diff --git a/docs/data-sources/directory_service_auth_provider.md b/docs/data-sources/directory_service_auth_provider.md
new file mode 100644
index 00000000..058b3fff
--- /dev/null
+++ b/docs/data-sources/directory_service_auth_provider.md
@@ -0,0 +1,207 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "redfish_directory_service_auth_provider Data Source - terraform-provider-redfish"
+subcategory: ""
+description: |-
+ This Terraform datasource is used to query existing Directory Service auth provider. The information fetched from this block can be further used for resource block.
+---
+
+# redfish_directory_service_auth_provider (Data Source)
+
+This Terraform datasource is used to query existing Directory Service auth provider. The information fetched from this block can be further used for resource block.
+
+## Example Usage
+
+```terraform
+/*
+Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+data "redfish_directory_service_auth_provider" "ds_auth" {
+ for_each = var.rack1
+
+ redfish_server {
+ user = each.value.user
+ password = each.value.password
+ endpoint = each.value.endpoint
+ ssl_insecure = each.value.ssl_insecure
+ }
+}
+
+output "directory_service_auth_provider" {
+ value = data.redfish_directory_service_auth_provider.ds_auth
+ sensitive = true
+}
+```
+
+
+## Schema
+
+### Optional
+
+- `redfish_server` (Block List) List of server BMCs and their respective user credentials (see [below for nested schema](#nestedblock--redfish_server))
+
+### Read-Only
+
+- `active_directory_attributes` (Map of String) ActiveDirectory.* attributes in Dell iDRAC attributes.
+- `directory_service_auth_provider` (Attributes) Directory Service Auth Provider Attributes. (see [below for nested schema](#nestedatt--directory_service_auth_provider))
+- `id` (String) ID of the Directory Service Auth Provider data-source
+- `ldap_attributes` (Map of String) LDAP.* attributes in Dell iDRAC attributes.
+
+
+### Nested Schema for `redfish_server`
+
+Optional:
+
+- `endpoint` (String) Server BMC IP address or hostname
+- `password` (String, Sensitive) User password for login
+- `redfish_alias` (String) Alias name for server BMCs. The key in provider's `redfish_servers` map
+- `ssl_insecure` (Boolean) This field indicates whether the SSL/TLS certificate must be verified or not
+- `user` (String) User name for login
+
+
+
+### Nested Schema for `directory_service_auth_provider`
+
+Read-Only:
+
+- `account_lockout_counter_reset_after` (Number) Account Lockout Counter Reset After
+- `account_lockout_duration` (Number) Account Lockout Duration
+- `account_lockout_threshold` (Number) Account Lockout Threshold
+- `accounts` (String) Accounts is a link to a Resource Collection of type ManagerAccountCollection.
+- `active_directory` (Attributes) Active Directory (see [below for nested schema](#nestedatt--directory_service_auth_provider--active_directory))
+- `additional_external_account_providers` (String) AdditionalExternalAccountProviders is the additional external account providers that this Account Service uses.
+- `auth_failure_logging_threshold` (Number) Auth Failure Logging Threshold
+- `description` (String) Description of the Account Service
+- `id` (String) ID of the Account Service
+- `ldap` (Attributes) LDAP (see [below for nested schema](#nestedatt--directory_service_auth_provider--ldap))
+- `local_account_auth` (String) Local Account Auth
+- `max_password_length` (Number) Maximum Length of the Password
+- `min_password_length` (Number) Minimum Length of the Password
+- `name` (String) Name of the Account Service.
+- `odata_id` (String) OData ID for the Account Service instance
+- `password_expiration_days` (Number) Password Expiration Days
+- `privilege_map` (String) Privilege Map
+- `roles` (String) roles is a link to a Resource Collection of type RoleCollection.
+- `service_enabled` (Boolean) ServiceEnabled indicate whether the Accountr Service is enabled.
+- `status` (Attributes) Status is any status or health properties of the Resource. (see [below for nested schema](#nestedatt--directory_service_auth_provider--status))
+- `supported_account_types` (List of String) SupportedAccountTypes is an array of the account types supported by the service.
+- `supported_oem_account_types` (List of String) SupportedOEMAccountTypes is an array of the OEM account types supported by the service.
+
+
+### Nested Schema for `directory_service_auth_provider.active_directory`
+
+Read-Only:
+
+- `directory` (Attributes) Directory for Active Directory . (see [below for nested schema](#nestedatt--directory_service_auth_provider--active_directory--directory))
+- `kerberos_key_tab_file` (String) KerberosKeytab is a Base64-encoded version of the Kerberos keytab for this Service
+
+
+### Nested Schema for `directory_service_auth_provider.active_directory.directory`
+
+Read-Only:
+
+- `account_provider_type` (String) AccountProviderType is the type of external account provider to which this service connects.
+- `authentication` (Attributes) Authentication information for the account provider. (see [below for nested schema](#nestedatt--directory_service_auth_provider--active_directory--directory--authentication))
+- `certificates` (String) Certificates is a link to a resource collection of type CertificateCollection that contains certificates the external account provider uses.
+- `remote_role_mapping` (Attributes List) Mapping rules that are used to convert the account providers account information to the local Redfish role (see [below for nested schema](#nestedatt--directory_service_auth_provider--active_directory--directory--remote_role_mapping))
+- `service_addresses` (List of String) ServiceAddresses of the account providers
+- `service_enabled` (Boolean) ServiceEnabled indicate whether this service is enabled.
+
+
+### Nested Schema for `directory_service_auth_provider.active_directory.directory.authentication`
+
+Read-Only:
+
+- `authentication_type` (String) AuthenticationType is used to connect to the account provider
+
+
+
+### Nested Schema for `directory_service_auth_provider.active_directory.directory.remote_role_mapping`
+
+Read-Only:
+
+- `local_role` (String) Role Assigned to the Group.
+- `remote_group` (String) Name of the remote group.
+
+
+
+
+
+### Nested Schema for `directory_service_auth_provider.ldap`
+
+Read-Only:
+
+- `directory` (Attributes) Directory for LDAP. (see [below for nested schema](#nestedatt--directory_service_auth_provider--ldap--directory))
+- `ldap_service` (Attributes) LDAPService is any additional mapping information needed to parse a generic LDAP service. (see [below for nested schema](#nestedatt--directory_service_auth_provider--ldap--ldap_service))
+
+
+### Nested Schema for `directory_service_auth_provider.ldap.directory`
+
+Read-Only:
+
+- `account_provider_type` (String) AccountProviderType is the type of external account provider to which this service connects.
