From 1fc8177a43c6deb7c1803e53cb0ec1dcce0c7c48 Mon Sep 17 00:00:00 2001 From: magodo Date: Mon, 15 Apr 2024 21:33:12 +0800 Subject: [PATCH] `azurerm_storage_account` - Add sanity check for `dns_endpoint_type` and `blob_properties.restore_policy` (#25450) * `azurerm_storage_account` - Add sanity check for `dns_endpoint_type` and `blob_properties.restore_policy` * add comment to clarify the short-term limitation --- .../storage/storage_account_resource.go | 20 +++++++++++++++++++ website/docs/r/storage_account.html.markdown | 2 ++ 2 files changed, 22 insertions(+) diff --git a/internal/services/storage/storage_account_resource.go b/internal/services/storage/storage_account_resource.go index 9d72c386a4e4..52d93d380c76 100644 --- a/internal/services/storage/storage_account_resource.go +++ b/internal/services/storage/storage_account_resource.go @@ -1586,6 +1586,17 @@ func resourceStorageAccountCreate(d *pluginsdk.ResourceData, meta interface{}) e } } + // TODO: This is a temporary limitation on Storage service. Remove this check once the API supports this scenario. + // See https://github.com/hashicorp/terraform-provider-azurerm/pull/25450#discussion_r1542471667 for the context. + if dnsEndpointType == string(storage.DNSEndpointTypeAzureDNSZone) { + if blobProperties.RestorePolicy != nil && blobProperties.RestorePolicy.Enabled != nil && *blobProperties.RestorePolicy.Enabled { + // Otherwise, API returns: "Required feature Global Dns is disabled" + // This is confirmed with the SRP team, where they said: + // > restorePolicy feature is incompatible with partitioned DNS + return fmt.Errorf("`blob_properties.restore_policy` can't be set when `dns_endpoint_type` is set to `%s`", storage.DNSEndpointTypeAzureDNSZone) + } + } + if _, err = blobClient.SetServiceProperties(ctx, id.ResourceGroupName, id.StorageAccountName, *blobProperties); err != nil { return fmt.Errorf("updating `blob_properties`: %+v", err) } @@ -1921,6 +1932,15 @@ func resourceStorageAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) e return fmt.Errorf("`versioning_enabled` can't be true when `is_hns_enabled` is true") } + if d.Get("dns_endpoint_type").(string) == string(storage.DNSEndpointTypeAzureDNSZone) { + if blobProperties.RestorePolicy != nil && blobProperties.RestorePolicy.Enabled != nil && *blobProperties.RestorePolicy.Enabled { + // Otherwise, API returns: "Required feature Global Dns is disabled" + // This is confirmed with the SRP team, where they said: + // > restorePolicy feature is incompatible with partitioned DNS + return fmt.Errorf("`blob_properties.restore_policy` can't be set when `dns_endpoint_type` is set to `%s`", storage.DNSEndpointTypeAzureDNSZone) + } + } + if _, err = blobClient.SetServiceProperties(ctx, id.ResourceGroupName, id.StorageAccountName, *blobProperties); err != nil { return fmt.Errorf("updating `blob_properties` for %s: %+v", *id, err) } diff --git a/website/docs/r/storage_account.html.markdown b/website/docs/r/storage_account.html.markdown index 720852252880..bb0c58d6fa30 100644 --- a/website/docs/r/storage_account.html.markdown +++ b/website/docs/r/storage_account.html.markdown @@ -193,6 +193,8 @@ A `blob_properties` block supports the following: -> **NOTE:** This field cannot be configured when `kind` is set to `Storage` (V1). +-> **NOTE:** `restore_policy` can not be configured when `dns_endpoint_type` is `AzureDnsZone`. + * `versioning_enabled` - (Optional) Is versioning enabled? Default to `false`. -> **NOTE:** This field cannot be configured when `kind` is set to `Storage` (V1).