From 10fe670da6d8abaa5cc71cce6007b43f477c3aad Mon Sep 17 00:00:00 2001 From: Giorgio Date: Thu, 23 Jul 2020 22:47:32 +0200 Subject: [PATCH 01/11] add min tls version for storage accounts --- .../storage/data_source_storage_account.go | 6 ++ .../storage/resource_arm_storage_account.go | 29 ++++++++ .../resource_arm_storage_account_test.go | 72 +++++++++++++++++++ website/docs/d/storage_account.html.markdown | 2 + website/docs/r/storage_account.html.markdown | 2 + 5 files changed, 111 insertions(+) diff --git a/azurerm/internal/services/storage/data_source_storage_account.go b/azurerm/internal/services/storage/data_source_storage_account.go index 07531d69f4ec..8a5f8355a861 100644 --- a/azurerm/internal/services/storage/data_source_storage_account.go +++ b/azurerm/internal/services/storage/data_source_storage_account.go @@ -72,6 +72,11 @@ func dataSourceArmStorageAccount() *schema.Resource { Computed: true, }, + "min_tls_version": { + Type: schema.TypeString, + Computed: true, + }, + "allow_blob_public_access": { Type: schema.TypeBool, Computed: true, @@ -311,6 +316,7 @@ func dataSourceArmStorageAccountRead(d *schema.ResourceData, meta interface{}) e if props := resp.AccountProperties; props != nil { d.Set("access_tier", props.AccessTier) d.Set("enable_https_traffic_only", props.EnableHTTPSTrafficOnly) + d.Set("min_tls_version", props.MinimumTLSVersion) d.Set("is_hns_enabled", props.IsHnsEnabled) d.Set("allow_blob_public_access", props.AllowBlobPublicAccess) diff --git a/azurerm/internal/services/storage/resource_arm_storage_account.go b/azurerm/internal/services/storage/resource_arm_storage_account.go index c1ebea6d0933..74beaf2fb66d 100644 --- a/azurerm/internal/services/storage/resource_arm_storage_account.go +++ b/azurerm/internal/services/storage/resource_arm_storage_account.go @@ -139,6 +139,18 @@ func resourceArmStorageAccount() *schema.Resource { Default: true, }, + "min_tls_version": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Default: storage.TLS12, + ValidateFunc: validation.StringInSlice([]string{ + string(storage.TLS10), + string(storage.TLS11), + string(storage.TLS12), + }, false), + }, + "is_hns_enabled": { Type: schema.TypeBool, Optional: true, @@ -620,6 +632,7 @@ func resourceArmStorageAccountCreate(d *schema.ResourceData, meta interface{}) e location := azure.NormalizeLocation(d.Get("location").(string)) t := d.Get("tags").(map[string]interface{}) enableHTTPSTrafficOnly := d.Get("enable_https_traffic_only").(bool) + minimumTLSVersion := d.Get("min_tls_version").(string) isHnsEnabled := d.Get("is_hns_enabled").(bool) allowBlobPublicAccess := d.Get("allow_blob_public_access").(bool) @@ -636,6 +649,7 @@ func resourceArmStorageAccountCreate(d *schema.ResourceData, meta interface{}) e Kind: storage.Kind(accountKind), AccountPropertiesCreateParameters: &storage.AccountPropertiesCreateParameters{ EnableHTTPSTrafficOnly: &enableHTTPSTrafficOnly, + MinimumTLSVersion: storage.MinimumTLSVersion(minimumTLSVersion), NetworkRuleSet: expandStorageAccountNetworkRules(d), IsHnsEnabled: &isHnsEnabled, AllowBlobPublicAccess: &allowBlobPublicAccess, @@ -872,6 +886,20 @@ func resourceArmStorageAccountUpdate(d *schema.ResourceData, meta interface{}) e } } + if d.HasChange("min_tls_version") { + minimumTLSVersion := d.Get("min_tls_version").(string) + + opts := storage.AccountUpdateParameters{ + AccountPropertiesUpdateParameters: &storage.AccountPropertiesUpdateParameters{ + MinimumTLSVersion: storage.MinimumTLSVersion(minimumTLSVersion), + }, + } + + if _, err := client.Update(ctx, resourceGroupName, storageAccountName, opts); err != nil { + return fmt.Errorf("Error updating Azure Storage Account min_tls_version %q: %+v", storageAccountName, err) + } + } + if d.HasChange("allow_blob_public_access") { allowBlobPublicAccess := d.Get("allow_blob_public_access").