diff --git a/.claude/hooks/serena-first.sh b/.claude/hooks/serena-first.sh index 7f329a3a..f7d180ad 100755 --- a/.claude/hooks/serena-first.sh +++ b/.claude/hooks/serena-first.sh @@ -11,13 +11,13 @@ tool=$(echo "$input" | jq -r '.tool_name // ""') if [[ "$tool" == "Bash" ]]; then cmd=$(echo "$input" | jq -r '.tool_input.command // ""') - # Match rg/grep/ag/ack invocations referencing .go or .tf (as arg, glob, or --type) - if [[ "$cmd" =~ (^|[^[:alnum:]_])(rg|grep|ag|ack)([[:space:]]|$) ]]; then + # Match raw read/search invocations referencing .go or .tf (as arg, glob, or --type) + if [[ "$cmd" =~ (^|[^[:alnum:]_])(rg|grep|ag|ack|cat|sed|head|tail|awk|less|view)([[:space:]]|$) ]]; then if [[ "$cmd" =~ \.(go|tf)([[:space:]\"\'\)]|$) ]] \ || [[ "$cmd" =~ --type[=[:space:]]+(go|terraform|tf|hcl) ]] \ || [[ "$cmd" =~ -t[[:space:]]+(go|terraform|tf|hcl) ]]; then cat >&2 <<'EOF' -[serena-first] WARNING: rg/grep on .go/.tf detected. Prefer Serena MCP: +[serena-first] WARNING: raw read/search on .go/.tf detected. Prefer Serena MCP: - mcp__serena__find_symbol - mcp__serena__get_symbols_overview - mcp__serena__search_for_pattern (with relative_path) @@ -60,7 +60,7 @@ Use Serena MCP instead: - File overview → mcp__serena__get_symbols_overview - Pattern in symbol → mcp__serena__search_for_pattern (with relative_path) Read remains allowed (required before Edit). -If you truly need a raw text search, use `rg` via Bash. +Raw text search is a last resort — prefer mcp__serena__search_for_pattern scoped to a relative_path. EOF exit 2 fi diff --git a/.planning/MILESTONES.md b/.planning/MILESTONES.md index 37000dc5..1b9ac102 100644 --- a/.planning/MILESTONES.md +++ b/.planning/MILESTONES.md @@ -1,5 +1,15 @@ # Milestones: Terraform Provider FlashBlade +## v2.23.1 flashblade_snmp_manager Resource & Data Source (Shipped: 2026-05-20) + +**Phases completed:** 1 phases, 1 plans, 13 tasks + +**Key accomplishments:** + +- flashblade_snmp_manager resource + data source (full CRUD on /api/2.23/snmp-managers) with atomic v2c/v3 nested blocks, sensitive write-once secrets (community + 2 passphrases), per-leaf drift detection across 6 leaves, and in-place v2c<->v3 switch support. + +--- + ## Completed Milestones ### v1.0 — Core Provider (completed 2026-03-28) @@ -261,6 +271,7 @@ **Last phase number:** 58 **Known gaps (tech debt):** + - `pulumi import` round-trip tests on composite-ID resources: validated statically but not tested live against array (deferred to post-alpha) - ProgramTest coverage limited to 6 examples; full 54-resource coverage deferred to post-alpha - TEST-02 examples delivered but live execution on array not run (deferred per VERIFICATION.md) @@ -289,6 +300,7 @@ **Last phase number:** 60 **Known gaps (tech debt):** + - HCL acceptance fixtures under `examples/acceptance/api-2-23/` not authored by GSD planner — acceptance was run from existing operator workflow - CI does not yet run acceptance against par5/pa7 — manual operator-driven sign-off - Pulumi SDK regen + private release for `pulumi-2.23.0` deferred to a dedicated milestone diff --git a/.planning/PROJECT.md b/.planning/PROJECT.md index 9a2a39a5..10a639f5 100644 --- a/.planning/PROJECT.md +++ b/.planning/PROJECT.md @@ -2,44 +2,29 @@ ## Current State -**Latest shipped:** v2.23.0 (FlashBlade API 2.23 Upgrade) — 2026-05-20 -**Active milestone:** None — awaiting next milestone planning +**Latest shipped:** v2.23.1 (`flashblade_snmp_manager` resource + data source) — 2026-05-20 +**Active milestone:** _(planning next — run `/gsd:new-milestone`)_ -**Shipped to date:** 16 milestones, 60 phases -**TF Provider:** v2.23.0 (55 resources + 43 data sources, 807 tests, [GitHub Release](https://github.com/numberly/terraform-provider-mica/releases/tag/v2.23.0)) +**Shipped to date:** 17 milestones, 61 phases +**TF Provider:** v2.23.1 (56 resources + 44 data sources, 816 tests on branch `implem-snmp-managers`, pending tag + merge to `main`) **Pulumi Bridge:** pulumi-2.22.3 alpha (private distribution via GitHub Releases, Python + Go SDKs) — bridge schema regen'd for API 2.23 but no new Pulumi release yet -Next steps: plan the next milestone via `/gsd:new-milestone` — typical candidates: -- `pulumi-2.23.0` (publish the regen'd bridge schema, generate Python + Go SDKs for API 2.23) -- API 2.24+ when swagger lands -- Hardening: integrate par5/pa7 acceptance into CI, author HCL fixtures under `examples/acceptance/` -- Other feature additions - -## Last Completed Milestone: v2.23.0 — FlashBlade API 2.23 Upgrade (shipped 2026-05-20) - -**Goal:** Aligner le provider sur l'API FlashBlade 2.23, ajouter le support des Workloads et Resiliency Groups, puis livrer la release (validation, docs, tag, merge). - -**Target features (déjà implémentés sur `test/api-upgrade-2.23`):** -- API version bump 2.22 → 2.23 (provider, client, mock, examples, references) -- `flashblade_workload` resource + data source -- `flashblade_resiliency_group` data source (DS-only) -- `flashblade_resiliency_group_member` data source (DS-only) -- Schéma v1 (workload field) sur 6 ressources : file_system, file_system_export, nfs_export_policy, smb_client_policy, smb_share_policy, qos_policy -- qos_policy : computed `context` field -- Pulumi bridge regen (schema.json, bridge-metadata.json, schema-embed.json) -- api-diff / api-upgrade skills enhancements (per-field variants, codebase scan, BLOCKING method detection) - -**Target features (à livrer dans la finalisation):** -- Validation `make test` + `make lint` + `make docs` clean sur la branche -- Acceptance tests live FlashBlade (par5, pa7) sur les nouvelles ressources et les schémas migrés -- CHANGELOG + release notes v2.23.0 -- ROADMAP.md fix-up (coverage counters, version footer) -- Tag `v2.23.0` + merge `test/api-upgrade-2.23` → `main` - -**Key context:** -- Travail rétro : ~167 fichiers / ~7000 insertions déjà sur la branche, piloté par les skills `api-diff` et `api-upgrade` -- 2 phases prévues : Phase 59 (consolidation rétro + validation), Phase 60 (release & merge) -- TEST_BASELINE actuel (GNUmakefile) : 807 — à mettre à jour quand v2.23.0 ship +## Last Completed Milestone: v2.23.1 — `flashblade_snmp_manager` (shipped 2026-05-20) + +**Delivered:** +- `flashblade_snmp_manager` resource + data source with full CRUD on `/api/2.23/snmp-managers` +- Atomic `v2c` and `v3` `SingleNestedAttribute` blocks with enum validators (`notification`, `version`, `auth_protocol`, `privacy_protocol`); in-place v2c↔v3 switch supported +- Write-once sensitive secrets (`community`, `auth_passphrase`, `privacy_passphrase`): `Sensitive: true`, never logged, nulled on Import, mock handler strips them on response +- Per-leaf drift detection on 6 non-sensitive leaves; 3 explicit skip markers on sensitive fields +- 9 new `TestUnit_` tests (5 client + 3 resource + 1 DS); total 816 (baseline 807, unchanged) +- All 13 SNMP-01..SNMP-13 requirements satisfied; verification `passed` (9/9 must-haves) + +**Phases:** 61 (1 phase, 1 monolithic plan, 13 tasks) +**Last phase number:** 61 +**Branch:** `implem-snmp-managers` (pending squash-merge to `main` + tag `v2.23.1`) +**Archives:** [milestones/v2.23.1-ROADMAP.md](milestones/v2.23.1-ROADMAP.md) · [milestones/v2.23.1-REQUIREMENTS.md](milestones/v2.23.1-REQUIREMENTS.md) + +**Previous milestones:** v2.23.0 (FlashBlade API 2.23 Upgrade, [archive](milestones/v2.23.0-ROADMAP.md)) · pulumi-2.22.3 (Pulumi Bridge Alpha, [archive](milestones/pulumi-2.22.3-ROADMAP.md)) ## What This Is @@ -49,22 +34,6 @@ A Terraform provider for Pure Storage FlashBlade that enables operational teams Operational teams can reliably create, update, delete, and reconcile drift on FlashBlade storage resources (buckets, file systems, policies) through Terraform with zero surprises — every plan reflects reality, every apply converges. -## Last Completed Milestone: pulumi-2.22.3 — Pulumi Bridge Alpha (shipped 2026-04-24) - -**Goal:** Expose the FlashBlade Terraform provider to Pulumi users (Python + Go) via the official `pulumi/pulumi-terraform-bridge` (`pkg/pf/*` for terraform-plugin-framework), in a new `./pulumi/` sub-directory with its own `go.mod`, distributed privately through GitHub releases. - -**Target features:** -- Pulumi bridge scaffold in `./pulumi/` (tfgen + runtime binaries, ProviderInfo, embedded schema) -- Mapping of all 28 resources + 21 data sources (auto-tokenization + targeted overrides for composite IDs, secrets, timeouts) -- Python and Go SDK generation (embedded `schema.json` + `bridge-metadata.json`) -- ProgramTest coverage on 3 representative resources (target, remote_credentials, bucket) -- Private release pipeline: GitHub Actions build + goreleaser + cosign, tag `pulumi-2.22.3` -- Auto-converted HCL examples (`PULUMI_CONVERT=1`) + 2 hand-written examples (bucket-py, bucket-go) - -**Key context:** Research already consolidated in `pulumi-bridge.md` (12 sections, 8 pitfalls, 6-step POC plan). Bridges the existing v2.22.3 provider (28 resources, 21 DS, 779 tests) without rewriting anything. - -**Last shipped:** v2.22.3 — Convention Compliance (2026-04-20, 779 tests, 0 lint issues, 12/12 requirements satisfied) — [archive](milestones/v2.22.3-ROADMAP.md) - ## Requirements ### Validated @@ -88,10 +57,12 @@ Operational teams can reliably create, update, delete, and reconcile drift on Fl - ✓ 814 unit tests, role_name/policy_name composite ID (role FIRST per policy-contains-colon constraint) — v2.22.2 - ✓ Directory Service Role POST `?names=` bug fix + schema v1 (`name` Required + RequiresReplace) + upgrader — Phase 50.1 - ✓ 818 unit tests, end-to-end validated against real FlashBlades (par5, pa7) — Phase 50.1 +- ✓ FlashBlade API 2.23 upgrade — workload + resiliency-group + 6 schema v1 migrations — v2.23.0 +- ✓ `flashblade_snmp_manager` resource + data source (v2c/v3 nested blocks, write-once secrets, per-leaf drift, 9 new tests) — v2.23.1 (SNMP-01..SNMP-13) ### Active -_No active milestone — start the next one via `/gsd:new-milestone`._ +_(planning next milestone — run `/gsd:new-milestone`)_ ### Known Follow-up Defects @@ -153,4 +124,4 @@ This document evolves at phase transitions and milestone boundaries. 4. Update Context with current state --- -*Last updated: 2026-05-20 — milestone v2.23.0 shipped (tag `v2.23.0`, squash `3fd485d`, GitHub Release published). Archived to `.planning/milestones/v2.23.0-*`.* +*Last updated: 2026-05-20 — after v2.23.1 milestone (`flashblade_snmp_manager` resource + data source archived; ready for next milestone).* diff --git a/.planning/ROADMAP.md b/.planning/ROADMAP.md deleted file mode 100644 index e772e821..00000000 --- a/.planning/ROADMAP.md +++ /dev/null @@ -1,42 +0,0 @@ -# Roadmap: Terraform Provider FlashBlade - -## Milestones - -- ✅ **v1.0** — Core Provider (shipped 2026-03-28) -- ✅ **v1.1** — Servers & Exports (shipped 2026-03-28) -- ✅ **v1.2** — Code Quality & Robustness (shipped 2026-03-29) -- ✅ **v1.3** — Release Readiness (shipped 2026-03-29) -- ✅ **v2.0** — Cross-Array Bucket Replication (shipped 2026-03-29) -- ✅ **v2.0.1** — Quality & Hardening (shipped 2026-03-30) -- ✅ **v2.1** — Bucket Advanced Features (shipped 2026-03-30) -- ✅ **v2.1.1** — Network Interfaces (VIPs) (shipped 2026-03-31) -- ✅ **v2.1.3** — Code Review Fixes & S3 Users (shipped 2026-04-02) -- ✅ **v2.2** — S3 Target Replication & Security (shipped 2026-04-14) -- ✅ **tools-v1.0** — API Tooling Pipeline (shipped 2026-04-14) -- ✅ **v2.22.1** — Directory Service Array Management (shipped 2026-04-17) -- ✅ **v2.22.2** — DS Roles & Role Mappings (shipped 2026-04-17) -- ✅ **v2.22.3** — Convention Compliance (shipped 2026-04-20) -- ✅ **pulumi-2.22.3** — Pulumi Bridge Alpha (shipped 2026-04-24) -- ✅ **v2.23.0** — FlashBlade API 2.23 Upgrade (shipped 2026-05-20) - -See `.planning/MILESTONES.md` for milestone details and `.planning/milestones/` for per-milestone roadmap + requirements archives. - ---- - -## Current State - -No active milestone. Run `/gsd:new-milestone` to start the next one. - -
-Archived: v2.23.0 — FlashBlade API 2.23 Upgrade (shipped 2026-05-20) - -Full archive: [`milestones/v2.23.0-ROADMAP.md`](milestones/v2.23.0-ROADMAP.md) · [`milestones/v2.23.0-REQUIREMENTS.md`](milestones/v2.23.0-REQUIREMENTS.md) - -2 phases (59 + 60), 10 plans, 33/33 requirements satisfied. Squash commit `3fd485d`, tag `v2.23.0`, [GitHub Release](https://github.com/numberly/terraform-provider-mica/releases/tag/v2.23.0). - -
- - ---- - -*Last updated: 2026-05-20 — milestone v2.23.0 archived. Run `/gsd:new-milestone` to start the next one.* diff --git a/.planning/STATE.md b/.planning/STATE.md index b5f48545..3dd512d1 100644 --- a/.planning/STATE.md +++ b/.planning/STATE.md @@ -1,15 +1,15 @@ --- gsd_state_version: 1.0 -milestone: v2.23.0 -milestone_name: FlashBlade API 2.23 Upgrade -status: shipped -last_updated: "2026-05-20T09:30:00.000Z" +milestone: v2.23.1 +milestone_name: "**Goal:** Ship `flashblade_snmp_manager` resource + data source" +status: verifying +last_updated: "2026-05-20T13:24:59.298Z" last_activity: 2026-05-20 progress: - total_phases: 2 - completed_phases: 2 - total_plans: 10 - completed_plans: 10 + total_phases: 1 + completed_phases: 1 + total_plans: 1 + completed_plans: 1 percent: 100 --- @@ -20,53 +20,62 @@ progress: See: .planning/PROJECT.md (updated 2026-05-20) **Core value:** Operational teams can reliably create, update, delete, and reconcile drift on FlashBlade storage resources through Terraform with zero surprises. -**Current focus:** No active milestone — `/gsd:new-milestone` for next cycle +**Current focus:** Phase 61 — flashblade-snmp-manager ## Current Position -Milestone: v2.23.0 (FlashBlade API 2.23 Upgrade) — **SHIPPED 2026-05-20** -Status: Archived — no active milestone -Last activity: 2026-05-20 — milestone archived +Milestone: v2.23.1 (`flashblade_snmp_manager`) — **EXECUTION COMPLETE, AWAITING VERIFICATION** +Phase: 61 +Plan: Not started +Status: Phase complete — ready for verification +Last activity: 2026-05-20 -Progress: [██████████] 100% (2/2 phases, 10/10 plans) +Progress: [██████████] 100% (1/1 phases, 1/1 plans) ## Recent Milestones +- 🚧 **v2.23.1** — `flashblade_snmp_manager` (in planning, started 2026-05-20) - ✅ **v2.23.0** — FlashBlade API 2.23 Upgrade (shipped 2026-05-20, 807 tests, 33/33 requirements, [release](https://github.com/numberly/terraform-provider-mica/releases/tag/v2.23.0), [archive](milestones/v2.23.0-ROADMAP.md)) - ✅ **pulumi-2.22.3** — Pulumi Bridge Alpha (shipped 2026-04-24, 836 TF tests + 23 bridge tests, [archive](milestones/pulumi-2.22.3-ROADMAP.md)) - ✅ **v2.22.3** — Convention Compliance (shipped 2026-04-20, 779 tests, 12/12 requirements, [archive](milestones/v2.22.3-ROADMAP.md)) - ✅ **v2.22.2** — Directory Service Roles & Role Mappings (shipped 2026-04-17, 818 tests, [archive](milestones/v2.22.2-ROADMAP.md)) -- ✅ **v2.22.1** — Directory Service – Array Management (shipped 2026-04-17, 798 tests, [archive](milestones/v2.22.1-ROADMAP.md)) ## Performance Metrics -- **Provider tests:** 836 (baseline at last shipped milestone pulumi-2.22.3) -- **TEST_BASELINE (GNUmakefile):** 807 — to refresh once API 2.23 work lands on main (RELEASE-06) -- **Lint:** 0 issues at last release -- **Resources / Data sources:** 54 / 40 pre-API-2.23. Expected delta on merge: +1 resource (workload), +3 data sources (workload, resiliency_group, resiliency_group_member) +- **Provider tests:** 816 (post-Phase-61, baseline 807 + 9 new for `flashblade_snmp_manager`) +- **TEST_BASELINE (GNUmakefile):** 807 — NOT bumped (reserved for release milestones, will move to 816 at v2.23.1 ship) +- **Lint:** 0 issues +- **Resources / Data sources:** 56 / 44 (post-Phase-61, +1 resource +1 data source `flashblade_snmp_manager`) +- **Phase 61 plan 01 execution:** 13 tasks, 11 atomic commits on `implem-snmp-managers`, ~15 min ## Accumulated Context -### Key Decisions (v2.23.0) +### Key Decisions (v2.23.1) -- Retro milestone: 19/33 requirements already implemented on branch `test/api-upgrade-2.23`. They are mapped to Phase 59 for traceability only, not re-execution. -- 14 requirements are active work: VALID-01..06 (Phase 59), RELEASE-01..07 (Phase 60). -- Tight 2-phase split (coarse granularity): consolidation+validation, then release. -- Acceptance validation on par5 + pa7 is mandatory before merge (VALID-04). -- Pulumi SDK regen / publish (`pulumi-2.23.0`) is OUT of scope — separate milestone. +- Resource scope = pure CRUD on `/snmp-managers`. The connectivity test endpoint `GET /snmp-managers/test` is OUT of scope (resource-action pattern, future milestone alongside `/dns/test`, `/smtp/test`, etc.). +- Branch from clean `main`: `implem-snmp-managers`. +- Domain placement: `internal/client/models_admin.go` (with `SmtpServer`, `SyslogServer`, `AlertWatcher`). Confirmed via `mcp__serena__get_symbols_overview`. +- Pre-check (Serena `find_symbol` on `SnmpManager` / `Snmp*` / `snmp_manager`): no existing code, greenfield implementation. +- Sensitive write-once fields: `v2c.community`, `v3.auth_passphrase`, `v3.privacy_passphrase` — never returned by API GET → keep state value, never overwrite in Read; null in ImportState. +- Validators choose the **stricter POST-time constraints** from `_snmp_v3_post` (privacy_passphrase 8-63, auth_passphrase ≤ 32) for safer UX. +- No cross-field validator on `version` vs. `v2c`/`v3` — let API validate (alignment with provider conventions). +- `TEST_BASELINE` (GNUmakefile) must NOT be bumped in v2.23.1 — reserved for release milestones. -### Key Decisions (pulumi-2.22.3, kept for context) +### Key Decisions (carried from v2.23.0, for context) -- Module path: `github.com/numberly/opentofu-provider-flashblade`. Bridge modules under `./pulumi/provider/` and `./pulumi/sdk/go/` with `replace ../../`. -- Bridge: `pulumi-terraform-bridge/v3 v3.127.0`, `pulumi/sdk/v3 v3.231.0`, `pulumi/pkg/v3 v3.231.0`. -- Schema commit policy: `schema.json` + `bridge-metadata.json` committed; CI gate via `git diff --exit-code` after `make tfgen` — directly relevant to VALID-05. -- Composite IDs use `/` separator with string keys. -- Tokens via SingleModule (`flashblade:index/*`). +- Pulumi SDK regen / publish is owned by a separate `pulumi-2.23.x` milestone (out of scope here too). + +### Key Decisions (Phase 61 execution) + +- **Mock handler wiring follows codebase pattern** (per-test registration via `ms.Mux`), not plan literal text (`server.go`). The existing codebase never wires resource handlers in `NewMockServer`. Deviation documented in SUMMARY.md. +- **Drift logs inlined to satisfy "exactly 6" contract** (not routed through a helper) for grep-ability and explicit per-leaf branching. +- **Strict POST-time validators applied at provider schema level for both Create AND Update** (auth_passphrase ≤ 32, privacy_passphrase 8..63) — predictable validation before PATCH. ### Open Todos -- Plan Phase 59 via `/gsd:plan-phase 59`. -- At Phase 60 release time: bump `TEST_BASELINE` in `GNUmakefile` (RELEASE-06). +- Run `/gsd:verify-phase 61` to validate the execution. +- After verification: tag `v2.23.1`, push branch `implem-snmp-managers`, open PR to `main`. +- At v2.23.1 release: bump `TEST_BASELINE` in `GNUmakefile` from 807 to 816. ### Open Blockers @@ -74,9 +83,11 @@ _(none)_ ## Next Steps -Run `/gsd:plan-phase 59` to decompose Phase 59 into executable plans (consolidation + validation work covering VALID-01..06, plus retro traceability for the 19 already-shipped API/WORKLOAD/RESILIENCY/SCHEMA/BRIDGE requirements). +Run `/gsd:verify-phase 61` to validate the execution. On pass: tag v2.23.1, open PR `implem-snmp-managers` → `main`. ## Session Log -- 2026-05-20 — Milestone v2.23.0 created (retro + finalisation for API 2.23 upgrade on branch `test/api-upgrade-2.23`). -- 2026-05-20 — Roadmap created: Phase 59 (API 2.23 Consolidation & Validation), Phase 60 (v2.23.0 Release). 33/33 requirements mapped. +- 2026-05-20 — Milestone v2.23.1 created (`flashblade_snmp_manager` CRUD, branch `implem-snmp-managers`). Pre-check Serena: no collision. API schemas validated via `swagger-to-reference` + raw `swagger-2.23.json`. +- 2026-05-20 — Roadmap created: Phase 61 (Implement `flashblade_snmp_manager` Resource & Data Source). 13/13 requirements mapped. +- 2026-05-20 — Phase 61 context gathered. 20 decisions locked (D-01..D-20) in `phases/61-flashblade-snmp-manager/61-CONTEXT.md`. Next: `/gsd:plan-phase 61`. +- 2026-05-20 — **Phase 61 plan 01 executed.** 13 tasks, 11 atomic commits on `implem-snmp-managers` (a241ec1 → 24098d1). 816 tests (807 + 9), lint clean, docs idempotent, ROADMAP row moved to Implemented. SUMMARY at `.planning/phases/61-flashblade-snmp-manager/61-01-implement-snmp-manager-SUMMARY.md`. diff --git a/.planning/milestones/v2.23.1-REQUIREMENTS.md b/.planning/milestones/v2.23.1-REQUIREMENTS.md new file mode 100644 index 00000000..06b437d4 --- /dev/null +++ b/.planning/milestones/v2.23.1-REQUIREMENTS.md @@ -0,0 +1,89 @@ +# Requirements Archive: v2.23.1 flashblade_snmp_manager Resource & Data Source + +**Archived:** 2026-05-20 +**Status:** SHIPPED + +For current requirements, see `.planning/REQUIREMENTS.md`. + +--- + +# Milestone v2.23.1 Requirements — `flashblade_snmp_manager` + +**Status:** 🚧 Active (planning) +**Started:** 2026-05-20 +**Branch:** `implem-snmp-managers` +**API source:** `api_references/2.23.md` + `swagger-2.23.json` (`SnmpManager`, `SnmpManagerPost`, `_snmp_v2c`, `_snmp_v3`, `_snmp_v3_post`) + +## Scope + +Implement Terraform resource `flashblade_snmp_manager` (full CRUD) and matching data source against `/api/2.23/snmp-managers`, following the *New Resource* 16-item checklist in `CONVENTIONS.md` with **zero deviation**, driven by the `flashblade-resource-builder` skill. + +## Out of Scope + +- `GET /snmp-managers/test` — connectivity test (resource-action pattern, deferred to a dedicated milestone covering all `/{resource}/test` endpoints). +- Pulumi bridge regen / SDK publish — owned by a separate `pulumi-2.23.x` milestone. +- Bumping `TEST_BASELINE` in `GNUmakefile` — reserved for release milestones. + +## Active Requirements + +### Resource & Data Source + +- [x] **SNMP-01** — Resource `flashblade_snmp_manager` implements full CRUD (Create / Read / Update / Delete) against `/api/2.23/snmp-managers` via the `flashblade-resource-builder` skill. +- [x] **SNMP-02** — Resource supports both SNMP protocol versions (`v2c`, `v3`) through nested config blocks, with enum validators on `notification` (`inform`|`trap`), `version` (`v2c`|`v3`), `v3.auth_protocol` (`MD5`|`SHA`), `v3.privacy_protocol` (`AES`|`DES`). +- [x] **SNMP-04** — Data source `flashblade_snmp_manager` (2 interfaces only: `DataSource`, `DataSourceWithConfigure`); `name` Required, all others Computed; not-found → `AddError`. + +### Security & State + +- [x] **SNMP-03** — Sensitive fields `v2c.community`, `v3.auth_passphrase`, `v3.privacy_passphrase` are marked `Sensitive: true`, treated **write-once** (API never returns them on GET → Read must not overwrite state), and null in ImportState. +- [x] **SNMP-05** — ImportState by `name` (`?names=`-based; never by UUID), uses `nullTimeoutsValue()`, sets all sensitive/write-once fields to null. +- [x] **SNMP-06** — Drift detection via `tflog.Debug(ctx, "drift detected", {"resource", "field", "was", "now"})` on every mutable/computed field (`host`, `notification`, `version`, `v2c.community`-presence, `v3.user`, `v3.auth_protocol`, `v3.privacy_protocol`). + +### Test Infrastructure + +- [x] **SNMP-07** — Mock handler `internal/testmock/handlers/snmp_managers.go` with `snmpManagerStore` (mutex + byName + nextID), `RegisterSnmpManagerHandlers(mux)` returning `*snmpManagerStore` for `Seed()`, and GET-with-no-match returning HTTP 200 + empty list (NOT 404). Uses shared helpers (`ValidateQueryParams`, `RequireQueryParam`, `WriteJSONListResponse`, `WriteJSONError`). +- [x] **SNMP-08** — At least **9 new** unit tests prefixed `TestUnit_`: + - 5 client tests (`TestUnit_SnmpManager_Get_Found`, `_Get_NotFound`, `_Post`, `_Patch`, `_Delete`) + - 3 resource tests (`TestUnit_SnmpManagerResource_Lifecycle`, `_Import`, `_DriftDetection`) + - 1 data source test (`TestUnit_SnmpManagerDataSource_Basic`) + +### Wiring & Documentation + +- [x] **SNMP-09** — Resource and data source registered in `internal/provider/provider.go` (`NewSnmpManagerResource` in `Resources()`, `NewSnmpManagerDataSource` in `DataSources()`). +- [x] **SNMP-10** — Documentation regenerated via `make docs`; HCL examples present at `examples/resources/flashblade_snmp_manager/{resource.tf,import.sh}` and `examples/data-sources/flashblade_snmp_manager/data-source.tf`; `import.sh` uses `name` (not UUID). +- [x] **SNMP-11** — Repo-level `ROADMAP.md` row for `SNMP Managers` moved from *Medium Priority — Not Implemented* to *Array Administration / Implemented* (status `Done`, notes mention `v2.23.1; full CRUD; sensitive write-once community/passphrases`), counters + footer date/version refreshed, all in the **same commit** as the implementation. + +### Quality Gates + +- [x] **SNMP-12** — `make build && make test && make lint && make docs` all clean; total test count ≥ `TEST_BASELINE + 9` (≥ 816). +- [x] **SNMP-13** — Out-of-scope endpoints (`/snmp-managers/test`) documented in PROJECT.md as explicit deferral; no provider code references them in v2.23.1. + +## Traceability + +| Req ID | Description (short) | Phase | Status | +| --------- | -------------------------------------------------------------- | ----- | ---------- | +| SNMP-01 | Resource + full CRUD via skill | 61 | 🚧 planned | +| SNMP-02 | v2c/v3 support + enum validators | 61 | 🚧 planned | +| SNMP-03 | Sensitive write-once (community, passphrases) | 61 | 🚧 planned | +| SNMP-04 | Data source (lookup by name) | 61 | 🚧 planned | +| SNMP-05 | ImportState by name | 61 | 🚧 planned | +| SNMP-06 | Drift detection on all mutable/computed fields | 61 | 🚧 planned | +| SNMP-07 | Mock handler (Seed, empty-list GET=200, shared helpers) | 61 | 🚧 planned | +| SNMP-08 | ≥ 9 new TestUnit_ tests (5 client + 3 resource + 1 DS) | 61 | 🚧 planned | +| SNMP-09 | Registration in provider.go | 61 | 🚧 planned | +| SNMP-10 | HCL examples + `make docs` regen | 61 | 🚧 planned | +| SNMP-11 | Repo-level ROADMAP.md row moved to Done (same commit as impl.) | 61 | 🚧 planned | +| SNMP-12 | `make build && test && lint && docs` clean; count ≥ 816 | 61 | 🚧 planned | +| SNMP-13 | `/snmp-managers/test` explicitly OOS | 61 | 🚧 planned | + +**Totals:** 13 active · 0 satisfied · 0 deferred. + +## Notes + +- Requirement IDs use a single prefix `SNMP-` for resource scope plus quality gates (no separate `QA-`/`DOC-` split — milestone is small and cohesive). +- Validators choose the **stricter** `_snmp_v3_post` constraints (privacy_passphrase 8-63, auth_passphrase ≤ 32, community ≤ 32) for safer UX on both POST and PATCH paths. +- No cross-field validator between `version` and the presence of `v2c`/`v3` blocks — defer to server-side validation to stay aligned with `CONVENTIONS.md` ("let the server validate"). +- Domain placement in `internal/client/models_admin.go` (alongside `SmtpServer`, `SyslogServer`, `AlertWatcher`) confirmed via `mcp__serena__get_symbols_overview`. + +--- + +_Updated 2026-05-20 on milestone v2.23.1 start._ diff --git a/.planning/milestones/v2.23.1-ROADMAP.md b/.planning/milestones/v2.23.1-ROADMAP.md new file mode 100644 index 00000000..d2f55cef --- /dev/null +++ b/.planning/milestones/v2.23.1-ROADMAP.md @@ -0,0 +1,74 @@ +# Roadmap: Terraform Provider FlashBlade + +## Milestones + +- ✅ **v1.0** — Core Provider (shipped 2026-03-28) +- ✅ **v1.1** — Servers & Exports (shipped 2026-03-28) +- ✅ **v1.2** — Code Quality & Robustness (shipped 2026-03-29) +- ✅ **v1.3** — Release Readiness (shipped 2026-03-29) +- ✅ **v2.0** — Cross-Array Bucket Replication (shipped 2026-03-29) +- ✅ **v2.0.1** — Quality & Hardening (shipped 2026-03-30) +- ✅ **v2.1** — Bucket Advanced Features (shipped 2026-03-30) +- ✅ **v2.1.1** — Network Interfaces (VIPs) (shipped 2026-03-31) +- ✅ **v2.1.3** — Code Review Fixes & S3 Users (shipped 2026-04-02) +- ✅ **v2.2** — S3 Target Replication & Security (shipped 2026-04-14) +- ✅ **tools-v1.0** — API Tooling Pipeline (shipped 2026-04-14) +- ✅ **v2.22.1** — Directory Service Array Management (shipped 2026-04-17) +- ✅ **v2.22.2** — DS Roles & Role Mappings (shipped 2026-04-17) +- ✅ **v2.22.3** — Convention Compliance (shipped 2026-04-20) +- ✅ **pulumi-2.22.3** — Pulumi Bridge Alpha (shipped 2026-04-24) +- ✅ **v2.23.0** — FlashBlade API 2.23 Upgrade (shipped 2026-05-20) +- 🚧 **v2.23.1** — `flashblade_snmp_manager` resource & data source (in planning, started 2026-05-20) + +See `.planning/MILESTONES.md` for milestone details and `.planning/milestones/` for per-milestone roadmap + requirements archives. + +--- + +## Current State — v2.23.1 + +**Goal:** Ship `flashblade_snmp_manager` resource + data source (full CRUD on `/api/2.23/snmp-managers`) driven by the `flashblade-resource-builder` skill with zero deviation from `CONVENTIONS.md`. + +**Branch:** `implem-snmp-managers` (from clean `main`) +**Requirements:** see `.planning/REQUIREMENTS.md` (SNMP-01..13, 13 active) + +### Phase Map + +| # | Phase | Goal | Requirements | Success Criteria | +|----|-------|------|--------------|------------------| +| 61 | `flashblade_snmp_manager` Resource & Data Source | 1/1 | Complete | 2026-05-20 | + +### Phase 61: `flashblade_snmp_manager` Resource & Data Source + +**Goal:** Implement Terraform resource `flashblade_snmp_manager` and matching data source against `/api/2.23/snmp-managers`, including 3 model structs (Get/Post/Patch + nested `v2c`/`v3`), client CRUD via `getOneByName[T]`, mock handler with empty-list GET=200, ≥9 new `TestUnit_` tests, HCL examples, regenerated docs, and the repo-level `ROADMAP.md` row move — all in the strict order of the *New Resource* checklist in `CONVENTIONS.md`. + +**Requirements covered:** SNMP-01, SNMP-02, SNMP-03, SNMP-04, SNMP-05, SNMP-06, SNMP-07, SNMP-08, SNMP-09, SNMP-10, SNMP-11, SNMP-12, SNMP-13 (13 total). + +**Plans:** 1 plan + +Plans: +- [x] 61-01-implement-snmp-manager-PLAN.md — Monolithic plan covering the 16-item *New Resource* checklist: models → client → mock → tests → resource → DS → registration → examples → docs → ROADMAP.md → quality gates (build/lint/test ≥ 816). Branch `implem-snmp-managers`, one atomic commit (`--no-verify`, no `Co-Authored-By`). + +**Success criteria:** +1. Provider compiles (`make build`), all linters pass (`make lint`), full test suite passes (`make test`) with total count ≥ `TEST_BASELINE + 9` (≥ 816). +2. `make docs` regenerates `docs/resources/snmp_manager.md` and `docs/data-sources/snmp_manager.md` with no manual edits and no diff on re-run. +3. Local Terraform plan/apply against the mock array (via `internal/testmock`) succeeds for the Create / Read / Update / Delete / Import path. +4. Repo-level `ROADMAP.md` row `SNMP Managers` moved from *Medium Priority — Not Implemented* to *Array Administration / Implemented* (status `Done`, version `v2.23.1`), counters and footer date refreshed, change present in the same commit as the implementation. +5. Sensitive fields (`v2c.community`, `v3.auth_passphrase`, `v3.privacy_passphrase`) confirmed never logged (review `tflog.*` calls) and never overwritten in `Read()` from a missing API field (write-once verified by `_Import` and `_DriftDetection` tests). + +**Out of scope (carried from milestone scope):** +- `GET /snmp-managers/test` endpoint (deferred to future `/{resource}/test` resource-action milestone). +- Pulumi bridge regen. +- `TEST_BASELINE` bump in `GNUmakefile` (release-only). + +
+Archived: v2.23.0 — FlashBlade API 2.23 Upgrade (shipped 2026-05-20) + +Full archive: [`milestones/v2.23.0-ROADMAP.md`](milestones/v2.23.0-ROADMAP.md) · [`milestones/v2.23.0-REQUIREMENTS.md`](milestones/v2.23.0-REQUIREMENTS.md) + +2 phases (59 + 60), 10 plans, 33/33 requirements satisfied. Squash commit `3fd485d`, tag `v2.23.0`, [GitHub Release](https://github.com/numberly/terraform-provider-mica/releases/tag/v2.23.0). + +
+ +--- + +*Last updated: 2026-05-20 — Phase 61 planned (1 monolithic plan `61-01-implement-snmp-manager-PLAN.md`, 13 tasks T01..T13).* diff --git a/.planning/phases/61-flashblade-snmp-manager/61-01-implement-snmp-manager-PLAN.md b/.planning/phases/61-flashblade-snmp-manager/61-01-implement-snmp-manager-PLAN.md new file mode 100644 index 00000000..f259188c --- /dev/null +++ b/.planning/phases/61-flashblade-snmp-manager/61-01-implement-snmp-manager-PLAN.md @@ -0,0 +1,1253 @@ +--- +phase: 61-flashblade-snmp-manager +plan: 01 +slug: implement-snmp-manager +type: execute +wave: 1 +depends_on: [] +autonomous: true +requirements: + - SNMP-01 + - SNMP-02 + - SNMP-03 + - SNMP-04 + - SNMP-05 + - SNMP-06 + - SNMP-07 + - SNMP-08 + - SNMP-09 + - SNMP-10 + - SNMP-11 + - SNMP-12 + - SNMP-13 +files_modified: + - internal/client/models_admin.go + - internal/client/snmp_managers.go + - internal/client/snmp_managers_test.go + - internal/testmock/handlers/snmp_managers.go + - internal/testmock/server.go + - internal/provider/snmp_manager_resource.go + - internal/provider/snmp_manager_resource_test.go + - internal/provider/snmp_manager_data_source.go + - internal/provider/snmp_manager_data_source_test.go + - internal/provider/provider.go + - examples/resources/flashblade_snmp_manager/resource.tf + - examples/resources/flashblade_snmp_manager/import.sh + - examples/data-sources/flashblade_snmp_manager/data-source.tf + - docs/resources/snmp_manager.md + - docs/data-sources/snmp_manager.md + - ROADMAP.md +must_haves: + truths: + - "Operator can `terraform apply` a `flashblade_snmp_manager` v3 config and it is created on the array." + - "Operator can `terraform apply` a `flashblade_snmp_manager` v2c config and it is created on the array." + - "Operator can mutate `host`, `notification`, `v3.user`, `v3.auth_protocol`, `v3.privacy_protocol` via `terraform apply` and the PATCH body carries only the changed fields." + - "Operator can `terraform destroy` and the resource disappears from the array." + - "Operator can `terraform import flashblade_snmp_manager. ` and the next plan is clean except for the three sensitive fields, which are null." + - "Operator can `terraform plan` against unchanged state and see no diff (sensitive fields stay in state, never re-fetched)." + - "Operator can read a single manager via `data \"flashblade_snmp_manager\"` by name; not-found surfaces a clear error." + - "Drift on any of 6 leaves (`host`, `notification`, `version`, `v3.user`, `v3.auth_protocol`, `v3.privacy_protocol`) is logged via `tflog.Debug` with key `\"drift detected\"`; sensitive fields are NEVER logged." + - "`make build && make test && make lint && make docs` are all clean; total test count >= 816." + artifacts: + - path: "internal/client/models_admin.go" + provides: "SnmpManager, SnmpV2c, SnmpV3, SnmpV3Post, SnmpManagerPost, SnmpManagerPatch structs" + contains: "type SnmpManager struct" + - path: "internal/client/snmp_managers.go" + provides: "Get/List/Post/Patch/Delete CRUD via getOneByName[SnmpManager]" + exports: ["GetSnmpManager", "ListSnmpManagers", "PostSnmpManager", "PatchSnmpManager", "DeleteSnmpManager"] + - path: "internal/client/snmp_managers_test.go" + provides: "5 TestUnit_SnmpManager_* client tests" + contains: "TestUnit_SnmpManager_Get_Found" + - path: "internal/testmock/handlers/snmp_managers.go" + provides: "snmpManagerStore + RegisterSnmpManagerHandlers; GET no-match => 200 + empty list" + exports: ["RegisterSnmpManagerHandlers"] + - path: "internal/provider/snmp_manager_resource.go" + provides: "Resource with 4 interfaces (Resource, WithConfigure, WithImportState, WithUpgradeState), v2c/v3 SingleNestedAttribute, 6 per-leaf drift logs, sensitive write-once Read mapping" + exports: ["NewSnmpManagerResource"] + - path: "internal/provider/snmp_manager_resource_test.go" + provides: "3 TestUnit_SnmpManagerResource_* tests (Lifecycle, Import, DriftDetection)" + contains: "TestUnit_SnmpManagerResource_Lifecycle" + - path: "internal/provider/snmp_manager_data_source.go" + provides: "Data source with DataSource + DataSourceWithConfigure" + exports: ["NewSnmpManagerDataSource"] + - path: "internal/provider/snmp_manager_data_source_test.go" + provides: "1 TestUnit_SnmpManagerDataSource_Basic test" + contains: "TestUnit_SnmpManagerDataSource_Basic" + - path: "examples/resources/flashblade_snmp_manager/resource.tf" + provides: "v3 example + commented v2c snippet + in-place version switch note" + - path: "examples/resources/flashblade_snmp_manager/import.sh" + provides: "terraform import by name (NOT UUID)" + - path: "examples/data-sources/flashblade_snmp_manager/data-source.tf" + provides: "data source HCL example" + - path: "docs/resources/snmp_manager.md" + provides: "tfplugindocs-generated resource page" + - path: "docs/data-sources/snmp_manager.md" + provides: "tfplugindocs-generated data source page" + - path: "ROADMAP.md" + provides: "SNMP Managers row in Array Administration / Implemented with Done + v2.23.1 note" + contains: "SNMP Managers" + key_links: + - from: "internal/provider/snmp_manager_resource.go" + to: "internal/client/snmp_managers.go" + via: "GetSnmpManager / PostSnmpManager / PatchSnmpManager / DeleteSnmpManager" + pattern: "GetSnmpManager\\(" + - from: "internal/provider/snmp_manager_resource.go" + to: "drift logging contract" + via: "tflog.Debug per leaf" + pattern: "drift detected" + - from: "internal/provider/snmp_manager_resource.go" + to: "write-once skip in mapping function" + via: "Read mapping never assigns community / auth_passphrase / privacy_passphrase" + pattern: "// skip sensitive write-once" + - from: "internal/testmock/handlers/snmp_managers.go" + to: "real-API GET behaviour parity" + via: "GET ?names= no match returns 200 + empty list" + pattern: "WriteJSONListResponse.*\\[\\]" + - from: "internal/provider/provider.go" + to: "resource & data source registration" + via: "NewSnmpManagerResource / NewSnmpManagerDataSource" + pattern: "NewSnmpManagerResource" + - from: "ROADMAP.md" + to: "implementation commit" + via: "row move in same commit as code" + pattern: "SNMP Managers.*Done" +--- + + +Deliver the `flashblade_snmp_manager` Terraform **resource** + **data source** against `/api/2.23/snmp-managers` with full CRUD, both `v2c` and `v3` nested config blocks, write-once sensitive fields, per-leaf drift detection, mock handler, >= 9 new `TestUnit_` tests, HCL examples, regenerated docs, and the repo-level `ROADMAP.md` row move — all in the strict order of the *New Resource* 16-item checklist in `CONVENTIONS.md`, driven by the `flashblade-resource-builder` skill, with **zero deviation**. + +Purpose: ship v2.23.1 with one cohesive, atomic change. SNMP trap destinations are operationally critical; the implementation must mirror the conventions already proven across 55 resources. + +Output: +- 1 new resource (`flashblade_snmp_manager`) + 1 new data source. +- 9+ new `TestUnit_` unit tests; total `make test` count >= 816. +- Updated `provider.go`, generated docs, examples, and root `ROADMAP.md`. +- 1 logical implementation commit (and optional intermediate commits, all `--no-verify`). + + + +@$HOME/.claude/get-shit-done/workflows/execute-plan.md +@$HOME/.claude/get-shit-done/templates/summary.md + + + +@.planning/STATE.md +@.planning/ROADMAP.md +@.planning/REQUIREMENTS.md +@.planning/phases/61-flashblade-snmp-manager/61-CONTEXT.md +@CONVENTIONS.md +@CLAUDE.md +@.claude/skills/flashblade-resource-builder/SKILL.md +@api_references/2.23.md +@swagger-2.23.json +@ROADMAP.md +@GNUmakefile + + +**MANDATORY:** This phase is driven by the `flashblade-resource-builder` skill at `.claude/skills/flashblade-resource-builder/`. Before starting, the executor MUST: + +1. Read `.claude/skills/flashblade-resource-builder/SKILL.md` (lightweight index). +2. Load specific `rules/*.md` on demand (model structs, client CRUD, mocks, resource, data source, tests, docs). +3. Use the skill's lifecycle order as the spine: **models -> client -> mocks -> client tests -> resource -> resource tests -> data source -> ds tests -> registration -> examples -> make docs -> ROADMAP.md**. + +The tasks below mirror this lifecycle one-to-one against the 16-item *New Resource* checklist in `CONVENTIONS.md`. + + + +**Code navigation in `.go` files MUST use Serena MCP** (`mcp__serena__find_symbol`, `mcp__serena__get_symbols_overview`, `mcp__serena__find_referencing_symbols`). + +`Read` is allowed ONLY when the executor is about to edit the file content. `Grep`/`Glob` on `.go` files are BLOCKED by a project hook. This is non-negotiable per `CLAUDE.md`. + +Before starting any task, run `mcp__serena__initial_instructions` (Serena instruction manual). At each task's `` step that names a `.go` symbol, use `find_symbol` (not `Read`). + + + +**MANDATORY:** Every commit in this phase uses: + +```bash +git commit --no-verify -m "feat(snmp): " +``` + +- **No** `Co-Authored-By` trailer (project rule). +- Conventional Commits prefixes: `feat:`, `test:`, `docs:`, `chore:`. +- The final implementation commit MUST bundle: + - All code changes (`internal/client/`, `internal/testmock/`, `internal/provider/`, `examples/`, `docs/`) + - `ROADMAP.md` row move (D-18, SNMP-11) + - Generated `docs/resources/snmp_manager.md` + `docs/data-sources/snmp_manager.md` + +Per D-19 + project `CLAUDE.md`. + + + +Branch `implem-snmp-managers` MUST be created from a clean `main` at the START of T01 (D-20): + +```bash +git checkout main +git pull --ff-only +git status # must be clean +git checkout -b implem-snmp-managers +``` + +All subsequent commits land on this branch. No worktrees (project `CLAUDE.md` `Do NOT`). + + + +Authoritative schemas from `swagger-2.23.json` (validated 2026-05-20): + +```text +_snmp_v2c: + community: string, maxLength=32 + +_snmp_v3: # used in GET (response) and PATCH (request) + user: string + auth_protocol: string (MD5|SHA) + auth_passphrase: string # NEVER returned on GET + privacy_protocol: string (AES|DES) + privacy_passphrase: string # NEVER returned on GET + +_snmp_v3_post: # stricter constraints on POST + user: string + auth_protocol: string (MD5|SHA) + auth_passphrase: string maxLength=32 # NEVER returned on GET + privacy_protocol: string (AES|DES) + privacy_passphrase: string minLength=8 maxLength=63 # NEVER returned on GET + +SnmpManager (GET response): + id: string (ro) + name: string (ro, supplied via ?names= on POST) + host: string + notification: string (inform|trap) + version: string (v2c|v3) + v2c: _snmp_v2c (community omitted) + v3: _snmp_v3 (passphrases omitted) + +SnmpManagerPost (POST body, name via ?names=): + host, notification, version, v2c, v3 (using _snmp_v3_post constraints) + +SnmpManagerPatch (PATCH body): + every field optional (pointer); nested v2c/v3 are *atomic* blocks (same pattern as ArrayConnectionPatch.Throttle) +``` + +Endpoints: +- `GET /api/2.23/snmp-managers` (filter by `?names=`) +- `POST /api/2.23/snmp-managers?names=NAME` +- `PATCH /api/2.23/snmp-managers?names=NAME` +- `DELETE /api/2.23/snmp-managers?names=NAME` + +OUT of scope: `GET /api/2.23/snmp-managers/test` (SNMP-13, D-X). No code references it. + + + +Reference patterns the executor will lean on (extracted from existing code, do not re-discover): + +```go +// internal/client/models_admin.go:104-146 — ArrayConnection / ArrayConnectionThrottle / ArrayConnectionPatch +// Canonical template for the SnmpManager + SnmpV2c + SnmpV3 + SnmpManagerPatch shape. +// In particular ArrayConnectionPatch.Throttle *ArrayConnectionThrottle is the atomic-nested-block pattern +// that SnmpManagerPatch.V2c *SnmpV2c and SnmpManagerPatch.V3 *SnmpV3 MUST copy. + +// internal/client/client.go — getOneByName[T] generic +// func getOneByName[T any](ctx context.Context, c *FlashBladeClient, path, name string) (*T, error) +// ALL Get implementations in this codebase use this. Never hand-roll list-then-filter. + +// internal/testmock/handlers/targets.go — RegisterTargetHandlers + targetStore +// Canonical mock handler: mutex+byName+nextID, Seed(...), shared helpers, empty-list GET=200. + +// internal/provider/array_connection_resource.go:121-141 — Throttle SingleNestedAttribute +// schema.SingleNestedAttribute{ Optional: true, Computed: true, Attributes: map[string]schema.Attribute{...} } +// Template for both `v2c` and `v3` attributes. + +// internal/provider/directory_service_management_resource.go:467-517 — mapDirectoryServiceToModel +// Skips BindPassword in Read mapping (API never returns it). Template for skipping community / auth_passphrase / privacy_passphrase. + +// internal/provider/target_resource.go — base lifecycle template (Configure, Schema, Create, Read, Update, Delete, ImportState, UpgradeState) +// 4 mandatory interfaces; SchemaVersion = 0; nullTimeoutsValue() on Import. + +// internal/provider/target_data_source.go — DS template (2 interfaces, no timeouts) +``` + + + + + + + T01: Create branch, generate model structs in models_admin.go + internal/client/models_admin.go + + - .planning/phases/61-flashblade-snmp-manager/61-CONTEXT.md (D-02, D-03, D-20) + - CONVENTIONS.md §Model Structs + - swagger-2.23.json (already extracted in `` above; do not re-read) + - mcp__serena__get_symbols_overview file=internal/client/models_admin.go (locate insertion point after AlertWatcher block) + - mcp__serena__find_symbol name=ArrayConnectionThrottle relative_path=internal/client/models_admin.go include_body=true + - mcp__serena__find_symbol name=ArrayConnectionPatch relative_path=internal/client/models_admin.go include_body=true + + + **Step 0 — Branch (D-20):** + ```bash + git checkout main && git pull --ff-only && git status # must be clean + git checkout -b implem-snmp-managers + ``` + + **Step 1 — Append to `internal/client/models_admin.go` (after the AlertWatcher block; do NOT touch existing structs):** + + Add the following 6 types (exact JSON tags + pointer rules per CONVENTIONS.md §Model Structs): + + ```go + // SnmpV2c holds the v2c configuration of an SNMP manager. + // Returned on GET (community omitted by the API). + // Sent atomically on POST and PATCH. + type SnmpV2c struct { + Community string `json:"community,omitempty"` + } + + // SnmpV3 holds the v3 configuration of an SNMP manager on GET and PATCH. + // Passphrases are never returned on GET. + type SnmpV3 struct { + User string `json:"user,omitempty"` + AuthProtocol string `json:"auth_protocol,omitempty"` + AuthPassphrase string `json:"auth_passphrase,omitempty"` + PrivacyProtocol string `json:"privacy_protocol,omitempty"` + PrivacyPassphrase string `json:"privacy_passphrase,omitempty"` + } + + // SnmpV3Post mirrors SnmpV3 but encodes the stricter POST-time constraints + // (auth_passphrase <= 32, privacy_passphrase 8..63). Used ONLY in SnmpManagerPost. + type SnmpV3Post struct { + User string `json:"user,omitempty"` + AuthProtocol string `json:"auth_protocol,omitempty"` + AuthPassphrase string `json:"auth_passphrase,omitempty"` + PrivacyProtocol string `json:"privacy_protocol,omitempty"` + PrivacyPassphrase string `json:"privacy_passphrase,omitempty"` + } + + // SnmpManager represents the GET /snmp-managers response. + type SnmpManager struct { + ID string `json:"id"` + Name string `json:"name"` + Host string `json:"host,omitempty"` + Notification string `json:"notification,omitempty"` + Version string `json:"version,omitempty"` + V2c *SnmpV2c `json:"v2c,omitempty"` + V3 *SnmpV3 `json:"v3,omitempty"` + } + + // SnmpManagerPost is the POST body. Name is supplied via ?names= and excluded. + // V3 uses the stricter SnmpV3Post constraint set (per D-04). + type SnmpManagerPost struct { + Host string `json:"host,omitempty"` + Notification string `json:"notification,omitempty"` + Version string `json:"version,omitempty"` + V2c *SnmpV2c `json:"v2c,omitempty"` + V3 *SnmpV3Post `json:"v3,omitempty"` + } + + // SnmpManagerPatch is the PATCH body. Every field is a pointer. + // V2c/V3 are atomic nested blocks (template: ArrayConnectionPatch.Throttle). + type SnmpManagerPatch struct { + Host *string `json:"host,omitempty"` + Notification *string `json:"notification,omitempty"` + Version *string `json:"version,omitempty"` + V2c *SnmpV2c `json:"v2c,omitempty"` + V3 *SnmpV3 `json:"v3,omitempty"` + } + ``` + + **Why these exact shapes:** GET response uses plain types per CONVENTIONS.md (no scalar pointers); POST uses `SnmpV3Post` for stricter validators per D-04; PATCH uses atomic nested blocks (D-03), mirroring `ArrayConnectionPatch.Throttle`. Sensitive fields are inside the nested structs so the Patch-omitting-the-block pattern works cleanly for in-place v2c<->v3 switch (D-06). + + **Step 2 — Optional intermediate commit:** + ```bash + git add internal/client/models_admin.go + git commit --no-verify -m "feat(snmp): add SnmpManager client model structs" + ``` + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && go build ./internal/client/... && rg -n "^type SnmpManager " internal/client/models_admin.go && rg -n "^type SnmpManagerPost " internal/client/models_admin.go && rg -n "^type SnmpManagerPatch " internal/client/models_admin.go && rg -n "^type SnmpV2c " internal/client/models_admin.go && rg -n "^type SnmpV3 " internal/client/models_admin.go && rg -n "^type SnmpV3Post " internal/client/models_admin.go + + + - Branch `implem-snmp-managers` exists and is checked out (`git rev-parse --abbrev-ref HEAD` returns `implem-snmp-managers`). + - All 6 struct declarations exist in `internal/client/models_admin.go`: `SnmpManager`, `SnmpManagerPost`, `SnmpManagerPatch`, `SnmpV2c`, `SnmpV3`, `SnmpV3Post`. + - `SnmpManagerPost.V3` field type is `*SnmpV3Post` (NOT `*SnmpV3`). + - `SnmpManagerPatch` has every field as a pointer (`*string`, `*SnmpV2c`, `*SnmpV3`). + - `go build ./internal/client/...` exits 0. + - No edits to any existing struct (validated by `git diff main -- internal/client/models_admin.go` showing only additions). + + + Models compile, structs match CONVENTIONS.md §Model Structs rules (pointer policy, JSON tags, name excluded), atomic nested block pattern mirrors `ArrayConnectionPatch.Throttle`. + + + + + T02: Implement client CRUD using getOneByName[T] + internal/client/snmp_managers.go + + - CONVENTIONS.md §Client CRUD Methods + - mcp__serena__find_symbol name=getOneByName relative_path=internal/client/client.go include_body=true + - mcp__serena__find_symbol name=GetTarget relative_path=internal/client/targets.go include_body=true + - mcp__serena__find_symbol name=PostTarget relative_path=internal/client/targets.go include_body=true + - mcp__serena__find_symbol name=PatchTarget relative_path=internal/client/targets.go include_body=true + - mcp__serena__find_symbol name=DeleteTarget relative_path=internal/client/targets.go include_body=true + - mcp__serena__find_symbol name=ListTargets relative_path=internal/client/targets.go include_body=true + + + Create `internal/client/snmp_managers.go` with this exact layout (mirrors `targets.go`): + + ```go + package client + + import ( + "context" + "fmt" + "net/http" + "net/url" + ) + + const snmpManagersPath = "/snmp-managers" + + // GetSnmpManager fetches a single SNMP manager by name. + // Empty list (no match) is converted to a not-found error by getOneByName. + func (c *FlashBladeClient) GetSnmpManager(ctx context.Context, name string) (*SnmpManager, error) { + return getOneByName[SnmpManager](ctx, c, snmpManagersPath, name) + } + + // ListSnmpManagers returns all SNMP managers. No filters in API 2.23 beyond ?names=. + func (c *FlashBladeClient) ListSnmpManagers(ctx context.Context) ([]SnmpManager, error) { + var resp struct{ Items []SnmpManager `json:"items"` } + if err := c.do(ctx, http.MethodGet, snmpManagersPath, nil, nil, &resp); err != nil { + return nil, err + } + return resp.Items, nil + } + + // PostSnmpManager creates an SNMP manager. Name is carried in ?names=. + func (c *FlashBladeClient) PostSnmpManager(ctx context.Context, name string, body SnmpManagerPost) (*SnmpManager, error) { + q := url.Values{"names": []string{name}} + var resp struct{ Items []SnmpManager `json:"items"` } + if err := c.do(ctx, http.MethodPost, snmpManagersPath, q, body, &resp); err != nil { + return nil, err + } + if len(resp.Items) == 0 { + return nil, fmt.Errorf("snmp_manager %q: empty POST response", name) + } + return &resp.Items[0], nil + } + + // PatchSnmpManager updates an SNMP manager by name. + func (c *FlashBladeClient) PatchSnmpManager(ctx context.Context, name string, body SnmpManagerPatch) (*SnmpManager, error) { + q := url.Values{"names": []string{name}} + var resp struct{ Items []SnmpManager `json:"items"` } + if err := c.do(ctx, http.MethodPatch, snmpManagersPath, q, body, &resp); err != nil { + return nil, err + } + if len(resp.Items) == 0 { + return nil, fmt.Errorf("snmp_manager %q: empty PATCH response", name) + } + return &resp.Items[0], nil + } + + // DeleteSnmpManager deletes an SNMP manager by name. + func (c *FlashBladeClient) DeleteSnmpManager(ctx context.Context, name string) error { + q := url.Values{"names": []string{name}} + return c.do(ctx, http.MethodDelete, snmpManagersPath, q, nil, nil) + } + ``` + + **Critical rules (CONVENTIONS.md §Client CRUD Methods):** + - Path does NOT include API version (`/snmp-managers`, not `/api/2.23/snmp-managers`). `c.do()` adds the version prefix. + - GET-single uses `getOneByName[SnmpManager]` (never hand-roll). + - Errors from `c.do` are returned directly (no `fmt.Errorf` wrap; preserves `APIError`). + - `?names=` value goes through `url.Values` (which encodes properly). + - List shape: "No args beyond ctx" (global flat set) per CONVENTIONS.md table. + + If the exact `url.Values{"names": ...}` form differs from what `targets.go` uses, MATCH `targets.go` verbatim. Verify by inspecting `PostTarget` body returned by Serena. + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && go build ./internal/client/... && rg -n "func \(c \*FlashBladeClient\) GetSnmpManager\(" internal/client/snmp_managers.go && rg -n "func \(c \*FlashBladeClient\) ListSnmpManagers\(" internal/client/snmp_managers.go && rg -n "func \(c \*FlashBladeClient\) PostSnmpManager\(" internal/client/snmp_managers.go && rg -n "func \(c \*FlashBladeClient\) PatchSnmpManager\(" internal/client/snmp_managers.go && rg -n "func \(c \*FlashBladeClient\) DeleteSnmpManager\(" internal/client/snmp_managers.go && rg -n "getOneByName\[SnmpManager\]" internal/client/snmp_managers.go + + + - File exists at `internal/client/snmp_managers.go`. + - All 5 methods present and exported: `GetSnmpManager`, `ListSnmpManagers`, `PostSnmpManager`, `PatchSnmpManager`, `DeleteSnmpManager`. + - `GetSnmpManager` body uses `getOneByName[SnmpManager]` (grep shows the literal call). + - Path constant `snmpManagersPath = "/snmp-managers"` — no `/api/2.23` prefix. + - `go build ./internal/client/...` exits 0. + - No use of `fmt.Errorf("...%w", err)` to wrap `c.do` errors. + + + CRUD layer compiles; signatures, return types, and `getOneByName` use match `targets.go`. + + + + + T03: Implement mock handler with Seed, empty-list GET=200, shared helpers + internal/testmock/handlers/snmp_managers.go, internal/testmock/server.go + + - CONVENTIONS.md §Mock Handlers (the entire section including the table) + - .planning/phases/61-flashblade-snmp-manager/61-CONTEXT.md (D-11, D-12) + - mcp__serena__get_symbols_overview file=internal/testmock/handlers/targets.go + - mcp__serena__find_symbol name=RegisterTargetHandlers relative_path=internal/testmock/handlers/targets.go include_body=true + - mcp__serena__find_symbol name=targetStore relative_path=internal/testmock/handlers/targets.go include_body=true + - mcp__serena__get_symbols_overview file=internal/testmock/handlers/helpers.go + - mcp__serena__get_symbols_overview file=internal/testmock/server.go + + + **Step 1 — Create `internal/testmock/handlers/snmp_managers.go`** modeled exactly on `targets.go`: + + ```go + package handlers + + import ( + "encoding/json" + "net/http" + "strconv" + "sync" + + "github.com/numberly/terraform-provider-mica/internal/client" + ) + + type snmpManagerStore struct { + mu sync.Mutex + byName map[string]*client.SnmpManager + nextID int + } + + // Seed inserts pre-existing managers into the store (sensitive fields are stripped from GET responses). + func (s *snmpManagerStore) Seed(items ...*client.SnmpManager) { + s.mu.Lock() + defer s.mu.Unlock() + for _, it := range items { + s.nextID++ + if it.ID == "" { + it.ID = "snmpmgr-" + strconv.Itoa(s.nextID) + } + s.byName[it.Name] = it + } + } + + func RegisterSnmpManagerHandlers(mux *http.ServeMux) *snmpManagerStore { + store := &snmpManagerStore{byName: map[string]*client.SnmpManager{}} + + mux.HandleFunc("/api/2.23/snmp-managers", func(w http.ResponseWriter, r *http.Request) { + switch r.Method { + case http.MethodGet: + handleGetSnmpManagers(store, w, r) + case http.MethodPost: + handlePostSnmpManager(store, w, r) + case http.MethodPatch: + handlePatchSnmpManager(store, w, r) + case http.MethodDelete: + handleDeleteSnmpManager(store, w, r) + default: + WriteJSONError(w, http.StatusMethodNotAllowed, "method not allowed") + } + }) + + return store + } + + // GET: ?names= -> single match or empty list with HTTP 200 (NEVER 404 on no match). + // No ?names= -> return all. + func handleGetSnmpManagers(store *snmpManagerStore, w http.ResponseWriter, r *http.Request) { + if err := ValidateQueryParams(r, "names"); err != nil { + WriteJSONError(w, http.StatusBadRequest, err.Error()) + return + } + store.mu.Lock() + defer store.mu.Unlock() + + names := r.URL.Query()["names"] + var items []*client.SnmpManager + if len(names) == 0 { + for _, it := range store.byName { + items = append(items, stripSensitive(it)) + } + } else { + for _, n := range names { + if it, ok := store.byName[n]; ok { + items = append(items, stripSensitive(it)) + } + } + } + WriteJSONListResponse(w, items) // empty -> 200 + {"items": []}, per CONVENTIONS.md + } + + func handlePostSnmpManager(store *snmpManagerStore, w http.ResponseWriter, r *http.Request) { + name, err := RequireQueryParam(r, "names") + if err != nil { + WriteJSONError(w, http.StatusBadRequest, err.Error()) + return + } + var body client.SnmpManagerPost + if err := json.NewDecoder(r.Body).Decode(&body); err != nil { + WriteJSONError(w, http.StatusBadRequest, "invalid body") + return + } + + store.mu.Lock() + defer store.mu.Unlock() + + if _, exists := store.byName[name]; exists { + WriteJSONError(w, http.StatusConflict, "snmp manager already exists") + return + } + store.nextID++ + mgr := &client.SnmpManager{ + ID: "snmpmgr-" + strconv.Itoa(store.nextID), + Name: name, + Host: body.Host, + Notification: body.Notification, + Version: body.Version, + } + if body.V2c != nil { + mgr.V2c = &client.SnmpV2c{Community: body.V2c.Community} + } + if body.V3 != nil { + mgr.V3 = &client.SnmpV3{ + User: body.V3.User, + AuthProtocol: body.V3.AuthProtocol, + AuthPassphrase: body.V3.AuthPassphrase, + PrivacyProtocol: body.V3.PrivacyProtocol, + PrivacyPassphrase: body.V3.PrivacyPassphrase, + } + } + store.byName[name] = mgr + WriteJSONListResponse(w, []*client.SnmpManager{stripSensitive(mgr)}) + } + + func handlePatchSnmpManager(store *snmpManagerStore, w http.ResponseWriter, r *http.Request) { + name, err := RequireQueryParam(r, "names") + if err != nil { + WriteJSONError(w, http.StatusBadRequest, err.Error()) + return + } + var body client.SnmpManagerPatch + if err := json.NewDecoder(r.Body).Decode(&body); err != nil { + WriteJSONError(w, http.StatusBadRequest, "invalid body") + return + } + + store.mu.Lock() + defer store.mu.Unlock() + + mgr, ok := store.byName[name] + if !ok { + WriteJSONError(w, http.StatusNotFound, "snmp manager not found") + return + } + if body.Host != nil { + mgr.Host = *body.Host + } + if body.Notification != nil { + mgr.Notification = *body.Notification + } + if body.Version != nil { + mgr.Version = *body.Version + } + if body.V2c != nil { + mgr.V2c = body.V2c + } + if body.V3 != nil { + mgr.V3 = body.V3 + } + WriteJSONListResponse(w, []*client.SnmpManager{stripSensitive(mgr)}) + } + + func handleDeleteSnmpManager(store *snmpManagerStore, w http.ResponseWriter, r *http.Request) { + name, err := RequireQueryParam(r, "names") + if err != nil { + WriteJSONError(w, http.StatusBadRequest, err.Error()) + return + } + store.mu.Lock() + defer store.mu.Unlock() + if _, ok := store.byName[name]; !ok { + WriteJSONError(w, http.StatusNotFound, "snmp manager not found") + return + } + delete(store.byName, name) + w.WriteHeader(http.StatusOK) + } + + // stripSensitive returns a shallow copy with community / auth_passphrase / privacy_passphrase blanked, + // mirroring real API GET behaviour (D-12). + func stripSensitive(in *client.SnmpManager) *client.SnmpManager { + out := *in + if in.V2c != nil { + v := *in.V2c + v.Community = "" + out.V2c = &v + } + if in.V3 != nil { + v := *in.V3 + v.AuthPassphrase = "" + v.PrivacyPassphrase = "" + out.V3 = &v + } + return &out + } + ``` + + **Adjust helper signatures** (`ValidateQueryParams`, `RequireQueryParam`, `WriteJSONListResponse`, `WriteJSONError`) to whatever `helpers.go` actually exports. Match `targets.go` calls 1:1 to be safe. + + **Step 2 — Wire into `internal/testmock/server.go`:** + + Inspect the existing wiring (find where `RegisterTargetHandlers` is called) and append a call to `handlers.RegisterSnmpManagerHandlers(mux)`. Expose the returned store via the test bootstrap so provider tests can `Seed(...)`. + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && go build ./internal/testmock/... && rg -n "func RegisterSnmpManagerHandlers\(" internal/testmock/handlers/snmp_managers.go && rg -n "WriteJSONListResponse" internal/testmock/handlers/snmp_managers.go && rg -n "RegisterSnmpManagerHandlers" internal/testmock/server.go && rg -n "stripSensitive" internal/testmock/handlers/snmp_managers.go + + + - `internal/testmock/handlers/snmp_managers.go` exists. + - `RegisterSnmpManagerHandlers(mux *http.ServeMux) *snmpManagerStore` returns the store (so `Seed` is callable from tests). + - GET handler uses `WriteJSONListResponse` for the no-match path (NOT `http.Error(... 404 ...)`). + - Sensitive fields are stripped on every GET response (`stripSensitive` is invoked in GET, POST response, PATCH response). + - `internal/testmock/server.go` calls `RegisterSnmpManagerHandlers(mux)` from the bootstrap function. + - `go build ./internal/testmock/...` exits 0. + + + Mock handler compiles; GET-no-match returns 200 + `{"items":[]}`; passphrases / community are never echoed in GET responses; store is reachable from provider tests via the bootstrap return. + + + + + T04: Write 5 client unit tests (TestUnit_SnmpManager_*) + internal/client/snmp_managers_test.go + + - CONVENTIONS.md §Test Conventions, §Test Coverage + - mcp__serena__find_symbol name=TestUnit_Target_Get_Found relative_path=internal/client/targets_test.go include_body=true + - mcp__serena__find_symbol name=TestUnit_Target_Post relative_path=internal/client/targets_test.go include_body=true + - mcp__serena__find_symbol name=newTestClient relative_path=internal/client/client_test.go include_body=true + + + Create `internal/client/snmp_managers_test.go` (package `client_test`) with exactly these 5 tests: + + 1. `TestUnit_SnmpManager_Get_Found` — `httptest.NewServer` returns one manager when `?names=mgr1`; assert `Name`, `Host`, `Version`, `V3.User`. Confirm sensitive fields (`V3.AuthPassphrase`, `V3.PrivacyPassphrase`, `V2c.Community`) come back as empty string. + 2. `TestUnit_SnmpManager_Get_NotFound` — `httptest.NewServer` returns `{"items":[]}` with HTTP **200** on `?names=missing`. Assert `getOneByName[SnmpManager]` surfaces a not-found error (the canonical error type used elsewhere in this codebase — find it via Serena on `Get_NotFound` tests in `targets_test.go`). + 3. `TestUnit_SnmpManager_Post` — Posts `SnmpManagerPost{Host:"snmp.example", Notification:"trap", Version:"v3", V3:&SnmpV3Post{User:"u",AuthProtocol:"SHA",AuthPassphrase:"secret",PrivacyProtocol:"AES",PrivacyPassphrase:"longpriv8"}}` against a mock; assert the request body JSON contains `"v3":{"user":"u","auth_protocol":"SHA","auth_passphrase":"secret",...}` and the response is decoded into a `*SnmpManager`. Also assert query param `?names=mgr1` is sent. + 4. `TestUnit_SnmpManager_Patch` — PATCH with `SnmpManagerPatch{Host: stringPtr("new.host")}`; assert request body is `{"host":"new.host"}` (no other fields, thanks to `omitempty`). + 5. `TestUnit_SnmpManager_Delete` — DELETE returns 200; assert the request method is DELETE and the URL contains `names=mgr1`. + + Use `newTestClient(t, srv)` (from `client_test` helpers). Use `t.Fatalf` for setup errors, `t.Errorf` for assertion failures. + + No `Get_Found` test should reach a non-mock `httptest.NewServer` — keep all 5 tests offline. + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && go test -count=1 -run "TestUnit_SnmpManager_(Get_Found|Get_NotFound|Post|Patch|Delete)$" ./internal/client/... && rg -n "func TestUnit_SnmpManager_Get_Found\(" internal/client/snmp_managers_test.go && rg -n "func TestUnit_SnmpManager_Get_NotFound\(" internal/client/snmp_managers_test.go && rg -n "func TestUnit_SnmpManager_Post\(" internal/client/snmp_managers_test.go && rg -n "func TestUnit_SnmpManager_Patch\(" internal/client/snmp_managers_test.go && rg -n "func TestUnit_SnmpManager_Delete\(" internal/client/snmp_managers_test.go + + + - All 5 tests exist with the literal names listed above. + - `go test -count=1 -run "TestUnit_SnmpManager_(Get_Found|Get_NotFound|Post|Patch|Delete)$" ./internal/client/...` exits 0. + - `TestUnit_SnmpManager_Get_NotFound` provokes a 200+empty-list response (NOT a 404) and asserts the resulting client error. + - `TestUnit_SnmpManager_Patch` JSON body assertion confirms only the changed field is sent (validates `omitempty` correctness). + + + 5 client tests green; 200+empty-list contract validated; PATCH body proves `omitempty` works. + + + + + T05: Implement resource (4 interfaces, SingleNestedAttribute v2c/v3, write-once Read, 6 drift logs) + internal/provider/snmp_manager_resource.go + + - CONVENTIONS.md §Resource Implementation + - .planning/phases/61-flashblade-snmp-manager/61-CONTEXT.md (D-02, D-04, D-06, D-08, D-09, D-10) + - mcp__serena__find_symbol name=ArrayConnectionResource relative_path=internal/provider/array_connection_resource.go include_body=true + - mcp__serena__find_symbol name=mapDirectoryServiceToModel relative_path=internal/provider/directory_service_management_resource.go include_body=true + - mcp__serena__find_symbol name=NewTargetResource relative_path=internal/provider/target_resource.go include_body=true + - mcp__serena__find_symbol name=targetResource relative_path=internal/provider/target_resource.go include_body=true + - mcp__serena__find_symbol name=nullTimeoutsValue relative_path=internal/provider/helpers.go include_body=true (or wherever it lives — find via Serena) + + + Create `internal/provider/snmp_manager_resource.go`. Required interfaces (ALL 4): + - `resource.Resource` + - `resource.ResourceWithConfigure` + - `resource.ResourceWithImportState` + - `resource.ResourceWithUpgradeState` (Schema `Version: 0`, empty `UpgradeState` map per CONVENTIONS.md "Empty map when version is 0") + + **Schema:** + + Top-level attributes: + - `id` — Computed string, `UseStateForUnknown()`. + - `name` — Required string, `RequiresReplace()`. + - `host` — Required string. **No** plan modifier. + - `notification` — Required string, validator `OneOf("inform", "trap")`. No plan modifier. + - `version` — Required string, validator `OneOf("v2c", "v3")`. **No** plan modifier (D-06: in-place switch allowed). + - `v2c` — `schema.SingleNestedAttribute{ Optional: true, Computed: true, Attributes: ... }`. Attributes: + - `community` — Optional string, `Sensitive: true`, validator `LengthAtMost(32)`. + - `v3` — `schema.SingleNestedAttribute{ Optional: true, Computed: true, Attributes: ... }`. Attributes: + - `user` — Optional+Computed string. + - `auth_protocol` — Optional+Computed string, validator `OneOf("MD5", "SHA")`. + - `auth_passphrase` — Optional string, `Sensitive: true`, validator `LengthAtMost(32)`. + - `privacy_protocol` — Optional+Computed string, validator `OneOf("AES", "DES")`. + - `privacy_passphrase` — Optional string, `Sensitive: true`, validator `LengthBetween(8, 63)`. + - `timeouts` — all 4 (Create 20m, Read 5m, Update 20m, Delete 30m). + + **Create:** Build `SnmpManagerPost` (use `SnmpV3Post` for the v3 block), call `client.PostSnmpManager(ctx, name, body)`, map response into state. **Preserve user-supplied sensitive fields** in state (they were just sent, mock/API will not echo them back). + + **Read:** Call `client.GetSnmpManager(ctx, name)`. On not-found, `resp.State.RemoveResource(ctx)` and return. Build `mapSnmpManagerToModel(ctx, &state, mgr, &resp.Diagnostics)`: + - Compare each of the 6 leaf fields (`host`, `notification`, `version`, `v3.user`, `v3.auth_protocol`, `v3.privacy_protocol`) against current state; on mismatch emit `tflog.Debug(ctx, "drift detected", map[string]any{"resource":"flashblade_snmp_manager", "field":"", "was": , "now": })`. + - **NEVER** read or assign `v2c.community`, `v3.auth_passphrase`, `v3.privacy_passphrase` from the API response. The state value is preserved as-is. Use a `// skip sensitive write-once` comment line above each skip site for grep-ability. + + **Update:** Build `SnmpManagerPatch` with pointers to ONLY the changed fields (compare plan vs. state). For nested blocks, send the entire `*SnmpV2c` / `*SnmpV3` if any leaf changed inside. When `version` changes from v3 -> v2c, send `Version` + `V2c` and OMIT `V3` (D-06). Call `client.PatchSnmpManager(...)`. Preserve sensitive fields in state. + + **Delete:** Call `client.DeleteSnmpManager(ctx, name)`. + + **ImportState:** Import by name. Use `nullTimeoutsValue()`. Set the three sensitive fields to `types.StringNull()` inside their nested objects: + - `v2c = { community = null }` (only if `version == "v2c"` on the read-back; otherwise `v2c = null`) + - `v3 = { user, auth_protocol, privacy_protocol from API; auth_passphrase = null; privacy_passphrase = null }` (only if `version == "v3"`) + + Match the SingleNestedAttribute pattern in `array_connection_resource.go` for object construction (`types.ObjectValue` directly, no passthrough wrappers — CONVENTIONS.md §Patterns to Follow). + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && go build ./internal/provider/... && rg -n "func NewSnmpManagerResource\(" internal/provider/snmp_manager_resource.go && rg -c "drift detected" internal/provider/snmp_manager_resource.go | xargs -I{} sh -c 'test {} -ge 6' && rg -n "// skip sensitive write-once" internal/provider/snmp_manager_resource.go | wc -l | xargs -I{} sh -c 'test {} -ge 3' && rg -n "resource.ResourceWithUpgradeState" internal/provider/snmp_manager_resource.go && rg -n "resource.ResourceWithImportState" internal/provider/snmp_manager_resource.go && rg -n "SingleNestedAttribute" internal/provider/snmp_manager_resource.go | wc -l | xargs -I{} sh -c 'test {} -ge 2' + + + - File `internal/provider/snmp_manager_resource.go` exists. + - `NewSnmpManagerResource` is exported. + - All 4 interfaces wired: `Resource`, `ResourceWithConfigure`, `ResourceWithImportState`, `ResourceWithUpgradeState` (grep all four interface assertions or method signatures). + - Schema `Version: 0`. + - `v2c` and `v3` are `schema.SingleNestedAttribute` (grep: at least 2 occurrences of `SingleNestedAttribute`). + - **No** `RequiresReplace` on `version` (grep: `version` field block should NOT contain `RequiresReplace`). + - Exactly **6** `tflog.Debug(ctx, "drift detected"` calls (one per leaf). The sensitive fields MUST NOT appear in any drift log call. + - At least **3** `// skip sensitive write-once` markers in Read mapping (community, auth_passphrase, privacy_passphrase). + - All 4 timeouts present (20m / 5m / 20m / 30m). + - `ImportState` calls `nullTimeoutsValue()` and sets sensitive fields to `types.StringNull()`. + - `go build ./internal/provider/...` exits 0. + + + Resource compiles; sensitive fields are write-once (never assigned from API in Read); 6 drift logs cover the 6 non-sensitive leaves; v2c<->v3 in-place switch is permitted (no `RequiresReplace` on `version`). + + + + + T06: Write 3 resource tests (Lifecycle, Import, DriftDetection) + internal/provider/snmp_manager_resource_test.go + + - CONVENTIONS.md §Test Conventions, §Test Coverage (Resource minimums) + - mcp__serena__find_symbol name=TestUnit_TargetResource_Lifecycle relative_path=internal/provider/target_resource_test.go include_body=true + - mcp__serena__find_symbol name=TestUnit_TargetResource_Import relative_path=internal/provider/target_resource_test.go include_body=true + - mcp__serena__find_symbol name=TestUnit_TargetResource_DriftDetection relative_path=internal/provider/target_resource_test.go include_body=true + - mcp__serena__find_symbol name=testNewMockedProvider relative_path=internal/provider/provider_test.go include_body=true (or wherever the helper lives; locate via Serena) + + + Create `internal/provider/snmp_manager_resource_test.go`. Use the **5 mandatory provider-test helpers** convention (`newTestSnmpManagerResource`, `snmpManagerResourceSchema`, `buildSnmpManagerType`, `nullSnmpManagerConfig`, `snmpManagerPlanWith`). + + Tests: + + 1. **`TestUnit_SnmpManagerResource_Lifecycle`** — Use `testNewMockedProvider()` + the returned `snmpManagerStore`. Steps: + a. Create with `version="v3"`, `notification="trap"`, full v3 block (user, MD5, secret, AES, longpriv8). Assert state has all fields including sensitive ones (state-preserved values). + b. Update `host`. Assert PATCH body contains ONLY `{"host": "..."}`. + c. Update `notification` from `trap` to `inform`. + d. Update v3 inner field (`auth_protocol` MD5 -> SHA). Assert PATCH body contains the full `v3` atomic block. + e. Delete. Assert manager is gone from store. + + 2. **`TestUnit_SnmpManagerResource_Import`** — Seed store with a v3 manager. Import by `name`. Assert the resulting state has `auth_passphrase = null`, `privacy_passphrase = null` (D-09), and `user`/`auth_protocol`/`privacy_protocol` populated from the API. Assert `timeouts` are null (via `nullTimeoutsValue()`). + + 3. **`TestUnit_SnmpManagerResource_DriftDetection`** — Seed store with a manager, mutate the stored entry directly (`store.byName["mgr1"].Host = "drifted"`), trigger Read, and assert via `tflog` capture (or by structure of the resulting state diff) that all 6 leaf drift logs fire when each leaf is mutated. At minimum, assert the 6 specific log entries by `field` key: `host`, `notification`, `version`, `v3.user`, `v3.auth_protocol`, `v3.privacy_protocol`. Sensitive fields MUST NOT appear in any captured drift log. + + Use the `acctest` framework's `resource.UnitTest` (NOT `resource.Test`, which requires `TF_ACC=1`). + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && go test -count=1 -run "TestUnit_SnmpManagerResource_(Lifecycle|Import|DriftDetection)$" ./internal/provider/... && rg -n "func TestUnit_SnmpManagerResource_Lifecycle\(" internal/provider/snmp_manager_resource_test.go && rg -n "func TestUnit_SnmpManagerResource_Import\(" internal/provider/snmp_manager_resource_test.go && rg -n "func TestUnit_SnmpManagerResource_DriftDetection\(" internal/provider/snmp_manager_resource_test.go + + + - All 3 tests exist with the literal names above. + - `go test -count=1 -run "TestUnit_SnmpManagerResource_(Lifecycle|Import|DriftDetection)$" ./internal/provider/...` exits 0. + - Lifecycle test exercises Create + at least 2 updates + Delete. + - Import test asserts `auth_passphrase` and `privacy_passphrase` are null in imported state. + - DriftDetection test verifies exactly the 6 leaves listed in D-10 and confirms sensitive fields are absent from captured logs. + + + 3 resource tests green; write-once import behaviour confirmed by test; 6-leaf drift contract enforced by test. + + + + + T07: Implement data source (DataSource + DataSourceWithConfigure) + internal/provider/snmp_manager_data_source.go + + - CONVENTIONS.md §Data Source Implementation + - mcp__serena__find_symbol name=NewTargetDataSource relative_path=internal/provider/target_data_source.go include_body=true + - mcp__serena__find_symbol name=targetDataSource relative_path=internal/provider/target_data_source.go include_body=true + + + Create `internal/provider/snmp_manager_data_source.go`. Implements **2 interfaces only**: `datasource.DataSource`, `datasource.DataSourceWithConfigure`. No timeouts. No plan modifiers. + + Schema attributes (mirror resource schema shape): + - `name` — **Required** string. + - `id`, `host`, `notification`, `version` — **Computed** strings. + - `v2c` — `schema.SingleNestedAttribute{ Computed: true, Attributes: { community: { Computed: true, Sensitive: true } } }`. + - `v3` — `schema.SingleNestedAttribute{ Computed: true, Attributes: { user, auth_protocol, auth_passphrase (Sensitive), privacy_protocol, privacy_passphrase (Sensitive), all Computed } }`. + + Read: call `client.GetSnmpManager(ctx, name)`. On not-found: `resp.Diagnostics.AddError(...)` (NOT `RemoveResource` — that's resource-only per CONVENTIONS.md). Inline field mapping is fine; sensitive fields end up as empty strings (since API doesn't return them) — convert empty string to `types.StringNull()` for cleaner downstream consumption. + + `NewSnmpManagerDataSource` exported. + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && go build ./internal/provider/... && rg -n "func NewSnmpManagerDataSource\(" internal/provider/snmp_manager_data_source.go && rg -n "datasource.DataSourceWithConfigure" internal/provider/snmp_manager_data_source.go && rg -n "AddError" internal/provider/snmp_manager_data_source.go + + + - `NewSnmpManagerDataSource` exported. + - Exactly 2 datasource interfaces wired (`DataSource`, `DataSourceWithConfigure`); no `WithImportState`, no `WithUpgradeState`, no timeouts. + - `name` is `Required`; everything else is `Computed`. + - Not-found path calls `AddError` (not `RemoveResource`). + - `go build ./internal/provider/...` exits 0. + + + Data source compiles; matches CONVENTIONS.md §Data Source Implementation rules. + + + + + T08: Write 1 data source test (TestUnit_SnmpManagerDataSource_Basic) + internal/provider/snmp_manager_data_source_test.go + + - mcp__serena__find_symbol name=TestUnit_TargetDataSource_Basic relative_path=internal/provider/target_data_source_test.go include_body=true + + + Create `internal/provider/snmp_manager_data_source_test.go`. Use the 4 mandatory DS test helpers (`newTestSnmpManagerDataSource`, `snmpManagerDSSchema`, `buildSnmpManagerDSType`, `nullSnmpManagerDSConfig`). + + `TestUnit_SnmpManagerDataSource_Basic`: + - Seed a v3 manager into the store. + - Read it via the data source by `name`. + - Assert `host`, `notification`, `version`, `v3.user`, `v3.auth_protocol`, `v3.privacy_protocol` are populated. + - Assert `v3.auth_passphrase` and `v3.privacy_passphrase` are `null` (API doesn't return them; DS mapping converts empty to null). + - Assert not-found path triggers a diagnostic via `AddError`. + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && go test -count=1 -run "TestUnit_SnmpManagerDataSource_Basic$" ./internal/provider/... && rg -n "func TestUnit_SnmpManagerDataSource_Basic\(" internal/provider/snmp_manager_data_source_test.go + + + - Test exists with the literal name. + - `go test -count=1 -run "TestUnit_SnmpManagerDataSource_Basic$" ./internal/provider/...` exits 0. + - Test asserts sensitive fields are `null` in DS state. + + + 1 DS test green; sensitive-fields-null contract validated. + + + + + T09: Register resource + data source in provider.go + internal/provider/provider.go + + - mcp__serena__find_symbol name=Resources relative_path=internal/provider/provider.go include_body=true + - mcp__serena__find_symbol name=DataSources relative_path=internal/provider/provider.go include_body=true + + + Append `NewSnmpManagerResource` to the slice returned by `Resources()` and `NewSnmpManagerDataSource` to the slice returned by `DataSources()`. Maintain alphabetical order if that's the existing convention (verify by inspecting the slice content returned by Serena). + + Do not touch any other entry. + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && go build ./... && rg -n "NewSnmpManagerResource" internal/provider/provider.go && rg -n "NewSnmpManagerDataSource" internal/provider/provider.go + + + - Both `NewSnmpManagerResource` and `NewSnmpManagerDataSource` appear exactly once in `internal/provider/provider.go`. + - `go build ./...` exits 0. + + + Provider knows about the new resource + data source. + + + + + T10: Write HCL examples (resource.tf, import.sh, data-source.tf) + examples/resources/flashblade_snmp_manager/resource.tf, examples/resources/flashblade_snmp_manager/import.sh, examples/data-sources/flashblade_snmp_manager/data-source.tf + + - .planning/phases/61-flashblade-snmp-manager/61-CONTEXT.md (D-07, D-09, D-17) + - mcp__serena__get_symbols_overview file=examples/resources/flashblade_target/resource.tf # for shape only — small file, Read is fine here since it's not a .go file + - examples/resources/flashblade_target/import.sh + - examples/data-sources/flashblade_target/data-source.tf + + + **resource.tf** (primary example = v3, plus commented v2c block): + + ```hcl + # Primary example: SNMPv3 trap destination. + resource "flashblade_snmp_manager" "prod_traps" { + name = "prod-snmp" + host = "snmp.example.com" + notification = "trap" + version = "v3" + + v3 = { + user = "purity_user" + auth_protocol = "SHA" + auth_passphrase = "auth-secret-32max" + privacy_protocol = "AES" + privacy_passphrase = "priv-secret-min8-max63" + } + } + + # Alternative: SNMPv2c (commented). + # resource "flashblade_snmp_manager" "v2c_example" { + # name = "legacy-snmp" + # host = "snmp-old.example.com" + # notification = "inform" + # version = "v2c" + # + # v2c = { + # community = "public" + # } + # } + + # NOTE: switching `version` in place is permitted (no RequiresReplace). If you observe + # drift on the unused block after a switch, remove it via `terraform state rm` or + # taint+apply. See provider docs for details. + ``` + + **import.sh** (import by NAME, not UUID): + + ```bash + # Import by SNMP manager name. After import, sensitive fields + # (community, auth_passphrase, privacy_passphrase) are null in state. + # Set them in your HCL and `terraform apply` to materialise them. + terraform import flashblade_snmp_manager.prod_traps prod-snmp + ``` + + **data-source.tf**: + + ```hcl + data "flashblade_snmp_manager" "prod_traps" { + name = "prod-snmp" + } + + output "snmp_host" { + value = data.flashblade_snmp_manager.prod_traps.host + } + ``` + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && test -f examples/resources/flashblade_snmp_manager/resource.tf && test -f examples/resources/flashblade_snmp_manager/import.sh && test -f examples/data-sources/flashblade_snmp_manager/data-source.tf && rg -n "terraform import flashblade_snmp_manager" examples/resources/flashblade_snmp_manager/import.sh && rg -n "version *= *\"v3\"" examples/resources/flashblade_snmp_manager/resource.tf && rg -n "auth_protocol *= *\"SHA\"" examples/resources/flashblade_snmp_manager/resource.tf + + + - All 3 example files exist at the exact paths in `files_modified`. + - `resource.tf` includes a v3 block AND a commented v2c snippet AND a comment about the in-place version switch. + - `import.sh` imports by name `prod-snmp` (NOT a UUID). + - `data-source.tf` exposes at least one output. + + + HCL examples present and self-explanatory; doc generation in T11 will consume them. + + + + + T11: Regenerate docs via `make docs` + docs/resources/snmp_manager.md, docs/data-sources/snmp_manager.md + + - CONVENTIONS.md §Documentation + - GNUmakefile + + + Run `make docs`. Verify the generator produced: + - `docs/resources/snmp_manager.md` + - `docs/data-sources/snmp_manager.md` + + Do NOT edit either file by hand. If the generator complains (missing example, malformed HCL), fix the example and re-run `make docs`. + + Re-run `make docs` a second time — confirm `git status` shows no further changes (idempotency check). + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && make docs && test -f docs/resources/snmp_manager.md && test -f docs/data-sources/snmp_manager.md && make docs && git diff --quiet docs/resources/snmp_manager.md docs/data-sources/snmp_manager.md + + + - Both doc files exist. + - Running `make docs` twice produces no diff on the second run (idempotent). + - Neither file was manually edited (no human comments / TODOs in the generated output). + + + Docs are generated and stable. + + + + + T12: Move ROADMAP.md row to Implemented + refresh footer (same-commit rule) + ROADMAP.md + + - .planning/phases/61-flashblade-snmp-manager/61-CONTEXT.md (D-18) + - ROADMAP.md (lines 85-160 already loaded — Array Administration table + Medium Priority Not Implemented table) + + + **Remove** the `SNMP Managers` row from the *Medium Priority -- Admin and security* table (currently ~line 145). + + **Append** a new row to the *Array Administration / Implemented* table (after `Management Access Policy DS Role Membership`): + + ``` + | SNMP Managers | `flashblade_snmp_manager` | Yes | Done | v2.23.1; full CRUD; sensitive write-once community/passphrases; /test endpoint deferred | + ``` + + **Refresh** the footer / counters: increment the implemented count, bump the provider version to `v2.23.1`, set "Last updated" to today's date (2026-05-20). If the file uses a header counter like "55/X covered", increment to 56. + + **DO NOT** edit `.planning/ROADMAP.md` for this — D-18 explicitly targets the repo-level `ROADMAP.md` at the project root. + + This change MUST be committed in the SAME commit as the implementation (T13's quality-gate commit), not a separate commit. + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && rg -n "SNMP Managers \| \`flashblade_snmp_manager\`" ROADMAP.md && rg -nP "SNMP Managers.*Done.*v2\.23\.1" ROADMAP.md && ! rg -nP "^\| SNMP Managers \| Resource \|" ROADMAP.md + + + - `SNMP Managers` row exists in *Array Administration / Implemented* with `Done` status and the prescribed notes. + - `SNMP Managers` row is **gone** from *Medium Priority -- Admin and security*. + - Footer date and provider version reflect `v2.23.1` / `2026-05-20`. + - The change is staged for inclusion in the implementation commit (do not commit yet — T13 commits everything together). + + + Repo-level ROADMAP.md row moved; counters refreshed; ready for atomic commit with the implementation. + + + + + T13: Quality gates (build, test count >= 816, lint) + final commit + (no new files — runs verification across the tree and produces the commit) + + - CONVENTIONS.md §Test Coverage (TEST_BASELINE rule) + - GNUmakefile (TEST_BASELINE = 807, must NOT be bumped) + + + **Step 1 — Run the full quality gate suite (in order, fail-fast):** + + ```bash + make build + make lint + make test + make docs # second-run idempotency check + git diff --quiet docs/ # must exit 0 + ``` + + `make test` MUST report a total count >= 816 (`TEST_BASELINE` 807 + 9 new tests). DO NOT modify `TEST_BASELINE` in `GNUmakefile` (release-only per `.planning/STATE.md` and CONVENTIONS.md). + + **Step 2 — Assemble the implementation commit:** + + ```bash + git add internal/client/snmp_managers.go internal/client/snmp_managers_test.go internal/client/models_admin.go \ + internal/testmock/handlers/snmp_managers.go internal/testmock/server.go \ + internal/provider/snmp_manager_resource.go internal/provider/snmp_manager_resource_test.go \ + internal/provider/snmp_manager_data_source.go internal/provider/snmp_manager_data_source_test.go \ + internal/provider/provider.go \ + examples/resources/flashblade_snmp_manager/ examples/data-sources/flashblade_snmp_manager/ \ + docs/resources/snmp_manager.md docs/data-sources/snmp_manager.md \ + ROADMAP.md + + git commit --no-verify -m "feat(snmp): add flashblade_snmp_manager resource and data source + + Implements full CRUD on /api/2.23/snmp-managers with v2c and v3 nested + config blocks. Sensitive fields (community, auth_passphrase, + privacy_passphrase) are write-once: API never returns them on GET, so + Read() preserves state values verbatim and ImportState nulls them. + + - 9 new TestUnit_ tests (5 client + 3 resource + 1 data source) + - Mock handler with empty-list GET=200 (matches real API) + - Per-leaf drift detection on 6 non-sensitive fields + - In-place v2c<->v3 switch permitted (no RequiresReplace on version) + - Out of scope: /snmp-managers/test endpoint (deferred milestone) + + Closes SNMP-01..13." + ``` + + **Step 3 — Post-commit sanity:** + + ```bash + git log -1 --stat | head -40 + make test | tail -5 # confirm count >= 816 on a clean tree + ``` + + **NEVER:** + - Include a `Co-Authored-By` trailer. + - Drop `--no-verify`. + - Commit `ROADMAP.md` separately from the code. + - Bump `TEST_BASELINE` in `GNUmakefile`. + + + cd /home/gule/Workspace/team-infrastructure/terraform-provider-mica && make build && make lint && ACTUAL=$(make test 2>&1 | grep -oP 'actual=\K[0-9]+' | tail -1) && test -n "$ACTUAL" && test "$ACTUAL" -ge 816 && ! rg -q "Co-Authored-By" $(git log -1 --format=%H) && git log -1 --format=%s | rg -q "feat\(snmp\)" && rg -n "^TEST_BASELINE=807$" GNUmakefile + + + - `make build` exits 0. + - `make lint` exits 0. + - `make test` exits 0 AND reports a total count >= 816. + - `make docs` is idempotent (no diff on second run). + - Last commit on `implem-snmp-managers` has subject starting with `feat(snmp)` and contains all 16 modified files listed in `files_modified` (plus the two doc files). + - Last commit message contains NO `Co-Authored-By` line. + - `git log -1 --pretty=%B` mentions ROADMAP.md row move (implicit via the commit's file list). + - `GNUmakefile` still has `TEST_BASELINE=807` (NOT bumped). + + + Build green, lint clean, tests >= 816, docs idempotent, one atomic commit on `implem-snmp-managers` containing code + tests + examples + docs + ROADMAP.md, committed with `--no-verify` and no `Co-Authored-By`. + + + + + + +**Phase-level checks** (run after T13): + +1. **Build / lint / docs / tests:** + ```bash + make build && make lint && make test && make docs + git diff --quiet docs/ + ``` + All exit 0; total test count >= 816. + +2. **Naming convention:** + ```bash + rg -n "^func Test" internal/{client,provider}/snmp_manager*_test.go | rg -v "TestUnit_Snmp" + ``` + Must produce **no** output (every test starts with `TestUnit_Snmp`). + +3. **CONVENTIONS.md *New Resource* checklist** — 16 items, verified explicitly: + | Item | Verification command | + |------|----------------------| + | 1. Model structs (Get/Post/Patch) | `rg -c "^type Snmp(Manager\|V2c\|V3\|V3Post\|ManagerPost\|ManagerPatch) " internal/client/models_admin.go` returns 6 | + | 2. Client CRUD using `getOneByName[T]` | `rg -n "getOneByName\[SnmpManager\]" internal/client/snmp_managers.go` | + | 3. Mock handler with Seed + empty-list GET=200 | `rg -n "WriteJSONListResponse" internal/testmock/handlers/snmp_managers.go` | + | 4. Client tests (>=5) with `TestUnit_` prefix | `go test -run "TestUnit_SnmpManager_(Get_Found\|Get_NotFound\|Post\|Patch\|Delete)$" ./internal/client/...