+- `authentication` (Attributes) Authentication information for the account provider. (see [below for nested schema](#nestedatt--directory_service_auth_provider--ldap--directory--authentication))
+- `certificates` (String) Certificates is a link to a resource collection of type CertificateCollection that contains certificates the external account provider uses.
+- `remote_role_mapping` (Attributes List) Mapping rules that are used to convert the account providers account information to the local Redfish role (see [below for nested schema](#nestedatt--directory_service_auth_provider--ldap--directory--remote_role_mapping))
+- `service_addresses` (List of String) ServiceAddresses of the account providers
+- `service_enabled` (Boolean) ServiceEnabled indicate whether this service is enabled.
+
+
+### Nested Schema for `directory_service_auth_provider.ldap.directory.authentication`
+
+Read-Only:
+
+- `authentication_type` (String) AuthenticationType is used to connect to the account provider
+
+
+
+### Nested Schema for `directory_service_auth_provider.ldap.directory.remote_role_mapping`
+
+Read-Only:
+
+- `local_role` (String) Role Assigned to the Group.
+- `remote_group` (String) Name of the remote group.
+
+
+
+
+### Nested Schema for `directory_service_auth_provider.ldap.ldap_service`
+
+Read-Only:
+
+- `search_settings` (Attributes) SearchSettings is the required settings to search an external LDAP service. (see [below for nested schema](#nestedatt--directory_service_auth_provider--ldap--ldap_service--search_settings))
+
+
+### Nested Schema for `directory_service_auth_provider.ldap.ldap_service.search_settings`
+
+Read-Only:
+
+- `base_distinguished_names` (List of String) BaseDistinguishedNames is an array of base distinguished names to use to search an external LDAP service.
+- `group_name_attribute` (String) GroupNameAttribute is the attribute name that contains the LDAP group name.
+- `user_name_attribute` (String) UsernameAttribute is the attribute name that contains the LDAP user name.
+
+
+
+
+
+### Nested Schema for `directory_service_auth_provider.status`
+
+Read-Only:
+
+- `health` (String) health
+- `health_rollup` (String) health rollup
+- `state` (String) state of the storage controller
diff --git a/examples/data-sources/redfish_directory_service_auth_provider/data-source.tf b/examples/data-sources/redfish_directory_service_auth_provider/data-source.tf
new file mode 100644
index 00000000..b7094e69
--- /dev/null
+++ b/examples/data-sources/redfish_directory_service_auth_provider/data-source.tf
@@ -0,0 +1,32 @@
+/*
+Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+data "redfish_directory_service_auth_provider" "ds_auth" {
+ for_each = var.rack1
+
+ redfish_server {
+ user = each.value.user
+ password = each.value.password
+ endpoint = each.value.endpoint
+ ssl_insecure = each.value.ssl_insecure
+ }
+}
+
+output "directory_service_auth_provider" {
+ value = data.redfish_directory_service_auth_provider.ds_auth
+ sensitive = true
+}
diff --git a/examples/data-sources/redfish_directory_service_auth_provider/provider.tf b/examples/data-sources/redfish_directory_service_auth_provider/provider.tf
new file mode 100644
index 00000000..5afaec72
--- /dev/null
+++ b/examples/data-sources/redfish_directory_service_auth_provider/provider.tf
@@ -0,0 +1,25 @@
+/*
+Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+terraform {
+ required_providers {
+ redfish = {
+ version = "1.5.0"
+ source = "registry.terraform.io/dell/redfish"
+ }
+ }
+}
\ No newline at end of file
diff --git a/examples/data-sources/redfish_directory_service_auth_provider/terraform.tfvars b/examples/data-sources/redfish_directory_service_auth_provider/terraform.tfvars
new file mode 100644
index 00000000..f6645b4d
--- /dev/null
+++ b/examples/data-sources/redfish_directory_service_auth_provider/terraform.tfvars
@@ -0,0 +1,31 @@
+/*
+Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+rack1 = {
+ "my-server-1" = {
+ user = "admin"
+ password = "passw0rd"
+ endpoint = "https://my-server-1.myawesomecompany.org"
+ ssl_insecure = true
+ },
+ "my-server-2" = {
+ user = "admin"
+ password = "passw0rd"
+ endpoint = "https://my-server-2.myawesomecompany.org"
+ ssl_insecure = true
+ },
+}
diff --git a/examples/data-sources/redfish_directory_service_auth_provider/variables.tf b/examples/data-sources/redfish_directory_service_auth_provider/variables.tf
new file mode 100644
index 00000000..22d751f4
--- /dev/null
+++ b/examples/data-sources/redfish_directory_service_auth_provider/variables.tf
@@ -0,0 +1,25 @@
+/*
+Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+variable "rack1" {
+ type = map(object({
+ user = string
+ password = string
+ endpoint = string
+ ssl_insecure = bool
+ }))
+}
diff --git a/gofish/dell/directoryServiceAuthProvider.go b/gofish/dell/directoryServiceAuthProvider.go
new file mode 100644
index 00000000..f3e207b7
--- /dev/null
+++ b/gofish/dell/directoryServiceAuthProvider.go
@@ -0,0 +1,99 @@
+/*
+Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dell
+
+import (
+ "encoding/json"
+
+ "github.com/stmcginnis/gofish/redfish"
+)
+
+// DirectoryServiceAuthProviderExtended contains gofish AccountService data, as well as Accounts,
+// AdditionalExternalAccountProviders,Roles,PrivilegeMap,ActiveDirectoryCertificate,LDAPCertificate links
+type DirectoryServiceAuthProviderExtended struct {
+ *redfish.AccountService
+ Accounts *redfish.ManagerAccount
+ AdditionalExternalAccountProviders *redfish.ExternalAccountProvider
+ Roles *redfish.Role
+ PrivilegeMap *redfish.PrivilegeRegistry
+ ActiveDirectoryCertificate *redfish.Certificate
+ LDAPCertificate *redfish.Certificate
+}
+
+// DirectoryServiceAuthProvider returns a Dell.DirectoryServiceAuthProvider pointer given a redfish.AccountService pointer from Gofish
+// This is the wrapper that extracts and parses AccountService data, as well as Accounts,AdditionalExternalAccountProviders,Roles,
+// PrivilegeMap,ActiveDirectoryCertificate,LDAPCertificate links.
