17G branching for DSAP (#292)

* added branching out code for 17G and updated testcase Co-authored-by: Krunal Thakkar <[email protected]>
dell · Feb 18, 2025 · 75532e9 · 75532e9
1 parent cc451da
commit 75532e9
Show file tree

Hide file tree

Showing 6 changed files with 1,736 additions and 260 deletions.
diff --git a/docs/resources/directory_service_auth_provider.md b/docs/resources/directory_service_auth_provider.md
@@ -147,6 +147,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+# kerberod file is not supported by 17G and this configuration works only for below 17G
 data "local_file" "kerberos" {
   # this is the path to the kerberos keytab file that we want to upload.
   # this file must be base64 encoded format
@@ -180,14 +181,17 @@ resource "redfish_directory_service_auth_provider" "ds_auth" {
     directory = {
       # remote_role_mapping = [
       #     {
-      #         local_role = "None",
+      #         local_role = "Administrator",
       #         remote_group = "idracgroup"
       #     }
       # ],
+      # To Update service addresses for 17G please provide configuration in active_directory_attributes
+      # This configuration will be working once the issue for 17G get resolved 
       # service_addresses = [
       #     "yulanadhost11.yulan.pie.lab.emc.com"
       #  ],
       service_enabled = true,
+      # authentication configuration works for below 17G server, 17G server do not support kerberos
       authentication = {
         kerberos_key_tab_file = data.local_file.kerberos.content
       }
@@ -199,14 +203,22 @@ resource "redfish_directory_service_auth_provider" "ds_auth" {
     "ActiveDirectory.1.CertValidationEnable" = "Enabled",
     "ActiveDirectory.1.DCLookupEnable"       = "Enabled",
 
-    # RacName and RacDomain can be configured when Schema is Extended Schema
+    # DomainController can be configured when DCLookupEnable is Disabled
+    # To update service addresses for 17G please provide below configuration
+    #"ActiveDirectory.1.DomainController1"= "yulanadhost1.yulan.pie.lab.emc.com",
+    #"ActiveDirectory.1.DomainController2"= "yulanadhost2.yulan.pie.lab.emc.com",
+    #"ActiveDirectory.1.DomainController3"= "yulanadhost3.yulan.pie.lab.emc.com",
+
+    # RacName and RacDomain can be configured when Schema is Extended Schema which is supported by below 17G server
     "ActiveDirectory.1.RacDomain" = "test",
     "ActiveDirectory.1.RacName"   = "test",
 
+    # SSOEnable configuration can be done for below 17G server and it's not supported by 17G server
     # if SSOEnable is Enabled make sure ActiveDirectory Service is enabled and valid kerberos_key_tab_file is provided
     "ActiveDirectory.1.SSOEnable" = "Disabled",
 
     # Schema can be Extended Schema or Standard Schema
+    # Schema configuration can be done for below 17G, and this configuration is not supported by 17G 
     "ActiveDirectory.1.Schema" = "Extended Schema",
     "UserDomain.1.Name"        = "yulan.pie.lab.emc.com",
 
@@ -218,6 +230,7 @@ resource "redfish_directory_service_auth_provider" "ds_auth" {
 
     #"ActiveDirectory.1.GCLookupEnable" = "Disabled"
 
