diff --git a/internal/services/storage/storage_account_resource.go b/internal/services/storage/storage_account_resource.go index 49eb2adb7528..a39bd4c7804e 100644 --- a/internal/services/storage/storage_account_resource.go +++ b/internal/services/storage/storage_account_resource.go @@ -15,6 +15,7 @@ import ( "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2021-09-01/storage" // nolint: staticcheck azautorest "github.com/Azure/go-autorest/autorest" + "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/go-azure-helpers/lang/response" "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" "github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema" @@ -863,6 +864,12 @@ func resourceStorageAccount() *pluginsdk.Resource { Computed: true, }, + "local_user_enabled": { + Type: pluginsdk.TypeBool, + Optional: true, + Default: true, + }, + "primary_location": { Type: pluginsdk.TypeString, Computed: true, @@ -1351,6 +1358,7 @@ func resourceStorageAccountCreate(d *pluginsdk.ResourceData, meta interface{}) e AllowCrossTenantReplication: &crossTenantReplication, SasPolicy: expandStorageAccountSASPolicy(d.Get("sas_policy").([]interface{})), IsSftpEnabled: &isSftpEnabled, + IsLocalUserEnabled: pointer.To(d.Get("local_user_enabled").(bool)), }, } @@ -1819,6 +1827,17 @@ func resourceStorageAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) e } } + if d.HasChange("local_user_enabled") { + opts := storage.AccountUpdateParameters{ + AccountPropertiesUpdateParameters: &storage.AccountPropertiesUpdateParameters{ + IsLocalUserEnabled: pointer.To(d.Get("local_user_enabled").(bool)), + }, + } + if _, err := client.Update(ctx, id.ResourceGroupName, id.StorageAccountName, opts); err != nil { + return fmt.Errorf("updating `local_user_enabled` for %s: %+v", *id, err) + } + } + if d.HasChange("sftp_enabled") { sftpEnabled := d.Get("sftp_enabled").(bool) @@ -2285,6 +2304,13 @@ func resourceStorageAccountRead(d *pluginsdk.ResourceData, meta interface{}) err d.Set("large_file_share_enabled", props.LargeFileSharesState == storage.LargeFileSharesStateEnabled) } + // local_user_enabled defaults to true at service side when not specified in the API request. + isLocalEnabled := true + if props.IsLocalUserEnabled != nil { + isLocalEnabled = *props.IsLocalUserEnabled + } + d.Set("local_user_enabled", isLocalEnabled) + allowSharedKeyAccess := true if props.AllowSharedKeyAccess != nil { allowSharedKeyAccess = *props.AllowSharedKeyAccess diff --git a/internal/services/storage/storage_account_resource_test.go b/internal/services/storage/storage_account_resource_test.go index 9e3354260c8e..5fa555e2730d 100644 --- a/internal/services/storage/storage_account_resource_test.go +++ b/internal/services/storage/storage_account_resource_test.go @@ -1496,6 +1496,34 @@ func TestAccStorageAccount_isSftpEnabled(t *testing.T) { }) } +func TestAccStorageAccount_isLocalUserEnabled(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_storage_account", "test") + r := StorageAccountResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.isLocalUserEnabled(data, true), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.isLocalUserEnabled(data, false), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + { + Config: r.isLocalUserEnabled(data, true), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func TestAccStorageAccount_minimalShareProperties(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_storage_account", "test") r := StorageAccountResource{} @@ -4468,6 +4496,32 @@ resource "azurerm_storage_account" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomString) } +func (r StorageAccountResource) isLocalUserEnabled(data acceptance.TestData, v bool) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-storage-%d" + location = "%s" +} + +resource "azurerm_storage_account" "test" { + name = "unlikely23exst2acct%s" + resource_group_name = azurerm_resource_group.test.name + + location = azurerm_resource_group.test.location + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "LRS" + is_hns_enabled = true + sftp_enabled = true + local_user_enabled = %t +} +`, data.RandomInteger, data.Locations.Primary, data.RandomString, v) +} + func (r StorageAccountResource) blobPropertiesStorageKindNotSupportLastAccessTimeEnabled(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/website/docs/r/storage_account.html.markdown b/website/docs/r/storage_account.html.markdown index b35b752051ea..83a120eea1b9 100644 --- a/website/docs/r/storage_account.html.markdown +++ b/website/docs/r/storage_account.html.markdown @@ -148,6 +148,8 @@ The following arguments are supported: * `large_file_share_enabled` - (Optional) Is Large File Share Enabled? +* `local_user_enabled` - (Optional) Is Local User Enabled? Defaults to `true`. + * `azure_files_authentication` - (Optional) A `azure_files_authentication` block as defined below. * `routing` - (Optional) A `routing` block as defined below.