+func DirectoryServiceAuthProvider(accountService *redfish.AccountService) (*DirectoryServiceAuthProviderExtended, error) {
+ dellAccount := &DirectoryServiceAuthProviderExtended{
+ AccountService: accountService,
+ Accounts: &redfish.ManagerAccount{},
+ AdditionalExternalAccountProviders: &redfish.ExternalAccountProvider{},
+ Roles: &redfish.Role{},
+ PrivilegeMap: &redfish.PrivilegeRegistry{},
+ ActiveDirectoryCertificate: &redfish.Certificate{},
+ LDAPCertificate: &redfish.Certificate{},
+ }
+ rawDataBytes, err := GetRawDataBytes(accountService)
+ if err != nil {
+ return dellAccount, err
+ }
+
+ if accountRawData, found := GetNodeFromRawDataBytes(rawDataBytes, "Accounts"); found == nil {
+ var accountData *redfish.ManagerAccount
+ if err = json.Unmarshal(accountRawData, &accountData); err == nil {
+ dellAccount.Accounts = accountData
+ }
+ }
+
+ if additionalRawData, found := GetNodeFromRawDataBytes(rawDataBytes, "AdditionalExternalAccountProviders"); found == nil {
+ var additionalData *redfish.ExternalAccountProvider
+ if err = json.Unmarshal(additionalRawData, &additionalData); err == nil {
+ dellAccount.AdditionalExternalAccountProviders = additionalData
+ }
+ }
+ if rolesRawData, found := GetNodeFromRawDataBytes(rawDataBytes, "Roles"); found == nil {
+ var rolesData *redfish.Role
+ if err = json.Unmarshal(rolesRawData, &rolesData); err == nil {
+ dellAccount.Roles = rolesData
+ }
+ }
+ if privilegeMapRawData, found := GetNodeFromRawDataBytes(rawDataBytes, "PrivilegeMap"); found == nil {
+ var privilegeMapData *redfish.PrivilegeRegistry
+ if err = json.Unmarshal(privilegeMapRawData, &privilegeMapData); err == nil {
+ dellAccount.PrivilegeMap = privilegeMapData
+ }
+ }
+ if activeDirectoryRawData, found := GetNodeFromRawDataBytes(rawDataBytes, "ActiveDirectory"); found == nil {
+ if activeDirectoryCertificateRawData, found := GetNodeFromRawDataBytes(activeDirectoryRawData, "Certificates"); found == nil {
+ var activeDirectoryData *redfish.Certificate
+ if err = json.Unmarshal(activeDirectoryCertificateRawData, &activeDirectoryData); err == nil {
+ dellAccount.ActiveDirectoryCertificate = activeDirectoryData
+ }
+ }
+ }
+
+ if ldapDirectoryRawData, found := GetNodeFromRawDataBytes(rawDataBytes, "LDAP"); found == nil {
+ if ldapCertificateRawData, found := GetNodeFromRawDataBytes(ldapDirectoryRawData, "Certificates"); found == nil {
+ var ldapData *redfish.Certificate
+ if err = json.Unmarshal(ldapCertificateRawData, &ldapData); err == nil {
+ dellAccount.LDAPCertificate = ldapData
+ }
+ }
+ }
+ return dellAccount, nil
+}
diff --git a/redfish/models/directory_service_auth_provider.go b/redfish/models/directory_service_auth_provider.go
new file mode 100644
index 00000000..6a6885bc
--- /dev/null
+++ b/redfish/models/directory_service_auth_provider.go
@@ -0,0 +1,102 @@
+/*
+Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package models
+
+import (
+ "github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+// DirectoryServiceAuthProviderDatasource to construct terraform schema for the auth provider resource.
+type DirectoryServiceAuthProviderDatasource struct {
+ ID types.String `tfsdk:"id"`
+ RedfishServer []RedfishServer `tfsdk:"redfish_server"`
+ DirectoryServiceAuthProvider *DirectoryServiceAuthProvider `tfsdk:"directory_service_auth_provider"`
+ ActiveDirectoryAttributes types.Map `tfsdk:"active_directory_attributes"`
+ LDAPAttributes types.Map `tfsdk:"ldap_attributes"`
+}
+
+// DirectoryServiceAuthProvider is the tfsdk model of DirectoryServiceAuthProvider
+type DirectoryServiceAuthProvider struct {
+ ODataID types.String `tfsdk:"odata_id"`
+ ID types.String `tfsdk:"id"`
+ Name types.String `tfsdk:"name"`
+ Description types.String `tfsdk:"description"`
+ AccountLockoutCounterResetAfter types.Int64 `tfsdk:"account_lockout_counter_reset_after"`
+ AccountLockoutDuration types.Int64 `tfsdk:"account_lockout_duration"`
+ AccountLockoutThreshold types.Int64 `tfsdk:"account_lockout_threshold"`
+ ActiveDirectory *ActiveDirectory `tfsdk:"active_directory"`
+ AdditionalExternalAccountProviders types.String `tfsdk:"additional_external_account_providers"`
+ AuthFailureLoggingThreshold types.Int64 `tfsdk:"auth_failure_logging_threshold"`
+ LDAP *LDAP `tfsdk:"ldap"`
+ Accounts types.String `tfsdk:"accounts"`
+ LocalAccountAuth types.String `tfsdk:"local_account_auth"`
+ MaxPasswordLength types.Int64 `tfsdk:"max_password_length"`
+ MinPasswordLength types.Int64 `tfsdk:"min_password_length"`
+ PasswordExpirationDays types.Int64 `tfsdk:"password_expiration_days"`
+ PrivilegeMap types.String `tfsdk:"privilege_map"`
+ Roles types.String `tfsdk:"roles"`
+ ServiceEnabled types.Bool `tfsdk:"service_enabled"`
+ Status Status `tfsdk:"status"`
+ SupportedAccountTypes []types.String `tfsdk:"supported_account_types"`
+ SupportedOEMAccountTypes []types.String `tfsdk:"supported_oem_account_types"`
+}
+
+// Directory is the tfsdk model of Directory
+type Directory struct {
+ Certificates types.String `tfsdk:"certificates"`
+ AccountProviderType types.String `tfsdk:"account_provider_type"`
+ Authentication *Authentication `tfsdk:"authentication"`
+ RemoteRoleMapping []RemoteRoleMapping `tfsdk:"remote_role_mapping"`
+ ServiceAddresses []types.String `tfsdk:"service_addresses"`
+ ServiceEnabled types.Bool `tfsdk:"service_enabled"`
+}
+
+// ActiveDirectory is the tfsdk model of ActiveDirectory
+type ActiveDirectory struct {
+ Directory *Directory `tfsdk:"directory"`
+ KerberosKeytab types.String `tfsdk:"kerberos_key_tab_file"`
+}
+
+// LDAP is the tfsdk model of LDAP
+type LDAP struct {
