual_network_interface { name = "%s" primary_ip { diff --git a/ibm/service/vpc/resource_ibm_is_share_snapshot.go b/ibm/service/vpc/resource_ibm_is_share_snapshot.go index 649c97560d..1af1919509 100644 --- a/ibm/service/vpc/resource_ibm_is_share_snapshot.go +++ b/ibm/service/vpc/resource_ibm_is_share_snapshot.go @@ -484,9 +484,12 @@ func resourceIBMIsShareSnapshotRead(context context.Context, d *schema.ResourceD err = fmt.Errorf("Error setting status_reasons: %s", err) return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share_snapshot", "read", "set-status_reasons").GetDiag() } - zoneMap, err := ResourceIBMIsShareSnapshotZoneReferenceToMap(shareSnapshot.Zone) - if err != nil { - return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share_snapshot", "read", "zone-to-map").GetDiag() + zoneMap := make(map[string]interface{}) + if shareSnapshot.Zone != nil { + zoneMap, err = ResourceIBMIsShareSnapshotZoneReferenceToMap(shareSnapshot.Zone) + if err != nil { + return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_share_snapshot", "read", "zone-to-map").GetDiag() + } } if err = d.Set("zone", []map[string]interface{}{zoneMap}); err != nil { err = fmt.Errorf("Error setting zone: %s", err) diff --git a/ibm/service/vpc/resource_ibm_is_share_test.go b/ibm/service/vpc/resource_ibm_is_share_test.go index c4ee7f2d14..94b0e0b887 100644 --- a/ibm/service/vpc/resource_ibm_is_share_test.go +++ b/ibm/service/vpc/resource_ibm_is_share_test.go @@ -264,6 +264,35 @@ func TestAccIbmIsShareVNIID(t *testing.T) { }) } +func TestAccIbmIsRegionalShare(t *testing.T) { + var conf vpcv1.Share + + name := fmt.Sprintf("tf-fs-name-%d", acctest.RandIntRange(10, 100)) + subnetName := fmt.Sprintf("tf-subnet-%d", acctest.RandIntRange(10, 100)) + shareTargetName := fmt.Sprintf("tf-fs-tg-name-%d", acctest.RandIntRange(10, 100)) + vpcname := fmt.Sprintf("tf-vpc-name-%d", acctest.RandIntRange(10, 100)) + vniname := fmt.Sprintf("tf-vni-%d", acctest.RandIntRange(10, 100)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIbmIsShareDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIbmIsRegionalShareConfig(vpcname, subnetName, shareTargetName, vniname, name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIbmIsShareExists("ibm_is_share.is_share", conf), + resource.TestCheckResourceAttr("ibm_is_share.is_share", "name", name), + resource.TestCheckResourceAttrSet("ibm_is_share.is_share", "id"), + resource.TestCheckResourceAttrSet("ibm_is_share.is_share", "mount_targets.0.virtual_network_interface.0.id"), + resource.TestCheckResourceAttr("ibm_is_share.is_share", "mount_targets.0.access_protocol", "nfs4"), + resource.TestCheckResourceAttrSet("ibm_is_share.is_share", "mount_targets.0.virtual_network_interface.0.name"), + ), + }, + }, + }) +} + func TestAccIbmIsShareOriginShare(t *testing.T) { var conf vpcv1.Share @@ -315,7 +344,37 @@ func TestAccIbmIsShareOriginShare(t *testing.T) { }, }) } +func TestAccIbmIsShareRegionalShare(t *testing.T) { + var conf vpcv1.Share + // name := fmt.Sprintf("tf-fs-name-%d", acctest.RandIntRange(10, 100)) + subnetName := fmt.Sprintf("tf-subnet-%d", acctest.RandIntRange(10, 100)) + vpcname := fmt.Sprintf("tf-vpc-name-%d", acctest.RandIntRange(10, 100)) + shareName := fmt.Sprintf("tf-share-%d", acctest.RandIntRange(10, 100)) + + tEMode1 := "stunnel" + allowedAccessProtocol := "nfs4" + + // tEMode2 := "none" + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIbmIsShareDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIbmIsShareConfigRegionalShareConfig(vpcname, subnetName, tEMode1, shareName, allowedAccessProtocol), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIbmIsShareExists("ibm_is_share.is_share", conf), + resource.TestCheckResourceAttr("ibm_is_share.is_share", "name", shareName), + resource.TestCheckResourceAttrSet("ibm_is_share.is_share", "id"), + resource.TestCheckResourceAttr("ibm_is_share.is_share", "allowed_transit_encryption_modes.0", tEMode1), + resource.TestCheckResourceAttr("ibm_is_share.is_share", "allowed_access_protocols.0", allowedAccessProtocol), + resource.TestCheckResourceAttr("ibm_is_share.is_share", "bandwidth", "100"), + ), + }, + }, + }) +} func