Skip to content

Commit

Permalink
storage: remove legacy config logic for AllowBlobPublicAccess and `…
Browse files Browse the repository at this point in the history
…MinimumTLSVersion`, as it fails with custom/private clouds and has no effect in built-in clouds
  • Loading branch information
manicminer committed Apr 10, 2024
1 parent eb93d1c commit 9b2d738
Showing 1 changed file with 12 additions and 24 deletions.
36 changes: 12 additions & 24 deletions internal/services/storage/storage_account_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -1353,46 +1353,34 @@ func resourceStorageAccountCreate(d *pluginsdk.ResourceData, meta interface{}) e

parameters := storage.AccountCreateParameters{
ExtendedLocation: expandEdgeZone(d.Get("edge_zone").(string)),
Kind: accountKind,
Location: &location,
Sku: &storage.Sku{
Name: storage.SkuName(storageType),
},
Tags: tags.Expand(t),
Kind: accountKind,
AccountPropertiesCreateParameters: &storage.AccountPropertiesCreateParameters{
PublicNetworkAccess: publicNetworkAccess,
EnableHTTPSTrafficOnly: &enableHTTPSTrafficOnly,
NetworkRuleSet: expandStorageAccountNetworkRules(d, tenantId),
IsHnsEnabled: &isHnsEnabled,
EnableNfsV3: &nfsV3Enabled,
AllowBlobPublicAccess: &allowBlobPublicAccess,
AllowCrossTenantReplication: &crossTenantReplication,
AllowSharedKeyAccess: &allowSharedKeyAccess,
DNSEndpointType: storage.DNSEndpointType(dnsEndpointType),
DefaultToOAuthAuthentication: &defaultToOAuthAuthentication,
AllowCrossTenantReplication: &crossTenantReplication,
SasPolicy: expandStorageAccountSASPolicy(d.Get("sas_policy").([]interface{})),
IsSftpEnabled: &isSftpEnabled,
EnableHTTPSTrafficOnly: &enableHTTPSTrafficOnly,
EnableNfsV3: &nfsV3Enabled,
IsHnsEnabled: &isHnsEnabled,
IsLocalUserEnabled: pointer.To(d.Get("local_user_enabled").(bool)),
DNSEndpointType: storage.DNSEndpointType(dnsEndpointType),
IsSftpEnabled: &isSftpEnabled,
MinimumTLSVersion: storage.MinimumTLSVersion(minimumTLSVersion),
NetworkRuleSet: expandStorageAccountNetworkRules(d, tenantId),
PublicNetworkAccess: publicNetworkAccess,
SasPolicy: expandStorageAccountSASPolicy(d.Get("sas_policy").([]interface{})),
},
}

if v := d.Get("allowed_copy_scope").(string); v != "" {
parameters.AccountPropertiesCreateParameters.AllowedCopyScope = storage.AllowedCopyScope(v)
}

// For all Clouds except Public, China, and USGovernmentCloud, don't specify "allow_blob_public_access" and "min_tls_version" in request body.
// https://github.com/hashicorp/terraform-provider-azurerm/issues/7812
// https://github.com/hashicorp/terraform-provider-azurerm/issues/8083
// USGovernmentCloud allow_blob_public_access and min_tls_version allowed as of issue 9128
// https://github.com/hashicorp/terraform-provider-azurerm/issues/9128
if envName != environments.AzurePublicCloud && envName != environments.AzureUSGovernmentCloud && envName != environments.AzureChinaCloud {
if allowBlobPublicAccess || minimumTLSVersion != string(storage.MinimumTLSVersionTLS10) {
return fmt.Errorf(`"allow_nested_items_to_be_public" and "min_tls_version" are not supported for a Storage Account located in %q`, envName)
}
} else {
parameters.AccountPropertiesCreateParameters.AllowBlobPublicAccess = &allowBlobPublicAccess
parameters.AccountPropertiesCreateParameters.MinimumTLSVersion = storage.MinimumTLSVersion(minimumTLSVersion)
}

storageAccountIdentity, err := expandAzureRmStorageAccountIdentity(d.Get("identity").([]interface{}))
if err != nil {
return err
Expand Down

0 comments on commit 9b2d738

Please sign in to comment.