Merge pull request #172 from NetApp/integration/main

Sync bitbucket and GitHub
NetApp · Jul 18, 2023 · 5476a11 · 5476a11
2 parents 89ed586 + 71943e7
commit 5476a11
Show file tree

Hide file tree

Showing 4 changed files with 103 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,10 @@
+## 23.7.0
+NEW FEATURES:
+* resource/connector_gcp: support adding gcp keys `gcp_block_project_ssh_keys`, `gcp_serial_port_enable`, `gcp_enable_os_login` and `gcp_enable_os_login_sk` to the config.
+
 ## 23.6.1
 NEW FEATURES:
-* resource/cvo_gcp: support HIGH `writing_speed_state` in GCP HA. Make `gcp_service_account` optional .
+* resource/cvo_gcp: support HIGH `writing_speed_state` in GCP HA. Make `gcp_service_account` optional.
 
 ## 23.6.0
 NEW FEATURES:

diff --git a/cloudmanager/helper.go b/cloudmanager/helper.go
@@ -170,6 +170,23 @@ type svm struct {
 	Ver4Enabled       bool     `structs:"ver4Enabled"`
 }
 
+type configValuesUpdateRequest struct {
+	GcpBlockProjectSSHKeys bool `structs:"gcpBlockProjectSshKeys"`
+	GcpSerialPortEnable    bool `structs:"gcpSerialPortEnable"`
+	GcpEnableOsLogin       bool `structs:"gcpEnableOsLogin"`
+	GcpEnableOsLoginSk     bool `structs:"gcpEnableOsLoginSk"`
+}
+
+type configValuesResponse struct {
+	GcpInstanceMetadataItems gcpInstanceMetadata `json:"gcpInstanceMetadataItems"`
+}
+type gcpInstanceMetadata struct {
+	BlockProjectSSHKeys bool `json:"blockProjectSshKeys"`
+	SerialPortEnable    bool `json:"serialPortEnable"`
+	EnableOsLogin       bool `json:"enableOsLogin"`
+	EnableOsLoginSk     bool `json:"enableOsLoginSk"`
+}
+
 // userTags the input for requesting a CVO
 type userTags struct {
 	TagKey   string `structs:"tagKey"`
@@ -1275,6 +1292,35 @@ func (c *Client) upgradeOntapVersionAvailable(apiRoot string, id string, ontapVe
 	return "", fmt.Errorf("working environment %s: no upgrade version availble", id)
 }
 
+func (c *Client) setOCCMConfig(request configValuesUpdateRequest, clientID string) error {
+	log.Print("setOCCMConfig: set OCCM configuration")
+
+	hostType := "CloudManagerHost"
+
+	baseURL := "/occm/api/occm/config"
+	params := structs.Map(request)
+	log.Printf("\tparams: %+v", params)
+	statusCode, response, _, err := c.CallAPIMethod("PUT", baseURL, params, c.Token, hostType, clientID)
+
+	responseError := apiResponseChecker(statusCode, response, "setOCCMConfig")
+	if responseError != nil {
+		return responseError
+	}
+
+	if err != nil {
+		log.Print("setOCCMConfig request failed ", statusCode)
+		return err
+	}
+
+	var result configValuesResponse
+	if err := json.Unmarshal(response, &result); err != nil {
+		log.Print("Failed to unmarshall response from setOCCMConfig ", err)
+		return err
+	}
+	log.Printf("\tsetOCCMConfig result: %+v", result.GcpInstanceMetadataItems)
+	return nil
+}
+
 func (c *Client) setConfigFlag(request setFlagRequest, keyPath string, clientID string) error {
 	log.Print("setConfigFlag: set flag to allow ONTAP image upgrade")
 

diff --git a/cloudmanager/resource_netapp_cloudmanager_connector_gcp.go b/cloudmanager/resource_netapp_cloudmanager_connector_gcp.go
@@ -154,6 +154,30 @@ func resourceOCCMGCP() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+			"gcp_block_project_ssh_keys": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+				ForceNew: true,
+			},
+			"gcp_serial_port_enable": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+				ForceNew: true,
+			},
+			"gcp_enable_os_login": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+				ForceNew: true,
+			},
+			"gcp_enable_os_login_sk": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+				ForceNew: true,
+			},
 		},
 	}
 }
@@ -243,6 +267,20 @@ func resourceOCCMGCPCreate(d *schema.ResourceData, meta interface{}) error {
 		occmDetails.Tags = tags
 	}
 