TestAccIbmIsShareFromShareSnapshot(t *testing.T) { var conf vpcv1.Share @@ -396,6 +455,43 @@ func testAccCheckIbmIsShareConfigVNIID(vpcName, sname, targetName, vniName, shar `, vpcName, sname, acc.ISCIDR, vniName, shareName, targetName) } +func testAccCheckIbmIsRegionalShareConfig(vpcName, sname, targetName, vniName, shareName string) string { + return fmt.Sprintf(` + data "ibm_resource_group" "group" { + is_default = "true" + } + resource "ibm_is_vpc" "testacc_vpc" { + name = "%s" + } + resource "ibm_is_subnet" "testacc_subnet" { + name = "%s" + vpc = ibm_is_vpc.testacc_vpc.id + zone = "us-south-1" + ipv4_cidr_block = "%s" + } + resource "ibm_is_virtual_network_interface" "testacc_vni"{ + name = "%s" + subnet = ibm_is_subnet.testacc_subnet.id + } + resource "ibm_is_share" "is_share" { + access_control_mode = "security_group" + allowed_access_protocols = "nfs4" + zone = "us-south-1" + size = 220 + name = "%s" + profile = "rfs" + mount_targets { + transit_encryption = "ipsec" + access_protocol = "nfs4" + name = "%s" + virtual_network_interface { + id = ibm_is_virtual_network_interface.testacc_vni.id + } + } + } + `, vpcName, sname, acc.ISCIDR, vniName, shareName, targetName) +} + func testAccCheckIbmIsShareConfigOriginShareConfig(vpcName, sname, tEMode, shareName, shareName1 string) string { return fmt.Sprintf(` @@ -426,6 +522,20 @@ func testAccCheckIbmIsShareConfigOriginShareConfig(vpcName, sname, tEMode, share `, vpcName, sname, acc.ISCIDR, tEMode, shareName, shareName1) } +func testAccCheckIbmIsShareConfigRegionalShareConfig(vpcName, sname, tEMode, shareName, allowedAccessProtocol string) string { + return fmt.Sprintf(` + + resource "ibm_is_share" "is_share" { + allowed_transit_encryption_modes = ["%s"] + allowed_access_protocols = ["%s"] + size = 220 + name = "%s" + profile = "rfs" + bandwidth = 100 + } + `, tEMode, allowedAccessProtocol, shareName) +} + func testAccCheckIbmIsShareConfigShareSnapshotConfig(vpcName, sname, tEMode, shareName, shareSnapName, shareName1 string) string { return fmt.Sprintf(` diff --git a/website/docs/d/is_share.html.markdown b/website/docs/d/is_share.html.markdown index 00aba29562..7948d5bf12 100644 --- a/website/docs/d/is_share.html.markdown +++ b/website/docs/d/is_share.html.markdown @@ -46,12 +46,15 @@ The following attributes are exported: - `access_control_mode` - (Boolean) The access control mode for the share. - `accessor_binding_role` - (String) The accessor binding role of this file share:- `none`: This file share is not participating in access with another file share- `origin`: This file share is the origin for one or more file shares (which may be in other accounts)- `accessor`: This file share is providing access to another file share (which may be in another account). +- `allowed_transit_encryption_modes` - (List of string) The transit encryption modes to allow for this share. +- `availability_mode` - (String) The data availability mode of the share +- `allowed_access_protocols` - (String) The access protocols to allow for this share +- `bandwidth` - (Integer) The maximum bandwidth (in megabits per second) for the share. - `accessor_bindings` - (List) The accessor bindings for this file share. Each accessor binding identifies a resource (possibly in another account) with access to this file share's data. Nested schema for **accessor_bindings**: - `href` - (String) The URL for this share accessor binding. - `id` - (String) The unique identifier for this share accessor binding. - `resource_type` - (String) The resource type. -- `allowed_transit_encryption_modes` - (List of string) The transit encryption modes allowed for this share. - `access_tags` - (String) Access management tags associated to the share. - `created_at` - The date and time that the file share is created. - `crn` - The CRN for this share. diff --git a/website/docs/d/is_share_mount_target.html.markdown b/website/docs/d/is_share_mount_target.html.markdown index 00cb4fab2f..d83f1c0e42 100644 --- a/website/docs/d/is_share_mount_target.html.markdown +++ b/website/docs/d/is_share_mount_target.html.markdown @@ -25,9 +25,11 @@ resource "ibm_is_share" "example" { } resource "ibm_is_share_mount_target" "example" { + access_protocol = "nfs4" share = ibm_is_share.is_share.id vpc = ibm_is_vpc.example.id name = "example-share-target" + transit_encryption = "none" } data "ibm_is_share_mount_target" "example" { @@ -47,6 +49,7 @@ The following arguments are supported: The following attributes are exported: +- `access_protocol` - The protocol to use to access the share for this share mount target. - `created_at` - The date and time that the share target was created. - `href` - The URL for this share target. - `lifecycle_state` - The lifecycle state of the mount target. diff --git a/website/docs/d/is_share_mount_targets.html.markdown b/website/docs/d/is_share_mount_targets.html.markdown index 2cb13d4b10..e73999d96e 100644 --- a/website/docs/d/is_share_mount_targets.html.markdown +++ b/website/docs/d/is_share_mount_targets.html.markdown @@ -40,6 +40,7 @@ The following attributes are exported: - `id` - The unique identifier of the ShareTargetCollection. - `mount_targets` - Collection of share targets. Nested `targets` blocks have the following structure: + - `access_protocol` - The protocol to use to access the share for this share mount target - `created_at` - The date and time that the share target was created. - `href` - The URL for this share target. - `id` - The unique identifier for this share target. diff --git a/website/docs/d/is_share_profile.html.markdown b/website/docs/d/is_share_profile.html.markdown index af53870eb0..3c276a65f9 100644 --- a/website/docs/d/is_share_profile.html.markdown +++ b/website/docs/d/is_share_profile.html.markdown @@ -32,14 +32,35 @@ The following attributes are exported: - `family` - (String) The product family this share profile belongs to. - `href` - (String) The URL for this share profile. - `resource_type` - (String) The resource type. +- `allowed_access_protocols` - (List) The possible allowed access protocols for a share with this profile.. Nested `allowed_access_protocols` blocks have the following structure: + - `default` - (List of String) The default allowed access protocol modes for shares with this profile. + - `type` - (String) The type for this profile field + - `values` - (List of String) The possible allowed access protocols for shares with this profile. +- `allowed_transit_encryption_modes` - (List) The possible allowed transit encryption modes for a share with this profile.. Nested `allowed_transit_encryption_modes` blocks have the following structure: + - `default` - (List of String) The default allowed transit encryption modes for shares with this profile. + - `type` - (String) The type for this profile field. + - `values` - (List of String) The allowed transit encryption modes for a share with this profile. +- `availability_modes` - (List) The data availability mode of a share with this profile. Nested `availability_modes` blocks have the following structure: + - `default` - (List of String) The default allowed transit encryption modes for shares with this profile. + - `type` - (String) The type for this profile field. + - `value` - (String) The value for this profile field + - `values` - (List of String) The allowed transit encryption modes for a share with this profile. +- `bandwidth` - (List) The permitted bandwidth (in megabits per second) for a share with this profile. Nested `capacity` blocks have the following structure: + - `default` - (Integer) The default capacity for this share profile + - `max` - (Integer) The max capacity for this share profile + - `min` - (Integer) The min capacity for this share profile + - `step` - (Integer) The increment step value for this profile field + - `type` - (String) The type for this profile field + - `value` - (Integer) The value for this profile field + - `values` - (List of Integers) The permitted values for this profile field - `capacity` - (List) - The permitted capacity range (in gigabytes) for a share with this profile. Nested `capacity` blocks have the following structure: - - `default` - (Integer) The default capacity