From 87d555e8b24187d464fc1422af9756cb15924e75 Mon Sep 17 00:00:00 2001 From: magodo Date: Sat, 16 Apr 2022 11:04:54 +0800 Subject: [PATCH] `azurerm_storage_account` - Fix error when enabling identity and cmk --- .../storage/storage_account_resource.go | 29 ++++++++------- .../storage/storage_account_resource_test.go | 37 +++++++++++++++++++ 2 files changed, 52 insertions(+), 14 deletions(-) diff --git a/internal/services/storage/storage_account_resource.go b/internal/services/storage/storage_account_resource.go index be4aa6278775..eb3cc1b735cf 100644 --- a/internal/services/storage/storage_account_resource.go +++ b/internal/services/storage/storage_account_resource.go @@ -1394,6 +1394,21 @@ func resourceStorageAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) e } } + // Updating `identity` should occur before updating `customer_managed_key`, as the latter depends on an identity. + if d.HasChange("identity") { + storageAccountIdentity, err := expandAzureRmStorageAccountIdentity(d.Get("identity").([]interface{})) + if err != nil { + return err + } + opts := storage.AccountUpdateParameters{ + Identity: storageAccountIdentity, + } + + if _, err := client.Update(ctx, id.ResourceGroup, id.Name, opts); err != nil { + return fmt.Errorf("updating Azure Storage Account identity %q: %+v", id.Name, err) + } + } + if d.HasChange("customer_managed_key") { cmk := d.Get("customer_managed_key").([]interface{}) encryption, err := expandStorageAccountCustomerManagedKey(ctx, keyVaultClient, resourceClient, cmk) @@ -1475,20 +1490,6 @@ func resourceStorageAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) e } } - if d.HasChange("identity") { - storageAccountIdentity, err := expandAzureRmStorageAccountIdentity(d.Get("identity").([]interface{})) - if err != nil { - return err - } - opts := storage.AccountUpdateParameters{ - Identity: storageAccountIdentity, - } - - if _, err := client.Update(ctx, id.ResourceGroup, id.Name, opts); err != nil { - return fmt.Errorf("updating Azure Storage Account identity %q: %+v", id.Name, err) - } - } - if d.HasChange("network_rules") { opts := storage.AccountUpdateParameters{ AccountPropertiesUpdateParameters: &storage.AccountPropertiesUpdateParameters{ diff --git a/internal/services/storage/storage_account_resource_test.go b/internal/services/storage/storage_account_resource_test.go index 01c6ea17abcf..c39fae373d9b 100644 --- a/internal/services/storage/storage_account_resource_test.go +++ b/internal/services/storage/storage_account_resource_test.go @@ -1185,6 +1185,28 @@ func TestAccStorageAccount_customerManagedKeyRemoteKeyVault(t *testing.T) { }) } +func TestAccStorageAccount_updateToUsingIdentityAndCustomerManagedKey(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_storage_account", "test") + r := StorageAccountResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withoutCustomerManagedKey(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.customerManagedKey(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func TestAccStorageAccount_edgeZone(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_storage_account", "test") r := StorageAccountResource{} @@ -3454,6 +3476,21 @@ resource "azurerm_key_vault_key" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomString) } +func (r StorageAccountResource) withoutCustomerManagedKey(data acceptance.TestData) string { + return fmt.Sprintf(` +%s + +resource "azurerm_storage_account" "test" { + name = "unlikely23exst2acct%s" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + account_tier = "Standard" + account_replication_type = "LRS" + account_kind = "StorageV2" +} +`, r.cmkTemplate(data), data.RandomString) +} + func (r StorageAccountResource) customerManagedKey(data acceptance.TestData) string { return fmt.Sprintf(` %s