hashicorp · bflad · Aug 2, 2018 · Jul 20, 2018 · appilon · Aug 1, 2018
diff --git a/aws/resource_aws_storagegateway_gateway.go b/aws/resource_aws_storagegateway_gateway.go
@@ -9,6 +9,7 @@ import (
 
  "github.com/aws/aws-sdk-go/aws"
  "github.com/aws/aws-sdk-go/service/storagegateway"
+ "github.com/hashicorp/terraform/helper/customdiff"
  "github.com/hashicorp/terraform/helper/resource"
  "github.com/hashicorp/terraform/helper/schema"
  "github.com/hashicorp/terraform/helper/validation"
@@ -20,6 +21,11 @@ func resourceAwsStorageGatewayGateway() *schema.Resource {
  Read: resourceAwsStorageGatewayGatewayRead,
  Update: resourceAwsStorageGatewayGatewayUpdate,
  Delete: resourceAwsStorageGatewayGatewayDelete,
+ CustomizeDiff: customdiff.Sequence(
+ customdiff.ForceNewIfChange("smb_active_directory_settings", func(old, new, meta interface{}) bool {
+ return len(old.([]interface{})) == 1 && len(new.([]interface{})) == 0
+ }),
+ ),
  Importer: &schema.ResourceImporter{
  State: schema.ImportStatePassthrough,
  },
@@ -81,6 +87,33 @@ func resourceAwsStorageGatewayGateway() *schema.Resource {
  "STK-L700",
  }, false),
  },
+ "smb_active_directory_settings": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "domain_name": {
+ Type: schema.TypeString,
+ Required: true,
+ },
+ "password": {
+ Type: schema.TypeString,
+ Required: true,
+ Sensitive: true,
+ },
+ "username": {
+ Type: schema.TypeString,
+ Required: true,
+ },
+ },
+ },
+ },
+ "smb_guest_password": {
+ Type: schema.TypeString,
+ Optional: true,
+ Sensitive: true,
+ },
  "tape_drive_type": {
  Type: schema.TypeString,
  Optional: true,
@@ -199,6 +232,36 @@ func resourceAwsStorageGatewayGatewayCreate(d *schema.ResourceData, meta interfa
  return fmt.Errorf("error waiting for Storage Gateway Gateway activation: %s", err)
  }
 
+ if v, ok := d.GetOk("smb_active_directory_settings"); ok && len(v.([]interface{})) > 0 {
+ m := v.([]interface{})[0].(map[string]interface{})
+
+ input := &storagegateway.JoinDomainInput{
+ DomainName: aws.String(m["domain_name"].(string)),
+ GatewayARN: aws.String(d.Id()),
+ Password: aws.String(m["password"].(string)),
+ UserName: aws.String(m["username"].(string)),
+ }
+
+ log.Printf("[DEBUG] Storage Gateway Gateway %q joining Active Directory domain: %s", d.Id(), m["domain_name"].(string))
+ _, err := conn.JoinDomain(input)
+ if err != nil {
+ return fmt.Errorf("error joining Active Directory domain: %s", err)
+ }
+ }
+
+ if v, ok := d.GetOk("smb_guest_password"); ok && v.(string) != "" {
+ input := &storagegateway.SetSMBGuestPasswordInput{
+ GatewayARN: aws.String(d.Id()),
+ Password: aws.String(v.(string)),
+ }
+
+ log.Printf("[DEBUG] Storage Gateway Gateway %q setting SMB guest password", d.Id())
+ _, err := conn.SetSMBGuestPassword(input)
+ if err != nil {
+ return fmt.Errorf("error setting SMB guest password: %s", err)
+ }
+ }
+
  return resourceAwsStorageGatewayGatewayRead(d, meta)
 }
 
@@ -220,18 +283,79 @@ func resourceAwsStorageGatewayGatewayRead(d *schema.ResourceData, meta interface
  return fmt.Errorf("error reading Storage Gateway Gateway: %s", err)
  }
 
