Merge pull request #175 from NetApp/integration/main

Integration/main

CHANGELOG.md

@@ -1,3 +1,14 @@
+## 23.8.0
+BUG FIXES:
+* resource/volume: fix documentation name for volume and add an example for creating on_prem volume.
+* ressource/cvo_aws, cvo_azure, cvo_gcp: remove force new from `retries`.
+
+NEW ENHANCEMENTS:
+* resource/cvo_aws and cvo_gcp: add `saas_subscription_id`.
+
+NEW FEATURES:
+* resource/cvo_gcp: support adding `firewall_tag_name_rule` and `firewall_ip_ranges`.
+
 ## 23.7.0
 NEW FEATURES:
 * resource/connector_gcp: support adding gcp keys `gcp_block_project_ssh_keys`, `gcp_serial_port_enable`, `gcp_enable_os_login` and `gcp_enable_os_login_sk` to the config.

cloudmanager/cvo_aws.go

@@ -30,6 +30,7 @@ type createCVOAWSDetails struct {
 	CapacityTier                string                  `structs:"capacityTier,omitempty"`
 	TierLevel                   string                  `structs:"tierLevel,omitempty"`
 	NssAccount                  string                  `structs:"nssAccount,omitempty"`
+	SaasSubscriptionID          string                  `structs:"saasSubscriptionId,omitempty"`
 	WritingSpeedState           string                  `structs:"writingSpeedState,omitempty"`
 	ClusterKeyPairName          string                  `structs:"clusterKeyPairName,omitempty"`
 	IOPS                        int                     `structs:"iops,omitempty"`
@@ -263,7 +264,7 @@ func (c *Client) createCVOAWS(cvoDetails createCVOAWSDetails, clientID string) (
 
 	hostType := "CloudManagerHost"
 	params := structs.Map(cvoDetails)
-
+	log.Printf("Create AWS CVO: %#v\n", params)
 	statusCode, response, onCloudRequestID, err := c.CallAPIMethod("POST", baseURL, params, c.Token, hostType, clientID)
 	if err != nil {
 		log.Print("createCVO request failed ", statusCode)

cloudmanager/cvo_azure.go

@@ -233,7 +233,7 @@ func (c *Client) createCVOAzure(cvoDetails createCVOAzureDetails, clientID strin
 
 	hostType := "CloudManagerHost"
 	params := structs.Map(cvoDetails)
-
+	log.Printf("Create AZURE CVO: %#v\n", params)
 	statusCode, response, onCloudRequestID, err := c.CallAPIMethod("POST", baseURL, params, c.Token, hostType, clientID)
 	if err != nil {
 		log.Print("createCVO request failed ", statusCode)

cloudmanager/cvo_gcp.go

@@ -33,13 +33,16 @@ type createCVOGCPDetails struct {
 	Project                 string                  `structs:"project"`
 	CapacityTier            string                  `structs:"capacityTier,omitempty"`
 	TierLevel               string                  `structs:"tierLevel,omitempty"`
+	SaasSubscriptionID      string                  `structs:"saasSubscriptionId,omitempty"`
 	NssAccount              string                  `structs:"nssAccount,omitempty"`
 	WormRequest             wormRequest             `structs:"wormRequest,omitempty"`
 	WritingSpeedState       string                  `structs:"writingSpeedState,omitempty"`
 	SerialNumber            string                  `structs:"serialNumber,omitempty"`
 	GCPLabels               []gcpLabels             `structs:"gcpLabels,omitempty"`
 	GcpEncryptionParameters gcpEncryptionParameters `structs:"gcpEncryptionParameters,omitempty"`
 	FirewallRule            string                  `structs:"firewallRule,omitempty"`
+	FirewallTagNameRule     string                  `structs:"firewallTagNameRule,omitempty"`
+	FirewallIPRanges        bool                    `structs:"firewallIpRanges"`
 	BackupVolumesToCbs      bool                    `structs:"backupVolumesToCbs"`
 	EnableCompliance        bool                    `structs:"enableCompliance"`
 	IsHA                    bool
@@ -83,6 +86,10 @@ type haParamsGCP struct {
 	VPC1FirewallRuleName           string `structs:"vpc1FirewallRuleName,omitempty"`
 	VPC2FirewallRuleName           string `structs:"vpc2FirewallRuleName,omitempty"`
 	VPC3FirewallRuleName           string `structs:"vpc3FirewallRuleName,omitempty"`
+	VPC0FirewallRuleTagName        string `structs:"vpc0FirewallRuleTagName,omitempty"`
+	VPC1FirewallRuleTagName        string `structs:"vpc1FirewallRuleTagName,omitempty"`
+	VPC2FirewallRuleTagName        string `structs:"vpc2FirewallRuleTagName,omitempty"`
+	VPC3FirewallRuleTagName        string `structs:"vpc3FirewallRuleTagName,omitempty"`
 }
 
