param (
  [parameter(Mandatory=$true, HelpMessage="Cluster Name")]
  [string]$Cluster,

  [parameter(Mandatory=$true, HelpMessage="Vserver Name")]
  [string]$Vserver,

  [parameter(Mandatory=$true, HelpMessage="User Name")]
  [string]$Username,

  [parameter(Mandatory=$true, HelpMessage="Application Type")]
  [ValidateSet("console", "http", "ontapi", "snmp", "sp", "ssh")]
  [string]$Application,
  
  [parameter(Mandatory=$true, HelpMessage="Authentication Method")]
  [ValidateSet("community", "password", "publickey", "domain", "nsswitch", "usm")]
  [string]$AuthMethod,

  [parameter(Mandatory=$true, HelpMessage="Role")]
  [ValidateSet("admin", "backup", "none", "readonly", "rsa", "vsadmin", "vsadmin-backup", "vsadmin-protocol", "vsadmin-readonly", "vsadmin-volume")]
  [string]$Role,

  [parameter(Mandatory=$false, HelpMessage="User Password")]
  [Alias("Password_Password")]
  [string]$Password,

  [parameter(Mandatory=$false, HelpMessage="Comment")]
  [string]$Comment
)

# connect to controller
Connect-WfaCluster $Cluster

# base command
$command = "New-NcUser '$Username' -Vserver '$Vserver' -Application '$Application' -Role '$Role'"

# setting auth method based on application type
if ($Application -eq 'console')
{
  $command += " -AuthMethod password"
}
elseif ($Application -eq 'sp')
{
  $command += " -AuthMethod password"
}
elseif ($Application -eq 'snmp')
{
  $command += " -AuthMethod community"
}
else
{
  $command += " -AuthMethod '$AuthMethod'"
}

if ($AuthMethod -eq 'password')
{
  $SecurePassword= Get-WfaInputPassword -EncryptedPassword $Password
  $textPass= ConvertFromSecureToPlain -SecurePassword $SecurePassword
  #Get-WfaLogger -Info -Message $textPass
  $command += " -Password '$textPass'"
}

if ($Comment)
{
  $command += " -Comment '$Comment'"
}

# create user
Invoke-Expression -ErrorAction Stop $command