azurerm_netapp_volume, azurerm_netapp_volume_group_oracle, azurerm_netapp_volume_group_sap_hana - add support for updating protocols(#30643)

Author: paulomarquesc

examples/netapp/protocol_conversion/README.md

@@ -0,0 +1,30 @@
+## Example: NetApp Volume Protocol Conversion between NFSv3 and NFSv4.1
+
+This example demonstrates how to convert a NetApp volume between NFSv3 and NFSv4.1 protocols and vice-versa.
+
+### Variables
+
+* `prefix` - (Optional) The prefix used for all resources in this example. Defaults to "example".
+
+* `location` - (Optional) The Azure Region in which the resources in this example should be created. Defaults to "westus3".
+
+* `resource_group_name` - (Optional) The name of the resource group. Defaults to "example-netapp-protocol-conversion-rg".
+
+* `protocol_type` - (Optional) The NFS protocol type (NFSv3 or NFSv4.1). Defaults to "NFSv3".
+
+### Usage example to demonstrate the conversion
+
+1. **Initial setup** - Create a volume with NFSv3:
+   ```bash
+   terraform apply -var="protocol_type=NFSv3"
+   ```
+
+2. **Convert to NFSv4.1**:
+   ```bash
+   terraform apply -var="protocol_type=NFSv4.1"
+   ```
+
+3. **Convert back to NFSv3**:
+   ```bash
+   terraform apply -var="protocol_type=NFSv3"
+   ```

examples/netapp/protocol_conversion/main.tf

@@ -0,0 +1,93 @@
+provider "azurerm" {
+  features {
+    netapp {
+      prevent_volume_destruction = true
+    }
+  }
+}
+
+data "azurerm_client_config" "current" {}
+
+# Create the resource group
+resource "azurerm_resource_group" "example" {
+  name     = var.resource_group_name
+  location = var.location
+  tags = {
+    "SkipNRMSNSG" = "true"
+  }
+}
+
+# Create the virtual network
+resource "azurerm_virtual_network" "example" {
+  name                = "${var.prefix}-vnet"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  address_space       = ["10.6.0.0/16"]
+}
+
+# Create the subnet
+resource "azurerm_subnet" "example" {
+  name                 = "${var.prefix}-delegated-subnet"
+  resource_group_name  = azurerm_resource_group.example.name
+  virtual_network_name = azurerm_virtual_network.example.name
+  address_prefixes     = ["10.6.2.0/24"]
+
+  delegation {
+    name = "Microsoft.Netapp.volumes"
+
+    service_delegation {
+      name    = "Microsoft.Netapp/volumes"
+      actions = ["Microsoft.Network/networkinterfaces/*", "Microsoft.Network/virtualNetworks/subnets/join/action"]
+    }
+  }
+}
+
+# Create the NetApp account
+resource "azurerm_netapp_account" "example" {
+  name                = "${var.prefix}-netappaccount"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+}
+
+# Create the NetApp pool
+resource "azurerm_netapp_pool" "example" {
+  name                = "${var.prefix}-netapppool"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  account_name        = azurerm_netapp_account.example.name
+  service_level       = "Standard"
+  size_in_tb          = 4
+}
+
+# Create a NetApp volume with NFSv3 protocol (initial state)
+resource "azurerm_netapp_volume" "example" {
+  lifecycle {
+    prevent_destroy = true
+  }
+
+  name                = "${var.prefix}-netappvolume"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  account_name        = azurerm_netapp_account.example.name
+  pool_name           = azurerm_netapp_pool.example.name
+  volume_path         = "${var.prefix}-netappvolume"
+  service_level       = "Standard"
+  subnet_id           = azurerm_subnet.example.id
+  protocols           = [var.protocol_type]
+  security_style      = "unix"
+  storage_quota_in_gb = 100
+
+  export_policy_rule {
+    rule_index          = 1
+    allowed_clients     = ["0.0.0.0/0"]
+    protocols_enabled   = [var.protocol_type]
+    unix_read_only      = false
+    unix_read_write     = true
+    root_access_enabled = true
+  }
+
+  tags = {
+    environment = "example"
+    purpose     = "protocol-conversion-demo"
+  }
+}

examples/netapp/protocol_conversion/variables.tf

@@ -0,0 +1,28 @@
+variable "resource_group_name" {
+  description = "The name of the resource group"
+  type        = string
+  default     = "example-netapp-protocol-conversion-rg"
+}
+
+variable "location" {
+  description = "The Azure region for the resources"
+  type        = string
+  default     = "westus3"
+}
+
+variable "prefix" {
+  description = "The prefix for all resources"
+  type        = string
+  default     = "example"
+}
+
+variable "protocol_type" {
+  description = "The NFS protocol type (NFSv3 or NFSv4.1)"
+  type        = string
+  default     = "NFSv3"
+
+  validation {
+    condition     = contains(["NFSv3", "NFSv4.1"], var.protocol_type)
+    error_message = "Protocol type must be either NFSv3 or NFSv4.1."
+  }
+}

examples/netapp/volume/main.tf

@@ -8,6 +8,9 @@ provider "azurerm" {
 resource "azurerm_resource_group" "example" {
   name     = "${var.prefix}-resources"
   location = var.location
+  tags = {
+    "SkipNRMSNSG" = "true"
+  }
 }
 