+    # for 17G below configuration can be performed without schema configuration
     # at least any one from GlobalCatalog1,GlobalCatalog2,GlobalCatalog3 must be configured when Schema is Standard and GCLookupEnable is Disabled
     # "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost11.yulan.pie.lab.emc.com",
     # "ActiveDirectory.1.GlobalCatalog2" = "yulanadhost11.yulan.pie.lab.emc.com",
@@ -237,6 +250,7 @@ resource "redfish_directory_service_auth_provider" "ds_auth" {
   #					remote_group = "cn = idracgroup,cn = users,dc = yulan,dc = pie,dc = lab,dc = emc,dc = com"
   #				}        
   #			],
+  #   To Update LDAP service addresses for 17G please provide configuration in ldap_attributes
   #			service_addresses = [
   #				"yulanadhost12.yulan.pie.lab.emc.com"
   #			],
@@ -259,6 +273,8 @@ resource "redfish_directory_service_auth_provider" "ds_auth" {
   #	  "LDAP.1.BindDN" = "cn = adtester,cn = users,dc = yulan,dc = pie,dc = lab,dc = emc,dc = com",
   #	  "LDAP.1.BindPassword" = "",
   #	  "LDAP.1.SearchFilter" = "(objectclass = *)",
+  #   To Update LDAP service addresses for 17G please provide below configuration
+  #   "LDAP.1.Server": "yulanadhost12.yulan.pie.lab.emc.com",
   #	  
   #		  }
 

diff --git a/examples/resources/redfish_directory_service_auth_provider/resource.tf b/examples/resources/redfish_directory_service_auth_provider/resource.tf
@@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+# kerberod file is not supported by 17G and this configuration works only for below 17G
 data "local_file" "kerberos" {
   # this is the path to the kerberos keytab file that we want to upload.
   # this file must be base64 encoded format
@@ -48,14 +49,17 @@ resource "redfish_directory_service_auth_provider" "ds_auth" {
     directory = {
       # remote_role_mapping = [
       #     {
-      #         local_role = "None",
+      #         local_role = "Administrator",
       #         remote_group = "idracgroup"
       #     }
       # ],
+      # To Update service addresses for 17G please provide configuration in active_directory_attributes
+      # This configuration will be working once the issue for 17G get resolved 
       # service_addresses = [
       #     "yulanadhost11.yulan.pie.lab.emc.com"
       #  ],
       service_enabled = true,
+      # authentication configuration works for below 17G server, 17G server do not support kerberos
       authentication = {
         kerberos_key_tab_file = data.local_file.kerberos.content
       }
@@ -67,14 +71,22 @@ resource "redfish_directory_service_auth_provider" "ds_auth" {
     "ActiveDirectory.1.CertValidationEnable" = "Enabled",
     "ActiveDirectory.1.DCLookupEnable"       = "Enabled",
 
-    # RacName and RacDomain can be configured when Schema is Extended Schema
+    # DomainController can be configured when DCLookupEnable is Disabled
+    # To update service addresses for 17G please provide below configuration
+    #"ActiveDirectory.1.DomainController1"= "yulanadhost1.yulan.pie.lab.emc.com",
+    #"ActiveDirectory.1.DomainController2"= "yulanadhost2.yulan.pie.lab.emc.com",
+    #"ActiveDirectory.1.DomainController3"= "yulanadhost3.yulan.pie.lab.emc.com",
+
+    # RacName and RacDomain can be configured when Schema is Extended Schema which is supported by below 17G server
     "ActiveDirectory.1.RacDomain" = "test",
     "ActiveDirectory.1.RacName"   = "test",
 
+    # SSOEnable configuration can be done for below 17G server and it's not supported by 17G server
     # if SSOEnable is Enabled make sure ActiveDirectory Service is enabled and valid kerberos_key_tab_file is provided
     "ActiveDirectory.1.SSOEnable" = "Disabled",
 
     # Schema can be Extended Schema or Standard Schema
+    # Schema configuration can be done for below 17G, and this configuration is not supported by 17G 
     "ActiveDirectory.1.Schema" = "Extended Schema",
     "UserDomain.1.Name"        = "yulan.pie.lab.emc.com",
 
@@ -86,6 +98,7 @@ resource "redfish_directory_service_auth_provider" "ds_auth" {
 
     #"ActiveDirectory.1.GCLookupEnable" = "Disabled"
 
