powerscale_user (Resource)

This resource is used to manage the User entity of PowerScale Array. We can Create, Update and Delete the User using this resource. We can also import an existing User from PowerScale array. PowerScale User allows you to authenticate through a local authentication provider. Remote users are restricted to read-only operations.

Example Usage

/*
Copyright (c) 2023-2024 Dell Inc., or its subsidiaries. All Rights Reserved.

Licensed under the Mozilla Public License Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://mozilla.org/MPL/2.0/


Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

# Available actions: Create, Update, Delete and Import.
# After `terraform apply` of this example file it will create a new user with the name set in `name` attribute on the PowerScale.

# PowerScale User allows you to authenticate through a local authentication provider. Remote users are restricted to read-only operations.
resource "powerscale_user" "testUser" {
  # Required name for creating
  name = "testUserResourceSample"

  # Optional query_force. If true, skip validation checks when creating user. The force option is required for user ID changes.
  # query_force = false

  # Optional query_zone, will return user according to zone. Specifies the zone that the user will belong to when creating. Once user is created, its zone cannot be changed.
  # query_zone = "testZone"

  # Optional query_provider, will return user according to provider. Specifies the provider that the user will belong to when creating. Once user is created, its provider cannot be changed.
  # query_provider = "testProvider"

  # Optional parameters when creating
  # sid = "SID:XXXX"

  # Optional parameters when creating and updating. 
  # uid      = 11000
  # password = "testPassword"
  # roles    = ["SystemAdmin"]
  # enabled = false
  # unlock = false
  # email = "testTerraform@dell.com"
  # home_directory = "/ifs/home/testUserResourceSample"
  # password_expires = true
  # primary_group = "testPrimaryGroup"
  # prompt_password_change = false
  # shell = "/bin/zsh"
  # expiry = 123456
  # gecos = "testFullName"
}

# After the execution of above resource block, user would have been created on the PowerScale array. 
# For more information, Please check the terraform state file.

Schema

Required

  • name (String) Specifies a user name. Cannot be updated.

Optional

  • domain (String) Specifies the domain that the object is part of. Cannot be updated.
  • email (String) Specifies an email address.
  • enabled (Boolean) If true, the authenticated user is enabled.
  • expiry (Number) Specifies the Unix Epoch time at which the authenticated user will expire.
  • gecos (String) Specifies the GECOS value, which is usually the full name.
  • home_directory (String) Specifies a home directory for the user.
  • password (String, Sensitive) Sets or Changes the password for the user.
  • password_expires (Boolean) If true, the password is allowed to expire.
  • primary_group (String) Specifies the name of the primary group.
  • prompt_password_change (Boolean) If true, Prompts the user to change their password at the next login.
  • query_force (Boolean) If true, skip validation checks when creating user. Need to be true, when changing user UID.
  • query_provider (String) Specifies the provider type. Cannot be updated.
  • query_zone (String) Specifies the zone that the object belongs to. Cannot be updated.
  • roles (List of String) List of roles, the user is assigned.
  • shell (String) Specifies a path to the shell for the user.
  • sid (String) Specifies a security identifier. Cannot be updated.
  • uid (Number) Specifies a numeric user identifier.
  • unlock (Boolean) If true, the user account should be unlocked.

Read-Only

  • dn (String) Specifies a principal name for the user.
  • dns_domain (String) Specifies the DNS domain.
  • expired (Boolean) If true, the authenticated user has expired.
  • generated_gid (Boolean) If true, the GID was generated.
  • generated_uid (Boolean) If true, the UID was generated.
  • generated_upn (Boolean) If true, the UPN was generated.
  • gid (Object) Specifies a group identifier. (see below for nested schema)
  • id (String) Specifies the user ID.
  • locked (Boolean) If true, indicates that the account is locked.
  • max_password_age (Number) Specifies the maximum time in seconds allowed before the password expires.
  • password_expired (Boolean) If true, the password has expired.
  • password_expiry (Number) Specifies the time in Unix Epoch seconds that the password will expire.
  • password_last_set (Number) Specifies the last time the password was set.
  • primary_group_sid (Object) Specifies the persona of the primary group. (see below for nested schema)
  • provider_name (String) Specifies the authentication provider that the object belongs to.
  • sam_account_name (String) Specifies a user name.
  • type (String) Specifies the object type.
  • upn (String) Specifies a principal name for the user.
  • user_can_change_password (Boolean) Specifies whether the password for the user can be changed.

Nested Schema for gid

Read-Only:

  • id (String)
  • name (String)
  • type (String)

Nested Schema for primary_group_sid

Read-Only:

  • id (String)
  • name (String)
  • type (String)

Unless specified otherwise, all fields of this resource can be updated.

Import

Import is supported using the following syntax:

# Copyright (c) 2023-2024 Dell Inc., or its subsidiaries. All Rights Reserved.

# Licensed under the Mozilla Public License Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

#     http://mozilla.org/MPL/2.0/


# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# The command is
# terraform import powerscale_user.testUser [<zoneID>:]<userName>
# Example1, <zoneID> is Optional, defaults to System:
terraform import powerscale_user.testUser userName
# Example2:
terraform import powerscale_user.testUser zoneID:userName
# after running this command, populate the name field and other required parameters in the config file to start managing this resource.
# Note: running "terraform show" after importing shows the current config/state of the resource. You can copy/paste that config to make it easier to manage the resource.