merge

.github/workflows/acc_test.yml

@@ -25,11 +25,13 @@ jobs:
           TF_ACC_NETAPP_HOST2: ${{ secrets.TF_ACC_NETAPP_HOST2 }}
           TF_ACC_NETAPP_HOST3: ${{ secrets.TF_ACC_NETAPP_HOST3 }}
           TF_ACC_NETAPP_HOST4: ${{ secrets.TF_ACC_NETAPP_HOST4 }}
+          TF_ACC_NETAPP_HOST_CIFS: ${{ secrets.TF_ACC_NETAPP_HOST_CIFS }}
           TF_ACC_NETAPP_USER: ${{ secrets.TF_ACC_NETAPP_USER }}
           TF_ACC_NETAPP_PASS: ${{ secrets.TF_ACC_NETAPP_PASS }}
           TF_ACC_NETAPP_PASS2: ${{ secrets.TF_ACC_NETAPP_PASS2 }}
+          TF_ACC_NETAPP_PASS_CIFS: ${{ secrets.TF_ACC_NETAPP_PASS_CIFS }}
           TF_ACC_NETAPP_LICENSE: ${{ secrets.TF_ACC_NETAPP_LICENSE }}
-
+          TF_ACC_NETAPP_CIFS_ADDOMAIN_PASS: ${{ secrets.TF_ACC_NETAPP_CIFS_ADDOMAIN_PASS }}
         run: |
           export GOFLAGS=-buildvcs=false
           export TF_ACC=1

.github/workflows/check_code.yml

@@ -0,0 +1,54 @@
+name: Check TODO Comments
+
+on:
+  pull_request:
+    paths:
+      - '**.go'
+
+jobs:
+  check-todo:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Check TODO Comments
+        id: check
+        run: |
+          FILES=$(git diff --name-only --diff-filter=AM origin/${{ github.base_ref }} | grep '\.go$')
+          TODO_LINES=""
+          for FILE in $FILES; do
+            while IFS= read -r line; do
+              TODO_LINES="$TODO_LINES\n$FILE#$line"
+            done < <(grep -n 'TODO' "$FILE" | cut -f1 -d:)
+          done
+          echo "::set-output name=todo_lines::$TODO_LINES"
+          if [ -n "$TODO_LINES" ]; then
+            echo "Found TODO comments in the following files:"
+            echo "$TODO_LINES"
+            exit 1
+          fi
+
+      - name: Create comments
+        if: failure()
+        uses: actions/github-script@v5
+        with:
+          script: |
+            const todo_lines = `${{ steps.check.outputs.todo_lines }}`.trim().split('\n');
+            const issue_number = context.payload.pull_request.number;
+            for (const todo_line of todo_lines) {
+              const [file, line] = todo_line.split('#');
+              const message = `TODO comment found in ${file} on line ${line}. Please remove the TODO comment.`;
+              github.rest.pulls.createReviewComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: issue_number,
+                body: message,
+                commit_id: context.payload.pull_request.head.sha,
+                path: file,
+                line: parseInt(line, 10),
+                side: 'RIGHT'
+              });
+            }

.github/workflows/check_for_examples.yml

@@ -0,0 +1,83 @@
+name: Check Documentation
+
+on:
+  pull_request:
+    paths:
+      - 'docs/data-sources/*.md'
+      - 'docs/resources/*.md'
+
+jobs:
+  check-example-usage:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Check for "## Example Usage"
+        id: check
+        run: |
+          FILES=$(git diff --name-only --diff-filter=A origin/${{ github.base_ref }} | grep '\.md$')
+          MISSING=""
+          for FILE in $FILES; do
+            if ! grep -q '## Example Usage' "$FILE"; then
+              MISSING="$MISSING\n$FILE"
+            fi
+          done
+          if [ -n "$MISSING" ]; then
+            echo "::set-output name=missing::$MISSING"
+            echo -e "The following files are missing '## Example Usage':$MISSING"
+            exit 1
+          fi
+
+      - name: Create comment
+        if: failure()
+        uses: actions/github-script@v5
+        with:
+          script: |
+            const issue_number = context.payload.pull_request.number;
+            const message = `The following files are missing '## Example Usage':\n${{ steps.check.outputs.missing }}`;
+            github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: issue_number,
+              body: message
+            });
+  check-subcategory:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Check for "subcategory:"
+        id: check
+        run: |
+          FILES=$(git diff --name-only --diff-filter=A origin/${{ github.base_ref }} | grep '\.md$')
+          MISSING=""
+          for FILE in $FILES; do
+            if ! grep -q 'subcategory: .\+' "$FILE"; then
+              MISSING="$MISSING\n$FILE"
+            fi
+          done
+          if [ -n "$MISSING" ]; then
+            echo "::set-output name=missing::$MISSING"
+            echo -e "The following files are missing a string after 'subcategory:':$MISSING"
+            exit 1
+          fi
+
+      - name: Create comment
+        if: failure()
+        uses: actions/github-script@v5
+        with:
+          script: |
+            const issue_number = context.payload.pull_request.number;
+            const message = `The following files don't have a subcategory':\n${{ steps.check.outputs.missing }}`;
+            github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: issue_number,
+              body: message
+            });