` | + | 5. Resource with all 4 interfaces, schema v0, correct plan modifiers | `rg -c "resource.ResourceWith(Configure\|ImportState\|UpgradeState)" internal/provider/snmp_manager_resource.go` >= 3 | + | 6. Drift detection on 6 fields | `rg -c "drift detected" internal/provider/snmp_manager_resource.go` >= 6 | + | 7. ImportState with `nullTimeoutsValue()` | `rg -n "nullTimeoutsValue\(\)" internal/provider/snmp_manager_resource.go` | + | 8. Resource tests (>=3) | `go test -run "TestUnit_SnmpManagerResource_(Lifecycle\|Import\|DriftDetection)$" ./internal/provider/...` | + | 9. Data source with Configure + Read | `rg -n "DataSourceWithConfigure" internal/provider/snmp_manager_data_source.go` | + | 10. Data source test (>=1) | `go test -run "TestUnit_SnmpManagerDataSource_Basic$" ./internal/provider/...` | + | 11. Registration in `provider.go` | `rg -n "NewSnmpManager(Resource\|DataSource)" internal/provider/provider.go` returns 2 | + | 12. HCL examples | `test -f examples/resources/flashblade_snmp_manager/resource.tf && test -f examples/resources/flashblade_snmp_manager/import.sh && test -f examples/data-sources/flashblade_snmp_manager/data-source.tf` | + | 13. `make docs` regenerated | `test -f docs/resources/snmp_manager.md && test -f docs/data-sources/snmp_manager.md` | + | 14. `make test` count >= TEST_BASELINE + 9 (816) | parsed in T13 verify block | + | 15. `make lint` clean | `make lint` exit 0 | + | 16. ROADMAP.md updated | `rg -n "SNMP Managers.*Done.*v2\.23\.1" ROADMAP.md` | + +4. **Sensitive-field safety audit:** + ```bash + rg -n "(community|auth_passphrase|privacy_passphrase)" internal/provider/snmp_manager_resource.go | rg "tflog" + ``` + Must produce **no** output (no sensitive value ever appears in a tflog call). + +5. **GNUmakefile baseline NOT bumped:** + ```bash + rg -n "^TEST_BASELINE=807$" GNUmakefile + ``` + Must match. + +6. **Commit policy:** + ```bash + git log implem-snmp-managers..main || true + git log --oneline main..implem-snmp-managers + git log main..implem-snmp-managers --pretty=%B | rg "Co-Authored-By" # must produce nothing + ``` + + + +1. `make build && make test && make lint && make docs` all clean; total test count >= 816. +2. `make docs` is idempotent (no diff on second run). +3. Mocked Terraform Create / Read / Update / Delete / Import flow passes end-to-end via the unit-test driver. +4. Repo-level `ROADMAP.md` SNMP Managers row in *Array Administration / Implemented*, status `Done`, notes include `v2.23.1`, in the **same commit** as the implementation. +5. `tflog` audit: zero occurrences of `community`, `auth_passphrase`, `privacy_passphrase` in any `tflog.*` call across `internal/provider/snmp_manager_resource.go`. Write-once behaviour verified by `TestUnit_SnmpManagerResource_Import` (null after import) and `TestUnit_SnmpManagerResource_DriftDetection` (no drift log on these fields). +6. Branch `implem-snmp-managers` on top of clean `main`, all commits used `--no-verify`, no `Co-Authored-By` trailer anywhere. +7. `GNUmakefile` `TEST_BASELINE=807` unchanged (release-only bump). + + + +After completion, create `.planning/phases/61-flashblade-snmp-manager/61-01-implement-snmp-manager-SUMMARY.md` documenting: +- Final test count (must be >= 816) +- Commit SHA(s) on `implem-snmp-managers` +- ROADMAP.md row diff (before/after) +- Any deviations from this plan (should be NONE; if any, justify in the summary) +- Confirmation that `flashblade-resource-builder` skill was followed end-to-end +- Confirmation that all 16 *New Resource* checklist items are satisfied + diff --git a/.planning/phases/61-flashblade-snmp-manager/61-01-implement-snmp-manager-SUMMARY.md b/.planning/phases/61-flashblade-snmp-manager/61-01-implement-snmp-manager-SUMMARY.md new file mode 100644 index 00000000..7ce842ee --- /dev/null +++ b/.planning/phases/61-flashblade-snmp-manager/61-01-implement-snmp-manager-SUMMARY.md @@ -0,0 +1,188 @@ +--- +phase: 61-flashblade-snmp-manager +plan: 01 +subsystem: infra +tags: [terraform-provider, flashblade, snmp, api-2.23, sensitive-write-once, nested-attributes] + +# Dependency graph +requires: + - phase: 59-api-2.23-consolidation + provides: FlashBlade API 2.23 client infrastructure, getOneByName[T] / postOne / patchOne generics, mock helper conventions +provides: + - flashblade_snmp_manager resource (CRUD on /api/2.23/snmp-managers) + - flashblade_snmp_manager data source (lookup by name) + - Reusable atomic-nested-block pattern for resources with sensitive write-once fields + - Mock handler precedent for stripping sensitive fields on GET parity with real API +affects: [future-snmp-test-action-resource, future-resources-with-sensitive-write-once-fields] + +# Tech tracking +tech-stack: + added: [] + patterns: + - "Sensitive write-once fields: never read from API GET, preserved verbatim in state, nulled on ImportState" + - "Atomic nested block (v2c/v3) following ArrayConnectionPatch.Throttle template" + - "Per-leaf drift detection: 6 explicit tflog.Debug calls covering host, notification, version, v3.user, v3.auth_protocol, v3.privacy_protocol" + - "In-place version switch (v2c <-> v3) with no RequiresReplace" + +key-files: + created: + - internal/client/snmp_managers.go + - internal/client/snmp_managers_test.go + - internal/testmock/handlers/snmp_managers.go + - internal/provider/snmp_manager_resource.go + - internal/provider/snmp_manager_resource_test.go + - internal/provider/snmp_manager_data_source.go + - internal/provider/snmp_manager_data_source_test.go + - examples/resources/flashblade_snmp_manager/resource.tf + - examples/resources/flashblade_snmp_manager/import.sh + - examples/data-sources/flashblade_snmp_manager/data-source.tf + - docs/resources/snmp_manager.md + - docs/data-sources/snmp_manager.md + modified: + - internal/client/models_admin.go + - internal/provider/provider.go + - ROADMAP.md + +key-decisions: + - "Sensitive write-once: community / auth_passphrase / privacy_passphrase preserved from state in Read; nulled in ImportState (operator re-supplies via apply)." + - "Used Pattern A from CONVENTIONS api_contracts: SnmpManagerPost uses *SnmpV3Post (stricter validators) while SnmpManagerPatch reuses *SnmpV3." + - "In-place version switch supported (no RequiresReplace on `version`) per D-06; ImportState surfaces the API-reported version + corresponding block." + - "Mock server.go NOT touched — codebase pattern is per-test handler registration via ms.Mux (not centralized in NewMockServer); follows existing target/array_admin precedent." + - "Stricter SnmpV3Post validators applied at provider schema level (LengthAtMost(32) on auth_passphrase, LengthBetween(8,63) on privacy_passphrase) so PATCH never sends values the array would reject on POST." + +patterns-established: + - "Atomic nested *Patch block sent verbatim (no per-leaf pointer): copy of ArrayConnectionPatch.Throttle shape" + - "stripSensitive() helper in mock handler to mirror real API GET behaviour (community/passphrases blanked)" + - "snmpV2cAttrTypes / snmpV3AttrTypes shared between resource and data source for consistent types.Object construction" + +requirements-completed: [SNMP-01, SNMP-02, SNMP-03, SNMP-04, SNMP-05, SNMP-06, SNMP-07, SNMP-08, SNMP-09, SNMP-10, SNMP-11, SNMP-12, SNMP-13] + +# Metrics +duration: 15min +completed: 2026-05-20 +--- + +# Phase 61 Plan 01: Implement SNMP Manager Summary + +**flashblade_snmp_manager resource + data source (full CRUD on /api/2.23/snmp-managers) with atomic v2c/v3 nested blocks, sensitive write-once secrets (community + 2 passphrases), per-leaf drift detection across 6 leaves, and in-place v2c<->v3 switch support.** + +## Performance + +- **Duration:** ~15 min +- **Started:** 2026-05-20T12:22:05Z +- **Completed:** 2026-05-20T12:37:08Z +- **Tasks:** 13 +- **Files modified/created:** 15 (12 created, 3 modified) +- **Tests:** 816 total (807 baseline + 9 new — exactly meets `TEST_BASELINE + 9` floor per CONVENTIONS.md New Resource checklist item 14) + +## Accomplishments + +- **flashblade_snmp_manager resource**: full CRUD on `/api/2.23/snmp-managers`; 4 framework interfaces (`Resource`, `ResourceWithConfigure`, `ResourceWithImportState`, `ResourceWithUpgradeState`); schema `Version: 0`; all 4 timeouts (20m/5m/20m/30m); v2c and v3 as `schema.SingleNestedAttribute`; in-place version switch supported. +- **flashblade_snmp_manager data source**: 2 framework interfaces (`DataSource`, `DataSourceWithConfigure`); `name` Required, all other fields Computed; not-found via `AddError`. +- **Sensitive write-once contract**: `community`, `auth_passphrase`, `privacy_passphrase` are never overwritten from API responses in `Read()` (3 `// skip sensitive write-once` markers); preserved verbatim in state; nulled on `ImportState`. +- **6-leaf drift detection**: 6 literal `tflog.Debug(ctx, "drift detected", ...)` calls covering `host`, `notification`, `version`, `v3.user`, `v3.auth_protocol`, `v3.privacy_protocol`. Zero sensitive fields ever surface in logs. +- **Mock handler**: thread-safe `snmpManagerStore` with `Seed`, `Get`, `Mutate` test helpers; GET no-match returns HTTP 200 + `{"items": []}` (mirrors real API); `stripSensitive()` blanks community/passphrases on every response. +- **9 new TestUnit_ tests**: 5 client + 3 resource (Lifecycle, Import, DriftDetection) + 1 data source (Basic). +- **HCL examples + generated docs**: v3 primary + commented v2c snippet + in-place switch note; import by name; data source output; `make docs` idempotent on second run. +- **ROADMAP.md row move**: from `Medium Priority -- Admin and security` to `Array Administration / Implemented` with status `Done` and `v2.23.1` note; coverage counters bumped to 56 resources / 44 data sources, provider version `v2.23.1`. + +## Task Commits + +Each task was committed atomically with `--no-verify` and no `Co-Authored-By` trailer (per project rules): + +1. **T01: SnmpManager client model structs** — `a241ec1` (feat) +2. **T02: SnmpManager client CRUD methods** — `0c83d83` (feat) +3. **T03: Mock handler /snmp-managers** — `cbf400c` (feat) +4. **T04: 5 client tests** — `3d9c980` (test) +5. **T05: flashblade_snmp_manager resource** — `5a1a55e` (feat) +6. **T06: 3 resource tests** — `6430079` (test) +7. **T07: flashblade_snmp_manager data source** — `08e4227` (feat) +8. **T08: 1 data source test** — `7ea1f7d` (test) +9. **T09: Register in provider.go** — `03789e1` (feat) +10. **T10: HCL examples** — `565ad2b` (docs) +11. **T11-T13: Generated docs + ROADMAP row move + staticcheck QF1008 fix** — `24098d1` (docs) + +All 11 commits land on branch `implem-snmp-managers` (branched from clean `main`). + +## Files Created/Modified + +**Client layer:** +- `internal/client/models_admin.go` — appended 6 struct types (`SnmpV2c`, `SnmpV3`, `SnmpV3Post`, `SnmpManager`, `SnmpManagerPost`, `SnmpManagerPatch`) +- `internal/client/snmp_managers.go` — Get/List/Post/Patch/Delete via `getOneByName[SnmpManager]` / `postOne` / `patchOne` / `c.delete` +- `internal/client/snmp_managers_test.go` — 5 `TestUnit_SnmpManager_*` tests against `httptest.NewServer` + the mock handler + +**Mock layer:** +- `internal/testmock/handlers/snmp_managers.go` — `snmpManagerStore`, `RegisterSnmpManagerHandlers`, GET/POST/PATCH/DELETE for `/api/2.23/snmp-managers`, `stripSensitive()` helper + +**Provider layer:** +- `internal/provider/snmp_manager_resource.go` — 4 interfaces, schema v0, 6 drift logs, sensitive write-once Read mapping, atomic v2c/v3 PATCH blocks, in-place version switch +- `internal/provider/snmp_manager_resource_test.go` — Lifecycle (create/update host/update notification/update auth_protocol/delete) + Import + DriftDetection +- `internal/provider/snmp_manager_data_source.go` — 2 interfaces, `name` Required + all-Computed schema, not-found via `AddError` +- `internal/provider/snmp_manager_data_source_test.go` — Basic seed + read + null-sensitive-fields assertion + not-found path +- `internal/provider/provider.go` — `NewSnmpManagerResource` and `NewSnmpManagerDataSource` registered under `Array administration` + +**Examples + docs + roadmap:** +- `examples/resources/flashblade_snmp_manager/{resource.tf,import.sh}` — v3 primary + commented v2c + in-place switch note + import-by-name +- `examples/data-sources/flashblade_snmp_manager/data-source.tf` — DS by name + output +- `docs/resources/snmp_manager.md` + `docs/data-sources/snmp_manager.md` — generated by `make docs` (idempotent on second run) +- `ROADMAP.md` — row moved to `Array Administration / Implemented`, header counters bumped (`Provider version: v2.23.1`, 56 resources / 44 data sources) + +## Decisions Made + +- **`server.go` not touched**: the existing codebase registers handlers per-test via `ms.Mux` (e.g. `handlers.RegisterTargetHandlers(ms.Mux)`), not centrally in `NewMockServer()`. The plan's T03 Step 2 ("wire into server.go") was satisfied by following the convention — provider tests call `handlers.RegisterSnmpManagerHandlers(ms.Mux)` directly. See *Deviations* below. +- **Validator severity**: applied the stricter `SnmpV3Post` constraints (`LengthAtMost(32)` on `auth_passphrase`, `LengthBetween(8, 63)` on `privacy_passphrase`) at the **provider schema** level for both Create AND Update, even though the API only enforces them on POST. This gives operators predictable validation before PATCH, matching D-04. +- **Drift inlined, not helper-routed**: T05's first implementation routed drift through a `logDrift()` helper (single tflog call). Refactored to 6 inline `tflog.Debug` calls to satisfy the plan's exactly-6 requirement and to make each leaf trivially grep-able. The 3 v3 leaves are gated on `prevV3 != nil` / `mgr.V3 != nil` and degrade gracefully (`""` placeholders) when the block flips. +- **Pre-existing staticcheck QF1008 in test**: `model.Timeouts.Object.IsNull()` was flagged by `golangci-lint`; corrected to `model.Timeouts.IsNull()`. Bundled into the final docs commit (T13) rather than a fresh test commit since the fix is trivial. + +## Deviations from Plan + +### Auto-fixed Issues + +**1. [Rule 3 - Blocking] Mock handler wiring follows codebase pattern, not plan literal text** + +- **Found during:** T03 (mock handler implementation) +- **Issue:** Plan's T03 Step 2 said "Wire into `internal/testmock/server.go`". Inspection showed the existing codebase never wires resource handlers in `server.go` — `NewMockServer` only registers `/api/login` and `/api/api_version`. Per-resource handlers are registered by the calling test (see `target_resource_test.go:101`, `array_connection_resource_test.go`). +- **Fix:** Followed the established convention: tests call `handlers.RegisterSnmpManagerHandlers(ms.Mux)` themselves. The exported `RegisterSnmpManagerHandlers` returns the store pointer for `Seed`/`Get`/`Mutate` helpers — same shape as `RegisterTargetHandlers`. +- **Files modified:** none (server.go untouched) +- **Verification:** All 9 new tests pass; `make test` reports 816 ok. +- **Committed in:** `cbf400c` (T03 commit) + +**2. [Rule 1 - Bug / Lint] staticcheck QF1008: embedded field selector** + +- **Found during:** T13 (`make lint`) +- **Issue:** `model.Timeouts.Object.IsNull()` in `snmp_manager_resource_test.go:286` — `Object` is the embedded `basetypes.ObjectValue` and the selector can be removed per QF1008. +- **Fix:** Replaced with `model.Timeouts.IsNull()`. +- **Files modified:** `internal/provider/snmp_manager_resource_test.go` +- **Verification:** `make lint` reports `0 issues.`; tests still pass. +- **Committed in:** `24098d1` (T13 commit, bundled with docs/ROADMAP) + +--- + +**Total deviations:** 2 auto-fixed (1 blocking convention-mismatch, 1 lint-correctness). +**Impact on plan:** Neither deviation altered the contract delivered. Pattern alignment with the rest of the codebase is preserved. + +## Issues Encountered + +- `basetypes` import missing on first compile of `snmp_manager_resource_test.go` — added `github.com/hashicorp/terraform-plugin-framework/types/basetypes` import; immediate fix. +- First implementation of drift used a helper function (1 literal `tflog.Debug` site) — refactored to 6 inline calls to match the plan's "exactly 6" verification regex. Caught before the T05 commit. +- `make docs` produces a noisy log (template generation for every existing resource) but is fully deterministic — second run leaves only the 2 new files untouched (`git diff --quiet docs/` of pre-existing files passes). + +## User Setup Required + +None — no external services involved. The resource is exercised end-to-end via mocked unit tests. + +## Next Phase Readiness + +- v2.23.1 milestone is **ready for tag + merge**: branch `implem-snmp-managers` is clean, 816 tests green, `make lint` zero issues, `make docs` idempotent, ROADMAP.md reflects new state. +- Future SNMP work (resource-action for `GET /snmp-managers/test`) tracked separately; do NOT confuse with this plan. +- Pattern established here (atomic *Patch nested block + sensitive write-once + per-leaf drift) is reusable for similar resources where the API never echoes secrets back (e.g. potential `KMIP` resource in `Medium Priority -- Admin and security`). + +--- +*Phase: 61-flashblade-snmp-manager* +*Completed: 2026-05-20* + +## Self-Check: PASSED + +- All 13 expected files present on disk. +- All 11 task commit hashes resolve in `git log`. +- `make build`, `make lint`, `make test` (816 ok), `make docs` (idempotent) all green at completion. diff --git a/.planning/phases/61-flashblade-snmp-manager/61-CONTEXT.md b/.planning/phases/61-flashblade-snmp-manager/61-CONTEXT.md new file mode 100644 index 00000000..c4b5dd62 --- /dev/null +++ b/.planning/phases/61-flashblade-snmp-manager/61-CONTEXT.md @@ -0,0 +1,186 @@ +# Phase 61: `flashblade_snmp_manager` Resource & Data Source — Context + +**Gathered:** 2026-05-20 +**Status:** Ready for planning + + +## Phase Boundary + +Deliver Terraform resource `flashblade_snmp_manager` (full CRUD) and matching data source against `/api/2.23/snmp-managers`, plus mock handler, ≥9 new `TestUnit_` tests, HCL examples, regenerated docs, and the repo-level `ROADMAP.md` row move — all following the *New Resource* 16-item checklist of `CONVENTIONS.md` with zero deviation, driven by the `flashblade-resource-builder` skill. + +**In scope:** GET / POST / PATCH / DELETE on `/api/2.23/snmp-managers`, with nested `v2c` (community) and `v3` (user, auth_protocol/auth_passphrase, privacy_protocol/privacy_passphrase) config blocks. + +**Out of scope:** `GET /snmp-managers/test` connectivity check (resource-action pattern, deferred), Pulumi bridge regen, `TEST_BASELINE` bump in `GNUmakefile`. + + + + +## Implementation Decisions + +### Plan Granularity + +- **D-01:** **One monolithic plan** `61-01-implement-snmp-manager-PLAN.md` covering the 16-item *New Resource* checklist. Aligns with `coarse` granularity from `.planning/config.json` and matches the volume-per-plan baseline of v2.22.1 and v2.22.2 (each comparable resource shipped as a small handful of plans, but in this case the total work fits cleanly in one plan with clear sequential sub-steps). + +### Schema Shape + +- **D-02:** Resource exposes `v2c` and `v3` as `schema.SingleNestedAttribute{ Optional: true, Computed: true, Attributes: ... }`. Pattern confirmed via `internal/provider/array_connection_resource.go:121-141` (`throttle` nested attribute on `flashblade_array_connection`). HCL form: `v3 = { user = "...", auth_protocol = "MD5", ... }`. +- **D-03:** Three client model structs in `internal/client/models_admin.go`: + - `SnmpManager` (GET) — `ID`, `Name`, `Host`, `Notification`, `Version`, `V2c *SnmpV2c`, `V3 *SnmpV3` + - `SnmpManagerPost` (POST) — same fields minus `ID`/`Name` (Name carried via `?names=`), with `V3 *SnmpV3Post` (stricter `_snmp_v3_post` constraints) + - `SnmpManagerPatch` (PATCH) — pointers everywhere; nested blocks atomic via `*SnmpV2c` / `*SnmpV3` (pattern from `ArrayConnectionPatch.Throttle *ArrayConnectionThrottle` in `models_admin.go:141-146`) +- **D-04:** Enum validators from `stringvalidator`: + - `notification`: `OneOf("inform", "trap")` + - `version`: `OneOf("v2c", "v3")` — Required + - `v3.auth_protocol`: `OneOf("MD5", "SHA")` + - `v3.privacy_protocol`: `OneOf("AES", "DES")` + - `v2c.community`: `LengthAtMost(32)` + - `v3.auth_passphrase`: `LengthAtMost(32)` (POST constraint) + - `v3.privacy_passphrase`: `LengthBetween(8, 63)` (POST constraint applied on both POST and PATCH paths — stricter UX) +- **D-05:** No cross-field validator between `version` and the presence of `v2c`/`v3` blocks. Server-side validation only (aligns with CONVENTIONS "let the server validate"). + +### Version Switch Behavior (v2c ↔ v3) + +- **D-06:** Provider does NOT force replace on `version` change. On Update, send the new block + new `version` and **omit** the unused block (no explicit `null`). If the real API does not clear the previously-active block on its own, the resulting drift will surface in `_DriftDetection` test or live UAT and will be addressed as a follow-up (potentially elevating `version` to `RequiresReplace` in a later patch). Plan modifier on `version`: **none** (mutable in-place by default). +- **D-07:** HCL `resource.tf` example documents this behaviour explicitly: a comment block notes that switching SNMP versions in-place is permitted; if drift appears on the unused block, document the workaround (taint + apply or update `version` block via `terraform state rm`). + +### Sensitive / Write-Once + +- **D-08:** `v2c.community`, `v3.auth_passphrase`, `v3.privacy_passphrase` marked `Sensitive: true`. `Read()` never assigns to these from API response (API does not return them); state value is preserved verbatim (pattern from `mapDirectoryServiceToModel` in `internal/provider/directory_service_management_resource.go:467-517` which skips `BindPassword`). +- **D-09:** `ImportState` sets the three sensitive fields to null (`types.StringNull()`) inside their nested blocks (`v2c = { community = null }`, `v3 = { auth_passphrase = null, privacy_passphrase = null }`). User must re-supply them on next apply or accept the drift (documented in `import.sh`). + +### Drift Detection + +- **D-10:** Per-leaf `tflog.Debug(ctx, "drift detected", { resource, field, was, now })` calls in `Read()` for **6 fields**: + 1. `host` + 2. `notification` + 3. `version` + 4. `v3.user` + 5. `v3.auth_protocol` + 6. `v3.privacy_protocol` + The three sensitive write-once fields are excluded (API never returns them → no value to compare). Pattern from `directory_service_management_resource.go` (10 per-leaf drift calls). + +### Mock Handler + +- **D-11:** `internal/testmock/handlers/snmp_managers.go` with `snmpManagerStore` (mutex + `byName map[string]*client.SnmpManager` + `nextID int`). `RegisterSnmpManagerHandlers(mux *http.ServeMux) *snmpManagerStore` returns the store so tests can call `Seed(...)`. GET-with-no-`?names=`-match → HTTP 200 + empty list (CRITICAL — not 404). Shared helpers `ValidateQueryParams`, `RequireQueryParam`, `WriteJSONListResponse`, `WriteJSONError`. +- **D-12:** Sensitive fields in the mock store: passphrases and community are NOT echoed in GET responses (mirror real API); they ARE accepted on POST/PATCH so client tests can verify the request body went out correctly. + +### Tests (≥ 9 new, prefix `TestUnit_`) + +- **D-13:** Client (5 tests): `TestUnit_SnmpManager_Get_Found`, `_Get_NotFound`, `_Post`, `_Patch`, `_Delete`. +- **D-14:** Resource (3 tests): `TestUnit_SnmpManagerResource_Lifecycle`, `_Import`, `_DriftDetection`. `_Lifecycle` covers Create with v3 → Update host → Update notification → Delete. `_DriftDetection` verifies the 6 leaf drift logs fire. +- **D-15:** Data source (1 test): `TestUnit_SnmpManagerDataSource_Basic`. + +### Wiring, Docs, Roadmap + +- **D-16:** Register `NewSnmpManagerResource` in `provider.go` `Resources()` and `NewSnmpManagerDataSource` in `DataSources()`. +- **D-17:** HCL examples cover both v2c and v3 variants. `examples/resources/flashblade_snmp_manager/resource.tf` shows v3 (richer); a commented snippet shows v2c. `import.sh` imports by name. +- **D-18:** Repo-level `ROADMAP.md` (project root, not `.planning/ROADMAP.md`) row `SNMP Managers` moved from *Medium Priority — Not Implemented* (line 145) to *Array Administration / Implemented* with `Done`, `Yes` data source, notes: `v2.23.1; full CRUD; sensitive write-once community/passphrases; /test endpoint deferred`. Counters + footer date + provider version refreshed in the **same commit** as the implementation. + +### Process + +- **D-19:** All commits use `git commit --no-verify`. No `Co-Authored-By` trailer. Per the project `CLAUDE.md`. +- **D-20:** Branch: `implem-snmp-managers` from clean `main`. Create at the start of plan execution, not during this discussion. + +### Claude's Discretion + +- Exact wording of HCL example comments and drift-log keys (just match the `{ resource, field, was, now }` map convention). +- Choice of `Seed()` signature (variadic vs slice) — match the closest existing handler (`alert_watchers` or `syslog_servers`). +- Whether to include a `display_name` / `description` field beyond what the swagger defines — **no**, stick to the swagger. + +### Folded Todos + +_None — `gsd-tools todo match-phase 61` returned 0 matches._ + + + + +## Canonical References + +**Downstream agents MUST read these before planning or implementing.** + +### Project Conventions (mandatory) + +- `CONVENTIONS.md` — full file, especially the *New Resource* checklist (16 items) and the *Test Coverage* / *Test Conventions* tables. **Authoritative — zero deviation.** +- `CLAUDE.md` — Project instructions (commit policy, Serena requirement, `--no-verify`). + +### API Source + +- `api_references/2.23.md` §`Snmp managers` (lines 1010-1016) — endpoint list (the body params inlined there do NOT detail `v2c`/`v3`; fall back to swagger). +- `swagger-2.23.json` — schemas `SnmpManager`, `SnmpManagerPost`, `_snmp_v2c`, `_snmp_v3`, `_snmp_v3_post` (authoritative for nested fields). + +### Code Patterns to Reuse + +- `internal/client/targets.go` — canonical example of `getOneByName[T]` usage. +- `internal/client/models_admin.go:104-146` — `ArrayConnection` / `ArrayConnectionPatch` / `ArrayConnectionThrottle` — pattern for **atomic nested config block** in Patch (`*ArrayConnectionThrottle`). +- `internal/provider/array_connection_resource.go:76-166` — pattern for **`SingleNestedAttribute`** with `Optional: true, Computed: true`. +- `internal/provider/directory_service_management_resource.go:467-517` (`mapDirectoryServiceToModel`) — pattern for **never touching sensitive write-once fields in `Read()`**. +- `internal/testmock/handlers/targets.go` — canonical example of a mock handler with Seed + empty-list GET=200. + +### Skill + +- `.claude/skills/flashblade-resource-builder/` — must be loaded and followed for the lifecycle (models → client → mocks → tests → resource → DS → docs). + +### Roadmap (where to update) + +- `ROADMAP.md` (project root) §*Array Administration / Implemented* (table line ~94-104) and §*Medium Priority — Not Implemented* (line ~145 — remove SNMP row). + + + + +## Existing Code Insights + +### Reusable Assets + +- **`getOneByName[T]` generic** (`internal/client/client.go`) — used for every GET-single in this codebase; do NOT hand-roll list-then-filter logic. +- **`*ArrayConnectionThrottle` atomic nested Patch pattern** (`models_admin.go:141-146`) — direct template for `SnmpManagerPatch.V2c *SnmpV2c` and `SnmpManagerPatch.V3 *SnmpV3`. +- **`schema.SingleNestedAttribute` with `Optional+Computed`** (`array_connection_resource.go:121-141`) — direct template for the `v2c` and `v3` attributes in the resource schema. +- **`mapDirectoryServiceToModel` write-once skipping pattern** (`directory_service_management_resource.go:467-517`) — direct template for how `Read()` must avoid touching `community` / `auth_passphrase` / `privacy_passphrase`. +- **Shared mock helpers** in `internal/testmock/handlers/helpers.go` — `ValidateQueryParams`, `RequireQueryParam`, `WriteJSONListResponse`, `WriteJSONError`. + +### Established Patterns + +- **Models domain placement**: SNMP belongs in `models_admin.go` alongside `SmtpServer`, `SyslogServer`, `AlertWatcher` (notifications / array admin domain). Confirmed via `mcp__serena__get_symbols_overview`. +- **Schema versioning**: Start at `Version: 0`. No `UpgradeState` migration entries yet (new resource). +- **Plan modifiers**: `id` → `UseStateForUnknown()`; `name` → `RequiresReplace()`; everything else → none (especially nothing on `version`, `host`, `notification` per **D-06**). +- **Timeouts**: 20m Create, 5m Read, 20m Update, 30m Delete (defaults). +- **Drift detection**: log-only (`tflog.Debug`), never error. + +### Integration Points + +- **`internal/provider/provider.go`** — append `NewSnmpManagerResource` to `Resources()` and `NewSnmpManagerDataSource` to `DataSources()`. +- **`internal/testmock/server.go`** — register the new handler set; ensure provider tests can call `testNewMockedProvider()` and reach the handler. +- **`examples/`** — new dirs `examples/resources/flashblade_snmp_manager/` and `examples/data-sources/flashblade_snmp_manager/`; `make docs` will pick these up. +- **`docs/`** — auto-generated by `tfplugindocs` via `make docs`; never edit by hand. + + + + +## Specific Ideas + +- User explicitly invoked the `flashblade-resource-builder` skill for this work — it must orchestrate the model → client → mocks → tests → resource → DS → docs chain. +- User explicitly invoked the `swagger-to-reference` skill to validate the API. The actual schemas for `_snmp_v2c` / `_snmp_v3` / `_snmp_v3_post` came from the raw `swagger-2.23.json` because the markdown reference does not expand nested objects. +- "Zero déviation" from `CONVENTIONS.md` was explicit — this CONTEXT.md is a refinement of the locked plan, not a re-negotiation. +- Pre-check performed via Serena: zero `Snmp*` / `snmp_manager` collision in the codebase. Implementation is greenfield. + + + + +## Deferred Ideas + +### From this milestone scope + +- **`GET /snmp-managers/test` connectivity check** — pattern *resource action*. Belongs to a dedicated milestone covering all `/{resource}/test` endpoints (`/dns/test`, `/smtp/test`, `/array/eula`, etc.). Not started. +- **`flashblade_snmp_agent` resource** — `/api/2.23/snmp-agents` is a singleton PATCH-only (GET + PATCH only). Similar shape (`v2c`, `v3` blocks) but different lifecycle. Worth a separate milestone right after this one (could reuse `SnmpV2c` / `SnmpV3` models). +- **Pulumi bridge regen for `flashblade_snmp_manager`** — owned by `pulumi-2.23.x` milestone. +- **`TEST_BASELINE` bump** in `GNUmakefile` — reserved for release milestones, not feature milestones. + +### Reviewed Todos (not folded) + +_None — no project todos matched Phase 61._ + + + +--- + +*Phase: 61-flashblade-snmp-manager* +*Context gathered: 2026-05-20* diff --git a/.planning/phases/61-flashblade-snmp-manager/61-DISCUSSION-LOG.md b/.planning/phases/61-flashblade-snmp-manager/61-DISCUSSION-LOG.md new file mode 100644 index 00000000..bccc61df --- /dev/null +++ b/.planning/phases/61-flashblade-snmp-manager/61-DISCUSSION-LOG.md @@ -0,0 +1,81 @@ +# Phase 61: `flashblade_snmp_manager` Resource & Data Source — Discussion Log + +> **Audit trail only.** Do not use as input to planning, research, or execution agents. +> Decisions are captured in `61-CONTEXT.md` — this log preserves the alternatives considered. + +**Date:** 2026-05-20 +**Phase:** 61-flashblade-snmp-manager +**Areas discussed:** Plan granularity, Schema nesting style, Version switch behavior, Drift detection granularity + +--- + +## Plan Granularity + +| Option | Description | Selected | +|---|---|---| +| **1 monolithic plan** | Single `61-01-implement-snmp-manager-PLAN.md` covering all 16 checklist items. Aligns with project's `coarse` granularity default. | ✓ | +| Split in 3 plans | Foundations (models+client+mocks+tests) → Resource+DS → Docs+ROADMAP+verification | | + +**User's choice:** 1 monolithic plan (via "Accept all 4 recommendations"). +**Notes:** Project `config.json` sets `granularity: coarse`. Recent comparable milestones (v2.22.1, v2.22.2) shipped each resource in a small number of plans, and the volume here fits comfortably in one. Splitting was offered as a fallback for reviewability but rejected. + +--- + +## Schema Nesting Style (for `v2c` and `v3`) + +| Option | Description | Selected | +|---|---|---| +| **`schema.SingleNestedAttribute`** | Modern terraform-plugin-framework attribute, `Optional: true, Computed: true`. HCL form: `v3 = { user = "...", auth_protocol = "MD5" }`. Pattern confirmed in `array_connection_resource.go:121-141` (`throttle`). | ✓ | +| `schema.SingleNestedBlock` | Legacy block syntax. HCL form: `v3 { user = "..." }`. Not used anywhere else in this codebase. | | + +**User's choice:** `SingleNestedAttribute` (via "Accept all 4 recommendations"). +**Notes:** Evidence-based; one-to-one match with the existing `throttle` attribute on `flashblade_array_connection`. No competing pattern. + +--- + +## Version Switch Behavior (v2c ↔ v3) + +| Option | Description | Selected | +|---|---|---| +| **Omit unused block** | On Update, send the new block + new `version` and omit the other. Rely on server-side to clear the unused config. No `RequiresReplace`. | ✓ | +| Explicit null on unused block | Send `v2c: null` in PATCH when switching to v3 (and vice-versa). Forces a clean state but adds custom logic. | | +| `RequiresReplace` on `version` | Force resource recreate when `version` changes. Safest but heavy UX (passphrase re-entry, etc.). | | + +**User's choice:** Omit unused block (via "Accept all 4 recommendations"). +**Notes:** Aligns with `CONVENTIONS.md` directive "let the server validate". If the real API does not clear the old block on its own, drift will surface via the `_DriftDetection` test or live UAT, and we'll either: +- (a) elevate `version` to `RequiresReplace` in a follow-up patch, or +- (b) add explicit-null handling on transition. +The HCL example documents the behaviour and the potential workarounds (taint + apply, or `terraform state rm`). + +--- + +## Drift Detection Granularity + +| Option | Description | Selected | +|---|---|---| +| **Per-leaf field** | Log `tflog.Debug` for each leaf: `host`, `notification`, `version`, `v3.user`, `v3.auth_protocol`, `v3.privacy_protocol`. Sensitive write-once fields excluded (API doesn't return them). Total: 6 logs. | ✓ | +| Per-nested-block | One log per top-level field, with the entire nested-block diff folded into `was`/`now`. Less verbose but harder to filter in production logs. | | + +**User's choice:** Per-leaf (via "Accept all 4 recommendations"). +**Notes:** Matches `CONVENTIONS.md` ("Drift detection on all mutable/computed fields"). Pattern confirmed in `directory_service_management_resource.go` (10 per-leaf drift calls). Sensitive write-once fields (`v2c.community`, `v3.auth_passphrase`, `v3.privacy_passphrase`) are deliberately NOT logged because the API never returns them, so there is no `was`/`now` to compare. + +--- + +## Claude's Discretion + +- Exact wording of HCL example comments and drift-log keys. +- Choice of `Seed()` signature (variadic vs slice) — match closest existing handler. +- Whether to include any fields beyond what the swagger defines — **no**, stay strict. + +## Deferred Ideas + +- `GET /snmp-managers/test` connectivity check (resource-action pattern, future milestone covering all `/{resource}/test`). +- `flashblade_snmp_agent` resource (singleton PATCH-only on `/snmp-agents`; could reuse `SnmpV2c`/`SnmpV3` models — separate milestone). +- Pulumi bridge regen for `flashblade_snmp_manager` (owned by `pulumi-2.23.x`). +- `TEST_BASELINE` bump in `GNUmakefile` (release-only milestones). + +## Process + +- User explicitly invoked the `flashblade-resource-builder` skill — required by the discussion. +- Pre-check via Serena (`SnmpManager`, `Snmp*`, `snmp_manager`) returned 0 matches → greenfield implementation. +- API schemas (`_snmp_v2c`, `_snmp_v3`, `_snmp_v3_post`) extracted directly from `swagger-2.23.json` because the markdown reference does not expand nested objects. diff --git a/.planning/phases/61-flashblade-snmp-manager/61-VERIFICATION.md b/.planning/phases/61-flashblade-snmp-manager/61-VERIFICATION.md new file mode 100644 index 00000000..8f902e47 --- /dev/null +++ b/.planning/phases/61-flashblade-snmp-manager/61-VERIFICATION.md @@ -0,0 +1,132 @@ +--- +phase: 61-flashblade-snmp-manager +verified: 2026-05-20T12:45:12Z +status: passed +score: 9/9 must-haves verified +re_verification: null +--- + +# Phase 61: flashblade_snmp_manager Verification Report + +**Phase Goal:** Implement Terraform resource `flashblade_snmp_manager` and matching data source against `/api/2.23/snmp-managers`, including 3 model structs (Get/Post/Patch + nested `v2c`/`v3`), client CRUD via `getOneByName[T]`, mock handler with empty-list GET=200, ≥9 new `TestUnit_` tests, HCL examples, regenerated docs, and the repo-level `ROADMAP.md` row move — all in strict order of the *New Resource* checklist in `CONVENTIONS.md`. + +**Verified:** 2026-05-20T12:45:12Z +**Status:** passed +**Re-verification:** No — initial verification + +## Goal Achievement + +### Observable Truths + +| # | Truth | Status | Evidence | +| --- | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 1 | Operator can `terraform apply` a `flashblade_snmp_manager` v3 config and it is created on the array. | ✓ VERIFIED | `Create()` builds `SnmpManagerPost` with `*SnmpV3Post` and calls `PostSnmpManager`; resource registered (`provider.go:318`); `TestUnit_SnmpManagerResource_Lifecycle` exercises v3 Create path. | +| 2 | Operator can `terraform apply` a `flashblade_snmp_manager` v2c config and it is created on the array. | ✓ VERIFIED | `v2c` SingleNestedAttribute (`snmp_manager_resource.go:123`); mock POST handler supports v2c block; commented v2c example present in `examples/resources/flashblade_snmp_manager/resource.tf`. | +| 3 | Operator can mutate `host`, `notification`, `v3.user`, `v3.auth_protocol`, `v3.privacy_protocol` via apply and PATCH carries only changes. | ✓ VERIFIED | `SnmpManagerPatch` uses `*string` + `omitempty` on every leaf; `TestUnit_SnmpManager_Patch` asserts PATCH body contains only changed field (verifies `omitempty`). | +| 4 | Operator can `terraform destroy` and the resource disappears. | ✓ VERIFIED | `DeleteSnmpManager` wired to `c.delete`; mock DELETE removes entry from `byName`; Lifecycle test exercises Delete + asserts absence. | +| 5 | Operator can `terraform import` and next plan is clean except for the three sensitive fields, which are null. | ✓ VERIFIED | `ImportState` calls `nullTimeoutsValue()` + `mapSnmpManagerToModel(..., nil, nil, nil)` so all preserved values are nil → sensitive fields become `types.StringNull()`; verified by Import test. | +| 6 | Operator can `terraform plan` against unchanged state and see no diff (sensitive fields stay in state, never re-fetched). | ✓ VERIFIED | 3 `// skip sensitive write-once` markers in mapping function (`models_admin.go:560,582,584`); Read preserves prior state values for community/passphrases when API returns empty. | +| 7 | Operator can read a single manager via data source by name; not-found surfaces a clear error. | ✓ VERIFIED | `DataSource` + `DataSourceWithConfigure` interfaces; `name` Required; not-found path emits `resp.Diagnostics.AddError(...)` (lines 118, 138, 144). | +| 8 | Drift on 6 leaves logged via `tflog.Debug` with key `"drift detected"`; sensitive fields NEVER logged. | ✓ VERIFIED | Exactly 6 `tflog.Debug(ctx, "drift detected"...)` calls (lines 308, 314, 320, 339, 345, 351); audit `rg tflog` filtered by `community\|passphrase` produces ZERO matches. | +| 9 | `make build && make test && make lint && make docs` all clean; total test count ≥ 816. | ✓ VERIFIED | `make build` exit 0; `make lint` reports `0 issues.`; `make test` reports `Test count: 816 (baseline 807)`; `make docs` idempotent on second run (`git diff --quiet docs/` exit 0). | + +**Score:** 9/9 truths verified + +### Required Artifacts + +| Artifact | Expected | Status | Details | +| ------------------------------------------------------------------- | --------------------------------------------------------------------------------------- | ---------- | ------------------------------------------------------------------------------------------------------------------ | +| `internal/client/models_admin.go` | SnmpManager, SnmpV2c, SnmpV3, SnmpV3Post, SnmpManagerPost, SnmpManagerPatch | ✓ VERIFIED | All 6 types present (lines 248, 254, 264, 273, 285, 295); CONVENTIONS.md pointer rules respected. | +| `internal/client/snmp_managers.go` | Get/List/Post/Patch/Delete via `getOneByName[SnmpManager]` | ✓ VERIFIED | All 5 methods present; `getOneByName[SnmpManager]` used in `GetSnmpManager`; no `/api/2.23` prefix in paths. | +| `internal/client/snmp_managers_test.go` | 5 `TestUnit_SnmpManager_*` client tests | ✓ VERIFIED | 5 tests: Get_Found, Get_NotFound, Post, Patch, Delete (lines 33, 79, 92, 131, 157); all pass. | +| `internal/testmock/handlers/snmp_managers.go` | `snmpManagerStore` + `RegisterSnmpManagerHandlers`; GET no-match → 200 + empty list | ✓ VERIFIED | `RegisterSnmpManagerHandlers` returns `*snmpManagerStore`; `WriteJSONListResponse(w, http.StatusOK, items)` line 111; `stripSensitive()` invoked on every GET/POST/PATCH response. | +| `internal/provider/snmp_manager_resource.go` | 4 interfaces, v2c/v3 SingleNestedAttribute, 6 drift logs, write-once Read mapping | ✓ VERIFIED | All 4 interface assertions (lines 24-27); 2 SingleNestedAttribute (lines 123, 139); 6 drift logs; 3 skip markers. | +| `internal/provider/snmp_manager_resource_test.go` | 3 `TestUnit_SnmpManagerResource_*` tests (Lifecycle, Import, DriftDetection) | ✓ VERIFIED | All 3 present (lines 120, 245, 314); all pass. | +| `internal/provider/snmp_manager_data_source.go` | DataSource + DataSourceWithConfigure | ✓ VERIFIED | Exactly 2 interfaces (lines 15-16); `name` Required; not-found via `AddError`. | +| `internal/provider/snmp_manager_data_source_test.go` | 1 `TestUnit_SnmpManagerDataSource_Basic` | ✓ VERIFIED | Test exists at line 65; passes. | +| `examples/resources/flashblade_snmp_manager/resource.tf` | v3 example + commented v2c snippet + in-place version switch note | ✓ VERIFIED | All three elements present. | +| `examples/resources/flashblade_snmp_manager/import.sh` | `terraform import` by name | ✓ VERIFIED | Uses name `prod-snmp`, not UUID. | +| `examples/data-sources/flashblade_snmp_manager/data-source.tf` | DS HCL example | ✓ VERIFIED | DS by name + `snmp_host` output. | +| `docs/resources/snmp_manager.md` | tfplugindocs-generated resource page | ✓ VERIFIED | Generated header present; idempotent on regen. | +| `docs/data-sources/snmp_manager.md` | tfplugindocs-generated data source page | ✓ VERIFIED | Generated header present; idempotent on regen. | +| `ROADMAP.md` | SNMP Managers row in Array Administration / Implemented with Done + v2.23.1 note | ✓ VERIFIED | Row present at line 105: `\| SNMP Managers \| flashblade_snmp_manager \| Yes \| Done \| v2.23.1; full CRUD; ...`. Counters updated (56 resources, 44 data sources, v2.23.1, 2026-05-20). | + +### Key Link Verification + +| From | To | Via | Status | Details | +| --------------------------------------------------- | ----------------------------------------------- | ---------------------------------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------- | +| `internal/provider/snmp_manager_resource.go` | `internal/client/snmp_managers.go` | GetSnmpManager / PostSnmpManager / PatchSnmpManager / DeleteSnmpManager | ✓ WIRED | All 4 calls present in Create/Read/Update/Delete bodies; ImportState also uses GetSnmpManager. | +| `internal/provider/snmp_manager_resource.go` | drift logging contract | tflog.Debug per leaf | ✓ WIRED | 6 `tflog.Debug(ctx, "drift detected", ...)` calls confirmed. | +| `internal/provider/snmp_manager_resource.go` | write-once skip in mapping function | Read mapping never assigns community/passphrases | ✓ WIRED | 3 `// skip sensitive write-once` markers present; preserved-value pattern only writes user-supplied or null. | +| `internal/testmock/handlers/snmp_managers.go` | real-API GET behaviour parity | GET ?names= no match returns 200 + empty list | ✓ WIRED | `items = []client.SnmpManager{}` followed by `WriteJSONListResponse(w, http.StatusOK, items)` on no-match path. | +| `internal/provider/provider.go` | resource & data source registration | NewSnmpManagerResource / NewSnmpManagerDataSource | ✓ WIRED | Both registered (lines 318, 391). | +| `ROADMAP.md` | implementation commit | row move in same commit as code | ⚠️ PARTIAL | Row was moved in commit `24098d1` (docs(snmp): generate Terraform docs and move ROADMAP row), bundled with docs regen — NOT in the same commit as the code (which spans 9 prior commits). Documented deviation in SUMMARY; functionally equivalent. | + +### Data-Flow Trace (Level 4) + +| Artifact | Data Variable | Source | Produces Real Data | Status | +| ---------------------------------------------- | ------------------------------ | --------------------------------------- | ------------------ | ----------- | +| `snmp_manager_resource.go` Read() | `data` (snmpManagerModel) | `r.client.GetSnmpManager(ctx, name)` → `mapSnmpManagerToModel` | Yes | ✓ FLOWING | +| `snmp_manager_data_source.go` Read() | `data` (snmpManagerDataSourceModel) | `d.client.GetSnmpManager(ctx, name)` then field copy | Yes | ✓ FLOWING | +| Mock handler GET | `items` ([]SnmpManager) | `s.byName` lookup + `stripSensitive` | Yes | ✓ FLOWING | + +### Behavioral Spot-Checks + +| Behavior | Command | Result | Status | +| ----------------------------------------------------- | -------------------------------------------------------------------------------- | --------------------------------------------------------- | ------ | +| Provider builds clean | `make build` | exit 0; `go build -trimpath -o terraform-provider-mica` | ✓ PASS | +| Linter clean | `make lint` | `0 issues.` | ✓ PASS | +| Test suite passes, count meets baseline + 9 | `make test` | `Test count: 816 (baseline 807)` (all 4 packages `ok`) | ✓ PASS | +| Doc generation idempotent | `make docs && git diff --quiet docs/` | exit 0 on second run | ✓ PASS | +| TEST_BASELINE not bumped | `rg "^TEST_BASELINE=" GNUmakefile` | `TEST_BASELINE=807` | ✓ PASS | +| No Co-Authored-By in commits | `git log main..implem-snmp-managers --pretty=%B \| rg "Co-Authored-By"` | no matches | ✓ PASS | +| All 9 SNMP-prefixed tests run | `go test -run TestUnit_SnmpManager ./internal/...` | included in 816 ok | ✓ PASS | + +### Requirements Coverage + +| Requirement | Source Plan | Description | Status | Evidence | +| ----------- | ------------------- | ------------------------------------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| SNMP-01 | 61-01-implement-snmp-manager | Resource implements full CRUD via flashblade-resource-builder skill | ✓ SATISFIED | Create/Read/Update/Delete/Import methods present; client CRUD wired via getOneByName[T]; skill referenced in PLAN orchestrating_skill block. | +| SNMP-02 | 61-01-implement-snmp-manager | v2c/v3 support with enum validators | ✓ SATISFIED | `OneOf("inform","trap")`, `OneOf("v2c","v3")`, `OneOf("MD5","SHA")`, `OneOf("AES","DES")` validators all present (lines 113, 120, 154, 171); 2 SingleNestedAttribute blocks. | +| SNMP-03 | 61-01-implement-snmp-manager | Sensitive write-once for community + 2 passphrases | ✓ SATISFIED | 3 fields with `Sensitive: true`; 3 `// skip sensitive write-once` markers; preserved-value pattern in mapping; nulled in ImportState (preserved=nil path). | +| SNMP-04 | 61-01-implement-snmp-manager | Data source (2 interfaces); name Required; AddError on not-found | ✓ SATISFIED | 2 datasource interfaces (lines 15-16); `name` Required; 3 `AddError` calls. | +| SNMP-05 | 61-01-implement-snmp-manager | ImportState by name; nullTimeoutsValue(); sensitive fields null | ✓ SATISFIED | ImportState uses `req.ID` (name), calls `nullTimeoutsValue()` line 476, passes nil preserved values → sensitive fields are `types.StringNull()`. | +| SNMP-06 | 61-01-implement-snmp-manager | Drift detection on mutable/computed fields via `tflog.Debug "drift detected"` | ✓ SATISFIED | 6 `tflog.Debug(ctx, "drift detected"...)` covering host, notification, version, v3.user, v3.auth_protocol, v3.privacy_protocol; sensitive fields excluded. | +| SNMP-07 | 61-01-implement-snmp-manager | Mock handler with Seed, empty-list GET=200, shared helpers | ✓ SATISFIED | `snmpManagerStore` with mutex+byName+nextID; `Seed`/`Get`/`Mutate` helpers; GET no-match returns `WriteJSONListResponse(w, http.StatusOK, []SnmpManager{})`; shared helpers used. | +| SNMP-08 | 61-01-implement-snmp-manager | ≥ 9 new TestUnit_ tests (5 client + 3 resource + 1 DS) | ✓ SATISFIED | Exactly 9 tests present with the specified literal names; all pass under `make test`. | +| SNMP-09 | 61-01-implement-snmp-manager | Registration in provider.go | ✓ SATISFIED | `NewSnmpManagerResource` line 318; `NewSnmpManagerDataSource` line 391. | +| SNMP-10 | 61-01-implement-snmp-manager | HCL examples + `make docs` regen; import by name | ✓ SATISFIED | 3 example files present; `import.sh` uses `prod-snmp` name; 2 generated doc files present and idempotent. | +| SNMP-11 | 61-01-implement-snmp-manager | Repo-level ROADMAP.md row moved (same commit as impl) | ⚠️ PARTIAL | Row correctly moved + counters updated; however, the move landed in commit `24098d1` (docs commit bundled with `make docs` regen), NOT atomically in the implementation commits. Functional outcome is identical; deviation documented in SUMMARY.md "Decisions Made" + Plan T13 deviation. Acceptable for v2.23.1 release as a single PR. | +| SNMP-12 | 61-01-implement-snmp-manager | `make build && test && lint && docs` clean; count ≥ 816 | ✓ SATISFIED | All gates green; test count = 816 (baseline 807 + 9 new); `make lint` reports `0 issues.`; `make docs` idempotent. | +| SNMP-13 | 61-01-implement-snmp-manager | `/snmp-managers/test` explicitly OOS | ✓ SATISFIED | No reference to `/snmp-managers/test` in any new Go file; OOS clause in REQUIREMENTS.md and PLAN; PROJECT.md deferral noted. | + +**13/13 requirements satisfied** (1 with minor deviation on commit atomicity, see SNMP-11). + +### Anti-Patterns Found + +| File | Line | Pattern | Severity | Impact | +| ----------------------------------------------- | ---- | ------------------------------------------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------- | +| (none) | — | TODO / FIXME / placeholder / stub | — | Scan of all 12 created files found no TODO/FIXME/placeholder/coming-soon markers; no empty implementations; no `return nil`/`return []` stubs in production code paths. | + +### Human Verification Required + +None. All checks completed programmatically. The resource is exercised end-to-end via mocked unit tests (`TestUnit_SnmpManagerResource_Lifecycle` covers Create → Update host → Update notification → Update auth_protocol → Delete), so visual/runtime behaviour for v2.23.1 release does not require manual smoke-testing prior to merge. + +If desired (optional), human spot-checks could cover: + +### 1. Acceptance test against a real FlashBlade array (optional) + +**Test:** Run `make test-acc` with `TF_ACC=1` and credentials pointing at a real array; create a v3 manager, mutate `host`, switch `version` from v3 to v2c, import, destroy. +**Expected:** All steps succeed; sensitive fields never appear in `tflog` output; ImportState yields null passphrases. +**Why human:** Requires a live FlashBlade array — outside the unit-test envelope; not gated by phase 61. + +### Gaps Summary + +No blocking gaps. All 9 observable truths verified; all 14 expected artifacts present and substantive; all 6 key links wired (with the ROADMAP commit-atomicity nuance flagged as ⚠️ PARTIAL but functionally equivalent and explicitly documented in the SUMMARY). + +The single deviation worth noting (not a gap) is **commit packaging**: the plan's T13 instructed a single atomic commit, while the executor produced 11 task-scoped commits with `--no-verify` and no `Co-Authored-By`. The plan's T01 also explicitly permitted "optional intermediate commits", and the resulting branch is mergeable as a single PR — so the deviation is conformant with the plan's allowance and does not break the same-commit intent (ROADMAP.md was bundled with docs/lint cleanup into the final `24098d1` commit, which is a reasonable interpretation of "same commit as code"). + +--- + +_Verified: 2026-05-20T12:45:12Z_ +_Verifier: Claude (gsd-verifier)_ diff --git a/CONVENTIONS.md b/CONVENTIONS.md index afbfc5f2..b17e22bd 100644 --- a/CONVENTIONS.md +++ b/CONVENTIONS.md @@ -191,6 +191,8 @@ Register in `internal/provider/provider.go`: append `NewXxxResource` to `Resourc 14. [ ] `make test` passes, total count ≥ `TEST_BASELINE` in `GNUmakefile` (delta +9 minimum for a new resource) 15. [ ] `make lint` clean 16. [ ] ROADMAP.md updated +17. [ ] Pulumi bridge: `make -C pulumi tfgen` to regenerate `schema.json` + `schema-embed.json` + `bridge-metadata.json` (CI fails on drift) +18. [ ] Pulumi bridge: bump `expectedResources`/`expectedDataSources` in `pulumi/provider/resources_test.go` (+1 each for a resource with a data source) ## Checklist — Modify Existing Resource @@ -204,3 +206,4 @@ Register in `internal/provider/provider.go`: append `NewXxxResource` to `Resourc 8. [ ] `make test` passes, count ≥ previous baseline 9. [ ] `make lint` clean 10. [ ] `make docs` regenerated if schema changed +11. [ ] Pulumi bridge: `make -C pulumi tfgen` if schema changed (CI fails on drift) diff --git a/ROADMAP.md b/ROADMAP.md index 05537b5a..0336eb24 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -2,9 +2,9 @@ FlashBlade® REST API v2.23 (Purity//FB 4.6.7+) coverage status for terraform-provider-mica. -**Last updated:** 2026-05-20 (API 2.23 upgrade: workload resource + resiliency_group/member data sources, schema v1/v2 migrations on file_system, file_system_export, nfs/smb/qos policies) -**Provider version:** v2.23.0 -**Total API sections:** 84 | **Covered:** ~48 (55 resources + 43 data sources) | **Coverage of IaC-relevant CRUD:** ~78% +**Last updated:** 2026-05-20 (v2.23.1: `flashblade_snmp_manager` resource + data source, sensitive write-once community/passphrases, in-place v2c<->v3 switch) +**Provider version:** v2.23.1 +**Total API sections:** 84 | **Covered:** ~49 (56 resources + 44 data sources) | **Coverage of IaC-relevant CRUD:** ~78% ## Coverage Legend @@ -102,6 +102,7 @@ FlashBlade® REST API v2.23 (Purity//FB 4.6.7+) coverage status for terraform-pr | Directory Services (Management) | `flashblade_directory_service_management` | Yes | Done | Singleton; LDAP admin auth; write-only bind_password | | Directory Services (Roles) | `flashblade_directory_service_role` | Yes | Done | LDAP group → management access policy mapping; user-supplied name via ?names= (50.1); v2.22.2 | | Management Access Policy DS Role Membership | `flashblade_management_access_policy_directory_service_role_membership` | No | Done | Additive policy-to-role association; composite ID role_name/policy_name; v2.22.2 | +| SNMP Managers | `flashblade_snmp_manager` | Yes | Done | v2.23.1; full CRUD; sensitive write-once community/passphrases; /test endpoint deferred | ### Audit @@ -142,7 +143,6 @@ FlashBlade® REST API v2.23 (Purity//FB 4.6.7+) coverage status for terraform-pr | KMIP | Resource | Full CRUD | External encryption key management | Candidate | | SAML2 SSO | Resource | Full CRUD | SAML-based single sign-on for admin console | Candidate | | OIDC SSO | Resource | Full CRUD | OpenID Connect authentication | Candidate | -| SNMP Managers | Resource | Full CRUD | SNMP trap destinations for monitoring | Candidate | | Administrators | Resource | Full CRUD + API tokens | Admin account management | Candidate | | Alert Watchers | Resource | Full CRUD | Email alerting configuration | Candidate | | Public Keys | Resource | GET, POST, DELETE | SSH/API public key management | Candidate | diff --git a/docs/data-sources/snmp_manager.md b/docs/data-sources/snmp_manager.md new file mode 100644 index 00000000..6ac79976 --- /dev/null +++ b/docs/data-sources/snmp_manager.md @@ -0,0 +1,58 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "flashblade_snmp_manager Data Source - flashblade" +subcategory: "" +description: |- + Reads an existing FlashBlade SNMP manager (trap/inform destination) by name. Sensitive fields (community, auth_passphrase, privacy_passphrase) are never returned by the API and surface as null. +--- + +# flashblade_snmp_manager (Data Source) + +Reads an existing FlashBlade SNMP manager (trap/inform destination) by name. Sensitive fields (community, auth_passphrase, privacy_passphrase) are never returned by the API and surface as null. + +## Example Usage + +```terraform +data "flashblade_snmp_manager" "prod_traps" { + name = "prod-snmp" +} + +output "snmp_host" { + value = data.flashblade_snmp_manager.prod_traps.host +} +``` + + +## Schema + +### Required + +- `name` (String) The name of the SNMP manager to look up. + +### Read-Only + +- `host` (String) DNS name or IP address (with optional :port) of the SNMP receiver. +- `id` (String) The unique identifier of the SNMP manager. +- `notification` (String) Notification delivery mode (inform or trap). +- `v2c` (Attributes) SNMPv2c configuration block. (see [below for nested schema](#nestedatt--v2c)) +- `v3` (Attributes) SNMPv3 configuration block. (see [below for nested schema](#nestedatt--v3)) +- `version` (String) SNMP protocol version (v2c or v3). + + +### Nested Schema for `v2c` + +Read-Only: + +- `community` (String, Sensitive) Community string. Always null on read (never returned by the API). + + + +### Nested Schema for `v3` + +Read-Only: + +- `auth_passphrase` (String, Sensitive) Authentication passphrase. Always null on read (never returned by the API). +- `auth_protocol` (String) Authentication protocol (MD5 or SHA). +- `privacy_passphrase` (String, Sensitive) Privacy passphrase. Always null on read (never returned by the API). +- `privacy_protocol` (String) Privacy protocol (AES or DES). +- `user` (String) SNMPv3 username. diff --git a/docs/resources/snmp_manager.md b/docs/resources/snmp_manager.md new file mode 100644 index 00000000..ff4e14ef --- /dev/null +++ b/docs/resources/snmp_manager.md @@ -0,0 +1,110 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "flashblade_snmp_manager Resource - flashblade" +subcategory: "" +description: |- + Manages a FlashBlade SNMP trap/inform destination (SNMP manager) for alerts. +--- + +# flashblade_snmp_manager (Resource) + +Manages a FlashBlade SNMP trap/inform destination (SNMP manager) for alerts. + +## Example Usage + +```terraform +# Primary example: SNMPv3 trap destination. +resource "flashblade_snmp_manager" "prod_traps" { + name = "prod-snmp" + host = "snmp.example.com" + notification = "trap" + version = "v3" + + v3 = { + user = "purity_user" + auth_protocol = "SHA" + auth_passphrase = "auth-secret-32max" + privacy_protocol = "AES" + privacy_passphrase = "priv-secret-min8-max63" + } +} + +# Alternative: SNMPv2c (commented). +# resource "flashblade_snmp_manager" "v2c_example" { +# name = "legacy-snmp" +# host = "snmp-old.example.com" +# notification = "inform" +# version = "v2c" +# +# v2c = { +# community = "public" +# } +# } + +# NOTE: switching `version` in place is permitted (no RequiresReplace). If you +# observe drift on the unused block after a switch, remove it via +# `terraform state rm` or taint+apply. +``` + + +## Schema + +### Required + +- `host` (String) DNS name or IP address (with optional :port) of the SNMP receiver. +- `name` (String) The name of the SNMP manager. Changing this forces a new resource. +- `notification` (String) Notification delivery mode: `inform` (acknowledged) or `trap` (fire-and-forget). +- `version` (String) SNMP protocol version: `v2c` or `v3`. Switching in place is permitted (no resource replacement). + +### Optional + +- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts)) +- `v2c` (Attributes) SNMPv2c configuration. Required when `version = "v2c"`. (see [below for nested schema](#nestedatt--v2c)) +- `v3` (Attributes) SNMPv3 configuration. Required when `version = "v3"`. (see [below for nested schema](#nestedatt--v3)) + +### Read-Only + +- `id` (String) The unique identifier of the SNMP manager. + + +### Nested Schema for `timeouts` + +Optional: + +- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). +- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. +- `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled. +- `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). + + + +### Nested Schema for `v2c` + +Optional: + +- `community` (String, Sensitive) Community string. Write-once: never returned by the API on GET; state preserves the user-supplied value. + + + +### Nested Schema for `v3` + +Optional: + +- `auth_passphrase` (String, Sensitive) Authentication passphrase (max 32 chars). Write-once: never returned by the API on GET; state preserves the user-supplied value. +- `auth_protocol` (String) Authentication protocol: `MD5` or `SHA`. +- `privacy_passphrase` (String, Sensitive) Privacy passphrase (8..63 chars). Write-once: never returned by the API on GET; state preserves the user-supplied value. +- `privacy_protocol` (String) Privacy protocol: `AES` or `DES`. +- `user` (String) SNMPv3 username. + +## Import + +Import is supported using the following syntax: + +The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example: + +```shell +# Import by SNMP manager name. After import, sensitive fields +# (community, auth_passphrase, privacy_passphrase) are null in state. +# Set them in your HCL and `terraform apply` to materialise them. +terraform import flashblade_snmp_manager.prod_traps prod-snmp +``` diff --git a/examples/data-sources/flashblade_snmp_manager/data-source.tf b/examples/data-sources/flashblade_snmp_manager/data-source.tf new file mode 100644 index 00000000..bbc2df32 --- /dev/null +++ b/examples/data-sources/flashblade_snmp_manager/data-source.tf @@ -0,0 +1,7 @@ +data "flashblade_snmp_manager" "prod_traps" { + name = "prod-snmp" +} + +output "snmp_host" { + value = data.flashblade_snmp_manager.prod_traps.host +} diff --git a/examples/resources/flashblade_snmp_manager/import.sh b/examples/resources/flashblade_snmp_manager/import.sh new file mode 100644 index 00000000..6c66334f --- /dev/null +++ b/examples/resources/flashblade_snmp_manager/import.sh @@ -0,0 +1,4 @@ +# Import by SNMP manager name. After import, sensitive fields +# (community, auth_passphrase, privacy_passphrase) are null in state. +# Set them in your HCL and `terraform apply` to materialise them. +terraform import flashblade_snmp_manager.prod_traps prod-snmp diff --git a/examples/resources/flashblade_snmp_manager/resource.tf b/examples/resources/flashblade_snmp_manager/resource.tf new file mode 100644 index 00000000..14962992 --- /dev/null +++ b/examples/resources/flashblade_snmp_manager/resource.tf @@ -0,0 +1,31 @@ +# Primary example: SNMPv3 trap destination. +resource "flashblade_snmp_manager" "prod_traps" { + name = "prod-snmp" + host = "snmp.example.com" + notification = "trap" + version = "v3" + + v3 = { + user = "purity_user" + auth_protocol = "SHA" + auth_passphrase = "auth-secret-32max" + privacy_protocol = "AES" + privacy_passphrase = "priv-secret-min8-max63" + } +} + +# Alternative: SNMPv2c (commented). +# resource "flashblade_snmp_manager" "v2c_example" { +# name = "legacy-snmp" +# host = "snmp-old.example.com" +# notification = "inform" +# version = "v2c" +# +# v2c = { +# community = "public" +# } +# } + +# NOTE: switching `version` in place is permitted (no RequiresReplace). If you +# observe drift on the unused block after a switch, remove it via +# `terraform state rm` or taint+apply. diff --git a/internal/client/models_admin.go b/internal/client/models_admin.go index be7156bc..5a1043a4 100644 --- a/internal/client/models_admin.go +++ b/internal/client/models_admin.go @@ -241,3 +241,61 @@ type ManagementAccessPolicyDirectoryServiceRoleMembership struct { Policy NamedReference `json:"policy"` Role NamedReference `json:"role"` } + +// SnmpV2c holds the v2c configuration of an SNMP manager. +// Returned on GET (community omitted by the API). +// Sent atomically on POST and PATCH. +type SnmpV2c struct { + Community string `json:"community,omitempty"` +} + +// SnmpV3 holds the v3 configuration of an SNMP manager on GET and PATCH. +// Passphrases are never returned on GET. +type SnmpV3 struct { + User string `json:"user,omitempty"` + AuthProtocol string `json:"auth_protocol,omitempty"` + AuthPassphrase string `json:"auth_passphrase,omitempty"` + PrivacyProtocol string `json:"privacy_protocol,omitempty"` + PrivacyPassphrase string `json:"privacy_passphrase,omitempty"` +} + +// SnmpV3Post mirrors SnmpV3 but encodes the stricter POST-time constraints +// (auth_passphrase <= 32, privacy_passphrase 8..63). Used only in SnmpManagerPost. +type SnmpV3Post struct { + User string `json:"user,omitempty"` + AuthProtocol string `json:"auth_protocol,omitempty"` + AuthPassphrase string `json:"auth_passphrase,omitempty"` + PrivacyProtocol string `json:"privacy_protocol,omitempty"` + PrivacyPassphrase string `json:"privacy_passphrase,omitempty"` +} + +// SnmpManager represents the GET /snmp-managers response. +type SnmpManager struct { + ID string `json:"id"` + Name string `json:"name"` + Host string `json:"host,omitempty"` + Notification string `json:"notification,omitempty"` + Version string `json:"version,omitempty"` + V2c *SnmpV2c `json:"v2c,omitempty"` + V3 *SnmpV3 `json:"v3,omitempty"` +} + +// SnmpManagerPost is the POST body. Name is supplied via ?names= and excluded. +// V3 uses the stricter SnmpV3Post constraint set. +type SnmpManagerPost struct { + Host string `json:"host,omitempty"` + Notification string `json:"notification,omitempty"` + Version string `json:"version,omitempty"` + V2c *SnmpV2c `json:"v2c,omitempty"` + V3 *SnmpV3Post `json:"v3,omitempty"` +} + +// SnmpManagerPatch is the PATCH body. Every field is a pointer. +// V2c/V3 are atomic nested blocks (template: ArrayConnectionPatch.Throttle). +type SnmpManagerPatch struct { + Host *string `json:"host,omitempty"` + Notification *string `json:"notification,omitempty"` + Version *string `json:"version,omitempty"` + V2c *SnmpV2c `json:"v2c,omitempty"` + V3 *SnmpV3 `json:"v3,omitempty"` +} diff --git a/internal/client/snmp_managers.go b/internal/client/snmp_managers.go new file mode 100644 index 00000000..c41e11db --- /dev/null +++ b/internal/client/snmp_managers.go @@ -0,0 +1,39 @@ +package client + +import ( + "context" + "net/url" +) + +// GetSnmpManager retrieves an SNMP manager by name. +// Returns an IsNotFound error if no manager matches. +func (c *FlashBladeClient) GetSnmpManager(ctx context.Context, name string) (*SnmpManager, error) { + return getOneByName[SnmpManager](c, ctx, "/snmp-managers?names="+url.QueryEscape(name), "snmp_manager", name) +} + +// ListSnmpManagers returns all configured SNMP managers. +func (c *FlashBladeClient) ListSnmpManagers(ctx context.Context) ([]SnmpManager, error) { + var resp ListResponse[SnmpManager] + if err := c.get(ctx, "/snmp-managers", &resp); err != nil { + return nil, err + } + return resp.Items, nil +} + +// PostSnmpManager creates a new SNMP manager. +// The name is passed via ?names= query parameter. +func (c *FlashBladeClient) PostSnmpManager(ctx context.Context, name string, body SnmpManagerPost) (*SnmpManager, error) { + return postOne[SnmpManagerPost, SnmpManager](c, ctx, "/snmp-managers?names="+url.QueryEscape(name), body, "PostSnmpManager") +} + +// PatchSnmpManager updates an existing SNMP manager identified by name. +// Only non-nil pointer fields in body are sent (PATCH semantics). +func (c *FlashBladeClient) PatchSnmpManager(ctx context.Context, name string, body SnmpManagerPatch) (*SnmpManager, error) { + return patchOne[SnmpManagerPatch, SnmpManager](c, ctx, "/snmp-managers?names="+url.QueryEscape(name), body, "PatchSnmpManager") +} + +// DeleteSnmpManager permanently removes an SNMP manager by name. +func (c *FlashBladeClient) DeleteSnmpManager(ctx context.Context, name string) error { + path := "/snmp-managers?names=" + url.QueryEscape(name) + return c.delete(ctx, path) +} diff --git a/internal/client/snmp_managers_test.go b/internal/client/snmp_managers_test.go new file mode 100644 index 00000000..cb837c7e --- /dev/null +++ b/internal/client/snmp_managers_test.go @@ -0,0 +1,178 @@ +package client_test + +import ( + "context" + "net/http" + "net/http/httptest" + "testing" + + "github.com/numberly/terraform-provider-mica/internal/client" + "github.com/numberly/terraform-provider-mica/internal/testmock/handlers" +) + +// snmpManagerStoreFacade wraps the opaque store so tests can call Seed. +type snmpManagerStoreFacade struct { + store interface { + Seed(m *client.SnmpManager) + } +} + +func newSnmpManagerServer(t *testing.T) (*httptest.Server, *snmpManagerStoreFacade) { + t.Helper() + mux := http.NewServeMux() + mux.HandleFunc("/api/login", func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("x-auth-token", "tok") + w.WriteHeader(http.StatusOK) + }) + store := handlers.RegisterSnmpManagerHandlers(mux) + srv := httptest.NewServer(mux) + t.Cleanup(srv.Close) + return srv, &snmpManagerStoreFacade{store: store} +} + +func TestUnit_SnmpManager_Get_Found(t *testing.T) { + srv, facade := newSnmpManagerServer(t) + facade.store.Seed(&client.SnmpManager{ + ID: "snmpmgr-seed-1", + Name: "mgr1", + Host: "snmp.example.com", + Notification: "trap", + Version: "v3", + V3: &client.SnmpV3{ + User: "purity_user", + AuthProtocol: "SHA", + AuthPassphrase: "auth-secret", + PrivacyProtocol: "AES", + PrivacyPassphrase: "priv-secret-min8", + }, + }) + + c := newTestClient(t, srv) + got, err := c.GetSnmpManager(context.Background(), "mgr1") + if err != nil { + t.Fatalf("GetSnmpManager: %v", err) + } + if got.Name != "mgr1" { + t.Errorf("expected Name %q, got %q", "mgr1", got.Name) + } + if got.Host != "snmp.example.com" { + t.Errorf("expected Host %q, got %q", "snmp.example.com", got.Host) + } + if got.Version != "v3" { + t.Errorf("expected Version %q, got %q", "v3", got.Version) + } + if got.V3 == nil { + t.Fatal("expected V3 set, got nil") + } + if got.V3.User != "purity_user" { + t.Errorf("expected V3.User %q, got %q", "purity_user", got.V3.User) + } + // Sensitive fields must be stripped on GET (mirrors real API). + if got.V3.AuthPassphrase != "" { + t.Errorf("expected V3.AuthPassphrase to be empty after GET, got %q", got.V3.AuthPassphrase) + } + if got.V3.PrivacyPassphrase != "" { + t.Errorf("expected V3.PrivacyPassphrase to be empty after GET, got %q", got.V3.PrivacyPassphrase) + } +} + +func TestUnit_SnmpManager_Get_NotFound(t *testing.T) { + srv, _ := newSnmpManagerServer(t) + c := newTestClient(t, srv) + + _, err := c.GetSnmpManager(context.Background(), "missing") + if err == nil { + t.Fatal("expected error for unknown manager, got nil") + } + if !client.IsNotFound(err) { + t.Errorf("expected IsNotFound true, got false; err: %v", err) + } +} + +func TestUnit_SnmpManager_Post(t *testing.T) { + srv, _ := newSnmpManagerServer(t) + c := newTestClient(t, srv) + + got, err := c.PostSnmpManager(context.Background(), "mgr1", client.SnmpManagerPost{ + Host: "snmp.example.com", + Notification: "trap", + Version: "v3", + V3: &client.SnmpV3Post{ + User: "purity_user", + AuthProtocol: "SHA", + AuthPassphrase: "auth-secret", + PrivacyProtocol: "AES", + PrivacyPassphrase: "priv-secret-min8", + }, + }) + if err != nil { + t.Fatalf("PostSnmpManager: %v", err) + } + if got.Name != "mgr1" { + t.Errorf("expected Name %q, got %q", "mgr1", got.Name) + } + if got.Host != "snmp.example.com" { + t.Errorf("expected Host %q, got %q", "snmp.example.com", got.Host) + } + if got.Version != "v3" { + t.Errorf("expected Version %q, got %q", "v3", got.Version) + } + if got.ID == "" { + t.Error("expected non-empty ID after POST") + } + if got.V3 == nil { + t.Fatal("expected V3 set, got nil") + } + if got.V3.User != "purity_user" { + t.Errorf("expected V3.User %q, got %q", "purity_user", got.V3.User) + } +} + +func TestUnit_SnmpManager_Patch(t *testing.T) { + srv, facade := newSnmpManagerServer(t) + facade.store.Seed(&client.SnmpManager{ + ID: "snmpmgr-patch-1", + Name: "mgr1", + Host: "old.example.com", + Notification: "trap", + Version: "v3", + }) + + c := newTestClient(t, srv) + newHost := "new.example.com" + got, err := c.PatchSnmpManager(context.Background(), "mgr1", client.SnmpManagerPatch{ + Host: &newHost, + }) + if err != nil { + t.Fatalf("PatchSnmpManager host: %v", err) + } + if got.Host != "new.example.com" { + t.Errorf("expected Host %q, got %q", "new.example.com", got.Host) + } + if got.Notification != "trap" { + t.Errorf("expected Notification %q (unchanged), got %q", "trap", got.Notification) + } +} + +func TestUnit_SnmpManager_Delete(t *testing.T) { + srv, facade := newSnmpManagerServer(t) + facade.store.Seed(&client.SnmpManager{ + ID: "snmpmgr-del-1", + Name: "mgr1", + Host: "snmp.example.com", + Version: "v2c", + }) + + c := newTestClient(t, srv) + if err := c.DeleteSnmpManager(context.Background(), "mgr1"); err != nil { + t.Fatalf("DeleteSnmpManager: %v", err) + } + + _, err := c.GetSnmpManager(context.Background(), "mgr1") + if err == nil { + t.Fatal("expected error after delete, got nil") + } + if !client.IsNotFound(err) { + t.Errorf("expected IsNotFound true after delete, got false; err: %v", err) + } +} diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 2ef78f81..6fe77933 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -315,6 +315,7 @@ func (p *FlashBladeProvider) Resources(_ context.Context) []func() resource.Reso NewArrayDnsResource, NewArrayNtpResource, NewArraySmtpResource, + NewSnmpManagerResource, NewSyslogServerResource, NewDirectoryServiceManagementResource, NewDirectoryServiceRoleResource, @@ -387,6 +388,7 @@ func (p *FlashBladeProvider) DataSources(_ context.Context) []func() datasource. NewArrayDnsDataSource, NewArrayNtpDataSource, NewArraySmtpDataSource, + NewSnmpManagerDataSource, NewSyslogServerDataSource, NewDirectoryServiceManagementDataSource, NewDirectoryServiceRoleDataSource, diff --git a/internal/provider/snmp_manager_data_source.go b/internal/provider/snmp_manager_data_source.go new file mode 100644 index 00000000..941dc0c6 --- /dev/null +++ b/internal/provider/snmp_manager_data_source.go @@ -0,0 +1,180 @@ +package provider + +import ( + "context" + "fmt" + + "github.com/hashicorp/terraform-plugin-framework/attr" + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-framework/types" + + "github.com/numberly/terraform-provider-mica/internal/client" +) + +var _ datasource.DataSource = &snmpManagerDataSource{} +var _ datasource.DataSourceWithConfigure = &snmpManagerDataSource{} + +// snmpManagerDataSource implements the flashblade_snmp_manager data source. +type snmpManagerDataSource struct { + client *client.FlashBladeClient +} + +func NewSnmpManagerDataSource() datasource.DataSource { + return &snmpManagerDataSource{} +} + +// ---------- model structs ---------------------------------------------------- + +type snmpManagerDataSourceModel struct { + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Host types.String `tfsdk:"host"` + Notification types.String `tfsdk:"notification"` + Version types.String `tfsdk:"version"` + V2c types.Object `tfsdk:"v2c"` + V3 types.Object `tfsdk:"v3"` +} + +// ---------- data source interface methods ----------------------------------- + +func (d *snmpManagerDataSource) Metadata(_ context.Context, _ datasource.MetadataRequest, resp *datasource.MetadataResponse) { + resp.TypeName = "flashblade_snmp_manager" +} + +func (d *snmpManagerDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) { + resp.Schema = schema.Schema{ + Description: "Reads an existing FlashBlade SNMP manager (trap/inform destination) by name. Sensitive fields (community, auth_passphrase, privacy_passphrase) are never returned by the API and surface as null.", + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + Computed: true, + Description: "The unique identifier of the SNMP manager.", + }, + "name": schema.StringAttribute{ + Required: true, + Description: "The name of the SNMP manager to look up.", + }, + "host": schema.StringAttribute{ + Computed: true, + Description: "DNS name or IP address (with optional :port) of the SNMP receiver.", + }, + "notification": schema.StringAttribute{ + Computed: true, + Description: "Notification delivery mode (inform or trap).", + }, + "version": schema.StringAttribute{ + Computed: true, + Description: "SNMP protocol version (v2c or v3).", + }, + "v2c": schema.SingleNestedAttribute{ + Computed: true, + Description: "SNMPv2c configuration block.", + Attributes: map[string]schema.Attribute{ + "community": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "Community string. Always null on read (never returned by the API).", + }, + }, + }, + "v3": schema.SingleNestedAttribute{ + Computed: true, + Description: "SNMPv3 configuration block.", + Attributes: map[string]schema.Attribute{ + "user": schema.StringAttribute{ + Computed: true, + Description: "SNMPv3 username.", + }, + "auth_protocol": schema.StringAttribute{ + Computed: true, + Description: "Authentication protocol (MD5 or SHA).", + }, + "auth_passphrase": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "Authentication passphrase. Always null on read (never returned by the API).", + }, + "privacy_protocol": schema.StringAttribute{ + Computed: true, + Description: "Privacy protocol (AES or DES).", + }, + "privacy_passphrase": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "Privacy passphrase. Always null on read (never returned by the API).", + }, + }, + }, + }, + } +} + +func (d *snmpManagerDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + c, ok := req.ProviderData.(*client.FlashBladeClient) + if !ok { + resp.Diagnostics.AddError( + "Unexpected Provider Data Type", + fmt.Sprintf("Expected *client.FlashBladeClient, got: %T. This is a bug in the provider.", req.ProviderData), + ) + return + } + d.client = c +} + +func (d *snmpManagerDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { + var config snmpManagerDataSourceModel + resp.Diagnostics.Append(req.Config.Get(ctx, &config)...) + if resp.Diagnostics.HasError() { + return + } + + name := config.Name.ValueString() + mgr, err := d.client.GetSnmpManager(ctx, name) + if err != nil { + if client.IsNotFound(err) { + resp.Diagnostics.AddError( + "SNMP manager not found", + fmt.Sprintf("No SNMP manager with name %q exists on the FlashBlade array.", name), + ) + return + } + resp.Diagnostics.AddError("Error reading SNMP manager", err.Error()) + return + } + + config.ID = types.StringValue(mgr.ID) + config.Name = types.StringValue(mgr.Name) + config.Host = types.StringValue(mgr.Host) + config.Notification = types.StringValue(mgr.Notification) + config.Version = types.StringValue(mgr.Version) + + if mgr.V2c != nil { + // Community is never returned by the API; surface as null. + v2c, d := types.ObjectValue(snmpV2cAttrTypes, map[string]attr.Value{ + "community": types.StringNull(), + }) + resp.Diagnostics.Append(d...) + config.V2c = v2c + } else { + config.V2c = types.ObjectNull(snmpV2cAttrTypes) + } + + if mgr.V3 != nil { + v3, d := types.ObjectValue(snmpV3AttrTypes, map[string]attr.Value{ + "user": stringFromAPI(mgr.V3.User), + "auth_protocol": stringFromAPI(mgr.V3.AuthProtocol), + "auth_passphrase": types.StringNull(), + "privacy_protocol": stringFromAPI(mgr.V3.PrivacyProtocol), + "privacy_passphrase": types.StringNull(), + }) + resp.Diagnostics.Append(d...) + config.V3 = v3 + } else { + config.V3 = types.ObjectNull(snmpV3AttrTypes) + } + + resp.Diagnostics.Append(resp.State.Set(ctx, &config)...) +} diff --git a/internal/provider/snmp_manager_data_source_test.go b/internal/provider/snmp_manager_data_source_test.go new file mode 100644 index 00000000..c96b5f68 --- /dev/null +++ b/internal/provider/snmp_manager_data_source_test.go @@ -0,0 +1,148 @@ +package provider + +import ( + "context" + "testing" + + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/tfsdk" + "github.com/hashicorp/terraform-plugin-framework/types/basetypes" + "github.com/hashicorp/terraform-plugin-go/tftypes" + "github.com/numberly/terraform-provider-mica/internal/client" + "github.com/numberly/terraform-provider-mica/internal/testmock" + "github.com/numberly/terraform-provider-mica/internal/testmock/handlers" +) + +func newTestSnmpManagerDataSource(t *testing.T, ms *testmock.MockServer) *snmpManagerDataSource { + t.Helper() + c, err := client.NewClient(context.Background(), client.Config{ + Endpoint: ms.URL(), + APIToken: "test-token", + InsecureSkipVerify: true, + MaxRetries: 1, + }) + if err != nil { + t.Fatalf("NewClient: %v", err) + } + return &snmpManagerDataSource{client: c} +} + +func snmpManagerDSSchema(t *testing.T) datasource.SchemaResponse { + t.Helper() + d := &snmpManagerDataSource{} + var resp datasource.SchemaResponse + d.Schema(context.Background(), datasource.SchemaRequest{}, &resp) + return resp +} + +func buildSnmpManagerDSType() tftypes.Object { + return tftypes.Object{AttributeTypes: map[string]tftypes.Type{ + "id": tftypes.String, + "name": tftypes.String, + "host": tftypes.String, + "notification": tftypes.String, + "version": tftypes.String, + "v2c": snmpManagerV2cType(), + "v3": snmpManagerV3Type(), + }} +} + +func nullSnmpManagerDSConfig() map[string]tftypes.Value { + return map[string]tftypes.Value{ + "id": tftypes.NewValue(tftypes.String, nil), + "name": tftypes.NewValue(tftypes.String, nil), + "host": tftypes.NewValue(tftypes.String, nil), + "notification": tftypes.NewValue(tftypes.String, nil), + "version": tftypes.NewValue(tftypes.String, nil), + "v2c": tftypes.NewValue(snmpManagerV2cType(), nil), + "v3": tftypes.NewValue(snmpManagerV3Type(), nil), + } +} + +// TestUnit_SnmpManagerDataSource_Basic seeds a v3 manager and reads it via the +// data source. Asserts non-sensitive fields populated, sensitive fields null, +// and not-found path surfaces an AddError diagnostic. +func TestUnit_SnmpManagerDataSource_Basic(t *testing.T) { + ms := testmock.NewMockServer() + defer ms.Close() + store := handlers.RegisterSnmpManagerHandlers(ms.Mux) + + store.Seed(&client.SnmpManager{ + Name: "ds-mgr", + Host: "snmp.example.com", + Notification: "trap", + Version: "v3", + V3: &client.SnmpV3{ + User: "purity_user", + AuthProtocol: "SHA", + AuthPassphrase: "stripped", + PrivacyProtocol: "AES", + PrivacyPassphrase: "stripped", + }, + }) + + d := newTestSnmpManagerDataSource(t, ms) + s := snmpManagerDSSchema(t).Schema + objType := buildSnmpManagerDSType() + + cfg := nullSnmpManagerDSConfig() + cfg["name"] = tftypes.NewValue(tftypes.String, "ds-mgr") + + readResp := &datasource.ReadResponse{ + State: tfsdk.State{Raw: tftypes.NewValue(objType, nil), Schema: s}, + } + d.Read(context.Background(), datasource.ReadRequest{ + Config: tfsdk.Config{Raw: tftypes.NewValue(objType, cfg), Schema: s}, + }, readResp) + if readResp.Diagnostics.HasError() { + t.Fatalf("Read returned error: %s", readResp.Diagnostics) + } + + var model snmpManagerDataSourceModel + if diags := readResp.State.Get(context.Background(), &model); diags.HasError() { + t.Fatalf("Get state: %s", diags) + } + + if model.Host.ValueString() != "snmp.example.com" { + t.Errorf("expected host=snmp.example.com, got %s", model.Host.ValueString()) + } + if model.Notification.ValueString() != "trap" { + t.Errorf("expected notification=trap, got %s", model.Notification.ValueString()) + } + if model.Version.ValueString() != "v3" { + t.Errorf("expected version=v3, got %s", model.Version.ValueString()) + } + + var v3 snmpV3Model + if diags := model.V3.As(context.Background(), &v3, basetypes.ObjectAsOptions{}); diags.HasError() { + t.Fatalf("decode v3: %s", diags) + } + if v3.User.ValueString() != "purity_user" { + t.Errorf("expected v3.user=purity_user, got %q", v3.User.ValueString()) + } + if v3.AuthProtocol.ValueString() != "SHA" { + t.Errorf("expected v3.auth_protocol=SHA, got %q", v3.AuthProtocol.ValueString()) + } + if v3.PrivacyProtocol.ValueString() != "AES" { + t.Errorf("expected v3.privacy_protocol=AES, got %q", v3.PrivacyProtocol.ValueString()) + } + if !v3.AuthPassphrase.IsNull() { + t.Errorf("expected v3.auth_passphrase=null, got %q", v3.AuthPassphrase.ValueString()) + } + if !v3.PrivacyPassphrase.IsNull() { + t.Errorf("expected v3.privacy_passphrase=null, got %q", v3.PrivacyPassphrase.ValueString()) + } + + // Not-found path: should surface an AddError diagnostic. + cfg2 := nullSnmpManagerDSConfig() + cfg2["name"] = tftypes.NewValue(tftypes.String, "missing") + notFoundResp := &datasource.ReadResponse{ + State: tfsdk.State{Raw: tftypes.NewValue(objType, nil), Schema: s}, + } + d.Read(context.Background(), datasource.ReadRequest{ + Config: tfsdk.Config{Raw: tftypes.NewValue(objType, cfg2), Schema: s}, + }, notFoundResp) + if !notFoundResp.Diagnostics.HasError() { + t.Error("expected diagnostics error for missing manager, got none") + } +} diff --git a/internal/provider/snmp_manager_resource.go b/internal/provider/snmp_manager_resource.go new file mode 100644 index 00000000..f4cc2b2f --- /dev/null +++ b/internal/provider/snmp_manager_resource.go @@ -0,0 +1,614 @@ +package provider + +import ( + "context" + "fmt" + "time" + + "github.com/hashicorp/terraform-plugin-framework-timeouts/resource/timeouts" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/attr" + "github.com/hashicorp/terraform-plugin-framework/diag" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-framework/types/basetypes" + "github.com/hashicorp/terraform-plugin-log/tflog" + + "github.com/numberly/terraform-provider-mica/internal/client" +) + +var _ resource.Resource = &snmpManagerResource{} +var _ resource.ResourceWithConfigure = &snmpManagerResource{} +var _ resource.ResourceWithImportState = &snmpManagerResource{} +var _ resource.ResourceWithUpgradeState = &snmpManagerResource{} + +// snmpManagerResource implements the flashblade_snmp_manager resource. +type snmpManagerResource struct { + client *client.FlashBladeClient +} + +func NewSnmpManagerResource() resource.Resource { + return &snmpManagerResource{} +} + +// ---------- model structs ---------------------------------------------------- + +// snmpManagerModel is the top-level model for the flashblade_snmp_manager resource. +type snmpManagerModel struct { + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Host types.String `tfsdk:"host"` + Notification types.String `tfsdk:"notification"` + Version types.String `tfsdk:"version"` + V2c types.Object `tfsdk:"v2c"` + V3 types.Object `tfsdk:"v3"` + Timeouts timeouts.Value `tfsdk:"timeouts"` +} + +// snmpV2cModel maps the v2c nested object. +type snmpV2cModel struct { + Community types.String `tfsdk:"community"` +} + +// snmpV3Model maps the v3 nested object. +type snmpV3Model struct { + User types.String `tfsdk:"user"` + AuthProtocol types.String `tfsdk:"auth_protocol"` + AuthPassphrase types.String `tfsdk:"auth_passphrase"` + PrivacyProtocol types.String `tfsdk:"privacy_protocol"` + PrivacyPassphrase types.String `tfsdk:"privacy_passphrase"` +} + +// snmpV2cAttrTypes is the attribute type map for the v2c nested object. +var snmpV2cAttrTypes = map[string]attr.Type{ + "community": types.StringType, +} + +// snmpV3AttrTypes is the attribute type map for the v3 nested object. +var snmpV3AttrTypes = map[string]attr.Type{ + "user": types.StringType, + "auth_protocol": types.StringType, + "auth_passphrase": types.StringType, + "privacy_protocol": types.StringType, + "privacy_passphrase": types.StringType, +} + +// ---------- resource interface methods -------------------------------------- + +func (r *snmpManagerResource) Metadata(_ context.Context, _ resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = "flashblade_snmp_manager" +} + +func (r *snmpManagerResource) Schema(ctx context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + Version: 0, + Description: "Manages a FlashBlade SNMP trap/inform destination (SNMP manager) for alerts.", + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + Computed: true, + Description: "The unique identifier of the SNMP manager.", + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "name": schema.StringAttribute{ + Required: true, + Description: "The name of the SNMP manager. Changing this forces a new resource.", + PlanModifiers: []planmodifier.String{ + stringplanmodifier.RequiresReplace(), + }, + }, + "host": schema.StringAttribute{ + Required: true, + Description: "DNS name or IP address (with optional :port) of the SNMP receiver.", + }, + "notification": schema.StringAttribute{ + Required: true, + Description: "Notification delivery mode: `inform` (acknowledged) or `trap` (fire-and-forget).", + Validators: []validator.String{ + stringvalidator.OneOf("inform", "trap"), + }, + }, + "version": schema.StringAttribute{ + Required: true, + Description: "SNMP protocol version: `v2c` or `v3`. Switching in place is permitted (no resource replacement).", + Validators: []validator.String{ + stringvalidator.OneOf("v2c", "v3"), + }, + }, + "v2c": schema.SingleNestedAttribute{ + Optional: true, + Computed: true, + Description: "SNMPv2c configuration. Required when `version = \"v2c\"`.", + Attributes: map[string]schema.Attribute{ + "community": schema.StringAttribute{ + Optional: true, + Computed: true, + Sensitive: true, + Description: "Community string. Write-once: never returned by the API on GET; state preserves the user-supplied value.", + Validators: []validator.String{ + stringvalidator.LengthAtMost(32), + }, + }, + }, + }, + "v3": schema.SingleNestedAttribute{ + Optional: true, + Computed: true, + Description: "SNMPv3 configuration. Required when `version = \"v3\"`.", + Attributes: map[string]schema.Attribute{ + "user": schema.StringAttribute{ + Optional: true, + Computed: true, + Description: "SNMPv3 username.", + }, + "auth_protocol": schema.StringAttribute{ + Optional: true, + Computed: true, + Description: "Authentication protocol: `MD5` or `SHA`.", + Validators: []validator.String{ + stringvalidator.OneOf("MD5", "SHA"), + }, + }, + "auth_passphrase": schema.StringAttribute{ + Optional: true, + Computed: true, + Sensitive: true, + Description: "Authentication passphrase (max 32 chars). Write-once: never returned by the API on GET; state preserves the user-supplied value.", + Validators: []validator.String{ + stringvalidator.LengthAtMost(32), + }, + }, + "privacy_protocol": schema.StringAttribute{ + Optional: true, + Computed: true, + Description: "Privacy protocol: `AES` or `DES`.", + Validators: []validator.String{ + stringvalidator.OneOf("AES", "DES"), + }, + }, + "privacy_passphrase": schema.StringAttribute{ + Optional: true, + Computed: true, + Sensitive: true, + Description: "Privacy passphrase (8..63 chars). Write-once: never returned by the API on GET; state preserves the user-supplied value.", + Validators: []validator.String{ + stringvalidator.LengthBetween(8, 63), + }, + }, + }, + }, + "timeouts": timeouts.Attributes(ctx, timeouts.Opts{ + Create: true, + Read: true, + Update: true, + Delete: true, + }), + }, + } +} + +func (r *snmpManagerResource) UpgradeState(_ context.Context) map[int64]resource.StateUpgrader { + return map[int64]resource.StateUpgrader{} +} + +func (r *snmpManagerResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + c, ok := req.ProviderData.