+ Directory *Directory `tfsdk:"directory"`
+ LDAPService *LDAPService `tfsdk:"ldap_service"`
+}
+
+// Authentication is the tfsdk model of Authentication
+type Authentication struct {
+ AuthenticationType types.String `tfsdk:"authentication_type"`
+}
+
+// RemoteRoleMapping is the tfsdk model of RemoteRoleMapping
+type RemoteRoleMapping struct {
+ RemoteGroup types.String `tfsdk:"remote_group"`
+ LocalRole types.String `tfsdk:"local_role"`
+}
+
+// LDAPService is the tfsdk model of LDAPService
+type LDAPService struct {
+ SearchSettings *SearchSettings `tfsdk:"search_settings"`
+}
+
+// SearchSettings is the tfsdk model of SearchSettings
+type SearchSettings struct {
+ BaseDistinguishedNames []types.String `tfsdk:"base_distinguished_names"`
+ UsernameAttribute types.String `tfsdk:"user_name_attribute"`
+ GroupNameAttribute types.String `tfsdk:"group_name_attribute"`
+}
diff --git a/redfish/provider/data_source_redfish_directory_service_auth_provider.go b/redfish/provider/data_source_redfish_directory_service_auth_provider.go
new file mode 100644
index 00000000..b9d6d0f5
--- /dev/null
+++ b/redfish/provider/data_source_redfish_directory_service_auth_provider.go
@@ -0,0 +1,678 @@
+/*
+Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package provider
+
+import (
+ "context"
+ "fmt"
+ "strings"
+ "terraform-provider-redfish/gofish/dell"
+ "terraform-provider-redfish/redfish/models"
+ "time"
+
+ "github.com/hashicorp/terraform-plugin-framework/attr"
+ "github.com/hashicorp/terraform-plugin-framework/datasource"
+ "github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+ "github.com/hashicorp/terraform-plugin-framework/diag"
+ "github.com/hashicorp/terraform-plugin-framework/types"
+ "github.com/stmcginnis/gofish"
+ "github.com/stmcginnis/gofish/common"
+ "github.com/stmcginnis/gofish/redfish"
+)
+
+// Constants for ActiveDirectory and LDAP
+const (
+ ActiveDirectory = "ActiveDirectory"
+ LDAP = "LDAP"
+ BLANK = ""
+)
+
+var (
+ _ datasource.DataSource = &DirectoryServiceAuthProviderDatasource{}
+ _ datasource.DataSourceWithConfigure = &DirectoryServiceAuthProviderDatasource{}
+)
+
+// NewDirectoryServiceAuthProviderDatasource is new datasource for directory Service auth provider
+func NewDirectoryServiceAuthProviderDatasource() datasource.DataSource {
+ return &DirectoryServiceAuthProviderDatasource{}
+}
+
+// DirectoryServiceAuthProviderDatasource to construct datasource
+type DirectoryServiceAuthProviderDatasource struct {
+ p *redfishProvider
+ ctx context.Context
+ service *gofish.Service
+}
+
+// Configure implements datasource.DataSourceWithConfigure
+func (g *DirectoryServiceAuthProviderDatasource) Configure(_ context.Context, req datasource.ConfigureRequest, _ *datasource.ConfigureResponse) {
+ if req.ProviderData == nil {
+ return
+ }
+ g.p = req.ProviderData.(*redfishProvider)
+}
+
+// Metadata implements datasource.DataSource
+func (*DirectoryServiceAuthProviderDatasource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+ resp.TypeName = req.ProviderTypeName + "directory_service_auth_provider"
+}
+
+// Schema implements datasource.DataSource
+func (*DirectoryServiceAuthProviderDatasource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+ resp.Schema = schema.Schema{
+ MarkdownDescription: "This Terraform datasource is used to query existing Directory Service auth provider." +
+ " The information fetched from this block can be further used for resource block.",
+ Description: "This Terraform datasource is used to query existing Directory Service auth provider." +
+ " The information fetched from this block can be further used for resource block.",
+ Attributes: DirectoryServiceAuthProviderDatasourceSchema(),
+ Blocks: RedfishServerDatasourceBlockMap(),
+ }
+}
+
+// DirectoryServiceAuthProviderDatasourceSchema to define the DirectoryServiceAuthProvider data-source schema
+func DirectoryServiceAuthProviderDatasourceSchema() map[string]schema.Attribute {
+ return map[string]schema.Attribute{
+ "id": schema.StringAttribute{
+ MarkdownDescription: "ID of the Directory Service Auth Provider data-source",
+ Description: "ID of the Directory Service Auth Provider data-source",
+ Computed: true,
+ },
+ "directory_service_auth_provider": schema.SingleNestedAttribute{
+ MarkdownDescription: "Directory Service Auth Provider Attributes.",
+ Description: "Directory Service Auth Provider Attributes.",
+ Attributes: DirectoryServiceAuthProviderSchema(),
+ Computed: true,
+ },
+ "active_directory_attributes": schema.MapAttribute{
+ MarkdownDescription: "ActiveDirectory.* attributes in Dell iDRAC attributes.",
+ Description: "ActiveDirectory.* attributes in Dell iDRAC attributes.",
+ ElementType: types.StringType,
+ Computed: true,
+ },
+ "ldap_attributes": schema.MapAttribute{
+ MarkdownDescription: "LDAP.* attributes in Dell iDRAC attributes.",
+ Description: "LDAP.* attributes in Dell iDRAC attributes.",
+ ElementType: types.StringType,
+ Computed: true,
+ },
+ }
+}
+
+// Read implements datasource.DataSource
+func (g *DirectoryServiceAuthProviderDatasource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+ var plan models.DirectoryServiceAuthProviderDatasource
+ diags := req.Config.Get(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+ api, err := NewConfig(g.p, &plan.RedfishServer)
+ if err != nil {
+ resp.Diagnostics.AddError("service error", err.Error())
+ return
+ }
+ defer api.Logout()
+ g.ctx = ctx
+ g.service = api.Service
+ state, diags := g.readDatasourceRedfishDSAuthProvider(plan)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+ resp.Diagnostics.Append(resp.State.Set(ctx, &state)...)