(bool) @@ -1039,6 +1067,7 @@ func resourceArmStorageAccountRead(d *schema.ResourceData, meta interface{}) err if props := resp.AccountProperties; props != nil { d.Set("access_tier", props.AccessTier) d.Set("enable_https_traffic_only", props.EnableHTTPSTrafficOnly) + d.Set("min_tls_version", props.MinimumTLSVersion) d.Set("is_hns_enabled", props.IsHnsEnabled) d.Set("allow_blob_public_access", props.AllowBlobPublicAccess) diff --git a/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go b/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go index 96bddf2f4bfa..3c8b9672020d 100644 --- a/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go +++ b/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go @@ -234,6 +234,49 @@ func TestAccAzureRMStorageAccount_enableHttpsTrafficOnly(t *testing.T) { }) } +func TestAccAzureRMStorageAccount_minTLSVersion(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_storage_account", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMStorageAccountDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMStorageAccount_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMStorageAccountExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_2"), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMStorageAccount_setMinTLSVersion(data, "TLS1_0"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMStorageAccountExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_0"), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMStorageAccount_setMinTLSVersion(data, "TLS1_1"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMStorageAccountExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_1"), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMStorageAccount_setMinTLSVersion(data, "TLS1_2"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMStorageAccountExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_2"), + ), + }, + }, + }) +} + func TestAccAzureRMStorageAccount_allowBlobPublicAccess(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_storage_account", "test") @@ -977,6 +1020,35 @@ resource "azurerm_storage_account" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomString) } +func testAccAzureRMStorageAccount_setMinTLSVersion(data acceptance.TestData, tlsVersion string) string { + return fmt.Sprintf(` + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-storage-%d" + location = "%s" +} + +resource "azurerm_storage_account" "test" { + name = "unlikely23exst2acct%s" + resource_group_name = azurerm_resource_group.test.name + + location = azurerm_resource_group.test.location + account_tier = "Standard" + account_replication_type = "LRS" + min_tls_vresion = "%s" + + tags = { + environment = "production" + } +} + + `, data.RandomInteger, data.Locations.Primary, data.RandomString, tlsVersion) +} + func testAccAzureRMStorageAccount_allowBlobPublicAccess(data acceptance.TestData) string { return fmt.Sprintf(` diff --git a/website/docs/d/storage_account.html.markdown b/website/docs/d/storage_account.html.markdown index c7f18fb4d8a2..bf42fe608f15 100644 --- a/website/docs/d/storage_account.html.markdown +++ b/website/docs/d/storage_account.html.markdown @@ -46,6 +46,8 @@ output "storage_account_tier" { * `enable_https_traffic_only` - Is traffic only allowed via HTTPS? See [here](https://docs.microsoft.com/en-us/azure/storage/storage-require-secure-transfer/) for more information. +* `min_tls_version` - The minimum supported TLS version for this App Service. + * `allow_blob_public_access` - Is public access allowed to all blobs or containers in the storage account? * `is_hns_enabled` - Is Hierarchical Namespace enabled? diff --git a/website/docs/r/storage_account.html.markdown b/website/docs/r/storage_account.html.markdown index 492d856329a8..82cd95170f63 100644 --- a/website/docs/r/storage_account.html.markdown +++ b/website/docs/r/storage_account.html.markdown @@ -97,6 +97,8 @@ The following arguments are supported: * `enable_https_traffic_only` - (Optional) Boolean flag which forces HTTPS if enabled, see [here](https://docs.microsoft.com/en-us/azure/storage/storage-require-secure-transfer/) for more information. Defaults to `true`. +* `min_tls_version` - (Optional) The minimum supported TLS version for the app service. Possible values are `TLS1_0`, `TLS1_1`, and `TLS1_2`. Defaults to `TLS1_2` for new storage accounts. + * `allow_blob_public_access` - Allow or disallow public access to all blobs or containers in the storage account. Defaults to `false`. * `is_hns_enabled` - (Optional) Is Hierarchical Namespace enabled? This can be used with Azure Data Lake Storage Gen 2 ([see here for more information](https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-quickstart-create-account/)). Changing this forces a new resource to be created. From 93fd7b4ed939f13c8ac9f36785954152ec11c647 Mon Sep 17 00:00:00 2001 From: Giorgio Date: Thu, 23 Jul 2020 23:08:46 +0200 Subject: [PATCH 02/11] fmt --- .teamcity/components/generated/services.kt | 1 + .../storage/resource_arm_storage_account.go | 2 +- .../resource_arm_storage_account_test.go | 70 +++++++++++++++++-- website/docs/r/storage_account.html.markdown | 2 +- 4 files changed, 67 insertions(+), 8 deletions(-) diff --git a/.teamcity/components/generated/services.kt b/.teamcity/components/generated/services.kt index 6fb6df7bc9bf..22f1e293baa8 100644 --- a/.teamcity/components/generated/services.kt +++ b/.teamcity/components/generated/services.kt @@ -72,6 +72,7 @@ var services = mapOf( "storage" to "Storage", "streamanalytics" to "Stream Analytics", "subscription" to "Subscription", + "synapse" to "Synapse", "iottimeseriesinsights" to "Time Series Insights", "trafficmanager" to "Traffic Manager", "web" to "Web" diff --git a/azurerm/internal/services/storage/resource_arm_storage_account.go b/azurerm/internal/services/storage/resource_arm_storage_account.go index 74beaf2fb66d..87ecc82d5cd4 100644 --- a/azurerm/internal/services/storage/resource_arm_storage_account.go +++ b/azurerm/internal/services/storage/resource_arm_storage_account.go @@ -143,7 +143,7 @@ func resourceArmStorageAccount() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, - Default: storage.TLS12, + Default: string(storage.TLS12), ValidateFunc: validation.StringInSlice([]string{ string(storage.TLS10), string(storage.TLS11), diff --git a/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go b/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go index 3c8b9672020d..5f606136486b 100644 --- a/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go +++ b/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go @@ -251,7 +251,7 @@ func TestAccAzureRMStorageAccount_minTLSVersion(t *testing.T) { }, data.ImportStep(), { - Config: testAccAzureRMStorageAccount_setMinTLSVersion(data, "TLS1_0"), + Config: testAccAzureRMStorageAccount_minTLSVersion10(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMStorageAccountExists(data.ResourceName), resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_0"), @@ -259,7 +259,7 @@ func TestAccAzureRMStorageAccount_minTLSVersion(t *testing.T) { }, data.ImportStep(), { - Config: testAccAzureRMStorageAccount_setMinTLSVersion(data, "TLS1_1"), + Config: testAccAzureRMStorageAccount_minTLSVersion11(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMStorageAccountExists(data.ResourceName), resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_1"), @@ -267,7 +267,7 @@ func TestAccAzureRMStorageAccount_minTLSVersion(t *testing.T) { }, data.ImportStep(), { - Config: testAccAzureRMStorageAccount_setMinTLSVersion(data, "TLS1_2"), + Config: testAccAzureRMStorageAccount_minTLSVersion12(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMStorageAccountExists(data.ResourceName), resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_2"), @@ -1020,7 +1020,7 @@ resource "azurerm_storage_account" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomString) } -func testAccAzureRMStorageAccount_setMinTLSVersion(data acceptance.TestData, tlsVersion string) string { +func testAccAzureRMStorageAccount_minTLSVersion10(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { @@ -1039,14 +1039,72 @@ resource "azurerm_storage_account" "test" { location = azurerm_resource_group.test.location account_tier = "Standard" account_replication_type = "LRS" - min_tls_vresion = "%s" + min_tls_vresion = "TLS1_0" tags = { environment = "production" } } - `, data.RandomInteger, data.Locations.Primary, data.RandomString, tlsVersion) + `, data.RandomInteger, data.Locations.Primary, data.RandomString) +} + +func testAccAzureRMStorageAccount_minTLSVersion11(data acceptance.TestData) string { + return fmt.Sprintf(` + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-storage-%d" + location = "%s" +} + +resource "azurerm_storage_account" "test" { + name = "unlikely23exst2acct%s" + resource_group_name = azurerm_resource_group.test.name + + location = azurerm_resource_group.test.location + account_tier = "Standard" + account_replication_type = "LRS" + min_tls_vresion = "TLS1_1" + + tags = { + environment = "production" + } +} + + `, data.RandomInteger, data.Locations.Primary, data.RandomString) +} + +func testAccAzureRMStorageAccount_minTLSVersion12(data acceptance.TestData) string { + return fmt.Sprintf(` + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-storage-%d" + location = "%s" +} + +resource "azurerm_storage_account" "test" { + name = "unlikely23exst2acct%s" + resource_group_name = azurerm_resource_group.test.name + + location = azurerm_resource_group.test.location + account_tier = "Standard" + account_replication_type = "LRS" + min_tls_vresion = "TLS1_2" + + tags = { + environment = "production" + } +} + + `, data.RandomInteger, data.Locations.Primary, data.RandomString) } func testAccAzureRMStorageAccount_allowBlobPublicAccess(data acceptance.TestData) string { diff --git a/website/docs/r/storage_account.html.markdown b/website/docs/r/storage_account.html.markdown index 82cd95170f63..ddde30ffd4e5 100644 --- a/website/docs/r/storage_account.html.markdown +++ b/website/docs/r/storage_account.html.markdown @@ -97,7 +97,7 @@ The following arguments are supported: * `enable_https_traffic_only` - (Optional) Boolean flag which forces HTTPS if enabled, see [here](https://docs.microsoft.com/en-us/azure/storage/storage-require-secure-transfer/) for more information. Defaults to `true`. -* `min_tls_version` - (Optional) The minimum supported TLS version for the app service. Possible values are `TLS1_0`, `TLS1_1`, and `TLS1_2`. Defaults to `TLS1_2` for new storage accounts. +* `min_tls_version` - (Optional) The minimum supported TLS version for the storage account. Possible values are `TLS1_0`, `TLS1_1`, and `TLS1_2`. Defaults to `TLS1_2` for new storage accounts. * `allow_blob_public_access` - Allow or disallow public access to all blobs or containers in the storage account. Defaults to `false`. From bc7103f8728ba668b986166c0c79064841b60504 Mon Sep 17 00:00:00 2001 From: Giorgio Date: Thu, 23 Jul 2020 23:16:07 +0200 Subject: [PATCH 03/11] correct documentation --- website/docs/d/storage_account.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/d/storage_account.html.markdown b/website/docs/d/storage_account.html.markdown index bf42fe608f15..621ecc9dcf69 100644 --- a/website/docs/d/storage_account.html.markdown +++ b/website/docs/d/storage_account.html.markdown @@ -46,7 +46,7 @@ output "storage_account_tier" { * `enable_https_traffic_only` - Is traffic only allowed via HTTPS? See [here](https://docs.microsoft.com/en-us/azure/storage/storage-require-secure-transfer/) for more information. -* `min_tls_version` - The minimum supported TLS version for this App Service. +* `min_tls_version` - The minimum supported