azurerm_storage_account doesn't properly support empty allowed_headers or exposed_headers

[bitcloud]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

(essentim-development:brew)root@19dc195c749c:/app# terraform -v
Terraform v0.14.8

• provider registry.terraform.io/hashicorp/azuread v1.4.0
• provider registry.terraform.io/hashicorp/azurerm v2.50.0

Affected Resource(s)

• azurerm_storage_account

Terraform Configuration Files

resource "azurerm_storage_account" "storageaccount" {
  name = var.storage_account_name
  resource_group_name = var.resource_group_name
  location = var.location
  account_tier = var.account_tier
  account_replication_type = var.account_replication_type
  enable_https_traffic_only = true
  allow_blob_public_access = true

  blob_properties{
    cors_rule{
        allowed_headers = []
        exposed_headers = []
        allowed_methods = ["GET","HEAD"]
        allowed_origins = ["*"]
        max_age_in_seconds = 3600
      }
  }
}

Expected Behaviour

rerunning plan after successful apply should not yield any changes.

Actual Behaviour

  ~ resource "azurerm_storage_account" "storageaccount" {
        id                             = "/subscriptions/0b6f86b5-2b96-45b5-afb1-846bd467f2a8/resourceGroups/Lab_brew/providers/Microsoft.Storage/storageAccounts/essentimlabbrew"
        name                           = "essentimlabbrew"
        tags                           = {
            "environment" = "brew"
        }
        # (29 unchanged attributes hidden)

      ~ blob_properties {
          ~ cors_rule {
              ~ allowed_headers    = [
                  - "",
                ]
              ~ exposed_headers    = [
                  - "",
                ]
                # (3 unchanged attributes hidden)
            }
        }


        # (2 unchanged blocks hidden)
    }

Steps to Reproduce

1. terraform apply
2. terraform plan

Notes

It seems that the azure API turns an empty array into an array with a single empty string in it. So I guess supplying an empty array should be invalid and providing an array with one empty string in it should be valid instead.
I already testet with the Azure API directly. Posting [] and [""] are both valid, but always resutls in [""] on readout. Supplying two empty strings is invalid (["",""]) on their api.

Currently there seems to be no way not to provide any header for allowed_headers or exposed_headers.

Same probably also impacts queue_properties.

• #0000

[alvintang]

Hello! I submitted a PR for this. I removed validation for empty string but set allowed_headers and exposed_headers to require at least one entry.

[jackofallops]

This looks like it was fixed in an earlier release (2.59.0) by #11692, as such I'm going to close this issue. If this is not the case, we can re-open.

[github-actions]

This functionality has been released in v2.67.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.