+	occmConfig := configValuesUpdateRequest{}
+	if o, ok := d.GetOk("gcp_block_project_ssh_keys"); ok {
+		occmConfig.GcpBlockProjectSSHKeys = o.(bool)
+	}
+	if o, ok := d.GetOk("gcp_serial_port_enable"); ok {
+		occmConfig.GcpSerialPortEnable = o.(bool)
+	}
+	if o, ok := d.GetOk("gcp_enable_os_login"); ok {
+		occmConfig.GcpEnableOsLogin = o.(bool)
+	}
+	if o, ok := d.GetOk("gcp_enable_os_login_sk"); ok {
+		occmConfig.GcpEnableOsLoginSk = o.(bool)
+	}
+
 	res, err := client.deployGCPVM(occmDetails, proxyCertificates, "")
 	if err != nil {
 		log.Print("Error creating instance")
@@ -258,6 +296,10 @@ func resourceOCCMGCPCreate(d *schema.ResourceData, meta interface{}) error {
 		return fmt.Errorf("error reading occm account_id: %s", err)
 	}
 
+	if err := client.setOCCMConfig(occmConfig, res.ClientID); err != nil {
+		return fmt.Errorf("error set occm config: %s", err)
+	}
+
 	log.Printf("Created occm: %v", res)
 
 	return resourceOCCMGCPRead(d, meta)
@@ -321,12 +363,12 @@ func resourceOCCMGCPRead(d *schema.ResourceData, meta interface{}) error {
 		disk, err := client.getDisk(occmDetails, clientID)
 		if err != nil {
 			log.Print("Error reading disk")
-			return fmt.Errorf("Error getting disk info in read function %#v", err)
+			return fmt.Errorf("error getting disk info in read function %#v", err)
 		}
 		vmInstance, err := client.getVMInstance(occmDetails, clientID)
 		if err != nil {
 			log.Print("Error reading vm")
-			return fmt.Errorf("Error getting vm info in read function %#v", err)
+			return fmt.Errorf("error getting vm info in read function %#v", err)
 		}
 		vmLabels := make(map[string]interface{})
 		diskLabels := make(map[string]interface{})

diff --git a/website/docs/r/connector_gcp.html.markdown b/website/docs/r/connector_gcp.html.markdown
@@ -30,6 +30,10 @@ resource "netapp-cloudmanager_connector_gcp" "cl-occm-gcp" {
   service_account_email = "xxxxxxxxxxxxxxxx"
   service_account_path = "gcp_creds.json"
   account_id = "account-moKEW1b5"
+  gcp_block_project_ssh_keys = true
+  gcp_serial_port_enable = true
+  gcp_enable_os_login = false
+  gcp_enable_os_login_sk = false
 }
 ```
 
@@ -56,6 +60,10 @@ The following arguments are supported:
 * `account_id` - (Optional, non-modifiable) The NetApp account ID that the Connector will be associated with. If not provided, Cloud Manager uses the first account. If no account exists, Cloud Manager creates a new account. You can find the account ID in the account tab of Cloud Manager at [https://console.bluexp.netapp.com/](https://console.bluexp.netapp.com/).
 * `tags` - (Optional) The list of network tags.
 * `labels` - (Optional) The map of labels.
+* `gcp_block_project_ssh_keys` - (Optional) Block project-wide SSH keys. Default value is false. Referece: [Block project SSH keys from a VM after VM creation](https://cloud.google.com/compute/docs/connect/restrict-ssh-keys#after-vm-creation)
+* `gcp_serial_port_enable` - (Optional) Enable the Serial Console Port. Default value is true. Reference: [Disabling interactive serial console access](https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-using-serial-console#disabling_interactive_serial_console_on_a_particular_instance_or_project)
+* `gcp_enable_os_login` - (Optional) Enable OS login. Default value is true. Reference: [Enable OS Login](https://cloud.google.com/compute/docs/oslogin/set-up-oslogin#enable_os_login)
+* `gcp_enable_os_login_sk` - (Optional) Enable OS login with security keys. Default value is true. Reference: [Enable security keys with OS Login](https://cloud.google.com/compute/docs/oslogin/security-keys)
 
 ## Attributes Reference