TLS version for this storage account. * `allow_blob_public_access` - Is public access allowed to all blobs or containers in the storage account? From 66c45ee144d40388c914b2a98fe0a2a4a2d1747d Mon Sep 17 00:00:00 2001 From: Giorgio Date: Fri, 24 Jul 2020 00:06:56 +0200 Subject: [PATCH 04/11] remove computed --- azurerm/internal/services/storage/data_source_storage_account.go | 1 - .../internal/services/storage/resource_arm_storage_account.go | 1 - 2 files changed, 2 deletions(-) diff --git a/azurerm/internal/services/storage/data_source_storage_account.go b/azurerm/internal/services/storage/data_source_storage_account.go index 8a5f8355a861..20f239d6d4ea 100644 --- a/azurerm/internal/services/storage/data_source_storage_account.go +++ b/azurerm/internal/services/storage/data_source_storage_account.go @@ -74,7 +74,6 @@ func dataSourceArmStorageAccount() *schema.Resource { "min_tls_version": { Type: schema.TypeString, - Computed: true, }, "allow_blob_public_access": { diff --git a/azurerm/internal/services/storage/resource_arm_storage_account.go b/azurerm/internal/services/storage/resource_arm_storage_account.go index 87ecc82d5cd4..3bbe98c87fdb 100644 --- a/azurerm/internal/services/storage/resource_arm_storage_account.go +++ b/azurerm/internal/services/storage/resource_arm_storage_account.go @@ -142,7 +142,6 @@ func resourceArmStorageAccount() *schema.Resource { "min_tls_version": { Type: schema.TypeString, Optional: true, - Computed: true, Default: string(storage.TLS12), ValidateFunc: validation.StringInSlice([]string{ string(storage.TLS10), From 4e7ad174b84e5e8610d49f78f816df691734c07f Mon Sep 17 00:00:00 2001 From: Giorgio Date: Fri, 24 Jul 2020 00:13:13 +0200 Subject: [PATCH 05/11] fmt --- .../internal/services/storage/data_source_storage_account.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/internal/services/storage/data_source_storage_account.go b/azurerm/internal/services/storage/data_source_storage_account.go index 20f239d6d4ea..beee185a9c38 100644 --- a/azurerm/internal/services/storage/data_source_storage_account.go +++ b/azurerm/internal/services/storage/data_source_storage_account.go @@ -73,7 +73,7 @@ func dataSourceArmStorageAccount() *schema.Resource { }, "min_tls_version": { - Type: schema.TypeString, + Type: schema.TypeString, }, "allow_blob_public_access": { From 7de3655bc244cd593b98102bd15e7234d3caa92c Mon Sep 17 00:00:00 2001 From: Giorgio Date: Fri, 24 Jul 2020 00:45:48 +0200 Subject: [PATCH 06/11] add optional --- .../internal/services/storage/data_source_storage_account.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/azurerm/internal/services/storage/data_source_storage_account.go b/azurerm/internal/services/storage/data_source_storage_account.go index beee185a9c38..1d8090949e33 100644 --- a/azurerm/internal/services/storage/data_source_storage_account.go +++ b/azurerm/internal/services/storage/data_source_storage_account.go @@ -73,7 +73,8 @@ func dataSourceArmStorageAccount() *schema.Resource { }, "min_tls_version": { - Type: schema.TypeString, + Type: schema.TypeString, + Optional: true, }, "allow_blob_public_access": { From 56ddc4b27aa37fcb50be952f8b61ccf2764611c8 Mon Sep 17 00:00:00 2001 From: Giorgio Date: Fri, 31 Jul 2020 10:37:26 +0200 Subject: [PATCH 07/11] add conversion and update tests --- .teamcity/components/generated/services.kt | 2 +- .../storage/data_source_storage_account.go | 2 +- .../storage/resource_arm_storage_account.go | 4 +- .../resource_arm_storage_account_test.go | 80 ++++--------------- website/docs/r/storage_account.html.markdown | 2 +- 5 files changed, 20 insertions(+), 70 deletions(-) diff --git a/.teamcity/components/generated/services.kt b/.teamcity/components/generated/services.kt index 22f1e293baa8..9f0880a8070e 100644 --- a/.teamcity/components/generated/services.kt +++ b/.teamcity/components/generated/services.kt @@ -72,7 +72,7 @@ var services = mapOf( "storage" to "Storage", "streamanalytics" to "Stream Analytics", "subscription" to "Subscription", - "synapse" to "Synapse", + "synapse" to "synapse", "iottimeseriesinsights" to "Time Series Insights", "trafficmanager" to "Traffic Manager", "web" to "Web" diff --git a/azurerm/internal/services/storage/data_source_storage_account.go b/azurerm/internal/services/storage/data_source_storage_account.go index 1d8090949e33..f6fc641a3fd3 100644 --- a/azurerm/internal/services/storage/data_source_storage_account.go +++ b/azurerm/internal/services/storage/data_source_storage_account.go @@ -316,7 +316,7 @@ func dataSourceArmStorageAccountRead(d *schema.ResourceData, meta interface{}) e if props := resp.AccountProperties; props != nil { d.Set("access_tier", props.AccessTier) d.Set("enable_https_traffic_only", props.EnableHTTPSTrafficOnly) - d.Set("min_tls_version", props.MinimumTLSVersion) + d.Set("min_tls_version", string(props.MinimumTLSVersion)) d.Set("is_hns_enabled", props.IsHnsEnabled) d.Set("allow_blob_public_access", props.AllowBlobPublicAccess) diff --git a/azurerm/internal/services/storage/resource_arm_storage_account.go b/azurerm/internal/services/storage/resource_arm_storage_account.go index 3bbe98c87fdb..8513afc5c5d0 100644 --- a/azurerm/internal/services/storage/resource_arm_storage_account.go +++ b/azurerm/internal/services/storage/resource_arm_storage_account.go @@ -142,7 +142,7 @@ func resourceArmStorageAccount() *schema.Resource { "min_tls_version": { Type: schema.TypeString, Optional: true, - Default: string(storage.TLS12), + Default: string(storage.TLS10), ValidateFunc: validation.StringInSlice([]string{ string(storage.TLS10), string(storage.TLS11), @@ -1066,7 +1066,7 @@ func resourceArmStorageAccountRead(d *schema.ResourceData, meta interface{}) err if props := resp.AccountProperties; props != nil { d.Set("access_tier", props.AccessTier) d.Set("enable_https_traffic_only", props.EnableHTTPSTrafficOnly) - d.Set("min_tls_version", props.MinimumTLSVersion) + d.Set("min_tls_version", string(props.MinimumTLSVersion)) d.Set("is_hns_enabled", props.IsHnsEnabled) d.Set("allow_blob_public_access", props.AllowBlobPublicAccess) diff --git a/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go b/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go index 5f606136486b..6a756e131f02 100644 --- a/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go +++ b/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go @@ -246,12 +246,12 @@ func TestAccAzureRMStorageAccount_minTLSVersion(t *testing.T) { Config: testAccAzureRMStorageAccount_basic(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMStorageAccountExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_2"), + resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_0"), ), }, data.ImportStep(), { - Config: testAccAzureRMStorageAccount_minTLSVersion10(data), + Config: testAccAzureRMStorageAccount_minTLSVersion(data, "TLS1_0"), Check: resource.ComposeTestCheckFunc( testCheckAzureRMStorageAccountExists(data.ResourceName), resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_0"), @@ -259,7 +259,7 @@ func TestAccAzureRMStorageAccount_minTLSVersion(t *testing.T) { }, data.ImportStep(), { - Config: testAccAzureRMStorageAccount_minTLSVersion11(data), + Config: testAccAzureRMStorageAccount_minTLSVersion(data, "TLS1_1"), Check: resource.ComposeTestCheckFunc( testCheckAzureRMStorageAccountExists(data.ResourceName), resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_1"), @@ -267,12 +267,20 @@ func TestAccAzureRMStorageAccount_minTLSVersion(t *testing.T) { }, data.ImportStep(), { - Config: testAccAzureRMStorageAccount_minTLSVersion12(data), + Config: testAccAzureRMStorageAccount_minTLSVersion(data, "TLS1_2"), Check: resource.ComposeTestCheckFunc( testCheckAzureRMStorageAccountExists(data.ResourceName), resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_2"), ), }, + data.ImportStep(), + { + Config: