IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

provider/azurerm: add enable_blob_encryption to storage_account resource

Browse Source 
This allows Storage Service Encryption to be enabled.

TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMStorageAccount -timeout 120m
=== RUN   TestAccAzureRMStorageAccount_importBasic
--- PASS: TestAccAzureRMStorageAccount_importBasic (139.00s)
=== RUN   TestAccAzureRMStorageAccount_basic
--- PASS: TestAccAzureRMStorageAccount_basic (151.03s)
=== RUN   TestAccAzureRMStorageAccount_blobEncryption
--- PASS: TestAccAzureRMStorageAccount_blobEncryption (149.94s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/azurerm	440.051s
This commit is contained in:
Peter McAtominey 2016-10-05 15:22:28 +01:00
parent 6e84502b61
commit 0cb6e7df8b
3 changed files with 121 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
builtin/providers/azurerm/resource_arm_storage_account.go
View File

@ -14,6 +14,10 @@ import (
"github.com/hashicorp/terraform/helper/signalwrapper" "github.com/hashicorp/terraform/helper/signalwrapper"
) )
// The KeySource of storage.Encryption appears to require this value
// for Encryption services to work
var storageAccountEncryptionSource = "Microsoft.Storage"
func resourceArmStorageAccount() *schema.Resource { func resourceArmStorageAccount() *schema.Resource {
return &schema.Resource{ return &schema.Resource{
Create: resourceArmStorageAccountCreate, Create: resourceArmStorageAccountCreate,
@ -51,6 +55,11 @@ func resourceArmStorageAccount() *schema.Resource {
ValidateFunc: validateArmStorageAccountType, ValidateFunc: validateArmStorageAccountType,
}, },
"enable_blob_encryption": {
Type: schema.TypeBool,
Optional: true,
},
"primary_location": { "primary_location": {
Type: schema.TypeString, Type: schema.TypeString,
Computed: true, Computed: true,
@ -121,6 +130,7 @@ func resourceArmStorageAccountCreate(d *schema.ResourceData, meta interface{}) e
accountType := d.Get("account_type").(string) accountType := d.Get("account_type").(string)
location := d.Get("location").(string) location := d.Get("location").(string)
tags := d.Get("tags").(map[string]interface{}) tags := d.Get("tags").(map[string]interface{})
enableBlobEncryption := d.Get("enable_blob_encryption").(bool)
sku := storage.Sku{ sku := storage.Sku{
Name: storage.SkuName(accountType), Name: storage.SkuName(accountType),
@ -130,6 +140,16 @@ func resourceArmStorageAccountCreate(d *schema.ResourceData, meta interface{}) e
Location: &location, Location: &location,
Sku: &sku, Sku: &sku,
Tags: expandTags(tags), Tags: expandTags(tags),
Properties: &storage.AccountPropertiesCreateParameters{
Encryption: &storage.Encryption{
Services: &storage.EncryptionServices{
Blob: &storage.EncryptionService{
Enabled: &enableBlobEncryption,
},
},
KeySource: &storageAccountEncryptionSource,
},
},
} }
// Create the storage account. We wrap this so that it is cancellable // Create the storage account. We wrap this so that it is cancellable
@ -240,6 +260,29 @@ func resourceArmStorageAccountUpdate(d *schema.ResourceData, meta interface{}) e
d.SetPartial("tags") d.SetPartial("tags")
} }
if d.HasChange("enable_blob_encryption") {
enableBlobEncryption := d.Get("enable_blob_encryption").(bool)
opts := storage.AccountUpdateParameters{
Properties: &storage.AccountPropertiesUpdateParameters{
Encryption: &storage.Encryption{
Services: &storage.EncryptionServices{
Blob: &storage.EncryptionService{
Enabled: &enableBlobEncryption,
},
},
KeySource: &storageAccountEncryptionSource,
},
},
}
_, err := client.Update(resourceGroupName, storageAccountName, opts)
if err != nil {
return fmt.Errorf("Error updating Azure Storage Account enable_blob_encryption %q: %s", storageAccountName, err)
}
d.SetPartial("enable_blob_encryption")
}
d.Partial(false) d.Partial(false)
return nil return nil
} }
@ -301,6 +344,12 @@ func resourceArmStorageAccountRead(d *schema.ResourceData, meta interface{}) err
} }
} }
if resp.Properties.Encryption != nil {
if resp.Properties.Encryption.Services.Blob != nil {
d.Set("enable_blob_encryption", resp.Properties.Encryption.Services.Blob.Enabled)
}
}
d.Set("name", resp.Name) d.Set("name", resp.Name)
flattenAndSetTags(d, resp.Tags) flattenAndSetTags(d, resp.Tags)

