New resource azurerm_managed_disk_sas_token to manage disk exports #15558
Conversation
There was a problem hiding this comment.
Thanks @harshavmb - it looks like there are some issues with the test:
[](https://ci-oss.hashicorp.engineering/viewLog.html?buildId=260323&buildTypeId=TerraformOpenSource_TerraformProviders_AzureRMPublic_AZURERM_SERVICE_PUBLIC_COMPUTE#)------- Stdout: -------
=== RUN TestAccDataSourceDiskExportSas_basic
=== PAUSE TestAccDataSourceDiskExportSas_basic
=== CONT TestAccDataSourceDiskExportSas_basic
testcase.go:110: Step 1/1 error: Check failed: Check 1/4 error: data.azurerm_managed_disk_export.test: Attribute 'managed_disk_id' expected "/subscriptions/42cbb0b8a331-abaf-4e69-8d8f-14b86a40/resourceGroups/disksrg/providers/Microsoft.Compute/disks/disk1", got "/subscriptions/*******/resourceGroups/acctestRG-disk-220223000403491059/providers/Microsoft.Compute/disks/acctestsadsq8vx2"
testing_new.go:70: Error running post-test destroy, there may be dangling resources: exit status 1
Error: deleting Managed Disk "acctestsadsq8vx2" (Resource Group "acctestRG-disk-220223000403491059"): compute.DisksClient#Delete: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=<nil> Code="OperationNotAllowed" Message="There is an active shared access signature outstanding for disk acctestsadsq8vx2. Call EndGetAccess before attaching or deleting the disk. Learn more here: aka.ms/revokeaccessapi."
--- FAIL: TestAccDataSourceDiskExportSas_basic (45.57s)
FAIL
…t sas token post disk operations
harshavmb
changed the title
Hi @katbyte , Thanks for the review. Indeed, it was something I missed. I added another data source to revoke the granted access on the disk. |
There was a problem hiding this comment.
hi @harshavmb
Thanks for this PR
Taking a look through here since these are creating and subsequently revoking resources on the Azure side these want to be a single Resource rather than two Data Sources here - so can we update this to be a single Resource rather than two Data Sources?
Thanks!
harshavmb
changed the title
I've added a new resource as you suggested. Changes LGTM, tested locally. Please re-review. |
This comment was marked as off-topic.
This comment was marked as off-topic.
There was a problem hiding this comment.
hi @harshavmb
Thanks for this PR - apologies for the delayed re-review here.
I've taken a look through and left some more comments inline, in particular I can't see this defined as a "Disk Export" within Azure, since this is a SAS Token for a Managed Disk, I'm thinking that this resource would make more sense with that name -WDYT?
Thanks!
| diskName := parsedManagedDiskId.DiskName | ||
| resourceGroupName := parsedManagedDiskId.ResourceGroup | ||
|
|
||
| grantAccessData := compute.GrantAccessData{ | ||
| Access: compute.AccessLevel(access), | ||
| DurationInSeconds: &durationInSeconds, | ||
| } |
There was a problem hiding this comment.
we're missing a Requires Import check here, we need to check if the Disk already has an Export and if so, raise a "this should be imported" error, (as below) it appears that this can be accessed by retrieving the disk and checking if it has a DiskAccess URI
There was a problem hiding this comment.
Hi @tombuildsstuff ,
I think disk access is more related to private links. I did check the API again here. diskAccessId existed only for disks with private endpoints.
Having said that, I found diskState parameter which will be ActiveSAS when the disk export is active. I'll check this parameter.
… PR review & other changes
…t function as tests are failing
|
|
||
| * `create` - (Defaults to 30 minutes) Used when creating the Disk. | ||
| * `read` - (Defaults to 5 minutes) Used when retrieving the Disk. | ||
| * `delete` - (Defaults to 30 minutes) Used when deleting the Disk. |
There was a problem hiding this comment.
we should include how to import the resource here?
There was a problem hiding this comment.
The SAS tokens are ephemeral, I don't know how useful it would be to import the disk here.
I'm just importing the managed disk resource id. Hope that's okay..
Thank you, I've made changes as requested. Let me know if there is something I need to change |
katbyte
changed the title
|
This functionality has been released in v3.6.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
New resource azurerm_disk_export to manage disk exports.
This PR is inspired from azurerm_storage_account_blob_container_sas datasource
Few details about disk access grants here :: https://docs.microsoft.com/en-us/rest/api/compute/disks/grant-access
https://docs.microsoft.com/en-us/rest/api/compute/disks/revoke-access
With the help of this disk export sas token, we could copy data from disks onto storage blobs or elsewhere without the need of azcopy
Looking forward to hear from you.