Adding access_rules_options to google_lustre_instance
#15898
Conversation
|
Hello! I am a robot. Tests will require approval from a repository maintainer to run. Googlers: For automatic test runs see go/terraform-auto-test-runs. @shuyama1, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look. You can help make sure that review is quick by doing a self-review and by running impacted tests locally. |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 6 Click here to see the affected service packages
Action takenFound 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
1 similar comment
Tests analyticsTotal tests: 6 Click here to see the affected service packages
Action takenFound 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
| access_rules { | ||
| name = "another_admin" | ||
| ip_address_ranges = [ | ||
| "172.16.5.0/24" |
There was a problem hiding this comment.
Can we try multiple values for this list, just want to ensure, it will return the same order as sent
| Access control rules for the Lustre instance. Configures default root | ||
| squashing behavior and specific access rules based on IP addresses. | ||
| properties: | ||
| - name: defaultSquashMode |
There was a problem hiding this comment.
Looks like this is required according to the API doc
| - name: name | ||
| type: String | ||
| description: |- | ||
| A unique identifier for the access rule. | ||
| - name: ipAddressRanges | ||
| type: Array | ||
| description: |- | ||
| An array of IP address strings or CIDR ranges that this rule applies to. | ||
| item_type: | ||
| type: String | ||
| - name: squashMode | ||
| type: Enum | ||
| description: |- | ||
| The squash mode for this specific rule. Currently, only "NO_SQUASH" | ||
| is supported for exceptions. | ||
| enum_values: | ||
| - 'NO_SQUASH' |
There was a problem hiding this comment.
Looks like all these fields are required
https://docs.cloud.google.com/managed-lustre/docs/reference/rest/v1/projects.locations.instances#accessrule
| default_squash_uid = 0 | ||
| default_squash_gid = 0 |
There was a problem hiding this comment.
Can we add a step omit these fields? Just want to double check if the API returns values for these fields when access_rules_options block is explicitly set
| per_unit_storage_throughput = 1000 | ||
| access_rules_options { | ||
| default_squash_mode = "NO_SQUASH" |
There was a problem hiding this comment.
Also just want to double check - as mentioned in the API doc, when default_squash_mode = "NO_SQUASH" is set, do not set the defaultSquashUid or defaultSquashGid, or an invalid argument error is returned.
and = 0 just means unset in this case?
3 participants
Add accessRulesOptions support to google_lustre_instance resource
This PR adds support for
accessRulesOptionsconfiguration to thegoogle_lustre_instanceresource, enabling users to configure root squashing behavior and IP-based access control rules for Managed Lustre instances.Changes Made:
Resource Schema (
mmv1/products/lustre/Instance.yaml):accessRulesOptionsnested object with the following fields:defaultSquashMode(Enum): Set default root squashing mode (ROOT_SQUASH or NO_SQUASH)defaultSquashUid(Integer): UID to map root user to when squashing is enableddefaultSquashGid(Integer): GID to map root user to when squashing is enabledaccessRules(Array): List of access rule exceptions with:name: Unique identifier for the ruleipAddressRanges: Array of IP addresses or CIDR rangessquashMode: Squash mode for the specific rule (currently NO_SQUASH for exceptions)Release Note Template for Downstream PRs (will be copied)
See Write release notes for guidance.