From 78d835d06039cf38e2637eecfe8067567bb77e90 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Sun, 30 Apr 2023 10:11:06 +0300 Subject: [PATCH 1/2] add root_squash_configuration --- internal/service/fsx/lustre_file_system.go | 73 +++++++++++++++++++ .../service/fsx/lustre_file_system_test.go | 51 +++++++++++++ .../r/fsx_lustre_file_system.html.markdown | 6 ++ 3 files changed, 130 insertions(+) diff --git a/internal/service/fsx/lustre_file_system.go b/internal/service/fsx/lustre_file_system.go index aece155aa7a2..550b6cebc2b6 100644 --- a/internal/service/fsx/lustre_file_system.go +++ b/internal/service/fsx/lustre_file_system.go @@ -245,6 +245,28 @@ func ResourceLustreFileSystem() *schema.Resource { }, }, }, + "root_squash_configuration": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "no_squash_nids": { + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringMatch(regexp.MustCompile(`^([0-9\[\]\-]*\.){3}([0-9\[\]\-]*)@tcp$`), "must be in the standard Lustre NID foramt"), + }, + }, + "root_squash": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringMatch(regexp.MustCompile(`^([0-9]{1,10}):([0-9]{1,10})$`), "must be in the format UID:GID"), + }, + }, + }, + }, }, CustomizeDiff: customdiff.Sequence( @@ -370,6 +392,11 @@ func resourceLustreFileSystemCreate(ctx context.Context, d *schema.ResourceData, backupInput.LustreConfiguration.LogConfiguration = expandLustreLogCreateConfiguration(v.([]interface{})) } + if v, ok := d.GetOk("root_squash_configuration"); ok && len(v.([]interface{})) > 0 { + input.LustreConfiguration.RootSquashConfiguration = expandLustreRootSquashConfiguration(v.([]interface{})) + backupInput.LustreConfiguration.RootSquashConfiguration = expandLustreRootSquashConfiguration(v.([]interface{})) + } + if v, ok := d.GetOk("backup_id"); ok { backupInput.BackupId = aws.String(v.(string)) @@ -440,6 +467,11 @@ func resourceLustreFileSystemUpdate(ctx context.Context, d *schema.ResourceData, waitAdminAction = true } + if d.HasChange("root_squash_configuration") { + input.LustreConfiguration.RootSquashConfiguration = expandLustreRootSquashConfiguration(d.Get("root_squash_configuration").([]interface{})) + waitAdminAction = true + } + _, err := conn.UpdateFileSystemWithContext(ctx, input) if err != nil { return sdkdiag.AppendErrorf(diags, "updating FSX Lustre File System (%s): %s", d.Id(), err) @@ -517,6 +549,10 @@ func resourceLustreFileSystemRead(ctx context.Context, d *schema.ResourceData, m return sdkdiag.AppendErrorf(diags, "setting log_configuration: %s", err) } + if err := d.Set("root_squash_configuration", flattenLustreRootSquashConfiguration(lustreConfig.RootSquashConfiguration)); err != nil { + return sdkdiag.AppendErrorf(diags, "setting root_squash_configuration: %s", err) + } + SetTagsOut(ctx, filesystem.Tags) d.Set("vpc_id", filesystem.VpcId) @@ -556,6 +592,43 @@ func resourceLustreFileSystemDelete(ctx context.Context, d *schema.ResourceData, return diags } +func expandLustreRootSquashConfiguration(l []interface{}) *fsx.LustreRootSquashConfiguration { + if len(l) == 0 || l[0] == nil { + return nil + } + + data := l[0].(map[string]interface{}) + req := &fsx.LustreRootSquashConfiguration{} + + if v, ok := data["root_squash"].(string); ok && v != "" { + req.RootSquash = aws.String(v) + } + + if v, ok := data["no_squash_nids"].(*schema.Set); ok && v.Len() > 0 { + req.NoSquashNids = flex.ExpandStringSet(v) + } + + return req +} + +func flattenLustreRootSquashConfiguration(adopts *fsx.LustreRootSquashConfiguration) []map[string]interface{} { + if adopts == nil { + return []map[string]interface{}{} + } + + m := map[string]interface{}{} + + if adopts.RootSquash != nil { + m["root_squash"] = aws.StringValue(adopts.RootSquash) + } + + if adopts.NoSquashNids != nil { + m["no_squash_nids"] = flex.FlattenStringSet(adopts.NoSquashNids) + } + + return []map[string]interface{}{m} +} + func expandLustreLogCreateConfiguration(l []interface{}) *fsx.LustreLogCreateConfiguration { if len(l) == 0 || l[0] == nil { return nil diff --git a/internal/service/fsx/lustre_file_system_test.go b/internal/service/fsx/lustre_file_system_test.go index 01639772d2fa..226a4068ea0f 100644 --- a/internal/service/fsx/lustre_file_system_test.go +++ b/internal/service/fsx/lustre_file_system_test.go @@ -674,6 +674,43 @@ func TestAccFSxLustreFileSystem_logConfig(t *testing.T) { }) } +func TestAccFSxLustreFileSystem_rootSquashConfig(t *testing.T) { + ctx := acctest.Context(t) + var filesystem fsx.FileSystem + resourceName := "aws_fsx_lustre_file_system.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t); acctest.PreCheckPartitionHasService(t, fsx.EndpointsID) }, + ErrorCheck: acctest.ErrorCheck(t, fsx.