 func (c *Client) createCVOGCP(cvoDetails createCVOGCPDetails, clientID string) (cvoResult, error) {

cloudmanager/resource_netapp_cloudmanager_cvo_aws.go

@@ -134,6 +134,11 @@ func resourceCVOAWS() *schema.Resource {
 				Optional: true,
 				ForceNew: true,
 			},
+			"saas_subscription_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
 			"worm_retention_period_length": {
 				Type:     schema.TypeInt,
 				Optional: true,
@@ -349,7 +354,6 @@ func resourceCVOAWS() *schema.Resource {
 			"retries": {
 				Type:     schema.TypeInt,
 				Optional: true,
-				ForceNew: true,
 				Default:  60,
 			},
 		},
@@ -401,6 +405,11 @@ func resourceCVOAWSCreate(d *schema.ResourceData, meta interface{}) error {
 			cvoDetails.AwsTags = expandUserTags(tags)
 		}
 	}
+
+	if c, ok := d.GetOk("saas_subscription_id"); ok {
+		cvoDetails.SaasSubscriptionID = c.(string)
+	}
+
 	cvoDetails.EbsVolumeSize.Size = d.Get("ebs_volume_size").(int)
 	cvoDetails.EbsVolumeSize.Unit = d.Get("ebs_volume_size_unit").(string)
 	cvoDetails.VsaMetadata.OntapVersion = d.Get("ontap_version").(string)

cloudmanager/resource_netapp_cloudmanager_cvo_azure.go

@@ -304,7 +304,6 @@ func resourceCVOAzure() *schema.Resource {
 			"retries": {
 				Type:     schema.TypeInt,
 				Optional: true,
-				ForceNew: true,
 				Default:  60,
 			},
 		},

cloudmanager/resource_netapp_cloudmanager_cvo_gcp.go

@@ -147,6 +147,11 @@ func resourceCVOGCP() *schema.Resource {
 				Optional:     true,
 				ValidateFunc: validation.StringInSlice([]string{"standard", "nearline", "coldline"}, false),
 			},
+			"saas_subscription_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
 			"worm_retention_period_length": {
 				Type:     schema.TypeInt,
 				Optional: true,
@@ -199,6 +204,16 @@ func resourceCVOGCP() *schema.Resource {
 				Optional: true,
 				ForceNew: true,
 			},
+			"firewall_tag_name_rule": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+			"firewall_ip_ranges": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				ForceNew: true,
+			},
 			"serial_number": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -305,6 +320,26 @@ func resourceCVOGCP() *schema.Resource {
 				Optional: true,
 				ForceNew: true,
 			},
+			"vpc0_firewall_rule_tag_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+			"vpc1_firewall_rule_tag_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+			"vpc2_firewall_rule_tag_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+			"vpc3_firewall_rule_ntag_ame": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
 			"client_id": {
 				Type:     schema.TypeString,
 				Required: true,
@@ -330,7 +365,6 @@ func resourceCVOGCP() *schema.Resource {
 			"retries": {
 				Type:     schema.TypeInt,
 				Optional: true,
-				ForceNew: true,
 				Default:  60,
 			},
 		},
@@ -364,6 +398,9 @@ func resourceCVOGCPCreate(d *schema.ResourceData, meta interface{}) error {
 	if c, ok := d.GetOk("tier_level"); ok {
 		cvoDetails.TierLevel = c.(string)
 	}
+	if c, ok := d.GetOk("saas_subscription_id"); ok {
+		cvoDetails.SaasSubscriptionID = c.(string)
+	}
 	cvoDetails.GCPVolumeSize.Size = d.Get("gcp_volume_size").(int)
 	cvoDetails.GCPVolumeSize.Unit = d.Get("gcp_volume_size_unit").(string)
 	cvoDetails.VsaMetadata.OntapVersion = d.Get("ontap_version").(string)
@@ -435,7 +472,12 @@ func resourceCVOGCPCreate(d *schema.ResourceData, meta interface{}) error {
 	if c, ok := d.GetOk("firewall_rule"); ok {
 		cvoDetails.FirewallRule = c.(string)
 	}
-
+	if c, ok := d.GetOk("firewall_tag_name_rule"); ok {
+		cvoDetails.FirewallTagNameRule = c.(string)
+	}
+	if c, ok := d.GetOk("firewall_ip_ranges"); ok {
+		cvoDetails.FirewallIPRanges = c.(bool)
+	}
 	if c, ok := d.GetOk("writing_speed_state"); ok {
 		cvoDetails.WritingSpeedState = strings.ToUpper(c.(string))
 	}
@@ -552,6 +594,18 @@ func resourceCVOGCPCreate(d *schema.ResourceData, meta interface{}) error {
 		if c, ok := d.GetOk("vpc3_firewall_rule_name"); ok {
 			cvoDetails.HAParams.VPC3FirewallRuleName = c.(string)
 		}
+		if c, ok := d.GetOk("vpc0_firewall_rule_tag_name"); ok {
+			cvoDetails.HAParams.VPC0FirewallRuleTagName = c.(string)
+		}
+		if c, ok := d.GetOk("vpc1_firewall_rule_tag_name"); ok {
+			cvoDetails.HAParams.VPC1FirewallRuleTagName = c.(string)
+		}
+		if c, ok := d.GetOk("vpc2_firewall_rule_tag_name"); ok {
+			cvoDetails.HAParams.VPC2FirewallRuleTagName = c.(string)
+		}
+		if c, ok := d.GetOk("vpc3_firewall_rule_tag_name"); ok {
+			cvoDetails.HAParams.VPC3FirewallRuleTagName = c.(string)
+		}
 		if c, ok := d.GetOk("svm"); ok {
 			svms := c.(*schema.Set)
 			svmList = expandGCPSVMs(svms)

