Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r/storage_account: making default_action required #4037

Merged
merged 3 commits into from
Aug 9, 2019
Merged

r/storage_account: making default_action required #4037

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
298c478
r/storage_account: sorting the docs alphabtically
tombuildsstuff Aug 8, 2019
249371d
r/storage_account: defaulting the default_action field to 'Allow'
tombuildsstuff Aug 8, 2019
c67c666
r/storage_account: moving the 'not applicable' text under the top lev…
tombuildsstuff Aug 8, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions azurerm/resource_arm_storage_account.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,8 +167,9 @@ func resourceArmStorageAccount() *schema.Resource {

"network_rules": {
Type: schema.TypeList,
MaxItems: 1,
Optional: true,
Computed: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"bypass": {
Expand Down Expand Up @@ -205,7 +206,7 @@ func resourceArmStorageAccount() *schema.Resource {

"default_action": {
Type: schema.TypeString,
Optional: true,
Required: true,
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this not a breaking change?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The title says "changing default to allow" and the change is to make it required? 🤔

Copy link
Contributor Author

@tombuildsstuff tombuildsstuff Aug 8, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤦‍♂ my bad - this took a different approach in the end

This is currently set to Required in the documentation: https://www.terraform.io/docs/providers/azurerm/r/storage_account.html#default_action - as such this PR updates it to match.. I'll update the title.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll defer to you and @katbyte on whether you want to call this a breaking change or not.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

given this block is now Computed (and the API returns a default response here) I think we're safe to not call this a breaking change here

ValidateFunc: validation.StringInSlice([]string{
string(storage.DefaultActionAllow),
string(storage.DefaultActionDeny),
Expand Down
96 changes: 51 additions & 45 deletions website/docs/r/storage_account.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,77 +105,65 @@ The following arguments are supported:

* `custom_domain` - (Optional) A `custom_domain` block as documented below.

* `network_rules` - (Optional) A `network_rules` block as documented below.

* `enable_advanced_threat_protection` (Optional) Boolean flag which controls if advanced threat protection is enabled, see [here](https://docs.microsoft.com/en-us/azure/storage/common/storage-advanced-threat-protection) for more information. Defaults to `false`.

~> **Note:** `enable_advanced_threat_protection` is not supported in all regions.

* `tags` - (Optional) A mapping of tags to assign to the resource.
* `identity` - (Optional) A `identity` block as defined below.

* `identity` - (Optional) A Managed Service Identity block as defined below.
* `queue_properties` - (Optional) A `queue_properties` block as defined below.

* `queue_properties` - (Optional) A Queue Property block as defined below.

---
~> **NOTE:** `queue_properties` cannot be set when the `access_tier` is set to `BlobStorage`

* `custom_domain` supports the following:
* `network_rules` - (Optional) A `network_rules` block as documented below.

* `name` - (Optional) The Custom Domain Name to use for the Storage Account, which will be validated by Azure.
* `use_subdomain` - (Optional) Should the Custom Domain Name be validated by using indirect CNAME validation?
* `tags` - (Optional) A mapping of tags to assign to the resource.

---

* `network_rules` supports the following:
A `cors_rule` block supports the following:

* `default_action` - (Required) Specifies the default action of allow or deny when no other rules match. Valid options are `Deny` or `Allow`.
* `bypass` - (Optional) Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are
any combination of `Logging`, `Metrics`, `AzureServices`, or `None`.
* `ip_rules` - (Optional) List of public IP or IP ranges in CIDR Format. Only IPV4 addresses are allowed. Private IP address ranges (as defined in [RFC 1918](https://tools.ietf.org/html/rfc1918#section-3)) are not allowed.
* `virtual_network_subnet_ids` - (Optional) A list of resource ids for subnets.

~> **Note:** If specifying `network_rules`, one of either `ip_rules` or `virtual_network_subnet_ids` must be specified and `default_action` must be set to `Deny`.

~> **Note:** [More information on Validation is available here](https://docs.microsoft.com/en-gb/azure/storage/blobs/storage-custom-domain-name)
* `allowed_headers` - (Required) A list of headers that are allowed to be a part of the cross-origin request.

---
* `allowed_methods` - (Required) A list of http headers that are allowed to be executed by the origin. Valid options are
`DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS` or `PUT`.

`identity` supports the following:
* `allowed_origins` - (Required) A list of origin domains that will be allowed by CORS.

* `type` - (Required) Specifies the identity type of the Storage Account. At this time the only allowed value is `SystemAssigned`.
* `exposed_headers` - (Required) A list of response headers that are exposed to CORS clients.