+}
+
+func (g *DirectoryServiceAuthProviderDatasource) readDatasourceRedfishDSAuthProvider(d models.DirectoryServiceAuthProviderDatasource) (
+ models.DirectoryServiceAuthProviderDatasource, diag.Diagnostics,
+) {
+ var diags diag.Diagnostics
+
+ accountService, err := g.service.AccountService()
+ if err != nil {
+ diags.AddError("Error fetching Account Service", err.Error())
+ return d, diags
+ }
+
+ // write the current time as ID
+ d.ID = types.StringValue(fmt.Sprintf("%d", time.Now().Unix()))
+
+ auth := newDSAuthProviderState(accountService)
+ d.DirectoryServiceAuthProvider = auth
+
+ if diags = loadActiveDirectoryAttributesState(g.service, &d); diags.HasError() {
+ return d, diags
+ }
+
+ if diags = loadLDAPAttributesState(g.service, &d); diags.HasError() {
+ return d, diags
+ }
+
+ return d, diags
+}
+
+func loadActiveDirectoryAttributesState(service *gofish.Service, d *models.DirectoryServiceAuthProviderDatasource) diag.Diagnostics {
+ var idracAttributesState models.DellIdracAttributes
+ if diags := readDatasourceRedfishDellIdracAttributes(service, &idracAttributesState); diags.HasError() {
+ return diags
+ }
+
+ // nolint: gocyclo, gocognit,revive
+ activeDirectoryAttributes := []string{".SSOEnable", ".AuthTimeout", ".DCLookupEnable", ".Schema", ".GCLookupEnable", ".GlobalCatalog1", ".GlobalCatalog2", ".GlobalCatalog3", ".RacName", ".RacDomain"}
+
+ attributesToReturn := make(map[string]attr.Value)
+ for k, v := range idracAttributesState.Attributes.Elements() {
+ if strings.HasPrefix(k, "ActiveDirectory.") {
+ for _, input := range activeDirectoryAttributes {
+ if strings.HasSuffix(k, input) {
+ attributesToReturn[k] = v
+ }
+ }
+ }
+ // nolint: revive
+ if (strings.HasPrefix(k, "UserDomain.") && strings.HasSuffix(k, ".Name")) || (strings.HasPrefix(k, "ADGroup.") && strings.HasSuffix(k, ".Name")) {
+ attributesToReturn[k] = v
+ }
+ }
+
+ d.ActiveDirectoryAttributes = types.MapValueMust(types.StringType, attributesToReturn)
+ return nil
+}
+
+func loadLDAPAttributesState(service *gofish.Service, d *models.DirectoryServiceAuthProviderDatasource) diag.Diagnostics {
+ var idracAttributesState models.DellIdracAttributes
+ if diags := readDatasourceRedfishDellIdracAttributes(service, &idracAttributesState); diags.HasError() {
+ return diags
+ }
+
+ // nolint: gocyclo, gocognit,revive
+ ldapAttributes := []string{".GroupAttributeIsDN", ".Port", ".BindDN", ".BindPassword", ".SearchFilter"}
+ attributesToReturn := make(map[string]attr.Value)
+ for k, v := range idracAttributesState.Attributes.Elements() {
+ if strings.HasPrefix(k, "LDAP.") {
+ for _, input := range ldapAttributes {
+ if strings.HasSuffix(k, input) {
+ attributesToReturn[k] = v
+ }
+ }
+ }
+ }
+
+ d.LDAPAttributes = types.MapValueMust(types.StringType, attributesToReturn)
+ return nil
+}
+
+func newDSAuthProviderState(accountService *redfish.AccountService) *models.DirectoryServiceAuthProvider {
+ return &models.DirectoryServiceAuthProvider{
+ ODataID: types.StringValue(accountService.ODataID),
+ ID: types.StringValue(accountService.ID),
+ Name: types.StringValue(accountService.Name),
+ Description: types.StringValue(accountService.Description),
+ AccountLockoutCounterResetAfter: types.Int64Value(int64(accountService.AccountLockoutCounterResetAfter)),
+ AccountLockoutDuration: types.Int64Value(int64(accountService.AccountLockoutThreshold)),
+ AccountLockoutThreshold: types.Int64Value(int64(accountService.AccountLockoutThreshold)),
+ Accounts: newAccountsState(accountService),
+ ActiveDirectory: newActiveDirectoryState(accountService),
+ AdditionalExternalAccountProviders: newAdditionalExternalAccountProvidersState(accountService),
+ AuthFailureLoggingThreshold: types.Int64Value(int64(accountService.AuthFailureLoggingThreshold)),
+ LDAP: newLDAPState(accountService),
+ LocalAccountAuth: newLocalAccountAuthState(accountService.LocalAccountAuth),
+ MaxPasswordLength: types.Int64Value(int64(accountService.MaxPasswordLength)),
+ MinPasswordLength: types.Int64Value(int64(accountService.MinPasswordLength)),
+ PasswordExpirationDays: types.Int64Value(int64(accountService.PasswordExpirationDays)),
+ PrivilegeMap: newPrivilegeMapState(accountService),
+ Roles: newRolesState(accountService),
+ ServiceEnabled: types.BoolValue(accountService.ServiceEnabled),
+ Status: newDSAuthProviderStatusState(accountService.Status),
+ SupportedAccountTypes: newSupportedAccountTypesState(accountService.SupportedAccountTypes),
+ SupportedOEMAccountTypes: newSupportedOEMAccountTypesState(accountService.SupportedOEMAccountTypes),
+ }
+}
+
+func newAccountsState(input *redfish.AccountService) types.String {
+ dellAccount, accError := dell.DirectoryServiceAuthProvider(input)
+
+ if accError != nil {
+ return types.StringValue(BLANK)
+ }
+
+ return types.StringValue(dellAccount.Accounts.ODataID)
+}
+
+func newAdditionalExternalAccountProvidersState(input *redfish.AccountService) types.String {
+ dellAdditional, addErr := dell.DirectoryServiceAuthProvider(input)
+
+ if addErr != nil {
+ return types.StringValue(BLANK)
+ }
+
+ return types.StringValue(dellAdditional.AdditionalExternalAccountProviders.ODataID)
+}
+
+func newPrivilegeMapState(input *redfish.AccountService) types.String {
+ dellPrivilegeMap, mapErr := dell.DirectoryServiceAuthProvider(input)
+
+ if mapErr != nil {
+ return types.StringValue(BLANK)
+ }
+
+ return types.StringValue(dellPrivilegeMap.PrivilegeMap.ODataID)
+}
+
+func newRolesState(input *redfish.AccountService) types.String {
+ dellRole, roleErr := dell.DirectoryServiceAuthProvider(input)
+
+ if roleErr != nil {
+ return types.StringValue(BLANK)
+ }
+
+ return types.StringValue(dellRole.Roles.ODataID)
