Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Storage Account: Add identity property #1323

Merged
merged 11 commits into from
Jun 14, 2018
Merged

Storage Account: Add identity property #1323

Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
ac0ccbe
Add the storage account object id as an output
leostolyarov May 31, 2018
68d994d
Update the storage account resource to include identity
leostolyarov Jun 2, 2018
28f4b30
Add the storage account identity tests
leostolyarov Jun 2, 2018
c3f58da
Update the storage account identity block documentation
leostolyarov Jun 2, 2018
f7df70d
Checking identity type is not nill
leostolyarov Jun 8, 2018
8dd38e2
Updating storage account identity documentation
leostolyarov Jun 8, 2018
8a2457e
Updating to make the updateResourceByEnablingIdentity test pass
leostolyarov Jun 13, 2018
0b448c8
Merge branch 'master' into storage-account-identity
lstolyarov Jun 13, 2018
cb8dd58
Running fmt
leostolyarov Jun 13, 2018
a0db137
Update resource_arm_storage_account.go
katbyte Jun 14, 2018
86fe88c
Update resource_arm_storage_account.go
katbyte Jun 14, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions azurerm/resource_arm_storage_account.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,11 @@ func resourceArmStorageAccount() *schema.Resource {
Sensitive: true,
},

"object_id": {
Type: schema.TypeString,
Computed: true,
},

"tags": tagsSchema(),
},
}
Expand Down Expand Up @@ -495,6 +500,11 @@ func resourceArmStorageAccountRead(d *schema.ResourceData, meta interface{}) err
}
d.Set("account_kind", resp.Kind)

log.Printf("[INFO] Identity is %q", resp.Identity)
if identity := resp.Identity; identity != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lstolyarov you'll want to use resp.[XX]Properties.Identity here - since the top level fields resp.Identity isn't guaranteed to have a value, unfortunately. These fields exist primarily for the older API's where the responses aren't guaranteed in the properties block in the JSON

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tombuildsstuff what do you mean by [XX]Properties? There is an AccountProperties filed in resp but that does not have an Identity field

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tombuildsstuff what do you mean by [XX]Properties? There is an AccountProperties filed in resp but that does not have an Identity field

The properties field is prefixed with the name of the struct, so it's different (hence [XX]Properties, sorry I should have looked this up).

I don't see any option to enable this in the Portal - is this feature in Preview?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well it is not really a feature. This PR is to be able to extract the Object ID (or Principal ID as it is referred to in the SDK). I don't think there is any anyway to get this information out in the portal - it could be extracted with powershell.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry, I was referring to pulling this out via the API/SDK - I'm not sure if you've seen it but the Azure Resources Explorer can be really helpful here.

In other API's (e.g. App Service) the identity block won't be returned from the API until it's enabled, which can be done by sending the following Request (in the Create/Update):

Identity: &storage.Identity{
  Type: utils.String("SystemAssigned"),
},

Once the Identity's assigned, the identity block returned from the API SDK as Principal ID/Object ID. That said, given this isn't available in the Portal yet - and I can't see any reference to it online; I have a feeling this may be in Preview?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, that makes more sense now.

Thanks for the Azure Resources Explorer - its really useful.

I am not sure if it would technically count as a preview feature or not. My understanding that behind the scenes all resources have object ids and this is required as input for key vault. It is not really useful in the portal as when you enable storage account encryption and select the key vault you want to use that object id gets populated automatically.

d.Set("object_id", identity.PrincipalID)
}

if sku := resp.Sku; sku != nil {
d.Set("account_type", sku.Name)
d.Set("account_tier", sku.Tier)
Expand Down