.github/workflows/gosec.yml

@@ -0,0 +1,25 @@
+name: "Security Scan"
+
+# Run workflow each time code is pushed to your repository and on a schedule.
+# The scheduled workflow runs every at 00:00 on Sunday UTC time.
+on:
+  pull_request:
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v3
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          # we let the report trigger content trigger a failure using the GitHub Security features.
+          args: '-no-fail -fmt sarif -out results.sarif ./...'
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: results.sarif

CHANGELOG.md

@@ -28,7 +28,7 @@ FEATURES:
 * **New Resource:** `netapp-ontap_protocols_cifs_user_group_member_resource` ([#123](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/123))
 * **New Resource:** `netapp-protocols_san_lun-maps_resource` ([#13](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/13))
 * **New Resource:** `netapp-ontap_name_services_ldap_resource` ([#25](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/25))
-
+* **New Resource:** `netapp-ontap_protocols_cifs_service_resource` ([#23](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/23))
 
 ENHANCEMENTS:
 * **netapp-ontap_protocols_nfs_export_policy_resource**: Add support for import ([#34](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/34))

docs/resources/protocols_cifs_service_resource.md

@@ -0,0 +1,133 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "netapp-ontap_protocols_cifs_service_resource Resource - terraform-provider-netapp-ontap"
+subcategory: "nas"
+description: |-
+  CifsService resource
+---
+
+# netapp-ontap_protocols_cifs_service_resource (Resource)
+
+Create/Modify/Delete a CIFS service resource
+
+### Related ONTAP commands
+* vserver cifs server create
+* vserver cifs server options modify
+* vserver cifs security modify
+* vserver cifs server add-netbios-aliases
+* vserver cifs server modify
+* vserver cifs server remove-netbios-aliases
+* vserver cifs server delete
+
+## Supported Platforms
+* On-perm ONTAP system 9.6 or higher
+* In security, parameters only can be used in ONTAP 9.8 or higher:
+  `lm_compatibility_level`, `encrypt_dc_connection`
+* In security, parameters only can be used in ONTAP 9.10 or higher
+  `use_ldaps, use_start_tls`, `aes_netlogon_enabled`, `try_ldap_channel_binding`, `ldap_referral_enabled`, `session_security`
+* In security, parameters only can be used in ONTAP 9.12 or higher
+  `advertised_kdc_encryptions`
+* In security, `kdc_encryption` deprecated in 9.12.1
+## Example Usage
+
+```terraform
+resource "netapp-ontap_protocols_cifs_service_resource" "protocols_cifs_service_basic" {
+  # required to know which system to interface with
+  cx_profile_name = "clustercifs"
+  name = "tftestcifs"
+  svm_name = "testSVM"
+  ad_domain = {
+    fqdn = "mytfdomain.com"
+    organizational_unit = "CN=Computers"
+    user = "administrator"
+    password = "Ab0xB@wks!"
+  }
+}
+
+resource "netapp-ontap_protocols_cifs_service_resource" "protocols_cifs_service" {
+  # required to know which system to interface with
+  cx_profile_name = "clustercifs"
+  name = "tftestcifs"
+  svm_name = "testSVM"
+  ad_domain = {
+    fqdn = "mytfdomain.com"
+    organizational_unit = "CN=Computers"
+    user = "administrator"
+    password = "Ab0xB@wks!"
+  }
+  netbios = {
+    aliases = ["abc", "def"]
+  }
+  security = {
+    lm_compatibility_level = "ntlm_ntlmv2_krb"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `ad_domain` (Attributes) Ad domain (see [below for nested schema](#nestedatt--ad_domain))
+- `cx_profile_name` (String) Connection profile name
+- `name` (String) CifsService name
+- `svm_name` (String) CifsService svm name
+
+### Optional
+
+- `comment` (String) Text comment of up to 48 characters about the CIFS server
+- `default_unix_user` (String) Default unix user
+- `enabled` (Boolean) Specifies if the CIFS service is administratively enabled
+- `force` (Boolean) Specifies if the CIFS service is administratively enabled (9.11)
+- `netbios` (Attributes) Netbios (see [below for nested schema](#nestedatt--netbios))
+- `security` (Attributes) Security (see [below for nested schema](#nestedatt--security))
+
+### Read-Only
+
+- `id` (String) CifsService ID
+
+<a id="nestedatt--ad_domain"></a>
+### Nested Schema for `ad_domain`
+
+Required:
+
+- `fqdn` (String) Fully qualified domain name of the Windows Active Directory to which this CIFS server belongs
+- `password` (String, Sensitive) Account password used to add this CIFS server to the Active Directory
+- `user` (String) User account with the access to add the CIFS server to the Active Directory
+
+Optional:
+
+- `organizational_unit` (String) Organizational unit
+
+
+<a id="nestedatt--netbios"></a>
+### Nested Schema for `netbios`
+
+Optional:
+
+- `aliases` (Set of String) list of one or more NetBIOS aliases for the CIFS server
+- `enabled` (Boolean) NetBios name service (NBNS) is enabled for the CIFS
+- `wins_servers` (Set of String) list of Windows Internet Name Server (WINS) addresses that manage and map the NetBIOS name of the CIFS server to their network IP addresses. The IP addresses must be IPv4 addresses.
+
+
+<a id="nestedatt--security"></a>
+### Nested Schema for `security`
+
+Optional:
+
+- `advertised_kdc_encryptions` (Set of String) List of advertised KDC encryptions
+- `aes_netlogon_enabled` (Boolean) An AES session key is enabled for the Netlogon channel (9.10)
+- `encrypt_dc_connection` (Boolean) Encryption is required for domain controller connections (9.8)
+- `kdc_encryption` (Boolean) Specifies whether AES-128 and AES-256 encryption is enabled for all Kerberos-based communication with the Active Directory KDC
+- `ldap_referral_enabled` (Boolean) Specifies if LDAP referral chasing is enabled for AD LDAP connections (9.10)
+- `lm_compatibility_level` (String) CIFS server minimum security level
+- `restrict_anonymous` (String) Specifies what level of access an anonymous user is granted
+- `session_security` (String) Client session security for AD LDAP connections (9.10)
+- `smb_encryption` (Boolean) Specifies if encryption is required for incoming CIFS traffic
+- `smb_signing` (Boolean) Specifies if signing is required for incoming CIFS traffic
+- `try_ldap_channel_binding` (Boolean) Specifies whether or not channel binding is attempted in the case of TLS/LDAPS (9.10)
+- `use_ldaps` (Boolean) Specifies whether or not to use use LDAPS for secure Active Directory LDAP connections by using the TLS/SSL protocols (9.10)
+- `use_start_tls` (Boolean) Specifies whether or not to use SSL/TLS for allowing secure LDAP communication with Active Directory LDAP servers (9.10)
+
+

