Merge pull request #500 from acch/499-security-account-locked

fix: allow unlocking existing `security_account` resources

Author: suhasbshekar

CHANGELOG.md

@@ -6,6 +6,7 @@ DOCUMENTATION:
 
 BUG FIXES:
 
+- **netapp-ontap_security_account**: unable to unlock existing `security_account` resource ([#499](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/499))
 - **netapp-ontap_port**: fixed error when importing VLANs in multi-node clusters ([#479](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/479))
 - **netapp-ontap_san_igroup**: fixed issue with adding initiators to new igroup ([#274](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/274))
 

internal/interfaces/security_account.go

@@ -17,7 +17,7 @@ type SecurityAccountResourceBodyDataModelONTAP struct {
 	Role         SecurityAccountRole      `mapstructure:"role,omitempty"`
 	Password     string                   `mapstructure:"password,omitempty"`
 	Comment      string                   `mapstructure:"comment,omitempty"`
-	Locked       bool                     `mapstructure:"locked,omitempty"`
+	Locked       *bool                    `mapstructure:"locked,omitempty"`
 }
 
 // SecurityAccountGetDataModelONTAP describes the GET record data model using go types for mapping.
@@ -38,7 +38,7 @@ type SecurityAccountResourceUpdateBodyDataModelONTAP struct {
 	Role     SecurityAccountRole `mapstructure:"role,omitempty"`
 	Password string              `mapstructure:"password,omitempty"`
 	Comment  string              `mapstructure:"comment,omitempty"`
-	Locked   bool                `mapstructure:"locked,omitempty"`
+	Locked   *bool               `mapstructure:"locked,omitempty"`
 }
 
 // SecurityAccountApplication describes the application data model using go types for mapping.

internal/provider/security/security_account_resource.go

@@ -9,8 +9,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
-	"github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault"
-	"github.com/hashicorp/terraform-plugin-framework/resource/schema/boolplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
@@ -166,8 +164,6 @@ func (r *SecurityAccountResource) Schema(ctx context.Context, req resource.Schem
 				MarkdownDescription: "Account locked",
 				Optional:            true,
 				Computed:            true,
-				Default:             booldefault.StaticBool(false),
-				PlanModifiers:       []planmodifier.Bool{boolplanmodifier.UseStateForUnknown()},
 			},
 			"id": schema.StringAttribute{
 				MarkdownDescription: "SecurityAccount id",
@@ -346,7 +342,7 @@ func (r *SecurityAccountResource) Create(ctx context.Context, req resource.Creat
 		body.Comment = data.Comment.ValueString()
 	}
 	if !data.Locked.IsNull() {
-		body.Locked = data.Locked.ValueBool()
+		body.Locked = data.Locked.ValueBoolPointer()
 	}
 
 	client, err := connection.GetRestClient(errorHandler, r.config, data.CxProfileName)
@@ -410,6 +406,7 @@ func (r *SecurityAccountResource) Create(ctx context.Context, req resource.Creat
 
 	data.ID = types.StringValue(resource.Name)
 	data.OwnerID = types.StringValue(resource.Owner.UUID)
+	data.Locked = types.BoolValue(resource.Locked)
 
 	tflog.Trace(ctx, "created a resource")
 
@@ -472,7 +469,7 @@ func (r *SecurityAccountResource) Update(ctx context.Context, req resource.Updat
 
 	// locked update
 	if !plan.Locked.IsNull() {
-		request.Locked = plan.Locked.ValueBool()
+		request.Locked = plan.Locked.ValueBoolPointer()
 	}
 
 	// comment update

internal/provider/security/security_account_resource_test.go

@@ -20,17 +20,27 @@ func TestAccSecurityAccountResource(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("netapp-ontap_security_account.security_account", "name", "tf_acc_test"),
 					resource.TestCheckResourceAttr("netapp-ontap_security_account.security_account", "password", "password123"),
+					resource.TestCheckResourceAttr("netapp-ontap_security_account.security_account", "locked", "false"),
 				),
 			},
 			// Test updating a resource with comment and locked
 			{
-				Config: testAccSecurityAccountResourceConfig("tf_acc_test", "update", true),
+				Config: testAccSecurityAccountResourceConfig("tf_acc_test", "locked", true),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("netapp-ontap_security_account.security_account", "name", "tf_acc_test"),
-					resource.TestCheckResourceAttr("netapp-ontap_security_account.security_account", "comment", "update"),
+					resource.TestCheckResourceAttr("netapp-ontap_security_account.security_account", "comment", "locked"),
 					resource.TestCheckResourceAttr("netapp-ontap_security_account.security_account", "locked", "true"),
 				),
 			},
+			// Test updating a resource with comment and unlocked
+			{
+				Config: testAccSecurityAccountResourceConfig("tf_acc_test", "unlocked", false),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("netapp-ontap_security_account.security_account", "name", "tf_acc_test"),
+					resource.TestCheckResourceAttr("netapp-ontap_security_account.security_account", "comment", "unlocked"),
+					resource.TestCheckResourceAttr("netapp-ontap_security_account.security_account", "locked", "false"),
+				),
+			},
 			// Test updating a resource with application and secondAuthenticationMethod
 			{
 				Config: testAccSecurityAccountResourceConfigUpdateAndCheckIdempotency("tf_acc_test"),