testAccAzureRMStorageAccount_minTLSVersion(data, "TLS1_1"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMStorageAccountExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_1"), + ), + }, }, }) } @@ -1020,65 +1028,7 @@ resource "azurerm_storage_account" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomString) } -func testAccAzureRMStorageAccount_minTLSVersion10(data acceptance.TestData) string { - return fmt.Sprintf(` - -provider "azurerm" { - features {} -} - -resource "azurerm_resource_group" "test" { - name = "acctestRG-storage-%d" - location = "%s" -} - -resource "azurerm_storage_account" "test" { - name = "unlikely23exst2acct%s" - resource_group_name = azurerm_resource_group.test.name - - location = azurerm_resource_group.test.location - account_tier = "Standard" - account_replication_type = "LRS" - min_tls_vresion = "TLS1_0" - - tags = { - environment = "production" - } -} - - `, data.RandomInteger, data.Locations.Primary, data.RandomString) -} - -func testAccAzureRMStorageAccount_minTLSVersion11(data acceptance.TestData) string { - return fmt.Sprintf(` - -provider "azurerm" { - features {} -} - -resource "azurerm_resource_group" "test" { - name = "acctestRG-storage-%d" - location = "%s" -} - -resource "azurerm_storage_account" "test" { - name = "unlikely23exst2acct%s" - resource_group_name = azurerm_resource_group.test.name - - location = azurerm_resource_group.test.location - account_tier = "Standard" - account_replication_type = "LRS" - min_tls_vresion = "TLS1_1" - - tags = { - environment = "production" - } -} - - `, data.RandomInteger, data.Locations.Primary, data.RandomString) -} - -func testAccAzureRMStorageAccount_minTLSVersion12(data acceptance.TestData) string { +func testAccAzureRMStorageAccount_minTLSVersion(data acceptance.TestData, tlsVersion string) string { return fmt.Sprintf(` provider "azurerm" { @@ -1097,14 +1047,14 @@ resource "azurerm_storage_account" "test" { location = azurerm_resource_group.test.location account_tier = "Standard" account_replication_type = "LRS" - min_tls_vresion = "TLS1_2" + min_tls_vresion = %s tags = { environment = "production" } } - `, data.RandomInteger, data.Locations.Primary, data.RandomString) + `, data.RandomInteger, data.Locations.Primary, data.RandomString, tlsVersion) } func testAccAzureRMStorageAccount_allowBlobPublicAccess(data acceptance.TestData) string { diff --git a/website/docs/r/storage_account.html.markdown b/website/docs/r/storage_account.html.markdown index ddde30ffd4e5..9147ef436f0a 100644 --- a/website/docs/r/storage_account.html.markdown +++ b/website/docs/r/storage_account.html.markdown @@ -97,7 +97,7 @@ The following arguments are supported: * `enable_https_traffic_only` - (Optional) Boolean flag which forces HTTPS if enabled, see [here](https://docs.microsoft.com/en-us/azure/storage/storage-require-secure-transfer/) for more information. Defaults to `true`. -* `min_tls_version` - (Optional) The minimum supported TLS version for the storage account. Possible values are `TLS1_0`, `TLS1_1`, and `TLS1_2`. Defaults to `TLS1_2` for new storage accounts. +* `min_tls_version` - (Optional) The minimum supported TLS version for the storage account. Possible values are `TLS1_0`, `TLS1_1`, and `TLS1_2`. Defaults to `TLS1_0` for new storage accounts. * `allow_blob_public_access` - Allow or disallow public access to all blobs or containers in the storage account. Defaults to `false`. From f0e9fb126c0c847465ee8aecbe1b2053e4650895 Mon Sep 17 00:00:00 2001 From: Giorgio Date: Fri, 31 Jul 2020 11:10:41 +0200 Subject: [PATCH 08/11] fmt --- .teamcity/components/generated/services.