for this share profile - - `max` - (Integer) The max capacity for this share profile - - `min` - (Integer) The min capacity for this share profile - - `step` - (Integer) The increment step value for this profile field - - `type` - (String) The type for this profile field - - `value` - (Integer) The value for this profile field - - `values` - (List of Integers) The permitted values for this profile field + - `default` - (Integer) The default capacity for this share profile + - `max` - (Integer) The max capacity for this share profile + - `min` - (Integer) The min capacity for this share profile + - `step` - (Integer) The increment step value for this profile field + - `type` - (String) The type for this profile field + - `value` - (Integer) The value for this profile field + - `values` - (List of Integers) The permitted values for this profile field - `iops` - (List) - The permitted IOPS range for a share with this profile. Nested `iops` blocks have the following structure: - `default` - (Integer) The default iops for this share profile - `max` - (Integer) The max iops for this share profile diff --git a/website/docs/d/is_share_profiles.html.markdown b/website/docs/d/is_share_profiles.html.markdown index 92af5cf7a2..81a421dac8 100644 --- a/website/docs/d/is_share_profiles.html.markdown +++ b/website/docs/d/is_share_profiles.html.markdown @@ -26,6 +26,27 @@ The following attributes are exported: - `href` - (String) The URL for this share profile. - `name` - (String) The globally unique name for this share profile. - `resource_type` - (String) The resource type. + - `allowed_access_protocols` - (List) The possible allowed access protocols for a share with this profile.. Nested `allowed_access_protocols` blocks have the following structure: + - `default` - (List of String) The default allowed access protocol modes for shares with this profile. + - `type` - (String) The type for this profile field + - `values` - (List of String) The possible allowed access protocols for shares with this profile. + - `allowed_transit_encryption_modes` - (List) The possible allowed transit encryption modes for a share with this profile.. Nested `allowed_transit_encryption_modes` blocks have the following structure: + - `default` - (List of String) The default allowed transit encryption modes for shares with this profile. + - `type` - (String) The type for this profile field. + - `values` - (List of String) The allowed transit encryption modes for a share with this profile. + - `availability_modes` - (List) The data availability mode of a share with this profile. Nested `availability_modes` blocks have the following structure: + - `default` - (List of String) The default allowed transit encryption modes for shares with this profile. + - `type` - (String) The type for this profile field. + - `value` - (String) The value for this profile field + - `values` - (List of String) The allowed transit encryption modes for a share with this profile. + - `bandwidth` - (List) The permitted bandwidth (in megabits per second) for a share with this profile. Nested `capacity` blocks have the following structure: + - `default` - (Integer) The default capacity for this share profile + - `max` - (Integer) The max capacity for this share profile + - `min` - (Integer) The min capacity for this share profile + - `step` - (Integer) The increment step value for this profile field + - `type` - (String) The type for this profile field + - `value` - (Integer) The value for this profile field + - `values` - (List of Integers) The permitted values for this profile field - `capacity` - (List) The permitted capacity range (in gigabytes) for a share with this profile. Nested `capacity` blocks have the following structure: - `default` - (Integer) The default capacity for this share profile - `max` - (Integer) The max capacity for this share profile diff --git a/website/docs/d/is_shares.html.markdown b/website/docs/d/is_shares.html.markdown index a3ea8acfab..5a382e379a 100644 --- a/website/docs/d/is_shares.html.markdown +++ b/website/docs/d/is_shares.html.markdown @@ -29,6 +29,10 @@ The following