Merge pull request #650 from NetApp/508-new-resource-s3_user

New data source and resource - s3_user

Author: csahu9

CHANGELOG.md

@@ -1,5 +1,10 @@
 # 2.6.0 (2026-xx-xx)
 
+FEATURES:
+
+- **New Data Source:** `netapp-ontap_s3_user` and `netapp-ontap_s3_users`([#507](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/507))
+- **New Resource:** `netapp-ontap_s3_user` ([#508](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/508))
+
 BUG FIXES:
 
 - **netapp-ontap_snapmirror_policy resource**: fixed issue with create when `retention` is not set in config ([#647](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/647))

docs/data-sources/s3_user.md

@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "netapp-ontap_s3_user Data Source - terraform-provider-netapp-ontap"
+subcategory: "Object-store"
+description: |-
+  S3 User data source
+---
+
+# Data Source S3 User
+
+Retrieves the specified S3 user in the SVM
+
+## Related ONTAP commands
+
+```commandline
+* vserver object-store-server user show
+```
+
+## Supported Platforms
+
+* On-prem ONTAP system 9.7 or higher
+* Amazon FSx for NetApp ONTAP
+
+## Example Usage
+
+```terraform
+data "netapp-ontap_s3_user" "s3_user" {
+  # required to know which system to interface with
+  cx_profile_name = "hw-cluster"
+  name = "test_s3_user"
+  svm_name = "svm1"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cx_profile_name` (String) Connection profile name
+- `name` (String) The name of the S3 user.
+- `svm_name` (String) The name of the SVM.
+
+### Read-Only
+
+- `access_key` (String) Access key for the S3 user.
+- `comment` (String) Additional information about the user.
+- `id` (Number) The UUID of the S3 user.
+- `key_expiry_time` (String) The date and time after which keys expire and are no longer valid.
+- `key_time_to_live` (String) The time period in ISO 8601 format for which the keys are valid.

docs/data-sources/s3_users.md

@@ -0,0 +1,80 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "netapp-ontap_s3_users Data Source - terraform-provider-netapp-ontap"
+subcategory: "Object-store"
+description: |-
+  S3 Users data source
+---
+
+# Data Source S3 Users
+
+Retrieves all S3 users of the specified SVM
+
+## Related ONTAP commands
+
+```commandline
+* vserver object-store-server user show
+```
+
+## Example Usage
+
+```terraform
+# retrieving all S3 groups for a SVM
+data "netapp-ontap_s3_users" "example1" {
+  # required to know which system to interface with
+  cx_profile_name = "hw-cluster"
+  filter = {
+    svm_name = "svm1"
+  }
+}
+
+# retrieving S3 groups for a SVM matching the name filter
+data "netapp-ontap_s3_users" "example2" {
+  # required to know which system to interface with
+  cx_profile_name = "hw-cluster"
+  filter = {
+    svm_name = "svm1"
+    name = "csahu_test*"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cx_profile_name` (String) Connection profile name
+- `filter` (Attributes) (see [below for nested schema](#nestedatt--filter))
+
+### Read-Only
+
+- `protocols_s3_users` (Attributes List) List of S3 users (see [below for nested schema](#nestedatt--protocols_s3_users))
+
+<a id="nestedatt--filter"></a>
+
+### Nested Schema for `filter`
+
+Optional:
+
+- `name` (String) The name of the S3 user
+- `svm_name` (String) The name of the SVM
+
+
+<a id="nestedatt--protocols_s3_users"></a>
+
+### Nested Schema for `protocols_s3_users`
+
+Required:
+
+- `cx_profile_name` (String) Connection profile name
+- `name` (String) The name of the S3 user.
+- `svm_name` (String) The name of the SVM.
+
+Read-Only:
+
+- `access_key` (String) Access key for the S3 user.
+- `comment` (String) Additional information about the user.
+- `id` (Number) The UUID of the S3 user.
+- `key_expiry_time` (String) The date and time after which keys expire and are no longer valid.
+- `key_time_to_live` (String) The time period in ISO 8601 format for which the keys are valid.