+    # for 17G below configuration can be performed without schema configuration
     # at least any one from GlobalCatalog1,GlobalCatalog2,GlobalCatalog3 must be configured when Schema is Standard and GCLookupEnable is Disabled
     # "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost11.yulan.pie.lab.emc.com",
     # "ActiveDirectory.1.GlobalCatalog2" = "yulanadhost11.yulan.pie.lab.emc.com",
@@ -105,6 +118,7 @@ resource "redfish_directory_service_auth_provider" "ds_auth" {
   #					remote_group = "cn = idracgroup,cn = users,dc = yulan,dc = pie,dc = lab,dc = emc,dc = com"
   #				}        
   #			],
+  #   To Update LDAP service addresses for 17G please provide configuration in ldap_attributes
   #			service_addresses = [
   #				"yulanadhost12.yulan.pie.lab.emc.com"
   #			],
@@ -127,6 +141,8 @@ resource "redfish_directory_service_auth_provider" "ds_auth" {
   #	  "LDAP.1.BindDN" = "cn = adtester,cn = users,dc = yulan,dc = pie,dc = lab,dc = emc,dc = com",
   #	  "LDAP.1.BindPassword" = "",
   #	  "LDAP.1.SearchFilter" = "(objectclass = *)",
+  #   To Update LDAP service addresses for 17G please provide below configuration
+  #   "LDAP.1.Server": "yulanadhost12.yulan.pie.lab.emc.com",
   #	  
   #		  }
 

diff --git a/redfish/provider/resource_redfish_directory_service_auth_provider.go b/redfish/provider/resource_redfish_directory_service_auth_provider.go
@@ -271,6 +271,12 @@ func (*RedfishDirectoryServiceAuthProviderResource) updateRedfishDirectoryServic
 	activeServiceChanged := newActiveDirectoryChanged(ctx, plan, state)
 	ldapServiceChanged := newLDAPChanged(ctx, plan, state)
 
+	// make a call to get the device is 17G or below
+	isGenerationSeventeenAndAbove, err := isServerGenerationSeventeenAndAbove(service)
+	if err != nil {
+		diags.AddError("Error retrieving the server generation", err.Error())
+		return diags
+	}
 	// get the account service resource and ODATA_ID will be used to make a patch call
 	accountService, err := service.AccountService()
 	if err != nil {
@@ -281,11 +287,11 @@ func (*RedfishDirectoryServiceAuthProviderResource) updateRedfishDirectoryServic
 	accountServiceURI := accountService.ODataID
 
 	if activeServiceChanged {
-		if diags = updateActiveDirectory(ctx, accountServiceURI, service, plan); diags.HasError() {
+		if diags = updateActiveDirectory(ctx, accountServiceURI, service, plan, isGenerationSeventeenAndAbove); diags.HasError() {
 			return diags
 		}
 	} else if ldapServiceChanged {
-		if diags = updateLDAP(ctx, accountServiceURI, service, plan); diags.HasError() {
+		if diags = updateLDAP(ctx, accountServiceURI, service, plan, isGenerationSeventeenAndAbove); diags.HasError() {
 			return diags
 		}
 	}
@@ -304,17 +310,24 @@ func getAccountServiceDetails(service *gofish.Service) (*redfish.AccountService,
 // nolint: revive
 func (*RedfishDirectoryServiceAuthProviderResource) readRedfishDirectoryServiceAuthProvider(ctx context.Context, service *gofish.Service, state *models.DirectoryServiceAuthProviderResource) (diags diag.Diagnostics) {
 	// var diags diag.Diagnostics
+	// call function to check the generation of device
+	isGenerationSeventeenAndAbove, err := isServerGenerationSeventeenAndAbove(service)
+	if err != nil {
+		diags.AddError("Error retrieving the server generation", err.Error())
+		return diags
+	}
+
 	accountService, err := getAccountServiceDetails(service)
 	if err != nil {
 		diags.AddError("Error fetching Account Service", err.Error())
 		return diags
 	}
 