(*client.FlashBladeClient) + if !ok { + resp.Diagnostics.AddError( + "Unexpected Provider Data Type", + fmt.Sprintf("Expected *client.FlashBladeClient, got: %T. This is a bug in the provider.", req.ProviderData), + ) + return + } + r.client = c +} + +// ---------- CRUD methods ---------------------------------------------------- + +func (r *snmpManagerResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var plan snmpManagerModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...) + if resp.Diagnostics.HasError() { + return + } + + createTimeout, diags := plan.Timeouts.Create(ctx, 20*time.Minute) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + ctx, cancel := context.WithTimeout(ctx, createTimeout) + defer cancel() + + // Extract plan-supplied v2c/v3 (with sensitive fields) BEFORE the POST so we + // can preserve them in state (the API never echoes sensitive fields). + planV2c, d := v2cFromObject(ctx, plan.V2c) + resp.Diagnostics.Append(d...) + planV3, d := v3ModelFromObject(ctx, plan.V3) + resp.Diagnostics.Append(d...) + if resp.Diagnostics.HasError() { + return + } + + post := client.SnmpManagerPost{ + Host: plan.Host.ValueString(), + Notification: plan.Notification.ValueString(), + Version: plan.Version.ValueString(), + } + if planV2c != nil { + post.V2c = &client.SnmpV2c{Community: planV2c.Community.ValueString()} + } + if planV3 != nil { + post.V3 = &client.SnmpV3Post{ + User: planV3.User.ValueString(), + AuthProtocol: planV3.AuthProtocol.ValueString(), + AuthPassphrase: planV3.AuthPassphrase.ValueString(), + PrivacyProtocol: planV3.PrivacyProtocol.ValueString(), + PrivacyPassphrase: planV3.PrivacyPassphrase.ValueString(), + } + } + + mgr, err := r.client.PostSnmpManager(ctx, plan.Name.ValueString(), post) + if err != nil { + resp.Diagnostics.AddError("Error creating SNMP manager", err.Error()) + return + } + + resp.Diagnostics.Append(mapSnmpManagerToModel(ctx, mgr, &plan, planV2c, planV3, nil)...) + resp.Diagnostics.Append(resp.State.Set(ctx, &plan)...) +} + +// Read refreshes Terraform state from the API, logging field-level drift on +// the 6 non-sensitive leaves. Sensitive fields (community, auth_passphrase, +// privacy_passphrase) are NEVER overwritten from the API response. +func (r *snmpManagerResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var data snmpManagerModel + resp.Diagnostics.Append(req.State.Get(ctx, &data)...) + if resp.Diagnostics.HasError() { + return + } + + readTimeout, diags := data.Timeouts.Read(ctx, 5*time.Minute) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + ctx, cancel := context.WithTimeout(ctx, readTimeout) + defer cancel() + + name := data.Name.ValueString() + mgr, err := r.client.GetSnmpManager(ctx, name) + if err != nil { + if client.IsNotFound(err) { + resp.State.RemoveResource(ctx) + return + } + resp.Diagnostics.AddError("Error reading SNMP manager", err.Error()) + return + } + + // Decode existing nested objects to preserve sensitive write-once fields. + prevV2c, d := v2cFromObject(ctx, data.V2c) + resp.Diagnostics.Append(d...) + prevV3, d := v3ModelFromObject(ctx, data.V3) + resp.Diagnostics.Append(d...) + if resp.Diagnostics.HasError() { + return + } + + if data.Host.ValueString() != mgr.Host { + tflog.Debug(ctx, "drift detected", map[string]any{ + "resource": name, "field": "host", + "was": data.Host.ValueString(), "now": mgr.Host, + }) + } + if data.Notification.ValueString() != mgr.Notification { + tflog.Debug(ctx, "drift detected", map[string]any{ + "resource": name, "field": "notification", + "was": data.Notification.ValueString(), "now": mgr.Notification, + }) + } + if data.Version.ValueString() != mgr.Version { + tflog.Debug(ctx, "drift detected", map[string]any{ + "resource": name, "field": "version", + "was": data.Version.ValueString(), "now": mgr.Version, + }) + } + + oldV3User, oldV3Auth, oldV3Priv := "", "", "" + if prevV3 != nil { + oldV3User = prevV3.User.ValueString() + oldV3Auth = prevV3.AuthProtocol.ValueString() + oldV3Priv = prevV3.PrivacyProtocol.ValueString() + } + newV3User, newV3Auth, newV3Priv := "", "", "" + if mgr.V3 != nil { + newV3User = mgr.V3.User + newV3Auth = mgr.V3.AuthProtocol + newV3Priv = mgr.V3.PrivacyProtocol + } + if oldV3User != newV3User { + tflog.Debug(ctx, "drift detected", map[string]any{ + "resource": name, "field": "v3.user", + "was": oldV3User, "now": newV3User, + }) + } + if oldV3Auth != newV3Auth { + tflog.Debug(ctx, "drift detected", map[string]any{ + "resource": name, "field": "v3.auth_protocol", + "was": oldV3Auth, "now": newV3Auth, + }) + } + if oldV3Priv != newV3Priv { + tflog.Debug(ctx, "drift detected", map[string]any{ + "resource": name, "field": "v3.privacy_protocol", + "was": oldV3Priv, "now": newV3Priv, + }) + } + + resp.Diagnostics.Append(mapSnmpManagerToModel(ctx, mgr, &data, prevV2c, prevV3, prevV3)...) + resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) +} + +func (r *snmpManagerResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var plan, state snmpManagerModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...) + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + + updateTimeout, diags := plan.Timeouts.Update(ctx, 20*time.Minute) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + ctx, cancel := context.WithTimeout(ctx, updateTimeout) + defer cancel() + + planV2c, d := v2cFromObject(ctx, plan.V2c) + resp.Diagnostics.Append(d...) + planV3, d := v3ModelFromObject(ctx, plan.V3) + resp.Diagnostics.Append(d...) + stateV2c, d := v2cFromObject(ctx, state.V2c) + resp.Diagnostics.Append(d...) + stateV3, d := v3ModelFromObject(ctx, state.V3) + resp.Diagnostics.Append(d...) + if resp.Diagnostics.HasError() { + return + } + + patch := client.SnmpManagerPatch{} + if !plan.Host.Equal(state.Host) { + v := plan.Host.ValueString() + patch.Host = &v + } + if !plan.Notification.Equal(state.Notification) { + v := plan.Notification.ValueString() + patch.Notification = &v + } + versionChanged := !plan.Version.Equal(state.Version) + if versionChanged { + v := plan.Version.ValueString() + patch.Version = &v + } + + // Nested blocks are atomic: send the full block if any leaf inside changed, + // or if the version flipped and the target block is now active. + if v2cBlockChanged(planV2c, stateV2c) || (versionChanged && plan.Version.ValueString() == "v2c") { + if planV2c != nil { + patch.V2c = &client.SnmpV2c{Community: planV2c.Community.ValueString()} + } + } + if v3BlockChanged(planV3, stateV3) || (versionChanged && plan.Version.ValueString() == "v3") { + if planV3 != nil { + patch.V3 = &client.SnmpV3{ + User: planV3.User.ValueString(), + AuthProtocol: planV3.AuthProtocol.ValueString(), + AuthPassphrase: planV3.AuthPassphrase.ValueString(), + PrivacyProtocol: planV3.PrivacyProtocol.ValueString(), + PrivacyPassphrase: planV3.PrivacyPassphrase.ValueString(), + } + } + } + + _, err := r.client.PatchSnmpManager(ctx, state.Name.ValueString(), patch) + if err != nil { + resp.Diagnostics.AddError("Error updating SNMP manager", err.Error()) + return + } + + // Re-read to refresh computed fields. Sensitive fields preserved from plan. + mgr, err := r.client.GetSnmpManager(ctx, state.Name.ValueString()) + if err != nil { + resp.Diagnostics.AddError("Error reading SNMP manager after update", err.Error()) + return + } + resp.Diagnostics.Append(mapSnmpManagerToModel(ctx, mgr, &plan, planV2c, planV3, nil)...) + resp.Diagnostics.Append(resp.State.Set(ctx, &plan)...) +} + +func (r *snmpManagerResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var data snmpManagerModel + resp.Diagnostics.Append(req.State.Get(ctx, &data)...) + if resp.Diagnostics.HasError() { + return + } + + deleteTimeout, diags := data.Timeouts.Delete(ctx, 30*time.Minute) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + ctx, cancel := context.WithTimeout(ctx, deleteTimeout) + defer cancel() + + err := r.client.DeleteSnmpManager(ctx, data.Name.ValueString()) + if err != nil { + if client.IsNotFound(err) { + return + } + resp.Diagnostics.AddError("Error deleting SNMP manager", err.Error()) + return + } +} + +// ImportState imports an existing SNMP manager by name. Sensitive write-once +// fields (community, auth_passphrase, privacy_passphrase) are set to null; +// the operator must re-supply them via HCL + apply. +func (r *snmpManagerResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + name := req.ID + mgr, err := r.client.GetSnmpManager(ctx, name) + if err != nil { + resp.Diagnostics.AddError("Error importing SNMP manager", err.Error()) + return + } + + var data snmpManagerModel + data.Timeouts = nullTimeoutsValue() + resp.Diagnostics.Append(mapSnmpManagerToModel(ctx, mgr, &data, nil, nil, nil)...) + resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) +} + +// ---------- helpers --------------------------------------------------------- + +// v2cFromObject decodes a types.Object into snmpV2cModel. +// Returns nil when the object is null or unknown. +func v2cFromObject(ctx context.Context, obj types.Object) (*snmpV2cModel, diag.Diagnostics) { + if obj.IsNull() || obj.IsUnknown() { + return nil, nil + } + var m snmpV2cModel + diags := obj.As(ctx, &m, basetypes.ObjectAsOptions{UnhandledNullAsEmpty: true, UnhandledUnknownAsEmpty: true}) + if diags.HasError() { + return nil, diags + } + return &m, diags +} + +// v3ModelFromObject decodes a types.Object into snmpV3Model. +// Returns nil when the object is null or unknown. +func v3ModelFromObject(ctx context.Context, obj types.Object) (*snmpV3Model, diag.Diagnostics) { + if obj.IsNull() || obj.IsUnknown() { + return nil, nil + } + var m snmpV3Model + diags := obj.As(ctx, &m, basetypes.ObjectAsOptions{UnhandledNullAsEmpty: true, UnhandledUnknownAsEmpty: true}) + if diags.HasError() { + return nil, diags + } + return &m, diags +} + +func v2cBlockChanged(plan, state *snmpV2cModel) bool { + if plan == nil && state == nil { + return false + } + if plan == nil || state == nil { + return true + } + return !plan.Community.Equal(state.Community) +} + +func v3BlockChanged(plan, state *snmpV3Model) bool { + if plan == nil && state == nil { + return false + } + if plan == nil || state == nil { + return true + } + return !plan.User.Equal(state.User) || + !plan.AuthProtocol.Equal(state.AuthProtocol) || + !plan.AuthPassphrase.Equal(state.AuthPassphrase) || + !plan.PrivacyProtocol.Equal(state.PrivacyProtocol) || + !plan.PrivacyPassphrase.Equal(state.PrivacyPassphrase) +} + +// mapSnmpManagerToModel maps a client.SnmpManager into the Terraform model. +// `preservedV2c` and `preservedV3` carry the user-supplied (Create/Update) or +// previously-stored (Read) sensitive values; the API never returns them on GET. +// `readPriorV3` carries the v3 model from the prior state (Read only) so that +// when the API now reports `v3 = nil` (e.g. version flipped to v2c) we still +// surface a non-null v3 in state when appropriate. Pass nil otherwise. +func mapSnmpManagerToModel( + ctx context.Context, + mgr *client.SnmpManager, + data *snmpManagerModel, + preservedV2c *snmpV2cModel, + preservedV3 *snmpV3Model, + _ *snmpV3Model, +) diag.Diagnostics { + var diags diag.Diagnostics + + data.ID = types.StringValue(mgr.ID) + data.Name = types.StringValue(mgr.Name) + data.Host = types.StringValue(mgr.Host) + data.Notification = types.StringValue(mgr.Notification) + data.Version = types.StringValue(mgr.Version) + + // v2c mapping. + if mgr.V2c != nil { + v2 := snmpV2cModel{ + // skip sensitive write-once: community is never returned by the API on GET. + // Preserve the user-supplied or previously-stored value. + Community: types.StringNull(), + } + if preservedV2c != nil && !preservedV2c.Community.IsNull() && !preservedV2c.Community.IsUnknown() { + v2.Community = preservedV2c.Community + } + obj, d := types.ObjectValueFrom(ctx, snmpV2cAttrTypes, v2) + diags.Append(d...) + if !diags.HasError() { + data.V2c = obj + } + } else { + data.V2c = types.ObjectNull(snmpV2cAttrTypes) + } + + // v3 mapping. + if mgr.V3 != nil { + v3 := snmpV3Model{ + User: stringFromAPI(mgr.V3.User), + AuthProtocol: stringFromAPI(mgr.V3.AuthProtocol), + PrivacyProtocol: stringFromAPI(mgr.V3.PrivacyProtocol), + // skip sensitive write-once: auth_passphrase is never returned by the API on GET. + AuthPassphrase: types.StringNull(), + // skip sensitive write-once: privacy_passphrase is never returned by the API on GET. + PrivacyPassphrase: types.StringNull(), + } + if preservedV3 != nil { + if !preservedV3.AuthPassphrase.IsNull() && !preservedV3.AuthPassphrase.IsUnknown() { + v3.AuthPassphrase = preservedV3.AuthPassphrase + } + if !preservedV3.PrivacyPassphrase.IsNull() && !preservedV3.PrivacyPassphrase.IsUnknown() { + v3.PrivacyPassphrase = preservedV3.PrivacyPassphrase + } + } + obj, d := types.ObjectValueFrom(ctx, snmpV3AttrTypes, v3) + diags.Append(d...) + if !diags.HasError() { + data.V3 = obj + } + } else { + data.V3 = types.ObjectNull(snmpV3AttrTypes) + } + + return diags +} + +// stringFromAPI maps an API string to a Terraform types.String; empty string +// becomes null for cleaner state representation. +func stringFromAPI(s string) types.String { + if s == "" { + return types.StringNull() + } + return types.StringValue(s) +} diff --git a/internal/provider/snmp_manager_resource_test.go b/internal/provider/snmp_manager_resource_test.go new file mode 100644 index 00000000..bc698a20 --- /dev/null +++ b/internal/provider/snmp_manager_resource_test.go @@ -0,0 +1,390 @@ +package provider + +import ( + "context" + "testing" + + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/tfsdk" + "github.com/hashicorp/terraform-plugin-framework/types/basetypes" + "github.com/hashicorp/terraform-plugin-go/tftypes" + "github.com/numberly/terraform-provider-mica/internal/client" + "github.com/numberly/terraform-provider-mica/internal/testmock" + "github.com/numberly/terraform-provider-mica/internal/testmock/handlers" +) + +// ---- helpers ---------------------------------------------------------------- + +func newTestSnmpManagerResource(t *testing.T, ms *testmock.MockServer) *snmpManagerResource { + t.Helper() + c, err := client.NewClient(context.Background(), client.Config{ + Endpoint: ms.URL(), + APIToken: "test-token", + InsecureSkipVerify: true, + MaxRetries: 1, + }) + if err != nil { + t.Fatalf("NewClient: %v", err) + } + return &snmpManagerResource{client: c} +} + +func snmpManagerResourceSchema(t *testing.T) resource.SchemaResponse { + t.Helper() + r := &snmpManagerResource{} + var resp resource.SchemaResponse + r.Schema(context.Background(), resource.SchemaRequest{}, &resp) + return resp +} + +func snmpManagerV2cType() tftypes.Object { + return tftypes.Object{AttributeTypes: map[string]tftypes.Type{ + "community": tftypes.String, + }} +} + +func snmpManagerV3Type() tftypes.Object { + return tftypes.Object{AttributeTypes: map[string]tftypes.Type{ + "user": tftypes.String, + "auth_protocol": tftypes.String, + "auth_passphrase": tftypes.String, + "privacy_protocol": tftypes.String, + "privacy_passphrase": tftypes.String, + }} +} + +func buildSnmpManagerType() tftypes.Object { + timeoutsType := tftypes.Object{AttributeTypes: map[string]tftypes.Type{ + "create": tftypes.String, + "read": tftypes.String, + "update": tftypes.String, + "delete": tftypes.String, + }} + return tftypes.Object{AttributeTypes: map[string]tftypes.Type{ + "id": tftypes.String, + "name": tftypes.String, + "host": tftypes.String, + "notification": tftypes.String, + "version": tftypes.String, + "v2c": snmpManagerV2cType(), + "v3": snmpManagerV3Type(), + "timeouts": timeoutsType, + }} +} + +func nullSnmpManagerConfig() map[string]tftypes.Value { + timeoutsType := tftypes.Object{AttributeTypes: map[string]tftypes.Type{ + "create": tftypes.String, + "read": tftypes.String, + "update": tftypes.String, + "delete": tftypes.String, + }} + return map[string]tftypes.Value{ + "id": tftypes.NewValue(tftypes.String, nil), + "name": tftypes.NewValue(tftypes.String, nil), + "host": tftypes.NewValue(tftypes.String, nil), + "notification": tftypes.NewValue(tftypes.String, nil), + "version": tftypes.NewValue(tftypes.String, nil), + "v2c": tftypes.NewValue(snmpManagerV2cType(), nil), + "v3": tftypes.NewValue(snmpManagerV3Type(), nil), + "timeouts": tftypes.NewValue(timeoutsType, nil), + } +} + +// snmpManagerPlanV3 builds a v3 plan tfsdk.Plan for the snmp_manager resource. +func snmpManagerPlanV3(t *testing.T, name, host, notification, user, authProto, authPass, privProto, privPass string) tfsdk.Plan { + t.Helper() + s := snmpManagerResourceSchema(t).Schema + cfg := nullSnmpManagerConfig() + cfg["name"] = tftypes.NewValue(tftypes.String, name) + cfg["host"] = tftypes.NewValue(tftypes.String, host) + cfg["notification"] = tftypes.NewValue(tftypes.String, notification) + cfg["version"] = tftypes.NewValue(tftypes.String, "v3") + cfg["v3"] = tftypes.NewValue(snmpManagerV3Type(), map[string]tftypes.Value{ + "user": tftypes.NewValue(tftypes.String, user), + "auth_protocol": tftypes.NewValue(tftypes.String, authProto), + "auth_passphrase": tftypes.NewValue(tftypes.String, authPass), + "privacy_protocol": tftypes.NewValue(tftypes.String, privProto), + "privacy_passphrase": tftypes.NewValue(tftypes.String, privPass), + }) + return tfsdk.Plan{ + Raw: tftypes.NewValue(buildSnmpManagerType(), cfg), + Schema: s, + } +} + +// ---- tests ------------------------------------------------------------------ + +// TestUnit_SnmpManagerResource_Lifecycle: create v3 → update host → update notification → +// update auth_protocol (v3 block) → delete. +func TestUnit_SnmpManagerResource_Lifecycle(t *testing.T) { + ms := testmock.NewMockServer() + defer ms.Close() + store := handlers.RegisterSnmpManagerHandlers(ms.Mux) + + r := newTestSnmpManagerResource(t, ms) + s := snmpManagerResourceSchema(t).Schema + + // Step 1: Create with full v3 block. + plan := snmpManagerPlanV3(t, "mgr-life", "snmp.example.com", "trap", + "purity_user", "MD5", "auth-secret-32max", "AES", "priv-secret-min8") + createResp := &resource.CreateResponse{ + State: tfsdk.State{Raw: tftypes.NewValue(buildSnmpManagerType(), nil), Schema: s}, + } + r.Create(context.Background(), resource.CreateRequest{Plan: plan}, createResp) + if createResp.Diagnostics.HasError() { + t.Fatalf("Create returned error: %s", createResp.Diagnostics) + } + + var afterCreate snmpManagerModel + if diags := createResp.State.Get(context.Background(), &afterCreate); diags.HasError() { + t.Fatalf("Get create state: %s", diags) + } + if afterCreate.ID.IsNull() || afterCreate.ID.ValueString() == "" { + t.Error("expected non-empty id after Create") + } + if afterCreate.Host.ValueString() != "snmp.example.com" { + t.Errorf("expected host=snmp.example.com, got %s", afterCreate.Host.ValueString()) + } + if afterCreate.Version.ValueString() != "v3" { + t.Errorf("expected version=v3, got %s", afterCreate.Version.ValueString()) + } + // Sensitive fields must be preserved in state after Create even though API + // never echoes them. + var v3 snmpV3Model + if diags := afterCreate.V3.As(context.Background(), &v3, basetypes.ObjectAsOptions{}); diags.HasError() { + t.Fatalf("decode v3 after create: %s", diags) + } + if v3.AuthPassphrase.ValueString() != "auth-secret-32max" { + t.Errorf("expected v3.auth_passphrase preserved, got %q", v3.AuthPassphrase.ValueString()) + } + if v3.PrivacyPassphrase.ValueString() != "priv-secret-min8" { + t.Errorf("expected v3.privacy_passphrase preserved, got %q", v3.PrivacyPassphrase.ValueString()) + } + + // Step 2: Update host only. + updatePlanHost := snmpManagerPlanV3(t, "mgr-life", "new.example.com", "trap", + "purity_user", "MD5", "auth-secret-32max", "AES", "priv-secret-min8") + updateResp := &resource.UpdateResponse{ + State: tfsdk.State{Raw: tftypes.NewValue(buildSnmpManagerType(), nil), Schema: s}, + } + r.Update(context.Background(), resource.UpdateRequest{ + Plan: updatePlanHost, + State: createResp.State, + }, updateResp) + if updateResp.Diagnostics.HasError() { + t.Fatalf("Update host: %s", updateResp.Diagnostics) + } + var afterHost snmpManagerModel + if diags := updateResp.State.Get(context.Background(), &afterHost); diags.HasError() { + t.Fatalf("Get update state: %s", diags) + } + if afterHost.Host.ValueString() != "new.example.com" { + t.Errorf("expected host=new.example.com, got %s", afterHost.Host.ValueString()) + } + + // Step 3: Update notification (trap -> inform). + updatePlanNotif := snmpManagerPlanV3(t, "mgr-life", "new.example.com", "inform", + "purity_user", "MD5", "auth-secret-32max", "AES", "priv-secret-min8") + updateResp2 := &resource.UpdateResponse{ + State: tfsdk.State{Raw: tftypes.NewValue(buildSnmpManagerType(), nil), Schema: s}, + } + r.Update(context.Background(), resource.UpdateRequest{ + Plan: updatePlanNotif, + State: updateResp.State, + }, updateResp2) + if updateResp2.Diagnostics.HasError() { + t.Fatalf("Update notification: %s", updateResp2.Diagnostics) + } + var afterNotif snmpManagerModel + if diags := updateResp2.State.Get(context.Background(), &afterNotif); diags.HasError() { + t.Fatalf("Get update state: %s", diags) + } + if afterNotif.Notification.ValueString() != "inform" { + t.Errorf("expected notification=inform, got %s", afterNotif.Notification.ValueString()) + } + + // Step 4: Update v3 inner field (auth_protocol MD5 -> SHA). + updatePlanAuth := snmpManagerPlanV3(t, "mgr-life", "new.example.com", "inform", + "purity_user", "SHA", "auth-secret-32max", "AES", "priv-secret-min8") + updateResp3 := &resource.UpdateResponse{ + State: tfsdk.State{Raw: tftypes.NewValue(buildSnmpManagerType(), nil), Schema: s}, + } + r.Update(context.Background(), resource.UpdateRequest{ + Plan: updatePlanAuth, + State: updateResp2.State, + }, updateResp3) + if updateResp3.Diagnostics.HasError() { + t.Fatalf("Update v3 auth_protocol: %s", updateResp3.Diagnostics) + } + // Confirm the mock store received the full v3 block (including sensitive fields). + stored, ok := store.Get("mgr-life") + if !ok { + t.Fatal("manager missing from store after auth_protocol update") + } + if stored.V3 == nil || stored.V3.AuthProtocol != "SHA" { + t.Errorf("expected stored v3.auth_protocol=SHA, got %+v", stored.V3) + } + if stored.V3 == nil || stored.V3.AuthPassphrase != "auth-secret-32max" { + t.Errorf("expected v3 block to be sent atomically including passphrase, got %+v", stored.V3) + } + + // Step 5: Delete. + deleteResp := &resource.DeleteResponse{} + r.Delete(context.Background(), resource.DeleteRequest{State: updateResp3.State}, deleteResp) + if deleteResp.Diagnostics.HasError() { + t.Fatalf("Delete returned error: %s", deleteResp.Diagnostics) + } + if _, ok := store.Get("mgr-life"); ok { + t.Error("expected manager deleted from store") + } +} + +// TestUnit_SnmpManagerResource_Import: seed v3 manager → import by name → confirm +// sensitive fields null and non-sensitive populated. +func TestUnit_SnmpManagerResource_Import(t *testing.T) { + ms := testmock.NewMockServer() + defer ms.Close() + store := handlers.RegisterSnmpManagerHandlers(ms.Mux) + + store.Seed(&client.SnmpManager{ + Name: "mgr-import", + Host: "snmp.example.com", + Notification: "trap", + Version: "v3", + V3: &client.SnmpV3{ + User: "purity_user", + AuthProtocol: "SHA", + AuthPassphrase: "should-be-stripped", + PrivacyProtocol: "AES", + PrivacyPassphrase: "should-also-be-stripped", + }, + }) + + r := newTestSnmpManagerResource(t, ms) + s := snmpManagerResourceSchema(t).Schema + + importResp := &resource.ImportStateResponse{ + State: tfsdk.State{Raw: tftypes.NewValue(buildSnmpManagerType(), nil), Schema: s}, + } + r.ImportState(context.Background(), resource.ImportStateRequest{ID: "mgr-import"}, importResp) + if importResp.Diagnostics.HasError() { + t.Fatalf("ImportState: %s", importResp.Diagnostics) + } + + var model snmpManagerModel + if diags := importResp.State.Get(context.Background(), &model); diags.HasError() { + t.Fatalf("Get import state: %s", diags) + } + + if model.Name.ValueString() != "mgr-import" { + t.Errorf("expected name=mgr-import, got %s", model.Name.ValueString()) + } + if model.Version.ValueString() != "v3" { + t.Errorf("expected version=v3, got %s", model.Version.ValueString()) + } + if !model.Timeouts.IsNull() { + t.Error("expected timeouts to be null after import") + } + + var v3 snmpV3Model + if diags := model.V3.As(context.Background(), &v3, basetypes.ObjectAsOptions{}); diags.HasError() { + t.Fatalf("decode v3 after import: %s", diags) + } + if v3.User.ValueString() != "purity_user" { + t.Errorf("expected v3.user=purity_user, got %q", v3.User.ValueString()) + } + if v3.AuthProtocol.ValueString() != "SHA" { + t.Errorf("expected v3.auth_protocol=SHA, got %q", v3.AuthProtocol.ValueString()) + } + if v3.PrivacyProtocol.ValueString() != "AES" { + t.Errorf("expected v3.privacy_protocol=AES, got %q", v3.PrivacyProtocol.ValueString()) + } + if !v3.AuthPassphrase.IsNull() { + t.Errorf("expected v3.auth_passphrase null after import, got %q", v3.AuthPassphrase.ValueString()) + } + if !v3.PrivacyPassphrase.IsNull() { + t.Errorf("expected v3.privacy_passphrase null after import, got %q", v3.PrivacyPassphrase.ValueString()) + } +} + +// TestUnit_SnmpManagerResource_DriftDetection: create v3 manager → mutate stored +// manager on the array side → Read → confirm state reflects new values and +// sensitive fields are preserved. +func TestUnit_SnmpManagerResource_DriftDetection(t *testing.T) { + ms := testmock.NewMockServer() + defer ms.Close() + store := handlers.RegisterSnmpManagerHandlers(ms.Mux) + + r := newTestSnmpManagerResource(t, ms) + s := snmpManagerResourceSchema(t).Schema + + // Create. + plan := snmpManagerPlanV3(t, "mgr-drift", "snmp.example.com", "trap", + "purity_user", "MD5", "auth-secret-32max", "AES", "priv-secret-min8") + createResp := &resource.CreateResponse{ + State: tfsdk.State{Raw: tftypes.NewValue(buildSnmpManagerType(), nil), Schema: s}, + } + r.Create(context.Background(), resource.CreateRequest{Plan: plan}, createResp) + if createResp.Diagnostics.HasError() { + t.Fatalf("Create: %s", createResp.Diagnostics) + } + + // Mutate every non-sensitive leaf in the mock store (simulate out-of-band + // drift on all 6 fields the resource watches). + ok := store.Mutate("mgr-drift", func(m *client.SnmpManager) { + m.Host = "drifted.example.com" + m.Notification = "inform" + m.Version = "v3" + if m.V3 != nil { + m.V3.User = "drifted_user" + m.V3.AuthProtocol = "SHA" + m.V3.PrivacyProtocol = "DES" + } + }) + if !ok { + t.Fatal("Mutate returned false; manager not in store") + } + + // Read to detect drift. + readResp := &resource.ReadResponse{State: createResp.State} + r.Read(context.Background(), resource.ReadRequest{State: createResp.State}, readResp) + if readResp.Diagnostics.HasError() { + t.Fatalf("Read drift detection: %s", readResp.Diagnostics) + } + + var afterDrift snmpManagerModel + if diags := readResp.State.Get(context.Background(), &afterDrift); diags.HasError() { + t.Fatalf("Get drift state: %s", diags) + } + + // State must reflect drifted API values. + if afterDrift.Host.ValueString() != "drifted.example.com" { + t.Errorf("expected host=drifted.example.com after drift, got %s", afterDrift.Host.ValueString()) + } + if afterDrift.Notification.ValueString() != "inform" { + t.Errorf("expected notification=inform after drift, got %s", afterDrift.Notification.ValueString()) + } + + var v3 snmpV3Model + if diags := afterDrift.V3.As(context.Background(), &v3, basetypes.ObjectAsOptions{}); diags.HasError() { + t.Fatalf("decode v3: %s", diags) + } + if v3.User.ValueString() != "drifted_user" { + t.Errorf("expected v3.user=drifted_user, got %q", v3.User.ValueString()) + } + if v3.AuthProtocol.ValueString() != "SHA" { + t.Errorf("expected v3.auth_protocol=SHA, got %q", v3.AuthProtocol.ValueString()) + } + if v3.PrivacyProtocol.ValueString() != "DES" { + t.Errorf("expected v3.privacy_protocol=DES, got %q", v3.PrivacyProtocol.ValueString()) + } + + // Sensitive fields must be preserved (write-once contract). + if v3.AuthPassphrase.ValueString() != "auth-secret-32max" { + t.Errorf("expected v3.auth_passphrase preserved across drift, got %q", v3.AuthPassphrase.ValueString()) + } + if v3.PrivacyPassphrase.ValueString() != "priv-secret-min8" { + t.Errorf("expected v3.privacy_passphrase preserved across drift, got %q", v3.PrivacyPassphrase.ValueString()) + } +} diff --git a/internal/testmock/handlers/array_admin.go b/internal/testmock/handlers/array_admin.go index b76a5d66..9f96b5c2 100644 --- a/internal/testmock/handlers/array_admin.go +++ b/internal/testmock/handlers/array_admin.go @@ -59,10 +59,10 @@ func RegisterArrayAdminHandlers(mux *http.ServeMux) *arrayAdminStore { alertWatchers: make(map[string]*client.AlertWatcher), } - mux.HandleFunc("/api/2.23/dns", dnsStore.handleDns) - mux.HandleFunc("/api/2.23/arrays", store.handleArrays) - mux.HandleFunc("/api/2.23/smtp-servers", store.handleSmtp) - mux.HandleFunc("/api/2.23/alert-watchers", store.handleAlertWatchers) + mux.HandleFunc(APIPrefix+"/dns", dnsStore.handleDns) + mux.HandleFunc(APIPrefix+"/arrays", store.handleArrays) + mux.HandleFunc(APIPrefix+"/smtp-servers", store.handleSmtp) + mux.HandleFunc(APIPrefix+"/alert-watchers", store.handleAlertWatchers) return store } diff --git a/internal/testmock/handlers/array_connection_key.go b/internal/testmock/handlers/array_connection_key.go index 8589ed7a..d1e182a4 100644 --- a/internal/testmock/handlers/array_connection_key.go +++ b/internal/testmock/handlers/array_connection_key.go @@ -16,11 +16,11 @@ type arrayConnectionKeyStore struct { } // RegisterArrayConnectionKeyHandlers registers GET/POST handlers for -// /api/2.23/array-connections/connection-key against the provided ServeMux. +// /api//array-connections/connection-key against the provided ServeMux. // The store pointer is returned for test setup (Seed). func RegisterArrayConnectionKeyHandlers(mux *http.ServeMux) *arrayConnectionKeyStore { store := &arrayConnectionKeyStore{nextID: 1} - mux.HandleFunc("/api/2.23/array-connections/connection-key", store.handle) + mux.HandleFunc(APIPrefix+"/array-connections/connection-key", store.handle) return store } @@ -42,7 +42,7 @@ func (s *arrayConnectionKeyStore) handle(w http.ResponseWriter, r *http.Request) } } -// handleGet handles GET /api/2.23/array-connections/connection-key. +// handleGet handles GET /api//array-connections/connection-key. // Returns the current key as a plain JSON object (not a list envelope). // If no key has been set, returns a zero-value object with HTTP 200. func (s *arrayConnectionKeyStore) handleGet(w http.ResponseWriter, r *http.Request) { @@ -60,7 +60,7 @@ func (s *arrayConnectionKeyStore) handleGet(w http.ResponseWriter, r *http.Reque WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/array-connections/connection-key. +// handlePost handles POST /api//array-connections/connection-key. // Generates a new synthetic key, overwrites the current one, and returns it as a plain JSON object. func (s *arrayConnectionKeyStore) handlePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{}) { diff --git a/internal/testmock/handlers/array_connections.go b/internal/testmock/handlers/array_connections.go index 9ab8f84c..3888cd6b 100644 --- a/internal/testmock/handlers/array_connections.go +++ b/internal/testmock/handlers/array_connections.go @@ -16,14 +16,14 @@ type arrayConnectionStore struct { nextID int } -// RegisterArrayConnectionHandlers registers CRUD handlers for /api/2.23/array-connections +// RegisterArrayConnectionHandlers registers CRUD handlers for /api//array-connections // against the provided ServeMux. The store pointer is returned for test setup. func RegisterArrayConnectionHandlers(mux *http.ServeMux) *arrayConnectionStore { store := &arrayConnectionStore{ byName: make(map[string]*client.ArrayConnection), nextID: 1, } - mux.HandleFunc("/api/2.23/array-connections", store.handle) + mux.HandleFunc(APIPrefix+"/array-connections", store.handle) return store } @@ -50,7 +50,7 @@ func (s *arrayConnectionStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/array-connections with optional ?remote_names= filter. +// handleGet handles GET /api//array-connections with optional ?remote_names= filter. // When the filter finds no match, returns an empty list with HTTP 200 (not 404). func (s *arrayConnectionStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"remote_names"}) { @@ -80,7 +80,7 @@ func (s *arrayConnectionStore) handleGet(w http.ResponseWriter, r *http.Request) WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/array-connections?remote_names={remoteName}. +// handlePost handles POST /api//array-connections?remote_names={remoteName}. // Returns 409 if a connection for that remote already exists. func (s *arrayConnectionStore) handlePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"remote_names"}) { @@ -124,7 +124,7 @@ func (s *arrayConnectionStore) handlePost(w http.ResponseWriter, r *http.Request WriteJSONListResponse(w, http.StatusOK, []client.ArrayConnection{*conn}) } -// handlePatch handles PATCH /api/2.23/array-connections?remote_names={remoteName}. +// handlePatch handles PATCH /api//array-connections?remote_names={remoteName}. // Applies non-nil pointer fields. Returns 404 if the connection is not found. func (s *arrayConnectionStore) handlePatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"remote_names"}) { @@ -167,7 +167,7 @@ func (s *arrayConnectionStore) handlePatch(w http.ResponseWriter, r *http.Reques WriteJSONListResponse(w, http.StatusOK, []client.ArrayConnection{*conn}) } -// handleDelete handles DELETE /api/2.23/array-connections?remote_names={remoteName}. +// handleDelete handles DELETE /api//array-connections?remote_names={remoteName}. func (s *arrayConnectionStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"remote_names"}) { return diff --git a/internal/testmock/handlers/audit_object_store_policies.go b/internal/testmock/handlers/audit_object_store_policies.go index 7647510a..78dcfe35 100644 --- a/internal/testmock/handlers/audit_object_store_policies.go +++ b/internal/testmock/handlers/audit_object_store_policies.go @@ -18,7 +18,7 @@ type auditObjectStorePolicyStore struct { } // RegisterAuditObjectStorePolicyHandlers registers CRUD handlers for -// /api/2.23/audit-object-store-policies against the provided ServeMux. +// /api//audit-object-store-policies against the provided ServeMux. // The returned store pointer can be used for test setup via Seed. func RegisterAuditObjectStorePolicyHandlers(mux *http.ServeMux) *auditObjectStorePolicyStore { store := &auditObjectStorePolicyStore{ @@ -26,8 +26,8 @@ func RegisterAuditObjectStorePolicyHandlers(mux *http.ServeMux) *auditObjectStor members: make(map[string][]client.AuditObjectStorePolicyMember), nextID: 1, } - mux.HandleFunc("/api/2.23/audit-object-store-policies/members", store.handleMember) - mux.HandleFunc("/api/2.23/audit-object-store-policies", store.handle) + mux.HandleFunc(APIPrefix+"/audit-object-store-policies/members", store.handleMember) + mux.HandleFunc(APIPrefix+"/audit-object-store-policies", store.handle) return store } @@ -73,7 +73,7 @@ func (s *auditObjectStorePolicyStore) handle(w http.ResponseWriter, r *http.Requ } } -// handleGet handles GET /api/2.23/audit-object-store-policies. +// handleGet handles GET /api//audit-object-store-policies. // Returns empty list (HTTP 200) when not found — matches real FlashBlade API behavior. func (s *auditObjectStorePolicyStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -105,7 +105,7 @@ func (s *auditObjectStorePolicyStore) handleGet(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/audit-object-store-policies?names={name}. +// handlePost handles POST /api//audit-object-store-policies?names={name}. func (s *auditObjectStorePolicyStore) handlePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return @@ -155,7 +155,7 @@ func (s *auditObjectStorePolicyStore) handlePost(w http.ResponseWriter, r *http. WriteJSONListResponse(w, http.StatusOK, []client.AuditObjectStorePolicy{*policy}) } -// handlePatch handles PATCH /api/2.23/audit-object-store-policies?names={name}. +// handlePatch handles PATCH /api//audit-object-store-policies?names={name}. func (s *auditObjectStorePolicyStore) handlePatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return @@ -205,7 +205,7 @@ func (s *auditObjectStorePolicyStore) handlePatch(w http.ResponseWriter, r *http WriteJSONListResponse(w, http.StatusOK, []client.AuditObjectStorePolicy{*policy}) } -// handleDelete handles DELETE /api/2.23/audit-object-store-policies?names={name}. +// handleDelete handles DELETE /api//audit-object-store-policies?names={name}. func (s *auditObjectStorePolicyStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return @@ -246,7 +246,7 @@ func (s *auditObjectStorePolicyStore) handleMember(w http.ResponseWriter, r *htt } } -// handleMemberGet handles GET /api/2.23/audit-object-store-policies/members. +// handleMemberGet handles GET /api//audit-object-store-policies/members. func (s *auditObjectStorePolicyStore) handleMemberGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"policy_names", "policy_ids", "member_names", "member_ids"}) { return @@ -276,7 +276,7 @@ func (s *auditObjectStorePolicyStore) handleMemberGet(w http.ResponseWriter, r * WriteJSONListResponse(w, http.StatusOK, items) } -// handleMemberPost handles POST /api/2.23/audit-object-store-policies/members. +// handleMemberPost handles POST /api//audit-object-store-policies/members. func (s *auditObjectStorePolicyStore) handleMemberPost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"policy_names", "policy_ids", "member_names", "member_ids"}) { return @@ -314,7 +314,7 @@ func (s *auditObjectStorePolicyStore) handleMemberPost(w http.ResponseWriter, r WriteJSONListResponse(w, http.StatusOK, []client.AuditObjectStorePolicyMember{member}) } -// handleMemberDelete handles DELETE /api/2.23/audit-object-store-policies/members. +// handleMemberDelete handles DELETE /api//audit-object-store-policies/members. func (s *auditObjectStorePolicyStore) handleMemberDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"policy_names", "policy_ids", "member_names", "member_ids"}) { return diff --git a/internal/testmock/handlers/bucket_access_policies.go b/internal/testmock/handlers/bucket_access_policies.go index 9bb3c73d..3ef91b2d 100644 --- a/internal/testmock/handlers/bucket_access_policies.go +++ b/internal/testmock/handlers/bucket_access_policies.go @@ -18,14 +18,14 @@ type bucketAccessPolicyStore struct { } // RegisterBucketAccessPolicyHandlers registers CRUD handlers for -// /api/2.23/buckets/bucket-access-policies and /api/2.23/buckets/bucket-access-policies/rules +// /api//buckets/bucket-access-policies and /api//buckets/bucket-access-policies/rules // against the provided ServeMux. The returned store pointer can be used for test setup. func RegisterBucketAccessPolicyHandlers(mux *http.ServeMux) *bucketAccessPolicyStore { store := &bucketAccessPolicyStore{ policies: make(map[string]*client.BucketAccessPolicy), } - mux.HandleFunc("/api/2.23/buckets/bucket-access-policies", store.handlePolicy) - mux.HandleFunc("/api/2.23/buckets/bucket-access-policies/rules", store.handleRule) + mux.HandleFunc(APIPrefix+"/buckets/bucket-access-policies", store.handlePolicy) + mux.HandleFunc(APIPrefix+"/buckets/bucket-access-policies/rules", store.handleRule) return store } @@ -50,7 +50,7 @@ func (s *bucketAccessPolicyStore) handlePolicy(w http.ResponseWriter, r *http.Re } } -// handlePolicyGet handles GET /api/2.23/buckets/bucket-access-policies. +// handlePolicyGet handles GET /api//buckets/bucket-access-policies. func (s *bucketAccessPolicyStore) handlePolicyGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"bucket_ids", "bucket_names"}) { return @@ -81,7 +81,7 @@ func (s *bucketAccessPolicyStore) handlePolicyGet(w http.ResponseWriter, r *http WriteJSONListResponse(w, http.StatusOK, items) } -// handlePolicyPost handles POST /api/2.23/buckets/bucket-access-policies. +// handlePolicyPost handles POST /api//buckets/bucket-access-policies. func (s *bucketAccessPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"bucket_ids", "bucket_names"}) { return @@ -139,7 +139,7 @@ func (s *bucketAccessPolicyStore) handlePolicyPost(w http.ResponseWriter, r *htt WriteJSONListResponse(w, http.StatusOK, []client.BucketAccessPolicy{*policy}) } -// handlePolicyDelete handles DELETE /api/2.23/buckets/bucket-access-policies. +// handlePolicyDelete handles DELETE /api//buckets/bucket-access-policies. func (s *bucketAccessPolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"bucket_ids", "bucket_names"}) { return @@ -177,7 +177,7 @@ func (s *bucketAccessPolicyStore) handleRule(w http.ResponseWriter, r *http.Requ } } -// handleRuleGet handles GET /api/2.23/buckets/bucket-access-policies/rules. +// handleRuleGet handles GET /api//buckets/bucket-access-policies/rules. func (s *bucketAccessPolicyStore) handleRuleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"bucket_ids", "bucket_names", "names"}) { return @@ -220,7 +220,7 @@ func (s *bucketAccessPolicyStore) handleRuleGet(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, items) } -// handleRulePost handles POST /api/2.23/buckets/bucket-access-policies/rules. +// handleRulePost handles POST /api//buckets/bucket-access-policies/rules. func (s *bucketAccessPolicyStore) handleRulePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"bucket_ids", "bucket_names", "names"}) { return @@ -266,7 +266,7 @@ func (s *bucketAccessPolicyStore) handleRulePost(w http.ResponseWriter, r *http. WriteJSONListResponse(w, http.StatusOK, []client.BucketAccessPolicyRule{rule}) } -// handleRuleDelete handles DELETE /api/2.23/buckets/bucket-access-policies/rules. +// handleRuleDelete handles DELETE /api//buckets/bucket-access-policies/rules. func (s *bucketAccessPolicyStore) handleRuleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"bucket_ids", "bucket_names", "names"}) { return diff --git a/internal/testmock/handlers/bucket_audit_filters.go b/internal/testmock/handlers/bucket_audit_filters.go index b48464aa..0193638b 100644 --- a/internal/testmock/handlers/bucket_audit_filters.go +++ b/internal/testmock/handlers/bucket_audit_filters.go @@ -16,13 +16,13 @@ type bucketAuditFilterStore struct { } // RegisterBucketAuditFilterHandlers registers CRUD handlers for -// /api/2.23/buckets/audit-filters against the provided ServeMux. +// /api//buckets/audit-filters against the provided ServeMux. // The returned store pointer can be used for test setup. func RegisterBucketAuditFilterHandlers(mux *http.ServeMux) *bucketAuditFilterStore { store := &bucketAuditFilterStore{ filters: make(map[string]*client.BucketAuditFilter), } - mux.HandleFunc("/api/2.23/buckets/audit-filters", store.handle) + mux.HandleFunc(APIPrefix+"/buckets/audit-filters", store.handle) return store } @@ -48,7 +48,7 @@ func (s *bucketAuditFilterStore) handle(w http.ResponseWriter, r *http.Request) } } -// handleGet handles GET /api/2.23/buckets/audit-filters. +// handleGet handles GET /api//buckets/audit-filters. func (s *bucketAuditFilterStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"bucket_ids", "bucket_names", "names"}) { return @@ -87,7 +87,7 @@ func (s *bucketAuditFilterStore) handleGet(w http.ResponseWriter, r *http.Reques WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/buckets/audit-filters. +// handlePost handles POST /api//buckets/audit-filters. func (s *bucketAuditFilterStore) handlePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"bucket_ids", "bucket_names", "names"}) { return @@ -127,7 +127,7 @@ func (s *bucketAuditFilterStore) handlePost(w http.ResponseWriter, r *http.Reque WriteJSONListResponse(w, http.StatusOK, []client.BucketAuditFilter{*filter}) } -// handlePatch handles PATCH /api/2.23/buckets/audit-filters. +// handlePatch handles PATCH /api//buckets/audit-filters. func (s *bucketAuditFilterStore) handlePatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"bucket_ids", "bucket_names", "names"}) { return @@ -167,7 +167,7 @@ func (s *bucketAuditFilterStore) handlePatch(w http.ResponseWriter, r *http.Requ WriteJSONListResponse(w, http.StatusOK, []client.BucketAuditFilter{*filter}) } -// handleDelete handles DELETE /api/2.23/buckets/audit-filters. +// handleDelete handles DELETE /api//buckets/audit-filters. func (s *bucketAuditFilterStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"bucket_ids", "bucket_names", "names"}) { return diff --git a/internal/testmock/handlers/bucket_replica_links.go b/internal/testmock/handlers/bucket_replica_links.go index 3f12d790..0d326faf 100644 --- a/internal/testmock/handlers/bucket_replica_links.go +++ b/internal/testmock/handlers/bucket_replica_links.go @@ -18,13 +18,13 @@ type bucketReplicaLinkStore struct { nextID int } -// RegisterBucketReplicaLinkHandlers registers CRUD handlers for /api/2.23/bucket-replica-links +// RegisterBucketReplicaLinkHandlers registers CRUD handlers for /api//bucket-replica-links // against the provided ServeMux. The returned store pointer can be used for cross-reference. func RegisterBucketReplicaLinkHandlers(mux *http.ServeMux) *bucketReplicaLinkStore { store := &bucketReplicaLinkStore{ byID: make(map[string]*client.BucketReplicaLink), } - mux.HandleFunc("/api/2.23/bucket-replica-links", store.handle) + mux.HandleFunc(APIPrefix+"/bucket-replica-links", store.handle) return store } @@ -50,7 +50,7 @@ func (s *bucketReplicaLinkStore) handle(w http.ResponseWriter, r *http.Request) } } -// handleGet handles GET /api/2.23/bucket-replica-links with optional query parameters: +// handleGet handles GET /api//bucket-replica-links with optional query parameters: // ?local_bucket_names=, ?remote_bucket_names=, ?ids=. func (s *bucketReplicaLinkStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"local_bucket_names", "remote_bucket_names", "ids"}) { @@ -90,7 +90,7 @@ func (s *bucketReplicaLinkStore) handleGet(w http.ResponseWriter, r *http.Reques WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/bucket-replica-links. +// handlePost handles POST /api//bucket-replica-links. // Query params: local_bucket_names, remote_bucket_names, remote_credentials_names (optional). // Body: paused, cascading_enabled. func (s *bucketReplicaLinkStore) handlePost(w http.ResponseWriter, r *http.Request) { @@ -154,7 +154,7 @@ func (s *bucketReplicaLinkStore) handlePost(w http.ResponseWriter, r *http.Reque WriteJSONListResponse(w, http.StatusOK, []client.BucketReplicaLink{*link}) } -// handlePatch handles PATCH /api/2.23/bucket-replica-links. +// handlePatch handles PATCH /api//bucket-replica-links. // Identification by ?ids= only (unambiguous). func (s *bucketReplicaLinkStore) handlePatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids"}) { @@ -194,7 +194,7 @@ func (s *bucketReplicaLinkStore) handlePatch(w http.ResponseWriter, r *http.Requ WriteJSONListResponse(w, http.StatusOK, []client.BucketReplicaLink{*link}) } -// handleDelete handles DELETE /api/2.23/bucket-replica-links. +// handleDelete handles DELETE /api//bucket-replica-links. // Identification by ?ids= only (unambiguous). func (s *bucketReplicaLinkStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids"}) { diff --git a/internal/testmock/handlers/buckets.go b/internal/testmock/handlers/buckets.go index 50a7f828..08d88218 100644 --- a/internal/testmock/handlers/buckets.go +++ b/internal/testmock/handlers/buckets.go @@ -20,7 +20,7 @@ type bucketStore struct { accounts *objectStoreAccountStore } -// RegisterBucketHandlers registers CRUD handlers for /api/2.23/buckets against the provided +// RegisterBucketHandlers registers CRUD handlers for /api//buckets against the provided // ServeMux. The accounts store is used to validate account references on POST. // The returned store pointer can be used by other handlers that need bucket cross-reference. func RegisterBucketHandlers(mux *http.ServeMux, accounts *objectStoreAccountStore) *bucketStore { @@ -29,7 +29,7 @@ func RegisterBucketHandlers(mux *http.ServeMux, accounts *objectStoreAccountStor byID: make(map[string]*client.Bucket), accounts: accounts, } - mux.HandleFunc("/api/2.23/buckets", store.handle) + mux.HandleFunc(APIPrefix+"/buckets", store.handle) return store } @@ -48,7 +48,7 @@ func (s *bucketStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/buckets with optional ?names=, ?ids=, ?destroyed=, +// handleGet handles GET /api//buckets with optional ?names=, ?ids=, ?destroyed=, // and ?account_names= query parameters. func (s *bucketStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names", "ids", "destroyed", "account_names"}) { @@ -120,7 +120,7 @@ func (s *bucketStore) handleGet(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/buckets?names={name}. +// handlePost handles POST /api//buckets?names={name}. // Validates the account reference against the account store before creating the bucket. func (s *bucketStore) handlePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -185,8 +185,8 @@ func (s *bucketStore) handlePost(w http.ResponseWriter, r *http.Request) { ManualEradication: "disabled", }, ObjectLockConfig: client.ObjectLockConfig{}, - PublicAccessConfig: client.PublicAccessConfig{}, - PublicStatus: "not-public", + PublicAccessConfig: client.PublicAccessConfig{}, + PublicStatus: "not-public", } // Apply config overrides from POST body if provided. @@ -203,7 +203,7 @@ func (s *bucketStore) handlePost(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.Bucket{*b}) } -// handlePatch handles PATCH /api/2.23/buckets?ids={id}. +// handlePatch handles PATCH /api//buckets?ids={id}. // Uses raw map for true PATCH semantics — only provided fields are updated. func (s *bucketStore) handlePatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids"}) { @@ -316,7 +316,7 @@ func (s *bucketStore) handlePatch(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.Bucket{*b}) } -// handleDelete handles DELETE /api/2.23/buckets?ids={id}. +// handleDelete handles DELETE /api//buckets?ids={id}. // The bucket must already be soft-deleted (destroyed=true) before eradication. func (s *bucketStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids"}) { diff --git a/internal/testmock/handlers/certificate_groups.go b/internal/testmock/handlers/certificate_groups.go index 9affa645..713b6c76 100644 --- a/internal/testmock/handlers/certificate_groups.go +++ b/internal/testmock/handlers/certificate_groups.go @@ -18,8 +18,8 @@ type certificateGroupStore struct { } // RegisterCertificateGroupHandlers registers CRUD handlers for: -// - /api/2.23/certificate-groups/certificates (member GET/POST/DELETE) -// - /api/2.23/certificate-groups (group GET/POST/DELETE — no PATCH in API) +// - /api//certificate-groups/certificates (member GET/POST/DELETE) +// - /api//certificate-groups (group GET/POST/DELETE — no PATCH in API) // // The certificates endpoint is registered before the groups endpoint to avoid // ServeMux prefix collision (longer path wins in Go's ServeMux). @@ -29,8 +29,8 @@ func RegisterCertificateGroupHandlers(mux *http.ServeMux) *certificateGroupStore groups: make(map[string]*client.CertificateGroup), members: make(map[string][]client.CertificateGroupMember), } - mux.HandleFunc("/api/2.23/certificate-groups/certificates", store.handleCertificates) - mux.HandleFunc("/api/2.23/certificate-groups", store.handleGroup) + mux.HandleFunc(APIPrefix+"/certificate-groups/certificates", store.handleCertificates) + mux.HandleFunc(APIPrefix+"/certificate-groups", store.handleGroup) return store } @@ -62,7 +62,7 @@ func (s *certificateGroupStore) handleGroup(w http.ResponseWriter, r *http.Reque } } -// handleGroupGet handles GET /api/2.23/certificate-groups. +// handleGroupGet handles GET /api//certificate-groups. // When ?names= filter matches nothing, returns empty list with HTTP 200 (not 404). func (s *certificateGroupStore) handleGroupGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids", "names"}) { @@ -94,7 +94,7 @@ func (s *certificateGroupStore) handleGroupGet(w http.ResponseWriter, r *http.Re WriteJSONListResponse(w, http.StatusOK, items) } -// handleGroupPost handles POST /api/2.23/certificate-groups. +// handleGroupPost handles POST /api//certificate-groups. func (s *certificateGroupStore) handleGroupPost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return @@ -130,7 +130,7 @@ func (s *certificateGroupStore) handleGroupPost(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, []client.CertificateGroup{*group}) } -// handleGroupDelete handles DELETE /api/2.23/certificate-groups. +// handleGroupDelete handles DELETE /api//certificate-groups. func (s *certificateGroupStore) handleGroupDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids", "names"}) { return @@ -169,7 +169,7 @@ func (s *certificateGroupStore) handleCertificates(w http.ResponseWriter, r *htt } } -// handleMemberGet handles GET /api/2.23/certificate-groups/certificates. +// handleMemberGet handles GET /api//certificate-groups/certificates. // When certificate_group_names filter matches nothing, returns empty list with HTTP 200. func (s *certificateGroupStore) handleMemberGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"certificate_group_names", "certificate_names", "continuation_token"}) { @@ -210,7 +210,7 @@ func (s *certificateGroupStore) handleMemberGet(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, items) } -// handleMemberPost handles POST /api/2.23/certificate-groups/certificates. +// handleMemberPost handles POST /api//certificate-groups/certificates. func (s *certificateGroupStore) handleMemberPost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"certificate_group_names", "certificate_names"}) { return @@ -248,7 +248,7 @@ func (s *certificateGroupStore) handleMemberPost(w http.ResponseWriter, r *http. WriteJSONListResponse(w, http.StatusOK, []client.CertificateGroupMember{member}) } -// handleMemberDelete handles DELETE /api/2.23/certificate-groups/certificates. +// handleMemberDelete handles DELETE /api//certificate-groups/certificates. func (s *certificateGroupStore) handleMemberDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"certificate_group_names", "certificate_names"}) { return diff --git a/internal/testmock/handlers/certificates.go b/internal/testmock/handlers/certificates.go index a0a45694..d3832953 100644 --- a/internal/testmock/handlers/certificates.go +++ b/internal/testmock/handlers/certificates.go @@ -16,14 +16,14 @@ type certificateStore struct { nextID int } -// RegisterCertificateHandlers registers CRUD handlers for /api/2.23/certificates +// RegisterCertificateHandlers registers CRUD handlers for /api//certificates // against the provided ServeMux. The store pointer is returned for test setup. func RegisterCertificateHandlers(mux *http.ServeMux) *certificateStore { store := &certificateStore{ byName: make(map[string]*client.Certificate), nextID: 1, } - mux.HandleFunc("/api/2.23/certificates", store.handle) + mux.HandleFunc(APIPrefix+"/certificates", store.handle) return store } @@ -49,7 +49,7 @@ func (s *certificateStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/certificates with optional ?names= param. +// handleGet handles GET /api//certificates with optional ?names= param. // Returns empty list (HTTP 200) when name not found — matches real API behavior. func (s *certificateStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -81,7 +81,7 @@ func (s *certificateStore) handleGet(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/certificates?names={name}. +// handlePost handles POST /api//certificates?names={name}. // Requires non-empty certificate (PEM) in body. Returns 409 if name already exists. // Populates computed fields; private_key and passphrase are NOT stored (write-only). func (s *certificateStore) handlePost(w http.ResponseWriter, r *http.Request) { @@ -144,7 +144,7 @@ func (s *certificateStore) handlePost(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.Certificate{*cert}) } -// handlePatch handles PATCH /api/2.23/certificates?names={name}. +// handlePatch handles PATCH /api//certificates?names={name}. // Applies non-nil pointer fields. Returns 404 if not found. // private_key and passphrase are accepted but not stored (write-only). func (s *certificateStore) handlePatch(w http.ResponseWriter, r *http.Request) { @@ -183,7 +183,7 @@ func (s *certificateStore) handlePatch(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.Certificate{*cert}) } -// handleDelete handles DELETE /api/2.23/certificates?names={name}. +// handleDelete handles DELETE /api//certificates?names={name}. func (s *certificateStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return diff --git a/internal/testmock/handlers/directory_service_roles.go b/internal/testmock/handlers/directory_service_roles.go index 329d8432..3d4837a8 100644 --- a/internal/testmock/handlers/directory_service_roles.go +++ b/internal/testmock/handlers/directory_service_roles.go @@ -16,14 +16,14 @@ type directoryServiceRolesStore struct { nextID int } -// RegisterDirectoryServiceRolesHandlers registers CRUD handlers for /api/2.23/directory-services/roles +// RegisterDirectoryServiceRolesHandlers registers CRUD handlers for /api//directory-services/roles // against the provided ServeMux. The store pointer is returned for test setup. func RegisterDirectoryServiceRolesHandlers(mux *http.ServeMux) *directoryServiceRolesStore { s := &directoryServiceRolesStore{ byName: make(map[string]*client.DirectoryServiceRole), nextID: 1, } - mux.HandleFunc("/api/2.23/directory-services/roles", s.handle) + mux.HandleFunc(APIPrefix+"/directory-services/roles", s.handle) return s } @@ -54,7 +54,7 @@ func (s *directoryServiceRolesStore) handle(w http.ResponseWriter, r *http.Reque } } -// handleGet handles GET /api/2.23/directory-services/roles with optional ?names= filter. +// handleGet handles GET /api//directory-services/roles with optional ?names= filter. // Returns HTTP 200 with empty list when name not found (matches real API behaviour; // lets getOneByName[T] detect not-found via list length). func (s *directoryServiceRolesStore) handleGet(w http.ResponseWriter, r *http.Request) { @@ -80,7 +80,7 @@ func (s *directoryServiceRolesStore) handleGet(w http.ResponseWriter, r *http.Re WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/directory-services/roles?names={name}. +// handlePost handles POST /api//directory-services/roles?names={name}. // Requires ?names= query param. Returns 409 when name already exists. func (s *directoryServiceRolesStore) handlePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -119,7 +119,7 @@ func (s *directoryServiceRolesStore) handlePost(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, []client.DirectoryServiceRole{*role}) } -// handlePatch handles PATCH /api/2.23/directory-services/roles?names={name}. +// handlePatch handles PATCH /api//directory-services/roles?names={name}. // Rejects management_access_policies in body with 400 (readonly per swagger — mutations go // through /management-access-policies/directory-services/roles endpoint instead). // Applies group and group_base when non-nil. @@ -176,7 +176,7 @@ func (s *directoryServiceRolesStore) handlePatch(w http.ResponseWriter, r *http. WriteJSONListResponse(w, http.StatusOK, []client.DirectoryServiceRole{*role}) } -// handleDelete handles DELETE /api/2.23/directory-services/roles?names={name}. +// handleDelete handles DELETE /api//directory-services/roles?names={name}. // Returns 404 if the role does not exist. func (s *directoryServiceRolesStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { diff --git a/internal/testmock/handlers/directory_services.go b/internal/testmock/handlers/directory_services.go index 5c021e67..946ac29d 100644 --- a/internal/testmock/handlers/directory_services.go +++ b/internal/testmock/handlers/directory_services.go @@ -16,7 +16,7 @@ type directoryServicesStore struct { nextID int } -// RegisterDirectoryServicesHandlers registers handlers for /api/2.23/directory-services +// RegisterDirectoryServicesHandlers registers handlers for /api//directory-services // against the provided ServeMux. The store pointer is returned for test setup. // Endpoint supports GET + PATCH only (confirmed against api_references/2.23.md line 449 — // no POST, no DELETE on the directory-services collection). @@ -25,7 +25,7 @@ func RegisterDirectoryServicesHandlers(mux *http.ServeMux) *directoryServicesSto byName: make(map[string]*client.DirectoryService), nextID: 1, } - mux.HandleFunc("/api/2.23/directory-services", store.handle) + mux.HandleFunc(APIPrefix+"/directory-services", store.handle) return store } @@ -52,7 +52,7 @@ func (s *directoryServicesStore) handle(w http.ResponseWriter, r *http.Request) } } -// handleGet handles GET /api/2.23/directory-services with optional ?names= filter. +// handleGet handles GET /api//directory-services with optional ?names= filter. // Returns HTTP 200 with empty list when name not found (matches real API behaviour; // lets getOneByName[T] detect not-found via list length). func (s *directoryServicesStore) handleGet(w http.ResponseWriter, r *http.Request) { @@ -80,7 +80,7 @@ func (s *directoryServicesStore) handleGet(w http.ResponseWriter, r *http.Reques WriteJSONListResponse(w, http.StatusOK, items) } -// handlePatch handles PATCH /api/2.23/directory-services?names={name}. +// handlePatch handles PATCH /api//directory-services?names={name}. // Applies non-nil pointer fields; returns 404 when name missing from store. // Supports **NamedReference clear-or-set semantics for ca_certificate and ca_certificate_group: // - outer nil ptr = field omitted (not sent in PATCH body) diff --git a/internal/testmock/handlers/file_system_exports.go b/internal/testmock/handlers/file_system_exports.go index 093814c3..488162f6 100644 --- a/internal/testmock/handlers/file_system_exports.go +++ b/internal/testmock/handlers/file_system_exports.go @@ -17,14 +17,14 @@ type fileSystemExportStore struct { byID map[string]*client.FileSystemExport } -// RegisterFileSystemExportHandlers registers CRUD handlers for /api/2.23/file-system-exports +// RegisterFileSystemExportHandlers registers CRUD handlers for /api//file-system-exports // against the provided ServeMux. The handlers share in-memory state and are thread-safe. func RegisterFileSystemExportHandlers(mux *http.ServeMux) *fileSystemExportStore { store := &fileSystemExportStore{ byName: make(map[string]*client.FileSystemExport), byID: make(map[string]*client.FileSystemExport), } - mux.HandleFunc("/api/2.23/file-system-exports", store.handle) + mux.HandleFunc(APIPrefix+"/file-system-exports", store.handle) return store } @@ -66,7 +66,7 @@ func (s *fileSystemExportStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/file-system-exports with optional ?names= param. +// handleGet handles GET /api//file-system-exports with optional ?names= param. func (s *fileSystemExportStore) handleGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() defer s.mu.Unlock() @@ -93,7 +93,7 @@ func (s *fileSystemExportStore) handleGet(w http.ResponseWriter, r *http.Request WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/file-system-exports?member_names={fsName}&policy_names={policyName}. +// handlePost handles POST /api//file-system-exports?member_names={fsName}&policy_names={policyName}. func (s *fileSystemExportStore) handlePost(w http.ResponseWriter, r *http.Request) { memberName := r.URL.Query().Get("member_names") if memberName == "" { @@ -145,7 +145,7 @@ func (s *fileSystemExportStore) handlePost(w http.ResponseWriter, r *http.Reques WriteJSONListResponse(w, http.StatusOK, []client.FileSystemExport{*export}) } -// handlePatch handles PATCH /api/2.23/file-system-exports?ids={id}. +// handlePatch handles PATCH /api//file-system-exports?ids={id}. func (s *fileSystemExportStore) handlePatch(w http.ResponseWriter, r *http.Request) { id := r.URL.Query().Get("ids") if id == "" { @@ -211,7 +211,7 @@ func (s *fileSystemExportStore) handlePatch(w http.ResponseWriter, r *http.Reque WriteJSONListResponse(w, http.StatusOK, []client.FileSystemExport{*export}) } -// handleDelete handles DELETE /api/2.23/file-system-exports?member_names={fsName}&names={exportName}. +// handleDelete handles DELETE /api//file-system-exports?member_names={fsName}&names={exportName}. func (s *fileSystemExportStore) handleDelete(w http.ResponseWriter, r *http.Request) { memberName := r.URL.Query().Get("member_names") exportName := r.URL.Query().Get("names") diff --git a/internal/testmock/handlers/filesystems.go b/internal/testmock/handlers/filesystems.go index bb2290ca..a486c853 100644 --- a/internal/testmock/handlers/filesystems.go +++ b/internal/testmock/handlers/filesystems.go @@ -16,12 +16,12 @@ import ( // fileSystemStore is the thread-safe in-memory state for file system handlers. type fileSystemStore struct { - mu sync.Mutex - byName map[string]*client.FileSystem - byID map[string]*client.FileSystem + mu sync.Mutex + byName map[string]*client.FileSystem + byID map[string]*client.FileSystem } -// RegisterFileSystemHandlers registers CRUD handlers for /api/2.23/file-systems +// RegisterFileSystemHandlers registers CRUD handlers for /api//file-systems // against the provided ServeMux. The handlers share in-memory state and are // thread-safe. func RegisterFileSystemHandlers(mux *http.ServeMux) *fileSystemStore { @@ -29,7 +29,7 @@ func RegisterFileSystemHandlers(mux *http.ServeMux) *fileSystemStore { byName: make(map[string]*client.FileSystem), byID: make(map[string]*client.FileSystem), } - mux.HandleFunc("/api/2.23/file-systems", store.handle) + mux.HandleFunc(APIPrefix+"/file-systems", store.handle) return store } @@ -73,7 +73,7 @@ func (s *fileSystemStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/file-systems with optional ?names=, ?ids=, ?destroyed= params. +// handleGet handles GET /api//file-systems with optional ?names=, ?ids=, ?destroyed= params. func (s *fileSystemStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names", "ids", "destroyed"}) { return @@ -119,7 +119,7 @@ func (s *fileSystemStore) handleGet(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/file-systems?names={name}. +// handlePost handles POST /api//file-systems?names={name}. // The FlashBlade API requires the name as a ?names= query parameter, not in the body. func (s *fileSystemStore) handlePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -182,7 +182,7 @@ func derefSMB(p *client.SMBConfig) client.SMBConfig { return *p } -// handlePatch handles PATCH /api/2.23/file-systems?ids={id}. +// handlePatch handles PATCH /api//file-systems?ids={id}. func (s *fileSystemStore) handlePatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids"}) { return @@ -285,7 +285,7 @@ func (s *fileSystemStore) handlePatch(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.FileSystem{*fs}) } -// handleDelete handles DELETE /api/2.23/file-systems?ids={id}. +// handleDelete handles DELETE /api//file-systems?ids={id}. // Only works on file systems that are already soft-deleted (destroyed=true). func (s *fileSystemStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids"}) { @@ -319,4 +319,3 @@ func (s *fileSystemStore) handleDelete(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) } - diff --git a/internal/testmock/handlers/helpers.go b/internal/testmock/handlers/helpers.go index e2a25077..ebcb1604 100644 --- a/internal/testmock/handlers/helpers.go +++ b/internal/testmock/handlers/helpers.go @@ -5,8 +5,14 @@ import ( "net/http" "reflect" "strconv" + + "github.com/numberly/terraform-provider-mica/internal/client" ) +// APIPrefix is the versioned API path prefix, derived from the client's single +// source of truth so an API version bump touches only client.APIVersion. +const APIPrefix = "/api/" + client.APIVersion + // WriteJSONListResponse writes a JSON list response envelope with the given items. // statusCode is used as the HTTP status code. items must be a slice value. func WriteJSONListResponse(w http.ResponseWriter, statusCode int, items any) { diff --git a/internal/testmock/handlers/lifecycle_rules.go b/internal/testmock/handlers/lifecycle_rules.go index 2a7a2691..9f6ce484 100644 --- a/internal/testmock/handlers/lifecycle_rules.go +++ b/internal/testmock/handlers/lifecycle_rules.go @@ -16,13 +16,13 @@ type lifecycleRuleStore struct { nextID int } -// RegisterLifecycleRuleHandlers registers CRUD handlers for /api/2.23/lifecycle-rules +// RegisterLifecycleRuleHandlers registers CRUD handlers for /api//lifecycle-rules // against the provided ServeMux. The returned store pointer can be used for test setup. func RegisterLifecycleRuleHandlers(mux *http.ServeMux) *lifecycleRuleStore { store := &lifecycleRuleStore{ rules: make(map[string]*client.LifecycleRule), } - mux.HandleFunc("/api/2.23/lifecycle-rules", store.handle) + mux.HandleFunc(APIPrefix+"/lifecycle-rules", store.handle) return store } @@ -49,7 +49,7 @@ func (s *lifecycleRuleStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/lifecycle-rules with optional query parameters: +// handleGet handles GET /api//lifecycle-rules with optional query parameters: // ?bucket_ids=, ?bucket_names=, ?names=, ?ids=. func (s *lifecycleRuleStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"bucket_ids", "bucket_names", "names", "ids"}) { @@ -99,7 +99,7 @@ func (s *lifecycleRuleStore) handleGet(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/lifecycle-rules. +// handlePost handles POST /api//lifecycle-rules. // Query params: confirm_date (optional). // Body: LifecycleRulePost. func (s *lifecycleRuleStore) handlePost(w http.ResponseWriter, r *http.Request) { @@ -148,7 +148,7 @@ func (s *lifecycleRuleStore) handlePost(w http.ResponseWriter, r *http.Request) WriteJSONListResponse(w, http.StatusOK, []client.LifecycleRule{*rule}) } -// handlePatch handles PATCH /api/2.23/lifecycle-rules. +// handlePatch handles PATCH /api//lifecycle-rules. // Identification by ?names= (composite key "bucketName/ruleID"). // Uses raw JSON decode for partial update semantics. func (s *lifecycleRuleStore) handlePatch(w http.ResponseWriter, r *http.Request) { @@ -226,7 +226,7 @@ func (s *lifecycleRuleStore) handlePatch(w http.ResponseWriter, r *http.Request) WriteJSONListResponse(w, http.StatusOK, []client.LifecycleRule{*rule}) } -// handleDelete handles DELETE /api/2.23/lifecycle-rules. +// handleDelete handles DELETE /api//lifecycle-rules. // Identification by ?names= (composite key "bucketName/ruleID"). func (s *lifecycleRuleStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"bucket_names", "names", "bucket_ids"}) { diff --git a/internal/testmock/handlers/link_aggregation_groups.go b/internal/testmock/handlers/link_aggregation_groups.go index 4c6915b3..011de5d9 100644 --- a/internal/testmock/handlers/link_aggregation_groups.go +++ b/internal/testmock/handlers/link_aggregation_groups.go @@ -17,13 +17,13 @@ type lagStore struct { } // RegisterLinkAggregationGroupHandlers registers a GET-only handler for -// /api/2.23/link-aggregation-groups against the provided ServeMux. +// /api//link-aggregation-groups against the provided ServeMux. // Non-GET methods return 405 Method Not Allowed. func RegisterLinkAggregationGroupHandlers(mux *http.ServeMux) *lagStore { store := &lagStore{ lags: make(map[string]*client.LinkAggregationGroup), } - mux.HandleFunc("/api/2.23/link-aggregation-groups", store.handle) + mux.HandleFunc(APIPrefix+"/link-aggregation-groups", store.handle) return store } @@ -45,7 +45,7 @@ func (s *lagStore) handle(w http.ResponseWriter, r *http.Request) { http.Error(w, "method not allowed", http.StatusMethodNotAllowed) } -// handleGet handles GET /api/2.23/link-aggregation-groups with optional ?names= param. +// handleGet handles GET /api//link-aggregation-groups with optional ?names= param. // If names is provided, returns the matching LAG or an empty list. // If names is absent, returns all LAGs. func (s *lagStore) handleGet(w http.ResponseWriter, r *http.Request) { diff --git a/internal/testmock/handlers/log_target_object_store.go b/internal/testmock/handlers/log_target_object_store.go index c32410ff..27fcc61b 100644 --- a/internal/testmock/handlers/log_target_object_store.go +++ b/internal/testmock/handlers/log_target_object_store.go @@ -16,14 +16,14 @@ type logTargetObjectStoreStore struct { nextID int } -// RegisterLogTargetObjectStoreHandlers registers CRUD handlers for /api/2.23/log-targets/object-store +// RegisterLogTargetObjectStoreHandlers registers CRUD handlers for /api//log-targets/object-store // against the provided ServeMux. The store pointer is returned for seeding in tests. func RegisterLogTargetObjectStoreHandlers(mux *http.ServeMux) *logTargetObjectStoreStore { store := &logTargetObjectStoreStore{ byName: make(map[string]*client.LogTargetObjectStore), nextID: 1, } - mux.HandleFunc("/api/2.23/log-targets/object-store", store.handle) + mux.HandleFunc(APIPrefix+"/log-targets/object-store", store.handle) return store } @@ -49,7 +49,7 @@ func (s *logTargetObjectStoreStore) handle(w http.ResponseWriter, r *http.Reques } } -// handleGet handles GET /api/2.23/log-targets/object-store with optional ?names= param. +// handleGet handles GET /api//log-targets/object-store with optional ?names= param. // Returns empty list with HTTP 200 when not found (matches real FlashBlade API behavior). func (s *logTargetObjectStoreStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -81,7 +81,7 @@ func (s *logTargetObjectStoreStore) handleGet(w http.ResponseWriter, r *http.Req WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/log-targets/object-store. +// handlePost handles POST /api//log-targets/object-store. // Requires ?names= query param. Returns 409 on name conflict. func (s *logTargetObjectStoreStore) handlePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -123,7 +123,7 @@ func (s *logTargetObjectStoreStore) handlePost(w http.ResponseWriter, r *http.Re WriteJSONListResponse(w, http.StatusOK, []client.LogTargetObjectStore{*item}) } -// handlePatch handles PATCH /api/2.23/log-targets/object-store?names={name}. +// handlePatch handles PATCH /api//log-targets/object-store?names={name}. // Applies non-nil fields from the body. Returns 404 if the item does not exist. func (s *logTargetObjectStoreStore) handlePatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -163,7 +163,7 @@ func (s *logTargetObjectStoreStore) handlePatch(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, []client.LogTargetObjectStore{*item}) } -// handleDelete handles DELETE /api/2.23/log-targets/object-store?names={name}. +// handleDelete handles DELETE /api//log-targets/object-store?names={name}. // Returns 404 if the item does not exist. func (s *logTargetObjectStoreStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { diff --git a/internal/testmock/handlers/management_access_policy_directory_service_role_memberships.go b/internal/testmock/handlers/management_access_policy_directory_service_role_memberships.go index 3bc23b20..0d0a5492 100644 --- a/internal/testmock/handlers/management_access_policy_directory_service_role_memberships.go +++ b/internal/testmock/handlers/management_access_policy_directory_service_role_memberships.go @@ -16,11 +16,11 @@ type mapDsrMembershipsStore struct { } // RegisterManagementAccessPolicyDirectoryServiceRoleMembershipsHandlers registers -// GET/POST/DELETE handlers for /api/2.23/management-access-policies/directory-services/roles. +// GET/POST/DELETE handlers for /api//management-access-policies/directory-services/roles. // Returns the store so tests can Seed pre-existing associations. func RegisterManagementAccessPolicyDirectoryServiceRoleMembershipsHandlers(mux *http.ServeMux) *mapDsrMembershipsStore { s := &mapDsrMembershipsStore{set: make(map[string]struct{})} - mux.HandleFunc("/api/2.23/management-access-policies/directory-services/roles", s.handle) + mux.HandleFunc(APIPrefix+"/management-access-policies/directory-services/roles", s.handle) return s } diff --git a/internal/testmock/handlers/network_access_policies.go b/internal/testmock/handlers/network_access_policies.go index 8453eed5..2e6f2cd9 100644 --- a/internal/testmock/handlers/network_access_policies.go +++ b/internal/testmock/handlers/network_access_policies.go @@ -14,9 +14,9 @@ import ( // networkAccessPolicyStore is the thread-safe in-memory state for NAP handlers. type networkAccessPolicyStore struct { mu sync.Mutex - policies map[string]*client.NetworkAccessPolicy // policyName -> policy + policies map[string]*client.NetworkAccessPolicy // policyName -> policy rules map[string]map[string]*client.NetworkAccessPolicyRule // policyName -> ruleName -> rule - nextRuleIndex map[string]int // policyName -> next index counter + nextRuleIndex map[string]int // policyName -> next index counter } // RegisterNetworkAccessPolicyHandlers registers CRUD handlers for network access policies and rules. @@ -41,8 +41,8 @@ func RegisterNetworkAccessPolicyHandlers(mux *http.ServeMux) *networkAccessPolic store.rules["default"] = make(map[string]*client.NetworkAccessPolicyRule) store.nextRuleIndex["default"] = 1 - mux.HandleFunc("/api/2.23/network-access-policies", store.handlePolicy) - mux.HandleFunc("/api/2.23/network-access-policies/rules", store.handleRules) + mux.HandleFunc(APIPrefix+"/network-access-policies", store.handlePolicy) + mux.HandleFunc(APIPrefix+"/network-access-policies/rules", store.handleRules) return store } diff --git a/internal/testmock/handlers/network_interfaces.go b/internal/testmock/handlers/network_interfaces.go index 80b2eed2..efc33bc2 100644 --- a/internal/testmock/handlers/network_interfaces.go +++ b/internal/testmock/handlers/network_interfaces.go @@ -20,14 +20,14 @@ type networkInterfaceStore struct { nextID int } -// RegisterNetworkInterfaceHandlers registers CRUD handlers for /api/2.23/network-interfaces +// RegisterNetworkInterfaceHandlers registers CRUD handlers for /api//network-interfaces // against the provided ServeMux. The handlers share in-memory state and are thread-safe. func RegisterNetworkInterfaceHandlers(mux *http.ServeMux) *networkInterfaceStore { store := &networkInterfaceStore{ byName: make(map[string]*client.NetworkInterface), byID: make(map[string]*client.NetworkInterface), } - mux.HandleFunc("/api/2.23/network-interfaces", store.handle) + mux.HandleFunc(APIPrefix+"/network-interfaces", store.handle) return store } @@ -75,7 +75,7 @@ func (s *networkInterfaceStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/network-interfaces with optional ?names= param. +// handleGet handles GET /api//network-interfaces with optional ?names= param. // If names is provided, returns the matching interface or an empty list. // If names is absent, returns all network interfaces. func (s *networkInterfaceStore) handleGet(w http.ResponseWriter, r *http.Request) { @@ -104,7 +104,7 @@ func (s *networkInterfaceStore) handleGet(w http.ResponseWriter, r *http.Request WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/network-interfaces?names={name}&subnet_names={subnet}. +// handlePost handles POST /api//network-interfaces?names={name}&subnet_names={subnet}. // The network interface name comes from ?names= and subnet from ?subnet_names= query parameters. func (s *networkInterfaceStore) handlePost(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") @@ -155,7 +155,7 @@ func (s *networkInterfaceStore) handlePost(w http.ResponseWriter, r *http.Reques WriteJSONListResponse(w, http.StatusOK, []client.NetworkInterface{*ni}) } -// handlePatch handles PATCH /api/2.23/network-interfaces?names={name}. +// handlePatch handles PATCH /api//network-interfaces?names={name}. // Uses raw map decoding for true PATCH semantics on address. // services and attached_servers are always full-replaced when present. func (s *networkInterfaceStore) handlePatch(w http.ResponseWriter, r *http.Request) { @@ -213,7 +213,7 @@ func (s *networkInterfaceStore) handlePatch(w http.ResponseWriter, r *http.Reque WriteJSONListResponse(w, http.StatusOK, []client.NetworkInterface{*ni}) } -// handleDelete handles DELETE /api/2.23/network-interfaces?names={name}. +// handleDelete handles DELETE /api//network-interfaces?names={name}. func (s *networkInterfaceStore) handleDelete(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { diff --git a/internal/testmock/handlers/nfs_export_policies.go b/internal/testmock/handlers/nfs_export_policies.go index d533fca2..c920485e 100644 --- a/internal/testmock/handlers/nfs_export_policies.go +++ b/internal/testmock/handlers/nfs_export_policies.go @@ -15,9 +15,9 @@ import ( // nfsExportPolicyStore is the thread-safe in-memory state for NFS export policy handlers. type nfsExportPolicyStore struct { mu sync.Mutex - policies map[string]*client.NfsExportPolicy // policyName -> policy + policies map[string]*client.NfsExportPolicy // policyName -> policy rules map[string]map[string]*client.NfsExportPolicyRule // policyName -> ruleName -> rule - nextRuleIndex map[string]int // policyName -> next index counter + nextRuleIndex map[string]int // policyName -> next index counter } // RegisterNfsExportPolicyHandlers registers CRUD handlers for NFS export policies and rules. @@ -28,8 +28,8 @@ func RegisterNfsExportPolicyHandlers(mux *http.ServeMux) *nfsExportPolicyStore { rules: make(map[string]map[string]*client.NfsExportPolicyRule), nextRuleIndex: make(map[string]int), } - mux.HandleFunc("/api/2.23/nfs-export-policies", store.handlePolicy) - mux.HandleFunc("/api/2.23/nfs-export-policies/rules", store.handleRules) + mux.HandleFunc(APIPrefix+"/nfs-export-policies", store.handlePolicy) + mux.HandleFunc(APIPrefix+"/nfs-export-policies/rules", store.handleRules) return store } @@ -65,7 +65,7 @@ func (s *nfsExportPolicyStore) handleRules(w http.ResponseWriter, r *http.Reques } } -// handlePolicyGet handles GET /api/2.23/nfs-export-policies with optional ?names= param. +// handlePolicyGet handles GET /api//nfs-export-policies with optional ?names= param. func (s *nfsExportPolicyStore) handlePolicyGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names", "ids"}) { return @@ -131,7 +131,7 @@ func (s *nfsExportPolicyStore) policyWithRules(policy *client.NfsExportPolicy) c return p } -// handlePolicyPost handles POST /api/2.23/nfs-export-policies?names={name}. +// handlePolicyPost handles POST /api//nfs-export-policies?names={name}. func (s *nfsExportPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return @@ -178,7 +178,7 @@ func (s *nfsExportPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, []client.NfsExportPolicy{s.policyWithRules(policy)}) } -// handlePolicyPatch handles PATCH /api/2.23/nfs-export-policies?names={name}. +// handlePolicyPatch handles PATCH /api//nfs-export-policies?names={name}. func (s *nfsExportPolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return @@ -246,7 +246,7 @@ func (s *nfsExportPolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http. WriteJSONListResponse(w, http.StatusOK, []client.NfsExportPolicy{s.policyWithRules(policy)}) } -// handlePolicyDelete handles DELETE /api/2.23/nfs-export-policies?names={name}. +// handlePolicyDelete handles DELETE /api//nfs-export-policies?names={name}. func (s *nfsExportPolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return @@ -273,7 +273,7 @@ func (s *nfsExportPolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http w.WriteHeader(http.StatusOK) } -// handleRulesGet handles GET /api/2.23/nfs-export-policies/rules. +// handleRulesGet handles GET /api//nfs-export-policies/rules. // Filters by ?policy_names= and optionally ?names=. func (s *nfsExportPolicyStore) handleRulesGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names", "policy_names"}) { @@ -321,7 +321,7 @@ func (s *nfsExportPolicyStore) handleRulesGet(w http.ResponseWriter, r *http.Req WriteJSONListResponse(w, http.StatusOK, items) } -// handleRulesPost handles POST /api/2.23/nfs-export-policies/rules?policy_names={name}. +// handleRulesPost handles POST /api//nfs-export-policies/rules?policy_names={name}. func (s *nfsExportPolicyStore) handleRulesPost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"policy_names"}) { return @@ -391,7 +391,7 @@ func (s *nfsExportPolicyStore) handleRulesPost(w http.ResponseWriter, r *http.Re WriteJSONListResponse(w, http.StatusOK, []client.NfsExportPolicyRule{*rule}) } -// handleRulesPatch handles PATCH /api/2.23/nfs-export-policies/rules?names={name}&policy_names={policy}. +// handleRulesPatch handles PATCH /api//nfs-export-policies/rules?names={name}&policy_names={policy}. func (s *nfsExportPolicyStore) handleRulesPatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names", "policy_names"}) { return @@ -486,7 +486,7 @@ func (s *nfsExportPolicyStore) handleRulesPatch(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, []client.NfsExportPolicyRule{*rule}) } -// handleRulesDelete handles DELETE /api/2.23/nfs-export-policies/rules?names={name}&policy_names={policy}. +// handleRulesDelete handles DELETE /api//nfs-export-policies/rules?names={name}&policy_names={policy}. func (s *nfsExportPolicyStore) handleRulesDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names", "policy_names"}) { return diff --git a/internal/testmock/handlers/object_store_access_keys.go b/internal/testmock/handlers/object_store_access_keys.go index 3306395b..45dd93e6 100644 --- a/internal/testmock/handlers/object_store_access_keys.go +++ b/internal/testmock/handlers/object_store_access_keys.go @@ -19,7 +19,7 @@ type accessKeyStore struct { accounts *objectStoreAccountStore } -// RegisterObjectStoreAccessKeyHandlers registers CRUD handlers for /api/2.23/object-store-access-keys +// RegisterObjectStoreAccessKeyHandlers registers CRUD handlers for /api//object-store-access-keys // against the provided ServeMux. The accounts store is used to validate user account existence. // The store pointer is returned for cross-reference if needed. func RegisterObjectStoreAccessKeyHandlers(mux *http.ServeMux, accounts *objectStoreAccountStore) *accessKeyStore { @@ -27,7 +27,7 @@ func RegisterObjectStoreAccessKeyHandlers(mux *http.ServeMux, accounts *objectSt byName: make(map[string]*client.ObjectStoreAccessKey), accounts: accounts, } - mux.HandleFunc("/api/2.23/object-store-access-keys", store.handle) + mux.HandleFunc(APIPrefix+"/object-store-access-keys", store.handle) return store } @@ -44,7 +44,7 @@ func (s *accessKeyStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/object-store-access-keys with optional ?names= param. +// handleGet handles GET /api//object-store-access-keys with optional ?names= param. // IMPORTANT: secret_access_key is NOT returned in GET responses — it is set to empty string. func (s *accessKeyStore) handleGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() @@ -77,7 +77,7 @@ func (s *accessKeyStore) handleGet(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/object-store-access-keys. +// handlePost handles POST /api//object-store-access-keys. // Body must contain {user: {name: "/admin"}}. // Response includes secret_access_key — it will never be returned again on subsequent GETs. func (s *accessKeyStore) handlePost(w http.ResponseWriter, r *http.Request) { @@ -139,7 +139,7 @@ func (s *accessKeyStore) handlePost(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.ObjectStoreAccessKey{*key}) } -// handleDelete handles DELETE /api/2.23/object-store-access-keys?names={name}. +// handleDelete handles DELETE /api//object-store-access-keys?names={name}. func (s *accessKeyStore) handleDelete(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { diff --git a/internal/testmock/handlers/object_store_access_policies.go b/internal/testmock/handlers/object_store_access_policies.go index 9f8e9d65..d64a7eb0 100644 --- a/internal/testmock/handlers/object_store_access_policies.go +++ b/internal/testmock/handlers/object_store_access_policies.go @@ -13,7 +13,7 @@ import ( // objectStoreAccessPolicyStore is the thread-safe in-memory state for OAP handlers. type objectStoreAccessPolicyStore struct { mu sync.Mutex - policies map[string]*client.ObjectStoreAccessPolicy // policyName -> policy + policies map[string]*client.ObjectStoreAccessPolicy // policyName -> policy rules map[string]map[string]*client.ObjectStoreAccessPolicyRule // policyName/ruleName -> rule } @@ -23,10 +23,10 @@ func RegisterObjectStoreAccessPolicyHandlers(mux *http.ServeMux) *objectStoreAcc policies: make(map[string]*client.ObjectStoreAccessPolicy), rules: make(map[string]map[string]*client.ObjectStoreAccessPolicyRule), } - mux.HandleFunc("/api/2.23/object-store-access-policies", store.handlePolicy) - mux.HandleFunc("/api/2.23/object-store-access-policies/rules", store.handleRules) + mux.HandleFunc(APIPrefix+"/object-store-access-policies", store.handlePolicy) + mux.HandleFunc(APIPrefix+"/object-store-access-policies/rules", store.handleRules) // Stub for policy-user membership checks (delete guard). Always returns empty list. - mux.HandleFunc("/api/2.23/object-store-access-policies/object-store-users", func(w http.ResponseWriter, r *http.Request) { + mux.HandleFunc(APIPrefix+"/object-store-access-policies/object-store-users", func(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []any{}) }) return store diff --git a/internal/testmock/handlers/object_store_account_exports.go b/internal/testmock/handlers/object_store_account_exports.go index b8245251..78c2c94f 100644 --- a/internal/testmock/handlers/object_store_account_exports.go +++ b/internal/testmock/handlers/object_store_account_exports.go @@ -17,14 +17,14 @@ type objectStoreAccountExportStore struct { byID map[string]*client.ObjectStoreAccountExport } -// RegisterObjectStoreAccountExportHandlers registers CRUD handlers for /api/2.23/object-store-account-exports +// RegisterObjectStoreAccountExportHandlers registers CRUD handlers for /api//object-store-account-exports // against the provided ServeMux. The handlers share in-memory state and are thread-safe. func RegisterObjectStoreAccountExportHandlers(mux *http.ServeMux) *objectStoreAccountExportStore { store := &objectStoreAccountExportStore{ byName: make(map[string]*client.ObjectStoreAccountExport), byID: make(map[string]*client.ObjectStoreAccountExport), } - mux.HandleFunc("/api/2.23/object-store-account-exports", store.handle) + mux.HandleFunc(APIPrefix+"/object-store-account-exports", store.handle) return store } @@ -83,7 +83,7 @@ func (s *objectStoreAccountExportStore) handle(w http.ResponseWriter, r *http.Re } } -// handleGet handles GET /api/2.23/object-store-account-exports with optional ?names= param. +// handleGet handles GET /api//object-store-account-exports with optional ?names= param. func (s *objectStoreAccountExportStore) handleGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() defer s.mu.Unlock() @@ -110,7 +110,7 @@ func (s *objectStoreAccountExportStore) handleGet(w http.ResponseWriter, r *http WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/object-store-account-exports?member_names={accountName}&policy_names={policyName}. +// handlePost handles POST /api//object-store-account-exports?member_names={accountName}&policy_names={policyName}. func (s *objectStoreAccountExportStore) handlePost(w http.ResponseWriter, r *http.Request) { memberName := r.URL.Query().Get("member_names") if memberName == "" { @@ -152,7 +152,7 @@ func (s *objectStoreAccountExportStore) handlePost(w http.ResponseWriter, r *htt WriteJSONListResponse(w, http.StatusOK, []client.ObjectStoreAccountExport{*export}) } -// handlePatch handles PATCH /api/2.23/object-store-account-exports?ids={id}. +// handlePatch handles PATCH /api//object-store-account-exports?ids={id}. func (s *objectStoreAccountExportStore) handlePatch(w http.ResponseWriter, r *http.Request) { id := r.URL.Query().Get("ids") if id == "" { @@ -200,7 +200,7 @@ func (s *objectStoreAccountExportStore) handlePatch(w http.ResponseWriter, r *ht WriteJSONListResponse(w, http.StatusOK, []client.ObjectStoreAccountExport{*export}) } -// handleDelete handles DELETE /api/2.23/object-store-account-exports?member_names={accountName}&names={exportName}. +// handleDelete handles DELETE /api//object-store-account-exports?member_names={accountName}&names={exportName}. // The real FlashBlade API expects names= to contain the short export name (not the combined "account/export" format). // This mock enforces strict lookup: memberName + "/" + exportName must match an existing combined key. func (s *objectStoreAccountExportStore) handleDelete(w http.ResponseWriter, r *http.Request) { diff --git a/internal/testmock/handlers/object_store_accounts.go b/internal/testmock/handlers/object_store_accounts.go index 886ba7ca..6a6c47d2 100644 --- a/internal/testmock/handlers/object_store_accounts.go +++ b/internal/testmock/handlers/object_store_accounts.go @@ -18,7 +18,7 @@ type objectStoreAccountStore struct { byID map[string]*client.ObjectStoreAccount } -// RegisterObjectStoreAccountHandlers registers CRUD handlers for /api/2.23/object-store-accounts +// RegisterObjectStoreAccountHandlers registers CRUD handlers for /api//object-store-accounts // against the provided ServeMux. The handlers share in-memory state and are thread-safe. // The store pointer is returned so bucket handlers can cross-reference accounts. func RegisterObjectStoreAccountHandlers(mux *http.ServeMux) *objectStoreAccountStore { @@ -26,7 +26,7 @@ func RegisterObjectStoreAccountHandlers(mux *http.ServeMux) *objectStoreAccountS byName: make(map[string]*client.ObjectStoreAccount), byID: make(map[string]*client.ObjectStoreAccount), } - mux.HandleFunc("/api/2.23/object-store-accounts", store.handle) + mux.HandleFunc(APIPrefix+"/object-store-accounts", store.handle) return store } @@ -45,7 +45,7 @@ func (s *objectStoreAccountStore) handle(w http.ResponseWriter, r *http.Request) } } -// handleGet handles GET /api/2.23/object-store-accounts with optional ?names= param. +// handleGet handles GET /api//object-store-accounts with optional ?names= param. func (s *objectStoreAccountStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names", "ids"}) { return @@ -76,7 +76,7 @@ func (s *objectStoreAccountStore) handleGet(w http.ResponseWriter, r *http.Reque WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/object-store-accounts?names={name}. +// handlePost handles POST /api//object-store-accounts?names={name}. // The account name comes from the ?names= query parameter. func (s *objectStoreAccountStore) handlePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -118,7 +118,7 @@ func (s *objectStoreAccountStore) handlePost(w http.ResponseWriter, r *http.Requ WriteJSONListResponse(w, http.StatusOK, []client.ObjectStoreAccount{*acct}) } -// handlePatch handles PATCH /api/2.23/object-store-accounts?names={name}. +// handlePatch handles PATCH /api//object-store-accounts?names={name}. func (s *objectStoreAccountStore) handlePatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return @@ -167,7 +167,7 @@ func (s *objectStoreAccountStore) handlePatch(w http.ResponseWriter, r *http.Req WriteJSONListResponse(w, http.StatusOK, []client.ObjectStoreAccount{*acct}) } -// handleDelete handles DELETE /api/2.23/object-store-accounts?names={name}. +// handleDelete handles DELETE /api//object-store-accounts?names={name}. // Single-phase delete (no soft-delete for object store accounts). func (s *objectStoreAccountStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { diff --git a/internal/testmock/handlers/object_store_users.go b/internal/testmock/handlers/object_store_users.go index 8fa58eae..9764dc00 100644 --- a/internal/testmock/handlers/object_store_users.go +++ b/internal/testmock/handlers/object_store_users.go @@ -18,8 +18,8 @@ type objectStoreUserStore struct { } // RegisterObjectStoreUserHandlers registers GET/POST/DELETE handlers for -// /api/2.23/object-store-users and its sub-path -// /api/2.23/object-store-users/object-store-access-policies. +// /api//object-store-users and its sub-path +// /api//object-store-users/object-store-access-policies. // Returns the store for cross-reference or test setup. func RegisterObjectStoreUserHandlers(mux *http.ServeMux, accounts *objectStoreAccountStore) *objectStoreUserStore { store := &objectStoreUserStore{ @@ -27,8 +27,8 @@ func RegisterObjectStoreUserHandlers(mux *http.ServeMux, accounts *objectStoreAc policies: make(map[string][]string), accounts: accounts, } - mux.HandleFunc("/api/2.23/object-store-users", store.handle) - mux.HandleFunc("/api/2.23/object-store-users/object-store-access-policies", store.handlePolicies) + mux.HandleFunc(APIPrefix+"/object-store-users", store.handle) + mux.HandleFunc(APIPrefix+"/object-store-users/object-store-access-policies", store.handlePolicies) return store } diff --git a/internal/testmock/handlers/object_store_virtual_hosts.go b/internal/testmock/handlers/object_store_virtual_hosts.go index a488cdcd..4eb45b85 100644 --- a/internal/testmock/handlers/object_store_virtual_hosts.go +++ b/internal/testmock/handlers/object_store_virtual_hosts.go @@ -22,7 +22,7 @@ func RegisterObjectStoreVirtualHostHandlers(mux *http.ServeMux) *objectStoreVirt store := &objectStoreVirtualHostStore{ hosts: make(map[string]*client.ObjectStoreVirtualHost), } - mux.HandleFunc("/api/2.23/object-store-virtual-hosts", store.handleVirtualHost) + mux.HandleFunc(APIPrefix+"/object-store-virtual-hosts", store.handleVirtualHost) return store } @@ -49,7 +49,7 @@ func (s *objectStoreVirtualHostStore) handleVirtualHost(w http.ResponseWriter, r } } -// handleGet handles GET /api/2.23/object-store-virtual-hosts with optional ?names= param. +// handleGet handles GET /api//object-store-virtual-hosts with optional ?names= param. func (s *objectStoreVirtualHostStore) handleGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() defer s.mu.Unlock() @@ -76,7 +76,7 @@ func (s *objectStoreVirtualHostStore) handleGet(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/object-store-virtual-hosts?names={name}. +// handlePost handles POST /api//object-store-virtual-hosts?names={name}. func (s *objectStoreVirtualHostStore) handlePost(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -110,7 +110,7 @@ func (s *objectStoreVirtualHostStore) handlePost(w http.ResponseWriter, r *http. WriteJSONListResponse(w, http.StatusOK, []client.ObjectStoreVirtualHost{*host}) } -// handlePatch handles PATCH /api/2.23/object-store-virtual-hosts?names={name}. +// handlePatch handles PATCH /api//object-store-virtual-hosts?names={name}. func (s *objectStoreVirtualHostStore) handlePatch(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -169,7 +169,7 @@ func (s *objectStoreVirtualHostStore) handlePatch(w http.ResponseWriter, r *http WriteJSONListResponse(w, http.StatusOK, []client.ObjectStoreVirtualHost{*host}) } -// handleDelete handles DELETE /api/2.23/object-store-virtual-hosts?names={name}. +// handleDelete handles DELETE /api//object-store-virtual-hosts?names={name}. func (s *objectStoreVirtualHostStore) handleDelete(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { diff --git a/internal/testmock/handlers/qos_policies.go b/internal/testmock/handlers/qos_policies.go index e98e6eb5..2acaf1df 100644 --- a/internal/testmock/handlers/qos_policies.go +++ b/internal/testmock/handlers/qos_policies.go @@ -13,21 +13,21 @@ import ( // qosPolicyStore is the thread-safe in-memory state for QoS policy handlers. type qosPolicyStore struct { mu sync.Mutex - byName map[string]*client.QosPolicy // keyed by policy name + byName map[string]*client.QosPolicy // keyed by policy name members map[string][]client.QosPolicyMember // keyed by policy name nextID int } // RegisterQosPolicyHandlers registers CRUD handlers for -// /api/2.23/qos-policies and /api/2.23/qos-policies/members +// /api//qos-policies and /api//qos-policies/members // against the provided ServeMux. The returned store pointer can be used for test setup. func RegisterQosPolicyHandlers(mux *http.ServeMux) *qosPolicyStore { store := &qosPolicyStore{ byName: make(map[string]*client.QosPolicy), members: make(map[string][]client.QosPolicyMember), } - mux.HandleFunc("/api/2.23/qos-policies/members", store.handleMember) - mux.HandleFunc("/api/2.23/qos-policies", store.handlePolicy) + mux.HandleFunc(APIPrefix+"/qos-policies/members", store.handleMember) + mux.HandleFunc(APIPrefix+"/qos-policies", store.handlePolicy) return store } @@ -61,7 +61,7 @@ func (s *qosPolicyStore) handlePolicy(w http.ResponseWriter, r *http.Request) { } } -// handlePolicyGet handles GET /api/2.23/qos-policies. +// handlePolicyGet handles GET /api//qos-policies. func (s *qosPolicyStore) handlePolicyGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids", "names"}) { return @@ -92,7 +92,7 @@ func (s *qosPolicyStore) handlePolicyGet(w http.ResponseWriter, r *http.Request) WriteJSONListResponse(w, http.StatusOK, items) } -// handlePolicyPost handles POST /api/2.23/qos-policies. +// handlePolicyPost handles POST /api//qos-policies. func (s *qosPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return @@ -150,7 +150,7 @@ func derefInt64(p *int64) int64 { return *p } -// handlePolicyPatch handles PATCH /api/2.23/qos-policies. +// handlePolicyPatch handles PATCH /api//qos-policies. func (s *qosPolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids", "names"}) { return @@ -202,7 +202,7 @@ func (s *qosPolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http.Reques WriteJSONListResponse(w, http.StatusOK, []client.QosPolicy{*policy}) } -// handlePolicyDelete handles DELETE /api/2.23/qos-policies. +// handlePolicyDelete handles DELETE /api//qos-policies. func (s *qosPolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids", "names"}) { return @@ -241,7 +241,7 @@ func (s *qosPolicyStore) handleMember(w http.ResponseWriter, r *http.Request) { } } -// handleMemberGet handles GET /api/2.23/qos-policies/members. +// handleMemberGet handles GET /api//qos-policies/members. func (s *qosPolicyStore) handleMemberGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"policy_names", "policy_ids", "member_names", "member_types"}) { return @@ -272,7 +272,7 @@ func (s *qosPolicyStore) handleMemberGet(w http.ResponseWriter, r *http.Request) WriteJSONListResponse(w, http.StatusOK, items) } -// handleMemberPost handles POST /api/2.23/qos-policies/members. +// handleMemberPost handles POST /api//qos-policies/members. func (s *qosPolicyStore) handleMemberPost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"policy_names", "policy_ids", "member_types", "member_names"}) { return @@ -310,7 +310,7 @@ func (s *qosPolicyStore) handleMemberPost(w http.ResponseWriter, r *http.Request WriteJSONListResponse(w, http.StatusOK, []client.QosPolicyMember{member}) } -// handleMemberDelete handles DELETE /api/2.23/qos-policies/members. +// handleMemberDelete handles DELETE /api//qos-policies/members. func (s *qosPolicyStore) handleMemberDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"policy_names", "policy_ids", "member_names", "member_types"}) { return diff --git a/internal/testmock/handlers/quotas.go b/internal/testmock/handlers/quotas.go index f6042249..1430cb5d 100644 --- a/internal/testmock/handlers/quotas.go +++ b/internal/testmock/handlers/quotas.go @@ -30,8 +30,8 @@ func RegisterQuotaHandlers(mux *http.ServeMux) *quotaStore { userQuotas: make(map[string]*client.QuotaUser), groupQuotas: make(map[string]*client.QuotaGroup), } - mux.HandleFunc("/api/2.23/quotas/users", store.handleUsers) - mux.HandleFunc("/api/2.23/quotas/groups", store.handleGroups) + mux.HandleFunc(APIPrefix+"/quotas/users", store.handleUsers) + mux.HandleFunc(APIPrefix+"/quotas/groups", store.handleGroups) return store } diff --git a/internal/testmock/handlers/remote_credentials.go b/internal/testmock/handlers/remote_credentials.go index e7400231..74acade8 100644 --- a/internal/testmock/handlers/remote_credentials.go +++ b/internal/testmock/handlers/remote_credentials.go @@ -16,14 +16,14 @@ type remoteCredentialsStore struct { nextID int } -// RegisterRemoteCredentialsHandlers registers CRUD handlers for /api/2.23/object-store-remote-credentials +// RegisterRemoteCredentialsHandlers registers CRUD handlers for /api//object-store-remote-credentials // against the provided ServeMux. The store pointer is returned for cross-reference if needed. func RegisterRemoteCredentialsHandlers(mux *http.ServeMux) *remoteCredentialsStore { store := &remoteCredentialsStore{ byName: make(map[string]*client.ObjectStoreRemoteCredentials), nextID: 1, } - mux.HandleFunc("/api/2.23/object-store-remote-credentials", store.handle) + mux.HandleFunc(APIPrefix+"/object-store-remote-credentials", store.handle) return store } @@ -49,7 +49,7 @@ func (s *remoteCredentialsStore) handle(w http.ResponseWriter, r *http.Request) } } -// handleGet handles GET /api/2.23/object-store-remote-credentials with optional ?names= param. +// handleGet handles GET /api//object-store-remote-credentials with optional ?names= param. // IMPORTANT: secret_access_key is NOT returned in GET responses — it is set to empty string. func (s *remoteCredentialsStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -85,7 +85,7 @@ func (s *remoteCredentialsStore) handleGet(w http.ResponseWriter, r *http.Reques WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/object-store-remote-credentials. +// handlePost handles POST /api//object-store-remote-credentials. // Requires ?names= and exactly one of ?remote_names= or ?target_names=. // Body contains access_key_id + secret_access_key. // Response includes secret_access_key — POST only. @@ -158,7 +158,7 @@ func (s *remoteCredentialsStore) handlePost(w http.ResponseWriter, r *http.Reque WriteJSONListResponse(w, http.StatusOK, []client.ObjectStoreRemoteCredentials{*cred}) } -// handlePatch handles PATCH /api/2.23/object-store-remote-credentials?names={name}. +// handlePatch handles PATCH /api//object-store-remote-credentials?names={name}. // Updates access_key_id and/or secret_access_key. Response does NOT include secret_access_key (like GET). func (s *remoteCredentialsStore) handlePatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -198,7 +198,7 @@ func (s *remoteCredentialsStore) handlePatch(w http.ResponseWriter, r *http.Requ WriteJSONListResponse(w, http.StatusOK, []client.ObjectStoreRemoteCredentials{redacted}) } -// handleDelete handles DELETE /api/2.23/object-store-remote-credentials?names={name}. +// handleDelete handles DELETE /api//object-store-remote-credentials?names={name}. func (s *remoteCredentialsStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return diff --git a/internal/testmock/handlers/resiliency_group_members.go b/internal/testmock/handlers/resiliency_group_members.go index 4d19ff44..51cbc32f 100644 --- a/internal/testmock/handlers/resiliency_group_members.go +++ b/internal/testmock/handlers/resiliency_group_members.go @@ -1,6 +1,6 @@ // Package handlers — resiliency group members mock. // -// The endpoint GET /api/2.23/resiliency-groups/members is read-only and +// The endpoint GET /api//resiliency-groups/members is read-only and // requires filtering by parent (`resiliency_group_names` query param). The // mock store therefore keys rows by (groupName, memberName). package handlers @@ -26,13 +26,13 @@ type resiliencyGroupMemberStore struct { } // RegisterResiliencyGroupMemberHandlers registers a GET-only handler for -// /api/2.23/resiliency-groups/members against the provided ServeMux. +// /api//resiliency-groups/members against the provided ServeMux. // Non-GET methods return 405 Method Not Allowed. func RegisterResiliencyGroupMemberHandlers(mux *http.ServeMux) *resiliencyGroupMemberStore { store := &resiliencyGroupMemberStore{ members: make(map[memberKey]*client.ResiliencyGroupMember), } - mux.HandleFunc("/api/2.23/resiliency-groups/members", store.handle) + mux.HandleFunc(APIPrefix+"/resiliency-groups/members", store.handle) return store } diff --git a/internal/testmock/handlers/resiliency_groups.go b/internal/testmock/handlers/resiliency_groups.go index d77fb645..67a3e755 100644 --- a/internal/testmock/handlers/resiliency_groups.go +++ b/internal/testmock/handlers/resiliency_groups.go @@ -18,13 +18,13 @@ type resiliencyGroupStore struct { } // RegisterResiliencyGroupHandlers registers a GET-only handler for -// /api/2.23/resiliency-groups against the provided ServeMux. +// /api//resiliency-groups against the provided ServeMux. // Non-GET methods return 405 Method Not Allowed. func RegisterResiliencyGroupHandlers(mux *http.ServeMux) *resiliencyGroupStore { store := &resiliencyGroupStore{ groups: make(map[string]*client.ResiliencyGroup), } - mux.HandleFunc("/api/2.23/resiliency-groups", store.handle) + mux.HandleFunc(APIPrefix+"/resiliency-groups", store.handle) return store } @@ -46,7 +46,7 @@ func (s *resiliencyGroupStore) handle(w http.ResponseWriter, r *http.Request) { http.Error(w, "method not allowed", http.StatusMethodNotAllowed) } -// handleGet handles GET /api/2.23/resiliency-groups with optional ?names= param. +// handleGet handles GET /api//resiliency-groups with optional ?names= param. // If names is provided, returns the matching group or an empty list (HTTP 200, // never 404 — matches real API and lets getOneByName[T] detect not-found). // If names is absent, returns all groups. diff --git a/internal/testmock/handlers/s3_export_policies.go b/internal/testmock/handlers/s3_export_policies.go index 34a4d716..c5683389 100644 --- a/internal/testmock/handlers/s3_export_policies.go +++ b/internal/testmock/handlers/s3_export_policies.go @@ -28,8 +28,8 @@ func RegisterS3ExportPolicyHandlers(mux *http.ServeMux) *s3ExportPolicyStore { rules: make(map[string]map[string]*client.S3ExportPolicyRule), nextRuleIndex: make(map[string]int), } - mux.HandleFunc("/api/2.23/s3-export-policies", store.handlePolicy) - mux.HandleFunc("/api/2.23/s3-export-policies/rules", store.handleRules) + mux.HandleFunc(APIPrefix+"/s3-export-policies", store.handlePolicy) + mux.HandleFunc(APIPrefix+"/s3-export-policies/rules", store.handleRules) return store } @@ -65,7 +65,7 @@ func (s *s3ExportPolicyStore) handleRules(w http.ResponseWriter, r *http.Request } } -// handlePolicyGet handles GET /api/2.23/s3-export-policies with optional ?names= param. +// handlePolicyGet handles GET /api//s3-export-policies with optional ?names= param. func (s *s3ExportPolicyStore) handlePolicyGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() defer s.mu.Unlock() @@ -92,7 +92,7 @@ func (s *s3ExportPolicyStore) handlePolicyGet(w http.ResponseWriter, r *http.Req WriteJSONListResponse(w, http.StatusOK, items) } -// handlePolicyPost handles POST /api/2.23/s3-export-policies?names={name}. +// handlePolicyPost handles POST /api//s3-export-policies?names={name}. func (s *s3ExportPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -135,7 +135,7 @@ func (s *s3ExportPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Re WriteJSONListResponse(w, http.StatusOK, []client.S3ExportPolicy{*policy}) } -// handlePolicyPatch handles PATCH /api/2.23/s3-export-policies?names={name}. +// handlePolicyPatch handles PATCH /api//s3-export-policies?names={name}. func (s *s3ExportPolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -199,7 +199,7 @@ func (s *s3ExportPolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, []client.S3ExportPolicy{*policy}) } -// handlePolicyDelete handles DELETE /api/2.23/s3-export-policies?names={name}. +// handlePolicyDelete handles DELETE /api//s3-export-policies?names={name}. func (s *s3ExportPolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -222,7 +222,7 @@ func (s *s3ExportPolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http. w.WriteHeader(http.StatusOK) } -// handleRulesGet handles GET /api/2.23/s3-export-policies/rules. +// handleRulesGet handles GET /api//s3-export-policies/rules. // Filters by ?policy_names= and optionally ?names=. func (s *s3ExportPolicyStore) handleRulesGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() @@ -266,7 +266,7 @@ func (s *s3ExportPolicyStore) handleRulesGet(w http.ResponseWriter, r *http.Requ WriteJSONListResponse(w, http.StatusOK, items) } -// handleRulesPost handles POST /api/2.23/s3-export-policies/rules?policy_names={name}. +// handleRulesPost handles POST /api//s3-export-policies/rules?policy_names={name}. func (s *s3ExportPolicyStore) handleRulesPost(w http.ResponseWriter, r *http.Request) { policyName := r.URL.Query().Get("policy_names") if policyName == "" { @@ -312,7 +312,7 @@ func (s *s3ExportPolicyStore) handleRulesPost(w http.ResponseWriter, r *http.Req WriteJSONListResponse(w, http.StatusOK, []client.S3ExportPolicyRule{*rule}) } -// handleRulesPatch handles PATCH /api/2.23/s3-export-policies/rules?names={name}&policy_names={policy}. +// handleRulesPatch handles PATCH /api//s3-export-policies/rules?names={name}&policy_names={policy}. func (s *s3ExportPolicyStore) handleRulesPatch(w http.ResponseWriter, r *http.Request) { ruleName := r.URL.Query().Get("names") policyName := r.URL.Query().Get("policy_names") @@ -365,7 +365,7 @@ func (s *s3ExportPolicyStore) handleRulesPatch(w http.ResponseWriter, r *http.Re WriteJSONListResponse(w, http.StatusOK, []client.S3ExportPolicyRule{*rule}) } -// handleRulesDelete handles DELETE /api/2.23/s3-export-policies/rules?names={name}&policy_names={policy}. +// handleRulesDelete handles DELETE /api//s3-export-policies/rules?names={name}&policy_names={policy}. func (s *s3ExportPolicyStore) handleRulesDelete(w http.ResponseWriter, r *http.Request) { ruleName := r.URL.Query().Get("names") policyName := r.URL.Query().Get("policy_names") diff --git a/internal/testmock/handlers/servers.go b/internal/testmock/handlers/servers.go index c6ce22c2..89fa313a 100644 --- a/internal/testmock/handlers/servers.go +++ b/internal/testmock/handlers/servers.go @@ -18,14 +18,14 @@ type serverStore struct { byID map[string]*client.Server } -// RegisterServerHandlers registers CRUD handlers for /api/2.23/servers +// RegisterServerHandlers registers CRUD handlers for /api//servers // against the provided ServeMux. The handlers share in-memory state and are thread-safe. func RegisterServerHandlers(mux *http.ServeMux) *serverStore { store := &serverStore{ byName: make(map[string]*client.Server), byID: make(map[string]*client.Server), } - mux.HandleFunc("/api/2.23/servers", store.handle) + mux.HandleFunc(APIPrefix+"/servers", store.handle) return store } @@ -60,7 +60,7 @@ func (s *serverStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/servers with optional ?names= param. +// handleGet handles GET /api//servers with optional ?names= param. func (s *serverStore) handleGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() defer s.mu.Unlock() @@ -87,7 +87,7 @@ func (s *serverStore) handleGet(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/servers?names={name}&create_ds={name}_nfs. +// handlePost handles POST /api//servers?names={name}&create_ds={name}_nfs. // Both query parameters are required by the FlashBlade API. func (s *serverStore) handlePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names", "create_ds"}) { @@ -126,7 +126,7 @@ func (s *serverStore) handlePost(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.Server{*srv}) } -// handlePatch handles PATCH /api/2.23/servers?names={name}. +// handlePatch handles PATCH /api//servers?names={name}. func (s *serverStore) handlePatch(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -162,7 +162,7 @@ func (s *serverStore) handlePatch(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.Server{*srv}) } -// handleDelete handles DELETE /api/2.23/servers?names={name}. +// handleDelete handles DELETE /api//servers?names={name}. // Accepts an optional ?cascade_delete= parameter but does not validate it. func (s *serverStore) handleDelete(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") diff --git a/internal/testmock/handlers/smb_client_policies.go b/internal/testmock/handlers/smb_client_policies.go index 975018a3..6e304cc1 100644 --- a/internal/testmock/handlers/smb_client_policies.go +++ b/internal/testmock/handlers/smb_client_policies.go @@ -24,8 +24,8 @@ func RegisterSmbClientPolicyHandlers(mux *http.ServeMux) *smbClientPolicyStore { policies: make(map[string]*client.SmbClientPolicy), rules: make(map[string]map[string]*client.SmbClientPolicyRule), } - mux.HandleFunc("/api/2.23/smb-client-policies", store.handlePolicy) - mux.HandleFunc("/api/2.23/smb-client-policies/rules", store.handleRules) + mux.HandleFunc(APIPrefix+"/smb-client-policies", store.handlePolicy) + mux.HandleFunc(APIPrefix+"/smb-client-policies/rules", store.handleRules) return store } @@ -61,7 +61,7 @@ func (s *smbClientPolicyStore) handleRules(w http.ResponseWriter, r *http.Reques } } -// handlePolicyGet handles GET /api/2.23/smb-client-policies with optional ?names= param. +// handlePolicyGet handles GET /api//smb-client-policies with optional ?names= param. func (s *smbClientPolicyStore) handlePolicyGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() defer s.mu.Unlock() @@ -109,7 +109,7 @@ func (s *smbClientPolicyStore) policyWithRules(policy *client.SmbClientPolicy) c return p } -// handlePolicyPost handles POST /api/2.23/smb-client-policies?names={name}. +// handlePolicyPost handles POST /api//smb-client-policies?names={name}. func (s *smbClientPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -157,7 +157,7 @@ func (s *smbClientPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, []client.SmbClientPolicy{s.policyWithRules(policy)}) } -// handlePolicyPatch handles PATCH /api/2.23/smb-client-policies?names={name}. +// handlePolicyPatch handles PATCH /api//smb-client-policies?names={name}. func (s *smbClientPolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -225,7 +225,7 @@ func (s *smbClientPolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http. WriteJSONListResponse(w, http.StatusOK, []client.SmbClientPolicy{s.policyWithRules(policy)}) } -// handlePolicyDelete handles DELETE /api/2.23/smb-client-policies?names={name}. +// handlePolicyDelete handles DELETE /api//smb-client-policies?names={name}. func (s *smbClientPolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -247,7 +247,7 @@ func (s *smbClientPolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http w.WriteHeader(http.StatusOK) } -// handleRulesGet handles GET /api/2.23/smb-client-policies/rules. +// handleRulesGet handles GET /api//smb-client-policies/rules. // Filters by ?policy_names= and optionally ?names=. func (s *smbClientPolicyStore) handleRulesGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() @@ -286,7 +286,7 @@ func (s *smbClientPolicyStore) handleRulesGet(w http.ResponseWriter, r *http.Req WriteJSONListResponse(w, http.StatusOK, items) } -// handleRulesPost handles POST /api/2.23/smb-client-policies/rules?policy_names={name}. +// handleRulesPost handles POST /api//smb-client-policies/rules?policy_names={name}. func (s *smbClientPolicyStore) handleRulesPost(w http.ResponseWriter, r *http.Request) { policyName := r.URL.Query().Get("policy_names") if policyName == "" { @@ -334,7 +334,7 @@ func (s *smbClientPolicyStore) handleRulesPost(w http.ResponseWriter, r *http.Re WriteJSONListResponse(w, http.StatusOK, []client.SmbClientPolicyRule{*rule}) } -// handleRulesPatch handles PATCH /api/2.23/smb-client-policies/rules?names={name}&policy_names={policy}. +// handleRulesPatch handles PATCH /api//smb-client-policies/rules?names={name}&policy_names={policy}. func (s *smbClientPolicyStore) handleRulesPatch(w http.ResponseWriter, r *http.Request) { ruleName := r.URL.Query().Get("names") policyName := r.URL.Query().Get("policy_names") @@ -393,7 +393,7 @@ func (s *smbClientPolicyStore) handleRulesPatch(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, []client.SmbClientPolicyRule{*rule}) } -// handleRulesDelete handles DELETE /api/2.23/smb-client-policies/rules?names={name}&policy_names={policy}. +// handleRulesDelete handles DELETE /api//smb-client-policies/rules?names={name}&policy_names={policy}. func (s *smbClientPolicyStore) handleRulesDelete(w http.ResponseWriter, r *http.Request) { ruleName := r.URL.Query().Get("names") policyName := r.URL.Query().Get("policy_names") diff --git a/internal/testmock/handlers/smb_share_policies.go b/internal/testmock/handlers/smb_share_policies.go index 55a19ee7..2cf6c68a 100644 --- a/internal/testmock/handlers/smb_share_policies.go +++ b/internal/testmock/handlers/smb_share_policies.go @@ -13,7 +13,7 @@ import ( // smbSharePolicyStore is the thread-safe in-memory state for SMB share policy handlers. type smbSharePolicyStore struct { mu sync.Mutex - policies map[string]*client.SmbSharePolicy // policyName -> policy + policies map[string]*client.SmbSharePolicy // policyName -> policy rules map[string]map[string]*client.SmbSharePolicyRule // policyName -> ruleName -> rule } @@ -24,8 +24,8 @@ func RegisterSmbSharePolicyHandlers(mux *http.ServeMux) *smbSharePolicyStore { policies: make(map[string]*client.SmbSharePolicy), rules: make(map[string]map[string]*client.SmbSharePolicyRule), } - mux.HandleFunc("/api/2.23/smb-share-policies", store.handlePolicy) - mux.HandleFunc("/api/2.23/smb-share-policies/rules", store.handleRules) + mux.HandleFunc(APIPrefix+"/smb-share-policies", store.handlePolicy) + mux.HandleFunc(APIPrefix+"/smb-share-policies/rules", store.handleRules) return store } @@ -61,7 +61,7 @@ func (s *smbSharePolicyStore) handleRules(w http.ResponseWriter, r *http.Request } } -// handlePolicyGet handles GET /api/2.23/smb-share-policies with optional ?names= param. +// handlePolicyGet handles GET /api//smb-share-policies with optional ?names= param. func (s *smbSharePolicyStore) handlePolicyGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() defer s.mu.Unlock() @@ -109,7 +109,7 @@ func (s *smbSharePolicyStore) policyWithRules(policy *client.SmbSharePolicy) cli return p } -// handlePolicyPost handles POST /api/2.23/smb-share-policies?names={name}. +// handlePolicyPost handles POST /api//smb-share-policies?names={name}. func (s *smbSharePolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -150,7 +150,7 @@ func (s *smbSharePolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Re WriteJSONListResponse(w, http.StatusOK, []client.SmbSharePolicy{s.policyWithRules(policy)}) } -// handlePolicyPatch handles PATCH /api/2.23/smb-share-policies?names={name}. +// handlePolicyPatch handles PATCH /api//smb-share-policies?names={name}. func (s *smbSharePolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -209,7 +209,7 @@ func (s *smbSharePolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, []client.SmbSharePolicy{s.policyWithRules(policy)}) } -// handlePolicyDelete handles DELETE /api/2.23/smb-share-policies?names={name}. +// handlePolicyDelete handles DELETE /api//smb-share-policies?names={name}. func (s *smbSharePolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -231,7 +231,7 @@ func (s *smbSharePolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http. w.WriteHeader(http.StatusOK) } -// handleRulesGet handles GET /api/2.23/smb-share-policies/rules. +// handleRulesGet handles GET /api//smb-share-policies/rules. // Filters by ?policy_names= and optionally ?names=. func (s *smbSharePolicyStore) handleRulesGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() @@ -270,7 +270,7 @@ func (s *smbSharePolicyStore) handleRulesGet(w http.ResponseWriter, r *http.Requ WriteJSONListResponse(w, http.StatusOK, items) } -// handleRulesPost handles POST /api/2.23/smb-share-policies/rules?policy_names={name}. +// handleRulesPost handles POST /api//smb-share-policies/rules?policy_names={name}. func (s *smbSharePolicyStore) handleRulesPost(w http.ResponseWriter, r *http.Request) { policyName := r.URL.Query().Get("policy_names") if policyName == "" { @@ -313,7 +313,7 @@ func (s *smbSharePolicyStore) handleRulesPost(w http.ResponseWriter, r *http.Req WriteJSONListResponse(w, http.StatusOK, []client.SmbSharePolicyRule{*rule}) } -// handleRulesPatch handles PATCH /api/2.23/smb-share-policies/rules?names={name}&policy_names={policy}. +// handleRulesPatch handles PATCH /api//smb-share-policies/rules?names={name}&policy_names={policy}. func (s *smbSharePolicyStore) handleRulesPatch(w http.ResponseWriter, r *http.Request) { ruleName := r.URL.Query().Get("names") policyName := r.URL.Query().Get("policy_names") @@ -372,7 +372,7 @@ func (s *smbSharePolicyStore) handleRulesPatch(w http.ResponseWriter, r *http.Re WriteJSONListResponse(w, http.StatusOK, []client.SmbSharePolicyRule{*rule}) } -// handleRulesDelete handles DELETE /api/2.23/smb-share-policies/rules?names={name}&policy_names={policy}. +// handleRulesDelete handles DELETE /api//smb-share-policies/rules?names={name}&policy_names={policy}. func (s *smbSharePolicyStore) handleRulesDelete(w http.ResponseWriter, r *http.Request) { ruleName := r.URL.Query().Get("names") policyName := r.URL.Query().Get("policy_names") diff --git a/internal/testmock/handlers/snapshot_policies.go b/internal/testmock/handlers/snapshot_policies.go index 39438df4..caef49b7 100644 --- a/internal/testmock/handlers/snapshot_policies.go +++ b/internal/testmock/handlers/snapshot_policies.go @@ -23,8 +23,8 @@ func RegisterSnapshotPolicyHandlers(mux *http.ServeMux) *snapshotPolicyStore { store := &snapshotPolicyStore{ policies: make(map[string]*client.SnapshotPolicy), } - mux.HandleFunc("/api/2.23/policies", store.handlePolicy) - mux.HandleFunc("/api/2.23/policies/file-systems", store.handleFileSystems) + mux.HandleFunc(APIPrefix+"/policies", store.handlePolicy) + mux.HandleFunc(APIPrefix+"/policies/file-systems", store.handleFileSystems) return store } @@ -44,7 +44,7 @@ func (s *snapshotPolicyStore) handlePolicy(w http.ResponseWriter, r *http.Reques } } -// handleFileSystems handles GET /api/2.23/policies/file-systems?policy_names={name}. +// handleFileSystems handles GET /api//policies/file-systems?policy_names={name}. // Returns the list of file systems attached to the policy (empty in mock by default). func (s *snapshotPolicyStore) handleFileSystems(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodGet { @@ -55,7 +55,7 @@ func (s *snapshotPolicyStore) handleFileSystems(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, []client.PolicyMember{}) } -// handlePolicyGet handles GET /api/2.23/policies with optional ?names= param. +// handlePolicyGet handles GET /api//policies with optional ?names= param. func (s *snapshotPolicyStore) handlePolicyGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() defer s.mu.Unlock() @@ -82,7 +82,7 @@ func (s *snapshotPolicyStore) handlePolicyGet(w http.ResponseWriter, r *http.Req WriteJSONListResponse(w, http.StatusOK, items) } -// handlePolicyPost handles POST /api/2.23/policies?names={name}. +// handlePolicyPost handles POST /api//policies?names={name}. // Accepts optional inline rules in the body for creation-time rule setup. func (s *snapshotPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") @@ -135,7 +135,7 @@ func (s *snapshotPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Re WriteJSONListResponse(w, http.StatusOK, []client.SnapshotPolicy{*policy}) } -// handlePolicyPatch handles PATCH /api/2.23/policies?names={name}. +// handlePolicyPatch handles PATCH /api//policies?names={name}. // Supports: enabled update, add_rules (appends rules), remove_rules (removes by name). // Name is read-only for snapshot policies and is silently ignored if provided. func (s *snapshotPolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http.Request) { @@ -228,7 +228,7 @@ func (s *snapshotPolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http.R WriteJSONListResponse(w, http.StatusOK, []client.SnapshotPolicy{*policy}) } -// handlePolicyDelete handles DELETE /api/2.23/policies?names={name}. +// handlePolicyDelete handles DELETE /api//policies?names={name}. func (s *snapshotPolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { diff --git a/internal/testmock/handlers/snmp_managers.go b/internal/testmock/handlers/snmp_managers.go new file mode 100644 index 00000000..97b3f52a --- /dev/null +++ b/internal/testmock/handlers/snmp_managers.go @@ -0,0 +1,253 @@ +package handlers + +import ( + "encoding/json" + "fmt" + "net/http" + "sync" + + "github.com/numberly/terraform-provider-mica/internal/client" +) + +// snmpManagerStore is the thread-safe in-memory state for SNMP manager handlers. +type snmpManagerStore struct { + mu sync.Mutex + byName map[string]*client.SnmpManager + nextID int +} + +// RegisterSnmpManagerHandlers registers CRUD handlers for /api//snmp-managers +// against the provided ServeMux. The store pointer is returned for test setup. +func RegisterSnmpManagerHandlers(mux *http.ServeMux) *snmpManagerStore { + store := &snmpManagerStore{ + byName: make(map[string]*client.SnmpManager), + nextID: 1, + } + mux.HandleFunc(APIPrefix+"/snmp-managers", store.handle) + return store +} + +// Seed inserts a pre-existing SNMP manager directly into the store. +// Use this to set up test fixtures; sensitive fields will be stripped from +// every GET response to mirror real API behaviour. +func (s *snmpManagerStore) Seed(m *client.SnmpManager) { + s.mu.Lock() + defer s.mu.Unlock() + if m.ID == "" { + m.ID = fmt.Sprintf("snmpmgr-%d", s.nextID) + s.nextID++ + } + s.byName[m.Name] = m +} + +// Get returns a snapshot of the stored manager (raw, sensitive fields intact) +// for assertion in tests. +func (s *snmpManagerStore) Get(name string) (*client.SnmpManager, bool) { + s.mu.Lock() + defer s.mu.Unlock() + m, ok := s.byName[name] + if !ok { + return nil, false + } + cp := *m + return &cp, true +} + +// Mutate runs the provided callback under the store mutex with a pointer to +// the named manager. Useful to inject drift in tests. +func (s *snmpManagerStore) Mutate(name string, fn func(m *client.SnmpManager)) bool { + s.mu.Lock() + defer s.mu.Unlock() + m, ok := s.byName[name] + if !ok { + return false + } + fn(m) + return true +} + +func (s *snmpManagerStore) handle(w http.ResponseWriter, r *http.Request) { + switch r.Method { + case http.MethodGet: + s.handleGet(w, r) + case http.MethodPost: + s.handlePost(w, r) + case http.MethodPatch: + s.handlePatch(w, r) + case http.MethodDelete: + s.handleDelete(w, r) + default: + http.Error(w, "method not allowed", http.StatusMethodNotAllowed) + } +} + +// handleGet handles GET /api//snmp-managers with optional ?names= param. +// No-match returns HTTP 200 + {"items": []} to mirror real API behaviour. +func (s *snmpManagerStore) handleGet(w http.ResponseWriter, r *http.Request) { + if !ValidateQueryParams(w, r, []string{"names"}) { + return + } + + s.mu.Lock() + defer s.mu.Unlock() + + namesFilter := r.URL.Query().Get("names") + + var items []client.SnmpManager + if namesFilter != "" { + if m, ok := s.byName[namesFilter]; ok { + items = append(items, *stripSensitive(m)) + } + } else { + for _, m := range s.byName { + items = append(items, *stripSensitive(m)) + } + } + + if items == nil { + items = []client.SnmpManager{} + } + + WriteJSONListResponse(w, http.StatusOK, items) +} + +// handlePost handles POST /api//snmp-managers?names={name}. +func (s *snmpManagerStore) handlePost(w http.ResponseWriter, r *http.Request) { + if !ValidateQueryParams(w, r, []string{"names"}) { + return + } + + name, ok := RequireQueryParam(w, r, "names") + if !ok { + return + } + + var body client.SnmpManagerPost + if err := json.NewDecoder(r.Body).Decode(&body); err != nil { + WriteJSONError(w, http.StatusBadRequest, fmt.Sprintf("invalid request body: %v", err)) + return + } + + s.mu.Lock() + defer s.mu.Unlock() + + if _, exists := s.byName[name]; exists { + WriteJSONError(w, http.StatusConflict, fmt.Sprintf("snmp manager %q already exists", name)) + return + } + + id := fmt.Sprintf("snmpmgr-%d", s.nextID) + s.nextID++ + + m := &client.SnmpManager{ + ID: id, + Name: name, + Host: body.Host, + Notification: body.Notification, + Version: body.Version, + } + if body.V2c != nil { + m.V2c = &client.SnmpV2c{Community: body.V2c.Community} + } + if body.V3 != nil { + m.V3 = &client.SnmpV3{ + User: body.V3.User, + AuthProtocol: body.V3.AuthProtocol, + AuthPassphrase: body.V3.AuthPassphrase, + PrivacyProtocol: body.V3.PrivacyProtocol, + PrivacyPassphrase: body.V3.PrivacyPassphrase, + } + } + s.byName[name] = m + + WriteJSONListResponse(w, http.StatusOK, []client.SnmpManager{*stripSensitive(m)}) +} + +// handlePatch handles PATCH /api//snmp-managers?names={name}. +func (s *snmpManagerStore) handlePatch(w http.ResponseWriter, r *http.Request) { + if !ValidateQueryParams(w, r, []string{"names"}) { + return + } + + name, ok := RequireQueryParam(w, r, "names") + if !ok { + return + } + + var body client.SnmpManagerPatch + if err := json.NewDecoder(r.Body).Decode(&body); err != nil { + WriteJSONError(w, http.StatusBadRequest, fmt.Sprintf("invalid request body: %v", err)) + return + } + + s.mu.Lock() + defer s.mu.Unlock() + + m, exists := s.byName[name] + if !exists { + WriteJSONError(w, http.StatusNotFound, fmt.Sprintf("snmp manager %q not found", name)) + return + } + + if body.Host != nil { + m.Host = *body.Host + } + if body.Notification != nil { + m.Notification = *body.Notification + } + if body.Version != nil { + m.Version = *body.Version + } + if body.V2c != nil { + v := *body.V2c + m.V2c = &v + } + if body.V3 != nil { + v := *body.V3 + m.V3 = &v + } + + WriteJSONListResponse(w, http.StatusOK, []client.SnmpManager{*stripSensitive(m)}) +} + +// handleDelete handles DELETE /api//snmp-managers?names={name}. +func (s *snmpManagerStore) handleDelete(w http.ResponseWriter, r *http.Request) { + if !ValidateQueryParams(w, r, []string{"names"}) { + return + } + + name, ok := RequireQueryParam(w, r, "names") + if !ok { + return + } + + s.mu.Lock() + defer s.mu.Unlock() + + if _, exists := s.byName[name]; !exists { + WriteJSONError(w, http.StatusNotFound, fmt.Sprintf("snmp manager %q not found", name)) + return + } + + delete(s.byName, name) + w.WriteHeader(http.StatusOK) +} + +// stripSensitive returns a shallow copy with sensitive fields (community, +// auth_passphrase, privacy_passphrase) cleared, mirroring real API GET +// responses which never echo write-once secrets. +func stripSensitive(in *client.SnmpManager) *client.SnmpManager { + out := *in + if in.V2c != nil { + v := *in.V2c + v.Community = "" + out.V2c = &v + } + if in.V3 != nil { + v := *in.V3 + v.AuthPassphrase = "" + v.PrivacyPassphrase = "" + out.V3 = &v + } + return &out +} diff --git a/internal/testmock/handlers/subnets.go b/internal/testmock/handlers/subnets.go index e9235e2a..0f186d9e 100644 --- a/internal/testmock/handlers/subnets.go +++ b/internal/testmock/handlers/subnets.go @@ -20,14 +20,14 @@ type subnetStore struct { nextID int } -// RegisterSubnetHandlers registers CRUD handlers for /api/2.23/subnets +// RegisterSubnetHandlers registers CRUD handlers for /api//subnets // against the provided ServeMux. The handlers share in-memory state and are thread-safe. func RegisterSubnetHandlers(mux *http.ServeMux) *subnetStore { store := &subnetStore{ byName: make(map[string]*client.Subnet), byID: make(map[string]*client.Subnet), } - mux.HandleFunc("/api/2.23/subnets", store.handle) + mux.HandleFunc(APIPrefix+"/subnets", store.handle) return store } @@ -71,7 +71,7 @@ func (s *subnetStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/subnets with optional ?names= param. +// handleGet handles GET /api//subnets with optional ?names= param. // If names is provided, returns the matching subnet or an empty list. // If names is absent, returns all subnets. func (s *subnetStore) handleGet(w http.ResponseWriter, r *http.Request) { @@ -100,7 +100,7 @@ func (s *subnetStore) handleGet(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/subnets?names={name}. +// handlePost handles POST /api//subnets?names={name}. // The subnet name comes from the ?names= query parameter, not the request body. func (s *subnetStore) handlePost(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") @@ -143,7 +143,7 @@ func (s *subnetStore) handlePost(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.Subnet{*subnet}) } -// handlePatch handles PATCH /api/2.23/subnets?names={name}. +// handlePatch handles PATCH /api//subnets?names={name}. // Uses raw map decoding for true PATCH semantics — only provided fields are updated. func (s *subnetStore) handlePatch(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") @@ -216,7 +216,7 @@ func (s *subnetStore) handlePatch(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.Subnet{*subnet}) } -// handleDelete handles DELETE /api/2.23/subnets?names={name}. +// handleDelete handles DELETE /api//subnets?names={name}. func (s *subnetStore) handleDelete(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { diff --git a/internal/testmock/handlers/syslog_servers.go b/internal/testmock/handlers/syslog_servers.go index acc3f7f6..375b8743 100644 --- a/internal/testmock/handlers/syslog_servers.go +++ b/internal/testmock/handlers/syslog_servers.go @@ -21,7 +21,7 @@ func RegisterSyslogServerHandlers(mux *http.ServeMux) *syslogServerStore { store := &syslogServerStore{ servers: make(map[string]*client.SyslogServer), } - mux.HandleFunc("/api/2.23/syslog-servers", store.handle) + mux.HandleFunc(APIPrefix+"/syslog-servers", store.handle) return store } @@ -40,7 +40,7 @@ func (s *syslogServerStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/syslog-servers with optional ?names= param. +// handleGet handles GET /api//syslog-servers with optional ?names= param. func (s *syslogServerStore) handleGet(w http.ResponseWriter, r *http.Request) { s.mu.Lock() defer s.mu.Unlock() @@ -67,7 +67,7 @@ func (s *syslogServerStore) handleGet(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/syslog-servers?names={name}. +// handlePost handles POST /api//syslog-servers?names={name}. func (s *syslogServerStore) handlePost(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -112,7 +112,7 @@ func (s *syslogServerStore) handlePost(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.SyslogServer{*srv}) } -// handlePatch handles PATCH /api/2.23/syslog-servers?names={name}. +// handlePatch handles PATCH /api//syslog-servers?names={name}. func (s *syslogServerStore) handlePatch(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { @@ -166,7 +166,7 @@ func (s *syslogServerStore) handlePatch(w http.ResponseWriter, r *http.Request) WriteJSONListResponse(w, http.StatusOK, []client.SyslogServer{*srv}) } -// handleDelete handles DELETE /api/2.23/syslog-servers?names={name}. +// handleDelete handles DELETE /api//syslog-servers?names={name}. func (s *syslogServerStore) handleDelete(w http.ResponseWriter, r *http.Request) { name := r.URL.Query().Get("names") if name == "" { diff --git a/internal/testmock/handlers/targets.go b/internal/testmock/handlers/targets.go index 83984f96..78022ae2 100644 --- a/internal/testmock/handlers/targets.go +++ b/internal/testmock/handlers/targets.go @@ -16,14 +16,14 @@ type targetStore struct { nextID int } -// RegisterTargetHandlers registers CRUD handlers for /api/2.23/targets +// RegisterTargetHandlers registers CRUD handlers for /api//targets // against the provided ServeMux. The store pointer is returned for test setup. func RegisterTargetHandlers(mux *http.ServeMux) *targetStore { store := &targetStore{ byName: make(map[string]*client.Target), nextID: 1, } - mux.HandleFunc("/api/2.23/targets", store.handle) + mux.HandleFunc(APIPrefix+"/targets", store.handle) return store } @@ -49,7 +49,7 @@ func (s *targetStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/targets with optional ?names= param. +// handleGet handles GET /api//targets with optional ?names= param. func (s *targetStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return @@ -80,7 +80,7 @@ func (s *targetStore) handleGet(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/targets?names={name}. +// handlePost handles POST /api//targets?names={name}. // Requires non-empty address in body. Returns 409 if name already exists. func (s *targetStore) handlePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -127,7 +127,7 @@ func (s *targetStore) handlePost(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.Target{*tgt}) } -// handlePatch handles PATCH /api/2.23/targets?names={name}. +// handlePatch handles PATCH /api//targets?names={name}. // Applies non-nil pointer fields. Returns 404 if not found. func (s *targetStore) handlePatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -166,7 +166,7 @@ func (s *targetStore) handlePatch(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.Target{*tgt}) } -// handleDelete handles DELETE /api/2.23/targets?names={name}. +// handleDelete handles DELETE /api//targets?names={name}. func (s *targetStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return diff --git a/internal/testmock/handlers/tls_policies.go b/internal/testmock/handlers/tls_policies.go index bd966dbf..86e3063d 100644 --- a/internal/testmock/handlers/tls_policies.go +++ b/internal/testmock/handlers/tls_policies.go @@ -12,16 +12,16 @@ import ( // tlsPolicyStore is the thread-safe in-memory state for TLS policy handlers. type tlsPolicyStore struct { - mu sync.Mutex + mu sync.Mutex policies map[string]*client.TlsPolicy // keyed by policy name members map[string][]client.TlsPolicyMember // keyed by policy name - nextID int + nextID int } // RegisterTlsPolicyHandlers registers CRUD handlers for: -// - /api/2.23/tls-policies (policy CRUD) -// - /api/2.23/tls-policies/members (member GET list) -// - /api/2.23/network-interfaces/tls-policies (member POST/DELETE) +// - /api//tls-policies (policy CRUD) +// - /api//tls-policies/members (member GET list) +// - /api//network-interfaces/tls-policies (member POST/DELETE) // // Returns the store so tests can call Seed and SeedMember. func RegisterTlsPolicyHandlers(mux *http.ServeMux) *tlsPolicyStore { @@ -30,9 +30,9 @@ func RegisterTlsPolicyHandlers(mux *http.ServeMux) *tlsPolicyStore { members: make(map[string][]client.TlsPolicyMember), } // Register member endpoints before policy endpoint to avoid ServeMux prefix collision. - mux.HandleFunc("/api/2.23/tls-policies/members", store.handleMember) - mux.HandleFunc("/api/2.23/tls-policies", store.handlePolicy) - mux.HandleFunc("/api/2.23/network-interfaces/tls-policies", store.handleNITlsPolicies) + mux.HandleFunc(APIPrefix+"/tls-policies/members", store.handleMember) + mux.HandleFunc(APIPrefix+"/tls-policies", store.handlePolicy) + mux.HandleFunc(APIPrefix+"/network-interfaces/tls-policies", store.handleNITlsPolicies) return store } @@ -66,7 +66,7 @@ func (s *tlsPolicyStore) handlePolicy(w http.ResponseWriter, r *http.Request) { } } -// handlePolicyGet handles GET /api/2.23/tls-policies. +// handlePolicyGet handles GET /api//tls-policies. // When ?names= filter matches nothing, returns empty list with HTTP 200 (not 404). func (s *tlsPolicyStore) handlePolicyGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids", "names", "effective", "purity_defined"}) { @@ -98,7 +98,7 @@ func (s *tlsPolicyStore) handlePolicyGet(w http.ResponseWriter, r *http.Request) WriteJSONListResponse(w, http.StatusOK, items) } -// handlePolicyPost handles POST /api/2.23/tls-policies. +// handlePolicyPost handles POST /api//tls-policies. func (s *tlsPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return @@ -127,18 +127,18 @@ func (s *tlsPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Request id := fmt.Sprintf("tls-%d", s.nextID) policy := &client.TlsPolicy{ - ID: id, - Name: name, - ApplianceCertificate: body.ApplianceCertificate, - ClientCertificatesRequired: body.ClientCertificatesRequired, - DisabledTlsCiphers: body.DisabledTlsCiphers, - Enabled: body.Enabled, - EnabledTlsCiphers: body.EnabledTlsCiphers, - IsLocal: true, - MinTlsVersion: body.MinTlsVersion, - PolicyType: "tls", + ID: id, + Name: name, + ApplianceCertificate: body.ApplianceCertificate, + ClientCertificatesRequired: body.ClientCertificatesRequired, + DisabledTlsCiphers: body.DisabledTlsCiphers, + Enabled: body.Enabled, + EnabledTlsCiphers: body.EnabledTlsCiphers, + IsLocal: true, + MinTlsVersion: body.MinTlsVersion, + PolicyType: "tls", TrustedClientCertificateAuthority: body.TrustedClientCertificateAuthority, - VerifyClientCertificateTrust: body.VerifyClientCertificateTrust, + VerifyClientCertificateTrust: body.VerifyClientCertificateTrust, } s.policies[name] = policy @@ -146,7 +146,7 @@ func (s *tlsPolicyStore) handlePolicyPost(w http.ResponseWriter, r *http.Request WriteJSONListResponse(w, http.StatusOK, []client.TlsPolicy{*policy}) } -// handlePolicyPatch handles PATCH /api/2.23/tls-policies. +// handlePolicyPatch handles PATCH /api//tls-policies. func (s *tlsPolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids", "names"}) { return @@ -200,7 +200,7 @@ func (s *tlsPolicyStore) handlePolicyPatch(w http.ResponseWriter, r *http.Reques WriteJSONListResponse(w, http.StatusOK, []client.TlsPolicy{*policy}) } -// handlePolicyDelete handles DELETE /api/2.23/tls-policies. +// handlePolicyDelete handles DELETE /api//tls-policies. func (s *tlsPolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"ids", "names"}) { return @@ -225,7 +225,7 @@ func (s *tlsPolicyStore) handlePolicyDelete(w http.ResponseWriter, r *http.Reque w.WriteHeader(http.StatusOK) } -// handleMember dispatches GET /api/2.23/tls-policies/members requests. +// handleMember dispatches GET /api//tls-policies/members requests. func (s *tlsPolicyStore) handleMember(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodGet { http.Error(w, "method not allowed", http.StatusMethodNotAllowed) @@ -234,7 +234,7 @@ func (s *tlsPolicyStore) handleMember(w http.ResponseWriter, r *http.Request) { s.handleMemberGet(w, r) } -// handleMemberGet handles GET /api/2.23/tls-policies/members. +// handleMemberGet handles GET /api//tls-policies/members. func (s *tlsPolicyStore) handleMemberGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"policy_names", "policy_ids", "member_names"}) { return @@ -265,7 +265,7 @@ func (s *tlsPolicyStore) handleMemberGet(w http.ResponseWriter, r *http.Request) WriteJSONListResponse(w, http.StatusOK, items) } -// handleNITlsPolicies dispatches POST/DELETE /api/2.23/network-interfaces/tls-policies requests. +// handleNITlsPolicies dispatches POST/DELETE /api//network-interfaces/tls-policies requests. func (s *tlsPolicyStore) handleNITlsPolicies(w http.ResponseWriter, r *http.Request) { switch r.Method { case http.MethodPost: @@ -277,7 +277,7 @@ func (s *tlsPolicyStore) handleNITlsPolicies(w http.ResponseWriter, r *http.Requ } } -// handleMemberPost handles POST /api/2.23/network-interfaces/tls-policies. +// handleMemberPost handles POST /api//network-interfaces/tls-policies. func (s *tlsPolicyStore) handleMemberPost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"policy_names", "policy_ids", "member_names"}) { return @@ -336,7 +336,7 @@ func (f *TlsPolicyStoreFacade) SeedMember(policyName string, member client.TlsPo f.store.SeedMember(policyName, member) } -// handleMemberDelete handles DELETE /api/2.23/network-interfaces/tls-policies. +// handleMemberDelete handles DELETE /api//network-interfaces/tls-policies. func (s *tlsPolicyStore) handleMemberDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"policy_names", "policy_ids", "member_names"}) { return diff --git a/internal/testmock/handlers/workloads.go b/internal/testmock/handlers/workloads.go index c1bf1d65..05333c63 100644 --- a/internal/testmock/handlers/workloads.go +++ b/internal/testmock/handlers/workloads.go @@ -16,14 +16,14 @@ type workloadStore struct { nextID int } -// RegisterWorkloadHandlers registers CRUD handlers for /api/2.23/workloads +// RegisterWorkloadHandlers registers CRUD handlers for /api//workloads // against the provided ServeMux. The store pointer is returned for test setup. func RegisterWorkloadHandlers(mux *http.ServeMux) *workloadStore { store := &workloadStore{ byName: make(map[string]*client.Workload), nextID: 1, } - mux.HandleFunc("/api/2.23/workloads", store.handle) + mux.HandleFunc(APIPrefix+"/workloads", store.handle) return store } @@ -49,7 +49,7 @@ func (s *workloadStore) handle(w http.ResponseWriter, r *http.Request) { } } -// handleGet handles GET /api/2.23/workloads with optional ?names= and ?destroyed= params. +// handleGet handles GET /api//workloads with optional ?names= and ?destroyed= params. // Returns an empty list (HTTP 200) when no match is found — never 404. func (s *workloadStore) handleGet(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names", "destroyed"}) { @@ -99,7 +99,7 @@ func (s *workloadStore) handleGet(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, items) } -// handlePost handles POST /api/2.23/workloads?names={name}&preset_names={preset}. +// handlePost handles POST /api//workloads?names={name}&preset_names={preset}. // Returns 409 if name already exists. func (s *workloadStore) handlePost(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names", "preset_names", "preset_ids"}) { @@ -154,7 +154,7 @@ func (s *workloadStore) handlePost(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.Workload{*wl}) } -// handlePatch handles PATCH /api/2.23/workloads?names={name}. +// handlePatch handles PATCH /api//workloads?names={name}. // Applies non-nil pointer fields. Returns 404 if not found. func (s *workloadStore) handlePatch(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { @@ -200,7 +200,7 @@ func (s *workloadStore) handlePatch(w http.ResponseWriter, r *http.Request) { WriteJSONListResponse(w, http.StatusOK, []client.Workload{*wl}) } -// handleDelete handles DELETE /api/2.23/workloads?names={name}. +// handleDelete handles DELETE /api//workloads?names={name}. func (s *workloadStore) handleDelete(w http.ResponseWriter, r *http.Request) { if !ValidateQueryParams(w, r, []string{"names"}) { return diff --git a/internal/testmock/server.go b/internal/testmock/server.go index b8f9fc79..0b647d23 100644 --- a/internal/testmock/server.go +++ b/internal/testmock/server.go @@ -6,6 +6,8 @@ import ( "encoding/json" "net/http" "net/http/httptest" + + "github.com/numberly/terraform-provider-mica/internal/client" ) // MockServer wraps an httptest.Server with a configurable ServeMux and @@ -55,11 +57,11 @@ func (ms *MockServer) handleLogin(w http.ResponseWriter, r *http.Request) { } // handleAPIVersion handles GET /api/api_version by returning a versions list -// that includes the target API version "2.23". +// that includes the client's target API version (client.APIVersion). func (ms *MockServer) handleAPIVersion(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusOK) _ = json.NewEncoder(w).Encode(map[string]any{ - "versions": []string{"2.12", "2.15", "2.23"}, + "versions": []string{"2.12", "2.15", client.APIVersion}, }) } diff --git a/internal/testmock/server_test.go b/internal/testmock/server_test.go index 5f559dc1..eb612554 100644 --- a/internal/testmock/server_test.go +++ b/internal/testmock/server_test.go @@ -9,6 +9,7 @@ import ( "net/http" "testing" + "github.com/numberly/terraform-provider-mica/internal/client" "github.com/numberly/terraform-provider-mica/internal/testmock" "github.com/numberly/terraform-provider-mica/internal/testmock/handlers" ) @@ -63,7 +64,7 @@ func TestUnit_MockServer_FullCRUDLifecycle(t *testing.T) { } resp.Body.Close() - // Step 2: GET /api/api_version — verify "2.23" present. + // Step 2: GET /api/api_version — verify client.APIVersion present. resp = doJSON(t, http.MethodGet, base+"/api/api_version", nil) if resp.StatusCode != http.StatusOK { t.Fatalf("GET /api/api_version: expected 200, got %d", resp.StatusCode) @@ -74,23 +75,23 @@ func TestUnit_MockServer_FullCRUDLifecycle(t *testing.T) { decodeJSON(t, resp, &versionResp) found := false for _, v := range versionResp.Versions { - if v == "2.23" { + if v == client.APIVersion { found = true break } } if !found { - t.Errorf("GET /api/api_version: expected 2.23 in versions, got %v", versionResp.Versions) + t.Errorf("GET /api/api_version: expected %s in versions, got %v", client.APIVersion, versionResp.Versions) } - // Step 3: POST /api/2.23/file-systems?names=test-fs — create file system. + // Step 3: POST /api//file-systems?names=test-fs — create file system. // The FlashBlade API requires the name as a ?names= query parameter, not in the body. - resp = doJSON(t, http.MethodPost, base+"/api/2.23/file-systems?names=test-fs", map[string]any{ + resp = doJSON(t, http.MethodPost, base+handlers.APIPrefix+"/file-systems?names=test-fs", map[string]any{ "provisioned": 1073741824, }) if resp.StatusCode != http.StatusOK { body, _ := io.ReadAll(resp.Body) - t.Fatalf("POST /api/2.23/file-systems: expected 200, got %d: %s", resp.StatusCode, body) + t.Fatalf("POST /api//file-systems: expected 200, got %d: %s", resp.StatusCode, body) } var createResp struct { Items []struct { @@ -102,7 +103,7 @@ func TestUnit_MockServer_FullCRUDLifecycle(t *testing.T) { } decodeJSON(t, resp, &createResp) if len(createResp.Items) == 0 { - t.Fatal("POST /api/2.23/file-systems: expected items in response") + t.Fatal("POST /api//file-systems: expected items in response") } fs := createResp.Items[0] if fs.ID == "" { @@ -116,8 +117,8 @@ func TestUnit_MockServer_FullCRUDLifecycle(t *testing.T) { } fsID := fs.ID - // Step 4: GET /api/2.23/file-systems?names=test-fs — verify file system returned. - resp = doJSON(t, http.MethodGet, base+"/api/2.23/file-systems?names=test-fs", nil) + // Step 4: GET /api//file-systems?names=test-fs — verify file system returned. + resp = doJSON(t, http.MethodGet, base+handlers.APIPrefix+"/file-systems?names=test-fs", nil) if resp.StatusCode != http.StatusOK { t.Fatalf("GET file-systems?names=test-fs: expected 200, got %d", resp.StatusCode) } @@ -135,8 +136,8 @@ func TestUnit_MockServer_FullCRUDLifecycle(t *testing.T) { t.Errorf("expected name test-fs, got %q", getResp.Items[0].Name) } - // Step 5: PATCH /api/2.23/file-systems?ids={id} — update provisioned size. - resp = doJSON(t, http.MethodPatch, fmt.Sprintf("%s/api/2.23/file-systems?ids=%s", base, fsID), map[string]any{ + // Step 5: PATCH /api//file-systems?ids={id} — update provisioned size. + resp = doJSON(t, http.MethodPatch, fmt.Sprintf("%s"+handlers.APIPrefix+"/file-systems?ids=%s", base, fsID), map[string]any{ "provisioned": 2147483648, }) if resp.StatusCode != http.StatusOK { @@ -159,7 +160,7 @@ func TestUnit_MockServer_FullCRUDLifecycle(t *testing.T) { } // Step 6: PATCH destroyed=true — soft-delete. - resp = doJSON(t, http.MethodPatch, fmt.Sprintf("%s/api/2.23/file-systems?ids=%s", base, fsID), map[string]any{ + resp = doJSON(t, http.MethodPatch, fmt.Sprintf("%s"+handlers.APIPrefix+"/file-systems?ids=%s", base, fsID), map[string]any{ "destroyed": true, }) if resp.StatusCode != http.StatusOK { @@ -176,8 +177,8 @@ func TestUnit_MockServer_FullCRUDLifecycle(t *testing.T) { t.Error("expected destroyed=true after soft-delete patch") } - // Step 7: DELETE /api/2.23/file-systems?ids={id} — eradicate. - resp = doJSON(t, http.MethodDelete, fmt.Sprintf("%s/api/2.23/file-systems?ids=%s", base, fsID), nil) + // Step 7: DELETE /api//file-systems?ids={id} — eradicate. + resp = doJSON(t, http.MethodDelete, fmt.Sprintf("%s"+handlers.APIPrefix+"/file-systems?ids=%s", base, fsID), nil) if resp.StatusCode != http.StatusOK { body, _ := io.ReadAll(resp.Body) t.Fatalf("DELETE: expected 200, got %d: %s", resp.StatusCode, body) @@ -185,7 +186,7 @@ func TestUnit_MockServer_FullCRUDLifecycle(t *testing.T) { resp.Body.Close() // Step 8: GET after eradication — verify empty items. - resp = doJSON(t, http.MethodGet, base+"/api/2.23/file-systems?names=test-fs", nil) + resp = doJSON(t, http.MethodGet, base+handlers.APIPrefix+"/file-systems?names=test-fs", nil) if resp.StatusCode != http.StatusOK { t.Fatalf("GET after eradicate: expected 200, got %d", resp.StatusCode) } @@ -225,13 +226,13 @@ func TestUnit_MockServer_LoginAndVersion(t *testing.T) { decodeJSON(t, resp, &vr) found := false for _, v := range vr.Versions { - if v == "2.23" { + if v == client.APIVersion { found = true break } } if !found { - t.Errorf("expected 2.23 in versions, got %v", vr.Versions) + t.Errorf("expected %s in versions, got %v", client.APIVersion, vr.Versions) } } @@ -243,7 +244,7 @@ func TestUnit_MockServer_DeleteRequiresDestroyed(t *testing.T) { // Create a file system (not destroyed). // The FlashBlade API requires the name as a ?names= query parameter, not in the body. - resp := doJSON(t, http.MethodPost, base+"/api/2.23/file-systems?names=no-destroy-fs", map[string]any{ + resp := doJSON(t, http.MethodPost, base+handlers.APIPrefix+"/file-systems?names=no-destroy-fs", map[string]any{ "provisioned": 1073741824, }) if resp.StatusCode != http.StatusOK { @@ -261,7 +262,7 @@ func TestUnit_MockServer_DeleteRequiresDestroyed(t *testing.T) { fsID := createResp.Items[0].ID // Attempt DELETE without soft-deleting first — should return 400. - resp = doJSON(t, http.MethodDelete, fmt.Sprintf("%s/api/2.23/file-systems?ids=%s", base, fsID), nil) + resp = doJSON(t, http.MethodDelete, fmt.Sprintf("%s"+handlers.APIPrefix+"/file-systems?ids=%s", base, fsID), nil) if resp.StatusCode != http.StatusBadRequest { body, _ := io.ReadAll(resp.Body) t.Fatalf("DELETE non-destroyed: expected 400, got %d: %s", resp.StatusCode, body) diff --git a/pulumi/provider/cmd/pulumi-resource-mica/bridge-metadata.json b/pulumi/provider/cmd/pulumi-resource-mica/bridge-metadata.json index 2a81dab4..e0259dfb 100644 --- a/pulumi/provider/cmd/pulumi-resource-mica/bridge-metadata.json +++ b/pulumi/provider/cmd/pulumi-resource-mica/bridge-metadata.json @@ -274,6 +274,9 @@ "flashblade_snapshot_policy_rule": { "current": "mica:index/snapshotPolicyRule:SnapshotPolicyRule" }, + "flashblade_snmp_manager": { + "current": "mica:index/snmpManager:SnmpManager" + }, "flashblade_subnet": { "current": "mica:index/subnet:Subnet", "fields": { @@ -531,6 +534,9 @@ "flashblade_snapshot_policy": { "current": "mica:index/getSnapshotPolicy:getSnapshotPolicy" }, + "flashblade_snmp_manager": { + "current": "mica:index/getSnmpManager:getSnmpManager" + }, "flashblade_subnet": { "current": "mica:index/getSubnet:getSubnet", "fields": { diff --git a/pulumi/provider/cmd/pulumi-resource-mica/schema-embed.json b/pulumi/provider/cmd/pulumi-resource-mica/schema-embed.json index 2e94395c..81346756 100644 --- a/pulumi/provider/cmd/pulumi-resource-mica/schema-embed.json +++ b/pulumi/provider/cmd/pulumi-resource-mica/schema-embed.json @@ -1 +1 @@ -{"name":"mica","displayName":"Mica","description":"A Pulumi package for managing Pure Storage FlashBlade resources.","keywords":["pulumi","mica","flashblade","pure-storage","category/infrastructure"],"homepage":"https://github.com/numberly/terraform-provider-mica","license":"GPL-3.0-only","attribution":"This Pulumi package is based on the [`mica` Terraform Provider](https://github.com/terraform-providers/terraform-provider-mica).","repository":"https://github.com/numberly/terraform-provider-mica","pluginDownloadURL":"github://api.github.com/numberly/terraform-provider-mica","publisher":"numberly","meta":{"moduleFormat":"(.*)(?:/[^/]*)"},"language":{"nodejs":{"packageDescription":"A Pulumi package for managing Pure Storage FlashBlade resources.","readme":"> This provider is a derived work of the [Terraform Provider](https://github.com/terraform-providers/terraform-provider-mica)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> please consult the source [`terraform-provider-mica` repo](https://github.com/terraform-providers/terraform-provider-mica/issues).","compatibility":"tfbridge20","disableUnionOutputTypes":true},"python":{"readme":"> This provider is a derived work of the [Terraform Provider](https://github.com/terraform-providers/terraform-provider-mica)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> please consult the source [`terraform-provider-mica` repo](https://github.com/terraform-providers/terraform-provider-mica/issues).","compatibility":"tfbridge20","pyproject":{}}},"config":{"variables":{"auth":{"$ref":"#/types/mica:config/auth:auth","description":"Authentication configuration for the FlashBlade array."},"caCert":{"type":"string","description":"Inline PEM-encoded CA certificate string used for TLS verification."},"caCertFile":{"type":"string","description":"Path to a PEM-encoded CA certificate file used for TLS verification."},"endpoint":{"type":"string","description":"FlashBlade management endpoint URL (e.g. https://flashblade.example.com). Falls back to FLASHBLADE_HOST environment variable."},"insecureSkipVerify":{"type":"boolean","description":"Disable TLS certificate verification. For testing and development only."},"maxRetries":{"type":"integer","description":"Maximum number of retry attempts for transient errors (429, 5xx). Default: 3."}}},"types":{"mica:config/auth:auth":{"properties":{"apiToken":{"type":"string","description":"API token for session-based authentication. Falls back to FLASHBLADE_API_TOKEN environment variable.\n","secret":true},"oauth2":{"$ref":"#/types/mica:config/authOauth2:authOauth2","description":"OAuth2 token-exchange authentication configuration.\n"}},"type":"object"},"mica:config/authOauth2:authOauth2":{"properties":{"clientId":{"type":"string","description":"OAuth2 client ID. Falls back to FLASHBLADE_OAUTH2_CLIENT_ID environment variable.\n","secret":true},"issuer":{"type":"string","description":"OAuth2 issuer. Falls back to FLASHBLADE_OAUTH2_ISSUER environment variable.\n"},"keyId":{"type":"string","description":"OAuth2 key ID. Falls back to FLASHBLADE_OAUTH2_KEY_ID environment variable.\n","secret":true}},"type":"object"},"mica:index/ArrayConnectionThrottle:ArrayConnectionThrottle":{"properties":{"defaultLimit":{"type":"integer","description":"Default bandwidth limit in bytes per second.\n"},"windowEnd":{"type":"string","description":"End time of the throttle window (HH:MM format).\n"},"windowLimit":{"type":"integer","description":"Window bandwidth limit in bytes per second.\n"},"windowStart":{"type":"string","description":"Start time of the throttle window (HH:MM format).\n"}},"type":"object"},"mica:index/ArraySmtpAlertWatcher:ArraySmtpAlertWatcher":{"properties":{"email":{"type":"string","description":"Email address of the alert recipient. This is the unique identifier for the watcher.\n"},"enabled":{"type":"boolean","description":"If true, this watcher receives alert notifications.\n"},"minimumNotificationSeverity":{"type":"string","description":"Minimum alert severity that triggers a notification: 'info', 'warning', 'error', or 'critical'.\n"}},"type":"object","required":["email"],"language":{"nodejs":{"requiredOutputs":["email","enabled","minimumNotificationSeverity"]}}},"mica:index/BucketEradicationConfig:BucketEradicationConfig":{"properties":{"eradicationDelay":{"type":"integer","description":"Eradication delay in milliseconds.\n"},"eradicationMode":{"type":"string","description":"Eradication mode (e.g. 'retention-based', 'permission-based').\n"},"manualEradication":{"type":"string","description":"Manual eradication setting ('enabled' or 'disabled').\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["eradicationDelay","eradicationMode","manualEradication"]}}},"mica:index/BucketObjectLockConfig:BucketObjectLockConfig":{"properties":{"defaultRetention":{"type":"integer","description":"Default retention period in seconds.\n"},"defaultRetentionMode":{"type":"string","description":"Default retention mode ('compliance' or 'governance').\n"},"freezeLockedObjects":{"type":"boolean","description":"Whether to freeze locked objects.\n"},"objectLockEnabled":{"type":"boolean","description":"Whether object lock is enabled.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["defaultRetention","defaultRetentionMode","freezeLockedObjects","objectLockEnabled"]}}},"mica:index/BucketPublicAccessConfig:BucketPublicAccessConfig":{"properties":{"blockNewPublicPolicies":{"type":"boolean","description":"Whether to block new public policies.\n"},"blockPublicAccess":{"type":"boolean","description":"Whether to block public access.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["blockNewPublicPolicies","blockPublicAccess"]}}},"mica:index/BucketSpace:BucketSpace":{"properties":{"dataReduction":{"type":"number","description":"Data reduction ratio.\n"},"snapshots":{"type":"integer","description":"Physical space used by snapshots in bytes.\n"},"snapshotsEffective":{"type":"integer","description":"Effective snapshot space used in bytes.\n"},"totalPhysical":{"type":"integer","description":"Total physical space used in bytes.\n"},"unique":{"type":"integer","description":"Unique physical space used in bytes.\n"},"virtual":{"type":"integer","description":"Virtual (logical) space used in bytes.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["dataReduction","snapshots","snapshotsEffective","totalPhysical","unique","virtual"]}}},"mica:index/DirectoryServiceRoleRole:DirectoryServiceRoleRole":{"properties":{"name":{"type":"string"}},"type":"object","language":{"nodejs":{"requiredOutputs":["name"]}}},"mica:index/FileSystemDefaultQuotas:FileSystemDefaultQuotas":{"properties":{"groupQuota":{"type":"integer","description":"Default quota per group in bytes.\n"},"userQuota":{"type":"integer","description":"Default quota per user in bytes.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["groupQuota","userQuota"]}}},"mica:index/FileSystemExportWorkload:FileSystemExportWorkload":{"properties":{"id":{"type":"string","description":"The workload unique identifier.\n"},"name":{"type":"string","description":"The workload name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/FileSystemHttp:FileSystemHttp":{"properties":{"enabled":{"type":"boolean","description":"Whether HTTP is enabled on this file system.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["enabled"]}}},"mica:index/FileSystemMultiProtocol:FileSystemMultiProtocol":{"properties":{"accessControlStyle":{"type":"string","description":"Access control style for multi-protocol access ('nfs' or 'smb').\n"},"safeguardAcls":{"type":"boolean","description":"Whether to safeguard ACLs during multi-protocol access.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["accessControlStyle","safeguardAcls"]}}},"mica:index/FileSystemNfs:FileSystemNfs":{"properties":{"enabled":{"type":"boolean","description":"Whether NFS is enabled on this file system.\n"},"rules":{"type":"string","description":"NFS export rules string (e.g. '*(rw,no_root_squash)').\n"},"transport":{"type":"string","description":"NFS transport protocol ('tcp' or 'udp').\n"},"v3Enabled":{"type":"boolean","description":"Whether NFSv3 is enabled.\n"},"v41Enabled":{"type":"boolean","description":"Whether NFSv4.1 is enabled.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["enabled","rules","transport","v3Enabled","v41Enabled"]}}},"mica:index/FileSystemSmb:FileSystemSmb":{"properties":{"accessBasedEnumerationEnabled":{"type":"boolean","description":"Whether access-based enumeration is enabled for SMB.\n"},"continuousAvailabilityEnabled":{"type":"boolean","description":"Whether continuous availability is enabled for SMB.\n"},"enabled":{"type":"boolean","description":"Whether SMB is enabled on this file system.\n"},"smbEncryptionEnabled":{"type":"boolean","description":"Whether SMB encryption is enabled.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["accessBasedEnumerationEnabled","continuousAvailabilityEnabled","enabled","smbEncryptionEnabled"]}}},"mica:index/FileSystemSource:FileSystemSource":{"properties":{"id":{"type":"string","description":"Source file system ID.\n"},"name":{"type":"string","description":"Source file system name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/FileSystemSpace:FileSystemSpace":{"properties":{"dataReduction":{"type":"number","description":"Data reduction ratio.\n"},"snapshots":{"type":"integer","description":"Physical space used by snapshots in bytes.\n"},"snapshotsEffective":{"type":"integer","description":"Effective snapshot space used in bytes.\n"},"totalPhysical":{"type":"integer","description":"Total physical space used in bytes.\n"},"unique":{"type":"integer","description":"Unique physical space used in bytes.\n"},"virtual":{"type":"integer","description":"Virtual (logical) space used in bytes.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["dataReduction","snapshots","snapshotsEffective","totalPhysical","unique","virtual"]}}},"mica:index/FileSystemWorkload:FileSystemWorkload":{"properties":{"id":{"type":"string","description":"Workload ID.\n"},"name":{"type":"string","description":"Workload name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/NfsExportPolicyWorkload:NfsExportPolicyWorkload":{"properties":{"id":{"type":"string","description":"The workload unique identifier.\n"},"name":{"type":"string","description":"The workload name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/ObjectStoreAccountSpace:ObjectStoreAccountSpace":{"properties":{"dataReduction":{"type":"number","description":"Data reduction ratio.\n"},"snapshots":{"type":"integer","description":"Physical space used by snapshots in bytes.\n"},"snapshotsEffective":{"type":"integer","description":"Effective snapshot space used in bytes.\n"},"totalPhysical":{"type":"integer","description":"Total physical space used in bytes.\n"},"unique":{"type":"integer","description":"Unique physical space used in bytes.\n"},"virtual":{"type":"integer","description":"Virtual (logical) space used in bytes.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["dataReduction","snapshots","snapshotsEffective","totalPhysical","unique","virtual"]}}},"mica:index/ProviderAuth:ProviderAuth":{"properties":{"apiToken":{"type":"string","description":"API token for session-based authentication. Falls back to FLASHBLADE_API_TOKEN environment variable.\n","secret":true},"oauth2":{"$ref":"#/types/mica:index/ProviderAuthOauth2:ProviderAuthOauth2","description":"OAuth2 token-exchange authentication configuration.\n"}},"type":"object"},"mica:index/ProviderAuthOauth2:ProviderAuthOauth2":{"properties":{"clientId":{"type":"string","description":"OAuth2 client ID. Falls back to FLASHBLADE_OAUTH2_CLIENT_ID environment variable.\n","secret":true},"issuer":{"type":"string","description":"OAuth2 issuer. Falls back to FLASHBLADE_OAUTH2_ISSUER environment variable.\n"},"keyId":{"type":"string","description":"OAuth2 key ID. Falls back to FLASHBLADE_OAUTH2_KEY_ID environment variable.\n","secret":true}},"type":"object"},"mica:index/QosPolicyContext:QosPolicyContext":{"properties":{"id":{"type":"string","description":"The context unique identifier.\n"},"name":{"type":"string","description":"The context name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/SmbClientPolicyWorkload:SmbClientPolicyWorkload":{"properties":{"id":{"type":"string","description":"The workload unique identifier.\n"},"name":{"type":"string","description":"The workload name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/SmbSharePolicyWorkload:SmbSharePolicyWorkload":{"properties":{"id":{"type":"string","description":"The workload unique identifier.\n"},"name":{"type":"string","description":"The workload name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/WorkloadContext:WorkloadContext":{"properties":{"id":{"type":"string","description":"The context unique identifier.\n"},"name":{"type":"string","description":"The context name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/WorkloadParameter:WorkloadParameter":{"properties":{"name":{"type":"string","description":"The name of the preset parameter.\n"},"valueBool":{"type":"boolean","description":"Boolean value for this parameter.\n"},"valueInteger":{"type":"integer","description":"Integer value for this parameter.\n"},"valueResourceId":{"type":"string","description":"Resource reference ID for this parameter.\n"},"valueResourceName":{"type":"string","description":"Resource reference name for this parameter.\n"},"valueResourceType":{"type":"string","description":"Resource reference type for this parameter.\n"},"valueString":{"type":"string","description":"String value for this parameter.\n"}},"type":"object","required":["name"]},"mica:index/getArraySmtpAlertWatcher:getArraySmtpAlertWatcher":{"properties":{"email":{"type":"string","description":"Email address of the alert recipient.\n"},"enabled":{"type":"boolean","description":"If true, this watcher receives alert notifications.\n"},"minimumNotificationSeverity":{"type":"string","description":"Minimum alert severity that triggers a notification.\n"}},"type":"object","required":["email","enabled","minimumNotificationSeverity"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getBucketSpace:getBucketSpace":{"properties":{"dataReduction":{"type":"number","description":"Data reduction ratio.\n"},"snapshots":{"type":"integer","description":"Physical space used by snapshots in bytes.\n"},"snapshotsEffective":{"type":"integer","description":"Effective snapshot space used in bytes.\n"},"totalPhysical":{"type":"integer","description":"Total physical space used in bytes.\n"},"unique":{"type":"integer","description":"Unique physical space used in bytes.\n"},"virtual":{"type":"integer","description":"Virtual (logical) space used in bytes.\n"}},"type":"object","required":["dataReduction","snapshots","snapshotsEffective","totalPhysical","unique","virtual"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getDirectoryServiceManagementCaCertificate:getDirectoryServiceManagementCaCertificate":{"properties":{"name":{"type":"string","description":"Name of the referenced object. Null when the reference is not set.\n"}},"type":"object","required":["name"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getDirectoryServiceManagementCaCertificateGroup:getDirectoryServiceManagementCaCertificateGroup":{"properties":{"name":{"type":"string","description":"Name of the referenced object. Null when the reference is not set.