Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Storage account - SAS token expiry upper limit #19188

Closed
1 task done
malcolmtylerfil opened this issue Nov 8, 2022 · 2 comments · Fixed by #19222
Closed
1 task done

Storage account - SAS token expiry upper limit #19188

malcolmtylerfil opened this issue Nov 8, 2022 · 2 comments · Fixed by #19222
Labels
enhancement service/storage
Milestone
v3.32.0

Comments

@malcolmtylerfil
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

We would like to implement the Azure built in policy for "Storage accounts should have shared access signature (SAS) policies configured"
(https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fbc1b984e-ddae-40cc-801a-050a030e4fbe)

However, the azurerm_storage_account resource does not allow for setting this value meaning storage accounts would imediately be non-compliant if built in this way. As a workaround we are using the azapi "type = "Microsoft.Storage/storageAccounts@2022-05-01" which does allow for this to be set in the json body but wee would prefer to use AzureRM.

New or Affected Resource(s)/Data Source(s)

azurerm_storage_account

Potential Terraform Configuration

sasPolicy = {
        expirationAction = "Log"
        sasExpirationPeriod = "00.04:00:00"
      }

References

No response
@magodo magodo mentioned this issue Nov 10, 2022
Merged
katbyte pushed a commit that referenced this issue Nov 14, 2022
@magodo
azurerm_storage_account - Support for sas_policy (#19222)
13ac1a1 
Fix #19188
@github-actions github-actions bot added this to the v3.32.0 milestone Nov 14, 2022
@github-actions
Copy link

This functionality has been released in v3.32.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 18, 2022
favoretti pushed a commit to favoretti/terraform-provider-azurerm that referenced this issue Jan 12, 2023
@magodo @favoretti
azurerm_storage_account - Support for sas_policy (hashicorp#19222)
37bb96a 
Fix hashicorp#19188
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement service/storage
Projects
None yet
Milestone
v3.32.0
Development

Successfully merging a pull request may close this issue.

azurerm_storage_account - Support for sas_policy magodo/terraform-provider-azurerm
2 participants
@catriona-m @malcolmtylerfil