Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

r/fsx_lustre_file_system - add root_squash_configuration #31073

Merged
merged 2 commits into from
May 3, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/31073.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/aws_fsx_lustre_file_system: Add `root_squash_configuration` argument
```
73 changes: 73 additions & 0 deletions internal/service/fsx/lustre_file_system.go
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,28 @@ func ResourceLustreFileSystem() *schema.Resource {
},
},
},
"root_squash_configuration": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"no_squash_nids": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validation.StringMatch(regexp.MustCompile(`^([0-9\[\]\-]*\.){3}([0-9\[\]\-]*)@tcp$`), "must be in the standard Lustre NID foramt"),
},
},
"root_squash": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringMatch(regexp.MustCompile(`^([0-9]{1,10}):([0-9]{1,10})$`), "must be in the format UID:GID"),
},
},
},
},
},

CustomizeDiff: customdiff.Sequence(
Expand Down Expand Up @@ -370,6 +392,11 @@ func resourceLustreFileSystemCreate(ctx context.Context, d *schema.ResourceData,
backupInput.LustreConfiguration.LogConfiguration = expandLustreLogCreateConfiguration(v.([]interface{}))
}

if v, ok := d.GetOk("root_squash_configuration"); ok && len(v.([]interface{})) > 0 {
input.LustreConfiguration.RootSquashConfiguration = expandLustreRootSquashConfiguration(v.([]interface{}))
backupInput.LustreConfiguration.RootSquashConfiguration = expandLustreRootSquashConfiguration(v.([]interface{}))
}

if v, ok := d.GetOk("backup_id"); ok {
backupInput.BackupId = aws.String(v.(string))

Expand Down Expand Up @@ -440,6 +467,11 @@ func resourceLustreFileSystemUpdate(ctx context.Context, d *schema.ResourceData,
waitAdminAction = true
}

if d.HasChange("root_squash_configuration") {
input.LustreConfiguration.RootSquashConfiguration = expandLustreRootSquashConfiguration(d.Get("root_squash_configuration").([]interface{}))
waitAdminAction = true
}

_, err := conn.UpdateFileSystemWithContext(ctx, input)
if err != nil {
return sdkdiag.AppendErrorf(diags, "updating FSX Lustre File System (%s): %s", d.Id(), err)
Expand Down Expand Up @@ -517,6 +549,10 @@ func resourceLustreFileSystemRead(ctx context.Context, d *schema.ResourceData, m
return sdkdiag.AppendErrorf(diags, "setting log_configuration: %s", err)
}

if err := d.Set("root_squash_configuration", flattenLustreRootSquashConfiguration(lustreConfig.RootSquashConfiguration)); err != nil {
return sdkdiag.AppendErrorf(diags, "setting root_squash_configuration: %s", err)
}

SetTagsOut(ctx, filesystem.Tags)

d.Set("vpc_id", filesystem.VpcId)
Expand Down Expand Up @@ -556,6 +592,43 @@ func resourceLustreFileSystemDelete(ctx context.Context, d *schema.ResourceData,
return diags
}

func expandLustreRootSquashConfiguration(l []interface{}) *fsx.LustreRootSquashConfiguration {
if len(l) == 0 || l[0] == nil {
return nil
}

data := l[0].(map[string]interface{})
req := &fsx.LustreRootSquashConfiguration{}

if v, ok := data["root_squash"].(string); ok && v != "" {
req.RootSquash = aws.String(v)
}

if v, ok := data["no_squash_nids"].(*schema.Set); ok && v.Len() > 0 {
req.NoSquashNids = flex.ExpandStringSet(v)
}

return req
}

func flattenLustreRootSquashConfiguration(adopts *fsx.LustreRootSquashConfiguration) []map[string]interface{} {
if adopts == nil {
return []map[string]interface{}{}
}

m := map[string]interface{}{}

if adopts.RootSquash != nil {
m["root_squash"] = aws.StringValue(adopts.RootSquash)
}

if adopts.NoSquashNids != nil {
m["no_squash_nids"] = flex.FlattenStringSet(adopts.NoSquashNids)
}

return []map[string]interface{}{m}
}

func expandLustreLogCreateConfiguration(l []interface{}) *fsx.LustreLogCreateConfiguration {
if len(l) == 0 || l[0] == nil {
return nil
Expand Down
51 changes: 51 additions & 0 deletions internal/service/fsx/lustre_file_system_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -674,6 +674,43 @@ func TestAccFSxLustreFileSystem_logConfig(t *testing.T) {
})
}

func TestAccFSxLustreFileSystem_rootSquashConfig(t *testing.T) {
ctx := acctest.Context(t)
var filesystem fsx.FileSystem
resourceName := "aws_fsx_lustre_file_system.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { acctest.PreCheck(ctx, t); acctest.PreCheckPartitionHasService(t, fsx.EndpointsID) },
