v0.8.0 release (#7)

Added support for Cloud Block Store on Azure deployment for Pure Fusion,
cbs_fusion_sec_azure resource, cbs_azure_plans data source and updated
purity version

Co-authored-by: Tomas Simacek <tsimacek@pruestorage.com>

Author: tsimacek

.gitignore

@@ -4,6 +4,7 @@
 *.dll
 *.so
 *.dylib
+terraform-provider-cbs
 
 # Test binary, built with `go test -c`
 *.test
@@ -22,4 +23,5 @@
 
 /.build/
 /.build-logs/
+/.build-products/
 **/.vscode/

.goreleaser.yml

@@ -19,7 +19,9 @@ builds:
   flags:
     - -trimpath
   ldflags:
-    - '-s -w -X github.dev.purestorage.com/FlashArray/terraform-provider-cbs/version.ProviderVersion={{.Version}}'
+    - "-s -w"
+    - "-X github.com/PureStorage-OpenConnect/terraform-provider-cbs/version.ProviderVersion={{.Version}}"
+    - "-X github.com/PureStorage-OpenConnect/terraform-provider-cbs/version.ProviderCommit={{.ShortCommit}}"
   goos:
     - freebsd
     - windows

CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.8.0 (May 15, 2023)
+
+* Added support for Cloud Block Store on Azure deployment for Pure Fusion using the `fusion_sec_identity` parameter, refer to the [documentation](docs/resources/array_azure.md)
+* Added cbs_azure_plans datasource, refer to the [documentation](docs/data-sources/azure_plans.md)
+* Added cbs_fusion_sec_azure resource, refer to the [documentation](docs/resources/fusion_sec_azure.md)
+* Update Purity version of cbs_array_azure to fetch the latest azure release using cbs_azure_plans
+* Update Purity version of cbs_array_aws to 6.4.0
+
 ## 0.7.0 (Oct 19, 2022)
 
 * Update Purity version of cbs_array_azure to 6.3.5

Makefile

@@ -1,4 +1,4 @@
-DEV_PKGDIR := $(HOME)/.terraform.d/plugins/terraform.purestorage.com/flasharray/cbs/
+DEV_PKGDIR := $(HOME)/.terraform.d/plugins/registry.terraform.io/PureStorage-OpenConnect/cbs
 DEV_GOBIN := $(DEV_PKGDIR)/99.99/linux_amd64/
 export SRC_DIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
 SHELL=/bin/bash -eEuo pipefail # Set sane shell options
@@ -9,14 +9,19 @@ export GNUPGHOME := /tmp/gnupg
 export PATH := $(TMPBIN):$(PATH)
 export PS_HTTP_TRACE_LOGGING := 1
 
--include */Makefile.mk
+PKG_LIST           := $(shell go list ./... )
+# List of packages that are part of the generated SDK
+GENERATED_PKG_LIST := $(shell go list ./... | grep 2.4)
+FILTERED_PKG_LIST  := $(filter-out $(GENERATED_PKG_LIST), $(PKG_LIST))
+LDFLAGS            := -X 'github.com/PureStorage-OpenConnect/terraform-provider-cbs/version.ProviderCommit=$(shell git rev-parse --short HEAD)'
 
-default: build
+include */Makefile.mk
+
+.DEFAULT_GOAL := build
 
 setup-basic:
 	@mkdir -p .build-logs/
 
-
 setup-goreleaser:
 	@curl -sfLO https://github.com/goreleaser/goreleaser/releases/download/v1.9.2/goreleaser_Linux_x86_64.tar.gz
 	@mkdir -p $(TMPBIN)
@@ -37,16 +42,16 @@ test-goreleaser-check: setup-goreleaser setup-basic
 	@CI="" goreleaser check >> .build-logs/goreleaser-check 2>&1
 
 build:
-	go build
+	go build -ldflags="$(LDFLAGS)"
 
 testacc:
-	TF_ACC=1 go test ./cbs -v -timeout 120m
+	TF_ACC=1 go test -ldflags="$(LDFLAGS)" ./cbs -v -timeout 120m
 
 install-dev-mock:
-	GOBIN=$(DEV_GOBIN) go install --tags mock
+	GOBIN=$(DEV_GOBIN) go install -ldflags="$(LDFLAGS)" --tags mock
 
 install-dev:
-	GOBIN=$(DEV_GOBIN) go install
+	GOBIN=$(DEV_GOBIN) go install -ldflags="$(LDFLAGS)"
 
 install-dev-clean:
 	@rm -rvf $(DEV_PKGDIR)
@@ -55,9 +60,29 @@ install-dev-clean:
 # The redirections and tee/grep stuff above is to help reduce console noise, we filter out all of the nominal messages, so its easier to see any errors
 # the full unfiltered log is in .build-logs/acc-mock
 
