AccTest: storage account (network rules) modify the test for private_link property

[magodo]

Since Sep.11 (working well before), the API request for creating (PUT) or updating (PATCH) a storage account's networkAcls.resourceAccessRules will fail with the following error message:

{"error":{"code":"InvalidValuesForRequestParameters","message":"Values for request parameters are invalid: networkAcls.resourceAccessRules[*].resourceId. For more information, see - https://aka.ms/storagenetworkruleset"}}

The reason is Storage has enabled a validation to block invalid resource access rules to be added to storage account.

The allowed resource access rules must be for resource types in this list, while "Microsoft.Network/privateEndpoints" is not in the list.

It's also worth mentioning that there is a comment in the previous test:

	// Not all regions support setting the private endpoint resource as the endpoint resource in network_rules.private_link_access in the storage account
	data.Locations.Primary = "westeurope"

This seems to indicate the behavior is not supportive at all by the service.

This PR changes the resource being set to private_link from a private endpoint resource, to a resource that is "trusted".

Test

terraform-provider-azurerm on  storage_acctest_private_link via 🐹 v1.21.1 took 12m22s
💤  TF_ACC=1 go test -v -timeout=20h ./internal/services/storage -run='TestAccStorageAccount_privateLinkAccess|TestAccStorageAccountNetworkRules_privateLinkAccess|TestAccStorageAccountNetworkRules_SynapseAccess'
=== RUN   TestAccStorageAccountNetworkRules_privateLinkAccess
=== PAUSE TestAccStorageAccountNetworkRules_privateLinkAccess
=== RUN   TestAccStorageAccountNetworkRules_SynapseAccess
=== PAUSE TestAccStorageAccountNetworkRules_SynapseAccess
=== RUN   TestAccStorageAccount_privateLinkAccess
=== PAUSE TestAccStorageAccount_privateLinkAccess
=== CONT  TestAccStorageAccountNetworkRules_privateLinkAccess
=== CONT  TestAccStorageAccount_privateLinkAccess
=== CONT  TestAccStorageAccountNetworkRules_SynapseAccess
--- PASS: TestAccStorageAccount_privateLinkAccess (271.18s)
--- PASS: TestAccStorageAccountNetworkRules_privateLinkAccess (278.01s)
--- PASS: TestAccStorageAccountNetworkRules_SynapseAccess (579.96s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/storage       580.008s

[tombuildsstuff]

Left a question inline but this otherwise LGTM 👍

[tombuildsstuff]

sanity checking: does the standard sku of search support private link? else this'd break in the future

[magodo]

@tombuildsstuff Yes, I've tried the standard sku, which works fine. I believe the sku doesn't matter as otherwise it should be mentioned in https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal#trusted-access-based-on-a-managed-identity?

[stephybun]

Thanks for this @magodo. LGTM 👍

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.