ansible-collections · haiyuazhang · Aug 21, 2020 · Aug 19, 2020 · Aug 19, 2020 · Aug 19, 2020
diff --git a/plugins/modules/azure_rm_storageaccount.py b/plugins/modules/azure_rm_storageaccount.py
@@ -89,24 +89,26 @@
             - force
     https_only:
         description:
-            -  Allows https traffic only to storage service when set to C(true).
+            - Allows https traffic only to storage service when set to C(true).
+            - Allows update storage account property when set to C(False).
+            - Default value is C(False).
         type: bool
     minimum_tls_version:
         description:
             - The minimum required version of Transport Layer Security (TLS) for requests to a storage account.
-        default: 'TLS1_0'
+            - Default value is C(TLS1_0).
         choices:
             - TLS1_0
             - TLS1_1
             - TLS1_2
-        version_added: "2.10"
+        version_added: "1.0.0"
     allow_blob_public_access:
         description:
             - Allows blob containers in account to be set for anonymous public access.
             - If set to false, no containers in this account will be able to allow anonymous public access.
-        default: true
+            - Default value is C(True).
         type: bool
-        version_added: "2.10"
+        version_added: "1.1.0"
     network_acls:
         description:
             - Manages the Firewall and virtual networks settings of the storage account.
@@ -459,9 +461,9 @@ def __init__(self):
             tags=dict(type='dict'),
             kind=dict(type='str', default='Storage', choices=['Storage', 'StorageV2', 'BlobStorage', 'FileStorage', 'BlockBlobStorage']),
             access_tier=dict(type='str', choices=['Hot', 'Cool']),
-            https_only=dict(type='bool', default=False),
-            minimum_tls_version=dict(type='str', default='TLS1_0', choices=['TLS1_0', 'TLS1_1', 'TLS1_2']),
-            allow_blob_public_access=dict(type='bool', default=True),
+            https_only=dict(type='bool'),
+            minimum_tls_version=dict(type='str', choices=['TLS1_0', 'TLS1_1', 'TLS1_2']),
+            allow_blob_public_access=dict(type='bool'),
             network_acls=dict(type='dict'),
             blob_cors=dict(type='list', options=cors_rule_spec, elements='dict')
         )
@@ -685,7 +687,7 @@ def update_account(self):
                     self.results['changed'] = True
                     self.update_network_rule_set()
 
-        if bool(self.https_only) != bool(self.account_dict.get('https_only')):
+        if self.https_only is not None and bool(self.https_only) != bool(self.account_dict.get('https_only')):
             self.results['changed'] = True
             self.account_dict['https_only'] = self.https_only
             if not self.check_mode:
@@ -709,17 +711,18 @@ def update_account(self):
                 except Exception as exc:
                     self.fail("Failed to update account type: {0}".format(str(exc)))
 
-        if bool(self.allow_blob_public_access) != bool(self.account_dict.get('allow_blob_public_access')):
-            self.results['changed'] = True
-            self.account_dict['allow_blob_public_access'] = self.allow_blob_public_access
-            if not self.check_mode:
-                try:
-                    parameters = self.storage_models.StorageAccountUpdateParameters(allow_blob_public_access=self.allow_blob_public_access)
-                    self.storage_client.storage_accounts.update(self.resource_group,
-                                                                self.name,
-                                                                parameters)
-                except Exception as exc:
-                    self.fail("Failed to update account type: {0}".format(str(exc)))
+        if self.allow_blob_public_access is not None:
+            if bool(self.allow_blob_public_access) != bool(self.account_dict.get('allow_blob_public_access')):
+                self.results['changed'] = True
+                self.account_dict['allow_blob_public_access'] = self.allow_blob_public_access
+                if not self.check_mode:
+                    try:
+                        parameters = self.storage_models.StorageAccountUpdateParameters(allow_blob_public_access=self.allow_blob_public_access)
+                        self.storage_client.storage_accounts.update(self.resource_group,
+                                                                    self.name,
+                                                                    parameters)
+                    except Exception as exc:
+                        self.fail("Failed to update account type: {0}".format(str(exc)))
 
         if self.account_type:
             if self.account_type != self.account_dict['sku_name']:
@@ -824,6 +827,12 @@ def create_account(self):
             if self.blob_cors:
                 account_dict['blob_cors'] = self.blob_cors
             return account_dict
+        if bool(self.https_only):
+            self.https_only = False
+        if bool(self.minimum_tls_version):
+            self.minimum_tls_version = 'TLS1_0'
+        if bool(self.allow_blob_public_access):
+            self.allow_blob_public_access = True
         sku = self.storage_models.Sku(name=self.storage_models.SkuName(self.account_type))
         sku.tier = self.storage_models.SkuTier.standard if 'Standard' in self.account_type else \
             self.storage_models.SkuTier.premium

diff --git a/sanity-requirements-azure.txt b/sanity-requirements-azure.txt
@@ -2,3 +2,4 @@ voluptuous==0.11.7
 pycodestyle==2.6.0
 yamllint==1.24.2
 pylint==2.5.3
+cryptography==3.0
diff --git a/tests/integration/targets/azure_rm_storageaccount/tasks/main.yml b/tests/integration/targets/azure_rm_storageaccount/tasks/main.yml
@@ -41,7 +41,7 @@
        tags:
            test: test
            galaxy: galaxy
-       https_only: yes
+       https_only: no
        network_acls:
          bypass: AzureServices
          default_action: Deny
@@ -56,9 +56,7 @@
        - output.changed
        - output.state.id is defined
        - output.state.blob_cors | length == 1
-       - output.state.https_only
-       - output.state.minimum_tls_version == "TLS1_0" # default value
-       - output.state.allow_blob_public_access # default true value
+       - not output.state.https_only
        - output.state.network_acls.bypass == "AzureServices"
        - output.state.network_acls.default_action == "Deny"
        - output.state.network_acls.ip_rules | length == 1
@@ -85,9 +83,7 @@
        tags:
            test: test
            galaxy: galaxy
-       https_only: yes
-       minimum_tls_version: "TLS1_0" 
-       allow_blob_public_access: true
+       https_only: no
        network_acls:
          bypass: AzureServices
          default_action: Deny