From 9b2d738cccbd5cb859941465d6376d00630206b6 Mon Sep 17 00:00:00 2001 From: Tom Bamford Date: Wed, 10 Apr 2024 20:13:39 +0100 Subject: [PATCH] storage: remove legacy config logic for `AllowBlobPublicAccess` and `MinimumTLSVersion`, as it fails with custom/private clouds and has no effect in built-in clouds --- .../storage/storage_account_resource.go | 36 +++++++------------ 1 file changed, 12 insertions(+), 24 deletions(-) diff --git a/internal/services/storage/storage_account_resource.go b/internal/services/storage/storage_account_resource.go index ac928a323bf4..449d0e3a93ee 100644 --- a/internal/services/storage/storage_account_resource.go +++ b/internal/services/storage/storage_account_resource.go @@ -1353,25 +1353,27 @@ func resourceStorageAccountCreate(d *pluginsdk.ResourceData, meta interface{}) e parameters := storage.AccountCreateParameters{ ExtendedLocation: expandEdgeZone(d.Get("edge_zone").(string)), + Kind: accountKind, Location: &location, Sku: &storage.Sku{ Name: storage.SkuName(storageType), }, Tags: tags.Expand(t), - Kind: accountKind, AccountPropertiesCreateParameters: &storage.AccountPropertiesCreateParameters{ - PublicNetworkAccess: publicNetworkAccess, - EnableHTTPSTrafficOnly: &enableHTTPSTrafficOnly, - NetworkRuleSet: expandStorageAccountNetworkRules(d, tenantId), - IsHnsEnabled: &isHnsEnabled, - EnableNfsV3: &nfsV3Enabled, + AllowBlobPublicAccess: &allowBlobPublicAccess, + AllowCrossTenantReplication: &crossTenantReplication, AllowSharedKeyAccess: &allowSharedKeyAccess, + DNSEndpointType: storage.DNSEndpointType(dnsEndpointType), DefaultToOAuthAuthentication: &defaultToOAuthAuthentication, - AllowCrossTenantReplication: &crossTenantReplication, - SasPolicy: expandStorageAccountSASPolicy(d.Get("sas_policy").([]interface{})), - IsSftpEnabled: &isSftpEnabled, + EnableHTTPSTrafficOnly: &enableHTTPSTrafficOnly, + EnableNfsV3: &nfsV3Enabled, + IsHnsEnabled: &isHnsEnabled, IsLocalUserEnabled: pointer.To(d.Get("local_user_enabled").(bool)), - DNSEndpointType: storage.DNSEndpointType(dnsEndpointType), + IsSftpEnabled: &isSftpEnabled, + MinimumTLSVersion: storage.MinimumTLSVersion(minimumTLSVersion), + NetworkRuleSet: expandStorageAccountNetworkRules(d, tenantId), + PublicNetworkAccess: publicNetworkAccess, + SasPolicy: expandStorageAccountSASPolicy(d.Get("sas_policy").([]interface{})), }, } @@ -1379,20 +1381,6 @@ func resourceStorageAccountCreate(d *pluginsdk.ResourceData, meta interface{}) e parameters.AccountPropertiesCreateParameters.AllowedCopyScope = storage.AllowedCopyScope(v) } - // For all Clouds except Public, China, and USGovernmentCloud, don't specify "allow_blob_public_access" and "min_tls_version" in request body. - // https://github.com/hashicorp/terraform-provider-azurerm/issues/7812 - // https://github.com/hashicorp/terraform-provider-azurerm/issues/8083 - // USGovernmentCloud allow_blob_public_access and min_tls_version allowed as of issue 9128 - // https://github.com/hashicorp/terraform-provider-azurerm/issues/9128 - if envName != environments.AzurePublicCloud && envName != environments.AzureUSGovernmentCloud && envName != environments.AzureChinaCloud { - if allowBlobPublicAccess || minimumTLSVersion != string(storage.MinimumTLSVersionTLS10) { - return fmt.Errorf(`"allow_nested_items_to_be_public" and "min_tls_version" are not supported for a Storage Account located in %q`, envName) - } - } else { - parameters.AccountPropertiesCreateParameters.AllowBlobPublicAccess = &allowBlobPublicAccess - parameters.AccountPropertiesCreateParameters.MinimumTLSVersion = storage.MinimumTLSVersion(minimumTLSVersion) - } - storageAccountIdentity, err := expandAzureRmStorageAccountIdentity(d.Get("identity").([]interface{})) if err != nil { return err