-test-vet:
-	@go vet ./cbs
-	@go vet -tags mock ./cbs
+vet:
+	@echo "Running go vet..."
+	@go vet $(FILTERED_PKG_LIST)
+	@go vet --tags mock $(FILTERED_PKG_LIST)
+
+fmt:
+	@echo "Fixing sources with gofmt..."
+	@go fmt $(PKG_LIST)
+	@git diff --exit-code || \
+		(echo; echo "Unexpected difference in source files after running 'go fmt'. Review the changes and commit them."; exit 1)
+
+depscheck:
+	@echo "Checking source code with go mod tidy..."
+	@go mod tidy
+	@git diff --exit-code go.mod go.sum || \
+		(echo; echo "Unexpected difference in go.mod/go.sum files. Run 'go mod tidy' command or revert any go.mod/go.sum changes and commit."; exit 1)
+
+# For local development, CI does not run this
+golangci-lint:
+	@golangci-lint run
+
+pkglist:
+	@echo "$(PKG_LIST)" | tr ' ' '\n'
 
 tidy:
 	@go get -u

auth/bootstrap_impl.go

@@ -26,6 +26,10 @@ func (b *bootstrapService) GenerateSecretPayload(ctx context.Context, host strin
 	return generateSecretPayloadReal(ctx, host, pureuserPrivateKey)
 }
 
+func (b *bootstrapService) OptOutDefaultProtectionPolicy(ctx context.Context, host string, pureuserPrivateKey []byte) error {
+	return optOutDefaultProtectionPolicyReal(ctx, host, pureuserPrivateKey)
+}
+
 type bootstrapService struct{}
 
 func NewBootstrapService() Bootstrapper {

auth/bootstrap_interface.go

@@ -22,6 +22,7 @@ import "context"
 
 type Bootstrapper interface {
 	GenerateSecretPayload(ctx context.Context, host string, pureuserPrivateKey []byte) ([]byte, error)
+	OptOutDefaultProtectionPolicy(ctx context.Context, host string, pureuserPrivateKey []byte) error
 }
 
 type SecretPayload struct {

auth/bootstrap_mock.go

@@ -47,3 +47,7 @@ func (b *mockBootstrapService) GenerateSecretPayload(ctx context.Context, host s
 
 	return credentials, nil
 }
+
+func (b *mockBootstrapService) OptOutDefaultProtectionPolicy(ctx context.Context, host string, pureuserPrivateKey []byte) error {
+	return nil
+}

auth/bootstrap_service.go

@@ -29,6 +29,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"io"
+	"log"
 	"math"
 	"net"
 	"strings"
@@ -39,6 +40,8 @@ import (
 	"golang.org/x/crypto/ssh"
 )
 
+const rootPgroupName = "pgroup-auto"
+
 func sshSetup(ctx context.Context, host string, pureuserPrivateKey []byte) (*ssh.Client, error) {
 	authMethod, err := pureuserPublicKeyAuth(pureuserPrivateKey)
 	if err != nil {
@@ -97,6 +100,9 @@ func newClientConnWithRetries(
 		retry.OnRetry(func(n uint, err error) {
 			tflog.Trace(ctx, fmt.Sprintf("NewClientConn retry %d: %s", n, err))
 		}),
+		retry.RetryIf(func(err error) bool {
+			return strings.Contains(err.Error(), "ssh: unable to authenticate")
+		}),
 	)
 
 	return
@@ -147,6 +153,40 @@ func generateSecretPayloadReal(ctx context.Context, host string, pureuserPrivate
 	return credentials, nil
 }
 