+}
+
+func newLocalAccountAuthState(input redfish.LocalAccountAuth) types.String {
+ return types.StringValue(string(input))
+}
+
+func newDirectoryState(input *redfish.AccountService, directoryType string) *models.Directory {
+ var inData *redfish.ExternalAccountProvider
+ if ActiveDirectory == directoryType {
+ inData = &input.ActiveDirectory
+ }
+ if LDAP == directoryType {
+ inData = &input.LDAP
+ }
+
+ return &models.Directory{
+ Certificates: newCertificatesState(input, directoryType),
+ AccountProviderType: newAccountProviderTypeState(inData.AccountProviderType),
+ Authentication: newAuthenticationState(&inData.Authentication),
+ RemoteRoleMapping: newRemoteRoleMappingState(inData.RemoteRoleMapping),
+ ServiceAddresses: newServiceAddressState(inData.ServiceAddresses),
+ ServiceEnabled: types.BoolValue(inData.ServiceEnabled),
+ }
+}
+
+func newActiveDirectoryState(input *redfish.AccountService) *models.ActiveDirectory {
+ inData := input.ActiveDirectory
+ return &models.ActiveDirectory{
+ Directory: newDirectoryState(input, ActiveDirectory),
+ KerberosKeytab: types.StringValue(inData.Authentication.KerberosKeytab),
+ }
+}
+
+func newCertificatesState(input *redfish.AccountService, directoryType string) types.String {
+ dellCertificate, certErr := dell.DirectoryServiceAuthProvider(input)
+
+ if certErr != nil {
+ return types.StringValue(BLANK)
+ }
+
+ if directoryType == ActiveDirectory {
+ return types.StringValue(dellCertificate.ActiveDirectoryCertificate.ODataID)
+ }
+
+ if directoryType == LDAP {
+ return types.StringValue(dellCertificate.LDAPCertificate.ODataID)
+ }
+
+ return types.StringValue(BLANK)
+}
+
+func newAccountProviderTypeState(inputs redfish.AccountProviderTypes) types.String {
+ return types.StringValue(string(inputs))
+}
+
+func newAuthenticationState(input *redfish.Authentication) *models.Authentication {
+ return &models.Authentication{
+ AuthenticationType: newAuthenticationTypeState(input.AuthenticationType),
+ }
+}
+
+func newRemoteRoleMappingState(input []redfish.RoleMapping) []models.RemoteRoleMapping {
+ var output []models.RemoteRoleMapping
+ for _, v := range input {
+ output = append(output, models.RemoteRoleMapping{
+ RemoteGroup: types.StringValue(v.RemoteGroup),
+ LocalRole: types.StringValue(v.LocalRole),
+ })
+ }
+ return output
+}
+
+func newDSAuthProviderStatusState(input common.Status) models.Status {
+ return models.Status{
+ Health: types.StringValue(string(input.Health)),
+ HealthRollup: types.StringValue(string(input.HealthRollup)),
+ State: types.StringValue(string(input.State)),
+ }
+}
+
+func newSupportedOEMAccountTypesState(input []string) []types.String {
+ out := make([]types.String, 0)
+ for _, input := range input {
+ out = append(out, types.StringValue(string(input)))
+ }
+ return out
+}
+
+func newServiceAddressState(input []string) []types.String {
+ out := make([]types.String, 0)
+ for _, input := range input {
+ out = append(out, types.StringValue(input))
+ }
+ return out
+}
+
+func newLDAPState(input *redfish.AccountService) *models.LDAP {
+ return &models.LDAP{
+ Directory: newDirectoryState(input, LDAP),
+ LDAPService: newLDAPServiceState(&input.LDAP.LDAPService),
+ }
+}
+
+func newLDAPServiceState(input *redfish.LDAPService) *models.LDAPService {
+ return &models.LDAPService{
+ SearchSettings: newSearchSettingsState(&input.SearchSettings),
+ }
+}
+
+func newSearchSettingsState(input *redfish.LDAPSearchSettings) *models.SearchSettings {
+ return &models.SearchSettings{
+ BaseDistinguishedNames: newBaseDistinguishedNamesState(input.BaseDistinguishedNames),
+ GroupNameAttribute: types.StringValue(input.GroupNameAttribute),
+ UsernameAttribute: types.StringValue(input.UsernameAttribute),
+ }
+}
+
+func newBaseDistinguishedNamesState(inputs []string) []types.String {
+ out := make([]types.String, 0)
+ for _, input := range inputs {
+ out = append(out, types.StringValue(string(input)))
+ }
+ return out
+}
+
+func newAuthenticationTypeState(inputs redfish.AuthenticationTypes) types.String {
+ return types.StringValue(string(inputs))
+}
+
+func newSupportedAccountTypesState(inputs []redfish.AccountTypes) []types.String {
+ out := make([]types.String, 0)
+ for _, input := range inputs {
+ out = append(out, types.StringValue(string(input)))
+ }
+ return out
+}
+
+// DirectoryServiceAuthProviderSchema is a function that returns the schema for Directory Service Auth Provider
+func DirectoryServiceAuthProviderSchema() map[string]schema.Attribute {
+ return map[string]schema.Attribute{
+ "odata_id": schema.StringAttribute{
+ MarkdownDescription: "OData ID for the Account Service instance",
+ Description: "OData ID for the Account Service instance",
+ Computed: true,
+ },
+ "id": schema.StringAttribute{
+ MarkdownDescription: "ID of the Account Service",
+ Description: "ID of the Account Service",
+ Computed: true,
+ },
+ "name": schema.StringAttribute{
+ MarkdownDescription: "Name of the Account Service.",
+ Description: "Name of the Account Service.",
+ Computed: true,
+ },
+ "description": schema.StringAttribute{
+ MarkdownDescription: "Description of the Account Service",
+ Description: "Description Of the Account Service",
+ Computed: true,
+ },
+ "account_lockout_counter_reset_after": schema.Int64Attribute{
+ MarkdownDescription: "Account Lockout Counter Reset After",
+ Description: "Account Lockout Counter Reset After",
+ Computed: true,
+ },
+ "account_lockout_duration": schema.Int64Attribute{
+ MarkdownDescription: "Account Lockout Duration",
+ Description: "Account Lockout Duration",
+ Computed: true,
+ },
+ "account_lockout_threshold": schema.Int64Attribute{
+ MarkdownDescription: "Account Lockout Threshold",