\n"}},"type":"object","required":["name"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getDirectoryServiceRoleRole:getDirectoryServiceRoleRole":{"properties":{"name":{"type":"string"}},"type":"object","required":["name"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemDefaultQuotas:getFileSystemDefaultQuotas":{"properties":{"groupQuota":{"type":"integer","description":"Default quota per group in bytes.\n"},"userQuota":{"type":"integer","description":"Default quota per user in bytes.\n"}},"type":"object","required":["groupQuota","userQuota"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemHttp:getFileSystemHttp":{"properties":{"enabled":{"type":"boolean","description":"Whether HTTP is enabled on this file system.\n"}},"type":"object","required":["enabled"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemMultiProtocol:getFileSystemMultiProtocol":{"properties":{"accessControlStyle":{"type":"string","description":"Access control style for multi-protocol access.\n"},"safeguardAcls":{"type":"boolean","description":"Whether ACLs are safeguarded during multi-protocol access.\n"}},"type":"object","required":["accessControlStyle","safeguardAcls"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemNfs:getFileSystemNfs":{"properties":{"enabled":{"type":"boolean","description":"Whether NFS is enabled on this file system.\n"},"rules":{"type":"string","description":"NFS export rules string.\n"},"transport":{"type":"string","description":"NFS transport protocol.\n"},"v3Enabled":{"type":"boolean","description":"Whether NFSv3 is enabled.\n"},"v41Enabled":{"type":"boolean","description":"Whether NFSv4.1 is enabled.\n"}},"type":"object","required":["enabled","rules","transport","v3Enabled","v41Enabled"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemSmb:getFileSystemSmb":{"properties":{"accessBasedEnumerationEnabled":{"type":"boolean","description":"Whether access-based enumeration is enabled for SMB.\n"},"continuousAvailabilityEnabled":{"type":"boolean","description":"Whether continuous availability is enabled for SMB.\n"},"enabled":{"type":"boolean","description":"Whether SMB is enabled on this file system.\n"},"smbEncryptionEnabled":{"type":"boolean","description":"Whether SMB encryption is enabled.\n"}},"type":"object","required":["accessBasedEnumerationEnabled","continuousAvailabilityEnabled","enabled","smbEncryptionEnabled"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemSource:getFileSystemSource":{"properties":{"id":{"type":"string","description":"Source file system ID.\n"},"name":{"type":"string","description":"Source file system name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemSpace:getFileSystemSpace":{"properties":{"dataReduction":{"type":"number","description":"Data reduction ratio.\n"},"snapshots":{"type":"integer","description":"Physical space used by snapshots in bytes.\n"},"snapshotsEffective":{"type":"integer","description":"Effective snapshot space used in bytes.\n"},"totalPhysical":{"type":"integer","description":"Total physical space used in bytes.\n"},"unique":{"type":"integer","description":"Unique physical space used in bytes.\n"},"virtual":{"type":"integer","description":"Virtual (logical) space used in bytes.\n"}},"type":"object","required":["dataReduction","snapshots","snapshotsEffective","totalPhysical","unique","virtual"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getObjectStoreAccountSpace:getObjectStoreAccountSpace":{"properties":{"dataReduction":{"type":"number","description":"Data reduction ratio.\n"},"snapshots":{"type":"integer","description":"Physical space used by snapshots in bytes.\n"},"snapshotsEffective":{"type":"integer","description":"Effective snapshot space used in bytes.\n"},"totalPhysical":{"type":"integer","description":"Total physical space used in bytes.\n"},"unique":{"type":"integer","description":"Unique physical space used in bytes.\n"},"virtual":{"type":"integer","description":"Virtual (logical) space used in bytes.\n"}},"type":"object","required":["dataReduction","snapshots","snapshotsEffective","totalPhysical","unique","virtual"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getWorkloadContext:getWorkloadContext":{"properties":{"id":{"type":"string","description":"The context unique identifier.\n"},"name":{"type":"string","description":"The context name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}}},"provider":{"description":"The provider type for the mica package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n","properties":{"auth":{"$ref":"#/types/mica:index/ProviderAuth:ProviderAuth","description":"Authentication configuration for the FlashBlade array."},"caCert":{"type":"string","description":"Inline PEM-encoded CA certificate string used for TLS verification."},"caCertFile":{"type":"string","description":"Path to a PEM-encoded CA certificate file used for TLS verification."},"endpoint":{"type":"string","description":"FlashBlade management endpoint URL (e.g. https://flashblade.example.com). Falls back to FLASHBLADE_HOST environment variable."},"insecureSkipVerify":{"type":"boolean","description":"Disable TLS certificate verification. For testing and development only."},"maxRetries":{"type":"integer","description":"Maximum number of retry attempts for transient errors (429, 5xx). Default: 3."}},"inputProperties":{"auth":{"$ref":"#/types/mica:index/ProviderAuth:ProviderAuth","description":"Authentication configuration for the FlashBlade array."},"caCert":{"type":"string","description":"Inline PEM-encoded CA certificate string used for TLS verification."},"caCertFile":{"type":"string","description":"Path to a PEM-encoded CA certificate file used for TLS verification."},"endpoint":{"type":"string","description":"FlashBlade management endpoint URL (e.g. https://flashblade.example.com). Falls back to FLASHBLADE_HOST environment variable."},"insecureSkipVerify":{"type":"boolean","description":"Disable TLS certificate verification. For testing and development only."},"maxRetries":{"type":"integer","description":"Maximum number of retry attempts for transient errors (429, 5xx). Default: 3."}},"methods":{"terraformConfig":"pulumi:providers:mica/terraformConfig"}},"resources":{"mica:index/arrayConnection:ArrayConnection":{"properties":{"connectionKey":{"type":"string","description":"Connection key of the remote array. Required when creating a new connection. Write-only: not returned by GET. Changing this forces a new resource.","secret":true},"encrypted":{"type":"boolean","description":"Whether data is encrypted in transit."},"managementAddress":{"type":"string","description":"Management IP or hostname of the remote array. Required when creating a new connection, computed for imported/passive-side connections."},"os":{"type":"string","description":"Operating system of the remote array."},"remoteName":{"type":"string","description":"The name of the remote array. Used as the import identifier. Changing this forces a new resource."},"replicationAddresses":{"type":"array","items":{"type":"string"},"description":"Replication IP addresses or FQDNs."},"status":{"type":"string","description":"Connection status (connected, connecting, etc.)."},"throttle":{"$ref":"#/types/mica:index/ArrayConnectionThrottle:ArrayConnectionThrottle","description":"Bandwidth throttle configuration for the array connection."},"type":{"type":"string","description":"Connection type (async-replication, etc.)."},"version":{"type":"string","description":"Version of the remote array."}},"required":["encrypted","managementAddress","os","remoteName","replicationAddresses","status","throttle","type","version"],"inputProperties":{"connectionKey":{"type":"string","description":"Connection key of the remote array. Required when creating a new connection. Write-only: not returned by GET. Changing this forces a new resource.","secret":true},"encrypted":{"type":"boolean","description":"Whether data is encrypted in transit."},"managementAddress":{"type":"string","description":"Management IP or hostname of the remote array. Required when creating a new connection, computed for imported/passive-side connections."},"remoteName":{"type":"string","description":"The name of the remote array. Used as the import identifier. Changing this forces a new resource."},"replicationAddresses":{"type":"array","items":{"type":"string"},"description":"Replication IP addresses or FQDNs."},"throttle":{"$ref":"#/types/mica:index/ArrayConnectionThrottle:ArrayConnectionThrottle","description":"Bandwidth throttle configuration for the array connection."}},"requiredInputs":["remoteName"],"stateInputs":{"description":"Input properties used for looking up and filtering ArrayConnection resources.\n","properties":{"connectionKey":{"type":"string","description":"Connection key of the remote array. Required when creating a new connection. Write-only: not returned by GET. Changing this forces a new resource.","secret":true},"encrypted":{"type":"boolean","description":"Whether data is encrypted in transit."},"managementAddress":{"type":"string","description":"Management IP or hostname of the remote array. Required when creating a new connection, computed for imported/passive-side connections."},"os":{"type":"string","description":"Operating system of the remote array."},"remoteName":{"type":"string","description":"The name of the remote array. Used as the import identifier. Changing this forces a new resource."},"replicationAddresses":{"type":"array","items":{"type":"string"},"description":"Replication IP addresses or FQDNs."},"status":{"type":"string","description":"Connection status (connected, connecting, etc.)."},"throttle":{"$ref":"#/types/mica:index/ArrayConnectionThrottle:ArrayConnectionThrottle","description":"Bandwidth throttle configuration for the array connection."},"type":{"type":"string","description":"Connection type (async-replication, etc.)."},"version":{"type":"string","description":"Version of the remote array."}},"type":"object"}},"mica:index/arrayConnectionKey:ArrayConnectionKey":{"properties":{"connectionKey":{"type":"string","description":"The generated connection key. Used by the remote array to establish a connection.","secret":true},"created":{"type":"integer","description":"Unix timestamp (ms) when the key was created."},"expires":{"type":"integer","description":"Unix timestamp (ms) when the key expires."}},"required":["connectionKey","created","expires"],"stateInputs":{"description":"Input properties used for looking up and filtering ArrayConnectionKey resources.\n","properties":{"connectionKey":{"type":"string","description":"The generated connection key. Used by the remote array to establish a connection.","secret":true},"created":{"type":"integer","description":"Unix timestamp (ms) when the key was created."},"expires":{"type":"integer","description":"Unix timestamp (ms) when the key expires."}},"type":"object"}},"mica:index/arrayDns:ArrayDns":{"properties":{"domain":{"type":"string","description":"The domain suffix appended by the array to unqualified hostnames."},"name":{"type":"string","description":"The name of the DNS configuration. Changing this forces a new resource."},"nameservers":{"type":"array","items":{"type":"string"},"description":"List of DNS server IP addresses."},"services":{"type":"array","items":{"type":"string"},"description":"Services that use this DNS configuration."},"sources":{"type":"array","items":{"type":"string"},"description":"Network interfaces used for DNS traffic."}},"required":["domain","name","nameservers","services","sources"],"inputProperties":{"domain":{"type":"string","description":"The domain suffix appended by the array to unqualified hostnames."},"name":{"type":"string","description":"The name of the DNS configuration. Changing this forces a new resource."},"nameservers":{"type":"array","items":{"type":"string"},"description":"List of DNS server IP addresses."},"services":{"type":"array","items":{"type":"string"},"description":"Services that use this DNS configuration."},"sources":{"type":"array","items":{"type":"string"},"description":"Network interfaces used for DNS traffic."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering ArrayDns resources.\n","properties":{"domain":{"type":"string","description":"The domain suffix appended by the array to unqualified hostnames."},"name":{"type":"string","description":"The name of the DNS configuration. Changing this forces a new resource."},"nameservers":{"type":"array","items":{"type":"string"},"description":"List of DNS server IP addresses."},"services":{"type":"array","items":{"type":"string"},"description":"Services that use this DNS configuration."},"sources":{"type":"array","items":{"type":"string"},"description":"Network interfaces used for DNS traffic."}},"type":"object"}},"mica:index/arrayNtp:ArrayNtp":{"properties":{"ntpServers":{"type":"array","items":{"type":"string"},"description":"List of NTP server hostnames or IP addresses."}},"required":["ntpServers"],"inputProperties":{"ntpServers":{"type":"array","items":{"type":"string"},"description":"List of NTP server hostnames or IP addresses."}},"requiredInputs":["ntpServers"],"stateInputs":{"description":"Input properties used for looking up and filtering ArrayNtp resources.\n","properties":{"ntpServers":{"type":"array","items":{"type":"string"},"description":"List of NTP server hostnames or IP addresses."}},"type":"object"}},"mica:index/arraySmtp:ArraySmtp":{"properties":{"alertWatchers":{"type":"array","items":{"$ref":"#/types/mica:index/ArraySmtpAlertWatcher:ArraySmtpAlertWatcher"},"description":"Set of alert watcher email recipients."},"encryptionMode":{"type":"string","description":"SMTP encryption mode: 'none', 'tls', or 'starttls'."},"relayHost":{"type":"string","description":"Hostname or IP address of the SMTP relay server."},"senderDomain":{"type":"string","description":"Domain appended to the sender email address."}},"required":["alertWatchers","encryptionMode","relayHost","senderDomain"],"inputProperties":{"alertWatchers":{"type":"array","items":{"$ref":"#/types/mica:index/ArraySmtpAlertWatcher:ArraySmtpAlertWatcher"},"description":"Set of alert watcher email recipients."},"encryptionMode":{"type":"string","description":"SMTP encryption mode: 'none', 'tls', or 'starttls'."},"relayHost":{"type":"string","description":"Hostname or IP address of the SMTP relay server."},"senderDomain":{"type":"string","description":"Domain appended to the sender email address."}},"stateInputs":{"description":"Input properties used for looking up and filtering ArraySmtp resources.\n","properties":{"alertWatchers":{"type":"array","items":{"$ref":"#/types/mica:index/ArraySmtpAlertWatcher:ArraySmtpAlertWatcher"},"description":"Set of alert watcher email recipients."},"encryptionMode":{"type":"string","description":"SMTP encryption mode: 'none', 'tls', or 'starttls'."},"relayHost":{"type":"string","description":"Hostname or IP address of the SMTP relay server."},"senderDomain":{"type":"string","description":"Domain appended to the sender email address."}},"type":"object"}},"mica:index/auditObjectStorePolicy:AuditObjectStorePolicy":{"properties":{"enabled":{"type":"boolean","description":"Whether the audit object store policy is enabled."},"isLocal":{"type":"boolean","description":"Whether the policy is defined on the local array (read-only)."},"logTargets":{"type":"array","items":{"type":"string"},"description":"List of log target names to receive audit events from this policy."},"name":{"type":"string","description":"The name of the audit object store policy. Not renameable; changing forces replacement."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'audit'). Read-only, set by the array."}},"required":["enabled","isLocal","logTargets","name","policyType"],"inputProperties":{"enabled":{"type":"boolean","description":"Whether the audit object store policy is enabled."},"logTargets":{"type":"array","items":{"type":"string"},"description":"List of log target names to receive audit events from this policy."},"name":{"type":"string","description":"The name of the audit object store policy. Not renameable; changing forces replacement."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering AuditObjectStorePolicy resources.\n","properties":{"enabled":{"type":"boolean","description":"Whether the audit object store policy is enabled."},"isLocal":{"type":"boolean","description":"Whether the policy is defined on the local array (read-only)."},"logTargets":{"type":"array","items":{"type":"string"},"description":"List of log target names to receive audit events from this policy."},"name":{"type":"string","description":"The name of the audit object store policy. Not renameable; changing forces replacement."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'audit'). Read-only, set by the array."}},"type":"object"}},"mica:index/auditObjectStorePolicyMember:AuditObjectStorePolicyMember":{"properties":{"memberName":{"type":"string","description":"The name of the bucket to assign to the policy. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the audit object store policy. Changing this forces a new resource."}},"required":["memberName","policyName"],"inputProperties":{"memberName":{"type":"string","description":"The name of the bucket to assign to the policy. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the audit object store policy. Changing this forces a new resource."}},"requiredInputs":["memberName","policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering AuditObjectStorePolicyMember resources.\n","properties":{"memberName":{"type":"string","description":"The name of the bucket to assign to the policy. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the audit object store policy. Changing this forces a new resource."}},"type":"object"}},"mica:index/bucket:Bucket":{"properties":{"account":{"type":"string","description":"The name of the object store account that owns this bucket. Changing this forces a new resource."},"bucketType":{"type":"string","description":"The bucket type (e.g. 'multi-site-writable')."},"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the bucket was created."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true, Terraform will eradicate the bucket on destroy. When false (default), only soft-deletes. Buckets hold production data — eradication is opt-in."},"destroyed":{"type":"boolean","description":"Whether the bucket is soft-deleted."},"eradicationConfig":{"$ref":"#/types/mica:index/BucketEradicationConfig:BucketEradicationConfig","description":"Eradication configuration for the bucket."},"hardLimitEnabled":{"type":"boolean","description":"If true, the bucket's size cannot exceed the quota limit."},"name":{"type":"string","description":"The name of the bucket. Changing this forces a new resource (S3 clients hardcode bucket names)."},"objectCount":{"type":"integer","description":"The count of objects in the bucket."},"objectLockConfig":{"$ref":"#/types/mica:index/BucketObjectLockConfig:BucketObjectLockConfig","description":"S3 object lock configuration for the bucket."},"publicAccessConfig":{"$ref":"#/types/mica:index/BucketPublicAccessConfig:BucketPublicAccessConfig","description":"Public access configuration for the bucket."},"publicStatus":{"type":"string","description":"Bucket's public access status."},"quotaLimit":{"type":"integer","description":"The effective quota limit applied against the size of the bucket, in bytes."},"retentionLock":{"type":"string","description":"The retention lock mode for the bucket."},"space":{"$ref":"#/types/mica:index/BucketSpace:BucketSpace","description":"Storage space breakdown (read-only, API-managed)."},"timeRemaining":{"type":"integer","description":"Milliseconds remaining until auto-eradication of a soft-deleted bucket."},"versioning":{"type":"string","description":"The bucket versioning state ('none', 'enabled', or 'suspended')."}},"required":["account","bucketType","created","destroyEradicateOnDelete","destroyed","eradicationConfig","hardLimitEnabled","name","objectCount","objectLockConfig","publicAccessConfig","publicStatus","quotaLimit","retentionLock","space","timeRemaining","versioning"],"inputProperties":{"account":{"type":"string","description":"The name of the object store account that owns this bucket. Changing this forces a new resource."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true, Terraform will eradicate the bucket on destroy. When false (default), only soft-deletes. Buckets hold production data — eradication is opt-in."},"eradicationConfig":{"$ref":"#/types/mica:index/BucketEradicationConfig:BucketEradicationConfig","description":"Eradication configuration for the bucket."},"hardLimitEnabled":{"type":"boolean","description":"If true, the bucket's size cannot exceed the quota limit."},"name":{"type":"string","description":"The name of the bucket. Changing this forces a new resource (S3 clients hardcode bucket names)."},"objectLockConfig":{"$ref":"#/types/mica:index/BucketObjectLockConfig:BucketObjectLockConfig","description":"S3 object lock configuration for the bucket."},"publicAccessConfig":{"$ref":"#/types/mica:index/BucketPublicAccessConfig:BucketPublicAccessConfig","description":"Public access configuration for the bucket."},"quotaLimit":{"type":"integer","description":"The effective quota limit applied against the size of the bucket, in bytes."},"retentionLock":{"type":"string","description":"The retention lock mode for the bucket."},"versioning":{"type":"string","description":"The bucket versioning state ('none', 'enabled', or 'suspended')."}},"requiredInputs":["account","name"],"stateInputs":{"description":"Input properties used for looking up and filtering Bucket resources.\n","properties":{"account":{"type":"string","description":"The name of the object store account that owns this bucket. Changing this forces a new resource."},"bucketType":{"type":"string","description":"The bucket type (e.g. 'multi-site-writable')."},"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the bucket was created."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true, Terraform will eradicate the bucket on destroy. When false (default), only soft-deletes. Buckets hold production data — eradication is opt-in."},"destroyed":{"type":"boolean","description":"Whether the bucket is soft-deleted."},"eradicationConfig":{"$ref":"#/types/mica:index/BucketEradicationConfig:BucketEradicationConfig","description":"Eradication configuration for the bucket."},"hardLimitEnabled":{"type":"boolean","description":"If true, the bucket's size cannot exceed the quota limit."},"name":{"type":"string","description":"The name of the bucket. Changing this forces a new resource (S3 clients hardcode bucket names)."},"objectCount":{"type":"integer","description":"The count of objects in the bucket."},"objectLockConfig":{"$ref":"#/types/mica:index/BucketObjectLockConfig:BucketObjectLockConfig","description":"S3 object lock configuration for the bucket."},"publicAccessConfig":{"$ref":"#/types/mica:index/BucketPublicAccessConfig:BucketPublicAccessConfig","description":"Public access configuration for the bucket."},"publicStatus":{"type":"string","description":"Bucket's public access status."},"quotaLimit":{"type":"integer","description":"The effective quota limit applied against the size of the bucket, in bytes."},"retentionLock":{"type":"string","description":"The retention lock mode for the bucket."},"space":{"$ref":"#/types/mica:index/BucketSpace:BucketSpace","description":"Storage space breakdown (read-only, API-managed)."},"timeRemaining":{"type":"integer","description":"Milliseconds remaining until auto-eradication of a soft-deleted bucket."},"versioning":{"type":"string","description":"The bucket versioning state ('none', 'enabled', or 'suspended')."}},"type":"object"}},"mica:index/bucketAccessPolicy:BucketAccessPolicy":{"properties":{"bucketName":{"type":"string","description":"The name of the bucket this policy belongs to. Changing this forces a new resource."},"enabled":{"type":"boolean","description":"Whether the bucket access policy is enabled. Read-only, managed by the array."}},"required":["bucketName","enabled"],"inputProperties":{"bucketName":{"type":"string","description":"The name of the bucket this policy belongs to. Changing this forces a new resource."}},"requiredInputs":["bucketName"],"stateInputs":{"description":"Input properties used for looking up and filtering BucketAccessPolicy resources.\n","properties":{"bucketName":{"type":"string","description":"The name of the bucket this policy belongs to. Changing this forces a new resource."},"enabled":{"type":"boolean","description":"Whether the bucket access policy is enabled. Read-only, managed by the array."}},"type":"object"}},"mica:index/bucketAccessPolicyRule:BucketAccessPolicyRule":{"properties":{"actions":{"type":"array","items":{"type":"string"},"description":"List of S3 actions this rule applies to (e.g. s3:GetObject)."},"bucketName":{"type":"string","description":"The name of the bucket this rule belongs to. Changing this forces a new resource."},"effect":{"type":"string","description":"The effect of the rule. Always 'allow' — set by the API."},"name":{"type":"string","description":"The rule name. When provided, the rule is created with this name. When omitted, the API assigns one automatically."},"principals":{"type":"array","items":{"type":"string"},"description":"List of principals this rule applies to (mapped to principals.all in the API). Note: the accepted format depends on the FlashBlade firmware version — consult your array documentation for valid principal values."},"resources":{"type":"array","items":{"type":"string"},"description":"List of S3 resource ARNs this rule applies to."}},"required":["actions","bucketName","effect","name","principals","resources"],"inputProperties":{"actions":{"type":"array","items":{"type":"string"},"description":"List of S3 actions this rule applies to (e.g. s3:GetObject)."},"bucketName":{"type":"string","description":"The name of the bucket this rule belongs to. Changing this forces a new resource."},"name":{"type":"string","description":"The rule name. When provided, the rule is created with this name. When omitted, the API assigns one automatically."},"principals":{"type":"array","items":{"type":"string"},"description":"List of principals this rule applies to (mapped to principals.all in the API). Note: the accepted format depends on the FlashBlade firmware version — consult your array documentation for valid principal values."},"resources":{"type":"array","items":{"type":"string"},"description":"List of S3 resource ARNs this rule applies to."}},"requiredInputs":["actions","bucketName","principals","resources"],"stateInputs":{"description":"Input properties used for looking up and filtering BucketAccessPolicyRule resources.\n","properties":{"actions":{"type":"array","items":{"type":"string"},"description":"List of S3 actions this rule applies to (e.g. s3:GetObject)."},"bucketName":{"type":"string","description":"The name of the bucket this rule belongs to. Changing this forces a new resource."},"effect":{"type":"string","description":"The effect of the rule. Always 'allow' — set by the API."},"name":{"type":"string","description":"The rule name. When provided, the rule is created with this name. When omitted, the API assigns one automatically."},"principals":{"type":"array","items":{"type":"string"},"description":"List of principals this rule applies to (mapped to principals.all in the API). Note: the accepted format depends on the FlashBlade firmware version — consult your array documentation for valid principal values."},"resources":{"type":"array","items":{"type":"string"},"description":"List of S3 resource ARNs this rule applies to."}},"type":"object"}},"mica:index/bucketAuditFilter:BucketAuditFilter":{"properties":{"actions":{"type":"array","items":{"type":"string"},"description":"Set of S3 actions to audit (e.g. s3:GetObject, s3:PutObject). Order-independent."},"bucketName":{"type":"string","description":"The name of the bucket this audit filter belongs to. Changing this forces a new resource."},"name":{"type":"string","description":"The name of the audit filter (1-63 alphanumeric characters, must start/end with letter or number)."},"s3Prefixes":{"type":"array","items":{"type":"string"},"description":"Set of S3 object key prefixes to filter audit events. Defaults to empty set (all prefixes)."}},"required":["actions","bucketName","name","s3Prefixes"],"inputProperties":{"actions":{"type":"array","items":{"type":"string"},"description":"Set of S3 actions to audit (e.g. s3:GetObject, s3:PutObject). Order-independent."},"bucketName":{"type":"string","description":"The name of the bucket this audit filter belongs to. Changing this forces a new resource."},"name":{"type":"string","description":"The name of the audit filter (1-63 alphanumeric characters, must start/end with letter or number)."},"s3Prefixes":{"type":"array","items":{"type":"string"},"description":"Set of S3 object key prefixes to filter audit events. Defaults to empty set (all prefixes)."}},"requiredInputs":["actions","bucketName","name"],"stateInputs":{"description":"Input properties used for looking up and filtering BucketAuditFilter resources.\n","properties":{"actions":{"type":"array","items":{"type":"string"},"description":"Set of S3 actions to audit (e.g. s3:GetObject, s3:PutObject). Order-independent."},"bucketName":{"type":"string","description":"The name of the bucket this audit filter belongs to. Changing this forces a new resource."},"name":{"type":"string","description":"The name of the audit filter (1-63 alphanumeric characters, must start/end with letter or number)."},"s3Prefixes":{"type":"array","items":{"type":"string"},"description":"Set of S3 object key prefixes to filter audit events. Defaults to empty set (all prefixes)."}},"type":"object"}},"mica:index/bucketReplicaLink:BucketReplicaLink":{"properties":{"cascadingEnabled":{"type":"boolean","description":"Whether cascading replication is enabled. Immutable after creation. Defaults to false."},"direction":{"type":"string","description":"The replication direction (e.g. 'outbound')."},"localBucketName":{"type":"string","description":"The name of the local bucket. Changing this forces a new resource."},"paused":{"type":"boolean","description":"Whether the replica link is paused. Defaults to false."},"remoteBucketName":{"type":"string","description":"The name of the remote bucket. Changing this forces a new resource."},"remoteCredentialsName":{"type":"string","description":"The name of the remote credentials (for S3 replication targets). Omit for FlashBlade-to-FlashBlade replication."},"remoteName":{"type":"string","description":"The name of the remote array connection."},"status":{"type":"string","description":"The replication status (e.g. 'replicating')."},"statusDetails":{"type":"string","description":"Additional status details."}},"required":["cascadingEnabled","direction","localBucketName","paused","remoteBucketName","remoteName","status","statusDetails"],"inputProperties":{"cascadingEnabled":{"type":"boolean","description":"Whether cascading replication is enabled. Immutable after creation. Defaults to false."},"localBucketName":{"type":"string","description":"The name of the local bucket. Changing this forces a new resource."},"paused":{"type":"boolean","description":"Whether the replica link is paused. Defaults to false."},"remoteBucketName":{"type":"string","description":"The name of the remote bucket. Changing this forces a new resource."},"remoteCredentialsName":{"type":"string","description":"The name of the remote credentials (for S3 replication targets). Omit for FlashBlade-to-FlashBlade replication."}},"requiredInputs":["localBucketName","remoteBucketName"],"stateInputs":{"description":"Input properties used for looking up and filtering BucketReplicaLink resources.\n","properties":{"cascadingEnabled":{"type":"boolean","description":"Whether cascading replication is enabled. Immutable after creation. Defaults to false."},"direction":{"type":"string","description":"The replication direction (e.g. 'outbound')."},"localBucketName":{"type":"string","description":"The name of the local bucket. Changing this forces a new resource."},"paused":{"type":"boolean","description":"Whether the replica link is paused. Defaults to false."},"remoteBucketName":{"type":"string","description":"The name of the remote bucket. Changing this forces a new resource."},"remoteCredentialsName":{"type":"string","description":"The name of the remote credentials (for S3 replication targets). Omit for FlashBlade-to-FlashBlade replication."},"remoteName":{"type":"string","description":"The name of the remote array connection."},"status":{"type":"string","description":"The replication status (e.g. 'replicating')."},"statusDetails":{"type":"string","description":"Additional status details."}},"type":"object"}},"mica:index/certificate:Certificate":{"properties":{"certificate":{"type":"string","description":"The PEM-encoded X.509 certificate body."},"certificateType":{"type":"string","description":"The certificate type. Valid values: 'array' (FlashBlade identity, requires private_key) or 'external' (trusted external server such as AD). When unset, the provider infers 'array' if privateKey is provided; otherwise the API defaults to 'external'. Immutable after creation."},"commonName":{"type":"string","description":"The common name (CN) extracted from the certificate."},"country":{"type":"string","description":"The country (C) field extracted from the certificate."},"email":{"type":"string","description":"The email address extracted from the certificate."},"intermediateCertificate":{"type":"string","description":"The PEM-encoded intermediate certificate chain."},"issuedBy":{"type":"string","description":"The issuer of the certificate. Changes when the certificate is renewed."},"issuedTo":{"type":"string","description":"The subject of the certificate. Changes when the certificate is renewed."},"keyAlgorithm":{"type":"string","description":"The key algorithm (e.g. RSA, EC). Changes when the certificate is renewed."},"keySize":{"type":"integer","description":"The key size in bits. Changes when the certificate is renewed."},"locality":{"type":"string","description":"The locality (L) field extracted from the certificate."},"name":{"type":"string","description":"The name of the certificate. Changing this forces a new resource."},"organization":{"type":"string","description":"The organization (O) field extracted from the certificate."},"organizationalUnit":{"type":"string","description":"The organizational unit (OU) field extracted from the certificate."},"passphrase":{"type":"string","description":"The passphrase protecting the private key. Not returned by the API after creation.","secret":true},"privateKey":{"type":"string","description":"The PEM-encoded private key. Not returned by the API after creation.","secret":true},"state":{"type":"string","description":"The state/province (ST) field extracted from the certificate."},"status":{"type":"string","description":"The certificate status (e.g. imported, self-signed). Changes when the certificate is renewed."},"subjectAlternativeNames":{"type":"array","items":{"type":"string"},"description":"The subject alternative names (SANs) extracted from the certificate."},"validFrom":{"type":"integer","description":"The Unix timestamp (milliseconds) from which the certificate is valid. Changes when renewed."},"validTo":{"type":"integer","description":"The Unix timestamp (milliseconds) until which the certificate is valid. Changes when renewed."}},"required":["certificate","certificateType","commonName","country","email","issuedBy","issuedTo","keyAlgorithm","keySize","locality","name","organization","organizationalUnit","state","status","subjectAlternativeNames","validFrom","validTo"],"inputProperties":{"certificate":{"type":"string","description":"The PEM-encoded X.509 certificate body."},"certificateType":{"type":"string","description":"The certificate type. Valid values: 'array' (FlashBlade identity, requires private_key) or 'external' (trusted external server such as AD). When unset, the provider infers 'array' if privateKey is provided; otherwise the API defaults to 'external'. Immutable after creation."},"intermediateCertificate":{"type":"string","description":"The PEM-encoded intermediate certificate chain."},"name":{"type":"string","description":"The name of the certificate. Changing this forces a new resource."},"passphrase":{"type":"string","description":"The passphrase protecting the private key. Not returned by the API after creation.","secret":true},"privateKey":{"type":"string","description":"The PEM-encoded private key. Not returned by the API after creation.","secret":true}},"requiredInputs":["certificate","name"],"stateInputs":{"description":"Input properties used for looking up and filtering Certificate resources.\n","properties":{"certificate":{"type":"string","description":"The PEM-encoded X.509 certificate body."},"certificateType":{"type":"string","description":"The certificate type. Valid values: 'array' (FlashBlade identity, requires private_key) or 'external' (trusted external server such as AD). When unset, the provider infers 'array' if privateKey is provided; otherwise the API defaults to 'external'. Immutable after creation."},"commonName":{"type":"string","description":"The common name (CN) extracted from the certificate."},"country":{"type":"string","description":"The country (C) field extracted from the certificate."},"email":{"type":"string","description":"The email address extracted from the certificate."},"intermediateCertificate":{"type":"string","description":"The PEM-encoded intermediate certificate chain."},"issuedBy":{"type":"string","description":"The issuer of the certificate. Changes when the certificate is renewed."},"issuedTo":{"type":"string","description":"The subject of the certificate. Changes when the certificate is renewed."},"keyAlgorithm":{"type":"string","description":"The key algorithm (e.g. RSA, EC). Changes when the certificate is renewed."},"keySize":{"type":"integer","description":"The key size in bits. Changes when the certificate is renewed."},"locality":{"type":"string","description":"The locality (L) field extracted from the certificate."},"name":{"type":"string","description":"The name of the certificate. Changing this forces a new resource."},"organization":{"type":"string","description":"The organization (O) field extracted from the certificate."},"organizationalUnit":{"type":"string","description":"The organizational unit (OU) field extracted from the certificate."},"passphrase":{"type":"string","description":"The passphrase protecting the private key. Not returned by the API after creation.","secret":true},"privateKey":{"type":"string","description":"The PEM-encoded private key. Not returned by the API after creation.","secret":true},"state":{"type":"string","description":"The state/province (ST) field extracted from the certificate."},"status":{"type":"string","description":"The certificate status (e.g. imported, self-signed). Changes when the certificate is renewed."},"subjectAlternativeNames":{"type":"array","items":{"type":"string"},"description":"The subject alternative names (SANs) extracted from the certificate."},"validFrom":{"type":"integer","description":"The Unix timestamp (milliseconds) from which the certificate is valid. Changes when renewed."},"validTo":{"type":"integer","description":"The Unix timestamp (milliseconds) until which the certificate is valid. Changes when renewed."}},"type":"object"}},"mica:index/certificateGroup:CertificateGroup":{"properties":{"name":{"type":"string","description":"The name of the certificate group. Changing this forces a new resource."},"realms":{"type":"array","items":{"type":"string"},"description":"The list of realms associated with this certificate group. Set by the array."}},"required":["name","realms"],"inputProperties":{"name":{"type":"string","description":"The name of the certificate group. Changing this forces a new resource."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering CertificateGroup resources.\n","properties":{"name":{"type":"string","description":"The name of the certificate group. Changing this forces a new resource."},"realms":{"type":"array","items":{"type":"string"},"description":"The list of realms associated with this certificate group. Set by the array."}},"type":"object"}},"mica:index/certificateGroupMember:CertificateGroupMember":{"properties":{"certificateName":{"type":"string","description":"The name of the certificate to add to the group. Changing this forces a new resource."},"groupName":{"type":"string","description":"The name of the certificate group. Changing this forces a new resource."}},"required":["certificateName","groupName"],"inputProperties":{"certificateName":{"type":"string","description":"The name of the certificate to add to the group. Changing this forces a new resource."},"groupName":{"type":"string","description":"The name of the certificate group. Changing this forces a new resource."}},"requiredInputs":["certificateName","groupName"],"stateInputs":{"description":"Input properties used for looking up and filtering CertificateGroupMember resources.\n","properties":{"certificateName":{"type":"string","description":"The name of the certificate to add to the group. Changing this forces a new resource."},"groupName":{"type":"string","description":"The name of the certificate group. Changing this forces a new resource."}},"type":"object"}},"mica:index/directoryServiceManagement:DirectoryServiceManagement":{"properties":{"baseDn":{"type":"string","description":"Base Distinguished Name (DN) used when searching the directory."},"bindPassword":{"type":"string","description":"Password used to bind to the directory. Write-only — never returned by the API.","secret":true},"bindUser":{"type":"string","description":"Distinguished Name (DN) of the user used to bind to the directory."},"caCertificate":{"type":"string","description":"Name of a CA certificate used to validate the LDAPS server certificate. Clear by omitting the attribute."},"caCertificateGroup":{"type":"string","description":"Name of a CA certificate group used to validate the LDAPS server certificate. Clear by omitting the attribute."},"enabled":{"type":"boolean","description":"If true, the management directory service authenticates FlashBlade admin logins against LDAP."},"services":{"type":"array","items":{"type":"string"},"description":"Services that use this directory service configuration. Read-only. No plan modifier — drift is visible."},"sshPublicKeyAttribute":{"type":"string","description":"LDAP attribute that holds the user's SSH public key (e.g. sshPublicKey)."},"uris":{"type":"array","items":{"type":"string"},"description":"List of LDAP server URIs. Each entry must start with ldap:// or ldaps://."},"userLoginAttribute":{"type":"string","description":"LDAP attribute that holds the user's login name. API default: sAMAccountName for AD, uid otherwise."},"userObjectClass":{"type":"string","description":"LDAP object class for management users. API default: User (AD), posixAccount/shadowAccount (OpenLDAP), person (other)."}},"required":["baseDn","bindPassword","bindUser","caCertificate","caCertificateGroup","enabled","services","sshPublicKeyAttribute","uris","userLoginAttribute","userObjectClass"],"inputProperties":{"baseDn":{"type":"string","description":"Base Distinguished Name (DN) used when searching the directory."},"bindPassword":{"type":"string","description":"Password used to bind to the directory. Write-only — never returned by the API.","secret":true},"bindUser":{"type":"string","description":"Distinguished Name (DN) of the user used to bind to the directory."},"caCertificate":{"type":"string","description":"Name of a CA certificate used to validate the LDAPS server certificate. Clear by omitting the attribute."},"caCertificateGroup":{"type":"string","description":"Name of a CA certificate group used to validate the LDAPS server certificate. Clear by omitting the attribute."},"enabled":{"type":"boolean","description":"If true, the management directory service authenticates FlashBlade admin logins against LDAP."},"sshPublicKeyAttribute":{"type":"string","description":"LDAP attribute that holds the user's SSH public key (e.g. sshPublicKey)."},"uris":{"type":"array","items":{"type":"string"},"description":"List of LDAP server URIs. Each entry must start with ldap:// or ldaps://."},"userLoginAttribute":{"type":"string","description":"LDAP attribute that holds the user's login name. API default: sAMAccountName for AD, uid otherwise."},"userObjectClass":{"type":"string","description":"LDAP object class for management users. API default: User (AD), posixAccount/shadowAccount (OpenLDAP), person (other)."}},"stateInputs":{"description":"Input properties used for looking up and filtering DirectoryServiceManagement resources.\n","properties":{"baseDn":{"type":"string","description":"Base Distinguished Name (DN) used when searching the directory."},"bindPassword":{"type":"string","description":"Password used to bind to the directory. Write-only — never returned by the API.","secret":true},"bindUser":{"type":"string","description":"Distinguished Name (DN) of the user used to bind to the directory."},"caCertificate":{"type":"string","description":"Name of a CA certificate used to validate the LDAPS server certificate. Clear by omitting the attribute."},"caCertificateGroup":{"type":"string","description":"Name of a CA certificate group used to validate the LDAPS server certificate. Clear by omitting the attribute."},"enabled":{"type":"boolean","description":"If true, the management directory service authenticates FlashBlade admin logins against LDAP."},"services":{"type":"array","items":{"type":"string"},"description":"Services that use this directory service configuration. Read-only. No plan modifier — drift is visible."},"sshPublicKeyAttribute":{"type":"string","description":"LDAP attribute that holds the user's SSH public key (e.g. sshPublicKey)."},"uris":{"type":"array","items":{"type":"string"},"description":"List of LDAP server URIs. Each entry must start with ldap:// or ldaps://."},"userLoginAttribute":{"type":"string","description":"LDAP attribute that holds the user's login name. API default: sAMAccountName for AD, uid otherwise."},"userObjectClass":{"type":"string","description":"LDAP object class for management users. API default: User (AD), posixAccount/shadowAccount (OpenLDAP), person (other)."}},"type":"object"}},"mica:index/directoryServiceRole:DirectoryServiceRole":{"properties":{"group":{"type":"string","description":"CN of the LDAP group whose members receive the role. Mutable via PATCH."},"groupBase":{"type":"string","description":"DN search base where the LDAP group is located. Mutable via PATCH."},"managementAccessPolicies":{"type":"array","items":{"type":"string"},"description":"List of management access policy names (e.g. pure:policy/array_admin). Writable on POST only — changing this forces a new resource."},"name":{"type":"string","description":"Unique name for the directory service role. Required on create. Changing this forces a new resource."},"role":{"$ref":"#/types/mica:index/DirectoryServiceRoleRole:DirectoryServiceRoleRole","description":"Deprecated legacy backfill. Populated by the API when the role maps to exactly one legacy-named policy; otherwise null."}},"required":["group","groupBase","managementAccessPolicies","name","role"],"inputProperties":{"group":{"type":"string","description":"CN of the LDAP group whose members receive the role. Mutable via PATCH."},"groupBase":{"type":"string","description":"DN search base where the LDAP group is located. Mutable via PATCH."},"managementAccessPolicies":{"type":"array","items":{"type":"string"},"description":"List of management access policy names (e.g. pure:policy/array_admin). Writable on POST only — changing this forces a new resource."},"name":{"type":"string","description":"Unique name for the directory service role. Required on create. Changing this forces a new resource."}},"requiredInputs":["group","groupBase","managementAccessPolicies","name"],"stateInputs":{"description":"Input properties used for looking up and filtering DirectoryServiceRole resources.\n","properties":{"group":{"type":"string","description":"CN of the LDAP group whose members receive the role. Mutable via PATCH."},"groupBase":{"type":"string","description":"DN search base where the LDAP group is located. Mutable via PATCH."},"managementAccessPolicies":{"type":"array","items":{"type":"string"},"description":"List of management access policy names (e.g. pure:policy/array_admin). Writable on POST only — changing this forces a new resource."},"name":{"type":"string","description":"Unique name for the directory service role. Required on create. Changing this forces a new resource."},"role":{"$ref":"#/types/mica:index/DirectoryServiceRoleRole:DirectoryServiceRoleRole","description":"Deprecated legacy backfill. Populated by the API when the role maps to exactly one legacy-named policy; otherwise null."}},"type":"object"}},"mica:index/fileSystem:FileSystem":{"properties":{"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the file system was created."},"defaultQuotas":{"$ref":"#/types/mica:index/FileSystemDefaultQuotas:FileSystemDefaultQuotas","description":"Default quota settings."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true (default), Terraform will eradicate the file system on destroy. When false, only soft-deletes."},"destroyed":{"type":"boolean","description":"Whether the file system is soft-deleted."},"http":{"$ref":"#/types/mica:index/FileSystemHttp:FileSystemHttp","description":"HTTP protocol configuration (read-only, API-managed)."},"multiProtocol":{"$ref":"#/types/mica:index/FileSystemMultiProtocol:FileSystemMultiProtocol","description":"Multi-protocol access configuration."},"name":{"type":"string","description":"The name of the file system. Supports in-place rename."},"nfs":{"$ref":"#/types/mica:index/FileSystemNfs:FileSystemNfs","description":"NFS protocol configuration."},"promotionStatus":{"type":"string","description":"Replication promotion status of the file system."},"provisioned":{"type":"integer","description":"Provisioned size of the file system in bytes."},"smb":{"$ref":"#/types/mica:index/FileSystemSmb:FileSystemSmb","description":"SMB protocol configuration."},"source":{"$ref":"#/types/mica:index/FileSystemSource:FileSystemSource","description":"Source file system reference (for clones/replicas, read-only)."},"space":{"$ref":"#/types/mica:index/FileSystemSpace:FileSystemSpace","description":"Storage space breakdown (read-only, API-managed)."},"timeRemaining":{"type":"integer","description":"Milliseconds remaining until auto-eradication of a soft-deleted file system."},"workload":{"$ref":"#/types/mica:index/FileSystemWorkload:FileSystemWorkload","description":"Workload reference for this file system. Set to attach to an existing workload; clear (set id and name to empty string) to detach."},"writable":{"type":"boolean","description":"Whether the file system is writable."}},"required":["created","defaultQuotas","destroyEradicateOnDelete","destroyed","http","multiProtocol","name","nfs","promotionStatus","provisioned","smb","source","space","timeRemaining","workload","writable"],"inputProperties":{"defaultQuotas":{"$ref":"#/types/mica:index/FileSystemDefaultQuotas:FileSystemDefaultQuotas","description":"Default quota settings."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true (default), Terraform will eradicate the file system on destroy. When false, only soft-deletes."},"multiProtocol":{"$ref":"#/types/mica:index/FileSystemMultiProtocol:FileSystemMultiProtocol","description":"Multi-protocol access configuration."},"name":{"type":"string","description":"The name of the file system. Supports in-place rename."},"nfs":{"$ref":"#/types/mica:index/FileSystemNfs:FileSystemNfs","description":"NFS protocol configuration."},"provisioned":{"type":"integer","description":"Provisioned size of the file system in bytes."},"smb":{"$ref":"#/types/mica:index/FileSystemSmb:FileSystemSmb","description":"SMB protocol configuration."},"workload":{"$ref":"#/types/mica:index/FileSystemWorkload:FileSystemWorkload","description":"Workload reference for this file system. Set to attach to an existing workload; clear (set id and name to empty string) to detach."}},"requiredInputs":["name","provisioned"],"stateInputs":{"description":"Input properties used for looking up and filtering FileSystem resources.\n","properties":{"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the file system was created."},"defaultQuotas":{"$ref":"#/types/mica:index/FileSystemDefaultQuotas:FileSystemDefaultQuotas","description":"Default quota settings."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true (default), Terraform will eradicate the file system on destroy. When false, only soft-deletes."},"destroyed":{"type":"boolean","description":"Whether the file system is soft-deleted."},"http":{"$ref":"#/types/mica:index/FileSystemHttp:FileSystemHttp","description":"HTTP protocol configuration (read-only, API-managed)."},"multiProtocol":{"$ref":"#/types/mica:index/FileSystemMultiProtocol:FileSystemMultiProtocol","description":"Multi-protocol access configuration."},"name":{"type":"string","description":"The name of the file system. Supports in-place rename."},"nfs":{"$ref":"#/types/mica:index/FileSystemNfs:FileSystemNfs","description":"NFS protocol configuration."},"promotionStatus":{"type":"string","description":"Replication promotion status of the file system."},"provisioned":{"type":"integer","description":"Provisioned size of the file system in bytes."},"smb":{"$ref":"#/types/mica:index/FileSystemSmb:FileSystemSmb","description":"SMB protocol configuration."},"source":{"$ref":"#/types/mica:index/FileSystemSource:FileSystemSource","description":"Source file system reference (for clones/replicas, read-only)."},"space":{"$ref":"#/types/mica:index/FileSystemSpace:FileSystemSpace","description":"Storage space breakdown (read-only, API-managed)."},"timeRemaining":{"type":"integer","description":"Milliseconds remaining until auto-eradication of a soft-deleted file system."},"workload":{"$ref":"#/types/mica:index/FileSystemWorkload:FileSystemWorkload","description":"Workload reference for this file system. Set to attach to an existing workload; clear (set id and name to empty string) to detach."},"writable":{"type":"boolean","description":"Whether the file system is writable."}},"type":"object"}},"mica:index/fileSystemExport:FileSystemExport":{"properties":{"enabled":{"type":"boolean","description":"Whether the export is enabled."},"exportName":{"type":"string","description":"The export name part. Defaults to the file system name if not set."},"fileSystemName":{"type":"string","description":"The name of the file system to export. Changing this forces a new resource."},"name":{"type":"string","description":"The combined name of the export (e.g. 'filesystem/export_name')."},"policyName":{"type":"string","description":"The name of the NFS export policy to apply to the export."},"policyType":{"type":"string","description":"The policy type ('nfs' or 'smb')."},"serverName":{"type":"string","description":"The name of the server to export to. Changing this forces a new resource."},"sharePolicyName":{"type":"string","description":"The name of the SMB share policy to apply to the export."},"status":{"type":"string","description":"The status of the export."},"workload":{"$ref":"#/types/mica:index/FileSystemExportWorkload:FileSystemExportWorkload","description":"The workload that owns this export (read-only, API-managed). Populated by the API when the export is associated with a workload."}},"required":["enabled","exportName","fileSystemName","name","policyName","policyType","serverName","sharePolicyName","status","workload"],"inputProperties":{"exportName":{"type":"string","description":"The export name part. Defaults to the file system name if not set."},"fileSystemName":{"type":"string","description":"The name of the file system to export. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the NFS export policy to apply to the export."},"serverName":{"type":"string","description":"The name of the server to export to. Changing this forces a new resource."},"sharePolicyName":{"type":"string","description":"The name of the SMB share policy to apply to the export."}},"requiredInputs":["fileSystemName","policyName","serverName"],"stateInputs":{"description":"Input properties used for looking up and filtering FileSystemExport resources.\n","properties":{"enabled":{"type":"boolean","description":"Whether the export is enabled."},"exportName":{"type":"string","description":"The export name part. Defaults to the file system name if not set."},"fileSystemName":{"type":"string","description":"The name of the file system to export. Changing this forces a new resource."},"name":{"type":"string","description":"The combined name of the export (e.g. 'filesystem/export_name')."},"policyName":{"type":"string","description":"The name of the NFS export policy to apply to the export."},"policyType":{"type":"string","description":"The policy type ('nfs' or 'smb')."},"serverName":{"type":"string","description":"The name of the server to export to. Changing this forces a new resource."},"sharePolicyName":{"type":"string","description":"The name of the SMB share policy to apply to the export."},"status":{"type":"string","description":"The status of the export."},"workload":{"$ref":"#/types/mica:index/FileSystemExportWorkload:FileSystemExportWorkload","description":"The workload that owns this export (read-only, API-managed). Populated by the API when the export is associated with a workload."}},"type":"object"}},"mica:index/lifecycleRule:LifecycleRule":{"properties":{"abortIncompleteMultipartUploadsAfter":{"type":"integer","description":"Duration in milliseconds after which incomplete multipart uploads are aborted."},"bucketName":{"type":"string","description":"The name of the bucket this rule belongs to. Changing this forces a new resource."},"cleanupExpiredObjectDeleteMarker":{"type":"boolean","description":"Whether expired object delete markers are cleaned up. Read-only, managed by the array."},"enabled":{"type":"boolean","description":"Whether the lifecycle rule is enabled. Defaults to true."},"keepCurrentVersionFor":{"type":"integer","description":"Duration in milliseconds to keep current object versions before expiration."},"keepCurrentVersionUntil":{"type":"integer","description":"Timestamp in milliseconds until which current object versions are kept."},"keepPreviousVersionFor":{"type":"integer","description":"Duration in milliseconds to keep previous object versions before expiration."},"prefix":{"type":"string","description":"Object key prefix filter for the rule. Defaults to empty string (all objects)."},"ruleId":{"type":"string","description":"The rule identifier within the bucket. Changing this forces a new resource."}},"required":["bucketName","cleanupExpiredObjectDeleteMarker","enabled","prefix","ruleId"],"inputProperties":{"abortIncompleteMultipartUploadsAfter":{"type":"integer","description":"Duration in milliseconds after which incomplete multipart uploads are aborted."},"bucketName":{"type":"string","description":"The name of the bucket this rule belongs to. Changing this forces a new resource."},"enabled":{"type":"boolean","description":"Whether the lifecycle rule is enabled. Defaults to true."},"keepCurrentVersionFor":{"type":"integer","description":"Duration in milliseconds to keep current object versions before expiration."},"keepCurrentVersionUntil":{"type":"integer","description":"Timestamp in milliseconds until which current object versions are kept."},"keepPreviousVersionFor":{"type":"integer","description":"Duration in milliseconds to keep previous object versions before expiration."},"prefix":{"type":"string","description":"Object key prefix filter for the rule. Defaults to empty string (all objects)."},"ruleId":{"type":"string","description":"The rule identifier within the bucket. Changing this forces a new resource."}},"requiredInputs":["bucketName","ruleId"],"stateInputs":{"description":"Input properties used for looking up and filtering LifecycleRule resources.\n","properties":{"abortIncompleteMultipartUploadsAfter":{"type":"integer","description":"Duration in milliseconds after which incomplete multipart uploads are aborted."},"bucketName":{"type":"string","description":"The name of the bucket this rule belongs to. Changing this forces a new resource."},"cleanupExpiredObjectDeleteMarker":{"type":"boolean","description":"Whether expired object delete markers are cleaned up. Read-only, managed by the array."},"enabled":{"type":"boolean","description":"Whether the lifecycle rule is enabled. Defaults to true."},"keepCurrentVersionFor":{"type":"integer","description":"Duration in milliseconds to keep current object versions before expiration."},"keepCurrentVersionUntil":{"type":"integer","description":"Timestamp in milliseconds until which current object versions are kept."},"keepPreviousVersionFor":{"type":"integer","description":"Duration in milliseconds to keep previous object versions before expiration."},"prefix":{"type":"string","description":"Object key prefix filter for the rule. Defaults to empty string (all objects)."},"ruleId":{"type":"string","description":"The rule identifier within the bucket. Changing this forces a new resource."}},"type":"object"}},"mica:index/logTargetObjectStore:LogTargetObjectStore":{"properties":{"bucketName":{"type":"string","description":"The name of the bucket where audit logs will be stored."},"logNamePrefix":{"type":"string","description":"The prefix of audit log object names in the bucket."},"logRotateDuration":{"type":"integer","description":"The rotation interval for audit logs in milliseconds."},"name":{"type":"string","description":"The name of the log target object store. Not renameable; changing forces replacement."}},"required":["bucketName","logNamePrefix","logRotateDuration","name"],"inputProperties":{"bucketName":{"type":"string","description":"The name of the bucket where audit logs will be stored."},"logNamePrefix":{"type":"string","description":"The prefix of audit log object names in the bucket."},"logRotateDuration":{"type":"integer","description":"The rotation interval for audit logs in milliseconds."},"name":{"type":"string","description":"The name of the log target object store. Not renameable; changing forces replacement."}},"requiredInputs":["bucketName","name"],"stateInputs":{"description":"Input properties used for looking up and filtering LogTargetObjectStore resources.\n","properties":{"bucketName":{"type":"string","description":"The name of the bucket where audit logs will be stored."},"logNamePrefix":{"type":"string","description":"The prefix of audit log object names in the bucket."},"logRotateDuration":{"type":"integer","description":"The rotation interval for audit logs in milliseconds."},"name":{"type":"string","description":"The name of the log target object store. Not renameable; changing forces replacement."}},"type":"object"}},"mica:index/managementAccessPolicyDirectoryServiceRoleMembership:ManagementAccessPolicyDirectoryServiceRoleMembership":{"properties":{"policy":{"type":"string","description":"Name of the management access policy to associate. Changing this forces a new resource."},"role":{"type":"string","description":"Name of the directory service role. Changing this forces a new resource."}},"required":["policy","role"],"inputProperties":{"policy":{"type":"string","description":"Name of the management access policy to associate. Changing this forces a new resource."},"role":{"type":"string","description":"Name of the directory service role. Changing this forces a new resource."}},"requiredInputs":["policy","role"],"stateInputs":{"description":"Input properties used for looking up and filtering ManagementAccessPolicyDirectoryServiceRoleMembership resources.\n","properties":{"policy":{"type":"string","description":"Name of the management access policy to associate. Changing this forces a new resource."},"role":{"type":"string","description":"Name of the directory service role. Changing this forces a new resource."}},"type":"object"}},"mica:index/networkAccessPolicy:NetworkAccessPolicy":{"properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the network access policy to manage. The policy must already exist on the FlashBlade array."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'network-access')."},"version":{"type":"string","description":"The version token that changes on each policy update."}},"required":["enabled","isLocal","name","policyType","version"],"inputProperties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"name":{"type":"string","description":"The name of the network access policy to manage. The policy must already exist on the FlashBlade array."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering NetworkAccessPolicy resources.\n","properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the network access policy to manage. The policy must already exist on the FlashBlade array."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'network-access')."},"version":{"type":"string","description":"The version token that changes on each policy update."}},"type":"object"}},"mica:index/networkAccessPolicyRule:NetworkAccessPolicyRule":{"properties":{"client":{"type":"string","description":"IP address, CIDR range, or '*' matching the clients to which this rule applies."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'."},"index":{"type":"integer","description":"The server-assigned ordering index for this rule within the policy. Used for import."},"interfaces":{"type":"array","items":{"type":"string"},"description":"List of protocol interfaces this rule applies to (e.g. ['nfs', 'smb', 's3']). If empty, applies to all."},"name":{"type":"string","description":"The server-assigned rule identifier. Used internally for PATCH/DELETE API calls."},"policyName":{"type":"string","description":"The name of the network access policy this rule belongs to. Changing this forces a new resource."},"policyVersion":{"type":"string","description":"The version of the parent policy at the time this rule was last read."}},"required":["client","effect","index","interfaces","name","policyName","policyVersion"],"inputProperties":{"client":{"type":"string","description":"IP address, CIDR range, or '*' matching the clients to which this rule applies."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'."},"interfaces":{"type":"array","items":{"type":"string"},"description":"List of protocol interfaces this rule applies to (e.g. ['nfs', 'smb', 's3']). If empty, applies to all."},"policyName":{"type":"string","description":"The name of the network access policy this rule belongs to. Changing this forces a new resource."}},"requiredInputs":["client","effect","policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering NetworkAccessPolicyRule resources.\n","properties":{"client":{"type":"string","description":"IP address, CIDR range, or '*' matching the clients to which this rule applies."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'."},"index":{"type":"integer","description":"The server-assigned ordering index for this rule within the policy. Used for import."},"interfaces":{"type":"array","items":{"type":"string"},"description":"List of protocol interfaces this rule applies to (e.g. ['nfs', 'smb', 's3']). If empty, applies to all."},"name":{"type":"string","description":"The server-assigned rule identifier. Used internally for PATCH/DELETE API calls."},"policyName":{"type":"string","description":"The name of the network access policy this rule belongs to. Changing this forces a new resource."},"policyVersion":{"type":"string","description":"The version of the parent policy at the time this rule was last read."}},"type":"object"}},"mica:index/networkInterface:NetworkInterface":{"properties":{"address":{"type":"string","description":"The IPv4 address for this network interface."},"attachedServers":{"type":"array","items":{"type":"string"},"description":"List of server names attached to this interface. Required for data/sts; forbidden for egress-only/replication."},"enabled":{"type":"boolean","description":"Whether the network interface is enabled."},"gateway":{"type":"string","description":"The gateway address for this network interface."},"mtu":{"type":"integer","description":"Maximum transmission unit (MTU) in bytes."},"name":{"type":"string","description":"The name of the network interface. Changing this forces a new resource."},"netmask":{"type":"string","description":"The subnet mask for this network interface."},"realms":{"type":"array","items":{"type":"string"},"description":"List of realms associated with this network interface."},"services":{"type":"string","description":"The service type for this network interface. One of: data, sts, egress-only, replication."},"subnetName":{"type":"string","description":"The name of the subnet this interface is attached to. Changing this forces a new resource."},"type":{"type":"string","description":"The network interface type (e.g. vip). Changing this forces a new resource."},"vlan":{"type":"integer","description":"VLAN ID. 0 means untagged."}},"required":["address","attachedServers","enabled","gateway","mtu","name","netmask","realms","services","subnetName","type","vlan"],"inputProperties":{"address":{"type":"string","description":"The IPv4 address for this network interface."},"attachedServers":{"type":"array","items":{"type":"string"},"description":"List of server names attached to this interface. Required for data/sts; forbidden for egress-only/replication."},"name":{"type":"string","description":"The name of the network interface. Changing this forces a new resource."},"services":{"type":"string","description":"The service type for this network interface. One of: data, sts, egress-only, replication."},"subnetName":{"type":"string","description":"The name of the subnet this interface is attached to. Changing this forces a new resource."},"type":{"type":"string","description":"The network interface type (e.g. vip). Changing this forces a new resource."}},"requiredInputs":["address","name","services","subnetName","type"],"stateInputs":{"description":"Input properties used for looking up and filtering NetworkInterface resources.\n","properties":{"address":{"type":"string","description":"The IPv4 address for this network interface."},"attachedServers":{"type":"array","items":{"type":"string"},"description":"List of server names attached to this interface. Required for data/sts; forbidden for egress-only/replication."},"enabled":{"type":"boolean","description":"Whether the network interface is enabled."},"gateway":{"type":"string","description":"The gateway address for this network interface."},"mtu":{"type":"integer","description":"Maximum transmission unit (MTU) in bytes."},"name":{"type":"string","description":"The name of the network interface. Changing this forces a new resource."},"netmask":{"type":"string","description":"The subnet mask for this network interface."},"realms":{"type":"array","items":{"type":"string"},"description":"List of realms associated with this network interface."},"services":{"type":"string","description":"The service type for this network interface. One of: data, sts, egress-only, replication."},"subnetName":{"type":"string","description":"The name of the subnet this interface is attached to. Changing this forces a new resource."},"type":{"type":"string","description":"The network interface type (e.g. vip). Changing this forces a new resource."},"vlan":{"type":"integer","description":"VLAN ID. 0 means untagged."}},"type":"object"}},"mica:index/nfsExportPolicy:NfsExportPolicy":{"properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the NFS export policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'nfs')."},"version":{"type":"string","description":"The version token that changes on each policy update."},"workload":{"$ref":"#/types/mica:index/NfsExportPolicyWorkload:NfsExportPolicyWorkload","description":"The workload that owns this NFS export policy (read-only, API-managed). Populated by the API when the policy is associated with a workload."}},"required":["enabled","isLocal","name","policyType","version","workload"],"inputProperties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"name":{"type":"string","description":"The name of the NFS export policy. Can be changed in-place via PATCH (rename)."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering NfsExportPolicy resources.\n","properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the NFS export policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'nfs')."},"version":{"type":"string","description":"The version token that changes on each policy update."},"workload":{"$ref":"#/types/mica:index/NfsExportPolicyWorkload:NfsExportPolicyWorkload","description":"The workload that owns this NFS export policy (read-only, API-managed). Populated by the API when the policy is associated with a workload."}},"type":"object"}},"mica:index/nfsExportPolicyRule:NfsExportPolicyRule":{"properties":{"access":{"type":"string","description":"The access control for NFS clients (e.g. 'root-squash', 'no-root-squash', 'all-squash')."},"anongid":{"type":"integer","description":"The GID to use for anonymous (squashed) users."},"anonuid":{"type":"integer","description":"The UID to use for anonymous (squashed) users."},"atime":{"type":"boolean","description":"If true, access time updates are enabled."},"client":{"type":"string","description":"A pattern matching the clients to which this rule applies (e.g. '*', '10.0.0.0/8')."},"fileid32bit":{"type":"boolean","description":"If true, use 32-bit file IDs."},"index":{"type":"integer","description":"The server-assigned ordering index for this rule within the policy. Used for import."},"name":{"type":"string","description":"The server-assigned rule identifier. Used internally for PATCH/DELETE API calls."},"permission":{"type":"string","description":"The read/write permission for matching clients (e.g. 'rw', 'ro')."},"policyName":{"type":"string","description":"The name of the NFS export policy this rule belongs to. Changing this forces a new resource."},"policyVersion":{"type":"string","description":"The version of the parent policy at the time this rule was last read."},"requiredTransportSecurity":{"type":"string","description":"Required transport security for this rule (e.g. 'krb5', 'krb5i', 'krb5p')."},"secure":{"type":"boolean","description":"If true, require clients to use a privileged port."},"securities":{"type":"array","items":{"type":"string"},"description":"Security flavors to enforce for this rule."}},"required":["access","anongid","anonuid","atime","client","fileid32bit","index","name","permission","policyName","policyVersion","requiredTransportSecurity","secure","securities"],"inputProperties":{"access":{"type":"string","description":"The access control for NFS clients (e.g. 'root-squash', 'no-root-squash', 'all-squash')."},"anongid":{"type":"integer","description":"The GID to use for anonymous (squashed) users."},"anonuid":{"type":"integer","description":"The UID to use for anonymous (squashed) users."},"atime":{"type":"boolean","description":"If true, access time updates are enabled."},"client":{"type":"string","description":"A pattern matching the clients to which this rule applies (e.g. '*', '10.0.0.0/8')."},"fileid32bit":{"type":"boolean","description":"If true, use 32-bit file IDs."},"permission":{"type":"string","description":"The read/write permission for matching clients (e.g. 'rw', 'ro')."},"policyName":{"type":"string","description":"The name of the NFS export policy this rule belongs to. Changing this forces a new resource."},"requiredTransportSecurity":{"type":"string","description":"Required transport security for this rule (e.g. 'krb5', 'krb5i', 'krb5p')."},"secure":{"type":"boolean","description":"If true, require clients to use a privileged port."},"securities":{"type":"array","items":{"type":"string"},"description":"Security flavors to enforce for this rule."}},"requiredInputs":["policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering NfsExportPolicyRule resources.\n","properties":{"access":{"type":"string","description":"The access control for NFS clients (e.g. 'root-squash', 'no-root-squash', 'all-squash')."},"anongid":{"type":"integer","description":"The GID to use for anonymous (squashed) users."},"anonuid":{"type":"integer","description":"The UID to use for anonymous (squashed) users."},"atime":{"type":"boolean","description":"If true, access time updates are enabled."},"client":{"type":"string","description":"A pattern matching the clients to which this rule applies (e.g. '*', '10.0.0.0/8')."},"fileid32bit":{"type":"boolean","description":"If true, use 32-bit file IDs."},"index":{"type":"integer","description":"The server-assigned ordering index for this rule within the policy. Used for import."},"name":{"type":"string","description":"The server-assigned rule identifier. Used internally for PATCH/DELETE API calls."},"permission":{"type":"string","description":"The read/write permission for matching clients (e.g. 'rw', 'ro')."},"policyName":{"type":"string","description":"The name of the NFS export policy this rule belongs to. Changing this forces a new resource."},"policyVersion":{"type":"string","description":"The version of the parent policy at the time this rule was last read."},"requiredTransportSecurity":{"type":"string","description":"Required transport security for this rule (e.g. 'krb5', 'krb5i', 'krb5p')."},"secure":{"type":"boolean","description":"If true, require clients to use a privileged port."},"securities":{"type":"array","items":{"type":"string"},"description":"Security flavors to enforce for this rule."}},"type":"object"}},"mica:index/objectStoreAccessKey:ObjectStoreAccessKey":{"properties":{"accessKeyId":{"type":"string","description":"The access key ID (public part of the credential pair)."},"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the access key was created."},"enabled":{"type":"boolean","description":"If true, the access key is enabled. Changing this forces a new resource."},"name":{"type":"string","description":"The access key name (format: /admin/). When providing a secretAccessKey for cross-array replication, this must be set to the same name as the source key. When omitted, the API assigns it automatically."},"objectStoreAccount":{"type":"string","description":"The object store account this access key belongs to. Changing this forces a new resource."},"secretAccessKey":{"type":"string","description":"The secret access key. When provided, the key is created with this exact secret (for cross-array replication). When omitted, the API generates it. Returned only at creation time and stored in state (encrypted).","secret":true},"user":{"type":"string","description":"The S3 user this access key belongs to (format: account/username). When omitted, defaults to account/admin. Changing this forces a new resource."}},"required":["accessKeyId","created","enabled","name","objectStoreAccount","secretAccessKey","user"],"inputProperties":{"enabled":{"type":"boolean","description":"If true, the access key is enabled. Changing this forces a new resource."},"name":{"type":"string","description":"The access key name (format: /admin/). When providing a secretAccessKey for cross-array replication, this must be set to the same name as the source key. When omitted, the API assigns it automatically."},"objectStoreAccount":{"type":"string","description":"The object store account this access key belongs to. Changing this forces a new resource."},"secretAccessKey":{"type":"string","description":"The secret access key. When provided, the key is created with this exact secret (for cross-array replication). When omitted, the API generates it. Returned only at creation time and stored in state (encrypted).","secret":true},"user":{"type":"string","description":"The S3 user this access key belongs to (format: account/username). When omitted, defaults to account/admin. Changing this forces a new resource."}},"requiredInputs":["objectStoreAccount"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreAccessKey resources.\n","properties":{"accessKeyId":{"type":"string","description":"The access key ID (public part of the credential pair)."},"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the access key was created."},"enabled":{"type":"boolean","description":"If true, the access key is enabled. Changing this forces a new resource."},"name":{"type":"string","description":"The access key name (format: /admin/). When providing a secretAccessKey for cross-array replication, this must be set to the same name as the source key. When omitted, the API assigns it automatically."},"objectStoreAccount":{"type":"string","description":"The object store account this access key belongs to. Changing this forces a new resource."},"secretAccessKey":{"type":"string","description":"The secret access key. When provided, the key is created with this exact secret (for cross-array replication). When omitted, the API generates it. Returned only at creation time and stored in state (encrypted).","secret":true},"user":{"type":"string","description":"The S3 user this access key belongs to (format: account/username). When omitted, defaults to account/admin. Changing this forces a new resource."}},"type":"object"}},"mica:index/objectStoreAccessPolicy:ObjectStoreAccessPolicy":{"properties":{"arn":{"type":"string","description":"The Amazon Resource Name (ARN) for the policy."},"description":{"type":"string","description":"A human-readable description. POST-only field — changing this forces a new resource."},"enabled":{"type":"boolean","description":"If true, the policy is enabled. This is read-only (not writable via PATCH)."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the object store access policy in format `account-name/policy-name` (e.g. `myaccount/readonly`). Can be renamed in-place via PATCH."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'object-store-access')."}},"required":["arn","description","enabled","isLocal","name","policyType"],"inputProperties":{"description":{"type":"string","description":"A human-readable description. POST-only field — changing this forces a new resource."},"name":{"type":"string","description":"The name of the object store access policy in format `account-name/policy-name` (e.g. `myaccount/readonly`). Can be renamed in-place via PATCH."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreAccessPolicy resources.\n","properties":{"arn":{"type":"string","description":"The Amazon Resource Name (ARN) for the policy."},"description":{"type":"string","description":"A human-readable description. POST-only field — changing this forces a new resource."},"enabled":{"type":"boolean","description":"If true, the policy is enabled. This is read-only (not writable via PATCH)."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the object store access policy in format `account-name/policy-name` (e.g. `myaccount/readonly`). Can be renamed in-place via PATCH."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'object-store-access')."}},"type":"object"}},"mica:index/objectStoreAccessPolicyRule:ObjectStoreAccessPolicyRule":{"properties":{"actions":{"type":"array","items":{"type":"string"},"description":"List of S3 actions this rule applies to (e.g. ['s3:GetObject', 's3:PutObject'])."},"conditions":{"type":"string","description":"JSON-encoded IAM conditions object (use jsonencode()). Null or empty if no conditions."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'. Read-only after creation — changing this forces a new resource."},"name":{"type":"string","description":"The name of the rule. Changing this forces a new resource (rules cannot be renamed)."},"policyName":{"type":"string","description":"The name of the object store access policy this rule belongs to. Changing this forces a new resource."},"resources":{"type":"array","items":{"type":"string"},"description":"List of ARN-like resource patterns this rule applies to."}},"required":["actions","conditions","effect","name","policyName","resources"],"inputProperties":{"actions":{"type":"array","items":{"type":"string"},"description":"List of S3 actions this rule applies to (e.g. ['s3:GetObject', 's3:PutObject'])."},"conditions":{"type":"string","description":"JSON-encoded IAM conditions object (use jsonencode()). Null or empty if no conditions."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'. Read-only after creation — changing this forces a new resource."},"name":{"type":"string","description":"The name of the rule. Changing this forces a new resource (rules cannot be renamed)."},"policyName":{"type":"string","description":"The name of the object store access policy this rule belongs to. Changing this forces a new resource."},"resources":{"type":"array","items":{"type":"string"},"description":"List of ARN-like resource patterns this rule applies to."}},"requiredInputs":["actions","effect","name","policyName","resources"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreAccessPolicyRule resources.\n","properties":{"actions":{"type":"array","items":{"type":"string"},"description":"List of S3 actions this rule applies to (e.g. ['s3:GetObject', 's3:PutObject'])."},"conditions":{"type":"string","description":"JSON-encoded IAM conditions object (use jsonencode()). Null or empty if no conditions."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'. Read-only after creation — changing this forces a new resource."},"name":{"type":"string","description":"The name of the rule. Changing this forces a new resource (rules cannot be renamed)."},"policyName":{"type":"string","description":"The name of the object store access policy this rule belongs to. Changing this forces a new resource."},"resources":{"type":"array","items":{"type":"string"},"description":"List of ARN-like resource patterns this rule applies to."}},"type":"object"}},"mica:index/objectStoreAccount:ObjectStoreAccount":{"properties":{"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the account was created."},"hardLimitEnabled":{"type":"boolean","description":"If true, the account's size cannot exceed the quota limit."},"name":{"type":"string","description":"The name of the object store account. Changing this forces a new resource."},"objectCount":{"type":"integer","description":"The count of objects within the account."},"quotaLimit":{"type":"integer","description":"The effective quota limit applied against the size of the account, in bytes."},"skipDefaultExport":{"type":"boolean","description":"When true, suppresses the default account export to _array_server at creation time. Use this when you manage exports explicitly via flashblade_object_store_account_export."},"space":{"$ref":"#/types/mica:index/ObjectStoreAccountSpace:ObjectStoreAccountSpace","description":"Storage space breakdown (read-only, API-managed)."}},"required":["created","hardLimitEnabled","name","objectCount","quotaLimit","skipDefaultExport","space"],"inputProperties":{"hardLimitEnabled":{"type":"boolean","description":"If true, the account's size cannot exceed the quota limit."},"name":{"type":"string","description":"The name of the object store account. Changing this forces a new resource."},"quotaLimit":{"type":"integer","description":"The effective quota limit applied against the size of the account, in bytes."},"skipDefaultExport":{"type":"boolean","description":"When true, suppresses the default account export to _array_server at creation time. Use this when you manage exports explicitly via flashblade_object_store_account_export."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreAccount resources.\n","properties":{"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the account was created."},"hardLimitEnabled":{"type":"boolean","description":"If true, the account's size cannot exceed the quota limit."},"name":{"type":"string","description":"The name of the object store account. Changing this forces a new resource."},"objectCount":{"type":"integer","description":"The count of objects within the account."},"quotaLimit":{"type":"integer","description":"The effective quota limit applied against the size of the account, in bytes."},"skipDefaultExport":{"type":"boolean","description":"When true, suppresses the default account export to _array_server at creation time. Use this when you manage exports explicitly via flashblade_object_store_account_export."},"space":{"$ref":"#/types/mica:index/ObjectStoreAccountSpace:ObjectStoreAccountSpace","description":"Storage space breakdown (read-only, API-managed)."