-	if diags = parseActiveDirectoryIntoState(ctx, accountService, service, state); diags.HasError() {
+	if diags = parseActiveDirectoryIntoState(ctx, accountService, service, state, isGenerationSeventeenAndAbove); diags.HasError() {
 		diags.AddError("ActiveDir state null", "ActiveDirectory state null")
 		return diags
 	}
-	if diags = parseLDAPIntoState(ctx, accountService, service, state); diags.HasError() {
+	if diags = parseLDAPIntoState(ctx, accountService, service, state, isGenerationSeventeenAndAbove); diags.HasError() {
 		diags.AddError("oldLDAPState state null", "oldLDAPState state null")
 		return diags
 	}
@@ -323,28 +336,28 @@ func (*RedfishDirectoryServiceAuthProviderResource) readRedfishDirectoryServiceA
 }
 
 // nolint: revive
-func updateActiveDirectory(ctx context.Context, serviceURI string, service *gofish.Service, plan *models.DirectoryServiceAuthProviderResource) (diags diag.Diagnostics) {
+func updateActiveDirectory(ctx context.Context, serviceURI string, service *gofish.Service, plan *models.DirectoryServiceAuthProviderResource, isSeventeenGen bool) (diags diag.Diagnostics) {
 	// var diags diag.Diagnostic
 
 	// Check for all valid scenario
 	if authTimeOutCheck, diags := isValidAuthTime(ActiveDirectory, ".AuthTimeout", plan); diags.HasError() || !authTimeOutCheck {
 		return diags
 	}
 
-	if ssoCheck, diags := isSSOEnabledWithValidFile(ctx, ActiveDirectory, "SSOEnable", plan); diags.HasError() || !ssoCheck {
+	if ssoCheck, diags := isSSOEnabledWithValidFile(ctx, ActiveDirectory, "SSOEnable", plan, isSeventeenGen); diags.HasError() || !ssoCheck {
 		return diags
 	}
 
-	dcLookupDomainCheck, diags := isValidDCLookupDomainConfig(ctx, ActiveDirectory, "DCLookupEnable", plan)
+	dcLookupDomainCheck, diags := isValidDCLookupDomainConfig(ctx, ActiveDirectory, "DCLookupEnable", plan, isSeventeenGen)
 	if diags.HasError() || !dcLookupDomainCheck {
 		return diags
 	}
-	if schemacheck, diags := isValidSchemaSelection(ctx, ActiveDirectory, "Schema", plan); diags.HasError() || !schemacheck {
+	if schemacheck, diags := isValidSchemaSelection(ctx, ActiveDirectory, "Schema", plan, isSeventeenGen); diags.HasError() || !schemacheck {
 		return diags
 	}
 
 	patchBody := make(map[string]interface{})
-	if patchBody[ActiveDirectory], diags = getActiveDirectoryPatchBody(ctx, plan); diags.HasError() {
+	if patchBody[ActiveDirectory], diags = getActiveDirectoryPatchBody(ctx, plan, isSeventeenGen); diags.HasError() {
 		return diags
 	}
 
@@ -390,9 +403,14 @@ func updateActiveDirectory(ctx context.Context, serviceURI string, service *gofi
 }
 
 // nolint: revive
-func updateLDAP(ctx context.Context, serviceURI string, service *gofish.Service, plan *models.DirectoryServiceAuthProviderResource) (diags diag.Diagnostics) {
+func updateLDAP(ctx context.Context, serviceURI string, service *gofish.Service, plan *models.DirectoryServiceAuthProviderResource, isSeventeenGen bool) (diags diag.Diagnostics) {
 	patchBody := make(map[string]interface{})
-	if patchBody["LDAP"], diags = getLDAPPatchBody(ctx, plan); diags.HasError() {
+
+	// check Server address is configured or not
+	if isValid, diags := isValidLDAPConfig(ctx, plan, isSeventeenGen); diags.HasError() || !isValid {
+		return diags
+	}
+	if patchBody["LDAP"], diags = getLDAPPatchBody(ctx, plan, isSeventeenGen); diags.HasError() {
 		return diags
 	}