 resource "azurerm_virtual_network" "example" {
@@ -61,7 +64,7 @@ resource "azurerm_netapp_volume" "example" {
   volume_path         = "my-unique-file-path"
   service_level       = "Premium"
   subnet_id           = azurerm_subnet.example.id
-  protocols           = ["NFSv4.1"]
+  protocols           = ["NFSv3"]
   storage_quota_in_gb = 100
 
   export_policy_rule {

internal/services/netapp/netapp_volume_group_oracle_resource.go

@@ -144,7 +144,6 @@ func (r NetAppVolumeGroupOracleResource) Arguments() map[string]*pluginsdk.Schem
 
 					"protocols": {
 						Type:     pluginsdk.TypeList,
-						ForceNew: true,
 						Required: true,
 						MinItems: 1,
 						MaxItems: 1,
@@ -321,6 +320,53 @@ func (r NetAppVolumeGroupOracleResource) Attributes() map[string]*pluginsdk.Sche
 	return map[string]*pluginsdk.Schema{}
 }
 
+func (r NetAppVolumeGroupOracleResource) CustomizeDiff() sdk.ResourceFunc {
+	return sdk.ResourceFunc{
+		Timeout: 5 * time.Minute,
+		Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
+			rd := metadata.ResourceDiff
+
+			// Validate NFSv3 to NFSv4.1 protocol conversion restrictions for volume groups
+			volumes := rd.Get("volume").([]interface{})
+			for i := range volumes {
+				protocolsKey := fmt.Sprintf("volume.%d.protocols", i)
+
+				if rd.HasChange(protocolsKey) {
+					old, new := rd.GetChange(protocolsKey)
+					oldProtocols := old.([]interface{})
+					newProtocols := new.([]interface{})
+
+					// Convert to string slices for validation
+					oldProtocolsStr := make([]string, len(oldProtocols))
+					newProtocolsStr := make([]string, len(newProtocols))
+
+					for j, v := range oldProtocols {
+						oldProtocolsStr[j] = v.(string)
+					}
+					for j, v := range newProtocols {
+						newProtocolsStr[j] = v.(string)
+					}
+
+					// Get the export policy rules configuration for this volume
+					exportPolicyRulesKey := fmt.Sprintf("volume.%d.export_policy_rule", i)
+					exportPolicyRules := rd.Get(exportPolicyRulesKey).([]interface{})
+
+					// For volume groups, kerberos and data replication are not directly supported, so we pass empty values
+					var kerberosEnabled bool
+					var dataReplication []interface{}
+
+					validationErrors := netAppValidate.ValidateNetAppVolumeProtocolConversion(oldProtocolsStr, newProtocolsStr, kerberosEnabled, dataReplication, exportPolicyRules)
+					for _, err := range validationErrors {
+						return err
+					}
+				}
+			}
+
+			return nil
+		},
+	}
+}
+
 func (r NetAppVolumeGroupOracleResource) Create() sdk.ResourceFunc {
 	return sdk.ResourceFunc{
 		Timeout: 90 * time.Minute,
@@ -458,10 +504,29 @@ func (r NetAppVolumeGroupOracleResource) Update() sdk.ResourceFunc {
 								return fmt.Errorf("one or more issues found while performing export policies validations for %s:\n%+v", id, errors)
 							}
 
-							exportPolicyRule := expandNetAppVolumeGroupVolumeExportPolicyRulePatch(exportPolicyRuleRaw)
+							var protocolOverride []string
+							// Only override export policy protocols if we're also changing volume protocols
+							if metadata.ResourceData.HasChange(fmt.Sprintf("%v.protocols", volumeItem)) {
+								protocolsRaw := metadata.ResourceData.Get(fmt.Sprintf("%v.protocols", volumeItem)).([]interface{})
+								protocolOverride = make([]string, len(protocolsRaw))
+								for i, p := range protocolsRaw {
+									protocolOverride[i] = p.(string)
+								}
+							}
+
+							exportPolicyRule := expandNetAppVolumeGroupVolumeExportPolicyRulePatchWithProtocolConversion(exportPolicyRuleRaw, protocolOverride)
 							update.Properties.ExportPolicy = exportPolicyRule
 						}
 
+						if metadata.ResourceData.HasChange(fmt.Sprintf("%v.protocols", volumeItem)) {
+							protocolsRaw := metadata.ResourceData.Get(fmt.Sprintf("%v.protocols", volumeItem)).([]interface{})
+							protocols := make([]string, len(protocolsRaw))
+							for i, p := range protocolsRaw {
+								protocols[i] = p.(string)
+							}
+							update.Properties.ProtocolTypes = pointer.To(protocols)
+						}
+
 						if metadata.ResourceData.HasChange(fmt.Sprintf("%v.data_protection_snapshot_policy", volumeItem)) {
 							// Validating that snapshot policies are not being created in a data protection volume
 							dataProtectionReplicationRaw := metadata.ResourceData.Get(fmt.Sprintf("%v.data_protection_replication", volumeItem)).([]interface{})