+func optOutDefaultProtectionPolicyReal(
+	ctx context.Context,
+	host string, pureuserPrivateKey []byte,
+) error {
+	client, err := sshSetup(ctx, host, pureuserPrivateKey)
+	if err != nil {
+		return fmt.Errorf("SSH Client setup failed: %w", err)
+	}
+
+	if out, err := executeSSHPureArrayRemovePgroupsFromDefaultProtections(ctx, client); err != nil {
+		if strings.Contains(out, "invalid choice: 'default-protection'") {
+			log.Println("OptOutDefaultProtectionPolicy: RemoveDefaultProtections: missing CLI subcommand")
+			return nil
+		}
+
+		return fmt.Errorf("OptOutDefaultProtectionPolicy: RemoveDefaultProtections: out=%s err=%w", out, err)
+	}
+
+	if out, err := executeSSHPurePgroupDestroy(ctx, client, rootPgroupName); err != nil {
+		if strings.Contains(out, "Protection group does not exist") {
+			log.Printf("OptOutDefaultProtectionPolicy: PgroupDestroy: pgroup %q does not exist\n", rootPgroupName)
+			return nil
+		}
+
+		return fmt.Errorf("OptOutDefaultProtectionPolicy: PgroupDestroy: out=%s err=%w", out, err)
+	}
+
+	if out, err := executeSSHPurePgroupEradicate(ctx, client, rootPgroupName); err != nil {
+		return fmt.Errorf("OptOutDefaultProtectionPolicy: PgroupEradicate: out=%s err=%w", out, err)
+	}
+
+	return nil
+}
+
 func generateKeyPair() ([]byte, []byte, error) {
 	// generate private keys
 	privateRSAKey, err := rsa.GenerateKey(rand.Reader, 2048)
@@ -216,6 +256,7 @@ func processPasswordPrompt(ctx context.Context, password string) sshIOProcessor
 		waitFor("Name")
 	}
 }
+
 func executeSSHPureAdminCreate(ctx context.Context, client *ssh.Client, username, password string) error {
 	tflog.Trace(ctx, "ExecuteSSHPureAdminCreate running pureadmin create")
 	return executeSSHCommandWithInputProcessing(ctx, client, "pureadmin create --role array_admin "+username, processPasswordPrompt(ctx, password))
@@ -259,6 +300,18 @@ func executeSSHPureAPIClientSetup(ctx context.Context, client *ssh.Client, apiCl
 
 }
 
+func executeSSHPureArrayRemovePgroupsFromDefaultProtections(ctx context.Context, client *ssh.Client) (string, error) {
+	return executeSSHCommandAndReturnCombinedOutput(client, "purearray default-protection set \"\" --pgroup \"\"")
+}
+
+func executeSSHPurePgroupDestroy(ctx context.Context, client *ssh.Client, pgroupName string) (string, error) {
+	return executeSSHCommandAndReturnCombinedOutput(client, "purepgroup destroy "+pgroupName)
+}
+
+func executeSSHPurePgroupEradicate(ctx context.Context, client *ssh.Client, pgroupName string) (string, error) {
+	return executeSSHCommandAndReturnCombinedOutput(client, "purepgroup eradicate "+pgroupName)
+}
+
 // Use this to ensure that something is closed (which usually does the actually
 // work for aborting) when a context is cancelled
 func closeOnCancel(ctx context.Context, closer io.Closer) {
@@ -274,7 +327,7 @@ func closeOnCancel(ctx context.Context, closer io.Closer) {
 
 // This is a helper, it consumes outBufferred one rune at a time, waiting until we see a match or hit an error
 func waitForLineContainingText(ctx context.Context, expectedString string, errHad *error, processOutputTail *string, outBuffered *bufio.Reader) {
-	ctx = tflog.With(ctx, "expectedString", expectedString)
+	ctx = tflog.SetField(ctx, "expectedString", expectedString)
 	tflog.Trace(ctx, "waiting for line containing text")
 	for {
 		newRune, _, err := outBuffered.ReadRune()
@@ -348,6 +401,18 @@ func executeSSHCommandAndReturnOutput(client *ssh.Client, cmd string) ([]string,
 	return lines, nil
 }
 
+func executeSSHCommandAndReturnCombinedOutput(client *ssh.Client, cmd string) (string, error) {
+	session, err := client.NewSession()
+	if err != nil {
+		return "", fmt.Errorf("failed to start a new session: %+v", err)
+	}
+	defer session.Close()
+
+	out, err := session.CombinedOutput(cmd)
+
+	return string(out), err
+}
+
 func executeSSHCommandWithInputProcessing(ctx context.Context, client *ssh.Client, cmd string, processor sshIOProcessor) error {
 	session, err := client.NewSession()
 	if err != nil {

auth/util_test.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"testing"
 