68
builtin/providers/azurerm/resource_arm_storage_account_test.go
View File

@ -109,6 +109,36 @@ func TestAccAzureRMStorageAccount_disappears(t *testing.T) {
}) })
} }
func TestAccAzureRMStorageAccount_blobEncryption(t *testing.T) {
ri := acctest.RandInt()
rs := acctest.RandString(4)
preConfig := fmt.Sprintf(testAccAzureRMStorageAccount_blobEncryption, ri, rs)
postConfig := fmt.Sprintf(testAccAzureRMStorageAccount_blobEncryptionDisabled, ri, rs)
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMStorageAccountDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: preConfig,
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMStorageAccountExists("azurerm_storage_account.testsa"),
resource.TestCheckResourceAttr("azurerm_storage_account.testsa", "enable_blob_encryption", "true"),
),
},
resource.TestStep{
Config: postConfig,
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMStorageAccountExists("azurerm_storage_account.testsa"),
resource.TestCheckResourceAttr("azurerm_storage_account.testsa", "enable_blob_encryption", "false"),
),
},
},
})
}
func testCheckAzureRMStorageAccountExists(name string) resource.TestCheckFunc { func testCheckAzureRMStorageAccountExists(name string) resource.TestCheckFunc {
return func(s *terraform.State) error { return func(s *terraform.State) error {
// Ensure we have enough information in state to look up in API // Ensure we have enough information in state to look up in API
@ -218,3 +248,41 @@ resource "azurerm_storage_account" "testsa" {
environment = "staging" environment = "staging"
} }
}` }`
var testAccAzureRMStorageAccount_blobEncryption = `
resource "azurerm_resource_group" "testrg" {
name = "testAccAzureRMSA-%d"
location = "westus"
}
resource "azurerm_storage_account" "testsa" {
name = "unlikely23exst2acct%s"
resource_group_name = "${azurerm_resource_group.testrg.name}"
location = "westus"
account_type = "Standard_LRS"
enable_blob_encryption = true
tags {
environment = "production"
}
}`
var testAccAzureRMStorageAccount_blobEncryptionDisabled = `
resource "azurerm_resource_group" "testrg" {
name = "testAccAzureRMSA-%d"
location = "westus"
}
resource "azurerm_storage_account" "testsa" {
name = "unlikely23exst2acct%s"
resource_group_name = "${azurerm_resource_group.testrg.name}"
location = "westus"
account_type = "Standard_LRS"
enable_blob_encryption = false
tags {
environment = "production"
}
}`

4
website/source/docs/providers/azurerm/r/storage_account.html.markdown
View File

@ -51,6 +51,10 @@ The following arguments are supported:
documentation for more information on which types of accounts can be converted documentation for more information on which types of accounts can be converted
into other types. into other types.
* `enable_bool_encryption` - (Optional) Boolean flag which controls if Encryption
Services are enabled for Blob storage, see [here](https://azure.microsoft.com/en-us/documentation/articles/storage-service-encryption/)
for more information.
* `tags` - (Optional) A mapping of tags to assign to the resource. * `tags` - (Optional) A mapping of tags to assign to the resource.
Note that although the Azure API supports setting custom domain names for Note that although the Azure API supports setting custom domain names for