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckLustreFileSystemDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccLustreFileSystemConfig_rootSquash("365534:65534"), + Check: resource.ComposeTestCheckFunc( + testAccCheckLustreFileSystemExists(ctx, resourceName, &filesystem), + resource.TestCheckResourceAttr(resourceName, "root_squash_configuration.#", "1"), + resource.TestCheckResourceAttr(resourceName, "root_squash_configuration.0.root_squash", "365534:65534"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"security_group_ids"}, + }, + { + Config: testAccLustreFileSystemConfig_rootSquash("355534:64534"), + Check: resource.ComposeTestCheckFunc( + testAccCheckLustreFileSystemExists(ctx, resourceName, &filesystem), + resource.TestCheckResourceAttr(resourceName, "root_squash_configuration.#", "1"), + resource.TestCheckResourceAttr(resourceName, "root_squash_configuration.0.root_squash", "355534:64534"), + ), + }, + }, + }) +} + func TestAccFSxLustreFileSystem_fromBackup(t *testing.T) { ctx := acctest.Context(t) var filesystem fsx.FileSystem @@ -1390,3 +1427,17 @@ resource "aws_fsx_lustre_file_system" "test" { } `, rName, status)) } + +func testAccLustreFileSystemConfig_rootSquash(uid string) string { + return acctest.ConfigCompose(testAccLustreFileSystemBaseConfig(), fmt.Sprintf(` +resource "aws_fsx_lustre_file_system" "test" { + storage_capacity = 1200 + subnet_ids = [aws_subnet.test1.id] + deployment_type = data.aws_partition.current.partition == "aws-us-gov" ? "SCRATCH_2" : null # GovCloud does not support SCRATCH_1 + + root_squash_configuration { + root_squash = %[1]q + } +} +`, uid)) +} diff --git a/website/docs/r/fsx_lustre_file_system.html.markdown b/website/docs/r/fsx_lustre_file_system.html.markdown index f9826808b599..7fd1c6f6a651 100644 --- a/website/docs/r/fsx_lustre_file_system.html.markdown +++ b/website/docs/r/fsx_lustre_file_system.html.markdown @@ -47,12 +47,18 @@ The following arguments are supported: * `data_compression_type` - (Optional) Sets the data compression configuration for the file system. Valid values are `LZ4` and `NONE`. Default value is `NONE`. Unsetting this value reverts the compression type back to `NONE`. * `file_system_type_version` - (Optional) Sets the Lustre version for the file system that you're creating. Valid values are 2.10 for `SCRATCH_1`, `SCRATCH_2` and `PERSISTENT_1` deployment types. Valid values for 2.12 include all deployment types. * `log_configuration` - (Optional) The Lustre logging configuration used when creating an Amazon FSx for Lustre file system. When logging is enabled, Lustre logs error and warning events for data repositories associated with your file system to Amazon CloudWatch Logs. +* `root_squash_configuration` - (Optional) The Lustre root squash configuration used when creating an Amazon FSx for Lustre file system. When enabled, root squash restricts root-level access from clients that try to access your file system as a root user. ### log_configuration * `destination` - (Optional) The Amazon Resource Name (ARN) that specifies the destination of the logs. The name of the Amazon CloudWatch Logs log group must begin with the `/aws/fsx` prefix. If you do not provide a destination, Amazon FSx will create and use a log stream in the CloudWatch Logs `/aws/fsx/lustre` log group. * `level` - (Optional) Sets which data repository events are logged by Amazon FSx. Valid values are `WARN_ONLY`, `FAILURE_ONLY`, `ERROR_ONLY`, `WARN_ERROR` and `DISABLED`. Default value is `DISABLED`. +### root_squash_configuration + +* `no_squash_nids` - (Optional) When root squash is enabled, you can optionally specify an array of NIDs of clients for which root squash does not apply. A client NID is a Lustre Network Identifier used to uniquely identify a client. You can specify the NID as either a single address or a range of addresses: 1. A single address is described in standard Lustre NID format by specifying the client’s IP address followed by the Lustre network ID (for example, 10.0.1.6@tcp). 2. An address range is described using a dash to separate the range (for example, 10.0.[2-10].[1-255]@tcp). +* `root_squash` - (Optional) You enable root squash by setting a user ID (UID) and group ID (GID) for the file system in the format UID:GID (for example, 365534:65534). The UID and GID values can range from 0 to 4294967294. + ## Attributes Reference In addition to all arguments above, the following attributes are exported: From f517e928c8c38853d04d02b98b7e2a690e35b90f Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 3 May 2023 14:03:34 -0400 Subject: [PATCH 2/2] Add CHANGELOG entry. --- .changelog/31073.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/31073.txt diff --git a/.changelog/31073.txt b/.changelog/31073.txt new file mode 100644 index 000000000000..99d78694b676 --- /dev/null +++ b/.changelog/31073.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_fsx_lustre_file_system: Add `root_squash_configuration` argument +``` \ No newline at end of file