-	"github.dev.purestorage.com/FlashArray/terraform-provider-cbs/auth"
+	"github.com/PureStorage-OpenConnect/terraform-provider-cbs/auth"
 	"golang.org/x/crypto/ssh"
 )
 

cbs/acceptance/environment.go

@@ -0,0 +1,50 @@
+/*
+
+	Copyright 2022, Pure Storage Inc.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+package acceptance
+
+const (
+	// Environment variable for controlling the Azure acceptance tests
+	// related to deploying an app from the Azure Marketplace
+	EnvTfAccAzureSkipMarketplace = "TC_ACC_SKIP_AZURE_MARKETPLACE"
+
+	// Environment variable controlling if the Azure acceptance tests
+	// for user az cli login should be run. This testing is not available
+	// when using Service Principal auth.
+	EnvTfAccSkipUserPrincipalAuth = "TF_ACC_SKIP_USER_PRINCIPAL_AUTH"
+
+	// Environment variable for controlling the Azure acceptance tests
+	// related to deploying an CBS Fusion app from an App Definition
+	EnvTfAccAzureSkipFusionAppId = "TC_ACC_SKIP_AZURE_FUSION_APP_ID"
+
+	// Environment variable controlling if the Fusion Storage Endpoint
+	// Collection Azure acceptance tests should be run.
+	EnvTfAccSkipFusionSECAzure = "TF_ACC_SKIP_FUSION_SEC_AZURE"
+
+	// Enviromment variable with path to the Azure acceptance tests
+	// parameters file in json format
+	EnvTfAccAzureParamsPath = "TEST_ACC_AZURE_PARAMS_PATH"
+
+	// Enviromment variable with path to the Fusion Storage Endpoint
+	// Collection Azure acceptance tests parameters file in json format
+	EnvTfAccFusionSECAzureParamsPath = "TEST_ACC_FUSION_SEC_AZURE_PARAMS_PATH"
+
+	// Environment variable with path to the AWS acceptance tests
+	// parameters file in json format
+	EnvTfAccAwsParamsPath = "TEST_ACC_AWS_PARAMS_PATH"
+)

cbs/acceptance/test_params.go

@@ -0,0 +1,52 @@
+package acceptance
+
+type AccTestCbsAwsParams struct {
+	ArrayName              string `json:"array_name"`
+	ArrayModel             string `json:"array_model"`
+	DeploymentTemplateUrl  string `json:"deployment_template_url"`
+	DeploymentRoleArn      string `json:"deployment_role_arn"`
+	LicenseKey             string `json:"license_key"`
+	PureuserKeyPairName    string `json:"pureuser_key_pair_name"`
+	PureuserPrivateKeyPath string `json:"pureuser_private_key_path"`
+	PureuserPrivateKey     string `json:"pureuser_private_key"`
+	Subnet                 string `json:"subnet"`
+	SecurityGroup          string `json:"security_group"`
+}
+
+type AccTestCbsAzureParams struct {
+	ArrayName              string `json:"array_name"`
+	ArrayModel             string `json:"array_model"`
+	AppDefinitionId        string `json:"app_definition_id"`
+	PlanName               string `json:"plan_name"`
+	PlanProduct            string `json:"plan_product"`
+	PlanPublisher          string `json:"plan_publisher"`
+	PlanVersion            string `json:"plan_version"`
+	ResourceGroupName      string `json:"resource_group_name"`
+	Location               string `json:"location"`
+	LicenseKey             string `json:"license_key"`
+	PureuserPrivateKeyPath string `json:"pureuser_private_key_path"`
+	PureuserPrivateKey     string `json:"pureuser_private_key"`
+	KeyvaultId             string `json:"keyvault_id"`
+	ManagementSubnet       string `json:"management_subnet"`
+	ISCSISubnet            string `json:"iscsi_subnet"`
+	ReplicationSubnet      string `json:"replication_subnet"`
+	SystemSubnet           string `json:"system_subnet"`
+	VirtualNetworkId       string `json:"virtual_network_id"`
+	JitGroup               string `json:"jit_group"`
+	JitGroupID             string `json:"jit_group_id"`
+	FusionSECIdentity      string `json:"fusion_sec_identity"`
+}
+
+type AccTestCbsFusionSECAzureParams struct {
+	FusionSECName           string `json:"fusion_sec_name"`
+	PlanName                string `json:"plan_name"`
+	PlanProduct             string `json:"plan_product"`
+	PlanPublisher           string `json:"plan_publisher"`
+	PlanVersion             string `json:"plan_version"`
+	ResourceGroupName       string `json:"resource_group_name"`
+	Location                string `json:"location"`
+	LoadBalancerNetworkRg   string `json:"load_balancer_network_rg"`
+	LoadBalancerNetworkName string `json:"load_balancer_network_name"`
+	LoadBalancerSubnet      string `json:"load_balancer_subnet"`
+	JitGroupID              string `json:"jit_group_id"`
+}

cbs/cbs_service.go

@@ -22,8 +22,8 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/PureStorage-OpenConnect/terraform-provider-cbs/cbs/internal/cloud"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
-	"github.dev.purestorage.com/FlashArray/terraform-provider-cbs/cbs/internal/cloud"
 )
 
 type CbsService struct {