adding builtin administrators field in AD resource (#10842) (#18333)

[upstream:d64895dd8b52ebb98b915297eecd80ef27617009]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

google/services/netapp/resource_netapp_active_directory.go

@@ -95,6 +95,14 @@ A five-character random ID is generated automatically, for example, -6f9a, and a
 				Required:    true,
 				Description: `Username for the Active Directory account with permissions to create the compute account within the specified organizational unit.`,
 			},
+			"administrators": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: `Domain user accounts to be added to the local Administrators group of the SMB service. Comma-separated list of domain users or groups. The Domain Admin group is automatically added when the service joins your domain as a hidden group.`,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
 			"aes_encryption": {
 				Type:        schema.TypeBool,
 				Optional:    true,
@@ -272,6 +280,12 @@ func resourceNetappactiveDirectoryCreate(d *schema.ResourceData, meta interface{
 	} else if v, ok := d.GetOkExists("backup_operators"); !tpgresource.IsEmptyValue(reflect.ValueOf(backupOperatorsProp)) && (ok || !reflect.DeepEqual(v, backupOperatorsProp)) {
 		obj["backupOperators"] = backupOperatorsProp
 	}
+	administratorsProp, err := expandNetappactiveDirectoryAdministrators(d.Get("administrators"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("administrators"); !tpgresource.IsEmptyValue(reflect.ValueOf(administratorsProp)) && (ok || !reflect.DeepEqual(v, administratorsProp)) {
+		obj["administrators"] = administratorsProp
+	}
 	securityOperatorsProp, err := expandNetappactiveDirectorySecurityOperators(d.Get("security_operators"), d, config)
 	if err != nil {
 		return err
@@ -449,6 +463,9 @@ func resourceNetappactiveDirectoryRead(d *schema.ResourceData, meta interface{})
 	if err := d.Set("backup_operators", flattenNetappactiveDirectoryBackupOperators(res["backupOperators"], d, config)); err != nil {
 		return fmt.Errorf("Error reading activeDirectory: %s", err)
 	}
+	if err := d.Set("administrators", flattenNetappactiveDirectoryAdministrators(res["administrators"], d, config)); err != nil {
+		return fmt.Errorf("Error reading activeDirectory: %s", err)
+	}
 	if err := d.Set("security_operators", flattenNetappactiveDirectorySecurityOperators(res["securityOperators"], d, config)); err != nil {
 		return fmt.Errorf("Error reading activeDirectory: %s", err)
 	}
@@ -556,6 +573,12 @@ func resourceNetappactiveDirectoryUpdate(d *schema.ResourceData, meta interface{
 	} else if v, ok := d.GetOkExists("backup_operators"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, backupOperatorsProp)) {
 		obj["backupOperators"] = backupOperatorsProp
 	}
+	administratorsProp, err := expandNetappactiveDirectoryAdministrators(d.Get("administrators"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("administrators"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, administratorsProp)) {
+		obj["administrators"] = administratorsProp
+	}
 	securityOperatorsProp, err := expandNetappactiveDirectorySecurityOperators(d.Get("security_operators"), d, config)
 	if err != nil {
 		return err
@@ -650,6 +673,10 @@ func resourceNetappactiveDirectoryUpdate(d *schema.ResourceData, meta interface{
 		updateMask = append(updateMask, "backupOperators")
 	}
 
+	if d.HasChange("administrators") {
+		updateMask = append(updateMask, "administrators")
+	}
+
 	if d.HasChange("security_operators") {
 		updateMask = append(updateMask, "securityOperators")
 	}
@@ -840,6 +867,10 @@ func flattenNetappactiveDirectoryBackupOperators(v interface{}, d *schema.Resour
 	return v
 }
 
+func flattenNetappactiveDirectoryAdministrators(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenNetappactiveDirectorySecurityOperators(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -942,6 +973,10 @@ func expandNetappactiveDirectoryBackupOperators(v interface{}, d tpgresource.Ter
 	return v, nil
 }
 