+ Description: "Account Lockout Threshold",
+ Computed: true,
+ },
+ "accounts": schema.StringAttribute{
+ MarkdownDescription: "Accounts is a link to a Resource Collection of type ManagerAccountCollection.",
+ Description: "Accounts is a link to a Resource Collection of type ManagerAccountCollection.",
+ Computed: true,
+ },
+ "active_directory": schema.SingleNestedAttribute{
+ MarkdownDescription: "Active Directory",
+ Description: "Active Directory",
+ Attributes: ActiveDirectorySchema(),
+ Computed: true,
+ },
+ "additional_external_account_providers": schema.StringAttribute{
+ MarkdownDescription: "AdditionalExternalAccountProviders is the additional external account providers that this Account Service uses.",
+ Description: "AdditionalExternalAccountProviders is the additional external account providers that this Account Service uses.",
+ Computed: true,
+ },
+ "auth_failure_logging_threshold": schema.Int64Attribute{
+ MarkdownDescription: "Auth Failure Logging Threshold",
+ Description: "Auth Failure Logging Threshold",
+ Computed: true,
+ },
+ "ldap": schema.SingleNestedAttribute{
+ MarkdownDescription: "LDAP",
+ Description: "LDAP",
+ Attributes: LDAPSchema(),
+ Computed: true,
+ },
+ "local_account_auth": schema.StringAttribute{
+ MarkdownDescription: "Local Account Auth",
+ Description: "Local Account Auth",
+ Computed: true,
+ },
+ "max_password_length": schema.Int64Attribute{
+ MarkdownDescription: "Maximum Length of the Password",
+ Description: "Maximum Length of the Password",
+ Computed: true,
+ },
+ "min_password_length": schema.Int64Attribute{
+ MarkdownDescription: "Minimum Length of the Password",
+ Description: "Minimum Length of the Password",
+ Computed: true,
+ },
+ "password_expiration_days": schema.Int64Attribute{
+ MarkdownDescription: "Password Expiration Days",
+ Description: "Password Expiration Days",
+ Computed: true,
+ },
+ "privilege_map": schema.StringAttribute{
+ MarkdownDescription: "Privilege Map",
+ Description: "Privilege Map",
+ Computed: true,
+ },
+ "roles": schema.StringAttribute{
+ MarkdownDescription: "roles is a link to a Resource Collection of type RoleCollection.",
+ Description: "roles is a link to a Resource Collection of type RoleCollection.",
+ Computed: true,
+ },
+ "service_enabled": schema.BoolAttribute{
+ MarkdownDescription: "ServiceEnabled indicate whether the Accountr Service is enabled.",
+ Description: "ServiceEnabled indicate whether the Accountr Service is enabled.",
+ Computed: true,
+ },
+ "status": schema.SingleNestedAttribute{
+ MarkdownDescription: "Status is any status or health properties of the Resource.",
+ Description: "Status is any status or health properties of the Resource.",
+ Computed: true,
+ Attributes: StatusSchema(),
+ },
+ "supported_account_types": schema.ListAttribute{
+ ElementType: types.StringType,
+ MarkdownDescription: "SupportedAccountTypes is an array of the account types supported by the service.",
+ Description: "SupportedAccountTypes is an array of the account types supported by the service.",
+ Computed: true,
+ },
+ "supported_oem_account_types": schema.ListAttribute{
+ ElementType: types.StringType,
+ MarkdownDescription: "SupportedOEMAccountTypes is an array of the OEM account types supported by the service.",
+ Description: "SupportedOEMAccountTypes is an array of the OEM account types supported by the service.",
+ Computed: true,
+ },
+ }
+}
+
+// DirectorySchema is a function that returns the schema for Directory
+func DirectorySchema() map[string]schema.Attribute {
+ return map[string]schema.Attribute{
+ "certificates": schema.StringAttribute{
+ MarkdownDescription: "Certificates is a link to a resource collection of type CertificateCollection" +
+ " that contains certificates the external account provider uses.",
+ Description: "Certificates is a link to a resource collection of type CertificateCollection" +
+ " that contains certificates the external account provider uses.",
+ Computed: true,
+ },
+ "account_provider_type": schema.StringAttribute{
+ MarkdownDescription: "AccountProviderType is the type of external account provider to which this service connects.",
+ Description: "AccountProviderType is the type of external account provider to which this service connects.",
+ Computed: true,
+ },
+ "authentication": schema.SingleNestedAttribute{
+ MarkdownDescription: "Authentication information for the account provider.",
+ Description: "Authentication information for the account provider.",
+ Attributes: AuthenticationSchema(),
+ Computed: true,
+ },
+ "remote_role_mapping": schema.ListNestedAttribute{
+ MarkdownDescription: "Mapping rules that are used to convert the account providers account information to the local Redfish role",
+ Description: "Mapping rules that are used to convert the account providers account information to the local Redfish role",
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: RemoteRoleMappingSchema(),
+ },
+ Computed: true,
+ },
+ "service_addresses": schema.ListAttribute{
+ MarkdownDescription: "ServiceAddresses of the account providers",
+ Description: "ServiceAddresses of the account providers",
+ Computed: true,
+ ElementType: types.StringType,
+ },
+ "service_enabled": schema.BoolAttribute{
+ MarkdownDescription: "ServiceEnabled indicate whether this service is enabled.",
+ Description: "ServiceEnabled indicate whether this service is enabled.",
+ Computed: true,
+ },
+ }
+}
+
+// ActiveDirectorySchema is a function that returns the schema for Active Directory
+func ActiveDirectorySchema() map[string]schema.Attribute {
+ return map[string]schema.Attribute{
+ "directory": schema.SingleNestedAttribute{
