From 25b23b0c87b9de257edbce4bb2bdd691c37ac27c Mon Sep 17 00:00:00 2001 From: magodo Date: Fri, 16 Sep 2022 13:06:26 +0800 Subject: [PATCH 1/3] Data Source: `azurerm_storage_account` - support for the `azure_files_identity_based_auth` property --- .../storage/storage_account_data_source.go | 129 ++++++++++++++++++ website/docs/d/storage_account.html.markdown | 32 +++++ 2 files changed, 161 insertions(+) diff --git a/internal/services/storage/storage_account_data_source.go b/internal/services/storage/storage_account_data_source.go index 24862089d8fc..d689afc4d28f 100644 --- a/internal/services/storage/storage_account_data_source.go +++ b/internal/services/storage/storage_account_data_source.go @@ -280,6 +280,63 @@ func dataSourceStorageAccount() *pluginsdk.Resource { Computed: true, }, + "azure_files_identity_based_auth": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "directory_service_type": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "active_directory": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "domain_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "net_bios_domain_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "forest_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "domain_guid": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "domain_sid": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "azure_storage_sid": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "sam_account_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "account_type": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + "default_share_permission": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + "tags": tags.SchemaDataSource(), }, } @@ -413,6 +470,10 @@ func dataSourceStorageAccountRead(d *pluginsdk.ResourceData, meta interface{}) e infrastructureEncryption = *encryption.RequireInfrastructureEncryption } d.Set("infrastructure_encryption_enabled", infrastructureEncryption) + + if err := d.Set("azure_files_identity_based_auth", flattenAzureRmStorageAccountAzureFilesIdentityBasedAuthentication(props.AzureFilesIdentityBasedAuthentication)); err != nil { + return fmt.Errorf("setting `azure_files_identity_based_auth`: %+v", err) + } } if accessKeys := keys.Keys; accessKeys != nil { @@ -431,3 +492,71 @@ func dataSourceStorageAccountRead(d *pluginsdk.ResourceData, meta interface{}) e return tags.FlattenAndSet(d, resp.Tags) } + +func flattenAzureRmStorageAccountAzureFilesIdentityBasedAuthentication(input *storage.AzureFilesIdentityBasedAuthentication) []interface{} { + if input == nil { + return []interface{}{} + } + + return []interface{}{ + map[string]interface{}{ + "directory_service_type": input.DirectoryServiceOptions, + "active_directory": flattenArmStorageAccountActiveDirectoryProperties(input.ActiveDirectoryProperties), + "default_share_permission": input.DefaultSharePermission, + }, + } +} + +func flattenAzureRmStorageAccountActiveDirectoryProperties(input *storage.ActiveDirectoryProperties) []interface{} { + if input == nil { + return []interface{}{} + } + + var domainName string + if input.DomainName != nil { + domainName = *input.DomainName + } + + var netBiosDomainName string + if input.NetBiosDomainName != nil { + netBiosDomainName = *input.NetBiosDomainName + } + + var forestName string + if input.ForestName != nil { + forestName = *input.ForestName + } + + var domainGuid string + if input.DomainGUID != nil { + domainGuid = *input.DomainGUID + } + + var domainSid string + if input.DomainSid != nil { + domainSid = *input.DomainSid + } + + var azureStorageSid string + if input.AzureStorageSid != nil { + azureStorageSid = *input.AzureStorageSid + } + + var samAccountName string + if input.SamAccountName != nil { + samAccountName = *input.SamAccountName + } + + return []interface{}{ + map[string]interface{}{ + "domain_name": domainName, + "net_bios_domain_name": netBiosDomainName, + "forest_name": forestName, + "domain_guid": domainGuid, + "domain_sid": domainSid, + "azure_storage_sid": azureStorageSid, + "sam_account_name": samAccountName, + "account_type": string(input.AccountType), + }, + } +} diff --git a/website/docs/d/storage_account.html.markdown b/website/docs/d/storage_account.html.markdown index 5c7a6594e8a9..08b026969d55 100644 --- a/website/docs/d/storage_account.html.markdown +++ b/website/docs/d/storage_account.html.markdown @@ -132,6 +132,8 @@ output "storage_account_tier" { * `infrastructure_encryption_enabled` - Is infrastructure encryption enabled? See [here](https://docs.microsoft.com/azure/storage/common/infrastructure-encryption-enable/) for more information. + +* `azure_files_identity_based_auth` - A `azure_files_identity_based_auth` block as documented below. --- * `custom_domain` supports the following: @@ -150,6 +152,36 @@ output "storage_account_tier" { * `tenant_id` - The Tenant ID for the Service Principal associated with the Identity of this Storage Account. +--- + +`azure_files_identity_based_auth` supports the following: + +* `directory_service_type` - The directory service used for this Storage Account. + +* `active_directory` - An `active_directory` block as documented below. + +* `default_share_permission` - The default share permission for users using Kerberos authentication if RBAC role is not assigned. + +--- + +`active_directory` supports the following: + +* `domain_name` - The primary domain that the AD DNS server is authoritative for. + +* `net_bios_domain_name` - The NetBIOS domain name. + +* `forest_name` - The name of the Active Directory forest. + +* `domain_guid` - The domain GUID. + +* `domain_sid` - The domain security identifier. + +* `azure_storage_sid` - The security identifier for Azure Storage. + +* `sam_account_name` - The name of the SAM account for Azure Storage. + +* `account_type` - The Active Directory account type for Azure Storage. + ## Timeouts The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions: From a8c157ea7158d4c6f67a87577ff40efb64749c76 Mon Sep 17 00:00:00 2001 From: magodo Date: Fri, 16 Sep 2022 14:21:57 +0800 Subject: [PATCH 2/3] reuse existing flatten and schema in resource --- .../storage/storage_account_data_source.go | 90 ++----------------- website/docs/d/storage_account.html.markdown | 14 +-- 2 files changed, 9 insertions(+), 95 deletions(-) diff --git a/internal/services/storage/storage_account_data_source.go b/internal/services/storage/storage_account_data_source.go index d689afc4d28f..65fee8a20f43 100644 --- a/internal/services/storage/storage_account_data_source.go +++ b/internal/services/storage/storage_account_data_source.go @@ -280,12 +280,12 @@ func dataSourceStorageAccount() *pluginsdk.Resource { Computed: true, }, - "azure_files_identity_based_auth": { + "azure_files_authentication": { Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Resource{ Schema: map[string]*pluginsdk.Schema{ - "directory_service_type": { + "directory_type": { Type: pluginsdk.TypeString, Computed: true, }, @@ -314,25 +314,13 @@ func dataSourceStorageAccount() *pluginsdk.Resource { Type: pluginsdk.TypeString, Computed: true, }, - "azure_storage_sid": { - Type: pluginsdk.TypeString, - Computed: true, - }, - "sam_account_name": { - Type: pluginsdk.TypeString, - Computed: true, - }, - "account_type": { + "storage_sid": { Type: pluginsdk.TypeString, Computed: true, }, }, }, }, - "default_share_permission": { - Type: pluginsdk.TypeString, - Computed: true, - }, }, }, }, @@ -471,8 +459,8 @@ func dataSourceStorageAccountRead(d *pluginsdk.ResourceData, meta interface{}) e } d.Set("infrastructure_encryption_enabled", infrastructureEncryption) - if err := d.Set("azure_files_identity_based_auth", flattenAzureRmStorageAccountAzureFilesIdentityBasedAuthentication(props.AzureFilesIdentityBasedAuthentication)); err != nil { - return fmt.Errorf("setting `azure_files_identity_based_auth`: %+v", err) + if err := d.Set("azure_files_authentication", flattenArmStorageAccountAzureFilesAuthentication(props.AzureFilesIdentityBasedAuthentication)); err != nil { + return fmt.Errorf("setting `azure_files_authentication`: %+v", err) } } @@ -492,71 +480,3 @@ func dataSourceStorageAccountRead(d *pluginsdk.ResourceData, meta interface{}) e return tags.FlattenAndSet(d, resp.Tags) } - -func flattenAzureRmStorageAccountAzureFilesIdentityBasedAuthentication(input *storage.AzureFilesIdentityBasedAuthentication) []interface{} { - if input == nil { - return []interface{}{} - } - - return []interface{}{ - map[string]interface{}{ - "directory_service_type": input.DirectoryServiceOptions, - "active_directory": flattenArmStorageAccountActiveDirectoryProperties(input.ActiveDirectoryProperties), - "default_share_permission": input.DefaultSharePermission, - }, - } -} - -func flattenAzureRmStorageAccountActiveDirectoryProperties(input *storage.ActiveDirectoryProperties) []interface{} { - if input == nil { - return []interface{}{} - } - - var domainName string - if input.DomainName != nil { - domainName = *input.DomainName - } - - var netBiosDomainName string - if input.NetBiosDomainName != nil { - netBiosDomainName = *input.NetBiosDomainName - } - - var forestName string - if input.ForestName != nil { - forestName = *input.ForestName - } - - var domainGuid string - if input.DomainGUID != nil { - domainGuid = *input.DomainGUID - } - - var domainSid string - if input.DomainSid != nil { - domainSid = *input.DomainSid - } - - var azureStorageSid string - if input.AzureStorageSid != nil { - azureStorageSid = *input.AzureStorageSid - } - - var samAccountName string - if input.SamAccountName != nil { - samAccountName = *input.SamAccountName - } - - return []interface{}{ - map[string]interface{}{ - "domain_name": domainName, - "net_bios_domain_name": netBiosDomainName, - "forest_name": forestName, - "domain_guid": domainGuid, - "domain_sid": domainSid, - "azure_storage_sid": azureStorageSid, - "sam_account_name": samAccountName, - "account_type": string(input.AccountType), - }, - } -} diff --git a/website/docs/d/storage_account.html.markdown b/website/docs/d/storage_account.html.markdown index 08b026969d55..2a8004ce507c 100644 --- a/website/docs/d/storage_account.html.markdown +++ b/website/docs/d/storage_account.html.markdown @@ -133,7 +133,7 @@ output "storage_account_tier" { * `infrastructure_encryption_enabled` - Is infrastructure encryption enabled? See [here](https://docs.microsoft.com/azure/storage/common/infrastructure-encryption-enable/) for more information. -* `azure_files_identity_based_auth` - A `azure_files_identity_based_auth` block as documented below. +* `azure_files_authentication` - A `azure_files_authentication` block as documented below. --- * `custom_domain` supports the following: @@ -154,14 +154,12 @@ output "storage_account_tier" { --- -`azure_files_identity_based_auth` supports the following: +`azure_files_authentication` supports the following: -* `directory_service_type` - The directory service used for this Storage Account. +* `directory_type` - The directory service used for this Storage Account. * `active_directory` - An `active_directory` block as documented below. -* `default_share_permission` - The default share permission for users using Kerberos authentication if RBAC role is not assigned. - --- `active_directory` supports the following: @@ -176,11 +174,7 @@ output "storage_account_tier" { * `domain_sid` - The domain security identifier. -* `azure_storage_sid` - The security identifier for Azure Storage. - -* `sam_account_name` - The name of the SAM account for Azure Storage. - -* `account_type` - The Active Directory account type for Azure Storage. +* `storage_sid` - The security identifier for Azure Storage. ## Timeouts From bba4bfb520800c0d41f5ff74704ebb9dd3ec311c Mon Sep 17 00:00:00 2001 From: magodo Date: Mon, 19 Sep 2022 13:24:19 +0800 Subject: [PATCH 3/3] rename --- .../storage/storage_account_data_source.go | 2 +- .../storage_account_data_source_test.go | 57 +++++++++++++++++++ website/docs/d/storage_account.html.markdown | 2 +- 3 files changed, 59 insertions(+), 2 deletions(-) diff --git a/internal/services/storage/storage_account_data_source.go b/internal/services/storage/storage_account_data_source.go index 65fee8a20f43..de41fc0786f6 100644 --- a/internal/services/storage/storage_account_data_source.go +++ b/internal/services/storage/storage_account_data_source.go @@ -298,7 +298,7 @@ func dataSourceStorageAccount() *pluginsdk.Resource { Type: pluginsdk.TypeString, Computed: true, }, - "net_bios_domain_name": { + "netbios_domain_name": { Type: pluginsdk.TypeString, Computed: true, }, diff --git a/internal/services/storage/storage_account_data_source_test.go b/internal/services/storage/storage_account_data_source_test.go index 15cba72f4776..9e45d99baf24 100644 --- a/internal/services/storage/storage_account_data_source_test.go +++ b/internal/services/storage/storage_account_data_source_test.go @@ -139,6 +139,25 @@ func TestAccDataSourceStorageAccount_systemAssignedUserAssignedIdentity(t *testi }) } +func TestAccDataSourceStorageAccount_azureFilesAuthentication(t *testing.T) { + data := acceptance.BuildTestData(t, "data.azurerm_storage_account", "test") + + data.DataSourceTest(t, []acceptance.TestStep{ + { + Config: StorageAccountDataSource{}.azureFilesAuthenticationAD(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).Key("azure_files_authentication.0.directory_type").HasValue("AD"), + check.That(data.ResourceName).Key("azure_files_authentication.0.active_directory.0.storage_sid").HasValue("S-1-5-21-2400535526-2334094090-2402026252-0012"), + check.That(data.ResourceName).Key("azure_files_authentication.0.active_directory.0.domain_name").HasValue("adtest.com"), + check.That(data.ResourceName).Key("azure_files_authentication.0.active_directory.0.domain_sid").HasValue("S-1-5-21-2400535526-2334094090-2402026252-0012"), + check.That(data.ResourceName).Key("azure_files_authentication.0.active_directory.0.domain_guid").HasValue("aebfc118-9fa9-4732-a21f-d98e41a77ae1"), + check.That(data.ResourceName).Key("azure_files_authentication.0.active_directory.0.forest_name").HasValue("adtest.com"), + check.That(data.ResourceName).Key("azure_files_authentication.0.active_directory.0.netbios_domain_name").HasValue("adtest.com"), + ), + }, + }) +} + func (d StorageAccountDataSource) basic(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { @@ -355,3 +374,41 @@ data "azurerm_storage_account" "test" { } `, d.identityTemplate(data), data.RandomString) } + +func (d StorageAccountDataSource) azureFilesAuthenticationAD(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-storage-%d" + location = "%s" +} + +resource "azurerm_storage_account" "test" { + name = "unlikely23exst2acct%s" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + account_tier = "Standard" + account_replication_type = "LRS" + + azure_files_authentication { + directory_type = "AD" + active_directory { + storage_sid = "S-1-5-21-2400535526-2334094090-2402026252-0012" + domain_name = "adtest.com" + domain_sid = "S-1-5-21-2400535526-2334094090-2402026252-0012" + domain_guid = "aebfc118-9fa9-4732-a21f-d98e41a77ae1" + forest_name = "adtest.com" + netbios_domain_name = "adtest.com" + } + } +} + +data "azurerm_storage_account" "test" { + name = azurerm_storage_account.test.name + resource_group_name = azurerm_storage_account.test.resource_group_name +} +`, data.RandomInteger, data.Locations.Primary, data.RandomString) +} diff --git a/website/docs/d/storage_account.html.markdown b/website/docs/d/storage_account.html.markdown index 2a8004ce507c..d7ee7c6460a7 100644 --- a/website/docs/d/storage_account.html.markdown +++ b/website/docs/d/storage_account.html.markdown @@ -166,7 +166,7 @@ output "storage_account_tier" { * `domain_name` - The primary domain that the AD DNS server is authoritative for. -* `net_bios_domain_name` - The NetBIOS domain name. +* `netbios_domain_name` - The NetBIOS domain name. * `forest_name` - The name of the Active Directory forest.