+func expandNetappactiveDirectoryAdministrators(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandNetappactiveDirectorySecurityOperators(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

google/services/netapp/resource_netapp_active_directory_generated_test.go

@@ -0,0 +1,124 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package netapp_test
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
+)
+
+func TestAccNetappactiveDirectory_netappActiveDirectoryFullExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckNetappactiveDirectoryDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetappactiveDirectory_netappActiveDirectoryFullExample(context),
+			},
+			{
+				ResourceName:            "google_netapp_active_directory.test_active_directory_full",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"labels", "location", "name", "password", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccNetappactiveDirectory_netappActiveDirectoryFullExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_netapp_active_directory" "test_active_directory_full" {
+    name = "tf-test-test-active-directory-full%{random_suffix}"
+    location = "us-central1"
+    domain = "ad.internal"
+    dns = "172.30.64.3"
+    net_bios_prefix = "smbserver"
+    username = "user"
+    password = "pass"
+    aes_encryption         = false
+    backup_operators       = ["test1", "test2"]
+    administrators         = ["test1", "test2"]
+    description            = "ActiveDirectory is the public representation of the active directory config."
+    encrypt_dc_connections = false
+    kdc_hostname           = "hostname"
+    kdc_ip                 = "10.10.0.11"
+    labels                 = { 
+        "foo": "bar"
+    }
+    ldap_signing           = false
+    nfs_users_with_ldap    = false
+    organizational_unit    = "CN=Computers"
+    security_operators     = ["test1", "test2"]
+    site                   = "test-site"
+  }
+`, context)
+}
+
+func testAccCheckNetappactiveDirectoryDestroyProducer(t *testing.T) func(s *terraform.State) error {
+	return func(s *terraform.State) error {
+		for name, rs := range s.RootModule().Resources {
+			if rs.Type != "google_netapp_active_directory" {
+				continue
+			}
+			if strings.HasPrefix(name, "data.") {
+				continue
+			}
+
+			config := acctest.GoogleProviderConfig(t)
+
+			url, err := tpgresource.ReplaceVarsForTest(config, rs, "{{NetappBasePath}}projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}")
+			if err != nil {
+				return err
+			}
+
+			billingProject := ""
+
+			if config.BillingProject != "" {
+				billingProject = config.BillingProject
+			}
+
+			_, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+				Config:    config,
+				Method:    "GET",
+				Project:   billingProject,
+				RawURL:    url,
+				UserAgent: config.UserAgent,
+			})
+			if err == nil {
+				return fmt.Errorf("NetappactiveDirectory still exists at %s", url)
+			}
+		}
+
+		return nil
+	}
+}

google/services/netapp/resource_netapp_active_directory_test.go

@@ -55,6 +55,7 @@ resource "google_netapp_active_directory" "test_active_directory_full" {
     password = "pass"
     aes_encryption         = false
     backup_operators       = ["test1", "test2"]
+    administrators         = ["test1", "test2"]
     description            = "ActiveDirectory is the public representation of the active directory config."
     encrypt_dc_connections = false
     kdc_hostname           = "hostname"
@@ -83,6 +84,7 @@ resource "google_netapp_active_directory" "test_active_directory_full" {
     password = "pass"
     aes_encryption         = false
     backup_operators       = ["test1", "test2"]
+    administrators         = ["test1", "test2"]
     description            = "ActiveDirectory is the public representation of the active directory config."
     encrypt_dc_connections = false
     kdc_hostname           = "hostname"

website/docs/r/netapp_active_directory.html.markdown

@@ -32,6 +32,11 @@ To get more information about activeDirectory, see:
 values will be stored in the raw state as plain text: `password`.
 [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data).
 
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.jpy.wang%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=netapp_active_directory_full&open_in_editor=main.tf" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
 ## Example Usage - Netapp Active Directory Full
 
 
@@ -46,6 +51,7 @@ resource "google_netapp_active_directory" "test_active_directory_full" {
     password = "pass"
     aes_encryption         = false
     backup_operators       = ["test1", "test2"]
+    administrators         = ["test1", "test2"]
     description            = "ActiveDirectory is the public representation of the active directory config."
     encrypt_dc_connections = false
     kdc_hostname           = "hostname"
@@ -119,6 +125,10 @@ The following arguments are supported:
   (Optional)
   Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list.
 
+* `administrators` -
+  (Optional)
+  Domain user accounts to be added to the local Administrators group of the SMB service. Comma-separated list of domain users or groups. The Domain Admin group is automatically added when the service joins your domain as a hidden group.
+
 * `security_operators` -
   (Optional)
   Domain accounts that require elevated privileges such as `SeSecurityPrivilege` to manage security logs. Comma-separated list.