arguments are supported: The following attributes are exported: - `shares` - Collection of file shares. Nested `shares` blocks have the following structure: + - `allowed_transit_encryption_modes` - (List of string) The transit encryption modes to allow for this share. + - `availability_mode` - (String) The data availability mode of the share + - `allowed_access_protocols` - (String) The access protocols to allow for this share + - `bandwidth` - (Integer) The maximum bandwidth (in megabits per second) for the share. - `access_control_mode` - (Boolean) The access control mode for the share. - `accessor_binding_role` - (String) The accessor binding role of this file share:- `none`: This file share is not participating in access with another file share- `origin`: This file share is the origin for one or more file shares (which may be in other accounts)- `accessor`: This file share is providing access to another file share (which may be in another account). - `accessor_bindings` - (List) The accessor bindings for this file share. Each accessor binding identifies a resource (possibly in another account) with access to this file share's data. @@ -37,6 +41,8 @@ The following attributes are exported: - `id` - (String) The unique identifier for this share accessor binding. - `resource_type` - (String) The resource type. - `allowed_transit_encryption_modes` - (List of string) The transit encryption modes allowed for this share. + - `allowed_access_protocols` - (List of string) Allowed access protocols for the share. + - `bandwidth` - (Integer) Bandwidth of the share - `created_at` - The date and time that the file share is created. - `crn` - The CRN for this share. - `encryption` - The type of encryption used for this file share. diff --git a/website/docs/r/is_share.html.markdown b/website/docs/r/is_share.html.markdown index a0a7731c83..d492ef45a8 100644 --- a/website/docs/r/is_share.html.markdown +++ b/website/docs/r/is_share.html.markdown @@ -11,7 +11,7 @@ subcategory: "VPC infrastructure" Provides a resource for Share. This allows Share to be created, updated and deleted. For more information, about share replication, see [Share replication](https://cloud.ibm.com/docs/vpc?topic=vpc-file-storage-replication). ~> **NOTE** - New shares should be created with profile `dp2`. Old Tiered profiles will be deprecated soon. + Regional file share `rfs` profile is available for accounts that have been granted special approval to preview the feature. ## Example Usage @@ -101,7 +101,7 @@ resource "ibm_is_share" "example-4" { ## Example share (Create accessor share for an origin share) ```terraform resource "ibm_is_share" "example-4" { - allowed_transit_encryption_modes = ["user_managed", "none"] + allowed_transit_encryption_modes = ["ipsec", "none"] access_control_mode = "security_group" name = "my-share" size = 200 @@ -121,14 +121,26 @@ resource "ibm_is_share" "example-6" { name = "my-replica1" } ``` +## Example share (Create a regional file share) +```terraform +resource "ibm_is_share" "example-4" { + allowed_transit_encryption_modes = ["stunnel", "none"] + access_control_mode = "security_group" + bandwidth = 210 + name = "my-share" + size = 200 + profile = " profile = "rfs" +} ## Argument Reference The following arguments are supported: +- `allowed_access_protocols` - (Optional, List) List of allowed access protocols for the share. Supported values are **nfs4** - `access_control_mode` - (Optional, Boolean) The access control mode for the share. Supported values are **security_group** and **vpc**. Default value is **security_group** - `allowed_transit_encryption_modes` - (Optional, List of string) The transit encryption modes allowed for this share. - `access_tags` - (Optional, List of Strings) The list of access management tags to attach to the share. **Note** For more information, about creating access tags, see [working with tags](https://cloud.ibm.com/docs/account?topic=account-tag). +- `bandwidth` - (Optional, Integer) The bandwidth for the file share - `encryption_key` - (Optional, String) The CRN of the [Key Protect