~> The assigned `principal_id` and `tenant_id` can be retrieved after the identity `type` has been set to `SystemAssigned` and Storage Account has been created. More details are available below.
* `max_age_in_seconds` - (Required) The number of seconds the client should cache a preflight response.

---

`queue_properties` supports the following: not applicable when storage account type is **BlobStorage**
A `custom_domain` block supports the following:

* `cors_rule` - (Optional) A `cors_rule` block as defined below.
* `name` - (Optional) The Custom Domain Name to use for the Storage Account, which will be validated by Azure.
* `use_subdomain` - (Optional) Should the Custom Domain Name be validated by using indirect CNAME validation?

* `logging` - (Optional) A `logging` block as defined below.
---

* `minute_metrics` - (Optional) A `minute_metrics` block as defined below.
A `hour_metrics` block supports the following:

* `hour_metrics` - (Optional) A `hour_metrics` block as defined below.
* `enabled` - (Required) Indicates whether hour metrics are enabled for the Queue service. Changing this forces a new resource.

---
* `version` - (Required) The version of storage analytics to configure. Changing this forces a new resource.

`cors_rule` supports the following:
* `include_apis` - (Optional) Indicates whether metrics should generate summary statistics for called API operations.

* `allowed_headers` - (Required) A list of headers that are allowed to be a part of the cross-origin request.
* `retention_policy_days` - (Optional) Specifies the number of days that logs will be retained. Changing this forces a new resource.

* `allowed_methods` - (Required) A list of http headers that are allowed to be executed by the origin. Valid options are
`DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS` or `PUT`.
---

* `allowed_origins` - (Required) A list of origin domains that will be allowed by CORS.
A `identity` block supports the following:

* `exposed_headers` - (Required) A list of response headers that are exposed to CORS clients.
* `type` - (Required) Specifies the identity type of the Storage Account. At this time the only allowed value is `SystemAssigned`.

* `max_age_in_seconds` - (Required) The number of seconds the client should cache a preflight response.
~> The assigned `principal_id` and `tenant_id` can be retrieved after the identity `type` has been set to `SystemAssigned` and Storage Account has been created. More details are available below.

---
---

`logging` supports the following:
A `logging` block supports the following:

* `delete` - (Required) Indicates whether all delete requests should be logged. Changing this forces a new resource.

Expand All @@ -187,7 +175,9 @@ any combination of `Logging`, `Metrics`, `AzureServices`, or `None`.

* `retention_policy_days` - (Optional) Specifies the number of days that logs will be retained. Changing this forces a new resource.

`minute_metrics` supports the following:
---

A `minute_metrics` block supports the following:

* `enabled` - (Required) Indicates whether minute metrics are enabled for the Queue service. Changing this forces a new resource.

Expand All @@ -197,15 +187,31 @@ any combination of `Logging`, `Metrics`, `AzureServices`, or `None`.

* `retention_policy_days` - (Optional) Specifies the number of days that logs will be retained. Changing this forces a new resource.

`hour_metrics` supports the following:
---

* `enabled` - (Required) Indicates whether hour metrics are enabled for the Queue service. Changing this forces a new resource.
A `network_rules` block supports the following:

* `version` - (Required) The version of storage analytics to configure. Changing this forces a new resource.
* `default_action` - (Required) Specifies the default action of allow or deny when no other rules match. Valid options are `Deny` or `Allow`.
* `bypass` - (Optional) Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are
any combination of `Logging`, `Metrics`, `AzureServices`, or `None`.
* `ip_rules` - (Optional) List of public IP or IP ranges in CIDR Format. Only IPV4 addresses are allowed. Private IP address ranges (as defined in [RFC 1918](https://tools.ietf.org/html/rfc1918#section-3)) are not allowed.
* `virtual_network_subnet_ids` - (Optional) A list of resource ids for subnets.

* `include_apis` - (Optional) Indicates whether metrics should generate summary statistics for called API operations.
~> **Note:** If specifying `network_rules`, one of either `ip_rules` or `virtual_network_subnet_ids` must be specified and `default_action` must be set to `Deny`.

* `retention_policy_days` - (Optional) Specifies the number of days that logs will be retained. Changing this forces a new resource.
~> **Note:** [More information on Validation is available here](https://docs.microsoft.com/en-gb/azure/storage/blobs/storage-custom-domain-name)

---

A `queue_properties` block supports the following:

* `cors_rule` - (Optional) A `cors_rule` block as defined below.

* `logging` - (Optional) A `logging` block as defined below.

* `minute_metrics` - (Optional) A `minute_metrics` block as defined below.

* `hour_metrics` - (Optional) A `hour_metrics` block as defined below.

## Attributes Reference

Expand Down