website/docs/r/cbs.html.markdown

@@ -152,4 +152,10 @@ The `rule` blocks support the followings:
 The `volumes` block suports the followings:
 * `volume_name` - (Required) Name of the volume to enable backup.
 * `mode` - (Optional) type of mode to create snapshot copies.
-* `backup_policy` - (Optional)
+* `backup_policy` - (Optional)
+
+## Attributes Reference
+
+The following attributes are exported in addition to the arguments listed above:
+
+* `id` - The unique identifier for the cloud backup service.

website/docs/r/cvo_aws.html.markdown

@@ -125,6 +125,7 @@ The following arguments are supported:
 * `platform_serial_number` - (Optional) The serial number for the cluster. This is required when 'license_type' is set 'cot-premium-byol'.
 * `capacity_tier` - (Optional) Whether to enable data tiering for the first data aggregate: ['S3','NONE']. The default is 'S3'.
 * `tier_level` - (Optional) The tiering level when 'capacity_tier' is set to 'S3' ['normal','ia','ia-single','intelligent']. The default is 'normal'.
+* `saas_subscription_id` - (Optional) SaaS Subscription ID. It is needed if the subscription is not paygo type.
 * `nss_account` - (Optional) The NetApp Support Site account ID to use with this Cloud Volumes ONTAP system. If the license type is BYOL and an NSS account isn't provided, Cloud Manager tries to use the first existing NSS account.
 * `writing_speed_state` - (Optional) The write speed setting for Cloud Volumes ONTAP: ['NORMAL','HIGH']. The default is 'NORMAL'. This argument is not relevant for HA pairs.
 * `instance_tenancy` - (Optional) The EC2 instance tenancy: ['default','dedicated']. The default is 'default'.
@@ -151,6 +152,7 @@ The following arguments are supported:
 * `route_table_ids` - (Optional) For HA FloatingIP, the list of route table IDs that will be updated with the floating IPs.
 * `upgrade_ontap_version` - (Optional) Indicates whether to upgrade ontap image with `ontap_version`. To upgrade ontap image, `ontap_version` cannot be 'latest' and `use_latest_version` needs to be false.
 * `mediator_security_group_id` - (Optional) For HA only, mediator security group id.
+* `assume_role_arn` - (Optional) For HA only, Amazon Resource Name ARN of an AWS Identity and Access Managent IAM role that has created in the VPC owner account. For example, "arn:aws:iam::61239912384567:role/mediator_role_assume_fromdev"
 * `retries` - (Optional) The number of attempts to wait for the completion of creating the CVO with 60 seconds apart for each attempt. For HA, this value is incremented by 30. The default is '60'.
 * `worm_retention_period_length` - (Optional) WORM retention period length. Once specified retention period, the WORM is enabled. When WORM storage is activated, data tiering to object storage can’t be enabled.
 * `worm_retention_period_unit` - (Optional) WORM retention period unit: ['years','months','days','hours','minutes','seconds'].