}},"type":"object"}},"mica:index/objectStoreAccountExport:ObjectStoreAccountExport":{"properties":{"accountName":{"type":"string","description":"The name of the object store account to export. Changing this forces a new resource."},"enabled":{"type":"boolean","description":"Whether the export is enabled. Defaults to true."},"name":{"type":"string","description":"The combined name of the export (e.g. 'account/export_name')."},"policyName":{"type":"string","description":"The name of the S3 export policy to apply to the export."},"serverName":{"type":"string","description":"The name of the server to export to. Changing this forces a new resource."}},"required":["accountName","enabled","name","policyName","serverName"],"inputProperties":{"accountName":{"type":"string","description":"The name of the object store account to export. Changing this forces a new resource."},"enabled":{"type":"boolean","description":"Whether the export is enabled. Defaults to true."},"policyName":{"type":"string","description":"The name of the S3 export policy to apply to the export."},"serverName":{"type":"string","description":"The name of the server to export to. Changing this forces a new resource."}},"requiredInputs":["accountName","policyName","serverName"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreAccountExport resources.\n","properties":{"accountName":{"type":"string","description":"The name of the object store account to export. Changing this forces a new resource."},"enabled":{"type":"boolean","description":"Whether the export is enabled. Defaults to true."},"name":{"type":"string","description":"The combined name of the export (e.g. 'account/export_name')."},"policyName":{"type":"string","description":"The name of the S3 export policy to apply to the export."},"serverName":{"type":"string","description":"The name of the server to export to. Changing this forces a new resource."}},"type":"object"}},"mica:index/objectStoreRemoteCredentials:ObjectStoreRemoteCredentials":{"properties":{"accessKeyId":{"type":"string","description":"The access key ID for the remote S3 credentials.","secret":true},"name":{"type":"string","description":"The name of the remote credentials. Changing this forces a new resource."},"remoteName":{"type":"string","description":"The name of the remote array connection. Populated automatically from the API response. Changing this forces a new resource."},"secretAccessKey":{"type":"string","description":"The secret access key for the remote S3 credentials.","secret":true},"targetName":{"type":"string","description":"The name of the target (S3-compatible endpoint). Mutually exclusive with remote_name. Changing this forces a new resource."}},"required":["accessKeyId","name","remoteName","secretAccessKey"],"inputProperties":{"accessKeyId":{"type":"string","description":"The access key ID for the remote S3 credentials.","secret":true},"name":{"type":"string","description":"The name of the remote credentials. Changing this forces a new resource."},"remoteName":{"type":"string","description":"The name of the remote array connection. Populated automatically from the API response. Changing this forces a new resource."},"secretAccessKey":{"type":"string","description":"The secret access key for the remote S3 credentials.","secret":true},"targetName":{"type":"string","description":"The name of the target (S3-compatible endpoint). Mutually exclusive with remote_name. Changing this forces a new resource."}},"requiredInputs":["accessKeyId","name","secretAccessKey"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreRemoteCredentials resources.\n","properties":{"accessKeyId":{"type":"string","description":"The access key ID for the remote S3 credentials.","secret":true},"name":{"type":"string","description":"The name of the remote credentials. Changing this forces a new resource."},"remoteName":{"type":"string","description":"The name of the remote array connection. Populated automatically from the API response. Changing this forces a new resource."},"secretAccessKey":{"type":"string","description":"The secret access key for the remote S3 credentials.","secret":true},"targetName":{"type":"string","description":"The name of the target (S3-compatible endpoint). Mutually exclusive with remote_name. Changing this forces a new resource."}},"type":"object"}},"mica:index/objectStoreUser:ObjectStoreUser":{"properties":{"fullAccess":{"type":"boolean","description":"If true, the user has full access to all object store operations. Defaults to false."},"name":{"type":"string","description":"The name of the object store user in the format account/username. Changing this forces a new resource."}},"required":["fullAccess","name"],"inputProperties":{"fullAccess":{"type":"boolean","description":"If true, the user has full access to all object store operations. Defaults to false."},"name":{"type":"string","description":"The name of the object store user in the format account/username. Changing this forces a new resource."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreUser resources.\n","properties":{"fullAccess":{"type":"boolean","description":"If true, the user has full access to all object store operations. Defaults to false."},"name":{"type":"string","description":"The name of the object store user in the format account/username. Changing this forces a new resource."}},"type":"object"}},"mica:index/objectStoreUserPolicy:ObjectStoreUserPolicy":{"properties":{"policyName":{"type":"string","description":"The name of the object store access policy. Changing this forces a new resource."},"userName":{"type":"string","description":"The name of the object store user (format: account/username). Changing this forces a new resource."}},"required":["policyName","userName"],"inputProperties":{"policyName":{"type":"string","description":"The name of the object store access policy. Changing this forces a new resource."},"userName":{"type":"string","description":"The name of the object store user (format: account/username). Changing this forces a new resource."}},"requiredInputs":["policyName","userName"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreUserPolicy resources.\n","properties":{"policyName":{"type":"string","description":"The name of the object store access policy. Changing this forces a new resource."},"userName":{"type":"string","description":"The name of the object store user (format: account/username). Changing this forces a new resource."}},"type":"object"}},"mica:index/objectStoreVirtualHost:ObjectStoreVirtualHost":{"properties":{"attachedServers":{"type":"array","items":{"type":"string"},"description":"List of server names attached to this virtual host. The API may auto-attach the default array server."},"hostname":{"type":"string","description":"The hostname (FQDN) for the virtual-hosted-style S3 endpoint."},"name":{"type":"string","description":"The user-specified name of the virtual host. Must contain only alphanumeric characters, hyphens, and underscores."}},"required":["attachedServers","hostname","name"],"inputProperties":{"attachedServers":{"type":"array","items":{"type":"string"},"description":"List of server names attached to this virtual host. The API may auto-attach the default array server."},"hostname":{"type":"string","description":"The hostname (FQDN) for the virtual-hosted-style S3 endpoint."},"name":{"type":"string","description":"The user-specified name of the virtual host. Must contain only alphanumeric characters, hyphens, and underscores."}},"requiredInputs":["hostname","name"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreVirtualHost resources.\n","properties":{"attachedServers":{"type":"array","items":{"type":"string"},"description":"List of server names attached to this virtual host. The API may auto-attach the default array server."},"hostname":{"type":"string","description":"The hostname (FQDN) for the virtual-hosted-style S3 endpoint."},"name":{"type":"string","description":"The user-specified name of the virtual host. Must contain only alphanumeric characters, hyphens, and underscores."}},"type":"object"}},"mica:index/qosPolicy:QosPolicy":{"properties":{"context":{"$ref":"#/types/mica:index/QosPolicyContext:QosPolicyContext","description":"The workload context that owns this QoS policy (read-only, API-managed). Populated by the API when the policy is associated with a workload context."},"enabled":{"type":"boolean","description":"Whether the QoS policy is enabled. Defaults to true."},"isLocal":{"type":"boolean","description":"Whether the QoS policy is local to this array. Read-only."},"maxTotalBytesPerSec":{"type":"integer","description":"Maximum total bandwidth in bytes per second."},"maxTotalOpsPerSec":{"type":"integer","description":"Maximum total operations (IOPS) per second."},"name":{"type":"string","description":"The name of the QoS policy. Changing this forces a new resource."},"policyType":{"type":"string","description":"The type of the QoS policy (e.g. bandwidth-limit). Read-only."}},"required":["context","enabled","isLocal","name","policyType"],"inputProperties":{"enabled":{"type":"boolean","description":"Whether the QoS policy is enabled. Defaults to true."},"maxTotalBytesPerSec":{"type":"integer","description":"Maximum total bandwidth in bytes per second."},"maxTotalOpsPerSec":{"type":"integer","description":"Maximum total operations (IOPS) per second."},"name":{"type":"string","description":"The name of the QoS policy. Changing this forces a new resource."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering QosPolicy resources.\n","properties":{"context":{"$ref":"#/types/mica:index/QosPolicyContext:QosPolicyContext","description":"The workload context that owns this QoS policy (read-only, API-managed). Populated by the API when the policy is associated with a workload context."},"enabled":{"type":"boolean","description":"Whether the QoS policy is enabled. Defaults to true."},"isLocal":{"type":"boolean","description":"Whether the QoS policy is local to this array. Read-only."},"maxTotalBytesPerSec":{"type":"integer","description":"Maximum total bandwidth in bytes per second."},"maxTotalOpsPerSec":{"type":"integer","description":"Maximum total operations (IOPS) per second."},"name":{"type":"string","description":"The name of the QoS policy. Changing this forces a new resource."},"policyType":{"type":"string","description":"The type of the QoS policy (e.g. bandwidth-limit). Read-only."}},"type":"object"}},"mica:index/qosPolicyMember:QosPolicyMember":{"properties":{"memberName":{"type":"string","description":"The name of the file system or realm to assign. Changing this forces a new resource."},"memberType":{"type":"string","description":"The type of the member. Valid values: file-systems, realms. Note: buckets are not supported by the FlashBlade API."},"policyName":{"type":"string","description":"The name of the QoS policy. Changing this forces a new resource."}},"required":["memberName","memberType","policyName"],"inputProperties":{"memberName":{"type":"string","description":"The name of the file system or realm to assign. Changing this forces a new resource."},"memberType":{"type":"string","description":"The type of the member. Valid values: file-systems, realms. Note: buckets are not supported by the FlashBlade API."},"policyName":{"type":"string","description":"The name of the QoS policy. Changing this forces a new resource."}},"requiredInputs":["memberName","memberType","policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering QosPolicyMember resources.\n","properties":{"memberName":{"type":"string","description":"The name of the file system or realm to assign. Changing this forces a new resource."},"memberType":{"type":"string","description":"The type of the member. Valid values: file-systems, realms. Note: buckets are not supported by the FlashBlade API."},"policyName":{"type":"string","description":"The name of the QoS policy. Changing this forces a new resource."}},"type":"object"}},"mica:index/quotaGroup:QuotaGroup":{"properties":{"fileSystemName":{"type":"string","description":"Name of the file system this quota applies to. Changing this forces a new resource."},"gid":{"type":"string","description":"Group ID (GID) the quota applies to. Changing this forces a new resource."},"quota":{"type":"integer","description":"Quota limit in bytes."},"usage":{"type":"integer","description":"Current usage in bytes (read-only, API-managed)."}},"required":["fileSystemName","gid","quota","usage"],"inputProperties":{"fileSystemName":{"type":"string","description":"Name of the file system this quota applies to. Changing this forces a new resource."},"gid":{"type":"string","description":"Group ID (GID) the quota applies to. Changing this forces a new resource."},"quota":{"type":"integer","description":"Quota limit in bytes."}},"requiredInputs":["fileSystemName","gid","quota"],"stateInputs":{"description":"Input properties used for looking up and filtering QuotaGroup resources.\n","properties":{"fileSystemName":{"type":"string","description":"Name of the file system this quota applies to. Changing this forces a new resource."},"gid":{"type":"string","description":"Group ID (GID) the quota applies to. Changing this forces a new resource."},"quota":{"type":"integer","description":"Quota limit in bytes."},"usage":{"type":"integer","description":"Current usage in bytes (read-only, API-managed)."}},"type":"object"}},"mica:index/quotaUser:QuotaUser":{"properties":{"fileSystemName":{"type":"string","description":"Name of the file system this quota applies to. Changing this forces a new resource."},"quota":{"type":"integer","description":"Quota limit in bytes."},"uid":{"type":"string","description":"User ID (UID) the quota applies to. Changing this forces a new resource."},"usage":{"type":"integer","description":"Current usage in bytes (read-only, API-managed)."}},"required":["fileSystemName","quota","uid","usage"],"inputProperties":{"fileSystemName":{"type":"string","description":"Name of the file system this quota applies to. Changing this forces a new resource."},"quota":{"type":"integer","description":"Quota limit in bytes."},"uid":{"type":"string","description":"User ID (UID) the quota applies to. Changing this forces a new resource."}},"requiredInputs":["fileSystemName","quota","uid"],"stateInputs":{"description":"Input properties used for looking up and filtering QuotaUser resources.\n","properties":{"fileSystemName":{"type":"string","description":"Name of the file system this quota applies to. Changing this forces a new resource."},"quota":{"type":"integer","description":"Quota limit in bytes."},"uid":{"type":"string","description":"User ID (UID) the quota applies to. Changing this forces a new resource."},"usage":{"type":"integer","description":"Current usage in bytes (read-only, API-managed)."}},"type":"object"}},"mica:index/s3ExportPolicy:S3ExportPolicy":{"properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the S3 export policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 's3-export')."},"version":{"type":"string","description":"The version token that changes on each policy update."}},"required":["enabled","isLocal","name","policyType","version"],"inputProperties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"name":{"type":"string","description":"The name of the S3 export policy. Can be changed in-place via PATCH (rename)."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering S3ExportPolicy resources.\n","properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the S3 export policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 's3-export')."},"version":{"type":"string","description":"The version token that changes on each policy update."}},"type":"object"}},"mica:index/s3ExportPolicyRule:S3ExportPolicyRule":{"properties":{"actions":{"type":"array","items":{"type":"string"},"description":"The S3 actions this rule applies to (e.g. 's3:GetObject')."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'. Can be updated in-place."},"index":{"type":"integer","description":"The server-assigned ordering index for this rule within the policy. Used for import."},"name":{"type":"string","description":"The rule name. Passed as ?names= query param on POST."},"policyName":{"type":"string","description":"The name of the S3 export policy this rule belongs to. Changing this forces a new resource."},"resources":{"type":"array","items":{"type":"string"},"description":"The S3 resources this rule applies to (e.g. '*')."}},"required":["actions","effect","index","name","policyName","resources"],"inputProperties":{"actions":{"type":"array","items":{"type":"string"},"description":"The S3 actions this rule applies to (e.g. 's3:GetObject')."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'. Can be updated in-place."},"name":{"type":"string","description":"The rule name. Passed as ?names= query param on POST."},"policyName":{"type":"string","description":"The name of the S3 export policy this rule belongs to. Changing this forces a new resource."},"resources":{"type":"array","items":{"type":"string"},"description":"The S3 resources this rule applies to (e.g. '*')."}},"requiredInputs":["actions","effect","name","policyName","resources"],"stateInputs":{"description":"Input properties used for looking up and filtering S3ExportPolicyRule resources.\n","properties":{"actions":{"type":"array","items":{"type":"string"},"description":"The S3 actions this rule applies to (e.g. 's3:GetObject')."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'. Can be updated in-place."},"index":{"type":"integer","description":"The server-assigned ordering index for this rule within the policy. Used for import."},"name":{"type":"string","description":"The rule name. Passed as ?names= query param on POST."},"policyName":{"type":"string","description":"The name of the S3 export policy this rule belongs to. Changing this forces a new resource."},"resources":{"type":"array","items":{"type":"string"},"description":"The S3 resources this rule applies to (e.g. '*')."}},"type":"object"}},"mica:index/server:Server":{"properties":{"cascadeDeletes":{"type":"array","items":{"type":"string"},"description":"List of export names to cascade-delete when destroying this server. Used only on delete, not stored in API state."},"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the server was created."},"directoryServices":{"type":"array","items":{"type":"string"},"description":"List of directory service names associated with this server."},"dns":{"type":"array","items":{"type":"string"},"description":"List of DNS configuration names associated with this server."},"name":{"type":"string","description":"The name of the server. Changing this forces a new resource."},"networkInterfaces":{"type":"array","items":{"type":"string"},"description":"Names of network interfaces (VIPs) attached to this server. Discovered automatically from the array."}},"required":["created","directoryServices","dns","name","networkInterfaces"],"inputProperties":{"cascadeDeletes":{"type":"array","items":{"type":"string"},"description":"List of export names to cascade-delete when destroying this server. Used only on delete, not stored in API state."},"dns":{"type":"array","items":{"type":"string"},"description":"List of DNS configuration names associated with this server."},"name":{"type":"string","description":"The name of the server. Changing this forces a new resource."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering Server resources.\n","properties":{"cascadeDeletes":{"type":"array","items":{"type":"string"},"description":"List of export names to cascade-delete when destroying this server. Used only on delete, not stored in API state."},"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the server was created."},"directoryServices":{"type":"array","items":{"type":"string"},"description":"List of directory service names associated with this server."},"dns":{"type":"array","items":{"type":"string"},"description":"List of DNS configuration names associated with this server."},"name":{"type":"string","description":"The name of the server. Changing this forces a new resource."},"networkInterfaces":{"type":"array","items":{"type":"string"},"description":"Names of network interfaces (VIPs) attached to this server. Discovered automatically from the array."}},"type":"object"}},"mica:index/smbClientPolicy:SmbClientPolicy":{"properties":{"accessBasedEnumerationEnabled":{"type":"boolean","description":"If true, access-based enumeration is enabled for this policy."},"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the SMB client policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'smb')."},"version":{"type":"string","description":"The version of the SMB client policy (read-only, server-assigned)."},"workload":{"$ref":"#/types/mica:index/SmbClientPolicyWorkload:SmbClientPolicyWorkload","description":"The workload that owns this SMB client policy (read-only, API-managed). Populated by the API when the policy is associated with a workload."}},"required":["accessBasedEnumerationEnabled","enabled","isLocal","name","policyType","version","workload"],"inputProperties":{"accessBasedEnumerationEnabled":{"type":"boolean","description":"If true, access-based enumeration is enabled for this policy."},"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"name":{"type":"string","description":"The name of the SMB client policy. Can be changed in-place via PATCH (rename)."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering SmbClientPolicy resources.\n","properties":{"accessBasedEnumerationEnabled":{"type":"boolean","description":"If true, access-based enumeration is enabled for this policy."},"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the SMB client policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'smb')."},"version":{"type":"string","description":"The version of the SMB client policy (read-only, server-assigned)."},"workload":{"$ref":"#/types/mica:index/SmbClientPolicyWorkload:SmbClientPolicyWorkload","description":"The workload that owns this SMB client policy (read-only, API-managed). Populated by the API when the policy is associated with a workload."}},"type":"object"}},"mica:index/smbClientPolicyRule:SmbClientPolicyRule":{"properties":{"client":{"type":"string","description":"The client match expression (e.g. '*', '10.0.0.0/8')."},"encryption":{"type":"string","description":"Encryption requirement: 'optional', 'required', or 'disabled'."},"index":{"type":"integer","description":"The server-assigned rule index within the policy."},"name":{"type":"string","description":"The server-assigned rule name (stable identifier). Used for import and PATCH/DELETE API calls."},"permission":{"type":"string","description":"Permission level: 'rw' or 'ro'."},"policyName":{"type":"string","description":"The name of the SMB client policy this rule belongs to. Changing this forces a new resource."}},"required":["client","encryption","index","name","permission","policyName"],"inputProperties":{"client":{"type":"string","description":"The client match expression (e.g. '*', '10.0.0.0/8')."},"encryption":{"type":"string","description":"Encryption requirement: 'optional', 'required', or 'disabled'."},"permission":{"type":"string","description":"Permission level: 'rw' or 'ro'."},"policyName":{"type":"string","description":"The name of the SMB client policy this rule belongs to. Changing this forces a new resource."}},"requiredInputs":["client","policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering SmbClientPolicyRule resources.\n","properties":{"client":{"type":"string","description":"The client match expression (e.g. '*', '10.0.0.0/8')."},"encryption":{"type":"string","description":"Encryption requirement: 'optional', 'required', or 'disabled'."},"index":{"type":"integer","description":"The server-assigned rule index within the policy."},"name":{"type":"string","description":"The server-assigned rule name (stable identifier). Used for import and PATCH/DELETE API calls."},"permission":{"type":"string","description":"Permission level: 'rw' or 'ro'."},"policyName":{"type":"string","description":"The name of the SMB client policy this rule belongs to. Changing this forces a new resource."}},"type":"object"}},"mica:index/smbSharePolicy:SmbSharePolicy":{"properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the SMB share policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'smb')."},"workload":{"$ref":"#/types/mica:index/SmbSharePolicyWorkload:SmbSharePolicyWorkload","description":"The workload that owns this SMB share policy (read-only, API-managed). Populated by the API when the policy is associated with a workload."}},"required":["enabled","isLocal","name","policyType","workload"],"inputProperties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"name":{"type":"string","description":"The name of the SMB share policy. Can be changed in-place via PATCH (rename)."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering SmbSharePolicy resources.\n","properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the SMB share policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'smb')."},"workload":{"$ref":"#/types/mica:index/SmbSharePolicyWorkload:SmbSharePolicyWorkload","description":"The workload that owns this SMB share policy (read-only, API-managed). Populated by the API when the policy is associated with a workload."}},"type":"object"}},"mica:index/smbSharePolicyRule:SmbSharePolicyRule":{"properties":{"change":{"type":"string","description":"Permission to change files/directories: 'allow' or 'deny'."},"fullControl":{"type":"string","description":"Full control permission: 'allow' or 'deny'."},"name":{"type":"string","description":"The server-assigned rule name (stable identifier). Used for import and PATCH/DELETE API calls."},"policyName":{"type":"string","description":"The name of the SMB share policy this rule belongs to. Changing this forces a new resource."},"principal":{"type":"string","description":"The user or group principal this rule applies to (e.g. 'Everyone', 'DOMAIN\\user')."},"read":{"type":"string","description":"Read permission: 'allow' or 'deny'."}},"required":["change","fullControl","name","policyName","principal","read"],"inputProperties":{"change":{"type":"string","description":"Permission to change files/directories: 'allow' or 'deny'."},"fullControl":{"type":"string","description":"Full control permission: 'allow' or 'deny'."},"policyName":{"type":"string","description":"The name of the SMB share policy this rule belongs to. Changing this forces a new resource."},"principal":{"type":"string","description":"The user or group principal this rule applies to (e.g. 'Everyone', 'DOMAIN\\user')."},"read":{"type":"string","description":"Read permission: 'allow' or 'deny'."}},"requiredInputs":["policyName","principal"],"stateInputs":{"description":"Input properties used for looking up and filtering SmbSharePolicyRule resources.\n","properties":{"change":{"type":"string","description":"Permission to change files/directories: 'allow' or 'deny'."},"fullControl":{"type":"string","description":"Full control permission: 'allow' or 'deny'."},"name":{"type":"string","description":"The server-assigned rule name (stable identifier). Used for import and PATCH/DELETE API calls."},"policyName":{"type":"string","description":"The name of the SMB share policy this rule belongs to. Changing this forces a new resource."},"principal":{"type":"string","description":"The user or group principal this rule applies to (e.g. 'Everyone', 'DOMAIN\\user')."},"read":{"type":"string","description":"Read permission: 'allow' or 'deny'."}},"type":"object"}},"mica:index/snapshotPolicy:SnapshotPolicy":{"properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the snapshot policy. Changing this forces a new resource. Snapshot policy names cannot be renamed in-place (API limitation)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'snapshot')."},"retentionLock":{"type":"string","description":"The retention lock mode of the policy (e.g. 'none', 'ratcheted')."}},"required":["enabled","isLocal","name","policyType","retentionLock"],"inputProperties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"name":{"type":"string","description":"The name of the snapshot policy. Changing this forces a new resource. Snapshot policy names cannot be renamed in-place (API limitation)."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering SnapshotPolicy resources.\n","properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the snapshot policy. Changing this forces a new resource. Snapshot policy names cannot be renamed in-place (API limitation)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'snapshot')."},"retentionLock":{"type":"string","description":"The retention lock mode of the policy (e.g. 'none', 'ratcheted')."}},"type":"object"}},"mica:index/snapshotPolicyRule:SnapshotPolicyRule":{"properties":{"at":{"type":"integer","description":"Schedule: run at this epoch millisecond offset within the day."},"clientName":{"type":"string","description":"An optional client name pattern for this rule."},"every":{"type":"integer","description":"Schedule: run every N milliseconds (e.g. 86400000 for daily)."},"keepFor":{"type":"integer","description":"Retention: keep snapshots for this many milliseconds (e.g. 604800000 for 7 days)."},"name":{"type":"string","description":"The server-assigned rule identifier within the policy."},"policyName":{"type":"string","description":"The name of the snapshot policy this rule belongs to. Changing this forces a new resource."},"suffix":{"type":"string","description":"Read-only suffix appended to snapshot names created by this rule (assigned by the API, not configurable via add_rules)."}},"required":["at","clientName","every","keepFor","name","policyName","suffix"],"inputProperties":{"at":{"type":"integer","description":"Schedule: run at this epoch millisecond offset within the day."},"clientName":{"type":"string","description":"An optional client name pattern for this rule."},"every":{"type":"integer","description":"Schedule: run every N milliseconds (e.g. 86400000 for daily)."},"keepFor":{"type":"integer","description":"Retention: keep snapshots for this many milliseconds (e.g. 604800000 for 7 days)."},"policyName":{"type":"string","description":"The name of the snapshot policy this rule belongs to. Changing this forces a new resource."}},"requiredInputs":["policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering SnapshotPolicyRule resources.\n","properties":{"at":{"type":"integer","description":"Schedule: run at this epoch millisecond offset within the day."},"clientName":{"type":"string","description":"An optional client name pattern for this rule."},"every":{"type":"integer","description":"Schedule: run every N milliseconds (e.g. 86400000 for daily)."},"keepFor":{"type":"integer","description":"Retention: keep snapshots for this many milliseconds (e.g. 604800000 for 7 days)."},"name":{"type":"string","description":"The server-assigned rule identifier within the policy."},"policyName":{"type":"string","description":"The name of the snapshot policy this rule belongs to. Changing this forces a new resource."},"suffix":{"type":"string","description":"Read-only suffix appended to snapshot names created by this rule (assigned by the API, not configurable via add_rules)."}},"type":"object"}},"mica:index/subnet:Subnet":{"properties":{"enabled":{"type":"boolean","description":"Whether the subnet is enabled."},"gateway":{"type":"string","description":"IPv4 or IPv6 gateway address for the subnet."},"interfaces":{"type":"array","items":{"type":"string"},"description":"List of network interface names attached to this subnet."},"lagName":{"type":"string","description":"Name of the link aggregation group (LAG) this subnet is attached to."},"mtu":{"type":"integer","description":"Maximum transmission unit (MTU) in bytes. Defaults to 1500."},"name":{"type":"string","description":"The name of the subnet. Changing this forces a new resource."},"prefix":{"type":"string","description":"IPv4 or IPv6 subnet address in CIDR notation (e.g. 10.21.200.0/24)."},"services":{"type":"array","items":{"type":"string"},"description":"List of services associated with this subnet (e.g. data, replication)."},"vlan":{"type":"integer","description":"VLAN ID. 0 means untagged. Defaults to 0."}},"required":["enabled","gateway","interfaces","lagName","mtu","name","prefix","services","vlan"],"inputProperties":{"gateway":{"type":"string","description":"IPv4 or IPv6 gateway address for the subnet."},"lagName":{"type":"string","description":"Name of the link aggregation group (LAG) this subnet is attached to."},"mtu":{"type":"integer","description":"Maximum transmission unit (MTU) in bytes. Defaults to 1500."},"name":{"type":"string","description":"The name of the subnet. Changing this forces a new resource."},"prefix":{"type":"string","description":"IPv4 or IPv6 subnet address in CIDR notation (e.g. 10.21.200.0/24)."},"vlan":{"type":"integer","description":"VLAN ID. 0 means untagged. Defaults to 0."}},"requiredInputs":["name","prefix"],"stateInputs":{"description":"Input properties used for looking up and filtering Subnet resources.\n","properties":{"enabled":{"type":"boolean","description":"Whether the subnet is enabled."},"gateway":{"type":"string","description":"IPv4 or IPv6 gateway address for the subnet."},"interfaces":{"type":"array","items":{"type":"string"},"description":"List of network interface names attached to this subnet."},"lagName":{"type":"string","description":"Name of the link aggregation group (LAG) this subnet is attached to."},"mtu":{"type":"integer","description":"Maximum transmission unit (MTU) in bytes. Defaults to 1500."},"name":{"type":"string","description":"The name of the subnet. Changing this forces a new resource."},"prefix":{"type":"string","description":"IPv4 or IPv6 subnet address in CIDR notation (e.g. 10.21.200.0/24)."},"services":{"type":"array","items":{"type":"string"},"description":"List of services associated with this subnet (e.g. data, replication)."},"vlan":{"type":"integer","description":"VLAN ID. 0 means untagged. Defaults to 0."}},"type":"object"}},"mica:index/syslogServer:SyslogServer":{"properties":{"name":{"type":"string","description":"The name of the syslog server. Not renameable; changing forces replacement."},"services":{"type":"array","items":{"type":"string"},"description":"List of services to send to this syslog server. Valid values: data-audit, management."},"sources":{"type":"array","items":{"type":"string"},"description":"List of sources to send to this syslog server."},"uri":{"type":"string","description":"Syslog server URI in format PROTOCOL://HOST:PORT (e.g. udp://syslog.example.com:514)."}},"required":["name","services","sources","uri"],"inputProperties":{"name":{"type":"string","description":"The name of the syslog server. Not renameable; changing forces replacement."},"services":{"type":"array","items":{"type":"string"},"description":"List of services to send to this syslog server. Valid values: data-audit, management."},"sources":{"type":"array","items":{"type":"string"},"description":"List of sources to send to this syslog server."},"uri":{"type":"string","description":"Syslog server URI in format PROTOCOL://HOST:PORT (e.g. udp://syslog.example.com:514)."}},"requiredInputs":["name","uri"],"stateInputs":{"description":"Input properties used for looking up and filtering SyslogServer resources.\n","properties":{"name":{"type":"string","description":"The name of the syslog server. Not renameable; changing forces replacement."},"services":{"type":"array","items":{"type":"string"},"description":"List of services to send to this syslog server. Valid values: data-audit, management."},"sources":{"type":"array","items":{"type":"string"},"description":"List of sources to send to this syslog server."},"uri":{"type":"string","description":"Syslog server URI in format PROTOCOL://HOST:PORT (e.g. udp://syslog.example.com:514)."}},"type":"object"}},"mica:index/target:Target":{"properties":{"address":{"type":"string","description":"The hostname or IP address of the target S3 endpoint."},"caCertificateGroup":{"type":"string","description":"The CA certificate group used by the target (read-only, managed by the array)."},"name":{"type":"string","description":"The name of the target. Changing this forces a new resource."},"status":{"type":"string","description":"The connection status of the target (e.g. connected, connecting, error)."},"statusDetails":{"type":"string","description":"Additional details about the connection status."}},"required":["address","caCertificateGroup","name","status","statusDetails"],"inputProperties":{"address":{"type":"string","description":"The hostname or IP address of the target S3 endpoint."},"name":{"type":"string","description":"The name of the target. Changing this forces a new resource."}},"requiredInputs":["address","name"],"stateInputs":{"description":"Input properties used for looking up and filtering Target resources.\n","properties":{"address":{"type":"string","description":"The hostname or IP address of the target S3 endpoint."},"caCertificateGroup":{"type":"string","description":"The CA certificate group used by the target (read-only, managed by the array)."},"name":{"type":"string","description":"The name of the target. Changing this forces a new resource."},"status":{"type":"string","description":"The connection status of the target (e.g. connected, connecting, error)."},"statusDetails":{"type":"string","description":"Additional details about the connection status."}},"type":"object"}},"mica:index/tlsPolicy:TlsPolicy":{"properties":{"applianceCertificate":{"type":"string","description":"The name of the certificate used by the appliance for TLS connections."},"clientCertificatesRequired":{"type":"boolean","description":"When true, clients must present a certificate for mTLS. Defaults to false."},"disabledTlsCiphers":{"type":"array","items":{"type":"string"},"description":"List of TLS cipher suites to disable."},"enabled":{"type":"boolean","description":"Whether the TLS policy is enabled. Defaults to true."},"enabledTlsCiphers":{"type":"array","items":{"type":"string"},"description":"List of explicitly enabled TLS cipher suites."},"isLocal":{"type":"boolean","description":"Whether this TLS policy is local to the array."},"minTlsVersion":{"type":"string","description":"The minimum TLS version required (e.g. TLSv1.2, TLSv1.3)."},"name":{"type":"string","description":"The name of the TLS policy. Changing this forces a new resource."},"policyType":{"type":"string","description":"The type of the TLS policy."},"trustedClientCertificateAuthority":{"type":"string","description":"The name of the certificate authority used to verify client certificates for mTLS."},"verifyClientCertificateTrust":{"type":"boolean","description":"When true, client certificates are verified against the trusted CA."}},"required":["clientCertificatesRequired","disabledTlsCiphers","enabled","enabledTlsCiphers","isLocal","minTlsVersion","name","policyType","trustedClientCertificateAuthority","verifyClientCertificateTrust"],"inputProperties":{"applianceCertificate":{"type":"string","description":"The name of the certificate used by the appliance for TLS connections."},"clientCertificatesRequired":{"type":"boolean","description":"When true, clients must present a certificate for mTLS. Defaults to false."},"disabledTlsCiphers":{"type":"array","items":{"type":"string"},"description":"List of TLS cipher suites to disable."},"enabled":{"type":"boolean","description":"Whether the TLS policy is enabled. Defaults to true."},"enabledTlsCiphers":{"type":"array","items":{"type":"string"},"description":"List of explicitly enabled TLS cipher suites."},"minTlsVersion":{"type":"string","description":"The minimum TLS version required (e.g. TLSv1.2, TLSv1.3)."},"name":{"type":"string","description":"The name of the TLS policy. Changing this forces a new resource."},"trustedClientCertificateAuthority":{"type":"string","description":"The name of the certificate authority used to verify client certificates for mTLS."},"verifyClientCertificateTrust":{"type":"boolean","description":"When true, client certificates are verified against the trusted CA."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering TlsPolicy resources.\n","properties":{"applianceCertificate":{"type":"string","description":"The name of the certificate used by the appliance for TLS connections."},"clientCertificatesRequired":{"type":"boolean","description":"When true, clients must present a certificate for mTLS. Defaults to false."},"disabledTlsCiphers":{"type":"array","items":{"type":"string"},"description":"List of TLS cipher suites to disable."},"enabled":{"type":"boolean","description":"Whether the TLS policy is enabled. Defaults to true."},"enabledTlsCiphers":{"type":"array","items":{"type":"string"},"description":"List of explicitly enabled TLS cipher suites."},"isLocal":{"type":"boolean","description":"Whether this TLS policy is local to the array."},"minTlsVersion":{"type":"string","description":"The minimum TLS version required (e.g. TLSv1.2, TLSv1.3)."},"name":{"type":"string","description":"The name of the TLS policy. Changing this forces a new resource."},"policyType":{"type":"string","description":"The type of the TLS policy."},"trustedClientCertificateAuthority":{"type":"string","description":"The name of the certificate authority used to verify client certificates for mTLS."},"verifyClientCertificateTrust":{"type":"boolean","description":"When true, client certificates are verified against the trusted CA."}},"type":"object"}},"mica:index/tlsPolicyMember:TlsPolicyMember":{"properties":{"memberName":{"type":"string","description":"The name of the network interface to assign. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the TLS policy. Changing this forces a new resource."}},"required":["memberName","policyName"],"inputProperties":{"memberName":{"type":"string","description":"The name of the network interface to assign. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the TLS policy. Changing this forces a new resource."}},"requiredInputs":["memberName","policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering TlsPolicyMember resources.\n","properties":{"memberName":{"type":"string","description":"The name of the network interface to assign. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the TLS policy. Changing this forces a new resource."}},"type":"object"}},"mica:index/workload:Workload":{"properties":{"context":{"$ref":"#/types/mica:index/WorkloadContext:WorkloadContext","description":"The fleet context that owns this workload (read-only, API-managed)."},"created":{"type":"integer","description":"The workload creation time, measured in milliseconds since the UNIX epoch."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true, permanently eradicates the workload on destroy (two-phase: soft-delete then eradicate). When false, only soft-deletes the workload (leaves it in the destroyed queue)."},"destroyed":{"type":"boolean","description":"True if the workload has been soft-deleted and is pending eradication."},"name":{"type":"string","description":"The name of the workload. Changing this forces a new resource."},"parameters":{"type":"array","items":{"$ref":"#/types/mica:index/WorkloadParameter:WorkloadParameter"},"description":"Parameter values to pass to the preset when creating the workload. Changing this forces a new resource."},"presetName":{"type":"string","description":"The name of the preset to deploy this workload from. Changing this forces a new resource."},"status":{"type":"string","description":"The workload status (e.g. creating, ready, destroying, destroyed, eradicating, recovering)."},"statusDetails":{"type":"array","items":{"type":"string"},"description":"Additional information about the workload status."},"timeRemaining":{"type":"integer","description":"Time remaining in milliseconds before the destroyed workload is permanently eradicated."}},"required":["context","created","destroyEradicateOnDelete","destroyed","name","presetName","status","statusDetails","timeRemaining"],"inputProperties":{"destroyEradicateOnDelete":{"type":"boolean","description":"When true, permanently eradicates the workload on destroy (two-phase: soft-delete then eradicate). When false, only soft-deletes the workload (leaves it in the destroyed queue)."},"name":{"type":"string","description":"The name of the workload. Changing this forces a new resource."},"parameters":{"type":"array","items":{"$ref":"#/types/mica:index/WorkloadParameter:WorkloadParameter"},"description":"Parameter values to pass to the preset when creating the workload. Changing this forces a new resource."},"presetName":{"type":"string","description":"The name of the preset to deploy this workload from. Changing this forces a new resource."}},"requiredInputs":["name","presetName"],"stateInputs":{"description":"Input properties used for looking up and filtering Workload resources.\n","properties":{"context":{"$ref":"#/types/mica:index/WorkloadContext:WorkloadContext","description":"The fleet context that owns this workload (read-only, API-managed)."},"created":{"type":"integer","description":"The workload creation time, measured in milliseconds since the UNIX epoch."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true, permanently eradicates the workload on destroy (two-phase: soft-delete then eradicate). When false, only soft-deletes the workload (leaves it in the destroyed queue)."},"destroyed":{"type":"boolean","description":"True if the workload has been soft-deleted and is pending eradication."},"name":{"type":"string","description":"The name of the workload. Changing this forces a new resource."},"parameters":{"type":"array","items":{"$ref":"#/types/mica:index/WorkloadParameter:WorkloadParameter"},"description":"Parameter values to pass to the preset when creating the workload. Changing this forces a new resource."},"presetName":{"type":"string","description":"The name of the preset to deploy this workload from. Changing this forces a new resource."},"status":{"type":"string","description":"The workload status (e.g. creating, ready, destroying, destroyed, eradicating, recovering)."},"statusDetails":{"type":"array","items":{"type":"string"},"description":"Additional information about the workload status."},"timeRemaining":{"type":"integer","description":"Time remaining in milliseconds before the destroyed workload is permanently eradicated."}},"type":"object"}}},"functions":{"mica:index/getArrayConnection:getArrayConnection":{"inputs":{"description":"A collection of arguments for invoking getArrayConnection.\n","properties":{"remoteName":{"type":"string"}},"type":"object","required":["remoteName"]},"outputs":{"description":"A collection of values returned by getArrayConnection.\n","properties":{"caCertificateGroup":{"type":"string"},"encrypted":{"type":"boolean"},"id":{"type":"string"},"managementAddress":{"type":"string"},"os":{"type":"string"},"remoteId":{"type":"string"},"remoteName":{"type":"string"},"replicationAddresses":{"items":{"type":"string"},"type":"array"},"status":{"type":"string"},"type":{"type":"string"},"version":{"type":"string"}},"required":["caCertificateGroup","encrypted","id","managementAddress","os","remoteId","remoteName","replicationAddresses","status","type","version"],"type":"object"}},"mica:index/getArrayDns:getArrayDns":{"inputs":{"description":"A collection of arguments for invoking getArrayDns.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getArrayDns.\n","properties":{"domain":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"nameservers":{"items":{"type":"string"},"type":"array"},"services":{"items":{"type":"string"},"type":"array"},"sources":{"items":{"type":"string"},"type":"array"}},"required":["domain","id","name","nameservers","services","sources"],"type":"object"}},"mica:index/getArrayNtp:getArrayNtp":{"outputs":{"description":"A collection of values returned by getArrayNtp.\n","properties":{"id":{"type":"string"},"ntpServers":{"items":{"type":"string"},"type":"array"}},"required":["id","ntpServers"],"type":"object"}},"mica:index/getArraySmtp:getArraySmtp":{"outputs":{"description":"A collection of values returned by getArraySmtp.\n","properties":{"alertWatchers":{"items":{"$ref":"#/types/mica:index/getArraySmtpAlertWatcher:getArraySmtpAlertWatcher"},"type":"array"},"encryptionMode":{"type":"string"},"id":{"type":"string"},"relayHost":{"type":"string"},"senderDomain":{"type":"string"}},"required":["alertWatchers","encryptionMode","id","relayHost","senderDomain"],"type":"object"}},"mica:index/getAuditObjectStorePolicy:getAuditObjectStorePolicy":{"inputs":{"description":"A collection of arguments for invoking getAuditObjectStorePolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getAuditObjectStorePolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"logTargets":{"items":{"type":"string"},"type":"array"},"name":{"type":"string"},"policyType":{"type":"string"}},"required":["enabled","id","isLocal","logTargets","name","policyType"],"type":"object"}},"mica:index/getBucket:getBucket":{"inputs":{"description":"A collection of arguments for invoking getBucket.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getBucket.\n","properties":{"account":{"type":"string"},"bucketType":{"type":"string"},"created":{"type":"integer"},"destroyed":{"type":"boolean"},"hardLimitEnabled":{"type":"boolean"},"id":{"type":"string"},"name":{"type":"string"},"objectCount":{"type":"integer"},"quotaLimit":{"type":"integer"},"retentionLock":{"type":"string"},"space":{"$ref":"#/types/mica:index/getBucketSpace:getBucketSpace"},"timeRemaining":{"type":"integer"},"versioning":{"type":"string"}},"required":["account","bucketType","created","destroyed","hardLimitEnabled","id","name","objectCount","quotaLimit","retentionLock","space","timeRemaining","versioning"],"type":"object"}},"mica:index/getBucketAccessPolicy:getBucketAccessPolicy":{"inputs":{"description":"A collection of arguments for invoking getBucketAccessPolicy.\n","properties":{"bucketName":{"type":"string"}},"type":"object","required":["bucketName"]},"outputs":{"description":"A collection of values returned by getBucketAccessPolicy.\n","properties":{"bucketName":{"type":"string"},"enabled":{"type":"boolean"},"id":{"type":"string"},"ruleCount":{"type":"integer"}},"required":["bucketName","enabled","id","ruleCount"],"type":"object"}},"mica:index/getBucketAuditFilter:getBucketAuditFilter":{"inputs":{"description":"A collection of arguments for invoking getBucketAuditFilter.\n","properties":{"bucketName":{"type":"string"}},"type":"object","required":["bucketName"]},"outputs":{"description":"A collection of values returned by getBucketAuditFilter.\n","properties":{"actions":{"items":{"type":"string"},"type":"array"},"bucketName":{"type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"s3Prefixes":{"items":{"type":"string"},"type":"array"}},"required":["actions","bucketName","s3Prefixes","id"],"type":"object"}},"mica:index/getBucketReplicaLink:getBucketReplicaLink":{"inputs":{"description":"A collection of arguments for invoking getBucketReplicaLink.\n","properties":{"id":{"type":"string"},"localBucketName":{"type":"string"},"remoteBucketName":{"type":"string"},"remoteCredentialsName":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getBucketReplicaLink.\n","properties":{"cascadingEnabled":{"type":"boolean"},"direction":{"type":"string"},"id":{"type":"string"},"lag":{"type":"integer"},"localBucketName":{"type":"string"},"objectBacklogCount":{"type":"integer"},"objectBacklogTotalSize":{"type":"integer"},"paused":{"type":"boolean"},"recoveryPoint":{"type":"integer"},"remoteBucketName":{"type":"string"},"remoteCredentialsName":{"type":"string"},"remoteName":{"type":"string"},"status":{"type":"string"},"statusDetails":{"type":"string"}},"required":["cascadingEnabled","direction","id","lag","localBucketName","objectBacklogCount","objectBacklogTotalSize","paused","recoveryPoint","remoteBucketName","remoteCredentialsName","remoteName","status","statusDetails"],"type":"object"}},"mica:index/getCertificate:getCertificate":{"inputs":{"description":"A collection of arguments for invoking getCertificate.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getCertificate.\n","properties":{"certificate":{"type":"string"},"certificateType":{"type":"string"},"commonName":{"type":"string"},"country":{"type":"string"},"email":{"type":"string"},"id":{"type":"string"},"intermediateCertificate":{"type":"string"},"issuedBy":{"type":"string"},"issuedTo":{"type":"string"},"keyAlgorithm":{"type":"string"},"keySize":{"type":"integer"},"locality":{"type":"string"},"name":{"type":"string"},"organization":{"type":"string"},"organizationalUnit":{"type":"string"},"state":{"type":"string"},"status":{"type":"string"},"subjectAlternativeNames":{"items":{"type":"string"},"type":"array"},"validFrom":{"type":"integer"},"validTo":{"type":"integer"}},"required":["certificate","certificateType","commonName","country","email","id","intermediateCertificate","issuedBy","issuedTo","keyAlgorithm","keySize","locality","name","organization","organizationalUnit","state","status","subjectAlternativeNames","validFrom","validTo"],"type":"object"}},"mica:index/getCertificateGroup:getCertificateGroup":{"inputs":{"description":"A collection of arguments for invoking getCertificateGroup.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getCertificateGroup.\n","properties":{"id":{"type":"string"},"name":{"type":"string"},"realms":{"items":{"type":"string"},"type":"array"}},"required":["id","name","realms"],"type":"object"}},"mica:index/getDirectoryServiceManagement:getDirectoryServiceManagement":{"outputs":{"description":"A collection of values returned by getDirectoryServiceManagement.\n","properties":{"baseDn":{"type":"string"},"bindUser":{"type":"string"},"caCertificate":{"$ref":"#/types/mica:index/getDirectoryServiceManagementCaCertificate:getDirectoryServiceManagementCaCertificate"},"caCertificateGroup":{"$ref":"#/types/mica:index/getDirectoryServiceManagementCaCertificateGroup:getDirectoryServiceManagementCaCertificateGroup"},"enabled":{"type":"boolean"},"id":{"type":"string"},"services":{"items":{"type":"string"},"type":"array"},"sshPublicKeyAttribute":{"type":"string"},"uris":{"items":{"type":"string"},"type":"array"},"userLoginAttribute":{"type":"string"},"userObjectClass":{"type":"string"}},"required":["baseDn","bindUser","caCertificate","caCertificateGroup","enabled","id","services","sshPublicKeyAttribute","uris","userLoginAttribute","userObjectClass"],"type":"object"}},"mica:index/getDirectoryServiceRole:getDirectoryServiceRole":{"inputs":{"description":"A collection of arguments for invoking getDirectoryServiceRole.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getDirectoryServiceRole.\n","properties":{"group":{"type":"string"},"groupBase":{"type":"string"},"id":{"type":"string"},"managementAccessPolicies":{"items":{"type":"string"},"type":"array"},"name":{"type":"string"},"role":{"$ref":"#/types/mica:index/getDirectoryServiceRoleRole:getDirectoryServiceRoleRole"}},"required":["group","groupBase","id","managementAccessPolicies","name","role"],"type":"object"}},"mica:index/getFileSystem:getFileSystem":{"inputs":{"description":"A collection of arguments for invoking getFileSystem.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getFileSystem.\n","properties":{"created":{"type":"integer"},"defaultQuotas":{"$ref":"#/types/mica:index/getFileSystemDefaultQuotas:getFileSystemDefaultQuotas"},"destroyed":{"type":"boolean"},"http":{"$ref":"#/types/mica:index/getFileSystemHttp:getFileSystemHttp"},"id":{"type":"string"},"multiProtocol":{"$ref":"#/types/mica:index/getFileSystemMultiProtocol:getFileSystemMultiProtocol"},"name":{"type":"string"},"nfs":{"$ref":"#/types/mica:index/getFileSystemNfs:getFileSystemNfs"},"promotionStatus":{"type":"string"},"provisioned":{"type":"integer"},"smb":{"$ref":"#/types/mica:index/getFileSystemSmb:getFileSystemSmb"},"source":{"$ref":"#/types/mica:index/getFileSystemSource:getFileSystemSource"},"space":{"$ref":"#/types/mica:index/getFileSystemSpace:getFileSystemSpace"},"timeRemaining":{"type":"integer"},"writable":{"type":"boolean"}},"required":["created","defaultQuotas","destroyed","http","id","multiProtocol","name","nfs","promotionStatus","provisioned","smb","source","space","timeRemaining","writable"],"type":"object"}},"mica:index/getFileSystemExport:getFileSystemExport":{"inputs":{"description":"A collection of arguments for invoking getFileSystemExport.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getFileSystemExport.\n","properties":{"enabled":{"type":"boolean"},"exportName":{"type":"string"},"fileSystemName":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"policyType":{"type":"string"},"serverName":{"type":"string"},"sharePolicyName":{"type":"string"},"status":{"type":"string"}},"required":["enabled","exportName","fileSystemName","id","name","policyType","serverName","sharePolicyName","status"],"type":"object"}},"mica:index/getLifecycleRule:getLifecycleRule":{"inputs":{"description":"A collection of arguments for invoking getLifecycleRule.\n","properties":{"bucketName":{"type":"string"},"ruleId":{"type":"string"}},"type":"object","required":["bucketName","ruleId"]},"outputs":{"description":"A collection of values returned by getLifecycleRule.\n","properties":{"abortIncompleteMultipartUploadsAfter":{"type":"integer"},"bucketName":{"type":"string"},"cleanupExpiredObjectDeleteMarker":{"type":"boolean"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keepCurrentVersionFor":{"type":"integer"},"keepCurrentVersionUntil":{"type":"integer"},"keepPreviousVersionFor":{"type":"integer"},"prefix":{"type":"string"},"ruleId":{"type":"string"}},"required":["abortIncompleteMultipartUploadsAfter","bucketName","cleanupExpiredObjectDeleteMarker","enabled","id","keepCurrentVersionFor","keepCurrentVersionUntil","keepPreviousVersionFor","prefix","ruleId"],"type":"object"}},"mica:index/getLinkAggregationGroup:getLinkAggregationGroup":{"inputs":{"description":"A collection of arguments for invoking getLinkAggregationGroup.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getLinkAggregationGroup.\n","properties":{"id":{"type":"string"},"lagSpeed":{"type":"integer"},"macAddress":{"type":"string"},"name":{"type":"string"},"portSpeed":{"type":"integer"},"ports":{"items":{"type":"string"},"type":"array"},"status":{"type":"string"}},"required":["id","lagSpeed","macAddress","name","portSpeed","ports","status"],"type":"object"}},"mica:index/getLogTargetObjectStore:getLogTargetObjectStore":{"inputs":{"description":"A collection of arguments for invoking getLogTargetObjectStore.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getLogTargetObjectStore.\n","properties":{"bucketName":{"type":"string"},"id":{"type":"string"},"logNamePrefix":{"type":"string"},"logRotateDuration":{"type":"integer"},"name":{"type":"string"}},"required":["bucketName","id","logNamePrefix","logRotateDuration","name"],"type":"object"}},"mica:index/getNetworkAccessPolicy:getNetworkAccessPolicy":{"inputs":{"description":"A collection of arguments for invoking getNetworkAccessPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getNetworkAccessPolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"},"version":{"type":"string"}},"required":["enabled","id","isLocal","name","policyType","version"],"type":"object"}},"mica:index/getNetworkInterface:getNetworkInterface":{"inputs":{"description":"A collection of arguments for invoking getNetworkInterface.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getNetworkInterface.\n","properties":{"address":{"type":"string"},"attachedServers":{"items":{"type":"string"},"type":"array"},"enabled":{"type":"boolean"},"gateway":{"type":"string"},"id":{"type":"string"},"mtu":{"type":"integer"},"name":{"type":"string"},"netmask":{"type":"string"},"realms":{"items":{"type":"string"},"type":"array"},"services":{"type":"string"},"subnetName":{"type":"string"},"type":{"type":"string"},"vlan":{"type":"integer"}},"required":["address","attachedServers","enabled","gateway","id","mtu","name","netmask","realms","services","subnetName","type","vlan"],"type":"object"}},"mica:index/getNfsExportPolicy:getNfsExportPolicy":{"inputs":{"description":"A collection of arguments for invoking getNfsExportPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getNfsExportPolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"},"version":{"type":"string"}},"required":["enabled","id","isLocal","name","policyType","version"],"type":"object"}},"mica:index/getObjectStoreAccessKey:getObjectStoreAccessKey":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreAccessKey.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getObjectStoreAccessKey.\n","properties":{"accessKeyId":{"type":"string"},"created":{"type":"integer"},"enabled":{"type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"name":{"type":"string"},"objectStoreAccount":{"type":"string"},"secretAccessKey":{"secret":true,"type":"string"}},"required":["accessKeyId","created","enabled","name","objectStoreAccount","secretAccessKey","id"],"type":"object"}},"mica:index/getObjectStoreAccessPolicy:getObjectStoreAccessPolicy":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreAccessPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getObjectStoreAccessPolicy.\n","properties":{"arn":{"type":"string"},"description":{"type":"string"},"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"}},"required":["arn","description","enabled","id","isLocal","name","policyType"],"type":"object"}},"mica:index/getObjectStoreAccount:getObjectStoreAccount":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreAccount.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getObjectStoreAccount.\n","properties":{"created":{"type":"integer"},"hardLimitEnabled":{"type":"boolean"},"id":{"type":"string"},"name":{"type":"string"},"objectCount":{"type":"integer"},"quotaLimit":{"type":"integer"},"space":{"$ref":"#/types/mica:index/getObjectStoreAccountSpace:getObjectStoreAccountSpace"}},"required":["created","hardLimitEnabled","id","name","objectCount","quotaLimit","space"],"type":"object"}},"mica:index/getObjectStoreAccountExport:getObjectStoreAccountExport":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreAccountExport.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getObjectStoreAccountExport.\n","properties":{"accountName":{"type":"string"},"enabled":{"type":"boolean"},"id":{"type":"string"},"name":{"type":"string"},"policyName":{"type":"string"},"serverName":{"type":"string"}},"required":["accountName","enabled","id","name","policyName","serverName"],"type":"object"}},"mica:index/getObjectStoreRemoteCredentials:getObjectStoreRemoteCredentials":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreRemoteCredentials.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getObjectStoreRemoteCredentials.\n","properties":{"accessKeyId":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"remoteName":{"type":"string"}},"required":["accessKeyId","id","name","remoteName"],"type":"object"}},"mica:index/getObjectStoreUser:getObjectStoreUser":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreUser.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getObjectStoreUser.\n","properties":{"fullAccess":{"type":"boolean"},"id":{"type":"string"},"name":{"type":"string"}},"required":["fullAccess","id","name"],"type":"object"}},"mica:index/getObjectStoreVirtualHost:getObjectStoreVirtualHost":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreVirtualHost.\n","properties":{"filter":{"type":"string"},"name":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getObjectStoreVirtualHost.\n","properties":{"attachedServers":{"items":{"type":"string"},"type":"array"},"filter":{"type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"}},"required":["attachedServers","hostname","id"],"type":"object"}},"mica:index/getQosPolicy:getQosPolicy":{"inputs":{"description":"A collection of arguments for invoking getQosPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getQosPolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"maxTotalBytesPerSec":{"type":"integer"},"maxTotalOpsPerSec":{"type":"integer"},"name":{"type":"string"},"policyType":{"type":"string"}},"required":["enabled","id","isLocal","maxTotalBytesPerSec","maxTotalOpsPerSec","name","policyType"],"type":"object"}},"mica:index/getQuotaGroup:getQuotaGroup":{"inputs":{"description":"A collection of arguments for invoking getQuotaGroup.\n","properties":{"fileSystemName":{"type":"string"},"gid":{"type":"string"}},"type":"object","required":["fileSystemName","gid"]},"outputs":{"description":"A collection of values returned by getQuotaGroup.\n","properties":{"fileSystemName":{"type":"string"},"gid":{"type":"string"},"id":{"type":"string"},"quota":{"type":"integer"},"usage":{"type":"integer"}},"required":["fileSystemName","gid","id","quota","usage"],"type":"object"}},"mica:index/getQuotaUser:getQuotaUser":{"inputs":{"description":"A collection of arguments for invoking getQuotaUser.\n","properties":{"fileSystemName":{"type":"string"},"uid":{"type":"string"}},"type":"object","required":["fileSystemName","uid"]},"outputs":{"description":"A collection of values returned by getQuotaUser.\n","properties":{"fileSystemName":{"type":"string"},"id":{"type":"string"},"quota":{"type":"integer"},"uid":{"type":"string"},"usage":{"type":"integer"}},"required":["fileSystemName","id","quota","uid","usage"],"type":"object"}},"mica:index/getResiliencyGroup:getResiliencyGroup":{"inputs":{"description":"A collection of arguments for invoking getResiliencyGroup.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getResiliencyGroup.\n","properties":{"id":{"type":"string"},"name":{"type":"string"},"status":{"type":"string"},"statusDetails":{"type":"string"}},"required":["id","name","status","statusDetails"],"type":"object"}},"mica:index/getResiliencyGroupMember:getResiliencyGroupMember":{"inputs":{"description":"A collection of arguments for invoking getResiliencyGroupMember.\n","properties":{"memberName":{"type":"string"},"resiliencyGroupName":{"type":"string"}},"type":"object","required":["memberName","resiliencyGroupName"]},"outputs":{"description":"A collection of values returned by getResiliencyGroupMember.\n","properties":{"groupId":{"type":"string"},"groupResourceType":{"type":"string"},"id":{"type":"string"},"memberId":{"type":"string"},"memberName":{"type":"string"},"memberResourceType":{"type":"string"},"resiliencyGroupName":{"type":"string"}},"required":["groupId","groupResourceType","id","memberId","memberName","memberResourceType","resiliencyGroupName"],"type":"object"}},"mica:index/getS3ExportPolicy:getS3ExportPolicy":{"inputs":{"description":"A collection of arguments for invoking getS3ExportPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getS3ExportPolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"},"version":{"type":"string"}},"required":["enabled","id","isLocal","name","policyType","version"],"type":"object"}},"mica:index/getServer:getServer":{"inputs":{"description":"A collection of arguments for invoking getServer.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getServer.\n","properties":{"created":{"type":"integer"},"directoryServices":{"items":{"type":"string"},"type":"array"},"dns":{"items":{"type":"string"},"type":"array"},"id":{"type":"string"},"name":{"type":"string"},"networkInterfaces":{"items":{"type":"string"},"type":"array"}},"required":["created","directoryServices","dns","id","name","networkInterfaces"],"type":"object"}},"mica:index/getSmbClientPolicy:getSmbClientPolicy":{"inputs":{"description":"A collection of arguments for invoking getSmbClientPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getSmbClientPolicy.\n","properties":{"accessBasedEnumerationEnabled":{"type":"boolean"},"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"},"version":{"type":"string"}},"required":["accessBasedEnumerationEnabled","enabled","id","isLocal","name","policyType","version"],"type":"object"}},"mica:index/getSmbSharePolicy:getSmbSharePolicy":{"inputs":{"description":"A collection of arguments for invoking getSmbSharePolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getSmbSharePolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"}},"required":["enabled","id","isLocal","name","policyType"],"type":"object"}},"mica:index/getSnapshotPolicy:getSnapshotPolicy":{"inputs":{"description":"A collection of arguments for invoking getSnapshotPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getSnapshotPolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"},"retentionLock":{"type":"string"}},"required":["enabled","id","isLocal","name","policyType","retentionLock"],"type":"object"}},"mica:index/getSubnet:getSubnet":{"inputs":{"description":"A collection of arguments for invoking getSubnet.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getSubnet.\n","properties":{"enabled":{"type":"boolean"},"gateway":{"type":"string"},"id":{"type":"string"},"interfaces":{"items":{"type":"string"},"type":"array"},"lagName":{"type":"string"},"mtu":{"type":"integer"},"name":{"type":"string"},"prefix":{"type":"string"},"services":{"items":{"type":"string"},"type":"array"},"vlan":{"type":"integer"}},"required":["enabled","gateway","id","interfaces","lagName","mtu","name","prefix","services","vlan"],"type":"object"}},"mica:index/getSyslogServer:getSyslogServer":{"inputs":{"description":"A collection of arguments for invoking getSyslogServer.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getSyslogServer.\n","properties":{"id":{"type":"string"},"name":{"type":"string"},"services":{"items":{"type":"string"},"type":"array"},"sources":{"items":{"type":"string"},"type":"array"},"uri":{"type":"string"}},"required":["id","name","services","sources","uri"],"type":"object"}},"mica:index/getTarget:getTarget":{"inputs":{"description":"A collection of arguments for invoking getTarget.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getTarget.\n","properties":{"address":{"type":"string"},"caCertificateGroup":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"status":{"type":"string"},"statusDetails":{"type":"string"}},"required":["address","caCertificateGroup","id","name","status","statusDetails"],"type":"object"}},"mica:index/getTlsPolicy:getTlsPolicy":{"inputs":{"description":"A collection of arguments for invoking getTlsPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getTlsPolicy.\n","properties":{"applianceCertificate":{"type":"string"},"clientCertificatesRequired":{"type":"boolean"},"disabledTlsCiphers":{"items":{"type":"string"},"type":"array"},"enabled":{"type":"boolean"},"enabledTlsCiphers":{"items":{"type":"string"},"type":"array"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"minTlsVersion":{"type":"string"},"name":{"type":"string"},"policyType":{"type":"string"},"trustedClientCertificateAuthority":{"type":"string"},"verifyClientCertificateTrust":{"type":"boolean"}},"required":["applianceCertificate","clientCertificatesRequired","disabledTlsCiphers","enabled","enabledTlsCiphers","id","isLocal","minTlsVersion","name","policyType","trustedClientCertificateAuthority","verifyClientCertificateTrust"],"type":"object"}},"mica:index/getWorkload:getWorkload":{"inputs":{"description":"A collection of arguments for invoking getWorkload.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getWorkload.\n","properties":{"context":{"$ref":"#/types/mica:index/getWorkloadContext:getWorkloadContext"},"created":{"type":"integer"},"destroyed":{"type":"boolean"},"id":{"type":"string"},"name":{"type":"string"},"presetName":{"type":"string"},"status":{"type":"string"},"statusDetails":{"items":{"type":"string"},"type":"array"},"timeRemaining":{"type":"integer"}},"required":["context","created","destroyed","id","name","presetName","status","statusDetails","timeRemaining"],"type":"object"}},"pulumi:providers:mica/terraformConfig":{"description":"This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.","inputs":{"properties":{"__self__":{"type":"ref","$ref":"#/provider"}},"type":"pulumi:providers:mica/terraformConfig","required":["__self__"]},"outputs":{"properties":{"result":{"additionalProperties":{"$ref":"pulumi.json#/Any"},"type":"object"}},"required":["result"],"type":"object"}}}} +{"name":"mica","displayName":"Mica","description":"A Pulumi package for managing Pure Storage FlashBlade resources.","keywords":["pulumi","mica","flashblade","pure-storage","category/infrastructure"],"homepage":"https://github.com/numberly/terraform-provider-mica","license":"GPL-3.0-only","attribution":"This Pulumi package is based on the [`mica` Terraform Provider](https://github.com/terraform-providers/terraform-provider-mica).","repository":"https://github.com/numberly/terraform-provider-mica","pluginDownloadURL":"github://api.github.com/numberly/terraform-provider-mica","publisher":"numberly","meta":{"moduleFormat":"(.*)(?:/[^/]*)"},"language":{"nodejs":{"packageDescription":"A Pulumi package for managing Pure Storage FlashBlade resources.","readme":"> This provider is a derived work of the [Terraform Provider](https://github.com/terraform-providers/terraform-provider-mica)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> please consult the source [`terraform-provider-mica` repo](https://github.com/terraform-providers/terraform-provider-mica/issues).","compatibility":"tfbridge20","disableUnionOutputTypes":true},"python":{"readme":"> This provider is a derived work of the [Terraform Provider](https://github.com/terraform-providers/terraform-provider-mica)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> please consult the source [`terraform-provider-mica` repo](https://github.com/terraform-providers/terraform-provider-mica/issues).","compatibility":"tfbridge20","pyproject":{}}},"config":{"variables":{"auth":{"$ref":"#/types/mica:config/auth:auth","description":"Authentication configuration for the FlashBlade array."},"caCert":{"type":"string","description":"Inline PEM-encoded CA certificate string used for TLS verification."},"caCertFile":{"type":"string","description":"Path to a PEM-encoded CA certificate file used for TLS verification."},"endpoint":{"type":"string","description":"FlashBlade management endpoint URL (e.g. https://flashblade.example.com). Falls back to FLASHBLADE_HOST environment variable."},"insecureSkipVerify":{"type":"boolean","description":"Disable TLS certificate verification. For testing and development only."},"maxRetries":{"type":"integer","description":"Maximum number of retry attempts for transient errors (429, 5xx). Default: 3."}}},"types":{"mica:config/auth:auth":{"properties":{"apiToken":{"type":"string","description":"API token for session-based authentication. Falls back to FLASHBLADE_API_TOKEN environment variable.\n","secret":true},"oauth2":{"$ref":"#/types/mica:config/authOauth2:authOauth2","description":"OAuth2 token-exchange authentication configuration.\n"}},"type":"object"},"mica:config/authOauth2:authOauth2":{"properties":{"clientId":{"type":"string","description":"OAuth2 client ID. Falls back to FLASHBLADE_OAUTH2_CLIENT_ID environment variable.\n","secret":true},"issuer":{"type":"string","description":"OAuth2 issuer. Falls back to FLASHBLADE_OAUTH2_ISSUER environment variable.\n"},"keyId":{"type":"string","description":"OAuth2 key ID. Falls back to FLASHBLADE_OAUTH2_KEY_ID environment variable.\n","secret":true}},"type":"object"},"mica:index/ArrayConnectionThrottle:ArrayConnectionThrottle":{"properties":{"defaultLimit":{"type":"integer","description":"Default bandwidth limit in bytes per second.\n"},"windowEnd":{"type":"string","description":"End time of the throttle window (HH:MM format).\n"},"windowLimit":{"type":"integer","description":"Window bandwidth limit in bytes per second.\n"},"windowStart":{"type":"string","description":"Start time of the throttle window (HH:MM format).\n"}},"type":"object"},"mica:index/ArraySmtpAlertWatcher:ArraySmtpAlertWatcher":{"properties":{"email":{"type":"string","description":"Email address of the alert recipient. This is the unique identifier for the watcher.\n"},"enabled":{"type":"boolean","description":"If true, this watcher receives alert notifications.\n"},"minimumNotificationSeverity":{"type":"string","description":"Minimum alert severity that triggers a notification: 'info', 'warning', 'error', or 'critical'.\n"}},"type":"object","required":["email"],"language":{"nodejs":{"requiredOutputs":["email","enabled","minimumNotificationSeverity"]}}},"mica:index/BucketEradicationConfig:BucketEradicationConfig":{"properties":{"eradicationDelay":{"type":"integer","description":"Eradication delay in milliseconds.\n"},"eradicationMode":{"type":"string","description":"Eradication mode (e.g. 'retention-based', 'permission-based').\n"},"manualEradication":{"type":"string","description":"Manual eradication setting ('enabled' or 'disabled').\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["eradicationDelay","eradicationMode","manualEradication"]}}},"mica:index/BucketObjectLockConfig:BucketObjectLockConfig":{"properties":{"defaultRetention":{"type":"integer","description":"Default retention period in seconds.\n"},"defaultRetentionMode":{"type":"string","description":"Default retention mode ('compliance' or 'governance').\n"},"freezeLockedObjects":{"type":"boolean","description":"Whether to freeze locked objects.\n"},"objectLockEnabled":{"type":"boolean","description":"Whether object lock is enabled.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["defaultRetention","defaultRetentionMode","freezeLockedObjects","objectLockEnabled"]}}},"mica:index/BucketPublicAccessConfig:BucketPublicAccessConfig":{"properties":{"blockNewPublicPolicies":{"type":"boolean","description":"Whether to block new public policies.\n"},"blockPublicAccess":{"type":"boolean","description":"Whether to block public access.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["blockNewPublicPolicies","blockPublicAccess"]}}},"mica:index/BucketSpace:BucketSpace":{"properties":{"dataReduction":{"type":"number","description":"Data reduction ratio.\n"},"snapshots":{"type":"integer","description":"Physical space used by snapshots in bytes.\n"},"snapshotsEffective":{"type":"integer","description":"Effective snapshot space used in bytes.\n"},"totalPhysical":{"type":"integer","description":"Total physical space used in bytes.\n"},"unique":{"type":"integer","description":"Unique physical space used in bytes.\n"},"virtual":{"type":"integer","description":"Virtual (logical) space used in bytes.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["dataReduction","snapshots","snapshotsEffective","totalPhysical","unique","virtual"]}}},"mica:index/DirectoryServiceRoleRole:DirectoryServiceRoleRole":{"properties":{"name":{"type":"string"}},"type":"object","language":{"nodejs":{"requiredOutputs":["name"]}}},"mica:index/FileSystemDefaultQuotas:FileSystemDefaultQuotas":{"properties":{"groupQuota":{"type":"integer","description":"Default quota per group in bytes.\n"},"userQuota":{"type":"integer","description":"Default quota per user in bytes.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["groupQuota","userQuota"]}}},"mica:index/FileSystemExportWorkload:FileSystemExportWorkload":{"properties":{"id":{"type":"string","description":"The workload unique identifier.\n"},"name":{"type":"string","description":"The workload name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/FileSystemHttp:FileSystemHttp":{"properties":{"enabled":{"type":"boolean","description":"Whether HTTP is enabled on this file system.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["enabled"]}}},"mica:index/FileSystemMultiProtocol:FileSystemMultiProtocol":{"properties":{"accessControlStyle":{"type":"string","description":"Access control style for multi-protocol access ('nfs' or 'smb').\n"},"safeguardAcls":{"type":"boolean","description":"Whether to safeguard ACLs during multi-protocol access.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["accessControlStyle","safeguardAcls"]}}},"mica:index/FileSystemNfs:FileSystemNfs":{"properties":{"enabled":{"type":"boolean","description":"Whether NFS is enabled on this file system.\n"},"rules":{"type":"string","description":"NFS export rules string (e.g. '*(rw,no_root_squash)').\n"},"transport":{"type":"string","description":"NFS transport protocol ('tcp' or 'udp').\n"},"v3Enabled":{"type":"boolean","description":"Whether NFSv3 is enabled.\n"},"v41Enabled":{"type":"boolean","description":"Whether NFSv4.1 is enabled.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["enabled","rules","transport","v3Enabled","v41Enabled"]}}},"mica:index/FileSystemSmb:FileSystemSmb":{"properties":{"accessBasedEnumerationEnabled":{"type":"boolean","description":"Whether access-based enumeration is enabled for SMB.\n"},"continuousAvailabilityEnabled":{"type":"boolean","description":"Whether continuous availability is enabled for SMB.\n"},"enabled":{"type":"boolean","description":"Whether SMB is enabled on this file system.\n"},"smbEncryptionEnabled":{"type":"boolean","description":"Whether SMB encryption is enabled.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["accessBasedEnumerationEnabled","continuousAvailabilityEnabled","enabled","smbEncryptionEnabled"]}}},"mica:index/FileSystemSource:FileSystemSource":{"properties":{"id":{"type":"string","description":"Source file system ID.\n"},"name":{"type":"string","description":"Source file system name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/FileSystemSpace:FileSystemSpace":{"properties":{"dataReduction":{"type":"number","description":"Data reduction ratio.\n"},"snapshots":{"type":"integer","description":"Physical space used by snapshots in bytes.\n"},"snapshotsEffective":{"type":"integer","description":"Effective snapshot space used in bytes.\n"},"totalPhysical":{"type":"integer","description":"Total physical space used in bytes.\n"},"unique":{"type":"integer","description":"Unique physical space used in bytes.\n"},"virtual":{"type":"integer","description":"Virtual (logical) space used in bytes.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["dataReduction","snapshots","snapshotsEffective","totalPhysical","unique","virtual"]}}},"mica:index/FileSystemWorkload:FileSystemWorkload":{"properties":{"id":{"type":"string","description":"Workload ID.\n"},"name":{"type":"string","description":"Workload name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/NfsExportPolicyWorkload:NfsExportPolicyWorkload":{"properties":{"id":{"type":"string","description":"The workload unique identifier.\n"},"name":{"type":"string","description":"The workload name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/ObjectStoreAccountSpace:ObjectStoreAccountSpace":{"properties":{"dataReduction":{"type":"number","description":"Data reduction ratio.\n"},"snapshots":{"type":"integer","description":"Physical space used by snapshots in bytes.\n"},"snapshotsEffective":{"type":"integer","description":"Effective snapshot space used in bytes.\n"},"totalPhysical":{"type":"integer","description":"Total physical space used in bytes.\n"},"unique":{"type":"integer","description":"Unique physical space used in bytes.\n"},"virtual":{"type":"integer","description":"Virtual (logical) space used in bytes.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["dataReduction","snapshots","snapshotsEffective","totalPhysical","unique","virtual"]}}},"mica:index/ProviderAuth:ProviderAuth":{"properties":{"apiToken":{"type":"string","description":"API token for session-based authentication. Falls back to FLASHBLADE_API_TOKEN environment variable.\n","secret":true},"oauth2":{"$ref":"#/types/mica:index/ProviderAuthOauth2:ProviderAuthOauth2","description":"OAuth2 token-exchange authentication configuration.\n"}},"type":"object"},"mica:index/ProviderAuthOauth2:ProviderAuthOauth2":{"properties":{"clientId":{"type":"string","description":"OAuth2 client ID. Falls back to FLASHBLADE_OAUTH2_CLIENT_ID environment variable.\n","secret":true},"issuer":{"type":"string","description":"OAuth2 issuer. Falls back to FLASHBLADE_OAUTH2_ISSUER environment variable.\n"},"keyId":{"type":"string","description":"OAuth2 key ID. Falls back to FLASHBLADE_OAUTH2_KEY_ID environment variable.\n","secret":true}},"type":"object"},"mica:index/QosPolicyContext:QosPolicyContext":{"properties":{"id":{"type":"string","description":"The context unique identifier.\n"},"name":{"type":"string","description":"The context name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/SmbClientPolicyWorkload:SmbClientPolicyWorkload":{"properties":{"id":{"type":"string","description":"The workload unique identifier.\n"},"name":{"type":"string","description":"The workload name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/SmbSharePolicyWorkload:SmbSharePolicyWorkload":{"properties":{"id":{"type":"string","description":"The workload unique identifier.\n"},"name":{"type":"string","description":"The workload name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/SnmpManagerV2c:SnmpManagerV2c":{"properties":{"community":{"type":"string","description":"Community string. Write-once: never returned by the API on GET; state preserves the user-supplied value.\n","secret":true}},"type":"object","language":{"nodejs":{"requiredOutputs":["community"]}}},"mica:index/SnmpManagerV3:SnmpManagerV3":{"properties":{"authPassphrase":{"type":"string","description":"Authentication passphrase (max 32 chars). Write-once: never returned by the API on GET; state preserves the user-supplied value.\n","secret":true},"authProtocol":{"type":"string","description":"Authentication protocol: `MD5` or `SHA`.\n"},"privacyPassphrase":{"type":"string","description":"Privacy passphrase (8..63 chars). Write-once: never returned by the API on GET; state preserves the user-supplied value.\n","secret":true},"privacyProtocol":{"type":"string","description":"Privacy protocol: `AES` or `DES`.\n"},"user":{"type":"string","description":"SNMPv3 username.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["authPassphrase","authProtocol","privacyPassphrase","privacyProtocol","user"]}}},"mica:index/WorkloadContext:WorkloadContext":{"properties":{"id":{"type":"string","description":"The context unique identifier.\n"},"name":{"type":"string","description":"The context name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id","name"]}}},"mica:index/WorkloadParameter:WorkloadParameter":{"properties":{"name":{"type":"string","description":"The name of the preset parameter.\n"},"valueBool":{"type":"boolean","description":"Boolean value for this parameter.\n"},"valueInteger":{"type":"integer","description":"Integer value for this parameter.\n"},"valueResourceId":{"type":"string","description":"Resource reference ID for this parameter.\n"},"valueResourceName":{"type":"string","description":"Resource reference name for this parameter.\n"},"valueResourceType":{"type":"string","description":"Resource reference type for this parameter.\n"},"valueString":{"type":"string","description":"String value for this parameter.\n"}},"type":"object","required":["name"]},"mica:index/getArraySmtpAlertWatcher:getArraySmtpAlertWatcher":{"properties":{"email":{"type":"string","description":"Email address of the alert recipient.\n"},"enabled":{"type":"boolean","description":"If true, this watcher receives alert notifications.\n"},"minimumNotificationSeverity":{"type":"string","description":"Minimum alert severity that triggers a notification.\n"}},"type":"object","required":["email","enabled","minimumNotificationSeverity"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getBucketSpace:getBucketSpace":{"properties":{"dataReduction":{"type":"number","description":"Data reduction ratio.\n"},"snapshots":{"type":"integer","description":"Physical space used by snapshots in bytes.\n"},"snapshotsEffective":{"type":"integer","description":"Effective snapshot space used in bytes.\n"},"totalPhysical":{"type":"integer","description":"Total physical space used in bytes.\n"},"unique":{"type":"integer","description":"Unique physical space used in bytes.\n"},"virtual":{"type":"integer","description":"Virtual (logical) space used in bytes.\n"}},"type":"object","required":["dataReduction","snapshots","snapshotsEffective","totalPhysical","unique","virtual"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getDirectoryServiceManagementCaCertificate:getDirectoryServiceManagementCaCertificate":{"properties":{"name":{"type":"string","description":"Name of the referenced object. Null when the reference is not set.\n"}},"type":"object","required":["name"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getDirectoryServiceManagementCaCertificateGroup:getDirectoryServiceManagementCaCertificateGroup":{"properties":{"name":{"type":"string","description":"Name of the referenced object. Null when the reference is not set.