Root Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto Service Root Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource. - `initial_owner` - (Optional, List) The initial owner for the file share. diff --git a/website/docs/r/is_share_mount_target.html.markdown b/website/docs/r/is_share_mount_target.html.markdown index ef05a78bf1..fc491fb9b2 100644 --- a/website/docs/r/is_share_mount_target.html.markdown +++ b/website/docs/r/is_share_mount_target.html.markdown @@ -27,9 +27,11 @@ resource "ibm_is_share" "example" { } resource "ibm_is_share_mount_target" "example" { + access_protocol = "nfs4" share = ibm_is_share.example.id vpc = ibm_is_vpc.example.id name = "my-share-target" + transit_encryption = "none" }` ``` ``` @@ -54,6 +56,7 @@ resource "ibm_is_subnet" "example1" { } resource "ibm_is_share_mount_target" "example1" { + access_protocol = "nfs4" share = ibm_is_share.example1.id virtual_network_interface { primary_ip { @@ -63,16 +66,19 @@ resource "ibm_is_share_mount_target" "example1" { name = "my-example-vni" } name = "my-example-mount-target" + transit_encryption = "ipsec" } //Create a mount target with subnet id resource "ibm_is_share_mount_target" "example2" { + access_protocol = "nfs4" share = ibm_is_share.example.id virtual_network_interface { subnet = ibm_is_subnet.example.id name = "my-example-vni" } name = "my-example-mount-target" + transit_encryption = "ipsec" } //Create mount target with reserved ip id @@ -81,6 +87,7 @@ resource "ibm_is_subnet_reserved_ip" "example" { name = "my-example-resip" } resource "ibm_is_share_mount_target" "example" { + access_protocol = "nfs4" share = ibm_is_share.example.id virtual_network_interface { primary_ip { @@ -89,6 +96,7 @@ resource "ibm_is_share_mount_target" "example" { name = "my-example-vni" } name = "my-example-mount-target" + transit_encryption = "ipsec" } //Create mount target with VNI ID @@ -103,11 +111,13 @@ resource "ibm_is_virtual_network_interface" "example" { subnet = ibm_is_subnet.example.id } resource "ibm_is_share_mount_target" "mtarget1" { + access_protocol = "nfs4" share = ibm_is_share.share.id virtual_network_interface { id = ibm_is_virtual_network_interface.example.id } name = "my-example-mount-target" + transit_encryption = "ipsec" } ``` ## Argument Reference @@ -115,6 +125,7 @@ resource "ibm_is_share_mount_target" "mtarget1" { The following arguments are supported: - `share` - (Required, String) The file share identifier. +- `access_protocol` - (Optional, String) The protocol to use to access the share for this share mount target. The specified value must be listed in the share's allowed_access_protocols. Available values are `nfs4` - `virtual_network_interface` (Optional, List) The virtual network interface for this share mount target. Required if the share's `access_control_mode` is `security_group`. - `name` - (Required, String) Name for this virtual network interface. The name must not be used by another virtual network interface in the VPC. Nested scheme for `virtual_network_interface`: @@ -150,11 +161,11 @@ The following arguments are supported: ~> **Note** `virtual_network_interface` and `vpc` are mutually exclusive and one of them must be provided. - `name` - (Required, String) The user-defined name for this share target. Names must be unique within the share the share target resides in. If unspecified, the name will be a hyphenated list of randomly-selected words. -- `transit_encryption` - (Optional, String) The transit encryption mode for this share target. Supported values are **none**, **user_managed**. Default is **none** - -~> **Note** - `transit_encryption` can only be provided to create mount target for a share with `access_control_mode` `security_group`. It is not supported with shares that has `access_control_mode` `vpc` +- `transit_encryption` - (Optional, String) The transit encryption mode for this share target. Supported values are **none**, **ipsec** and **stunnel** + ~> **Note** + If `transit_encryption` is not provided, the default transit encryption for the corresponding share profile will be used + ## Attribute Reference The following attributes are exported: