From 40f8353ba0ea4dda55415b2182c44a624751d92d Mon Sep 17 00:00:00 2001
From: magodo <wztdyl@sina.com>
Date: Fri, 25 Feb 2022 14:10:31 +0800
Subject: [PATCH 1/2] `azurerm_storage_data_lake_gen2_filesystem` - add
 supports of `owner` and `group`

---
 ...rage_data_lake_gen2_filesystem_resource.go | 69 +++++++++++++++----
 ...data_lake_gen2_filesystem_resource_test.go | 44 ++++++++++++
 ...ge_data_lake_gen2_filesystem.html.markdown |  4 ++
 3 files changed, 105 insertions(+), 12 deletions(-)

diff --git a/internal/services/storage/storage_data_lake_gen2_filesystem_resource.go b/internal/services/storage/storage_data_lake_gen2_filesystem_resource.go
index 070a86911be3..a1710ca30a82 100644
--- a/internal/services/storage/storage_data_lake_gen2_filesystem_resource.go
+++ b/internal/services/storage/storage_data_lake_gen2_filesystem_resource.go
@@ -75,6 +75,20 @@ func resourceStorageDataLakeGen2FileSystem() *pluginsdk.Resource {
 
 			"properties": MetaDataSchema(),
 
+			"owner": {
+				Type:         pluginsdk.TypeString,
+				Optional:     true,
+				Computed:     true,
+				ValidateFunc: validation.IsUUID,
+			},
+
+			"group": {
+				Type:         pluginsdk.TypeString,
+				Optional:     true,
+				Computed:     true,
+				ValidateFunc: validation.IsUUID,
+			},
+
 			"ace": {
 				Type:     pluginsdk.TypeSet,
 				Optional: true,
@@ -168,15 +182,28 @@ func resourceStorageDataLakeGen2FileSystemCreate(d *pluginsdk.ResourceData, meta
 		return fmt.Errorf("creating File System %q in Storage Account %q: %s", fileSystemName, storageID.Name, err)
 	}
 
-	if acl != nil {
-		log.Printf("[INFO] Creating acl %q in File System %q in Storage Account %q.", acl, fileSystemName, storageID.Name)
+	var owner *string
+	if v, ok := d.GetOk("owner"); ok {
+		sv := v.(string)
+		owner = &sv
+	}
+	var group *string
+	if v, ok := d.GetOk("group"); ok {
+		sv := v.(string)
+		group = &sv
+	}
+
+	if acl != nil || owner != nil || group != nil {
 		var aclString *string
-		v := acl.String()
-		aclString = &v
+		if acl != nil {
+			log.Printf("[INFO] Creating acl %q in File System %q in Storage Account %q.", acl, fileSystemName, storageID.Name)
+			v := acl.String()
+			aclString = &v
+		}
 		accessControlInput := paths.SetAccessControlInput{
 			ACL:   aclString,
-			Owner: nil,
-			Group: nil,
+			Owner: owner,
+			Group: group,
 		}
 		if _, err := pathClient.SetAccessControl(ctx, storageID.Name, fileSystemName, "/", accessControlInput); err != nil {
 			return fmt.Errorf("setting access control for root path in File System %q in Storage Account %q: %s", fileSystemName, storageID.Name, err)
@@ -237,15 +264,28 @@ func resourceStorageDataLakeGen2FileSystemUpdate(d *pluginsdk.ResourceData, meta
 		return fmt.Errorf("updating Properties for File System %q in Storage Account %q: %s", id.DirectoryName, id.AccountName, err)
 	}
 
-	if acl != nil {
-		log.Printf("[INFO] Creating acl %q in File System %q in Storage Account %q.", acl, id.DirectoryName, id.AccountName)
+	var owner *string
+	if v, ok := d.GetOk("owner"); ok {
+		sv := v.(string)
+		owner = &sv
+	}
+	var group *string
+	if v, ok := d.GetOk("group"); ok {
+		sv := v.(string)
+		group = &sv
+	}
+
+	if acl != nil || owner != nil || group != nil {
 		var aclString *string
-		v := acl.String()
-		aclString = &v
+		if acl != nil {
+			log.Printf("[INFO] Creating acl %q in File System %q in Storage Account %q.", acl, id.DirectoryName, id.AccountName)
+			v := acl.String()
+			aclString = &v
+		}
 		accessControlInput := paths.SetAccessControlInput{
 			ACL:   aclString,
-			Owner: nil,
-			Group: nil,
+			Owner: owner,
+			Group: group,
 		}
 		if _, err := pathClient.SetAccessControl(ctx, id.AccountName, id.DirectoryName, "/", accessControlInput); err != nil {
 			return fmt.Errorf("setting access control for root path in File System %q in Storage Account %q: %s", id.DirectoryName, id.AccountName, err)
@@ -303,6 +343,7 @@ func resourceStorageDataLakeGen2FileSystemRead(d *pluginsdk.ResourceData, meta i
 	}
 
 	var ace []interface{}
+	var owner, group string
 	// acl is only enabled when `IsHnsEnabled` is true otherwise the rest api will report error
 	if storageAccount.AccountProperties != nil && storageAccount.AccountProperties.IsHnsEnabled != nil &&
 		*storageAccount.AccountProperties.IsHnsEnabled {
@@ -315,9 +356,13 @@ func resourceStorageDataLakeGen2FileSystemRead(d *pluginsdk.ResourceData, meta i
 				return fmt.Errorf("parsing response ACL %q: %s", pathResponse.ACL, err)
 			}
 			ace = FlattenDataLakeGen2AceList(acl)
+			owner = pathResponse.Owner
+			group = pathResponse.Group
 		}
 	}
 	d.Set("ace", ace)
+	d.Set("owner", owner)
+	d.Set("group", group)
 
 	return nil
 }
diff --git a/internal/services/storage/storage_data_lake_gen2_filesystem_resource_test.go b/internal/services/storage/storage_data_lake_gen2_filesystem_resource_test.go
index 65eff7c5401b..ce87d9a8ef59 100644
--- a/internal/services/storage/storage_data_lake_gen2_filesystem_resource_test.go
+++ b/internal/services/storage/storage_data_lake_gen2_filesystem_resource_test.go
@@ -116,6 +116,18 @@ func TestAccStorageDataLakeGen2FileSystem_handlesStorageAccountDeletion(t *testi
 	})
 }
 
+func TestAccStorageDataLakeGen2FileSystem_withOwnerGroup(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_storage_data_lake_gen2_filesystem", "test")
+	r := StorageDataLakeGen2FileSystemResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		data.DisappearsStep(acceptance.DisappearsStepData{
+			Config:       r.withOwnerGroup,
+			TestResource: r,
+		}),
+	})
+}
+
 func (r StorageDataLakeGen2FileSystemResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
 	id, err := filesystems.ParseResourceID(state.ID)
 	if err != nil {
@@ -296,3 +308,35 @@ resource "azurerm_storage_data_lake_gen2_filesystem" "test" {
 }
 `, template, data.RandomInteger)
 }
+
+func (r StorageDataLakeGen2FileSystemResource) withOwnerGroup(data acceptance.TestData) string {
+	template := r.template(data)
+	return fmt.Sprintf(`
+%s
+
+provider "azuread" {}
+
+data "azurerm_client_config" "current" {}
+
+resource "azurerm_role_assignment" "storage_blob_owner" {
+  role_definition_name = "Storage Blob Data Owner"
+  scope                = azurerm_resource_group.test.id
+  principal_id         = data.azurerm_client_config.current.object_id
+}
+
+resource "azuread_application" "test" {
+  display_name = "acctestspa%[2]d"
+}
+
+resource "azuread_service_principal" "test" {
+  application_id = azuread_application.test.application_id
+}
+
+resource "azurerm_storage_data_lake_gen2_filesystem" "test" {
+  name               = "acctest-%[2]d"
+  storage_account_id = azurerm_storage_account.test.id
+  owner = azuread_service_principal.test.object_id
+  group = azuread_service_principal.test.object_id
+}
+`, template, data.RandomInteger)
+}
diff --git a/website/docs/r/storage_data_lake_gen2_filesystem.html.markdown b/website/docs/r/storage_data_lake_gen2_filesystem.html.markdown
index 69dbc5a682d6..af29e1ef06d6 100644
--- a/website/docs/r/storage_data_lake_gen2_filesystem.html.markdown
+++ b/website/docs/r/storage_data_lake_gen2_filesystem.html.markdown
@@ -52,6 +52,10 @@ The following arguments are supported:
 
 * `ace` - (Optional) One or more `ace` blocks as defined below to specify the entries for the ACL for the path.
 
+* `owner` - (Optional) Specifies the Object ID of the Azure Active Directory User to make the owning user of the root path (i.e. `/`).
+
+* `group` - (Optional) Specifies the Object ID of the Azure Active Directory Group to make the owning group of the root path (i.e. `/`).
+
 ~> **NOTE:** The Storage Account requires `account_kind` to be either `StorageV2` or `BlobStorage`. In addition, `is_hns_enabled` has to be set to `true`.
 
 ---

From d58c8d71a6763b9d967e9c6fed8ce939e87585af Mon Sep 17 00:00:00 2001
From: magodo <wztdyl@sina.com>
Date: Fri, 25 Feb 2022 15:40:26 +0800
Subject: [PATCH 2/2] terrafmt

---
 .../storage_data_lake_gen2_filesystem_resource_test.go        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/services/storage/storage_data_lake_gen2_filesystem_resource_test.go b/internal/services/storage/storage_data_lake_gen2_filesystem_resource_test.go
index ce87d9a8ef59..f0104cb3e192 100644
--- a/internal/services/storage/storage_data_lake_gen2_filesystem_resource_test.go
+++ b/internal/services/storage/storage_data_lake_gen2_filesystem_resource_test.go
@@ -335,8 +335,8 @@ resource "azuread_service_principal" "test" {
 resource "azurerm_storage_data_lake_gen2_filesystem" "test" {
   name               = "acctest-%[2]d"
   storage_account_id = azurerm_storage_account.test.id
-  owner = azuread_service_principal.test.object_id
-  group = azuread_service_principal.test.object_id
+  owner              = azuread_service_principal.test.object_id
+  group              = azuread_service_principal.test.object_id
 }
 `, template, data.RandomInteger)
 }