diff --git a/internal/services/storage/storage_account_resource.go b/internal/services/storage/storage_account_resource.go index fd2f273fcc9c..827505438fb2 100644 --- a/internal/services/storage/storage_account_resource.go +++ b/internal/services/storage/storage_account_resource.go @@ -1589,6 +1589,17 @@ func resourceStorageAccountCreate(d *pluginsdk.ResourceData, meta interface{}) e } } + // TODO: This is a temporary limitation on Storage service. Remove this check once the API supports this scenario. + // See https://github.com/hashicorp/terraform-provider-azurerm/pull/25450#discussion_r1542471667 for the context. + if dnsEndpointType == string(storage.DNSEndpointTypeAzureDNSZone) { + if blobProperties.RestorePolicy != nil && blobProperties.RestorePolicy.Enabled != nil && *blobProperties.RestorePolicy.Enabled { + // Otherwise, API returns: "Required feature Global Dns is disabled" + // This is confirmed with the SRP team, where they said: + // > restorePolicy feature is incompatible with partitioned DNS + return fmt.Errorf("`blob_properties.restore_policy` can't be set when `dns_endpoint_type` is set to `%s`", storage.DNSEndpointTypeAzureDNSZone) + } + } + if _, err = blobClient.SetServiceProperties(ctx, id.ResourceGroupName, id.StorageAccountName, *blobProperties); err != nil { return fmt.Errorf("updating `blob_properties`: %+v", err) } @@ -1949,6 +1960,15 @@ func resourceStorageAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) e return fmt.Errorf("`versioning_enabled` can't be true when `is_hns_enabled` is true") } + if d.Get("dns_endpoint_type").(string) == string(storage.DNSEndpointTypeAzureDNSZone) { + if blobProperties.RestorePolicy != nil && blobProperties.RestorePolicy.Enabled != nil && *blobProperties.RestorePolicy.Enabled { + // Otherwise, API returns: "Required feature Global Dns is disabled" + // This is confirmed with the SRP team, where they said: + // > restorePolicy feature is incompatible with partitioned DNS + return fmt.Errorf("`blob_properties.restore_policy` can't be set when `dns_endpoint_type` is set to `%s`", storage.DNSEndpointTypeAzureDNSZone) + } + } + if _, err = blobClient.SetServiceProperties(ctx, id.ResourceGroupName, id.StorageAccountName, *blobProperties); err != nil { return fmt.Errorf("updating `blob_properties` for %s: %+v", *id, err) } diff --git a/website/docs/r/storage_account.html.markdown b/website/docs/r/storage_account.html.markdown index 6358d3a04319..4d40b0d48681 100644 --- a/website/docs/r/storage_account.html.markdown +++ b/website/docs/r/storage_account.html.markdown @@ -191,6 +191,8 @@ A `blob_properties` block supports the following: -> **NOTE:** This field cannot be configured when `kind` is set to `Storage` (V1). +-> **NOTE:** `restore_policy` can not be configured when `dns_endpoint_type` is `AzureDnsZone`. + * `versioning_enabled` - (Optional) Is versioning enabled? Default to `false`. -> **NOTE:** This field cannot be configured when `kind` is set to `Storage` (V1).