From 27a700999ee8fd02c353472cc629a36e22e2dc15 Mon Sep 17 00:00:00 2001 From: magodo Date: Tue, 26 Sep 2023 11:35:24 +0800 Subject: [PATCH 1/4] AccTest: storage account (network rules) modify the test for `private_link` property --- ...age_account_network_rules_resource_test.go | 19 +++++++++++-------- .../storage/storage_account_resource_test.go | 16 ++++++++++------ 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/internal/services/storage/storage_account_network_rules_resource_test.go b/internal/services/storage/storage_account_network_rules_resource_test.go index 5fc967f200b2..89570235de49 100644 --- a/internal/services/storage/storage_account_network_rules_resource_test.go +++ b/internal/services/storage/storage_account_network_rules_resource_test.go @@ -426,13 +426,20 @@ resource "azurerm_storage_account_network_rules" "test" { ip_rules = [] virtual_network_subnet_ids = [] } -`, StorageAccountResource{}.networkRulesPrivateEndpointTemplate(data), data.RandomString) +`, StorageAccountResource{}.networkRulesTemplate(data), data.RandomString) } func (r StorageAccountNetworkRulesResource) privateLinkAccess(data acceptance.TestData) string { return fmt.Sprintf(` %s +resource "azurerm_search_service" "test" { + name = "acctestsearchservice%d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + sku = "basic" +} + resource "azurerm_storage_account" "test" { name = "unlikely23exst2acct%s" resource_group_name = azurerm_resource_group.test.name @@ -447,18 +454,14 @@ resource "azurerm_storage_account" "test" { resource "azurerm_storage_account_network_rules" "test" { storage_account_id = azurerm_storage_account.test.id - default_action = "Deny" ip_rules = ["127.0.0.1"] virtual_network_subnet_ids = [azurerm_subnet.test.id] private_link_access { - endpoint_resource_id = azurerm_private_endpoint.blob.id - } - private_link_access { - endpoint_resource_id = azurerm_private_endpoint.table.id + endpoint_resource_id = azurerm_search_service.test.id } } -`, StorageAccountResource{}.networkRulesPrivateEndpointTemplate(data), data.RandomString) +`, StorageAccountResource{}.networkRulesTemplate(data), data.RandomInteger, data.RandomString) } func (r StorageAccountNetworkRulesResource) synapseAccess(data acceptance.TestData) string { @@ -514,7 +517,7 @@ resource "azurerm_storage_account_network_rules" "test" { endpoint_resource_id = azurerm_synapse_workspace.test.id } } -`, StorageAccountResource{}.networkRulesPrivateEndpointTemplate(data), data.RandomString, data.RandomInteger) +`, StorageAccountResource{}.networkRulesTemplate(data), data.RandomString, data.RandomInteger) } func (r StorageAccountNetworkRulesResource) deploy(data acceptance.TestData) string { diff --git a/internal/services/storage/storage_account_resource_test.go b/internal/services/storage/storage_account_resource_test.go index 75e1b987bd0c..633e0bba0155 100644 --- a/internal/services/storage/storage_account_resource_test.go +++ b/internal/services/storage/storage_account_resource_test.go @@ -2273,7 +2273,7 @@ resource "azurerm_subnet" "test" { `, data.RandomInteger, data.Locations.Primary) } -func (r StorageAccountResource) networkRulesPrivateEndpointTemplate(data acceptance.TestData) string { +func (r StorageAccountResource) networkRulesPrivateLinkTrustedServiceTemplate(data acceptance.TestData) string { return fmt.Sprintf(` %[1]s @@ -2427,6 +2427,13 @@ func (r StorageAccountResource) networkRulesPrivateLinkAccess(data acceptance.Te return fmt.Sprintf(` %s +resource "azurerm_search_service" "test" { + name = "acctestsearchservice%d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + sku = "basic" +} + resource "azurerm_storage_account" "test" { name = "unlikely23exst2acct%s" resource_group_name = azurerm_resource_group.test.name @@ -2439,10 +2446,7 @@ resource "azurerm_storage_account" "test" { ip_rules = ["127.0.0.1"] virtual_network_subnet_ids = [azurerm_subnet.test.id] private_link_access { - endpoint_resource_id = azurerm_private_endpoint.blob.id - } - private_link_access { - endpoint_resource_id = azurerm_private_endpoint.table.id + endpoint_resource_id = azurerm_search_service.test.id } } @@ -2450,7 +2454,7 @@ resource "azurerm_storage_account" "test" { environment = "production" } } -`, r.networkRulesPrivateEndpointTemplate(data), data.RandomString) +`, r.networkRulesTemplate(data), data.RandomInteger, data.RandomString) } func (r StorageAccountResource) networkRulesSynapseAccess(data acceptance.TestData) string { From 3b0e486497f5dbbb95b7c1c3daaa2f54db9b84ef Mon Sep 17 00:00:00 2001 From: magodo Date: Tue, 26 Sep 2023 11:40:22 +0800 Subject: [PATCH 2/4] Remove hardcode the primary location --- .../storage/storage_account_network_rules_resource_test.go | 3 --- internal/services/storage/storage_account_resource_test.go | 3 --- 2 files changed, 6 deletions(-) diff --git a/internal/services/storage/storage_account_network_rules_resource_test.go b/internal/services/storage/storage_account_network_rules_resource_test.go index 89570235de49..9e0d64fbdef0 100644 --- a/internal/services/storage/storage_account_network_rules_resource_test.go +++ b/internal/services/storage/storage_account_network_rules_resource_test.go @@ -88,9 +88,6 @@ func TestAccStorageAccountNetworkRules_privateLinkAccess(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_storage_account_network_rules", "test") r := StorageAccountNetworkRulesResource{} - // Not all regions support setting the private endpoint resource as the endpoint resource in network_rules.private_link_access in the storage account - data.Locations.Primary = "westeurope" - data.ResourceTest(t, r, []acceptance.TestStep{ { Config: r.disablePrivateLinkAccess(data), diff --git a/internal/services/storage/storage_account_resource_test.go b/internal/services/storage/storage_account_resource_test.go index 633e0bba0155..0a53bf86a6b0 100644 --- a/internal/services/storage/storage_account_resource_test.go +++ b/internal/services/storage/storage_account_resource_test.go @@ -560,9 +560,6 @@ func TestAccStorageAccount_privateLinkAccess(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_storage_account", "test") r := StorageAccountResource{} - // Not all regions support setting the private endpoint resource as the endpoint resource in network_rules.private_link_access in the storage account - data.Locations.Primary = "westeurope" - data.ResourceTest(t, r, []acceptance.TestStep{ { Config: r.networkRules(data), From eb4a195ba85cbf2db2954cfbfe2612b728651f35 Mon Sep 17 00:00:00 2001 From: magodo Date: Tue, 26 Sep 2023 13:54:11 +0800 Subject: [PATCH 3/4] fmt --- .../storage/storage_account_network_rules_resource_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/services/storage/storage_account_network_rules_resource_test.go b/internal/services/storage/storage_account_network_rules_resource_test.go index 9e0d64fbdef0..979be69e7a14 100644 --- a/internal/services/storage/storage_account_network_rules_resource_test.go +++ b/internal/services/storage/storage_account_network_rules_resource_test.go @@ -450,7 +450,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_storage_account_network_rules" "test" { - storage_account_id = azurerm_storage_account.test.id + storage_account_id = azurerm_storage_account.test.id default_action = "Deny" ip_rules = ["127.0.0.1"] virtual_network_subnet_ids = [azurerm_subnet.test.id] From ef92ac6689aa9e1fcabf6a40a2b55c983782985e Mon Sep 17 00:00:00 2001 From: magodo Date: Tue, 26 Sep 2023 15:48:57 +0800 Subject: [PATCH 4/4] remove unused function --- .../storage/storage_account_resource_test.go | 78 ------------------- 1 file changed, 78 deletions(-) diff --git a/internal/services/storage/storage_account_resource_test.go b/internal/services/storage/storage_account_resource_test.go index 0a53bf86a6b0..4d6586ca5e39 100644 --- a/internal/services/storage/storage_account_resource_test.go +++ b/internal/services/storage/storage_account_resource_test.go @@ -2270,84 +2270,6 @@ resource "azurerm_subnet" "test" { `, data.RandomInteger, data.Locations.Primary) } -func (r StorageAccountResource) networkRulesPrivateLinkTrustedServiceTemplate(data acceptance.TestData) string { - return fmt.Sprintf(` -%[1]s - -resource "azurerm_subnet" "blob_endpoint" { - name = "acctestsnetblobendpoint-%[2]d" - resource_group_name = azurerm_resource_group.test.name - virtual_network_name = azurerm_virtual_network.test.name - address_prefixes = ["10.0.5.0/24"] - - enforce_private_link_endpoint_network_policies = true -} - -resource "azurerm_subnet" "table_endpoint" { - name = "acctestsnettableendpoint-%[2]d" - resource_group_name = azurerm_resource_group.test.name - virtual_network_name = azurerm_virtual_network.test.name - address_prefixes = ["10.0.6.0/24"] - - enforce_private_link_endpoint_network_policies = true -} - -resource "azurerm_storage_account" "blob_connection" { - name = "accblobconnacct%[3]s" - resource_group_name = azurerm_resource_group.test.name - location = azurerm_resource_group.test.location - account_tier = "Standard" - account_replication_type = "LRS" -} - -resource "azurerm_storage_account" "table_connection" { - name = "acctableconnacct%[3]s" - resource_group_name = azurerm_resource_group.test.name - location = azurerm_resource_group.test.location - account_tier = "Standard" - account_replication_type = "LRS" -} - -resource "azurerm_private_dns_zone" "blob" { - name = "privatelink.blob.core.windows.net" - resource_group_name = azurerm_resource_group.test.name -} - -resource "azurerm_private_dns_zone" "table" { - name = "privatelink.table.core.windows.net" - resource_group_name = azurerm_resource_group.test.name -} - -resource "azurerm_private_endpoint" "blob" { - name = "acctest-privatelink-blob-%[2]d" - location = azurerm_resource_group.test.location - resource_group_name = azurerm_resource_group.test.name - subnet_id = azurerm_subnet.blob_endpoint.id - - private_service_connection { - name = "acctest-privatelink-mssc-%[2]d" - private_connection_resource_id = azurerm_storage_account.blob_connection.id - subresource_names = ["blob"] - is_manual_connection = false - } -} - -resource "azurerm_private_endpoint" "table" { - name = "acctest-privatelink-table-%[2]d" - location = azurerm_resource_group.test.location - resource_group_name = azurerm_resource_group.test.name - subnet_id = azurerm_subnet.table_endpoint.id - - private_service_connection { - name = "acctest-privatelink-mssc-%[2]d" - private_connection_resource_id = azurerm_storage_account.table_connection.id - subresource_names = ["table"] - is_manual_connection = false - } -} -`, r.networkRulesTemplate(data), data.RandomInteger, data.RandomString) -} - func (r StorageAccountResource) networkRules(data acceptance.TestData) string { return fmt.Sprintf(` %s