examples/provider/provider.tf

@@ -28,14 +28,21 @@ provider "netapp-ontap" {
     },
     {
       name = "cluster3"
-      hostname = "10.193.176.159"
+      hostname = "********159"
       username = var.username
       password = var.password
       validate_certs = var.validate_certs
     },
     {
       name = "cluster4"
-      hostname = "10.193.180.108"
+      hostname = "********108"
+      username = var.username
+      password = var.password
+      validate_certs = var.validate_certs
+    },
+    {
+      name = "clustercifs"
+      hostname = "********189"
       username = var.username
       password = var.password
       validate_certs = var.validate_certs

examples/resources/netapp-ontap_cluster_licensing_license/provider.tf

@@ -7,7 +7,6 @@ terraform {
   }
 }
 
-
 provider "netapp-ontap" {
   # A connection profile defines how to interface with an ONTAP cluster or svm.
   # At least one is required.

examples/resources/netapp-ontap_cluster_licensing_license/resource.tf

@@ -3,3 +3,4 @@ resource "netapp-ontap_cluster_licensing_license_resource" "cluster_licensing_li
   cx_profile_name = "cluster4"
   keys = ["testme"]
 }
+

examples/resources/netapp-ontap_cluster_licensing_license/variables.tf

@@ -9,3 +9,4 @@ variable "password" {
 variable "validate_certs" {
     type = bool
 }
+

examples/resources/netapp-ontap_protocols_cifs_service/provider.tf

@@ -0,0 +1 @@
+../../provider/provider.tf

examples/resources/netapp-ontap_protocols_cifs_service/resource.tf

@@ -0,0 +1,12 @@
+resource "netapp-ontap_protocols_cifs_service_resource" "protocols_cifs_service" {
+  # required to know which system to interface with
+  cx_profile_name = "clustercifs"
+  name = "tftestcifs"
+  svm_name = "testSVM"
+  ad_domain = {
+    fqdn = "mytfdomain.com"
+    organizational_unit = "CN=Computers"
+    user = "cifstest"
+    password = "xxxxxx"
+  }
+}

examples/resources/netapp-ontap_protocols_cifs_service/terraform.tfvars

@@ -0,0 +1 @@
+../../provider/terraform.tfvars

examples/resources/netapp-ontap_protocols_cifs_service/variables.tf

@@ -0,0 +1 @@
+../../provider/variables.tf