website/docs/r/cvo_azure.html.markdown

@@ -144,6 +144,7 @@ The following arguments are supported:
 * `serial_number` - (Optional) The serial number for the cluster. Required when using one of these: ['azure-cot-premium-byol' or 'azure-ha-cot-premium-byol'].
 * `capacity_tier` - (Optional) Whether to enable data tiering for the first data aggregate: ['Blob', 'NONE']. The default is 'BLOB'.
 * `tier_level` - (Optional) If capacity_tier is Blob, this argument indicates the tiering level: ['normal', 'cool']. The default is: 'normal'.
+* `saas_subscription_id` - (Optional) SaaS Subscription ID. It is needed if the subscription is not paygo type.
 * `nss_account` - (Optional) The NetApp Support Site account ID to use with this Cloud Volumes ONTAP system. If the license type is BYOL and an NSS account isn't provided, Cloud Manager tries to use the first existing NSS account.
 * `writing_speed_state` - (Optional) The write speed setting for Cloud Volumes ONTAP: ['NORMAL','HIGH']. The default is 'NORMAL'. This argument is not relevant for HA pairs.
 * `security_group_id` - (Optional) The name of the security group (full identifier: /subscriptions/xxxxxx/resourceGroups/rg_westus/providers/Microsoft.Network/networkSecurityGroups/CVO-SG). If not provided, Cloud Manager creates the security group.

website/docs/r/cvo_gcp.html.markdown

@@ -128,10 +128,13 @@ The following arguments are supported:
 * `serial_number` - (Optional) The serial number for the system. Required when using 'gcp-cot-premium-byol'.
 * `capacity_tier` - (Optional) Indicates the type of data tiering to use: ['cloudStorage']. The default is 'cloudStorage'.
 * `tier_level` - (Optional) In case capacity_tier is cloudStorage, this argument indicates the tiering level: ['standard', 'nearline', 'coldline']. The default is: 'standard'.
+* `saas_subscription_id` - (Optional) SaaS Subscription ID. It is needed if the subscription is not paygo type.
 * `nss_account` - (Optional) The NetApp Support Site account ID to use with this Cloud Volumes ONTAP system. If the license type is BYOL and an NSS account isn't provided, Cloud Manager tries to use the first existing NSS account.
 * `writing_speed_state` - (Optional) The write speed setting for Cloud Volumes ONTAP: ['NORMAL','HIGH']. The default is 'NORMAL'. For single node system, HIGH write speed is supported with all machine types. For HA, Flash Cache, high write speed, and a higher maximum transmission unit (MTU) of 8,896 bytes are available through the High write speed option with the n2-standard-16, n2-standard-32, n2-standard-48, and n2-standard-64 instance types.
 * `flash_cache` - (Optional) Enable Flash Cache. In GCP HA (version 9.13.0), HIGH write speed and FlashCache are coupled together both needs to be activated, one cannot be activated without the other.
-* `firewall_rule` - (Optional) The name of the firewall rule for Cloud Volumes ONTAP. If not provided, Cloud Manager generates the rule.
+* `firewall_rule` - (Optional) The name of the firewall rule for a single node cluster. If not provided, Cloud Manager generates the rule.
+* `firewall_tag_name_rule` - (Optional) Target tag of the firewall when creating a CVO with an existing firewall. It is used for a single node cluster.
+* `firewall_ip_ranges` - (Optional) Define the allowed inbound traffic for the generated policy. It is used when selecting create a new firewall. Recommanded set false: Allow traffice within the selected VPC only. Allow inbound traffic only from the cluster node VPCs.
 * `backup_volumes_to_cbs` - (Optional) Automatically enable back up of all volumes to Google Cloud buckets [true, false].
 * `enable_compliance` - (Optional) Enable the Cloud Compliance service on the working environment [true, false].
 * `is_ha` - (Optional) Indicate whether the working environment is an HA pair or not [true, false]. The default is false.
@@ -152,6 +155,10 @@ The following arguments are supported:
 * `vpc1_firewall_rule_name` - (Optional) Firewall rule name for vpc2.
 * `vpc2_firewall_rule_name` - (Optional) Firewall rule name for vpc3.
 * `vpc3_firewall_rule_name` - (Optional) Firewall rule name for vpc4.
+* `vpc0_firewall_rule_tag_name` - (Optional) Firewall rule tag name for vpc1.
+* `vpc1_firewall_rule_tag_name` - (Optional) Firewall rule tag name for vpc2.
+* `vpc2_firewall_rule_tag_name` - (Optional) Firewall rule tag name for vpc3.
+* `vpc3_firewall_rule_tag_name` - (Optional) Firewall rule tag name for vpc4.
 * `upgrade_ontap_version` - (Optional) Indicates whether to upgrade ontap image with `ontap_version`. To upgrade ontap image, `ontap_version` cannot be 'latest' and `use_latest_version` needs to be false.
 * `retries` - (Optional) The number of attempts to wait for the completion of creating the CVO with 60 seconds apart for each attempt. For HA, this value is incremented by 30. The default is '60'.
 * `worm_retention_period_length` - (Optional) WORM retention period length. Once specified retention period, the WORM is enabled. When WORM storage is activated, data tiering to object storage can’t be enabled.