\n"}},"type":"object","required":["name"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getDirectoryServiceRoleRole:getDirectoryServiceRoleRole":{"properties":{"name":{"type":"string"}},"type":"object","required":["name"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemDefaultQuotas:getFileSystemDefaultQuotas":{"properties":{"groupQuota":{"type":"integer","description":"Default quota per group in bytes.\n"},"userQuota":{"type":"integer","description":"Default quota per user in bytes.\n"}},"type":"object","required":["groupQuota","userQuota"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemHttp:getFileSystemHttp":{"properties":{"enabled":{"type":"boolean","description":"Whether HTTP is enabled on this file system.\n"}},"type":"object","required":["enabled"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemMultiProtocol:getFileSystemMultiProtocol":{"properties":{"accessControlStyle":{"type":"string","description":"Access control style for multi-protocol access.\n"},"safeguardAcls":{"type":"boolean","description":"Whether ACLs are safeguarded during multi-protocol access.\n"}},"type":"object","required":["accessControlStyle","safeguardAcls"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemNfs:getFileSystemNfs":{"properties":{"enabled":{"type":"boolean","description":"Whether NFS is enabled on this file system.\n"},"rules":{"type":"string","description":"NFS export rules string.\n"},"transport":{"type":"string","description":"NFS transport protocol.\n"},"v3Enabled":{"type":"boolean","description":"Whether NFSv3 is enabled.\n"},"v41Enabled":{"type":"boolean","description":"Whether NFSv4.1 is enabled.\n"}},"type":"object","required":["enabled","rules","transport","v3Enabled","v41Enabled"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemSmb:getFileSystemSmb":{"properties":{"accessBasedEnumerationEnabled":{"type":"boolean","description":"Whether access-based enumeration is enabled for SMB.\n"},"continuousAvailabilityEnabled":{"type":"boolean","description":"Whether continuous availability is enabled for SMB.\n"},"enabled":{"type":"boolean","description":"Whether SMB is enabled on this file system.\n"},"smbEncryptionEnabled":{"type":"boolean","description":"Whether SMB encryption is enabled.\n"}},"type":"object","required":["accessBasedEnumerationEnabled","continuousAvailabilityEnabled","enabled","smbEncryptionEnabled"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemSource:getFileSystemSource":{"properties":{"id":{"type":"string","description":"Source file system ID.\n"},"name":{"type":"string","description":"Source file system name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getFileSystemSpace:getFileSystemSpace":{"properties":{"dataReduction":{"type":"number","description":"Data reduction ratio.\n"},"snapshots":{"type":"integer","description":"Physical space used by snapshots in bytes.\n"},"snapshotsEffective":{"type":"integer","description":"Effective snapshot space used in bytes.\n"},"totalPhysical":{"type":"integer","description":"Total physical space used in bytes.\n"},"unique":{"type":"integer","description":"Unique physical space used in bytes.\n"},"virtual":{"type":"integer","description":"Virtual (logical) space used in bytes.\n"}},"type":"object","required":["dataReduction","snapshots","snapshotsEffective","totalPhysical","unique","virtual"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getObjectStoreAccountSpace:getObjectStoreAccountSpace":{"properties":{"dataReduction":{"type":"number","description":"Data reduction ratio.\n"},"snapshots":{"type":"integer","description":"Physical space used by snapshots in bytes.\n"},"snapshotsEffective":{"type":"integer","description":"Effective snapshot space used in bytes.\n"},"totalPhysical":{"type":"integer","description":"Total physical space used in bytes.\n"},"unique":{"type":"integer","description":"Unique physical space used in bytes.\n"},"virtual":{"type":"integer","description":"Virtual (logical) space used in bytes.\n"}},"type":"object","required":["dataReduction","snapshots","snapshotsEffective","totalPhysical","unique","virtual"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getSnmpManagerV2c:getSnmpManagerV2c":{"properties":{"community":{"type":"string","description":"Community string. Always null on read (never returned by the API).\n","secret":true}},"type":"object","required":["community"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getSnmpManagerV3:getSnmpManagerV3":{"properties":{"authPassphrase":{"type":"string","description":"Authentication passphrase. Always null on read (never returned by the API).\n","secret":true},"authProtocol":{"type":"string","description":"Authentication protocol (MD5 or SHA).\n"},"privacyPassphrase":{"type":"string","description":"Privacy passphrase. Always null on read (never returned by the API).\n","secret":true},"privacyProtocol":{"type":"string","description":"Privacy protocol (AES or DES).\n"},"user":{"type":"string","description":"SNMPv3 username.\n"}},"type":"object","required":["authPassphrase","authProtocol","privacyPassphrase","privacyProtocol","user"],"language":{"nodejs":{"requiredInputs":[]}}},"mica:index/getWorkloadContext:getWorkloadContext":{"properties":{"id":{"type":"string","description":"The context unique identifier.\n"},"name":{"type":"string","description":"The context name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}}},"provider":{"description":"The provider type for the mica package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n","properties":{"auth":{"$ref":"#/types/mica:index/ProviderAuth:ProviderAuth","description":"Authentication configuration for the FlashBlade array."},"caCert":{"type":"string","description":"Inline PEM-encoded CA certificate string used for TLS verification."},"caCertFile":{"type":"string","description":"Path to a PEM-encoded CA certificate file used for TLS verification."},"endpoint":{"type":"string","description":"FlashBlade management endpoint URL (e.g. https://flashblade.example.com). Falls back to FLASHBLADE_HOST environment variable."},"insecureSkipVerify":{"type":"boolean","description":"Disable TLS certificate verification. For testing and development only."},"maxRetries":{"type":"integer","description":"Maximum number of retry attempts for transient errors (429, 5xx). Default: 3."}},"inputProperties":{"auth":{"$ref":"#/types/mica:index/ProviderAuth:ProviderAuth","description":"Authentication configuration for the FlashBlade array."},"caCert":{"type":"string","description":"Inline PEM-encoded CA certificate string used for TLS verification."},"caCertFile":{"type":"string","description":"Path to a PEM-encoded CA certificate file used for TLS verification."},"endpoint":{"type":"string","description":"FlashBlade management endpoint URL (e.g. https://flashblade.example.com). Falls back to FLASHBLADE_HOST environment variable."},"insecureSkipVerify":{"type":"boolean","description":"Disable TLS certificate verification. For testing and development only."},"maxRetries":{"type":"integer","description":"Maximum number of retry attempts for transient errors (429, 5xx). Default: 3."}},"methods":{"terraformConfig":"pulumi:providers:mica/terraformConfig"}},"resources":{"mica:index/arrayConnection:ArrayConnection":{"properties":{"connectionKey":{"type":"string","description":"Connection key of the remote array. Required when creating a new connection. Write-only: not returned by GET. Changing this forces a new resource.","secret":true},"encrypted":{"type":"boolean","description":"Whether data is encrypted in transit."},"managementAddress":{"type":"string","description":"Management IP or hostname of the remote array. Required when creating a new connection, computed for imported/passive-side connections."},"os":{"type":"string","description":"Operating system of the remote array."},"remoteName":{"type":"string","description":"The name of the remote array. Used as the import identifier. Changing this forces a new resource."},"replicationAddresses":{"type":"array","items":{"type":"string"},"description":"Replication IP addresses or FQDNs."},"status":{"type":"string","description":"Connection status (connected, connecting, etc.)."},"throttle":{"$ref":"#/types/mica:index/ArrayConnectionThrottle:ArrayConnectionThrottle","description":"Bandwidth throttle configuration for the array connection."},"type":{"type":"string","description":"Connection type (async-replication, etc.)."},"version":{"type":"string","description":"Version of the remote array."}},"required":["encrypted","managementAddress","os","remoteName","replicationAddresses","status","throttle","type","version"],"inputProperties":{"connectionKey":{"type":"string","description":"Connection key of the remote array. Required when creating a new connection. Write-only: not returned by GET. Changing this forces a new resource.","secret":true},"encrypted":{"type":"boolean","description":"Whether data is encrypted in transit."},"managementAddress":{"type":"string","description":"Management IP or hostname of the remote array. Required when creating a new connection, computed for imported/passive-side connections."},"remoteName":{"type":"string","description":"The name of the remote array. Used as the import identifier. Changing this forces a new resource."},"replicationAddresses":{"type":"array","items":{"type":"string"},"description":"Replication IP addresses or FQDNs."},"throttle":{"$ref":"#/types/mica:index/ArrayConnectionThrottle:ArrayConnectionThrottle","description":"Bandwidth throttle configuration for the array connection."}},"requiredInputs":["remoteName"],"stateInputs":{"description":"Input properties used for looking up and filtering ArrayConnection resources.\n","properties":{"connectionKey":{"type":"string","description":"Connection key of the remote array. Required when creating a new connection. Write-only: not returned by GET. Changing this forces a new resource.","secret":true},"encrypted":{"type":"boolean","description":"Whether data is encrypted in transit."},"managementAddress":{"type":"string","description":"Management IP or hostname of the remote array. Required when creating a new connection, computed for imported/passive-side connections."},"os":{"type":"string","description":"Operating system of the remote array."},"remoteName":{"type":"string","description":"The name of the remote array. Used as the import identifier. Changing this forces a new resource."},"replicationAddresses":{"type":"array","items":{"type":"string"},"description":"Replication IP addresses or FQDNs."},"status":{"type":"string","description":"Connection status (connected, connecting, etc.)."},"throttle":{"$ref":"#/types/mica:index/ArrayConnectionThrottle:ArrayConnectionThrottle","description":"Bandwidth throttle configuration for the array connection."},"type":{"type":"string","description":"Connection type (async-replication, etc.)."},"version":{"type":"string","description":"Version of the remote array."}},"type":"object"}},"mica:index/arrayConnectionKey:ArrayConnectionKey":{"properties":{"connectionKey":{"type":"string","description":"The generated connection key. Used by the remote array to establish a connection.","secret":true},"created":{"type":"integer","description":"Unix timestamp (ms) when the key was created."},"expires":{"type":"integer","description":"Unix timestamp (ms) when the key expires."}},"required":["connectionKey","created","expires"],"stateInputs":{"description":"Input properties used for looking up and filtering ArrayConnectionKey resources.\n","properties":{"connectionKey":{"type":"string","description":"The generated connection key. Used by the remote array to establish a connection.","secret":true},"created":{"type":"integer","description":"Unix timestamp (ms) when the key was created."},"expires":{"type":"integer","description":"Unix timestamp (ms) when the key expires."}},"type":"object"}},"mica:index/arrayDns:ArrayDns":{"properties":{"domain":{"type":"string","description":"The domain suffix appended by the array to unqualified hostnames."},"name":{"type":"string","description":"The name of the DNS configuration. Changing this forces a new resource."},"nameservers":{"type":"array","items":{"type":"string"},"description":"List of DNS server IP addresses."},"services":{"type":"array","items":{"type":"string"},"description":"Services that use this DNS configuration."},"sources":{"type":"array","items":{"type":"string"},"description":"Network interfaces used for DNS traffic."}},"required":["domain","name","nameservers","services","sources"],"inputProperties":{"domain":{"type":"string","description":"The domain suffix appended by the array to unqualified hostnames."},"name":{"type":"string","description":"The name of the DNS configuration. Changing this forces a new resource."},"nameservers":{"type":"array","items":{"type":"string"},"description":"List of DNS server IP addresses."},"services":{"type":"array","items":{"type":"string"},"description":"Services that use this DNS configuration."},"sources":{"type":"array","items":{"type":"string"},"description":"Network interfaces used for DNS traffic."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering ArrayDns resources.\n","properties":{"domain":{"type":"string","description":"The domain suffix appended by the array to unqualified hostnames."},"name":{"type":"string","description":"The name of the DNS configuration. Changing this forces a new resource."},"nameservers":{"type":"array","items":{"type":"string"},"description":"List of DNS server IP addresses."},"services":{"type":"array","items":{"type":"string"},"description":"Services that use this DNS configuration."},"sources":{"type":"array","items":{"type":"string"},"description":"Network interfaces used for DNS traffic."}},"type":"object"}},"mica:index/arrayNtp:ArrayNtp":{"properties":{"ntpServers":{"type":"array","items":{"type":"string"},"description":"List of NTP server hostnames or IP addresses."}},"required":["ntpServers"],"inputProperties":{"ntpServers":{"type":"array","items":{"type":"string"},"description":"List of NTP server hostnames or IP addresses."}},"requiredInputs":["ntpServers"],"stateInputs":{"description":"Input properties used for looking up and filtering ArrayNtp resources.\n","properties":{"ntpServers":{"type":"array","items":{"type":"string"},"description":"List of NTP server hostnames or IP addresses."}},"type":"object"}},"mica:index/arraySmtp:ArraySmtp":{"properties":{"alertWatchers":{"type":"array","items":{"$ref":"#/types/mica:index/ArraySmtpAlertWatcher:ArraySmtpAlertWatcher"},"description":"Set of alert watcher email recipients."},"encryptionMode":{"type":"string","description":"SMTP encryption mode: 'none', 'tls', or 'starttls'."},"relayHost":{"type":"string","description":"Hostname or IP address of the SMTP relay server."},"senderDomain":{"type":"string","description":"Domain appended to the sender email address."}},"required":["alertWatchers","encryptionMode","relayHost","senderDomain"],"inputProperties":{"alertWatchers":{"type":"array","items":{"$ref":"#/types/mica:index/ArraySmtpAlertWatcher:ArraySmtpAlertWatcher"},"description":"Set of alert watcher email recipients."},"encryptionMode":{"type":"string","description":"SMTP encryption mode: 'none', 'tls', or 'starttls'."},"relayHost":{"type":"string","description":"Hostname or IP address of the SMTP relay server."},"senderDomain":{"type":"string","description":"Domain appended to the sender email address."}},"stateInputs":{"description":"Input properties used for looking up and filtering ArraySmtp resources.\n","properties":{"alertWatchers":{"type":"array","items":{"$ref":"#/types/mica:index/ArraySmtpAlertWatcher:ArraySmtpAlertWatcher"},"description":"Set of alert watcher email recipients."},"encryptionMode":{"type":"string","description":"SMTP encryption mode: 'none', 'tls', or 'starttls'."},"relayHost":{"type":"string","description":"Hostname or IP address of the SMTP relay server."},"senderDomain":{"type":"string","description":"Domain appended to the sender email address."}},"type":"object"}},"mica:index/auditObjectStorePolicy:AuditObjectStorePolicy":{"properties":{"enabled":{"type":"boolean","description":"Whether the audit object store policy is enabled."},"isLocal":{"type":"boolean","description":"Whether the policy is defined on the local array (read-only)."},"logTargets":{"type":"array","items":{"type":"string"},"description":"List of log target names to receive audit events from this policy."},"name":{"type":"string","description":"The name of the audit object store policy. Not renameable; changing forces replacement."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'audit'). Read-only, set by the array."}},"required":["enabled","isLocal","logTargets","name","policyType"],"inputProperties":{"enabled":{"type":"boolean","description":"Whether the audit object store policy is enabled."},"logTargets":{"type":"array","items":{"type":"string"},"description":"List of log target names to receive audit events from this policy."},"name":{"type":"string","description":"The name of the audit object store policy. Not renameable; changing forces replacement."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering AuditObjectStorePolicy resources.\n","properties":{"enabled":{"type":"boolean","description":"Whether the audit object store policy is enabled."},"isLocal":{"type":"boolean","description":"Whether the policy is defined on the local array (read-only)."},"logTargets":{"type":"array","items":{"type":"string"},"description":"List of log target names to receive audit events from this policy."},"name":{"type":"string","description":"The name of the audit object store policy. Not renameable; changing forces replacement."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'audit'). Read-only, set by the array."}},"type":"object"}},"mica:index/auditObjectStorePolicyMember:AuditObjectStorePolicyMember":{"properties":{"memberName":{"type":"string","description":"The name of the bucket to assign to the policy. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the audit object store policy. Changing this forces a new resource."}},"required":["memberName","policyName"],"inputProperties":{"memberName":{"type":"string","description":"The name of the bucket to assign to the policy. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the audit object store policy. Changing this forces a new resource."}},"requiredInputs":["memberName","policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering AuditObjectStorePolicyMember resources.\n","properties":{"memberName":{"type":"string","description":"The name of the bucket to assign to the policy. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the audit object store policy. Changing this forces a new resource."}},"type":"object"}},"mica:index/bucket:Bucket":{"properties":{"account":{"type":"string","description":"The name of the object store account that owns this bucket. Changing this forces a new resource."},"bucketType":{"type":"string","description":"The bucket type (e.g. 'multi-site-writable')."},"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the bucket was created."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true, Terraform will eradicate the bucket on destroy. When false (default), only soft-deletes. Buckets hold production data — eradication is opt-in."},"destroyed":{"type":"boolean","description":"Whether the bucket is soft-deleted."},"eradicationConfig":{"$ref":"#/types/mica:index/BucketEradicationConfig:BucketEradicationConfig","description":"Eradication configuration for the bucket."},"hardLimitEnabled":{"type":"boolean","description":"If true, the bucket's size cannot exceed the quota limit."},"name":{"type":"string","description":"The name of the bucket. Changing this forces a new resource (S3 clients hardcode bucket names)."},"objectCount":{"type":"integer","description":"The count of objects in the bucket."},"objectLockConfig":{"$ref":"#/types/mica:index/BucketObjectLockConfig:BucketObjectLockConfig","description":"S3 object lock configuration for the bucket."},"publicAccessConfig":{"$ref":"#/types/mica:index/BucketPublicAccessConfig:BucketPublicAccessConfig","description":"Public access configuration for the bucket."},"publicStatus":{"type":"string","description":"Bucket's public access status."},"quotaLimit":{"type":"integer","description":"The effective quota limit applied against the size of the bucket, in bytes."},"retentionLock":{"type":"string","description":"The retention lock mode for the bucket."},"space":{"$ref":"#/types/mica:index/BucketSpace:BucketSpace","description":"Storage space breakdown (read-only, API-managed)."},"timeRemaining":{"type":"integer","description":"Milliseconds remaining until auto-eradication of a soft-deleted bucket."},"versioning":{"type":"string","description":"The bucket versioning state ('none', 'enabled', or 'suspended')."}},"required":["account","bucketType","created","destroyEradicateOnDelete","destroyed","eradicationConfig","hardLimitEnabled","name","objectCount","objectLockConfig","publicAccessConfig","publicStatus","quotaLimit","retentionLock","space","timeRemaining","versioning"],"inputProperties":{"account":{"type":"string","description":"The name of the object store account that owns this bucket. Changing this forces a new resource."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true, Terraform will eradicate the bucket on destroy. When false (default), only soft-deletes. Buckets hold production data — eradication is opt-in."},"eradicationConfig":{"$ref":"#/types/mica:index/BucketEradicationConfig:BucketEradicationConfig","description":"Eradication configuration for the bucket."},"hardLimitEnabled":{"type":"boolean","description":"If true, the bucket's size cannot exceed the quota limit."},"name":{"type":"string","description":"The name of the bucket. Changing this forces a new resource (S3 clients hardcode bucket names)."},"objectLockConfig":{"$ref":"#/types/mica:index/BucketObjectLockConfig:BucketObjectLockConfig","description":"S3 object lock configuration for the bucket."},"publicAccessConfig":{"$ref":"#/types/mica:index/BucketPublicAccessConfig:BucketPublicAccessConfig","description":"Public access configuration for the bucket."},"quotaLimit":{"type":"integer","description":"The effective quota limit applied against the size of the bucket, in bytes."},"retentionLock":{"type":"string","description":"The retention lock mode for the bucket."},"versioning":{"type":"string","description":"The bucket versioning state ('none', 'enabled', or 'suspended')."}},"requiredInputs":["account","name"],"stateInputs":{"description":"Input properties used for looking up and filtering Bucket resources.\n","properties":{"account":{"type":"string","description":"The name of the object store account that owns this bucket. Changing this forces a new resource."},"bucketType":{"type":"string","description":"The bucket type (e.g. 'multi-site-writable')."},"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the bucket was created."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true, Terraform will eradicate the bucket on destroy. When false (default), only soft-deletes. Buckets hold production data — eradication is opt-in."},"destroyed":{"type":"boolean","description":"Whether the bucket is soft-deleted."},"eradicationConfig":{"$ref":"#/types/mica:index/BucketEradicationConfig:BucketEradicationConfig","description":"Eradication configuration for the bucket."},"hardLimitEnabled":{"type":"boolean","description":"If true, the bucket's size cannot exceed the quota limit."},"name":{"type":"string","description":"The name of the bucket. Changing this forces a new resource (S3 clients hardcode bucket names)."},"objectCount":{"type":"integer","description":"The count of objects in the bucket."},"objectLockConfig":{"$ref":"#/types/mica:index/BucketObjectLockConfig:BucketObjectLockConfig","description":"S3 object lock configuration for the bucket."},"publicAccessConfig":{"$ref":"#/types/mica:index/BucketPublicAccessConfig:BucketPublicAccessConfig","description":"Public access configuration for the bucket."},"publicStatus":{"type":"string","description":"Bucket's public access status."},"quotaLimit":{"type":"integer","description":"The effective quota limit applied against the size of the bucket, in bytes."},"retentionLock":{"type":"string","description":"The retention lock mode for the bucket."},"space":{"$ref":"#/types/mica:index/BucketSpace:BucketSpace","description":"Storage space breakdown (read-only, API-managed)."},"timeRemaining":{"type":"integer","description":"Milliseconds remaining until auto-eradication of a soft-deleted bucket."},"versioning":{"type":"string","description":"The bucket versioning state ('none', 'enabled', or 'suspended')."}},"type":"object"}},"mica:index/bucketAccessPolicy:BucketAccessPolicy":{"properties":{"bucketName":{"type":"string","description":"The name of the bucket this policy belongs to. Changing this forces a new resource."},"enabled":{"type":"boolean","description":"Whether the bucket access policy is enabled. Read-only, managed by the array."}},"required":["bucketName","enabled"],"inputProperties":{"bucketName":{"type":"string","description":"The name of the bucket this policy belongs to. Changing this forces a new resource."}},"requiredInputs":["bucketName"],"stateInputs":{"description":"Input properties used for looking up and filtering BucketAccessPolicy resources.\n","properties":{"bucketName":{"type":"string","description":"The name of the bucket this policy belongs to. Changing this forces a new resource."},"enabled":{"type":"boolean","description":"Whether the bucket access policy is enabled. Read-only, managed by the array."}},"type":"object"}},"mica:index/bucketAccessPolicyRule:BucketAccessPolicyRule":{"properties":{"actions":{"type":"array","items":{"type":"string"},"description":"List of S3 actions this rule applies to (e.g. s3:GetObject)."},"bucketName":{"type":"string","description":"The name of the bucket this rule belongs to. Changing this forces a new resource."},"effect":{"type":"string","description":"The effect of the rule. Always 'allow' — set by the API."},"name":{"type":"string","description":"The rule name. When provided, the rule is created with this name. When omitted, the API assigns one automatically."},"principals":{"type":"array","items":{"type":"string"},"description":"List of principals this rule applies to (mapped to principals.all in the API). Note: the accepted format depends on the FlashBlade firmware version — consult your array documentation for valid principal values."},"resources":{"type":"array","items":{"type":"string"},"description":"List of S3 resource ARNs this rule applies to."}},"required":["actions","bucketName","effect","name","principals","resources"],"inputProperties":{"actions":{"type":"array","items":{"type":"string"},"description":"List of S3 actions this rule applies to (e.g. s3:GetObject)."},"bucketName":{"type":"string","description":"The name of the bucket this rule belongs to. Changing this forces a new resource."},"name":{"type":"string","description":"The rule name. When provided, the rule is created with this name. When omitted, the API assigns one automatically."},"principals":{"type":"array","items":{"type":"string"},"description":"List of principals this rule applies to (mapped to principals.all in the API). Note: the accepted format depends on the FlashBlade firmware version — consult your array documentation for valid principal values."},"resources":{"type":"array","items":{"type":"string"},"description":"List of S3 resource ARNs this rule applies to."}},"requiredInputs":["actions","bucketName","principals","resources"],"stateInputs":{"description":"Input properties used for looking up and filtering BucketAccessPolicyRule resources.\n","properties":{"actions":{"type":"array","items":{"type":"string"},"description":"List of S3 actions this rule applies to (e.g. s3:GetObject)."},"bucketName":{"type":"string","description":"The name of the bucket this rule belongs to. Changing this forces a new resource."},"effect":{"type":"string","description":"The effect of the rule. Always 'allow' — set by the API."},"name":{"type":"string","description":"The rule name. When provided, the rule is created with this name. When omitted, the API assigns one automatically."},"principals":{"type":"array","items":{"type":"string"},"description":"List of principals this rule applies to (mapped to principals.all in the API). Note: the accepted format depends on the FlashBlade firmware version — consult your array documentation for valid principal values."},"resources":{"type":"array","items":{"type":"string"},"description":"List of S3 resource ARNs this rule applies to."}},"type":"object"}},"mica:index/bucketAuditFilter:BucketAuditFilter":{"properties":{"actions":{"type":"array","items":{"type":"string"},"description":"Set of S3 actions to audit (e.g. s3:GetObject, s3:PutObject). Order-independent."},"bucketName":{"type":"string","description":"The name of the bucket this audit filter belongs to. Changing this forces a new resource."},"name":{"type":"string","description":"The name of the audit filter (1-63 alphanumeric characters, must start/end with letter or number)."},"s3Prefixes":{"type":"array","items":{"type":"string"},"description":"Set of S3 object key prefixes to filter audit events. Defaults to empty set (all prefixes)."}},"required":["actions","bucketName","name","s3Prefixes"],"inputProperties":{"actions":{"type":"array","items":{"type":"string"},"description":"Set of S3 actions to audit (e.g. s3:GetObject, s3:PutObject). Order-independent."},"bucketName":{"type":"string","description":"The name of the bucket this audit filter belongs to. Changing this forces a new resource."},"name":{"type":"string","description":"The name of the audit filter (1-63 alphanumeric characters, must start/end with letter or number)."},"s3Prefixes":{"type":"array","items":{"type":"string"},"description":"Set of S3 object key prefixes to filter audit events. Defaults to empty set (all prefixes)."}},"requiredInputs":["actions","bucketName","name"],"stateInputs":{"description":"Input properties used for looking up and filtering BucketAuditFilter resources.\n","properties":{"actions":{"type":"array","items":{"type":"string"},"description":"Set of S3 actions to audit (e.g. s3:GetObject, s3:PutObject). Order-independent."},"bucketName":{"type":"string","description":"The name of the bucket this audit filter belongs to. Changing this forces a new resource."},"name":{"type":"string","description":"The name of the audit filter (1-63 alphanumeric characters, must start/end with letter or number)."},"s3Prefixes":{"type":"array","items":{"type":"string"},"description":"Set of S3 object key prefixes to filter audit events. Defaults to empty set (all prefixes)."}},"type":"object"}},"mica:index/bucketReplicaLink:BucketReplicaLink":{"properties":{"cascadingEnabled":{"type":"boolean","description":"Whether cascading replication is enabled. Immutable after creation. Defaults to false."},"direction":{"type":"string","description":"The replication direction (e.g. 'outbound')."},"localBucketName":{"type":"string","description":"The name of the local bucket. Changing this forces a new resource."},"paused":{"type":"boolean","description":"Whether the replica link is paused. Defaults to false."},"remoteBucketName":{"type":"string","description":"The name of the remote bucket. Changing this forces a new resource."},"remoteCredentialsName":{"type":"string","description":"The name of the remote credentials (for S3 replication targets). Omit for FlashBlade-to-FlashBlade replication."},"remoteName":{"type":"string","description":"The name of the remote array connection."},"status":{"type":"string","description":"The replication status (e.g. 'replicating')."},"statusDetails":{"type":"string","description":"Additional status details."}},"required":["cascadingEnabled","direction","localBucketName","paused","remoteBucketName","remoteName","status","statusDetails"],"inputProperties":{"cascadingEnabled":{"type":"boolean","description":"Whether cascading replication is enabled. Immutable after creation. Defaults to false."},"localBucketName":{"type":"string","description":"The name of the local bucket. Changing this forces a new resource."},"paused":{"type":"boolean","description":"Whether the replica link is paused. Defaults to false."},"remoteBucketName":{"type":"string","description":"The name of the remote bucket. Changing this forces a new resource."},"remoteCredentialsName":{"type":"string","description":"The name of the remote credentials (for S3 replication targets). Omit for FlashBlade-to-FlashBlade replication."}},"requiredInputs":["localBucketName","remoteBucketName"],"stateInputs":{"description":"Input properties used for looking up and filtering BucketReplicaLink resources.\n","properties":{"cascadingEnabled":{"type":"boolean","description":"Whether cascading replication is enabled. Immutable after creation. Defaults to false."},"direction":{"type":"string","description":"The replication direction (e.g. 'outbound')."},"localBucketName":{"type":"string","description":"The name of the local bucket. Changing this forces a new resource."},"paused":{"type":"boolean","description":"Whether the replica link is paused. Defaults to false."},"remoteBucketName":{"type":"string","description":"The name of the remote bucket. Changing this forces a new resource."},"remoteCredentialsName":{"type":"string","description":"The name of the remote credentials (for S3 replication targets). Omit for FlashBlade-to-FlashBlade replication."},"remoteName":{"type":"string","description":"The name of the remote array connection."},"status":{"type":"string","description":"The replication status (e.g. 'replicating')."},"statusDetails":{"type":"string","description":"Additional status details."}},"type":"object"}},"mica:index/certificate:Certificate":{"properties":{"certificate":{"type":"string","description":"The PEM-encoded X.509 certificate body."},"certificateType":{"type":"string","description":"The certificate type. Valid values: 'array' (FlashBlade identity, requires private_key) or 'external' (trusted external server such as AD). When unset, the provider infers 'array' if privateKey is provided; otherwise the API defaults to 'external'. Immutable after creation."},"commonName":{"type":"string","description":"The common name (CN) extracted from the certificate."},"country":{"type":"string","description":"The country (C) field extracted from the certificate."},"email":{"type":"string","description":"The email address extracted from the certificate."},"intermediateCertificate":{"type":"string","description":"The PEM-encoded intermediate certificate chain."},"issuedBy":{"type":"string","description":"The issuer of the certificate. Changes when the certificate is renewed."},"issuedTo":{"type":"string","description":"The subject of the certificate. Changes when the certificate is renewed."},"keyAlgorithm":{"type":"string","description":"The key algorithm (e.g. RSA, EC). Changes when the certificate is renewed."},"keySize":{"type":"integer","description":"The key size in bits. Changes when the certificate is renewed."},"locality":{"type":"string","description":"The locality (L) field extracted from the certificate."},"name":{"type":"string","description":"The name of the certificate. Changing this forces a new resource."},"organization":{"type":"string","description":"The organization (O) field extracted from the certificate."},"organizationalUnit":{"type":"string","description":"The organizational unit (OU) field extracted from the certificate."},"passphrase":{"type":"string","description":"The passphrase protecting the private key. Not returned by the API after creation.","secret":true},"privateKey":{"type":"string","description":"The PEM-encoded private key. Not returned by the API after creation.","secret":true},"state":{"type":"string","description":"The state/province (ST) field extracted from the certificate."},"status":{"type":"string","description":"The certificate status (e.g. imported, self-signed). Changes when the certificate is renewed."},"subjectAlternativeNames":{"type":"array","items":{"type":"string"},"description":"The subject alternative names (SANs) extracted from the certificate."},"validFrom":{"type":"integer","description":"The Unix timestamp (milliseconds) from which the certificate is valid. Changes when renewed."},"validTo":{"type":"integer","description":"The Unix timestamp (milliseconds) until which the certificate is valid. Changes when renewed."}},"required":["certificate","certificateType","commonName","country","email","issuedBy","issuedTo","keyAlgorithm","keySize","locality","name","organization","organizationalUnit","state","status","subjectAlternativeNames","validFrom","validTo"],"inputProperties":{"certificate":{"type":"string","description":"The PEM-encoded X.509 certificate body."},"certificateType":{"type":"string","description":"The certificate type. Valid values: 'array' (FlashBlade identity, requires private_key) or 'external' (trusted external server such as AD). When unset, the provider infers 'array' if privateKey is provided; otherwise the API defaults to 'external'. Immutable after creation."},"intermediateCertificate":{"type":"string","description":"The PEM-encoded intermediate certificate chain."},"name":{"type":"string","description":"The name of the certificate. Changing this forces a new resource."},"passphrase":{"type":"string","description":"The passphrase protecting the private key. Not returned by the API after creation.","secret":true},"privateKey":{"type":"string","description":"The PEM-encoded private key. Not returned by the API after creation.","secret":true}},"requiredInputs":["certificate","name"],"stateInputs":{"description":"Input properties used for looking up and filtering Certificate resources.\n","properties":{"certificate":{"type":"string","description":"The PEM-encoded X.509 certificate body."},"certificateType":{"type":"string","description":"The certificate type. Valid values: 'array' (FlashBlade identity, requires private_key) or 'external' (trusted external server such as AD). When unset, the provider infers 'array' if privateKey is provided; otherwise the API defaults to 'external'. Immutable after creation."},"commonName":{"type":"string","description":"The common name (CN) extracted from the certificate."},"country":{"type":"string","description":"The country (C) field extracted from the certificate."},"email":{"type":"string","description":"The email address extracted from the certificate."},"intermediateCertificate":{"type":"string","description":"The PEM-encoded intermediate certificate chain."},"issuedBy":{"type":"string","description":"The issuer of the certificate. Changes when the certificate is renewed."},"issuedTo":{"type":"string","description":"The subject of the certificate. Changes when the certificate is renewed."},"keyAlgorithm":{"type":"string","description":"The key algorithm (e.g. RSA, EC). Changes when the certificate is renewed."},"keySize":{"type":"integer","description":"The key size in bits. Changes when the certificate is renewed."},"locality":{"type":"string","description":"The locality (L) field extracted from the certificate."},"name":{"type":"string","description":"The name of the certificate. Changing this forces a new resource."},"organization":{"type":"string","description":"The organization (O) field extracted from the certificate."},"organizationalUnit":{"type":"string","description":"The organizational unit (OU) field extracted from the certificate."},"passphrase":{"type":"string","description":"The passphrase protecting the private key. Not returned by the API after creation.","secret":true},"privateKey":{"type":"string","description":"The PEM-encoded private key. Not returned by the API after creation.","secret":true},"state":{"type":"string","description":"The state/province (ST) field extracted from the certificate."},"status":{"type":"string","description":"The certificate status (e.g. imported, self-signed). Changes when the certificate is renewed."},"subjectAlternativeNames":{"type":"array","items":{"type":"string"},"description":"The subject alternative names (SANs) extracted from the certificate."},"validFrom":{"type":"integer","description":"The Unix timestamp (milliseconds) from which the certificate is valid. Changes when renewed."},"validTo":{"type":"integer","description":"The Unix timestamp (milliseconds) until which the certificate is valid. Changes when renewed."}},"type":"object"}},"mica:index/certificateGroup:CertificateGroup":{"properties":{"name":{"type":"string","description":"The name of the certificate group. Changing this forces a new resource."},"realms":{"type":"array","items":{"type":"string"},"description":"The list of realms associated with this certificate group. Set by the array."}},"required":["name","realms"],"inputProperties":{"name":{"type":"string","description":"The name of the certificate group. Changing this forces a new resource."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering CertificateGroup resources.\n","properties":{"name":{"type":"string","description":"The name of the certificate group. Changing this forces a new resource."},"realms":{"type":"array","items":{"type":"string"},"description":"The list of realms associated with this certificate group. Set by the array."}},"type":"object"}},"mica:index/certificateGroupMember:CertificateGroupMember":{"properties":{"certificateName":{"type":"string","description":"The name of the certificate to add to the group. Changing this forces a new resource."},"groupName":{"type":"string","description":"The name of the certificate group. Changing this forces a new resource."}},"required":["certificateName","groupName"],"inputProperties":{"certificateName":{"type":"string","description":"The name of the certificate to add to the group. Changing this forces a new resource."},"groupName":{"type":"string","description":"The name of the certificate group. Changing this forces a new resource."}},"requiredInputs":["certificateName","groupName"],"stateInputs":{"description":"Input properties used for looking up and filtering CertificateGroupMember resources.\n","properties":{"certificateName":{"type":"string","description":"The name of the certificate to add to the group. Changing this forces a new resource."},"groupName":{"type":"string","description":"The name of the certificate group. Changing this forces a new resource."}},"type":"object"}},"mica:index/directoryServiceManagement:DirectoryServiceManagement":{"properties":{"baseDn":{"type":"string","description":"Base Distinguished Name (DN) used when searching the directory."},"bindPassword":{"type":"string","description":"Password used to bind to the directory. Write-only — never returned by the API.","secret":true},"bindUser":{"type":"string","description":"Distinguished Name (DN) of the user used to bind to the directory."},"caCertificate":{"type":"string","description":"Name of a CA certificate used to validate the LDAPS server certificate. Clear by omitting the attribute."},"caCertificateGroup":{"type":"string","description":"Name of a CA certificate group used to validate the LDAPS server certificate. Clear by omitting the attribute."},"enabled":{"type":"boolean","description":"If true, the management directory service authenticates FlashBlade admin logins against LDAP."},"services":{"type":"array","items":{"type":"string"},"description":"Services that use this directory service configuration. Read-only. No plan modifier — drift is visible."},"sshPublicKeyAttribute":{"type":"string","description":"LDAP attribute that holds the user's SSH public key (e.g. sshPublicKey)."},"uris":{"type":"array","items":{"type":"string"},"description":"List of LDAP server URIs. Each entry must start with ldap:// or ldaps://."},"userLoginAttribute":{"type":"string","description":"LDAP attribute that holds the user's login name. API default: sAMAccountName for AD, uid otherwise."},"userObjectClass":{"type":"string","description":"LDAP object class for management users. API default: User (AD), posixAccount/shadowAccount (OpenLDAP), person (other)."}},"required":["baseDn","bindPassword","bindUser","caCertificate","caCertificateGroup","enabled","services","sshPublicKeyAttribute","uris","userLoginAttribute","userObjectClass"],"inputProperties":{"baseDn":{"type":"string","description":"Base Distinguished Name (DN) used when searching the directory."},"bindPassword":{"type":"string","description":"Password used to bind to the directory. Write-only — never returned by the API.","secret":true},"bindUser":{"type":"string","description":"Distinguished Name (DN) of the user used to bind to the directory."},"caCertificate":{"type":"string","description":"Name of a CA certificate used to validate the LDAPS server certificate. Clear by omitting the attribute."},"caCertificateGroup":{"type":"string","description":"Name of a CA certificate group used to validate the LDAPS server certificate. Clear by omitting the attribute."},"enabled":{"type":"boolean","description":"If true, the management directory service authenticates FlashBlade admin logins against LDAP."},"sshPublicKeyAttribute":{"type":"string","description":"LDAP attribute that holds the user's SSH public key (e.g. sshPublicKey)."},"uris":{"type":"array","items":{"type":"string"},"description":"List of LDAP server URIs. Each entry must start with ldap:// or ldaps://."},"userLoginAttribute":{"type":"string","description":"LDAP attribute that holds the user's login name. API default: sAMAccountName for AD, uid otherwise."},"userObjectClass":{"type":"string","description":"LDAP object class for management users. API default: User (AD), posixAccount/shadowAccount (OpenLDAP), person (other)."}},"stateInputs":{"description":"Input properties used for looking up and filtering DirectoryServiceManagement resources.\n","properties":{"baseDn":{"type":"string","description":"Base Distinguished Name (DN) used when searching the directory."},"bindPassword":{"type":"string","description":"Password used to bind to the directory. Write-only — never returned by the API.","secret":true},"bindUser":{"type":"string","description":"Distinguished Name (DN) of the user used to bind to the directory."},"caCertificate":{"type":"string","description":"Name of a CA certificate used to validate the LDAPS server certificate. Clear by omitting the attribute."},"caCertificateGroup":{"type":"string","description":"Name of a CA certificate group used to validate the LDAPS server certificate. Clear by omitting the attribute."},"enabled":{"type":"boolean","description":"If true, the management directory service authenticates FlashBlade admin logins against LDAP."},"services":{"type":"array","items":{"type":"string"},"description":"Services that use this directory service configuration. Read-only. No plan modifier — drift is visible."},"sshPublicKeyAttribute":{"type":"string","description":"LDAP attribute that holds the user's SSH public key (e.g. sshPublicKey)."},"uris":{"type":"array","items":{"type":"string"},"description":"List of LDAP server URIs. Each entry must start with ldap:// or ldaps://."},"userLoginAttribute":{"type":"string","description":"LDAP attribute that holds the user's login name. API default: sAMAccountName for AD, uid otherwise."},"userObjectClass":{"type":"string","description":"LDAP object class for management users. API default: User (AD), posixAccount/shadowAccount (OpenLDAP), person (other)."}},"type":"object"}},"mica:index/directoryServiceRole:DirectoryServiceRole":{"properties":{"group":{"type":"string","description":"CN of the LDAP group whose members receive the role. Mutable via PATCH."},"groupBase":{"type":"string","description":"DN search base where the LDAP group is located. Mutable via PATCH."},"managementAccessPolicies":{"type":"array","items":{"type":"string"},"description":"List of management access policy names (e.g. pure:policy/array_admin). Writable on POST only — changing this forces a new resource."},"name":{"type":"string","description":"Unique name for the directory service role. Required on create. Changing this forces a new resource."},"role":{"$ref":"#/types/mica:index/DirectoryServiceRoleRole:DirectoryServiceRoleRole","description":"Deprecated legacy backfill. Populated by the API when the role maps to exactly one legacy-named policy; otherwise null."}},"required":["group","groupBase","managementAccessPolicies","name","role"],"inputProperties":{"group":{"type":"string","description":"CN of the LDAP group whose members receive the role. Mutable via PATCH."},"groupBase":{"type":"string","description":"DN search base where the LDAP group is located. Mutable via PATCH."},"managementAccessPolicies":{"type":"array","items":{"type":"string"},"description":"List of management access policy names (e.g. pure:policy/array_admin). Writable on POST only — changing this forces a new resource."},"name":{"type":"string","description":"Unique name for the directory service role. Required on create. Changing this forces a new resource."}},"requiredInputs":["group","groupBase","managementAccessPolicies","name"],"stateInputs":{"description":"Input properties used for looking up and filtering DirectoryServiceRole resources.\n","properties":{"group":{"type":"string","description":"CN of the LDAP group whose members receive the role. Mutable via PATCH."},"groupBase":{"type":"string","description":"DN search base where the LDAP group is located. Mutable via PATCH."},"managementAccessPolicies":{"type":"array","items":{"type":"string"},"description":"List of management access policy names (e.g. pure:policy/array_admin). Writable on POST only — changing this forces a new resource."},"name":{"type":"string","description":"Unique name for the directory service role. Required on create. Changing this forces a new resource."},"role":{"$ref":"#/types/mica:index/DirectoryServiceRoleRole:DirectoryServiceRoleRole","description":"Deprecated legacy backfill. Populated by the API when the role maps to exactly one legacy-named policy; otherwise null."}},"type":"object"}},"mica:index/fileSystem:FileSystem":{"properties":{"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the file system was created."},"defaultQuotas":{"$ref":"#/types/mica:index/FileSystemDefaultQuotas:FileSystemDefaultQuotas","description":"Default quota settings."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true (default), Terraform will eradicate the file system on destroy. When false, only soft-deletes."},"destroyed":{"type":"boolean","description":"Whether the file system is soft-deleted."},"http":{"$ref":"#/types/mica:index/FileSystemHttp:FileSystemHttp","description":"HTTP protocol configuration (read-only, API-managed)."},"multiProtocol":{"$ref":"#/types/mica:index/FileSystemMultiProtocol:FileSystemMultiProtocol","description":"Multi-protocol access configuration."},"name":{"type":"string","description":"The name of the file system. Supports in-place rename."},"nfs":{"$ref":"#/types/mica:index/FileSystemNfs:FileSystemNfs","description":"NFS protocol configuration."},"promotionStatus":{"type":"string","description":"Replication promotion status of the file system."},"provisioned":{"type":"integer","description":"Provisioned size of the file system in bytes."},"smb":{"$ref":"#/types/mica:index/FileSystemSmb:FileSystemSmb","description":"SMB protocol configuration."},"source":{"$ref":"#/types/mica:index/FileSystemSource:FileSystemSource","description":"Source file system reference (for clones/replicas, read-only)."},"space":{"$ref":"#/types/mica:index/FileSystemSpace:FileSystemSpace","description":"Storage space breakdown (read-only, API-managed)."},"timeRemaining":{"type":"integer","description":"Milliseconds remaining until auto-eradication of a soft-deleted file system."},"workload":{"$ref":"#/types/mica:index/FileSystemWorkload:FileSystemWorkload","description":"Workload reference for this file system. Set to attach to an existing workload; clear (set id and name to empty string) to detach."},"writable":{"type":"boolean","description":"Whether the file system is writable."}},"required":["created","defaultQuotas","destroyEradicateOnDelete","destroyed","http","multiProtocol","name","nfs","promotionStatus","provisioned","smb","source","space","timeRemaining","workload","writable"],"inputProperties":{"defaultQuotas":{"$ref":"#/types/mica:index/FileSystemDefaultQuotas:FileSystemDefaultQuotas","description":"Default quota settings."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true (default), Terraform will eradicate the file system on destroy. When false, only soft-deletes."},"multiProtocol":{"$ref":"#/types/mica:index/FileSystemMultiProtocol:FileSystemMultiProtocol","description":"Multi-protocol access configuration."},"name":{"type":"string","description":"The name of the file system. Supports in-place rename."},"nfs":{"$ref":"#/types/mica:index/FileSystemNfs:FileSystemNfs","description":"NFS protocol configuration."},"provisioned":{"type":"integer","description":"Provisioned size of the file system in bytes."},"smb":{"$ref":"#/types/mica:index/FileSystemSmb:FileSystemSmb","description":"SMB protocol configuration."},"workload":{"$ref":"#/types/mica:index/FileSystemWorkload:FileSystemWorkload","description":"Workload reference for this file system. Set to attach to an existing workload; clear (set id and name to empty string) to detach."}},"requiredInputs":["name","provisioned"],"stateInputs":{"description":"Input properties used for looking up and filtering FileSystem resources.\n","properties":{"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the file system was created."},"defaultQuotas":{"$ref":"#/types/mica:index/FileSystemDefaultQuotas:FileSystemDefaultQuotas","description":"Default quota settings."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true (default), Terraform will eradicate the file system on destroy. When false, only soft-deletes."},"destroyed":{"type":"boolean","description":"Whether the file system is soft-deleted."},"http":{"$ref":"#/types/mica:index/FileSystemHttp:FileSystemHttp","description":"HTTP protocol configuration (read-only, API-managed)."},"multiProtocol":{"$ref":"#/types/mica:index/FileSystemMultiProtocol:FileSystemMultiProtocol","description":"Multi-protocol access configuration."},"name":{"type":"string","description":"The name of the file system. Supports in-place rename."},"nfs":{"$ref":"#/types/mica:index/FileSystemNfs:FileSystemNfs","description":"NFS protocol configuration."},"promotionStatus":{"type":"string","description":"Replication promotion status of the file system."},"provisioned":{"type":"integer","description":"Provisioned size of the file system in bytes."},"smb":{"$ref":"#/types/mica:index/FileSystemSmb:FileSystemSmb","description":"SMB protocol configuration."},"source":{"$ref":"#/types/mica:index/FileSystemSource:FileSystemSource","description":"Source file system reference (for clones/replicas, read-only)."},"space":{"$ref":"#/types/mica:index/FileSystemSpace:FileSystemSpace","description":"Storage space breakdown (read-only, API-managed)."},"timeRemaining":{"type":"integer","description":"Milliseconds remaining until auto-eradication of a soft-deleted file system."},"workload":{"$ref":"#/types/mica:index/FileSystemWorkload:FileSystemWorkload","description":"Workload reference for this file system. Set to attach to an existing workload; clear (set id and name to empty string) to detach."},"writable":{"type":"boolean","description":"Whether the file system is writable."}},"type":"object"}},"mica:index/fileSystemExport:FileSystemExport":{"properties":{"enabled":{"type":"boolean","description":"Whether the export is enabled."},"exportName":{"type":"string","description":"The export name part. Defaults to the file system name if not set."},"fileSystemName":{"type":"string","description":"The name of the file system to export. Changing this forces a new resource."},"name":{"type":"string","description":"The combined name of the export (e.g. 'filesystem/export_name')."},"policyName":{"type":"string","description":"The name of the NFS export policy to apply to the export."},"policyType":{"type":"string","description":"The policy type ('nfs' or 'smb')."},"serverName":{"type":"string","description":"The name of the server to export to. Changing this forces a new resource."},"sharePolicyName":{"type":"string","description":"The name of the SMB share policy to apply to the export."},"status":{"type":"string","description":"The status of the export."},"workload":{"$ref":"#/types/mica:index/FileSystemExportWorkload:FileSystemExportWorkload","description":"The workload that owns this export (read-only, API-managed). Populated by the API when the export is associated with a workload."}},"required":["enabled","exportName","fileSystemName","name","policyName","policyType","serverName","sharePolicyName","status","workload"],"inputProperties":{"exportName":{"type":"string","description":"The export name part. Defaults to the file system name if not set."},"fileSystemName":{"type":"string","description":"The name of the file system to export. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the NFS export policy to apply to the export."},"serverName":{"type":"string","description":"The name of the server to export to. Changing this forces a new resource."},"sharePolicyName":{"type":"string","description":"The name of the SMB share policy to apply to the export."}},"requiredInputs":["fileSystemName","policyName","serverName"],"stateInputs":{"description":"Input properties used for looking up and filtering FileSystemExport resources.\n","properties":{"enabled":{"type":"boolean","description":"Whether the export is enabled."},"exportName":{"type":"string","description":"The export name part. Defaults to the file system name if not set."},"fileSystemName":{"type":"string","description":"The name of the file system to export. Changing this forces a new resource."},"name":{"type":"string","description":"The combined name of the export (e.g. 'filesystem/export_name')."},"policyName":{"type":"string","description":"The name of the NFS export policy to apply to the export."},"policyType":{"type":"string","description":"The policy type ('nfs' or 'smb')."},"serverName":{"type":"string","description":"The name of the server to export to. Changing this forces a new resource."},"sharePolicyName":{"type":"string","description":"The name of the SMB share policy to apply to the export."},"status":{"type":"string","description":"The status of the export."},"workload":{"$ref":"#/types/mica:index/FileSystemExportWorkload:FileSystemExportWorkload","description":"The workload that owns this export (read-only, API-managed). Populated by the API when the export is associated with a workload."}},"type":"object"}},"mica:index/lifecycleRule:LifecycleRule":{"properties":{"abortIncompleteMultipartUploadsAfter":{"type":"integer","description":"Duration in milliseconds after which incomplete multipart uploads are aborted."},"bucketName":{"type":"string","description":"The name of the bucket this rule belongs to. Changing this forces a new resource."},"cleanupExpiredObjectDeleteMarker":{"type":"boolean","description":"Whether expired object delete markers are cleaned up. Read-only, managed by the array."},"enabled":{"type":"boolean","description":"Whether the lifecycle rule is enabled. Defaults to true."},"keepCurrentVersionFor":{"type":"integer","description":"Duration in milliseconds to keep current object versions before expiration."},"keepCurrentVersionUntil":{"type":"integer","description":"Timestamp in milliseconds until which current object versions are kept."},"keepPreviousVersionFor":{"type":"integer","description":"Duration in milliseconds to keep previous object versions before expiration."},"prefix":{"type":"string","description":"Object key prefix filter for the rule. Defaults to empty string (all objects)."},"ruleId":{"type":"string","description":"The rule identifier within the bucket. Changing this forces a new resource."}},"required":["bucketName","cleanupExpiredObjectDeleteMarker","enabled","prefix","ruleId"],"inputProperties":{"abortIncompleteMultipartUploadsAfter":{"type":"integer","description":"Duration in milliseconds after which incomplete multipart uploads are aborted."},"bucketName":{"type":"string","description":"The name of the bucket this rule belongs to. Changing this forces a new resource."},"enabled":{"type":"boolean","description":"Whether the lifecycle rule is enabled. Defaults to true."},"keepCurrentVersionFor":{"type":"integer","description":"Duration in milliseconds to keep current object versions before expiration."},"keepCurrentVersionUntil":{"type":"integer","description":"Timestamp in milliseconds until which current object versions are kept."},"keepPreviousVersionFor":{"type":"integer","description":"Duration in milliseconds to keep previous object versions before expiration."},"prefix":{"type":"string","description":"Object key prefix filter for the rule. Defaults to empty string (all objects)."},"ruleId":{"type":"string","description":"The rule identifier within the bucket. Changing this forces a new resource."}},"requiredInputs":["bucketName","ruleId"],"stateInputs":{"description":"Input properties used for looking up and filtering LifecycleRule resources.\n","properties":{"abortIncompleteMultipartUploadsAfter":{"type":"integer","description":"Duration in milliseconds after which incomplete multipart uploads are aborted."},"bucketName":{"type":"string","description":"The name of the bucket this rule belongs to. Changing this forces a new resource."},"cleanupExpiredObjectDeleteMarker":{"type":"boolean","description":"Whether expired object delete markers are cleaned up. Read-only, managed by the array."},"enabled":{"type":"boolean","description":"Whether the lifecycle rule is enabled. Defaults to true."},"keepCurrentVersionFor":{"type":"integer","description":"Duration in milliseconds to keep current object versions before expiration."},"keepCurrentVersionUntil":{"type":"integer","description":"Timestamp in milliseconds until which current object versions are kept."},"keepPreviousVersionFor":{"type":"integer","description":"Duration in milliseconds to keep previous object versions before expiration."},"prefix":{"type":"string","description":"Object key prefix filter for the rule. Defaults to empty string (all objects)."},"ruleId":{"type":"string","description":"The rule identifier within the bucket. Changing this forces a new resource."}},"type":"object"}},"mica:index/logTargetObjectStore:LogTargetObjectStore":{"properties":{"bucketName":{"type":"string","description":"The name of the bucket where audit logs will be stored."},"logNamePrefix":{"type":"string","description":"The prefix of audit log object names in the bucket."},"logRotateDuration":{"type":"integer","description":"The rotation interval for audit logs in milliseconds."},"name":{"type":"string","description":"The name of the log target object store. Not renameable; changing forces replacement."}},"required":["bucketName","logNamePrefix","logRotateDuration","name"],"inputProperties":{"bucketName":{"type":"string","description":"The name of the bucket where audit logs will be stored."},"logNamePrefix":{"type":"string","description":"The prefix of audit log object names in the bucket."},"logRotateDuration":{"type":"integer","description":"The rotation interval for audit logs in milliseconds."},"name":{"type":"string","description":"The name of the log target object store. Not renameable; changing forces replacement."}},"requiredInputs":["bucketName","name"],"stateInputs":{"description":"Input properties used for looking up and filtering LogTargetObjectStore resources.\n","properties":{"bucketName":{"type":"string","description":"The name of the bucket where audit logs will be stored."},"logNamePrefix":{"type":"string","description":"The prefix of audit log object names in the bucket."},"logRotateDuration":{"type":"integer","description":"The rotation interval for audit logs in milliseconds."},"name":{"type":"string","description":"The name of the log target object store. Not renameable; changing forces replacement."}},"type":"object"}},"mica:index/managementAccessPolicyDirectoryServiceRoleMembership:ManagementAccessPolicyDirectoryServiceRoleMembership":{"properties":{"policy":{"type":"string","description":"Name of the management access policy to associate. Changing this forces a new resource."},"role":{"type":"string","description":"Name of the directory service role. Changing this forces a new resource."}},"required":["policy","role"],"inputProperties":{"policy":{"type":"string","description":"Name of the management access policy to associate. Changing this forces a new resource."},"role":{"type":"string","description":"Name of the directory service role. Changing this forces a new resource."}},"requiredInputs":["policy","role"],"stateInputs":{"description":"Input properties used for looking up and filtering ManagementAccessPolicyDirectoryServiceRoleMembership resources.\n","properties":{"policy":{"type":"string","description":"Name of the management access policy to associate. Changing this forces a new resource."},"role":{"type":"string","description":"Name of the directory service role. Changing this forces a new resource."}},"type":"object"}},"mica:index/networkAccessPolicy:NetworkAccessPolicy":{"properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the network access policy to manage. The policy must already exist on the FlashBlade array."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'network-access')."},"version":{"type":"string","description":"The version token that changes on each policy update."}},"required":["enabled","isLocal","name","policyType","version"],"inputProperties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"name":{"type":"string","description":"The name of the network access policy to manage. The policy must already exist on the FlashBlade array."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering NetworkAccessPolicy resources.\n","properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the network access policy to manage. The policy must already exist on the FlashBlade array."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'network-access')."},"version":{"type":"string","description":"The version token that changes on each policy update."}},"type":"object"}},"mica:index/networkAccessPolicyRule:NetworkAccessPolicyRule":{"properties":{"client":{"type":"string","description":"IP address, CIDR range, or '*' matching the clients to which this rule applies."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'."},"index":{"type":"integer","description":"The server-assigned ordering index for this rule within the policy. Used for import."},"interfaces":{"type":"array","items":{"type":"string"},"description":"List of protocol interfaces this rule applies to (e.g. ['nfs', 'smb', 's3']). If empty, applies to all."},"name":{"type":"string","description":"The server-assigned rule identifier. Used internally for PATCH/DELETE API calls."},"policyName":{"type":"string","description":"The name of the network access policy this rule belongs to. Changing this forces a new resource."},"policyVersion":{"type":"string","description":"The version of the parent policy at the time this rule was last read."}},"required":["client","effect","index","interfaces","name","policyName","policyVersion"],"inputProperties":{"client":{"type":"string","description":"IP address, CIDR range, or '*' matching the clients to which this rule applies."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'."},"interfaces":{"type":"array","items":{"type":"string"},"description":"List of protocol interfaces this rule applies to (e.g. ['nfs', 'smb', 's3']). If empty, applies to all."},"policyName":{"type":"string","description":"The name of the network access policy this rule belongs to. Changing this forces a new resource."}},"requiredInputs":["client","effect","policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering NetworkAccessPolicyRule resources.\n","properties":{"client":{"type":"string","description":"IP address, CIDR range, or '*' matching the clients to which this rule applies."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'."},"index":{"type":"integer","description":"The server-assigned ordering index for this rule within the policy. Used for import."},"interfaces":{"type":"array","items":{"type":"string"},"description":"List of protocol interfaces this rule applies to (e.g. ['nfs', 'smb', 's3']). If empty, applies to all."},"name":{"type":"string","description":"The server-assigned rule identifier. Used internally for PATCH/DELETE API calls."},"policyName":{"type":"string","description":"The name of the network access policy this rule belongs to. Changing this forces a new resource."},"policyVersion":{"type":"string","description":"The version of the parent policy at the time this rule was last read."}},"type":"object"}},"mica:index/networkInterface:NetworkInterface":{"properties":{"address":{"type":"string","description":"The IPv4 address for this network interface."},"attachedServers":{"type":"array","items":{"type":"string"},"description":"List of server names attached to this interface. Required for data/sts; forbidden for egress-only/replication."},"enabled":{"type":"boolean","description":"Whether the network interface is enabled."},"gateway":{"type":"string","description":"The gateway address for this network interface."},"mtu":{"type":"integer","description":"Maximum transmission unit (MTU) in bytes."},"name":{"type":"string","description":"The name of the network interface. Changing this forces a new resource."},"netmask":{"type":"string","description":"The subnet mask for this network interface."},"realms":{"type":"array","items":{"type":"string"},"description":"List of realms associated with this network interface."},"services":{"type":"string","description":"The service type for this network interface. One of: data, sts, egress-only, replication."},"subnetName":{"type":"string","description":"The name of the subnet this interface is attached to. Changing this forces a new resource."},"type":{"type":"string","description":"The network interface type (e.g. vip). Changing this forces a new resource."},"vlan":{"type":"integer","description":"VLAN ID. 0 means untagged."}},"required":["address","attachedServers","enabled","gateway","mtu","name","netmask","realms","services","subnetName","type","vlan"],"inputProperties":{"address":{"type":"string","description":"The IPv4 address for this network interface."},"attachedServers":{"type":"array","items":{"type":"string"},"description":"List of server names attached to this interface. Required for data/sts; forbidden for egress-only/replication."},"name":{"type":"string","description":"The name of the network interface. Changing this forces a new resource."},"services":{"type":"string","description":"The service type for this network interface. One of: data, sts, egress-only, replication."},"subnetName":{"type":"string","description":"The name of the subnet this interface is attached to. Changing this forces a new resource."},"type":{"type":"string","description":"The network interface type (e.g. vip). Changing this forces a new resource."}},"requiredInputs":["address","name","services","subnetName","type"],"stateInputs":{"description":"Input properties used for looking up and filtering NetworkInterface resources.\n","properties":{"address":{"type":"string","description":"The IPv4 address for this network interface."},"attachedServers":{"type":"array","items":{"type":"string"},"description":"List of server names attached to this interface. Required for data/sts; forbidden for egress-only/replication."},"enabled":{"type":"boolean","description":"Whether the network interface is enabled."},"gateway":{"type":"string","description":"The gateway address for this network interface."},"mtu":{"type":"integer","description":"Maximum transmission unit (MTU) in bytes."},"name":{"type":"string","description":"The name of the network interface. Changing this forces a new resource."},"netmask":{"type":"string","description":"The subnet mask for this network interface."},"realms":{"type":"array","items":{"type":"string"},"description":"List of realms associated with this network interface."},"services":{"type":"string","description":"The service type for this network interface. One of: data, sts, egress-only, replication."},"subnetName":{"type":"string","description":"The name of the subnet this interface is attached to. Changing this forces a new resource."},"type":{"type":"string","description":"The network interface type (e.g. vip). Changing this forces a new resource."},"vlan":{"type":"integer","description":"VLAN ID. 0 means untagged."}},"type":"object"}},"mica:index/nfsExportPolicy:NfsExportPolicy":{"properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the NFS export policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'nfs')."},"version":{"type":"string","description":"The version token that changes on each policy update."},"workload":{"$ref":"#/types/mica:index/NfsExportPolicyWorkload:NfsExportPolicyWorkload","description":"The workload that owns this NFS export policy (read-only, API-managed). Populated by the API when the policy is associated with a workload."}},"required":["enabled","isLocal","name","policyType","version","workload"],"inputProperties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"name":{"type":"string","description":"The name of the NFS export policy. Can be changed in-place via PATCH (rename)."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering NfsExportPolicy resources.\n","properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the NFS export policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'nfs')."},"version":{"type":"string","description":"The version token that changes on each policy update."},"workload":{"$ref":"#/types/mica:index/NfsExportPolicyWorkload:NfsExportPolicyWorkload","description":"The workload that owns this NFS export policy (read-only, API-managed). Populated by the API when the policy is associated with a workload."}},"type":"object"}},"mica:index/nfsExportPolicyRule:NfsExportPolicyRule":{"properties":{"access":{"type":"string","description":"The access control for NFS clients (e.g. 'root-squash', 'no-root-squash', 'all-squash')."},"anongid":{"type":"integer","description":"The GID to use for anonymous (squashed) users."},"anonuid":{"type":"integer","description":"The UID to use for anonymous (squashed) users."},"atime":{"type":"boolean","description":"If true, access time updates are enabled."},"client":{"type":"string","description":"A pattern matching the clients to which this rule applies (e.g. '*', '10.0.0.0/8')."},"fileid32bit":{"type":"boolean","description":"If true, use 32-bit file IDs."},"index":{"type":"integer","description":"The server-assigned ordering index for this rule within the policy. Used for import."},"name":{"type":"string","description":"The server-assigned rule identifier. Used internally for PATCH/DELETE API calls."},"permission":{"type":"string","description":"The read/write permission for matching clients (e.g. 'rw', 'ro')."},"policyName":{"type":"string","description":"The name of the NFS export policy this rule belongs to. Changing this forces a new resource."},"policyVersion":{"type":"string","description":"The version of the parent policy at the time this rule was last read."},"requiredTransportSecurity":{"type":"string","description":"Required transport security for this rule (e.g. 'krb5', 'krb5i', 'krb5p')."},"secure":{"type":"boolean","description":"If true, require clients to use a privileged port."},"securities":{"type":"array","items":{"type":"string"},"description":"Security flavors to enforce for this rule."}},"required":["access","anongid","anonuid","atime","client","fileid32bit","index","name","permission","policyName","policyVersion","requiredTransportSecurity","secure","securities"],"inputProperties":{"access":{"type":"string","description":"The access control for NFS clients (e.g. 'root-squash', 'no-root-squash', 'all-squash')."},"anongid":{"type":"integer","description":"The GID to use for anonymous (squashed) users."},"anonuid":{"type":"integer","description":"The UID to use for anonymous (squashed) users."},"atime":{"type":"boolean","description":"If true, access time updates are enabled."},"client":{"type":"string","description":"A pattern matching the clients to which this rule applies (e.g. '*', '10.0.0.0/8')."},"fileid32bit":{"type":"boolean","description":"If true, use 32-bit file IDs."},"permission":{"type":"string","description":"The read/write permission for matching clients (e.g. 'rw', 'ro')."},"policyName":{"type":"string","description":"The name of the NFS export policy this rule belongs to. Changing this forces a new resource."},"requiredTransportSecurity":{"type":"string","description":"Required transport security for this rule (e.g. 'krb5', 'krb5i', 'krb5p')."},"secure":{"type":"boolean","description":"If true, require clients to use a privileged port."},"securities":{"type":"array","items":{"type":"string"},"description":"Security flavors to enforce for this rule."}},"requiredInputs":["policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering NfsExportPolicyRule resources.\n","properties":{"access":{"type":"string","description":"The access control for NFS clients (e.g. 'root-squash', 'no-root-squash', 'all-squash')."},"anongid":{"type":"integer","description":"The GID to use for anonymous (squashed) users."},"anonuid":{"type":"integer","description":"The UID to use for anonymous (squashed) users."},"atime":{"type":"boolean","description":"If true, access time updates are enabled."},"client":{"type":"string","description":"A pattern matching the clients to which this rule applies (e.g. '*', '10.0.0.0/8')."},"fileid32bit":{"type":"boolean","description":"If true, use 32-bit file IDs."},"index":{"type":"integer","description":"The server-assigned ordering index for this rule within the policy. Used for import."},"name":{"type":"string","description":"The server-assigned rule identifier. Used internally for PATCH/DELETE API calls."},"permission":{"type":"string","description":"The read/write permission for matching clients (e.g. 'rw', 'ro')."},"policyName":{"type":"string","description":"The name of the NFS export policy this rule belongs to. Changing this forces a new resource."},"policyVersion":{"type":"string","description":"The version of the parent policy at the time this rule was last read."},"requiredTransportSecurity":{"type":"string","description":"Required transport security for this rule (e.g. 'krb5', 'krb5i', 'krb5p')."},"secure":{"type":"boolean","description":"If true, require clients to use a privileged port."},"securities":{"type":"array","items":{"type":"string"},"description":"Security flavors to enforce for this rule."}},"type":"object"}},"mica:index/objectStoreAccessKey:ObjectStoreAccessKey":{"properties":{"accessKeyId":{"type":"string","description":"The access key ID (public part of the credential pair)."},"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the access key was created."},"enabled":{"type":"boolean","description":"If true, the access key is enabled. Changing this forces a new resource."},"name":{"type":"string","description":"The access key name (format: /admin/). When providing a secretAccessKey for cross-array replication, this must be set to the same name as the source key. When omitted, the API assigns it automatically."},"objectStoreAccount":{"type":"string","description":"The object store account this access key belongs to. Changing this forces a new resource."},"secretAccessKey":{"type":"string","description":"The secret access key. When provided, the key is created with this exact secret (for cross-array replication). When omitted, the API generates it. Returned only at creation time and stored in state (encrypted).","secret":true},"user":{"type":"string","description":"The S3 user this access key belongs to (format: account/username). When omitted, defaults to account/admin. Changing this forces a new resource."}},"required":["accessKeyId","created","enabled","name","objectStoreAccount","secretAccessKey","user"],"inputProperties":{"enabled":{"type":"boolean","description":"If true, the access key is enabled. Changing this forces a new resource."},"name":{"type":"string","description":"The access key name (format: /admin/). When providing a secretAccessKey for cross-array replication, this must be set to the same name as the source key. When omitted, the API assigns it automatically."},"objectStoreAccount":{"type":"string","description":"The object store account this access key belongs to. Changing this forces a new resource."},"secretAccessKey":{"type":"string","description":"The secret access key. When provided, the key is created with this exact secret (for cross-array replication). When omitted, the API generates it. Returned only at creation time and stored in state (encrypted).","secret":true},"user":{"type":"string","description":"The S3 user this access key belongs to (format: account/username). When omitted, defaults to account/admin. Changing this forces a new resource."}},"requiredInputs":["objectStoreAccount"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreAccessKey resources.\n","properties":{"accessKeyId":{"type":"string","description":"The access key ID (public part of the credential pair)."},"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the access key was created."},"enabled":{"type":"boolean","description":"If true, the access key is enabled. Changing this forces a new resource."},"name":{"type":"string","description":"The access key name (format: /admin/). When providing a secretAccessKey for cross-array replication, this must be set to the same name as the source key. When omitted, the API assigns it automatically."},"objectStoreAccount":{"type":"string","description":"The object store account this access key belongs to. Changing this forces a new resource."},"secretAccessKey":{"type":"string","description":"The secret access key. When provided, the key is created with this exact secret (for cross-array replication). When omitted, the API generates it. Returned only at creation time and stored in state (encrypted).","secret":true},"user":{"type":"string","description":"The S3 user this access key belongs to (format: account/username). When omitted, defaults to account/admin. Changing this forces a new resource."}},"type":"object"}},"mica:index/objectStoreAccessPolicy:ObjectStoreAccessPolicy":{"properties":{"arn":{"type":"string","description":"The Amazon Resource Name (ARN) for the policy."},"description":{"type":"string","description":"A human-readable description. POST-only field — changing this forces a new resource."},"enabled":{"type":"boolean","description":"If true, the policy is enabled. This is read-only (not writable via PATCH)."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the object store access policy in format `account-name/policy-name` (e.g. `myaccount/readonly`). Can be renamed in-place via PATCH."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'object-store-access')."}},"required":["arn","description","enabled","isLocal","name","policyType"],"inputProperties":{"description":{"type":"string","description":"A human-readable description. POST-only field — changing this forces a new resource."},"name":{"type":"string","description":"The name of the object store access policy in format `account-name/policy-name` (e.g. `myaccount/readonly`). Can be renamed in-place via PATCH."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreAccessPolicy resources.\n","properties":{"arn":{"type":"string","description":"The Amazon Resource Name (ARN) for the policy."},"description":{"type":"string","description":"A human-readable description. POST-only field — changing this forces a new resource."},"enabled":{"type":"boolean","description":"If true, the policy is enabled. This is read-only (not writable via PATCH)."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the object store access policy in format `account-name/policy-name` (e.g. `myaccount/readonly`). Can be renamed in-place via PATCH."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'object-store-access')."}},"type":"object"}},"mica:index/objectStoreAccessPolicyRule:ObjectStoreAccessPolicyRule":{"properties":{"actions":{"type":"array","items":{"type":"string"},"description":"List of S3 actions this rule applies to (e.g. ['s3:GetObject', 's3:PutObject'])."},"conditions":{"type":"string","description":"JSON-encoded IAM conditions object (use jsonencode()). Null or empty if no conditions."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'. Read-only after creation — changing this forces a new resource."},"name":{"type":"string","description":"The name of the rule. Changing this forces a new resource (rules cannot be renamed)."},"policyName":{"type":"string","description":"The name of the object store access policy this rule belongs to. Changing this forces a new resource."},"resources":{"type":"array","items":{"type":"string"},"description":"List of ARN-like resource patterns this rule applies to."}},"required":["actions","conditions","effect","name","policyName","resources"],"inputProperties":{"actions":{"type":"array","items":{"type":"string"},"description":"List of S3 actions this rule applies to (e.g. ['s3:GetObject', 's3:PutObject'])."},"conditions":{"type":"string","description":"JSON-encoded IAM conditions object (use jsonencode()). Null or empty if no conditions."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'. Read-only after creation — changing this forces a new resource."},"name":{"type":"string","description":"The name of the rule. Changing this forces a new resource (rules cannot be renamed)."},"policyName":{"type":"string","description":"The name of the object store access policy this rule belongs to. Changing this forces a new resource."},"resources":{"type":"array","items":{"type":"string"},"description":"List of ARN-like resource patterns this rule applies to."}},"requiredInputs":["actions","effect","name","policyName","resources"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreAccessPolicyRule resources.\n","properties":{"actions":{"type":"array","items":{"type":"string"},"description":"List of S3 actions this rule applies to (e.g. ['s3:GetObject', 's3:PutObject'])."},"conditions":{"type":"string","description":"JSON-encoded IAM conditions object (use jsonencode()). Null or empty if no conditions."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'. Read-only after creation — changing this forces a new resource."},"name":{"type":"string","description":"The name of the rule. Changing this forces a new resource (rules cannot be renamed)."},"policyName":{"type":"string","description":"The name of the object store access policy this rule belongs to. Changing this forces a new resource."},"resources":{"type":"array","items":{"type":"string"},"description":"List of ARN-like resource patterns this rule applies to."}},"type":"object"}},"mica:index/objectStoreAccount:ObjectStoreAccount":{"properties":{"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the account was created."},"hardLimitEnabled":{"type":"boolean","description":"If true, the account's size cannot exceed the quota limit."},"name":{"type":"string","description":"The name of the object store account. Changing this forces a new resource."},"objectCount":{"type":"integer","description":"The count of objects within the account."},"quotaLimit":{"type":"integer","description":"The effective quota limit applied against the size of the account, in bytes."},"skipDefaultExport":{"type":"boolean","description":"When true, suppresses the default account export to _array_server at creation time. Use this when you manage exports explicitly via flashblade_object_store_account_export."},"space":{"$ref":"#/types/mica:index/ObjectStoreAccountSpace:ObjectStoreAccountSpace","description":"Storage space breakdown (read-only, API-managed)."}},"required":["created","hardLimitEnabled","name","objectCount","quotaLimit","skipDefaultExport","space"],"inputProperties":{"hardLimitEnabled":{"type":"boolean","description":"If true, the account's size cannot exceed the quota limit."},"name":{"type":"string","description":"The name of the object store account. Changing this forces a new resource."},"quotaLimit":{"type":"integer","description":"The effective quota limit applied against the size of the account, in bytes."