docs/resources/s3_user.md

@@ -0,0 +1,137 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "netapp-ontap_s3_user Resource - terraform-provider-netapp-ontap"
+subcategory: "Object-store"
+description: |-
+  S3 User resource
+---
+
+# Resource S3 User
+
+Create, delete, or modify S3 user
+
+## Related ONTAP commands
+
+```commandline
+* vserver object-store-server user create
+* vserver object-store-server user regenerate-keys
+* vserver object-store-server user delete-keys
+* vserver object-store-server user delete
+```
+
+## Supported Platforms
+
+* On-prem ONTAP system 9.7 or higher
+* Amazon FSx for NetApp ONTAP
+
+## Example Usage
+
+```terraform
+# creating a S3 user configuration with user keys specified
+resource "netapp-ontap_s3_user" "example1" {
+  cx_profile_name = "hw-cluster"
+  name = "test_s3_user"
+  svm_name = "svm1"
+  comment = "test user"
+  access_key = "<AWS-ACCESS-KEY-ID>"
+  secret_key = "<AWS-SECRET-ACCESS-KEY>"
+}
+
+# regenerating keys and setting new expiry configuration for a specific S3 user
+resource "netapp-ontap_s3_user" "example2" {
+  cx_profile_name = "hw-cluster"
+  name = "test_s3_user"
+  svm_name = "svm1"
+  comment = "test s3 user"
+  regenerate_keys = true
+  key_time_to_live = "PT2M"
+}
+
+# deleting keys for a specific S3 user
+resource "netapp-ontap_s3_user" "example3" {
+  cx_profile_name = "hw-cluster"
+  name = "test_s3_user"
+  svm_name = "svm1"
+  comment = "test s3 user"
+  delete_keys = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cx_profile_name` (String) Connection profile name
+- `name` (String) Specifies the name of the user.
+- `svm_name` (String) The name of the SVM.
+
+### Optional
+
+> **NOTE**: [Write-only arguments](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments) are supported in Terraform 1.11 and later.
+
+- `access_key` (String, Sensitive) Specifies the access key for the user.
+- `comment` (String) Additional information about the user.
+- `delete_keys` (Boolean, [Write-only](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments)) Specifies if secret_key and access_key need to be deleted.
+- `key_time_to_live` (String) Indicates the time period from when this parameter is specified:
+				when creating or modifying a user or when the user keys were last regenerated, after which the user keys expire and are no longer valid.
+				Valid format is: 'PnDTnHnMnS|PnW'. For example, P2DT6H3M10S specifies a time period of 2 days, 6 hours, 3 minutes, and 10 seconds.
+				If the value specified is '0' seconds, then the keys won't expire.
+        It can be used during user creation (POST) and during keys regeneration (PATCH with regenerate_keys).
+- `regenerate_keys` (Boolean, [Write-only](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments)) Specifies if secret_key and access_key need to be regenerated.
+				**Note:** This resource is not idempotent when this option is set.
+- `secret_key` (String, Sensitive) Specifies the secret key for the user.
+
+### Read-Only
+
+- `id` (Number) The UUID of the S3 user.
+- `key_expiry_time` (String) The date and time after which keys expire and are no longer valid.
+
+## Import
+
+This resource supports import, which allows you to import existing S3 user into the state of this resource.
+Import require a unique ID composed of the S3 user name, svm name and connection profile, separated by a comma.
+
+id = `name`,`svm_name`,`cx_profile_name`
+
+### Terraform Import
+
+For example
+
+```shell
+ terraform import netapp-ontap_s3_user.example test_s3_user,svm1,cluster5
+```
+
+!> The terraform import CLI command can only import resources into the state. Importing via the CLI does not generate configuration. If you want to generate the accompanying configuration for imported resources, use the import block instead.
+
+### Terraform Import Block
+
+This requires Terraform 1.5 or higher, and will auto create the configuration for you
+
+First create the block
+
+```terraform
+import {
+  to = netapp-ontap_s3_user.s3_user_import
+  id = "test_s3_user,svm1,cluster5"
+}
+```
+
+Next run, this will auto create the configuration for you
+
+```shell
+terraform plan -generate-config-out=generated.tf
+```
+
+This will generate a file called generated.tf, which will contain the configuration for the imported resource
+
+```terraform
+# __generated__ by Terraform
+# Please review these resources and move them into your main configuration files.
+# __generated__ by Terraform from "test_s3_user_,svm1,cluster5"
+resource "netapp-ontap_s3_user" "s3_user_import" {
+  cx_profile_name = "cluster5"
+  name = "test_s3_user"
+  svm_name = "svm1"
+}
+```

examples/data-sources/netapp-ontap_s3_user/data-source.tf

@@ -0,0 +1,6 @@
+data "netapp-ontap_s3_user" "s3_user" {
+  # required to know which system to interface with
+  cx_profile_name = "hw-cluster"
+  name = "test_s3_user"
+  svm_name = "svm1"
+}

examples/data-sources/netapp-ontap_s3_user/provider.tf

@@ -0,0 +1 @@
+../../provider/provider.tf

examples/data-sources/netapp-ontap_s3_user/terraform.tfvars

@@ -0,0 +1 @@
+../../provider/terraform.tfvars

examples/data-sources/netapp-ontap_s3_user/variables.tf

@@ -0,0 +1 @@
+../../provider/variables.tf

examples/data-sources/netapp-ontap_s3_users/data-source.tf

@@ -0,0 +1,18 @@
+# retrieving all S3 groups for a SVM
+data "netapp-ontap_s3_users" "example1" {
+  # required to know which system to interface with
+  cx_profile_name = "hw-cluster"
+  filter = {
+    svm_name = "svm1"
+  }
+}
+
+# retrieving S3 groups for a SVM matching the name filter
+data "netapp-ontap_s3_users" "example2" {
+  # required to know which system to interface with
+  cx_profile_name = "hw-cluster"
+  filter = {
+    svm_name = "svm1"
+    name = "csahu_test*"
+  }
+}

examples/data-sources/netapp-ontap_s3_users/provider.tf

@@ -0,0 +1 @@
+../../provider/provider.tf