+ MarkdownDescription: "Directory for Active Directory .",
+ Description: "Directory for Active Directory",
+ Attributes: DirectorySchema(),
+ Computed: true,
+ },
+ "kerberos_key_tab_file": schema.StringAttribute{
+ MarkdownDescription: "KerberosKeytab is a Base64-encoded version of the Kerberos keytab for this Service",
+ Description: "KerberosKeytab is a Base64-encoded version of the Kerberos keytab for this Service",
+ Computed: true,
+ },
+ }
+}
+
+// AuthenticationSchema is a function that returns the schema for Authentication
+func AuthenticationSchema() map[string]schema.Attribute {
+ return map[string]schema.Attribute{
+ "authentication_type": schema.StringAttribute{
+ MarkdownDescription: "AuthenticationType is used to connect to the account provider",
+ Description: "AuthenticationType is used to connect to the account provider",
+ Computed: true,
+ },
+ }
+}
+
+// RemoteRoleMappingSchema is a function that returns the schema for RemoteRoleMapping
+func RemoteRoleMappingSchema() map[string]schema.Attribute {
+ return map[string]schema.Attribute{
+ "remote_group": schema.StringAttribute{
+ MarkdownDescription: "Name of the remote group.",
+ Description: "Name of the remote group.",
+ Computed: true,
+ },
+ "local_role": schema.StringAttribute{
+ MarkdownDescription: "Role Assigned to the Group.",
+ Description: "Role Assigned to the Group.",
+ Computed: true,
+ },
+ }
+}
+
+// LDAPSchema is a function that returns the schema for LDAP
+func LDAPSchema() map[string]schema.Attribute {
+ return map[string]schema.Attribute{
+ "directory": schema.SingleNestedAttribute{
+ MarkdownDescription: "Directory for LDAP.",
+ Description: "Directory for LDAP",
+ Attributes: DirectorySchema(),
+ Computed: true,
+ },
+ "ldap_service": schema.SingleNestedAttribute{
+ MarkdownDescription: "LDAPService is any additional mapping information needed to parse a generic LDAP service.",
+ Description: "LDAPService is any additional mapping information needed to parse a generic LDAP service.",
+ Attributes: LDAPServiceSchema(),
+ Computed: true,
+ },
+ }
+}
+
+// LDAPServiceSchema is a function that returns the schema for LDAPService
+func LDAPServiceSchema() map[string]schema.Attribute {
+ return map[string]schema.Attribute{
+ "search_settings": schema.SingleNestedAttribute{
+ MarkdownDescription: "SearchSettings is the required settings to search an external LDAP service.",
+ Description: "SearchSettings is the required settings to search an external LDAP service.",
+ Attributes: SearchSettingsSchema(),
+ Computed: true,
+ },
+ }
+}
+
+// SearchSettingsSchema is a function that returns the schema for SearchSettings
+func SearchSettingsSchema() map[string]schema.Attribute {
+ return map[string]schema.Attribute{
+ "base_distinguished_names": schema.ListAttribute{
+ MarkdownDescription: "BaseDistinguishedNames is an array of base distinguished names to use to search an external LDAP service.",
+ Description: "BaseDistinguishedNames is an array of base distinguished names to use to search an external LDAP service.",
+ Computed: true,
+ ElementType: types.StringType,
+ },
+
+ "user_name_attribute": schema.StringAttribute{
+ MarkdownDescription: "UsernameAttribute is the attribute name that contains the LDAP user name.",
+ Description: "UsernameAttribute is the attribute name that contains the LDAP user name.",
+ Computed: true,
+ },
+
+ "group_name_attribute": schema.StringAttribute{
+ MarkdownDescription: "GroupNameAttribute is the attribute name that contains the LDAP group name.",
+ Description: "GroupNameAttribute is the attribute name that contains the LDAP group name.",
+ Computed: true,
+ },
+ }
+}
diff --git a/redfish/provider/data_source_redfish_directory_service_auth_provider_test.go b/redfish/provider/data_source_redfish_directory_service_auth_provider_test.go
new file mode 100644
index 00000000..f304d960
--- /dev/null
+++ b/redfish/provider/data_source_redfish_directory_service_auth_provider_test.go
@@ -0,0 +1,61 @@
+/*
+Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package provider
+
+import (
+ "fmt"
+ "regexp"
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// redfish.Power represents a concrete Go type that represents an API resource
+func TestAccRedfishDirectoryServiceAuthProviderDatasource_basic(t *testing.T) {
+ dsAuthProviderDatasourceName := "data.redfish_directory_service_auth_provider.ds_auth"
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccRedfishDatasourceDirectoryServiceAuthProviderConfig(creds),
+ Check: resource.ComposeAggregateTestCheckFunc(
+ resource.TestCheckResourceAttr(dsAuthProviderDatasourceName, "directory_service_auth_provider.id", "RemoteAccountService"),
+ resource.TestMatchResourceAttr(dsAuthProviderDatasourceName, "directory_service_auth_provider.odata_id", regexp.MustCompile(`.*AccountService`)),
+ ),
+ },
+ },
+ })
+}
+
+func testAccRedfishDatasourceDirectoryServiceAuthProviderConfig(testingInfo TestingServerCredentials) string {
+ return fmt.Sprintf(`
+ data "redfish_directory_service_auth_provider" "ds_auth" {
+ redfish_server {
+ user = "%s"
+ password = "%s"
+ endpoint = "https://%s"
+ ssl_insecure = true
+ }
+ }
+ `,
+ testingInfo.Username,
+ testingInfo.Password,
+ testingInfo.Endpoint,
+ )
+}
diff --git a/redfish/provider/provider.go b/redfish/provider/provider.go
index 0e36d882..8883cae1 100644
--- a/redfish/provider/provider.go
+++ b/redfish/provider/provider.go
@@ -188,6 +188,7 @@ func (*redfishProvider) DataSources(_ context.Context) []func() datasource.DataS
NewFirmwareInventoryDatasource,
NewNICDatasource,
NewStorageControllerDatasource,
+ NewDirectoryServiceAuthProviderDatasource,
}
}