Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_storage_account - Add sanity check for dns_endpoint_type and blob_properties.restore_policy #25450

Merged
merged 2 commits into from
Apr 15, 2024
Merged

azurerm_storage_account - Add sanity check for dns_endpoint_type and blob_properties.restore_policy #25450

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
90b0b38
`azurerm_storage_account` - Add sanity check for `dns_endpoint_type` …
magodo Mar 28, 2024
8fe042a
add comment to clarify the short-term limitation
magodo Apr 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions internal/services/storage/storage_account_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1589,6 +1589,15 @@ func resourceStorageAccountCreate(d *pluginsdk.ResourceData, meta interface{}) e
}
}

if dnsEndpointType == string(storage.DNSEndpointTypeAzureDNSZone) {
if blobProperties.RestorePolicy != nil && blobProperties.RestorePolicy.Enabled != nil && *blobProperties.RestorePolicy.Enabled {
// Otherwise, API returns: "Required feature Global Dns is disabled"
// This is confirmed with the SRP team, where they said:
// > restorePolicy feature is incompatible with partitioned DNS
Comment on lines +1596 to +1598
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did they mention if this is a temporary limitation, or something that's planned to be removed in the future?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tombuildsstuff I'll check with them and update it here later..

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@magodo any update on this?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay (as I was on vacation), I just got the reply from the service team that this is a temporary limitation, and they said they don't have an ETA when this will be supported.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No worries - hope you enjoyed the time off :)

Cool ok, in that case can we update this comment to clarify that this is a temporary limitation rather than long-term limitation and so we should re-check this in the future? Perhaps it'd also be worth linking to this thread too?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tombuildsstuff Sure, I've added the comment.

return fmt.Errorf("`blob_properties.restore_policy` can't be set when `dns_endpoint_type` is set to `%s`", storage.DNSEndpointTypeAzureDNSZone)
}
}

if _, err = blobClient.SetServiceProperties(ctx, id.ResourceGroupName, id.StorageAccountName, *blobProperties); err != nil {
return fmt.Errorf("updating `blob_properties`: %+v", err)
}
Expand Down Expand Up @@ -1949,6 +1958,15 @@ func resourceStorageAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) e
return fmt.Errorf("`versioning_enabled` can't be true when `is_hns_enabled` is true")
}

if d.Get("dns_endpoint_type").(string) == string(storage.DNSEndpointTypeAzureDNSZone) {
if blobProperties.RestorePolicy != nil && blobProperties.RestorePolicy.Enabled != nil && *blobProperties.RestorePolicy.Enabled {
// Otherwise, API returns: "Required feature Global Dns is disabled"
// This is confirmed with the SRP team, where they said:
// > restorePolicy feature is incompatible with partitioned DNS
return fmt.Errorf("`blob_properties.restore_policy` can't be set when `dns_endpoint_type` is set to `%s`", storage.DNSEndpointTypeAzureDNSZone)
}
}

if _, err = blobClient.SetServiceProperties(ctx, id.ResourceGroupName, id.StorageAccountName, *blobProperties); err != nil {
return fmt.Errorf("updating `blob_properties` for %s: %+v", *id, err)
}
Expand Down
2 changes: 2 additions & 0 deletions website/docs/r/storage_account.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,8 @@ A `blob_properties` block supports the following:

-> **NOTE:** This field cannot be configured when `kind` is set to `Storage` (V1).

-> **NOTE:** `restore_policy` can not be configured when `dns_endpoint_type` is `AzureDnsZone`.

* `versioning_enabled` - (Optional) Is versioning enabled? Default to `false`.

-> **NOTE:** This field cannot be configured when `kind` is set to `Storage` (V1).
Expand Down
Loading