diff --git a/aws/resource_aws_storagegateway_gateway.go b/aws/resource_aws_storagegateway_gateway.go index 54094ae29cb6..10d10e3570ec 100644 --- a/aws/resource_aws_storagegateway_gateway.go +++ b/aws/resource_aws_storagegateway_gateway.go @@ -187,6 +187,10 @@ func resourceAwsStorageGatewayGateway() *schema.Resource { Optional: true, ValidateFunc: validateArn, }, + "smb_file_share_visibility": { + Type: schema.TypeBool, + Optional: true, + }, "smb_security_strategy": { Type: schema.TypeString, Optional: true, @@ -378,6 +382,19 @@ func resourceAwsStorageGatewayGatewayCreate(d *schema.ResourceData, meta interfa } } + if v, ok := d.GetOk("smb_file_share_visibility"); ok { + input := &storagegateway.UpdateSMBFileShareVisibilityInput{ + GatewayARN: aws.String(d.Id()), + FileSharesVisible: aws.Bool(v.(bool)), + } + + log.Printf("[DEBUG] Storage Gateway Gateway %q setting SMB File Share Visibility", input) + _, err := conn.UpdateSMBFileShareVisibility(input) + if err != nil { + return fmt.Errorf("error setting SMB File Share Visibility: %w", err) + } + } + if v, ok := d.GetOk("smb_security_strategy"); ok { input := &storagegateway.UpdateSMBSecurityStrategyInput{ GatewayARN: aws.String(d.Id()), @@ -525,6 +542,7 @@ func resourceAwsStorageGatewayGatewayRead(d *schema.ResourceData, meta interface // We allow Terraform to passthrough the configuration value into the state d.Set("tape_drive_type", d.Get("tape_drive_type").(string)) d.Set("cloudwatch_log_group_arn", output.CloudWatchLogGroupARN) + d.Set("smb_file_share_visibility", smbSettingsOutput.FileSharesVisible) d.Set("smb_security_strategy", smbSettingsOutput.SMBSecurityStrategy) d.Set("ec2_instance_id", output.Ec2InstanceId) d.Set("endpoint_type", output.EndpointType) @@ -602,6 +620,19 @@ func resourceAwsStorageGatewayGatewayUpdate(d *schema.ResourceData, meta interfa } } + if d.HasChange("smb_file_share_visibility") { + input := &storagegateway.UpdateSMBFileShareVisibilityInput{ + GatewayARN: aws.String(d.Id()), + FileSharesVisible: aws.Bool(d.Get("smb_file_share_visibility").(bool)), + } + + log.Printf("[DEBUG] Storage Gateway Gateway %q updating SMB File Share Visibility", input) + _, err := conn.UpdateSMBFileShareVisibility(input) + if err != nil { + return fmt.Errorf("error updating SMB File Share Visibility: %w", err) + } + } + if d.HasChange("smb_security_strategy") { input := &storagegateway.UpdateSMBSecurityStrategyInput{ GatewayARN: aws.String(d.Id()), diff --git a/aws/resource_aws_storagegateway_gateway_test.go b/aws/resource_aws_storagegateway_gateway_test.go index 2cd33b782a59..3442796d240b 100644 --- a/aws/resource_aws_storagegateway_gateway_test.go +++ b/aws/resource_aws_storagegateway_gateway_test.go @@ -519,6 +519,40 @@ func TestAccAWSStorageGatewayGateway_SMBSecurityStrategy(t *testing.T) { }) } +func TestAccAWSStorageGatewayGateway_SMBFileShareVisibility(t *testing.T) { + var gateway storagegateway.DescribeGatewayInformationOutput + rName := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_storagegateway_gateway.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSStorageGatewayGatewayDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSStorageGatewayGatewayConfigSMBFileShareVisibility(rName, true), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSStorageGatewayGatewayExists(resourceName, &gateway), + resource.TestCheckResourceAttr(resourceName, "smb_file_share_visibility", `true`), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"activation_key", "gateway_ip_address"}, + }, + { + Config: testAccAWSStorageGatewayGatewayConfigSMBFileShareVisibility(rName, false), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSStorageGatewayGatewayExists(resourceName, &gateway), + resource.TestCheckResourceAttr(resourceName, "smb_file_share_visibility", `false`), + ), + }, + }, + }) +} + func TestAccAWSStorageGatewayGateway_disappears(t *testing.T) { var gateway storagegateway.DescribeGatewayInformationOutput rName := acctest.RandomWithPrefix("tf-acc-test") @@ -1108,6 +1142,19 @@ resource "aws_storagegateway_gateway" "test" { `, rName, strategy) } +func testAccAWSStorageGatewayGatewayConfigSMBFileShareVisibility(rName string, visibility bool) string { + return testAccAWSStorageGateway_FileGatewayBase(rName) + fmt.Sprintf(` +resource "aws_storagegateway_gateway" "test" { + gateway_ip_address = aws_instance.test.public_ip + gateway_name = %[1]q + gateway_timezone = "GMT" + gateway_type = "FILE_S3" + smb_security_strategy = "ClientSpecified" + smb_file_share_visibility = %[2]t +} +`, rName, visibility) +} + func testAccAWSStorageGatewayGatewayConfigTags1(rName, tagKey1, tagValue1 string) string { return testAccAWSStorageGateway_TapeAndVolumeGatewayBase(rName) + fmt.Sprintf(` resource "aws_storagegateway_gateway" "test" { diff --git a/website/docs/r/storagegateway_gateway.html.markdown b/website/docs/r/storagegateway_gateway.html.markdown index c07f62bf937c..83eca2ee369a 100644 --- a/website/docs/r/storagegateway_gateway.html.markdown +++ b/website/docs/r/storagegateway_gateway.html.markdown @@ -77,6 +77,7 @@ The following arguments are supported: * `cloudwatch_log_group_arn` - (Optional) The Amazon Resource Name (ARN) of the Amazon CloudWatch log group to use to monitor and log events in the gateway. * `medium_changer_type` - (Optional) Type of medium changer to use for tape gateway. Terraform cannot detect drift of this argument. Valid values: `STK-L700`, `AWS-Gateway-VTL`, `IBM-03584L32-0402`. * `smb_active_directory_settings` - (Optional) Nested argument with Active Directory domain join information for Server Message Block (SMB) file shares. Only valid for `FILE_S3` gateway type. Must be set before creating `ActiveDirectory` authentication SMB file shares. More details below. +* `smb_file_share_visibility` - (Optional) Specifies whether the shares on this gateway appear when listing shares. * `smb_guest_password` - (Optional) Guest password for Server Message Block (SMB) file shares. Only valid for `FILE_S3` gateway type. Must be set before creating `GuestAccess` authentication SMB file shares. Terraform can only detect drift of the existence of a guest password, not its actual value from the gateway. Terraform can however update the password with changing the argument. * `smb_security_strategy` - (Optional) Specifies the type of security strategy. Valid values are: `ClientSpecified`, `MandatorySigning`, and `MandatoryEncryption`. See [Setting a Security Level for Your Gateway](https://docs.aws.amazon.com/storagegateway/latest/userguide/managing-gateway-file.html#security-strategy) for more information. * `tape_drive_type` - (Optional) Type of tape drive to use for tape gateway. Terraform cannot detect drift of this argument. Valid values: `IBM-ULT3580-TD5`.