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/.teamcity/components/generated/services.kt b/.teamcity/components/generated/services.kt index 785ed1d713bc..dfca6b2f203f 100644 --- a/.teamcity/components/generated/services.kt +++ b/.teamcity/components/generated/services.kt @@ -73,7 +73,6 @@ var services = mapOf( "storage" to "Storage", "streamanalytics" to "Stream Analytics", "subscription" to "Subscription", - "synapse" to "synapse", "iottimeseriesinsights" to "Time Series Insights", "trafficmanager" to "Traffic Manager", "web" to "Web" From d4f2bf648c0305665227ff4b9d9fb9a4e9b081c0 Mon Sep 17 00:00:00 2001 From: Giorgio Date: Mon, 3 Aug 2020 13:46:50 +0200 Subject: [PATCH 09/11] remove attribute checks --- .../storage/tests/resource_arm_storage_account_test.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go b/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go index 6a756e131f02..7e9629c1651c 100644 --- a/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go +++ b/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go @@ -246,7 +246,6 @@ func TestAccAzureRMStorageAccount_minTLSVersion(t *testing.T) { Config: testAccAzureRMStorageAccount_basic(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMStorageAccountExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_0"), ), }, data.ImportStep(), @@ -254,7 +253,6 @@ func TestAccAzureRMStorageAccount_minTLSVersion(t *testing.T) { Config: testAccAzureRMStorageAccount_minTLSVersion(data, "TLS1_0"), Check: resource.ComposeTestCheckFunc( testCheckAzureRMStorageAccountExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_0"), ), }, data.ImportStep(), @@ -262,7 +260,6 @@ func TestAccAzureRMStorageAccount_minTLSVersion(t *testing.T) { Config: testAccAzureRMStorageAccount_minTLSVersion(data, "TLS1_1"), Check: resource.ComposeTestCheckFunc( testCheckAzureRMStorageAccountExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_1"), ), }, data.ImportStep(), @@ -270,7 +267,6 @@ func TestAccAzureRMStorageAccount_minTLSVersion(t *testing.T) { Config: testAccAzureRMStorageAccount_minTLSVersion(data, "TLS1_2"), Check: resource.ComposeTestCheckFunc( testCheckAzureRMStorageAccountExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_2"), ), }, data.ImportStep(), @@ -278,7 +274,6 @@ func TestAccAzureRMStorageAccount_minTLSVersion(t *testing.T) { Config: testAccAzureRMStorageAccount_minTLSVersion(data, "TLS1_1"), Check: resource.ComposeTestCheckFunc( testCheckAzureRMStorageAccountExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "min_tls_version", "TLS1_1"), ), }, }, From 81b1ed23f1fd9f4edf90469f5e0f70f302e056f1 Mon Sep 17 00:00:00 2001 From: Giorgio Date: Thu, 6 Aug 2020 06:14:23 +0200 Subject: [PATCH 10/11] fix typo --- .../services/storage/tests/resource_arm_storage_account_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go b/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go index 7e9629c1651c..a933ff4d20a6 100644 --- a/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go +++ b/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go @@ -1042,7 +1042,7 @@ resource "azurerm_storage_account" "test" { location = azurerm_resource_group.test.location account_tier = "Standard" account_replication_type = "LRS" - min_tls_vresion = %s + min_tls_version = %s tags = { environment = "production" From a3783f777299f557b9f1813116e11a4468df5ea9 Mon Sep 17 00:00:00 2001 From: Giorgio Date: Thu, 6 Aug 2020 07:03:21 +0200 Subject: [PATCH 11/11] add quotes --- .../services/storage/tests/resource_arm_storage_account_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go b/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go index a933ff4d20a6..b05acbe5c7bf 100644 --- a/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go +++ b/azurerm/internal/services/storage/tests/resource_arm_storage_account_test.go @@ -1042,7 +1042,7 @@ resource "azurerm_storage_account" "test" { location = azurerm_resource_group.test.location account_tier = "Standard" account_replication_type = "LRS" - min_tls_version = %s + min_tls_version = "%s" tags = { environment = "production"