+ smbSettingsInput := &storagegateway.DescribeSMBSettingsInput{
+ GatewayARN: aws.String(d.Id()),
+ }
+
+ log.Printf("[DEBUG] Reading Storage Gateway SMB Settings: %s", smbSettingsInput)
+ smbSettingsOutput, err := conn.DescribeSMBSettings(smbSettingsInput)
+ if err != nil && !isAWSErr(err, storagegateway.ErrCodeInvalidGatewayRequestException, "This operation is not valid for the specified gateway") {
+ if isAWSErrStorageGatewayGatewayNotFound(err) {
+ log.Printf("[WARN] Storage Gateway Gateway %q not found - removing from state", d.Id())
+ d.SetId("")
+ return nil
+ }
+ return fmt.Errorf("error reading Storage Gateway SMB Settings: %s", err)
+ }
+
  // The Storage Gateway API currently provides no way to read this value
+ // We allow Terraform to passthrough the configuration value into the state
  d.Set("activation_key", d.Get("activation_key").(string))
+
  d.Set("arn", output.GatewayARN)
  d.Set("gateway_id", output.GatewayId)
+
  // The Storage Gateway API currently provides no way to read this value
+ // We allow Terraform to passthrough the configuration value into the state
  d.Set("gateway_ip_address", d.Get("gateway_ip_address").(string))
+
  d.Set("gateway_name", output.GatewayName)
  d.Set("gateway_timezone", output.GatewayTimezone)
  d.Set("gateway_type", output.GatewayType)
+
  // The Storage Gateway API currently provides no way to read this value
+ // We allow Terraform to passthrough the configuration value into the state
  d.Set("medium_changer_type", d.Get("medium_changer_type").(string))
+
+ // Treat the entire nested argument as a whole, based on domain name
+ // to simplify schema and difference logic
+ if smbSettingsOutput == nil || aws.StringValue(smbSettingsOutput.DomainName) == "" {
+ if err := d.Set("smb_active_directory_settings", []interface{}{}); err != nil {
+ return fmt.Errorf("error setting smb_active_directory_settings: %s", err)
+ }
+ } else {
+ m := map[string]interface{}{
+ "domain_name": aws.StringValue(smbSettingsOutput.DomainName),
+ // The Storage Gateway API currently provides no way to read these values
+ // "password": ...,
+ // "username": ...,
+ }
+ // We must assemble these into the map from configuration or Terraform will enter ""
+ // into state and constantly show a difference (also breaking downstream references)
+ // UPDATE: aws_storagegateway_gateway.test
+ // smb_active_directory_settings.0.password: "<sensitive>" => "<sensitive>" (attribute changed)
+ // smb_active_directory_settings.0.username: "" => "Administrator"
+ if v, ok := d.GetOk("smb_active_directory_settings"); ok && len(v.([]interface{})) > 0 {
+ configM := v.([]interface{})[0].(map[string]interface{})
+ m["password"] = configM["password"]
+ m["username"] = configM["username"]
+ }
+ if err := d.Set("smb_active_directory_settings", []map[string]interface{}{m}); err != nil {
+ return fmt.Errorf("error setting smb_active_directory_settings: %s", err)
+ }
+ }
+
  // The Storage Gateway API currently provides no way to read this value
+ // We allow Terraform to _automatically_ passthrough the configuration value into the state here
+ // as the API does clue us in whether or not its actually set at all,
+ // which can be used to tell Terraform to show a difference in this case
+ // as well as ensuring there is some sort of attribute value (unlike the others)
+ if smbSettingsOutput == nil || !aws.BoolValue(smbSettingsOutput.SMBGuestPasswordSet) {
+ d.Set("smb_guest_password", "")
+ }
+
+ // The Storage Gateway API currently provides no way to read this value
+ // We allow Terraform to passthrough the configuration value into the state
  d.Set("tape_drive_type", d.Get("tape_drive_type").(string))
 
  return nil
@@ -240,16 +364,49 @@ func resourceAwsStorageGatewayGatewayRead(d *schema.ResourceData, meta interface
 func resourceAwsStorageGatewayGatewayUpdate(d *schema.ResourceData, meta interface{}) error {
  conn := meta.(*AWSClient).storagegatewayconn
 
- input := &storagegateway.UpdateGatewayInformationInput{
- GatewayARN: aws.String(d.Id()),
- GatewayName: aws.String(d.Get("gateway_name").(string)),
- GatewayTimezone: aws.String(d.Get("gateway_timezone").(string)),
+ if d.HasChange("gateway_name") || d.HasChange("gateway_timezone") {
+ input := &storagegateway.UpdateGatewayInformationInput{
+ GatewayARN: aws.String(d.Id()),
+ GatewayName: aws.String(d.Get("gateway_name").(string)),
+ GatewayTimezone: aws.String(d.Get("gateway_timezone").(string)),
+ }
+
+ log.Printf("[DEBUG] Updating Storage Gateway Gateway: %s", input)
+ _, err := conn.UpdateGatewayInformation(input)
+ if err != nil {
+ return fmt.Errorf("error updating Storage Gateway Gateway: %s", err)
+ }
  }
 
- log.Printf("[DEBUG] Updating Storage Gateway Gateway: %s", input)
- _, err := conn.UpdateGatewayInformation(input)
- if err != nil {
- return fmt.Errorf("error updating Storage Gateway Gateway: %s", err)
+ if d.HasChange("smb_active_directory_settings") {
+ l := d.Get("smb_active_directory_settings").([]interface{})
+ m := l[0].(map[string]interface{})
+
+ input := &storagegateway.JoinDomainInput{
+ DomainName: aws.String(m["domain_name"].(string)),
+ GatewayARN: aws.String(d.Id()),
+ Password: aws.String(m["password"].(string)),
+ UserName: aws.String(m["username"].(string)),
+ }
+
+ log.Printf("[DEBUG] Storage Gateway Gateway %q joining Active Directory domain: %s", d.Id(), m["domain_name"].(string))
+ _, err := conn.JoinDomain(input)
+ if err != nil {
+ return fmt.Errorf("error joining Active Directory domain: %s", err)
+ }
+ }
+
+ if d.HasChange("smb_guest_password") {
+ input := &storagegateway.SetSMBGuestPasswordInput{
+ GatewayARN: aws.String(d.Id()),
+ Password: aws.String(d.Get("smb_guest_password").(string)),
+ }
+
+ log.Printf("[DEBUG] Storage Gateway Gateway %q setting SMB guest password", d.Id())
+ _, err := conn.SetSMBGuestPassword(input)
+ if err != nil {
+ return fmt.Errorf("error setting SMB guest password: %s", err)
+ }
  }
 
  return resourceAwsStorageGatewayGatewayRead(d, meta)