ErrorCheck: acctest.ErrorCheck(t, fsx.EndpointsID),
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
CheckDestroy: testAccCheckLustreFileSystemDestroy(ctx),
Steps: []resource.TestStep{
{
Config: testAccLustreFileSystemConfig_rootSquash("365534:65534"),
Check: resource.ComposeTestCheckFunc(
testAccCheckLustreFileSystemExists(ctx, resourceName, &filesystem),
resource.TestCheckResourceAttr(resourceName, "root_squash_configuration.#", "1"),
resource.TestCheckResourceAttr(resourceName, "root_squash_configuration.0.root_squash", "365534:65534"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"security_group_ids"},
},
{
Config: testAccLustreFileSystemConfig_rootSquash("355534:64534"),
Check: resource.ComposeTestCheckFunc(
testAccCheckLustreFileSystemExists(ctx, resourceName, &filesystem),
resource.TestCheckResourceAttr(resourceName, "root_squash_configuration.#", "1"),
resource.TestCheckResourceAttr(resourceName, "root_squash_configuration.0.root_squash", "355534:64534"),
),
},
},
})
}

func TestAccFSxLustreFileSystem_fromBackup(t *testing.T) {
ctx := acctest.Context(t)
var filesystem fsx.FileSystem
Expand Down Expand Up @@ -1390,3 +1427,17 @@ resource "aws_fsx_lustre_file_system" "test" {
}
`, rName, status))
}

func testAccLustreFileSystemConfig_rootSquash(uid string) string {
return acctest.ConfigCompose(testAccLustreFileSystemBaseConfig(), fmt.Sprintf(`
resource "aws_fsx_lustre_file_system" "test" {
storage_capacity = 1200
subnet_ids = [aws_subnet.test1.id]
deployment_type = data.aws_partition.current.partition == "aws-us-gov" ? "SCRATCH_2" : null # GovCloud does not support SCRATCH_1

root_squash_configuration {
root_squash = %[1]q
}
}
`, uid))
}
6 changes: 6 additions & 0 deletions website/docs/r/fsx_lustre_file_system.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -47,12 +47,18 @@ The following arguments are supported:
* `data_compression_type` - (Optional) Sets the data compression configuration for the file system. Valid values are `LZ4` and `NONE`. Default value is `NONE`. Unsetting this value reverts the compression type back to `NONE`.
* `file_system_type_version` - (Optional) Sets the Lustre version for the file system that you're creating. Valid values are 2.10 for `SCRATCH_1`, `SCRATCH_2` and `PERSISTENT_1` deployment types. Valid values for 2.12 include all deployment types.
* `log_configuration` - (Optional) The Lustre logging configuration used when creating an Amazon FSx for Lustre file system. When logging is enabled, Lustre logs error and warning events for data repositories associated with your file system to Amazon CloudWatch Logs.
* `root_squash_configuration` - (Optional) The Lustre root squash configuration used when creating an Amazon FSx for Lustre file system. When enabled, root squash restricts root-level access from clients that try to access your file system as a root user.

### log_configuration

* `destination` - (Optional) The Amazon Resource Name (ARN) that specifies the destination of the logs. The name of the Amazon CloudWatch Logs log group must begin with the `/aws/fsx` prefix. If you do not provide a destination, Amazon FSx will create and use a log stream in the CloudWatch Logs `/aws/fsx/lustre` log group.
* `level` - (Optional) Sets which data repository events are logged by Amazon FSx. Valid values are `WARN_ONLY`, `FAILURE_ONLY`, `ERROR_ONLY`, `WARN_ERROR` and `DISABLED`. Default value is `DISABLED`.

### root_squash_configuration

* `no_squash_nids` - (Optional) When root squash is enabled, you can optionally specify an array of NIDs of clients for which root squash does not apply. A client NID is a Lustre Network Identifier used to uniquely identify a client. You can specify the NID as either a single address or a range of addresses: 1. A single address is described in standard Lustre NID format by specifying the client’s IP address followed by the Lustre network ID (for example, 10.0.1.6@tcp). 2. An address range is described using a dash to separate the range (for example, 10.0.[2-10].[1-255]@tcp).
* `root_squash` - (Optional) You enable root squash by setting a user ID (UID) and group ID (GID) for the file system in the format UID:GID (for example, 365534:65534). The UID and GID values can range from 0 to 4294967294.

## Attributes Reference

In addition to all arguments above, the following attributes are exported:
Expand Down