},"skipDefaultExport":{"type":"boolean","description":"When true, suppresses the default account export to _array_server at creation time. Use this when you manage exports explicitly via flashblade_object_store_account_export."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreAccount resources.\n","properties":{"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the account was created."},"hardLimitEnabled":{"type":"boolean","description":"If true, the account's size cannot exceed the quota limit."},"name":{"type":"string","description":"The name of the object store account. Changing this forces a new resource."},"objectCount":{"type":"integer","description":"The count of objects within the account."},"quotaLimit":{"type":"integer","description":"The effective quota limit applied against the size of the account, in bytes."},"skipDefaultExport":{"type":"boolean","description":"When true, suppresses the default account export to _array_server at creation time. Use this when you manage exports explicitly via flashblade_object_store_account_export."},"space":{"$ref":"#/types/mica:index/ObjectStoreAccountSpace:ObjectStoreAccountSpace","description":"Storage space breakdown (read-only, API-managed)."}},"type":"object"}},"mica:index/objectStoreAccountExport:ObjectStoreAccountExport":{"properties":{"accountName":{"type":"string","description":"The name of the object store account to export. Changing this forces a new resource."},"enabled":{"type":"boolean","description":"Whether the export is enabled. Defaults to true."},"name":{"type":"string","description":"The combined name of the export (e.g. 'account/export_name')."},"policyName":{"type":"string","description":"The name of the S3 export policy to apply to the export."},"serverName":{"type":"string","description":"The name of the server to export to. Changing this forces a new resource."}},"required":["accountName","enabled","name","policyName","serverName"],"inputProperties":{"accountName":{"type":"string","description":"The name of the object store account to export. Changing this forces a new resource."},"enabled":{"type":"boolean","description":"Whether the export is enabled. Defaults to true."},"policyName":{"type":"string","description":"The name of the S3 export policy to apply to the export."},"serverName":{"type":"string","description":"The name of the server to export to. Changing this forces a new resource."}},"requiredInputs":["accountName","policyName","serverName"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreAccountExport resources.\n","properties":{"accountName":{"type":"string","description":"The name of the object store account to export. Changing this forces a new resource."},"enabled":{"type":"boolean","description":"Whether the export is enabled. Defaults to true."},"name":{"type":"string","description":"The combined name of the export (e.g. 'account/export_name')."},"policyName":{"type":"string","description":"The name of the S3 export policy to apply to the export."},"serverName":{"type":"string","description":"The name of the server to export to. Changing this forces a new resource."}},"type":"object"}},"mica:index/objectStoreRemoteCredentials:ObjectStoreRemoteCredentials":{"properties":{"accessKeyId":{"type":"string","description":"The access key ID for the remote S3 credentials.","secret":true},"name":{"type":"string","description":"The name of the remote credentials. Changing this forces a new resource."},"remoteName":{"type":"string","description":"The name of the remote array connection. Populated automatically from the API response. Changing this forces a new resource."},"secretAccessKey":{"type":"string","description":"The secret access key for the remote S3 credentials.","secret":true},"targetName":{"type":"string","description":"The name of the target (S3-compatible endpoint). Mutually exclusive with remote_name. Changing this forces a new resource."}},"required":["accessKeyId","name","remoteName","secretAccessKey"],"inputProperties":{"accessKeyId":{"type":"string","description":"The access key ID for the remote S3 credentials.","secret":true},"name":{"type":"string","description":"The name of the remote credentials. Changing this forces a new resource."},"remoteName":{"type":"string","description":"The name of the remote array connection. Populated automatically from the API response. Changing this forces a new resource."},"secretAccessKey":{"type":"string","description":"The secret access key for the remote S3 credentials.","secret":true},"targetName":{"type":"string","description":"The name of the target (S3-compatible endpoint). Mutually exclusive with remote_name. Changing this forces a new resource."}},"requiredInputs":["accessKeyId","name","secretAccessKey"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreRemoteCredentials resources.\n","properties":{"accessKeyId":{"type":"string","description":"The access key ID for the remote S3 credentials.","secret":true},"name":{"type":"string","description":"The name of the remote credentials. Changing this forces a new resource."},"remoteName":{"type":"string","description":"The name of the remote array connection. Populated automatically from the API response. Changing this forces a new resource."},"secretAccessKey":{"type":"string","description":"The secret access key for the remote S3 credentials.","secret":true},"targetName":{"type":"string","description":"The name of the target (S3-compatible endpoint). Mutually exclusive with remote_name. Changing this forces a new resource."}},"type":"object"}},"mica:index/objectStoreUser:ObjectStoreUser":{"properties":{"fullAccess":{"type":"boolean","description":"If true, the user has full access to all object store operations. Defaults to false."},"name":{"type":"string","description":"The name of the object store user in the format account/username. Changing this forces a new resource."}},"required":["fullAccess","name"],"inputProperties":{"fullAccess":{"type":"boolean","description":"If true, the user has full access to all object store operations. Defaults to false."},"name":{"type":"string","description":"The name of the object store user in the format account/username. Changing this forces a new resource."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreUser resources.\n","properties":{"fullAccess":{"type":"boolean","description":"If true, the user has full access to all object store operations. Defaults to false."},"name":{"type":"string","description":"The name of the object store user in the format account/username. Changing this forces a new resource."}},"type":"object"}},"mica:index/objectStoreUserPolicy:ObjectStoreUserPolicy":{"properties":{"policyName":{"type":"string","description":"The name of the object store access policy. Changing this forces a new resource."},"userName":{"type":"string","description":"The name of the object store user (format: account/username). Changing this forces a new resource."}},"required":["policyName","userName"],"inputProperties":{"policyName":{"type":"string","description":"The name of the object store access policy. Changing this forces a new resource."},"userName":{"type":"string","description":"The name of the object store user (format: account/username). Changing this forces a new resource."}},"requiredInputs":["policyName","userName"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreUserPolicy resources.\n","properties":{"policyName":{"type":"string","description":"The name of the object store access policy. Changing this forces a new resource."},"userName":{"type":"string","description":"The name of the object store user (format: account/username). Changing this forces a new resource."}},"type":"object"}},"mica:index/objectStoreVirtualHost:ObjectStoreVirtualHost":{"properties":{"attachedServers":{"type":"array","items":{"type":"string"},"description":"List of server names attached to this virtual host. The API may auto-attach the default array server."},"hostname":{"type":"string","description":"The hostname (FQDN) for the virtual-hosted-style S3 endpoint."},"name":{"type":"string","description":"The user-specified name of the virtual host. Must contain only alphanumeric characters, hyphens, and underscores."}},"required":["attachedServers","hostname","name"],"inputProperties":{"attachedServers":{"type":"array","items":{"type":"string"},"description":"List of server names attached to this virtual host. The API may auto-attach the default array server."},"hostname":{"type":"string","description":"The hostname (FQDN) for the virtual-hosted-style S3 endpoint."},"name":{"type":"string","description":"The user-specified name of the virtual host. Must contain only alphanumeric characters, hyphens, and underscores."}},"requiredInputs":["hostname","name"],"stateInputs":{"description":"Input properties used for looking up and filtering ObjectStoreVirtualHost resources.\n","properties":{"attachedServers":{"type":"array","items":{"type":"string"},"description":"List of server names attached to this virtual host. The API may auto-attach the default array server."},"hostname":{"type":"string","description":"The hostname (FQDN) for the virtual-hosted-style S3 endpoint."},"name":{"type":"string","description":"The user-specified name of the virtual host. Must contain only alphanumeric characters, hyphens, and underscores."}},"type":"object"}},"mica:index/qosPolicy:QosPolicy":{"properties":{"context":{"$ref":"#/types/mica:index/QosPolicyContext:QosPolicyContext","description":"The workload context that owns this QoS policy (read-only, API-managed). Populated by the API when the policy is associated with a workload context."},"enabled":{"type":"boolean","description":"Whether the QoS policy is enabled. Defaults to true."},"isLocal":{"type":"boolean","description":"Whether the QoS policy is local to this array. Read-only."},"maxTotalBytesPerSec":{"type":"integer","description":"Maximum total bandwidth in bytes per second."},"maxTotalOpsPerSec":{"type":"integer","description":"Maximum total operations (IOPS) per second."},"name":{"type":"string","description":"The name of the QoS policy. Changing this forces a new resource."},"policyType":{"type":"string","description":"The type of the QoS policy (e.g. bandwidth-limit). Read-only."}},"required":["context","enabled","isLocal","name","policyType"],"inputProperties":{"enabled":{"type":"boolean","description":"Whether the QoS policy is enabled. Defaults to true."},"maxTotalBytesPerSec":{"type":"integer","description":"Maximum total bandwidth in bytes per second."},"maxTotalOpsPerSec":{"type":"integer","description":"Maximum total operations (IOPS) per second."},"name":{"type":"string","description":"The name of the QoS policy. Changing this forces a new resource."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering QosPolicy resources.\n","properties":{"context":{"$ref":"#/types/mica:index/QosPolicyContext:QosPolicyContext","description":"The workload context that owns this QoS policy (read-only, API-managed). Populated by the API when the policy is associated with a workload context."},"enabled":{"type":"boolean","description":"Whether the QoS policy is enabled. Defaults to true."},"isLocal":{"type":"boolean","description":"Whether the QoS policy is local to this array. Read-only."},"maxTotalBytesPerSec":{"type":"integer","description":"Maximum total bandwidth in bytes per second."},"maxTotalOpsPerSec":{"type":"integer","description":"Maximum total operations (IOPS) per second."},"name":{"type":"string","description":"The name of the QoS policy. Changing this forces a new resource."},"policyType":{"type":"string","description":"The type of the QoS policy (e.g. bandwidth-limit). Read-only."}},"type":"object"}},"mica:index/qosPolicyMember:QosPolicyMember":{"properties":{"memberName":{"type":"string","description":"The name of the file system or realm to assign. Changing this forces a new resource."},"memberType":{"type":"string","description":"The type of the member. Valid values: file-systems, realms. Note: buckets are not supported by the FlashBlade API."},"policyName":{"type":"string","description":"The name of the QoS policy. Changing this forces a new resource."}},"required":["memberName","memberType","policyName"],"inputProperties":{"memberName":{"type":"string","description":"The name of the file system or realm to assign. Changing this forces a new resource."},"memberType":{"type":"string","description":"The type of the member. Valid values: file-systems, realms. Note: buckets are not supported by the FlashBlade API."},"policyName":{"type":"string","description":"The name of the QoS policy. Changing this forces a new resource."}},"requiredInputs":["memberName","memberType","policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering QosPolicyMember resources.\n","properties":{"memberName":{"type":"string","description":"The name of the file system or realm to assign. Changing this forces a new resource."},"memberType":{"type":"string","description":"The type of the member. Valid values: file-systems, realms. Note: buckets are not supported by the FlashBlade API."},"policyName":{"type":"string","description":"The name of the QoS policy. Changing this forces a new resource."}},"type":"object"}},"mica:index/quotaGroup:QuotaGroup":{"properties":{"fileSystemName":{"type":"string","description":"Name of the file system this quota applies to. Changing this forces a new resource."},"gid":{"type":"string","description":"Group ID (GID) the quota applies to. Changing this forces a new resource."},"quota":{"type":"integer","description":"Quota limit in bytes."},"usage":{"type":"integer","description":"Current usage in bytes (read-only, API-managed)."}},"required":["fileSystemName","gid","quota","usage"],"inputProperties":{"fileSystemName":{"type":"string","description":"Name of the file system this quota applies to. Changing this forces a new resource."},"gid":{"type":"string","description":"Group ID (GID) the quota applies to. Changing this forces a new resource."},"quota":{"type":"integer","description":"Quota limit in bytes."}},"requiredInputs":["fileSystemName","gid","quota"],"stateInputs":{"description":"Input properties used for looking up and filtering QuotaGroup resources.\n","properties":{"fileSystemName":{"type":"string","description":"Name of the file system this quota applies to. Changing this forces a new resource."},"gid":{"type":"string","description":"Group ID (GID) the quota applies to. Changing this forces a new resource."},"quota":{"type":"integer","description":"Quota limit in bytes."},"usage":{"type":"integer","description":"Current usage in bytes (read-only, API-managed)."}},"type":"object"}},"mica:index/quotaUser:QuotaUser":{"properties":{"fileSystemName":{"type":"string","description":"Name of the file system this quota applies to. Changing this forces a new resource."},"quota":{"type":"integer","description":"Quota limit in bytes."},"uid":{"type":"string","description":"User ID (UID) the quota applies to. Changing this forces a new resource."},"usage":{"type":"integer","description":"Current usage in bytes (read-only, API-managed)."}},"required":["fileSystemName","quota","uid","usage"],"inputProperties":{"fileSystemName":{"type":"string","description":"Name of the file system this quota applies to. Changing this forces a new resource."},"quota":{"type":"integer","description":"Quota limit in bytes."},"uid":{"type":"string","description":"User ID (UID) the quota applies to. Changing this forces a new resource."}},"requiredInputs":["fileSystemName","quota","uid"],"stateInputs":{"description":"Input properties used for looking up and filtering QuotaUser resources.\n","properties":{"fileSystemName":{"type":"string","description":"Name of the file system this quota applies to. Changing this forces a new resource."},"quota":{"type":"integer","description":"Quota limit in bytes."},"uid":{"type":"string","description":"User ID (UID) the quota applies to. Changing this forces a new resource."},"usage":{"type":"integer","description":"Current usage in bytes (read-only, API-managed)."}},"type":"object"}},"mica:index/s3ExportPolicy:S3ExportPolicy":{"properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the S3 export policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 's3-export')."},"version":{"type":"string","description":"The version token that changes on each policy update."}},"required":["enabled","isLocal","name","policyType","version"],"inputProperties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"name":{"type":"string","description":"The name of the S3 export policy. Can be changed in-place via PATCH (rename)."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering S3ExportPolicy resources.\n","properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the S3 export policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 's3-export')."},"version":{"type":"string","description":"The version token that changes on each policy update."}},"type":"object"}},"mica:index/s3ExportPolicyRule:S3ExportPolicyRule":{"properties":{"actions":{"type":"array","items":{"type":"string"},"description":"The S3 actions this rule applies to (e.g. 's3:GetObject')."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'. Can be updated in-place."},"index":{"type":"integer","description":"The server-assigned ordering index for this rule within the policy. Used for import."},"name":{"type":"string","description":"The rule name. Passed as ?names= query param on POST."},"policyName":{"type":"string","description":"The name of the S3 export policy this rule belongs to. Changing this forces a new resource."},"resources":{"type":"array","items":{"type":"string"},"description":"The S3 resources this rule applies to (e.g. '*')."}},"required":["actions","effect","index","name","policyName","resources"],"inputProperties":{"actions":{"type":"array","items":{"type":"string"},"description":"The S3 actions this rule applies to (e.g. 's3:GetObject')."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'. Can be updated in-place."},"name":{"type":"string","description":"The rule name. Passed as ?names= query param on POST."},"policyName":{"type":"string","description":"The name of the S3 export policy this rule belongs to. Changing this forces a new resource."},"resources":{"type":"array","items":{"type":"string"},"description":"The S3 resources this rule applies to (e.g. '*')."}},"requiredInputs":["actions","effect","name","policyName","resources"],"stateInputs":{"description":"Input properties used for looking up and filtering S3ExportPolicyRule resources.\n","properties":{"actions":{"type":"array","items":{"type":"string"},"description":"The S3 actions this rule applies to (e.g. 's3:GetObject')."},"effect":{"type":"string","description":"The effect of the rule: 'allow' or 'deny'. Can be updated in-place."},"index":{"type":"integer","description":"The server-assigned ordering index for this rule within the policy. Used for import."},"name":{"type":"string","description":"The rule name. Passed as ?names= query param on POST."},"policyName":{"type":"string","description":"The name of the S3 export policy this rule belongs to. Changing this forces a new resource."},"resources":{"type":"array","items":{"type":"string"},"description":"The S3 resources this rule applies to (e.g. '*')."}},"type":"object"}},"mica:index/server:Server":{"properties":{"cascadeDeletes":{"type":"array","items":{"type":"string"},"description":"List of export names to cascade-delete when destroying this server. Used only on delete, not stored in API state."},"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the server was created."},"directoryServices":{"type":"array","items":{"type":"string"},"description":"List of directory service names associated with this server."},"dns":{"type":"array","items":{"type":"string"},"description":"List of DNS configuration names associated with this server."},"name":{"type":"string","description":"The name of the server. Changing this forces a new resource."},"networkInterfaces":{"type":"array","items":{"type":"string"},"description":"Names of network interfaces (VIPs) attached to this server. Discovered automatically from the array."}},"required":["created","directoryServices","dns","name","networkInterfaces"],"inputProperties":{"cascadeDeletes":{"type":"array","items":{"type":"string"},"description":"List of export names to cascade-delete when destroying this server. Used only on delete, not stored in API state."},"dns":{"type":"array","items":{"type":"string"},"description":"List of DNS configuration names associated with this server."},"name":{"type":"string","description":"The name of the server. Changing this forces a new resource."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering Server resources.\n","properties":{"cascadeDeletes":{"type":"array","items":{"type":"string"},"description":"List of export names to cascade-delete when destroying this server. Used only on delete, not stored in API state."},"created":{"type":"integer","description":"Unix timestamp (milliseconds) when the server was created."},"directoryServices":{"type":"array","items":{"type":"string"},"description":"List of directory service names associated with this server."},"dns":{"type":"array","items":{"type":"string"},"description":"List of DNS configuration names associated with this server."},"name":{"type":"string","description":"The name of the server. Changing this forces a new resource."},"networkInterfaces":{"type":"array","items":{"type":"string"},"description":"Names of network interfaces (VIPs) attached to this server. Discovered automatically from the array."}},"type":"object"}},"mica:index/smbClientPolicy:SmbClientPolicy":{"properties":{"accessBasedEnumerationEnabled":{"type":"boolean","description":"If true, access-based enumeration is enabled for this policy."},"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the SMB client policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'smb')."},"version":{"type":"string","description":"The version of the SMB client policy (read-only, server-assigned)."},"workload":{"$ref":"#/types/mica:index/SmbClientPolicyWorkload:SmbClientPolicyWorkload","description":"The workload that owns this SMB client policy (read-only, API-managed). Populated by the API when the policy is associated with a workload."}},"required":["accessBasedEnumerationEnabled","enabled","isLocal","name","policyType","version","workload"],"inputProperties":{"accessBasedEnumerationEnabled":{"type":"boolean","description":"If true, access-based enumeration is enabled for this policy."},"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"name":{"type":"string","description":"The name of the SMB client policy. Can be changed in-place via PATCH (rename)."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering SmbClientPolicy resources.\n","properties":{"accessBasedEnumerationEnabled":{"type":"boolean","description":"If true, access-based enumeration is enabled for this policy."},"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the SMB client policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'smb')."},"version":{"type":"string","description":"The version of the SMB client policy (read-only, server-assigned)."},"workload":{"$ref":"#/types/mica:index/SmbClientPolicyWorkload:SmbClientPolicyWorkload","description":"The workload that owns this SMB client policy (read-only, API-managed). Populated by the API when the policy is associated with a workload."}},"type":"object"}},"mica:index/smbClientPolicyRule:SmbClientPolicyRule":{"properties":{"client":{"type":"string","description":"The client match expression (e.g. '*', '10.0.0.0/8')."},"encryption":{"type":"string","description":"Encryption requirement: 'optional', 'required', or 'disabled'."},"index":{"type":"integer","description":"The server-assigned rule index within the policy."},"name":{"type":"string","description":"The server-assigned rule name (stable identifier). Used for import and PATCH/DELETE API calls."},"permission":{"type":"string","description":"Permission level: 'rw' or 'ro'."},"policyName":{"type":"string","description":"The name of the SMB client policy this rule belongs to. Changing this forces a new resource."}},"required":["client","encryption","index","name","permission","policyName"],"inputProperties":{"client":{"type":"string","description":"The client match expression (e.g. '*', '10.0.0.0/8')."},"encryption":{"type":"string","description":"Encryption requirement: 'optional', 'required', or 'disabled'."},"permission":{"type":"string","description":"Permission level: 'rw' or 'ro'."},"policyName":{"type":"string","description":"The name of the SMB client policy this rule belongs to. Changing this forces a new resource."}},"requiredInputs":["client","policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering SmbClientPolicyRule resources.\n","properties":{"client":{"type":"string","description":"The client match expression (e.g. '*', '10.0.0.0/8')."},"encryption":{"type":"string","description":"Encryption requirement: 'optional', 'required', or 'disabled'."},"index":{"type":"integer","description":"The server-assigned rule index within the policy."},"name":{"type":"string","description":"The server-assigned rule name (stable identifier). Used for import and PATCH/DELETE API calls."},"permission":{"type":"string","description":"Permission level: 'rw' or 'ro'."},"policyName":{"type":"string","description":"The name of the SMB client policy this rule belongs to. Changing this forces a new resource."}},"type":"object"}},"mica:index/smbSharePolicy:SmbSharePolicy":{"properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the SMB share policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'smb')."},"workload":{"$ref":"#/types/mica:index/SmbSharePolicyWorkload:SmbSharePolicyWorkload","description":"The workload that owns this SMB share policy (read-only, API-managed). Populated by the API when the policy is associated with a workload."}},"required":["enabled","isLocal","name","policyType","workload"],"inputProperties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"name":{"type":"string","description":"The name of the SMB share policy. Can be changed in-place via PATCH (rename)."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering SmbSharePolicy resources.\n","properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the SMB share policy. Can be changed in-place via PATCH (rename)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'smb')."},"workload":{"$ref":"#/types/mica:index/SmbSharePolicyWorkload:SmbSharePolicyWorkload","description":"The workload that owns this SMB share policy (read-only, API-managed). Populated by the API when the policy is associated with a workload."}},"type":"object"}},"mica:index/smbSharePolicyRule:SmbSharePolicyRule":{"properties":{"change":{"type":"string","description":"Permission to change files/directories: 'allow' or 'deny'."},"fullControl":{"type":"string","description":"Full control permission: 'allow' or 'deny'."},"name":{"type":"string","description":"The server-assigned rule name (stable identifier). Used for import and PATCH/DELETE API calls."},"policyName":{"type":"string","description":"The name of the SMB share policy this rule belongs to. Changing this forces a new resource."},"principal":{"type":"string","description":"The user or group principal this rule applies to (e.g. 'Everyone', 'DOMAIN\\user')."},"read":{"type":"string","description":"Read permission: 'allow' or 'deny'."}},"required":["change","fullControl","name","policyName","principal","read"],"inputProperties":{"change":{"type":"string","description":"Permission to change files/directories: 'allow' or 'deny'."},"fullControl":{"type":"string","description":"Full control permission: 'allow' or 'deny'."},"policyName":{"type":"string","description":"The name of the SMB share policy this rule belongs to. Changing this forces a new resource."},"principal":{"type":"string","description":"The user or group principal this rule applies to (e.g. 'Everyone', 'DOMAIN\\user')."},"read":{"type":"string","description":"Read permission: 'allow' or 'deny'."}},"requiredInputs":["policyName","principal"],"stateInputs":{"description":"Input properties used for looking up and filtering SmbSharePolicyRule resources.\n","properties":{"change":{"type":"string","description":"Permission to change files/directories: 'allow' or 'deny'."},"fullControl":{"type":"string","description":"Full control permission: 'allow' or 'deny'."},"name":{"type":"string","description":"The server-assigned rule name (stable identifier). Used for import and PATCH/DELETE API calls."},"policyName":{"type":"string","description":"The name of the SMB share policy this rule belongs to. Changing this forces a new resource."},"principal":{"type":"string","description":"The user or group principal this rule applies to (e.g. 'Everyone', 'DOMAIN\\user')."},"read":{"type":"string","description":"Read permission: 'allow' or 'deny'."}},"type":"object"}},"mica:index/snapshotPolicy:SnapshotPolicy":{"properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the snapshot policy. Changing this forces a new resource. Snapshot policy names cannot be renamed in-place (API limitation)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'snapshot')."},"retentionLock":{"type":"string","description":"The retention lock mode of the policy (e.g. 'none', 'ratcheted')."}},"required":["enabled","isLocal","name","policyType","retentionLock"],"inputProperties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"name":{"type":"string","description":"The name of the snapshot policy. Changing this forces a new resource. Snapshot policy names cannot be renamed in-place (API limitation)."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering SnapshotPolicy resources.\n","properties":{"enabled":{"type":"boolean","description":"If true, the policy is enabled and its rules are enforced."},"isLocal":{"type":"boolean","description":"If true, the policy is local to this array (not replicated)."},"name":{"type":"string","description":"The name of the snapshot policy. Changing this forces a new resource. Snapshot policy names cannot be renamed in-place (API limitation)."},"policyType":{"type":"string","description":"The type of the policy (e.g. 'snapshot')."},"retentionLock":{"type":"string","description":"The retention lock mode of the policy (e.g. 'none', 'ratcheted')."}},"type":"object"}},"mica:index/snapshotPolicyRule:SnapshotPolicyRule":{"properties":{"at":{"type":"integer","description":"Schedule: run at this epoch millisecond offset within the day."},"clientName":{"type":"string","description":"An optional client name pattern for this rule."},"every":{"type":"integer","description":"Schedule: run every N milliseconds (e.g. 86400000 for daily)."},"keepFor":{"type":"integer","description":"Retention: keep snapshots for this many milliseconds (e.g. 604800000 for 7 days)."},"name":{"type":"string","description":"The server-assigned rule identifier within the policy."},"policyName":{"type":"string","description":"The name of the snapshot policy this rule belongs to. Changing this forces a new resource."},"suffix":{"type":"string","description":"Read-only suffix appended to snapshot names created by this rule (assigned by the API, not configurable via add_rules)."}},"required":["at","clientName","every","keepFor","name","policyName","suffix"],"inputProperties":{"at":{"type":"integer","description":"Schedule: run at this epoch millisecond offset within the day."},"clientName":{"type":"string","description":"An optional client name pattern for this rule."},"every":{"type":"integer","description":"Schedule: run every N milliseconds (e.g. 86400000 for daily)."},"keepFor":{"type":"integer","description":"Retention: keep snapshots for this many milliseconds (e.g. 604800000 for 7 days)."},"policyName":{"type":"string","description":"The name of the snapshot policy this rule belongs to. Changing this forces a new resource."}},"requiredInputs":["policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering SnapshotPolicyRule resources.\n","properties":{"at":{"type":"integer","description":"Schedule: run at this epoch millisecond offset within the day."},"clientName":{"type":"string","description":"An optional client name pattern for this rule."},"every":{"type":"integer","description":"Schedule: run every N milliseconds (e.g. 86400000 for daily)."},"keepFor":{"type":"integer","description":"Retention: keep snapshots for this many milliseconds (e.g. 604800000 for 7 days)."},"name":{"type":"string","description":"The server-assigned rule identifier within the policy."},"policyName":{"type":"string","description":"The name of the snapshot policy this rule belongs to. Changing this forces a new resource."},"suffix":{"type":"string","description":"Read-only suffix appended to snapshot names created by this rule (assigned by the API, not configurable via add_rules)."}},"type":"object"}},"mica:index/snmpManager:SnmpManager":{"properties":{"host":{"type":"string","description":"DNS name or IP address (with optional :port) of the SNMP receiver."},"name":{"type":"string","description":"The name of the SNMP manager. Changing this forces a new resource."},"notification":{"type":"string","description":"Notification delivery mode: `inform` (acknowledged) or `trap` (fire-and-forget)."},"v2c":{"$ref":"#/types/mica:index/SnmpManagerV2c:SnmpManagerV2c","description":"SNMPv2c configuration. Required when `version = \"v2c\"`."},"v3":{"$ref":"#/types/mica:index/SnmpManagerV3:SnmpManagerV3","description":"SNMPv3 configuration. Required when `version = \"v3\"`."},"version":{"type":"string","description":"SNMP protocol version: `v2c` or `v3`. Switching in place is permitted (no resource replacement)."}},"required":["host","name","notification","v2c","v3","version"],"inputProperties":{"host":{"type":"string","description":"DNS name or IP address (with optional :port) of the SNMP receiver."},"name":{"type":"string","description":"The name of the SNMP manager. Changing this forces a new resource."},"notification":{"type":"string","description":"Notification delivery mode: `inform` (acknowledged) or `trap` (fire-and-forget)."},"v2c":{"$ref":"#/types/mica:index/SnmpManagerV2c:SnmpManagerV2c","description":"SNMPv2c configuration. Required when `version = \"v2c\"`."},"v3":{"$ref":"#/types/mica:index/SnmpManagerV3:SnmpManagerV3","description":"SNMPv3 configuration. Required when `version = \"v3\"`."},"version":{"type":"string","description":"SNMP protocol version: `v2c` or `v3`. Switching in place is permitted (no resource replacement)."}},"requiredInputs":["host","name","notification","version"],"stateInputs":{"description":"Input properties used for looking up and filtering SnmpManager resources.\n","properties":{"host":{"type":"string","description":"DNS name or IP address (with optional :port) of the SNMP receiver."},"name":{"type":"string","description":"The name of the SNMP manager. Changing this forces a new resource."},"notification":{"type":"string","description":"Notification delivery mode: `inform` (acknowledged) or `trap` (fire-and-forget)."},"v2c":{"$ref":"#/types/mica:index/SnmpManagerV2c:SnmpManagerV2c","description":"SNMPv2c configuration. Required when `version = \"v2c\"`."},"v3":{"$ref":"#/types/mica:index/SnmpManagerV3:SnmpManagerV3","description":"SNMPv3 configuration. Required when `version = \"v3\"`."},"version":{"type":"string","description":"SNMP protocol version: `v2c` or `v3`. Switching in place is permitted (no resource replacement)."}},"type":"object"}},"mica:index/subnet:Subnet":{"properties":{"enabled":{"type":"boolean","description":"Whether the subnet is enabled."},"gateway":{"type":"string","description":"IPv4 or IPv6 gateway address for the subnet."},"interfaces":{"type":"array","items":{"type":"string"},"description":"List of network interface names attached to this subnet."},"lagName":{"type":"string","description":"Name of the link aggregation group (LAG) this subnet is attached to."},"mtu":{"type":"integer","description":"Maximum transmission unit (MTU) in bytes. Defaults to 1500."},"name":{"type":"string","description":"The name of the subnet. Changing this forces a new resource."},"prefix":{"type":"string","description":"IPv4 or IPv6 subnet address in CIDR notation (e.g. 10.21.200.0/24)."},"services":{"type":"array","items":{"type":"string"},"description":"List of services associated with this subnet (e.g. data, replication)."},"vlan":{"type":"integer","description":"VLAN ID. 0 means untagged. Defaults to 0."}},"required":["enabled","gateway","interfaces","lagName","mtu","name","prefix","services","vlan"],"inputProperties":{"gateway":{"type":"string","description":"IPv4 or IPv6 gateway address for the subnet."},"lagName":{"type":"string","description":"Name of the link aggregation group (LAG) this subnet is attached to."},"mtu":{"type":"integer","description":"Maximum transmission unit (MTU) in bytes. Defaults to 1500."},"name":{"type":"string","description":"The name of the subnet. Changing this forces a new resource."},"prefix":{"type":"string","description":"IPv4 or IPv6 subnet address in CIDR notation (e.g. 10.21.200.0/24)."},"vlan":{"type":"integer","description":"VLAN ID. 0 means untagged. Defaults to 0."}},"requiredInputs":["name","prefix"],"stateInputs":{"description":"Input properties used for looking up and filtering Subnet resources.\n","properties":{"enabled":{"type":"boolean","description":"Whether the subnet is enabled."},"gateway":{"type":"string","description":"IPv4 or IPv6 gateway address for the subnet."},"interfaces":{"type":"array","items":{"type":"string"},"description":"List of network interface names attached to this subnet."},"lagName":{"type":"string","description":"Name of the link aggregation group (LAG) this subnet is attached to."},"mtu":{"type":"integer","description":"Maximum transmission unit (MTU) in bytes. Defaults to 1500."},"name":{"type":"string","description":"The name of the subnet. Changing this forces a new resource."},"prefix":{"type":"string","description":"IPv4 or IPv6 subnet address in CIDR notation (e.g. 10.21.200.0/24)."},"services":{"type":"array","items":{"type":"string"},"description":"List of services associated with this subnet (e.g. data, replication)."},"vlan":{"type":"integer","description":"VLAN ID. 0 means untagged. Defaults to 0."}},"type":"object"}},"mica:index/syslogServer:SyslogServer":{"properties":{"name":{"type":"string","description":"The name of the syslog server. Not renameable; changing forces replacement."},"services":{"type":"array","items":{"type":"string"},"description":"List of services to send to this syslog server. Valid values: data-audit, management."},"sources":{"type":"array","items":{"type":"string"},"description":"List of sources to send to this syslog server."},"uri":{"type":"string","description":"Syslog server URI in format PROTOCOL://HOST:PORT (e.g. udp://syslog.example.com:514)."}},"required":["name","services","sources","uri"],"inputProperties":{"name":{"type":"string","description":"The name of the syslog server. Not renameable; changing forces replacement."},"services":{"type":"array","items":{"type":"string"},"description":"List of services to send to this syslog server. Valid values: data-audit, management."},"sources":{"type":"array","items":{"type":"string"},"description":"List of sources to send to this syslog server."},"uri":{"type":"string","description":"Syslog server URI in format PROTOCOL://HOST:PORT (e.g. udp://syslog.example.com:514)."}},"requiredInputs":["name","uri"],"stateInputs":{"description":"Input properties used for looking up and filtering SyslogServer resources.\n","properties":{"name":{"type":"string","description":"The name of the syslog server. Not renameable; changing forces replacement."},"services":{"type":"array","items":{"type":"string"},"description":"List of services to send to this syslog server. Valid values: data-audit, management."},"sources":{"type":"array","items":{"type":"string"},"description":"List of sources to send to this syslog server."},"uri":{"type":"string","description":"Syslog server URI in format PROTOCOL://HOST:PORT (e.g. udp://syslog.example.com:514)."}},"type":"object"}},"mica:index/target:Target":{"properties":{"address":{"type":"string","description":"The hostname or IP address of the target S3 endpoint."},"caCertificateGroup":{"type":"string","description":"The CA certificate group used by the target (read-only, managed by the array)."},"name":{"type":"string","description":"The name of the target. Changing this forces a new resource."},"status":{"type":"string","description":"The connection status of the target (e.g. connected, connecting, error)."},"statusDetails":{"type":"string","description":"Additional details about the connection status."}},"required":["address","caCertificateGroup","name","status","statusDetails"],"inputProperties":{"address":{"type":"string","description":"The hostname or IP address of the target S3 endpoint."},"name":{"type":"string","description":"The name of the target. Changing this forces a new resource."}},"requiredInputs":["address","name"],"stateInputs":{"description":"Input properties used for looking up and filtering Target resources.\n","properties":{"address":{"type":"string","description":"The hostname or IP address of the target S3 endpoint."},"caCertificateGroup":{"type":"string","description":"The CA certificate group used by the target (read-only, managed by the array)."},"name":{"type":"string","description":"The name of the target. Changing this forces a new resource."},"status":{"type":"string","description":"The connection status of the target (e.g. connected, connecting, error)."},"statusDetails":{"type":"string","description":"Additional details about the connection status."}},"type":"object"}},"mica:index/tlsPolicy:TlsPolicy":{"properties":{"applianceCertificate":{"type":"string","description":"The name of the certificate used by the appliance for TLS connections."},"clientCertificatesRequired":{"type":"boolean","description":"When true, clients must present a certificate for mTLS. Defaults to false."},"disabledTlsCiphers":{"type":"array","items":{"type":"string"},"description":"List of TLS cipher suites to disable."},"enabled":{"type":"boolean","description":"Whether the TLS policy is enabled. Defaults to true."},"enabledTlsCiphers":{"type":"array","items":{"type":"string"},"description":"List of explicitly enabled TLS cipher suites."},"isLocal":{"type":"boolean","description":"Whether this TLS policy is local to the array."},"minTlsVersion":{"type":"string","description":"The minimum TLS version required (e.g. TLSv1.2, TLSv1.3)."},"name":{"type":"string","description":"The name of the TLS policy. Changing this forces a new resource."},"policyType":{"type":"string","description":"The type of the TLS policy."},"trustedClientCertificateAuthority":{"type":"string","description":"The name of the certificate authority used to verify client certificates for mTLS."},"verifyClientCertificateTrust":{"type":"boolean","description":"When true, client certificates are verified against the trusted CA."}},"required":["clientCertificatesRequired","disabledTlsCiphers","enabled","enabledTlsCiphers","isLocal","minTlsVersion","name","policyType","trustedClientCertificateAuthority","verifyClientCertificateTrust"],"inputProperties":{"applianceCertificate":{"type":"string","description":"The name of the certificate used by the appliance for TLS connections."},"clientCertificatesRequired":{"type":"boolean","description":"When true, clients must present a certificate for mTLS. Defaults to false."},"disabledTlsCiphers":{"type":"array","items":{"type":"string"},"description":"List of TLS cipher suites to disable."},"enabled":{"type":"boolean","description":"Whether the TLS policy is enabled. Defaults to true."},"enabledTlsCiphers":{"type":"array","items":{"type":"string"},"description":"List of explicitly enabled TLS cipher suites."},"minTlsVersion":{"type":"string","description":"The minimum TLS version required (e.g. TLSv1.2, TLSv1.3)."},"name":{"type":"string","description":"The name of the TLS policy. Changing this forces a new resource."},"trustedClientCertificateAuthority":{"type":"string","description":"The name of the certificate authority used to verify client certificates for mTLS."},"verifyClientCertificateTrust":{"type":"boolean","description":"When true, client certificates are verified against the trusted CA."}},"requiredInputs":["name"],"stateInputs":{"description":"Input properties used for looking up and filtering TlsPolicy resources.\n","properties":{"applianceCertificate":{"type":"string","description":"The name of the certificate used by the appliance for TLS connections."},"clientCertificatesRequired":{"type":"boolean","description":"When true, clients must present a certificate for mTLS. Defaults to false."},"disabledTlsCiphers":{"type":"array","items":{"type":"string"},"description":"List of TLS cipher suites to disable."},"enabled":{"type":"boolean","description":"Whether the TLS policy is enabled. Defaults to true."},"enabledTlsCiphers":{"type":"array","items":{"type":"string"},"description":"List of explicitly enabled TLS cipher suites."},"isLocal":{"type":"boolean","description":"Whether this TLS policy is local to the array."},"minTlsVersion":{"type":"string","description":"The minimum TLS version required (e.g. TLSv1.2, TLSv1.3)."},"name":{"type":"string","description":"The name of the TLS policy. Changing this forces a new resource."},"policyType":{"type":"string","description":"The type of the TLS policy."},"trustedClientCertificateAuthority":{"type":"string","description":"The name of the certificate authority used to verify client certificates for mTLS."},"verifyClientCertificateTrust":{"type":"boolean","description":"When true, client certificates are verified against the trusted CA."}},"type":"object"}},"mica:index/tlsPolicyMember:TlsPolicyMember":{"properties":{"memberName":{"type":"string","description":"The name of the network interface to assign. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the TLS policy. Changing this forces a new resource."}},"required":["memberName","policyName"],"inputProperties":{"memberName":{"type":"string","description":"The name of the network interface to assign. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the TLS policy. Changing this forces a new resource."}},"requiredInputs":["memberName","policyName"],"stateInputs":{"description":"Input properties used for looking up and filtering TlsPolicyMember resources.\n","properties":{"memberName":{"type":"string","description":"The name of the network interface to assign. Changing this forces a new resource."},"policyName":{"type":"string","description":"The name of the TLS policy. Changing this forces a new resource."}},"type":"object"}},"mica:index/workload:Workload":{"properties":{"context":{"$ref":"#/types/mica:index/WorkloadContext:WorkloadContext","description":"The fleet context that owns this workload (read-only, API-managed)."},"created":{"type":"integer","description":"The workload creation time, measured in milliseconds since the UNIX epoch."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true, permanently eradicates the workload on destroy (two-phase: soft-delete then eradicate). When false, only soft-deletes the workload (leaves it in the destroyed queue)."},"destroyed":{"type":"boolean","description":"True if the workload has been soft-deleted and is pending eradication."},"name":{"type":"string","description":"The name of the workload. Changing this forces a new resource."},"parameters":{"type":"array","items":{"$ref":"#/types/mica:index/WorkloadParameter:WorkloadParameter"},"description":"Parameter values to pass to the preset when creating the workload. Changing this forces a new resource."},"presetName":{"type":"string","description":"The name of the preset to deploy this workload from. Changing this forces a new resource."},"status":{"type":"string","description":"The workload status (e.g. creating, ready, destroying, destroyed, eradicating, recovering)."},"statusDetails":{"type":"array","items":{"type":"string"},"description":"Additional information about the workload status."},"timeRemaining":{"type":"integer","description":"Time remaining in milliseconds before the destroyed workload is permanently eradicated."}},"required":["context","created","destroyEradicateOnDelete","destroyed","name","presetName","status","statusDetails","timeRemaining"],"inputProperties":{"destroyEradicateOnDelete":{"type":"boolean","description":"When true, permanently eradicates the workload on destroy (two-phase: soft-delete then eradicate). When false, only soft-deletes the workload (leaves it in the destroyed queue)."},"name":{"type":"string","description":"The name of the workload. Changing this forces a new resource."},"parameters":{"type":"array","items":{"$ref":"#/types/mica:index/WorkloadParameter:WorkloadParameter"},"description":"Parameter values to pass to the preset when creating the workload. Changing this forces a new resource."},"presetName":{"type":"string","description":"The name of the preset to deploy this workload from. Changing this forces a new resource."}},"requiredInputs":["name","presetName"],"stateInputs":{"description":"Input properties used for looking up and filtering Workload resources.\n","properties":{"context":{"$ref":"#/types/mica:index/WorkloadContext:WorkloadContext","description":"The fleet context that owns this workload (read-only, API-managed)."},"created":{"type":"integer","description":"The workload creation time, measured in milliseconds since the UNIX epoch."},"destroyEradicateOnDelete":{"type":"boolean","description":"When true, permanently eradicates the workload on destroy (two-phase: soft-delete then eradicate). When false, only soft-deletes the workload (leaves it in the destroyed queue)."},"destroyed":{"type":"boolean","description":"True if the workload has been soft-deleted and is pending eradication."},"name":{"type":"string","description":"The name of the workload. Changing this forces a new resource."},"parameters":{"type":"array","items":{"$ref":"#/types/mica:index/WorkloadParameter:WorkloadParameter"},"description":"Parameter values to pass to the preset when creating the workload. Changing this forces a new resource."},"presetName":{"type":"string","description":"The name of the preset to deploy this workload from. Changing this forces a new resource."},"status":{"type":"string","description":"The workload status (e.g. creating, ready, destroying, destroyed, eradicating, recovering)."},"statusDetails":{"type":"array","items":{"type":"string"},"description":"Additional information about the workload status."},"timeRemaining":{"type":"integer","description":"Time remaining in milliseconds before the destroyed workload is permanently eradicated."}},"type":"object"}}},"functions":{"mica:index/getArrayConnection:getArrayConnection":{"inputs":{"description":"A collection of arguments for invoking getArrayConnection.\n","properties":{"remoteName":{"type":"string"}},"type":"object","required":["remoteName"]},"outputs":{"description":"A collection of values returned by getArrayConnection.\n","properties":{"caCertificateGroup":{"type":"string"},"encrypted":{"type":"boolean"},"id":{"type":"string"},"managementAddress":{"type":"string"},"os":{"type":"string"},"remoteId":{"type":"string"},"remoteName":{"type":"string"},"replicationAddresses":{"items":{"type":"string"},"type":"array"},"status":{"type":"string"},"type":{"type":"string"},"version":{"type":"string"}},"required":["caCertificateGroup","encrypted","id","managementAddress","os","remoteId","remoteName","replicationAddresses","status","type","version"],"type":"object"}},"mica:index/getArrayDns:getArrayDns":{"inputs":{"description":"A collection of arguments for invoking getArrayDns.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getArrayDns.\n","properties":{"domain":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"nameservers":{"items":{"type":"string"},"type":"array"},"services":{"items":{"type":"string"},"type":"array"},"sources":{"items":{"type":"string"},"type":"array"}},"required":["domain","id","name","nameservers","services","sources"],"type":"object"}},"mica:index/getArrayNtp:getArrayNtp":{"outputs":{"description":"A collection of values returned by getArrayNtp.\n","properties":{"id":{"type":"string"},"ntpServers":{"items":{"type":"string"},"type":"array"}},"required":["id","ntpServers"],"type":"object"}},"mica:index/getArraySmtp:getArraySmtp":{"outputs":{"description":"A collection of values returned by getArraySmtp.\n","properties":{"alertWatchers":{"items":{"$ref":"#/types/mica:index/getArraySmtpAlertWatcher:getArraySmtpAlertWatcher"},"type":"array"},"encryptionMode":{"type":"string"},"id":{"type":"string"},"relayHost":{"type":"string"},"senderDomain":{"type":"string"}},"required":["alertWatchers","encryptionMode","id","relayHost","senderDomain"],"type":"object"}},"mica:index/getAuditObjectStorePolicy:getAuditObjectStorePolicy":{"inputs":{"description":"A collection of arguments for invoking getAuditObjectStorePolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getAuditObjectStorePolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"logTargets":{"items":{"type":"string"},"type":"array"},"name":{"type":"string"},"policyType":{"type":"string"}},"required":["enabled","id","isLocal","logTargets","name","policyType"],"type":"object"}},"mica:index/getBucket:getBucket":{"inputs":{"description":"A collection of arguments for invoking getBucket.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getBucket.\n","properties":{"account":{"type":"string"},"bucketType":{"type":"string"},"created":{"type":"integer"},"destroyed":{"type":"boolean"},"hardLimitEnabled":{"type":"boolean"},"id":{"type":"string"},"name":{"type":"string"},"objectCount":{"type":"integer"},"quotaLimit":{"type":"integer"},"retentionLock":{"type":"string"},"space":{"$ref":"#/types/mica:index/getBucketSpace:getBucketSpace"},"timeRemaining":{"type":"integer"},"versioning":{"type":"string"}},"required":["account","bucketType","created","destroyed","hardLimitEnabled","id","name","objectCount","quotaLimit","retentionLock","space","timeRemaining","versioning"],"type":"object"}},"mica:index/getBucketAccessPolicy:getBucketAccessPolicy":{"inputs":{"description":"A collection of arguments for invoking getBucketAccessPolicy.\n","properties":{"bucketName":{"type":"string"}},"type":"object","required":["bucketName"]},"outputs":{"description":"A collection of values returned by getBucketAccessPolicy.\n","properties":{"bucketName":{"type":"string"},"enabled":{"type":"boolean"},"id":{"type":"string"},"ruleCount":{"type":"integer"}},"required":["bucketName","enabled","id","ruleCount"],"type":"object"}},"mica:index/getBucketAuditFilter:getBucketAuditFilter":{"inputs":{"description":"A collection of arguments for invoking getBucketAuditFilter.\n","properties":{"bucketName":{"type":"string"}},"type":"object","required":["bucketName"]},"outputs":{"description":"A collection of values returned by getBucketAuditFilter.\n","properties":{"actions":{"items":{"type":"string"},"type":"array"},"bucketName":{"type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"s3Prefixes":{"items":{"type":"string"},"type":"array"}},"required":["actions","bucketName","s3Prefixes","id"],"type":"object"}},"mica:index/getBucketReplicaLink:getBucketReplicaLink":{"inputs":{"description":"A collection of arguments for invoking getBucketReplicaLink.\n","properties":{"id":{"type":"string"},"localBucketName":{"type":"string"},"remoteBucketName":{"type":"string"},"remoteCredentialsName":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getBucketReplicaLink.\n","properties":{"cascadingEnabled":{"type":"boolean"},"direction":{"type":"string"},"id":{"type":"string"},"lag":{"type":"integer"},"localBucketName":{"type":"string"},"objectBacklogCount":{"type":"integer"},"objectBacklogTotalSize":{"type":"integer"},"paused":{"type":"boolean"},"recoveryPoint":{"type":"integer"},"remoteBucketName":{"type":"string"},"remoteCredentialsName":{"type":"string"},"remoteName":{"type":"string"},"status":{"type":"string"},"statusDetails":{"type":"string"}},"required":["cascadingEnabled","direction","id","lag","localBucketName","objectBacklogCount","objectBacklogTotalSize","paused","recoveryPoint","remoteBucketName","remoteCredentialsName","remoteName","status","statusDetails"],"type":"object"}},"mica:index/getCertificate:getCertificate":{"inputs":{"description":"A collection of arguments for invoking getCertificate.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getCertificate.\n","properties":{"certificate":{"type":"string"},"certificateType":{"type":"string"},"commonName":{"type":"string"},"country":{"type":"string"},"email":{"type":"string"},"id":{"type":"string"},"intermediateCertificate":{"type":"string"},"issuedBy":{"type":"string"},"issuedTo":{"type":"string"},"keyAlgorithm":{"type":"string"},"keySize":{"type":"integer"},"locality":{"type":"string"},"name":{"type":"string"},"organization":{"type":"string"},"organizationalUnit":{"type":"string"},"state":{"type":"string"},"status":{"type":"string"},"subjectAlternativeNames":{"items":{"type":"string"},"type":"array"},"validFrom":{"type":"integer"},"validTo":{"type":"integer"}},"required":["certificate","certificateType","commonName","country","email","id","intermediateCertificate","issuedBy","issuedTo","keyAlgorithm","keySize","locality","name","organization","organizationalUnit","state","status","subjectAlternativeNames","validFrom","validTo"],"type":"object"}},"mica:index/getCertificateGroup:getCertificateGroup":{"inputs":{"description":"A collection of arguments for invoking getCertificateGroup.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getCertificateGroup.\n","properties":{"id":{"type":"string"},"name":{"type":"string"},"realms":{"items":{"type":"string"},"type":"array"}},"required":["id","name","realms"],"type":"object"}},"mica:index/getDirectoryServiceManagement:getDirectoryServiceManagement":{"outputs":{"description":"A collection of values returned by getDirectoryServiceManagement.\n","properties":{"baseDn":{"type":"string"},"bindUser":{"type":"string"},"caCertificate":{"$ref":"#/types/mica:index/getDirectoryServiceManagementCaCertificate:getDirectoryServiceManagementCaCertificate"},"caCertificateGroup":{"$ref":"#/types/mica:index/getDirectoryServiceManagementCaCertificateGroup:getDirectoryServiceManagementCaCertificateGroup"},"enabled":{"type":"boolean"},"id":{"type":"string"},"services":{"items":{"type":"string"},"type":"array"},"sshPublicKeyAttribute":{"type":"string"},"uris":{"items":{"type":"string"},"type":"array"},"userLoginAttribute":{"type":"string"},"userObjectClass":{"type":"string"}},"required":["baseDn","bindUser","caCertificate","caCertificateGroup","enabled","id","services","sshPublicKeyAttribute","uris","userLoginAttribute","userObjectClass"],"type":"object"}},"mica:index/getDirectoryServiceRole:getDirectoryServiceRole":{"inputs":{"description":"A collection of arguments for invoking getDirectoryServiceRole.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getDirectoryServiceRole.\n","properties":{"group":{"type":"string"},"groupBase":{"type":"string"},"id":{"type":"string"},"managementAccessPolicies":{"items":{"type":"string"},"type":"array"},"name":{"type":"string"},"role":{"$ref":"#/types/mica:index/getDirectoryServiceRoleRole:getDirectoryServiceRoleRole"}},"required":["group","groupBase","id","managementAccessPolicies","name","role"],"type":"object"}},"mica:index/getFileSystem:getFileSystem":{"inputs":{"description":"A collection of arguments for invoking getFileSystem.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getFileSystem.\n","properties":{"created":{"type":"integer"},"defaultQuotas":{"$ref":"#/types/mica:index/getFileSystemDefaultQuotas:getFileSystemDefaultQuotas"},"destroyed":{"type":"boolean"},"http":{"$ref":"#/types/mica:index/getFileSystemHttp:getFileSystemHttp"},"id":{"type":"string"},"multiProtocol":{"$ref":"#/types/mica:index/getFileSystemMultiProtocol:getFileSystemMultiProtocol"},"name":{"type":"string"},"nfs":{"$ref":"#/types/mica:index/getFileSystemNfs:getFileSystemNfs"},"promotionStatus":{"type":"string"},"provisioned":{"type":"integer"},"smb":{"$ref":"#/types/mica:index/getFileSystemSmb:getFileSystemSmb"},"source":{"$ref":"#/types/mica:index/getFileSystemSource:getFileSystemSource"},"space":{"$ref":"#/types/mica:index/getFileSystemSpace:getFileSystemSpace"},"timeRemaining":{"type":"integer"},"writable":{"type":"boolean"}},"required":["created","defaultQuotas","destroyed","http","id","multiProtocol","name","nfs","promotionStatus","provisioned","smb","source","space","timeRemaining","writable"],"type":"object"}},"mica:index/getFileSystemExport:getFileSystemExport":{"inputs":{"description":"A collection of arguments for invoking getFileSystemExport.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getFileSystemExport.\n","properties":{"enabled":{"type":"boolean"},"exportName":{"type":"string"},"fileSystemName":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"policyType":{"type":"string"},"serverName":{"type":"string"},"sharePolicyName":{"type":"string"},"status":{"type":"string"}},"required":["enabled","exportName","fileSystemName","id","name","policyType","serverName","sharePolicyName","status"],"type":"object"}},"mica:index/getLifecycleRule:getLifecycleRule":{"inputs":{"description":"A collection of arguments for invoking getLifecycleRule.\n","properties":{"bucketName":{"type":"string"},"ruleId":{"type":"string"}},"type":"object","required":["bucketName","ruleId"]},"outputs":{"description":"A collection of values returned by getLifecycleRule.\n","properties":{"abortIncompleteMultipartUploadsAfter":{"type":"integer"},"bucketName":{"type":"string"},"cleanupExpiredObjectDeleteMarker":{"type":"boolean"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keepCurrentVersionFor":{"type":"integer"},"keepCurrentVersionUntil":{"type":"integer"},"keepPreviousVersionFor":{"type":"integer"},"prefix":{"type":"string"},"ruleId":{"type":"string"}},"required":["abortIncompleteMultipartUploadsAfter","bucketName","cleanupExpiredObjectDeleteMarker","enabled","id","keepCurrentVersionFor","keepCurrentVersionUntil","keepPreviousVersionFor","prefix","ruleId"],"type":"object"}},"mica:index/getLinkAggregationGroup:getLinkAggregationGroup":{"inputs":{"description":"A collection of arguments for invoking getLinkAggregationGroup.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getLinkAggregationGroup.\n","properties":{"id":{"type":"string"},"lagSpeed":{"type":"integer"},"macAddress":{"type":"string"},"name":{"type":"string"},"portSpeed":{"type":"integer"},"ports":{"items":{"type":"string"},"type":"array"},"status":{"type":"string"}},"required":["id","lagSpeed","macAddress","name","portSpeed","ports","status"],"type":"object"}},"mica:index/getLogTargetObjectStore:getLogTargetObjectStore":{"inputs":{"description":"A collection of arguments for invoking getLogTargetObjectStore.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getLogTargetObjectStore.\n","properties":{"bucketName":{"type":"string"},"id":{"type":"string"},"logNamePrefix":{"type":"string"},"logRotateDuration":{"type":"integer"},"name":{"type":"string"}},"required":["bucketName","id","logNamePrefix","logRotateDuration","name"],"type":"object"}},"mica:index/getNetworkAccessPolicy:getNetworkAccessPolicy":{"inputs":{"description":"A collection of arguments for invoking getNetworkAccessPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getNetworkAccessPolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"},"version":{"type":"string"}},"required":["enabled","id","isLocal","name","policyType","version"],"type":"object"}},"mica:index/getNetworkInterface:getNetworkInterface":{"inputs":{"description":"A collection of arguments for invoking getNetworkInterface.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getNetworkInterface.\n","properties":{"address":{"type":"string"},"attachedServers":{"items":{"type":"string"},"type":"array"},"enabled":{"type":"boolean"},"gateway":{"type":"string"},"id":{"type":"string"},"mtu":{"type":"integer"},"name":{"type":"string"},"netmask":{"type":"string"},"realms":{"items":{"type":"string"},"type":"array"},"services":{"type":"string"},"subnetName":{"type":"string"},"type":{"type":"string"},"vlan":{"type":"integer"}},"required":["address","attachedServers","enabled","gateway","id","mtu","name","netmask","realms","services","subnetName","type","vlan"],"type":"object"}},"mica:index/getNfsExportPolicy:getNfsExportPolicy":{"inputs":{"description":"A collection of arguments for invoking getNfsExportPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getNfsExportPolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"},"version":{"type":"string"}},"required":["enabled","id","isLocal","name","policyType","version"],"type":"object"}},"mica:index/getObjectStoreAccessKey:getObjectStoreAccessKey":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreAccessKey.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getObjectStoreAccessKey.\n","properties":{"accessKeyId":{"type":"string"},"created":{"type":"integer"},"enabled":{"type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"name":{"type":"string"},"objectStoreAccount":{"type":"string"},"secretAccessKey":{"secret":true,"type":"string"}},"required":["accessKeyId","created","enabled","name","objectStoreAccount","secretAccessKey","id"],"type":"object"}},"mica:index/getObjectStoreAccessPolicy:getObjectStoreAccessPolicy":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreAccessPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getObjectStoreAccessPolicy.\n","properties":{"arn":{"type":"string"},"description":{"type":"string"},"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"}},"required":["arn","description","enabled","id","isLocal","name","policyType"],"type":"object"}},"mica:index/getObjectStoreAccount:getObjectStoreAccount":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreAccount.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getObjectStoreAccount.\n","properties":{"created":{"type":"integer"},"hardLimitEnabled":{"type":"boolean"},"id":{"type":"string"},"name":{"type":"string"},"objectCount":{"type":"integer"},"quotaLimit":{"type":"integer"},"space":{"$ref":"#/types/mica:index/getObjectStoreAccountSpace:getObjectStoreAccountSpace"}},"required":["created","hardLimitEnabled","id","name","objectCount","quotaLimit","space"],"type":"object"}},"mica:index/getObjectStoreAccountExport:getObjectStoreAccountExport":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreAccountExport.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getObjectStoreAccountExport.\n","properties":{"accountName":{"type":"string"},"enabled":{"type":"boolean"},"id":{"type":"string"},"name":{"type":"string"},"policyName":{"type":"string"},"serverName":{"type":"string"}},"required":["accountName","enabled","id","name","policyName","serverName"],"type":"object"}},"mica:index/getObjectStoreRemoteCredentials:getObjectStoreRemoteCredentials":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreRemoteCredentials.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getObjectStoreRemoteCredentials.\n","properties":{"accessKeyId":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"remoteName":{"type":"string"}},"required":["accessKeyId","id","name","remoteName"],"type":"object"}},"mica:index/getObjectStoreUser:getObjectStoreUser":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreUser.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getObjectStoreUser.\n","properties":{"fullAccess":{"type":"boolean"},"id":{"type":"string"},"name":{"type":"string"}},"required":["fullAccess","id","name"],"type":"object"}},"mica:index/getObjectStoreVirtualHost:getObjectStoreVirtualHost":{"inputs":{"description":"A collection of arguments for invoking getObjectStoreVirtualHost.\n","properties":{"filter":{"type":"string"},"name":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getObjectStoreVirtualHost.\n","properties":{"attachedServers":{"items":{"type":"string"},"type":"array"},"filter":{"type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"}},"required":["attachedServers","hostname","id"],"type":"object"}},"mica:index/getQosPolicy:getQosPolicy":{"inputs":{"description":"A collection of arguments for invoking getQosPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getQosPolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"maxTotalBytesPerSec":{"type":"integer"},"maxTotalOpsPerSec":{"type":"integer"},"name":{"type":"string"},"policyType":{"type":"string"}},"required":["enabled","id","isLocal","maxTotalBytesPerSec","maxTotalOpsPerSec","name","policyType"],"type":"object"}},"mica:index/getQuotaGroup:getQuotaGroup":{"inputs":{"description":"A collection of arguments for invoking getQuotaGroup.\n","properties":{"fileSystemName":{"type":"string"},"gid":{"type":"string"}},"type":"object","required":["fileSystemName","gid"]},"outputs":{"description":"A collection of values returned by getQuotaGroup.\n","properties":{"fileSystemName":{"type":"string"},"gid":{"type":"string"},"id":{"type":"string"},"quota":{"type":"integer"},"usage":{"type":"integer"}},"required":["fileSystemName","gid","id","quota","usage"],"type":"object"}},"mica:index/getQuotaUser:getQuotaUser":{"inputs":{"description":"A collection of arguments for invoking getQuotaUser.\n","properties":{"fileSystemName":{"type":"string"},"uid":{"type":"string"}},"type":"object","required":["fileSystemName","uid"]},"outputs":{"description":"A collection of values returned by getQuotaUser.\n","properties":{"fileSystemName":{"type":"string"},"id":{"type":"string"},"quota":{"type":"integer"},"uid":{"type":"string"},"usage":{"type":"integer"}},"required":["fileSystemName","id","quota","uid","usage"],"type":"object"}},"mica:index/getResiliencyGroup:getResiliencyGroup":{"inputs":{"description":"A collection of arguments for invoking getResiliencyGroup.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getResiliencyGroup.\n","properties":{"id":{"type":"string"},"name":{"type":"string"},"status":{"type":"string"},"statusDetails":{"type":"string"}},"required":["id","name","status","statusDetails"],"type":"object"}},"mica:index/getResiliencyGroupMember:getResiliencyGroupMember":{"inputs":{"description":"A collection of arguments for invoking getResiliencyGroupMember.\n","properties":{"memberName":{"type":"string"},"resiliencyGroupName":{"type":"string"}},"type":"object","required":["memberName","resiliencyGroupName"]},"outputs":{"description":"A collection of values returned by getResiliencyGroupMember.\n","properties":{"groupId":{"type":"string"},"groupResourceType":{"type":"string"},"id":{"type":"string"},"memberId":{"type":"string"},"memberName":{"type":"string"},"memberResourceType":{"type":"string"},"resiliencyGroupName":{"type":"string"}},"required":["groupId","groupResourceType","id","memberId","memberName","memberResourceType","resiliencyGroupName"],"type":"object"}},"mica:index/getS3ExportPolicy:getS3ExportPolicy":{"inputs":{"description":"A collection of arguments for invoking getS3ExportPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getS3ExportPolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"},"version":{"type":"string"}},"required":["enabled","id","isLocal","name","policyType","version"],"type":"object"}},"mica:index/getServer:getServer":{"inputs":{"description":"A collection of arguments for invoking getServer.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getServer.\n","properties":{"created":{"type":"integer"},"directoryServices":{"items":{"type":"string"},"type":"array"},"dns":{"items":{"type":"string"},"type":"array"},"id":{"type":"string"},"name":{"type":"string"},"networkInterfaces":{"items":{"type":"string"},"type":"array"}},"required":["created","directoryServices","dns","id","name","networkInterfaces"],"type":"object"}},"mica:index/getSmbClientPolicy:getSmbClientPolicy":{"inputs":{"description":"A collection of arguments for invoking getSmbClientPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getSmbClientPolicy.\n","properties":{"accessBasedEnumerationEnabled":{"type":"boolean"},"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"},"version":{"type":"string"}},"required":["accessBasedEnumerationEnabled","enabled","id","isLocal","name","policyType","version"],"type":"object"}},"mica:index/getSmbSharePolicy:getSmbSharePolicy":{"inputs":{"description":"A collection of arguments for invoking getSmbSharePolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getSmbSharePolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"}},"required":["enabled","id","isLocal","name","policyType"],"type":"object"}},"mica:index/getSnapshotPolicy:getSnapshotPolicy":{"inputs":{"description":"A collection of arguments for invoking getSnapshotPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getSnapshotPolicy.\n","properties":{"enabled":{"type":"boolean"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"name":{"type":"string"},"policyType":{"type":"string"},"retentionLock":{"type":"string"}},"required":["enabled","id","isLocal","name","policyType","retentionLock"],"type":"object"}},"mica:index/getSnmpManager:getSnmpManager":{"inputs":{"description":"A collection of arguments for invoking getSnmpManager.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getSnmpManager.\n","properties":{"host":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"notification":{"type":"string"},"v2c":{"$ref":"#/types/mica:index/getSnmpManagerV2c:getSnmpManagerV2c"},"v3":{"$ref":"#/types/mica:index/getSnmpManagerV3:getSnmpManagerV3"},"version":{"type":"string"}},"required":["host","id","name","notification","v2c","v3","version"],"type":"object"}},"mica:index/getSubnet:getSubnet":{"inputs":{"description":"A collection of arguments for invoking getSubnet.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getSubnet.\n","properties":{"enabled":{"type":"boolean"},"gateway":{"type":"string"},"id":{"type":"string"},"interfaces":{"items":{"type":"string"},"type":"array"},"lagName":{"type":"string"},"mtu":{"type":"integer"},"name":{"type":"string"},"prefix":{"type":"string"},"services":{"items":{"type":"string"},"type":"array"},"vlan":{"type":"integer"}},"required":["enabled","gateway","id","interfaces","lagName","mtu","name","prefix","services","vlan"],"type":"object"}},"mica:index/getSyslogServer:getSyslogServer":{"inputs":{"description":"A collection of arguments for invoking getSyslogServer.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getSyslogServer.\n","properties":{"id":{"type":"string"},"name":{"type":"string"},"services":{"items":{"type":"string"},"type":"array"},"sources":{"items":{"type":"string"},"type":"array"},"uri":{"type":"string"}},"required":["id","name","services","sources","uri"],"type":"object"}},"mica:index/getTarget:getTarget":{"inputs":{"description":"A collection of arguments for invoking getTarget.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getTarget.\n","properties":{"address":{"type":"string"},"caCertificateGroup":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"status":{"type":"string"},"statusDetails":{"type":"string"}},"required":["address","caCertificateGroup","id","name","status","statusDetails"],"type":"object"}},"mica:index/getTlsPolicy:getTlsPolicy":{"inputs":{"description":"A collection of arguments for invoking getTlsPolicy.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getTlsPolicy.\n","properties":{"applianceCertificate":{"type":"string"},"clientCertificatesRequired":{"type":"boolean"},"disabledTlsCiphers":{"items":{"type":"string"},"type":"array"},"enabled":{"type":"boolean"},"enabledTlsCiphers":{"items":{"type":"string"},"type":"array"},"id":{"type":"string"},"isLocal":{"type":"boolean"},"minTlsVersion":{"type":"string"},"name":{"type":"string"},"policyType":{"type":"string"},"trustedClientCertificateAuthority":{"type":"string"},"verifyClientCertificateTrust":{"type":"boolean"}},"required":["applianceCertificate","clientCertificatesRequired","disabledTlsCiphers","enabled","enabledTlsCiphers","id","isLocal","minTlsVersion","name","policyType","trustedClientCertificateAuthority","verifyClientCertificateTrust"],"type":"object"}},"mica:index/getWorkload:getWorkload":{"inputs":{"description":"A collection of arguments for invoking getWorkload.\n","properties":{"name":{"type":"string"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getWorkload.\n","properties":{"context":{"$ref":"#/types/mica:index/getWorkloadContext:getWorkloadContext"},"created":{"type":"integer"},"destroyed":{"type":"boolean"},"id":{"type":"string"},"name":{"type":"string"},"presetName":{"type":"string"},"status":{"type":"string"},"statusDetails":{"items":{"type":"string"},"type":"array"},"timeRemaining":{"type":"integer"}},"required":["context","created","destroyed","id","name","presetName","status","statusDetails","timeRemaining"],"type":"object"}},"pulumi:providers:mica/terraformConfig":{"description":"This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.","inputs":{"properties":{"__self__":{"type":"ref","$ref":"#/provider"}},"type":"pulumi:providers:mica/terraformConfig","required":["__self__"]},"outputs":{"properties":{"result":{"additionalProperties":{"$ref":"pulumi.json#/Any"},"type":"object"}},"required":["result"],"type":"object"}}}} diff --git a/pulumi/provider/cmd/pulumi-resource-mica/schema.json b/pulumi/provider/cmd/pulumi-resource-mica/schema.json index bdfac195..dc4a8fff 100644 --- a/pulumi/provider/cmd/pulumi-resource-mica/schema.json +++ b/pulumi/provider/cmd/pulumi-resource-mica/schema.json @@ -664,6 +664,61 @@ } } }, + "mica:index/SnmpManagerV2c:SnmpManagerV2c": { + "properties": { + "community": { + "type": "string", + "description": "Community string. Write-once: never returned by the API on GET; state preserves the user-supplied value.\n", + "secret": true + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "community" + ] + } + } + }, + "mica:index/SnmpManagerV3:SnmpManagerV3": { + "properties": { + "authPassphrase": { + "type": "string", + "description": "Authentication passphrase (max 32 chars). Write-once: never returned by the API on GET; state preserves the user-supplied value.\n", + "secret": true + }, + "authProtocol": { + "type": "string", + "description": "Authentication protocol: `MD5` or `SHA`.\n" + }, + "privacyPassphrase": { + "type": "string", + "description": "Privacy passphrase (8..63 chars). Write-once: never returned by the API on GET; state preserves the user-supplied value.\n", + "secret": true + }, + "privacyProtocol": { + "type": "string", + "description": "Privacy protocol: `AES` or `DES`.\n" + }, + "user": { + "type": "string", + "description": "SNMPv3 username.\n" + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "authPassphrase", + "authProtocol", + "privacyPassphrase", + "privacyProtocol", + "user" + ] + } + } + }, "mica:index/WorkloadContext:WorkloadContext": { "properties": { "id": { @@ -1076,6 +1131,63 @@ } } }, + "mica:index/getSnmpManagerV2c:getSnmpManagerV2c": { + "properties": { + "community": { + "type": "string", + "description": "Community string. Always null on read (never returned by the API).\n", + "secret": true + } + }, + "type": "object", + "required": [ + "community" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "mica:index/getSnmpManagerV3:getSnmpManagerV3": { + "properties": { + "authPassphrase": { + "type": "string", + "description": "Authentication passphrase. Always null on read (never returned by the API).\n", + "secret": true + }, + "authProtocol": { + "type": "string", + "description": "Authentication protocol (MD5 or SHA).\n" + }, + "privacyPassphrase": { + "type": "string", + "description": "Privacy passphrase. Always null on read (never returned by the API).\n", + "secret": true + }, + "privacyProtocol": { + "type": "string", + "description": "Privacy protocol (AES or DES).\n" + }, + "user": { + "type": "string", + "description": "SNMPv3 username.\n" + } + }, + "type": "object", + "required": [ + "authPassphrase", + "authProtocol", + "privacyPassphrase", + "privacyProtocol", + "user" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, "mica:index/getWorkloadContext:getWorkloadContext": { "properties": { "id": { @@ -5853,6 +5965,104 @@ "type": "object" } }, + "mica:index/snmpManager:SnmpManager": { + "properties": { + "host": { + "type": "string", + "description": "DNS name or IP address (with optional :port) of the SNMP receiver." + }, + "name": { + "type": "string", + "description": "The name of the SNMP manager. Changing this forces a new resource." + }, + "notification": { + "type": "string", + "description": "Notification delivery mode: \u003cspan pulumi-lang-nodejs=\"`inform`\" pulumi-lang-dotnet=\"`Inform`\" pulumi-lang-go=\"`inform`\" pulumi-lang-python=\"`inform`\" pulumi-lang-yaml=\"`inform`\" pulumi-lang-java=\"`inform`\"\u003e`inform`\u003c/span\u003e (acknowledged) or \u003cspan pulumi-lang-nodejs=\"`trap`\" pulumi-lang-dotnet=\"`Trap`\" pulumi-lang-go=\"`trap`\" pulumi-lang-python=\"`trap`\" pulumi-lang-yaml=\"`trap`\" pulumi-lang-java=\"`trap`\"\u003e`trap`\u003c/span\u003e (fire-and-forget)." + }, + "v2c": { + "$ref": "#/types/mica:index/SnmpManagerV2c:SnmpManagerV2c", + "description": "SNMPv2c configuration. Required when `version = \"v2c\"`." + }, + "v3": { + "$ref": "#/types/mica:index/SnmpManagerV3:SnmpManagerV3", + "description": "SNMPv3 configuration. Required when `version = \"v3\"`." + }, + "version": { + "type": "string", + "description": "SNMP protocol version: \u003cspan pulumi-lang-nodejs=\"`v2c`\" pulumi-lang-dotnet=\"`V2c`\" pulumi-lang-go=\"`v2c`\" pulumi-lang-python=\"`v2c`\" pulumi-lang-yaml=\"`v2c`\" pulumi-lang-java=\"`v2c`\"\u003e`v2c`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`v3`\" pulumi-lang-dotnet=\"`V3`\" pulumi-lang-go=\"`v3`\" pulumi-lang-python=\"`v3`\" pulumi-lang-yaml=\"`v3`\" pulumi-lang-java=\"`v3`\"\u003e`v3`\u003c/span\u003e. Switching in place is permitted (no resource replacement)." + } + }, + "required": [ + "host", + "name", + "notification", + "v2c", + "v3", + "version" + ], + "inputProperties": { + "host": { + "type": "string", + "description": "DNS name or IP address (with optional :port) of the SNMP receiver." + }, + "name": { + "type": "string", + "description": "The name of the SNMP manager. Changing this forces a new resource." + }, + "notification": { + "type": "string", + "description": "Notification delivery mode: \u003cspan pulumi-lang-nodejs=\"`inform`\" pulumi-lang-dotnet=\"`Inform`\" pulumi-lang-go=\"`inform`\" pulumi-lang-python=\"`inform`\" pulumi-lang-yaml=\"`inform`\" pulumi-lang-java=\"`inform`\"\u003e`inform`\u003c/span\u003e (acknowledged) or \u003cspan pulumi-lang-nodejs=\"`trap`\" pulumi-lang-dotnet=\"`Trap`\" pulumi-lang-go=\"`trap`\" pulumi-lang-python=\"`trap`\" pulumi-lang-yaml=\"`trap`\" pulumi-lang-java=\"`trap`\"\u003e`trap`\u003c/span\u003e (fire-and-forget)." + }, + "v2c": { + "$ref": "#/types/mica:index/SnmpManagerV2c:SnmpManagerV2c", + "description": "SNMPv2c configuration. Required when `version = \"v2c\"`." + }, + "v3": { + "$ref": "#/types/mica:index/SnmpManagerV3:SnmpManagerV3", + "description": "SNMPv3 configuration. Required when `version = \"v3\"`." + }, + "version": { + "type": "string", + "description": "SNMP protocol version: \u003cspan pulumi-lang-nodejs=\"`v2c`\" pulumi-lang-dotnet=\"`V2c`\" pulumi-lang-go=\"`v2c`\" pulumi-lang-python=\"`v2c`\" pulumi-lang-yaml=\"`v2c`\" pulumi-lang-java=\"`v2c`\"\u003e`v2c`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`v3`\" pulumi-lang-dotnet=\"`V3`\" pulumi-lang-go=\"`v3`\" pulumi-lang-python=\"`v3`\" pulumi-lang-yaml=\"`v3`\" pulumi-lang-java=\"`v3`\"\u003e`v3`\u003c/span\u003e. Switching in place is permitted (no resource replacement)." + } + }, + "requiredInputs": [ + "host", + "name", + "notification", + "version" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SnmpManager resources.\n", + "properties": { + "host": { + "type": "string", + "description": "DNS name or IP address (with optional :port) of the SNMP receiver." + }, + "name": { + "type": "string", + "description": "The name of the SNMP manager. Changing this forces a new resource." + }, + "notification": { + "type": "string", + "description": "Notification delivery mode: \u003cspan pulumi-lang-nodejs=\"`inform`\" pulumi-lang-dotnet=\"`Inform`\" pulumi-lang-go=\"`inform`\" pulumi-lang-python=\"`inform`\" pulumi-lang-yaml=\"`inform`\" pulumi-lang-java=\"`inform`\"\u003e`inform`\u003c/span\u003e (acknowledged) or \u003cspan pulumi-lang-nodejs=\"`trap`\" pulumi-lang-dotnet=\"`Trap`\" pulumi-lang-go=\"`trap`\" pulumi-lang-python=\"`trap`\" pulumi-lang-yaml=\"`trap`\" pulumi-lang-java=\"`trap`\"\u003e`trap`\u003c/span\u003e (fire-and-forget)." + }, + "v2c": { + "$ref": "#/types/mica:index/SnmpManagerV2c:SnmpManagerV2c", + "description": "SNMPv2c configuration. Required when `version = \"v2c\"`." + }, + "v3": { + "$ref": "#/types/mica:index/SnmpManagerV3:SnmpManagerV3", + "description": "SNMPv3 configuration. Required when `version = \"v3\"`." + }, + "version": { + "type": "string", + "description": "SNMP protocol version: \u003cspan pulumi-lang-nodejs=\"`v2c`\" pulumi-lang-dotnet=\"`V2c`\" pulumi-lang-go=\"`v2c`\" pulumi-lang-python=\"`v2c`\" pulumi-lang-yaml=\"`v2c`\" pulumi-lang-java=\"`v2c`\"\u003e`v2c`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`v3`\" pulumi-lang-dotnet=\"`V3`\" pulumi-lang-go=\"`v3`\" pulumi-lang-python=\"`v3`\" pulumi-lang-yaml=\"`v3`\" pulumi-lang-java=\"`v3`\"\u003e`v3`\u003c/span\u003e. Switching in place is permitted (no resource replacement)." + } + }, + "type": "object" + } + }, "mica:index/subnet:Subnet": { "properties": { "enabled": { @@ -8478,6 +8688,56 @@ "type": "object" } }, + "mica:index/getSnmpManager:getSnmpManager": { + "inputs": { + "description": "A collection of arguments for invoking getSnmpManager.\n", + "properties": { + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getSnmpManager.\n", + "properties": { + "host": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "notification": { + "type": "string" + }, + "v2c": { + "$ref": "#/types/mica:index/getSnmpManagerV2c:getSnmpManagerV2c" + }, + "v3": { + "$ref": "#/types/mica:index/getSnmpManagerV3:getSnmpManagerV3" + }, + "version": { + "type": "string" + } + }, + "required": [ + "host", + "id", + "name", + "notification", + "v2c", + "v3", + "version" + ], + "type": "object" + } + }, "mica:index/getSubnet:getSubnet": { "inputs": { "description": "A collection of arguments for invoking getSubnet.\n", diff --git a/pulumi/provider/resources_test.go b/pulumi/provider/resources_test.go index 127d87e7..5289b4bb 100644 --- a/pulumi/provider/resources_test.go +++ b/pulumi/provider/resources_test.go @@ -12,19 +12,6 @@ import ( "github.com/numberly/terraform-provider-mica/pulumi/provider/pkg/version" ) -// Expected counts. Matches TF provider registrations (55 resources, 43 data sources -// after the API 2.23 upgrade — adds flashblade_workload resource + data source, -// plus flashblade_resiliency_group and flashblade_resiliency_group_member DSs). -// Update when TF provider resource set changes. -// -// Note: schema.json contains DataSources+1 entries under "functions" — the extra -// entry is "pulumi:providers:flashblade/terraformConfig", a provider-level function -// injected by the bridge, not a data source. -const ( - expectedResources = 55 - expectedDataSources = 43 -) - // POC resources under test (D-05). var pocResources = []string{ "flashblade_target", @@ -33,13 +20,24 @@ var pocResources = []string{ "flashblade_object_store_access_policy_rule", } +// TestProviderInfo_ResourceAndDataSourceCounts verifies the bridge exposes exactly +// one Pulumi resource/data source per TF provider registration — no entry dropped or +// duplicated by MustComputeTokens. The expected count is DERIVED from the TF provider +// registration (the single source of truth), not a hand-maintained magic number, so +// adding a TF resource requires zero edits here. func TestProviderInfo_ResourceAndDataSourceCounts(t *testing.T) { prov := Provider() - if got := len(prov.Resources); got != expectedResources { - t.Errorf("Resources count = %d, want %d", got, expectedResources) + + tfProv := fb.New(version.Version)() + ctx := context.Background() + wantResources := len(tfProv.Resources(ctx)) + wantDataSources := len(tfProv.DataSources(ctx)) + + if got := len(prov.Resources); got != wantResources { + t.Errorf("bridge Resources count = %d, want %d (TF provider registration)", got, wantResources) } - if got := len(prov.DataSources); got != expectedDataSources { - t.Errorf("DataSources count = %d, want %d", got, expectedDataSources) + if got := len(prov.DataSources); got != wantDataSources { + t.Errorf("bridge DataSources count = %d, want %d (TF provider registration)", got, wantDataSources) } }