Skip to content

Don't always try to set locked status of security accounts#599

Open
brinnjoyce wants to merge 2 commits into
NetApp:integration/mainfrom
brinnjoyce:security_account_locked
Open

Don't always try to set locked status of security accounts#599
brinnjoyce wants to merge 2 commits into
NetApp:integration/mainfrom
brinnjoyce:security_account_locked

Conversation

@brinnjoyce
Copy link
Copy Markdown

@brinnjoyce brinnjoyce commented Oct 31, 2025

Closes #598

This would still run into permissions issues if the account was locked or if you tried to manually define the locked status. But it allows a security account like the below to be created on an FSx Ontap

resource "netapp-ontap_security_account" "harvest" {
  cx_profile_name = var.fsx_cx_profile_name
  name            = "harvest"
  applications = [
    {
      application            = "ontapi"
      authentication_methods = ["password"]
    }
  ]
  password = var.harvest_password
  role = {
    name = "fsxadmin-readonly"
  }
}

@brinnjoyce
Don't always try to set locked status of security accounts
16c25db 
(cherry picked from commit 736e4be3ae7155226aea482060a3861785640ab7)
chuyich
chuyich reviewed Nov 6, 2025
View reviewed changes
Comment thread internal/provider/security/security_account_resource.go Outdated
chuyich
chuyich requested changes Nov 6, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@chuyich chuyich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine with the first change But think about the case I shared in the comment.

@brinnjoyce brinnjoyce mentioned this pull request Nov 6, 2025
Open
@brinnjoyce
Default locked to false, only send locked property on create if it's …
289780c 
…true. On update only send if plan doesn't match state
@brinnjoyce brinnjoyce force-pushed the security_account_locked branch from 78a86a2 to 289780c Compare November 6, 2025 08:31
@suhasbshekar
Copy link
Copy Markdown
Contributor

suhasbshekar commented Dec 4, 2025

We try to avoid defaults going forward as API may change defaults in future, this creates a dependency, lets try to have a solution without default

suhasbshekar
suhasbshekar requested changes Dec 4, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@suhasbshekar suhasbshekar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We try to avoid defaults going forward as API may change defaults in future, this creates a dependency, lets try to have a solution without default

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@suhasbshekar suhasbshekar suhasbshekar requested changes

@chuyich chuyich chuyich requested changes

@carchi8py carchi8py Awaiting requested review from carchi8py carchi8py is a code owner

@wenjun666 wenjun666 Awaiting requested review from wenjun666 wenjun666 is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: netapp-ontap_security_account doesn't work with AWS FSx Ontap

3 participants

@brinnjoyce @suhasbshekar @chuyich