-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_storage_account
- azure_file_authentication.0.active_directory
supports setting domain_name
and domain_guid
when directory_type
is AADKERB
#22833
Conversation
…tory` supports setting `domain_name` and `domain_guid` when `directory_type` is `AADKERB`
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this @magodo. I don't believe that asking users to add these fields to ignore_changes
is a confusing requirement or a strong enough reason to be setting these to Computed as well.
It's an expectation in Terraform that users should explicitly ignore fields that they do not wish to configure. Given that at some point in the future we will have to go through and re-evaluate which fields can remain O+C I think it's better to introduce and enforce this behaviour now, than further down the track and all in one go.
@stephybun Thank you for the review! I've now removed the Please take another look! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for removing Computed
from those fields @magodo! I think this is almost good to go - an additional note on the docs would be good to clarify that all the fields are needed when the directory_type
is AD
and there is also potential for some simplification. This should be good to go once that's done 👍
var ad *storage.ActiveDirectoryProperties | ||
switch string(directoryOption) { | ||
case string(storage.DirectoryServiceOptionsAD): | ||
if _, ok := v["active_directory"]; !ok { | ||
return nil, fmt.Errorf("`active_directory` is required when `directory_type` is `AD`") | ||
} | ||
ad = expandArmStorageAccountActiveDirectoryProperties(v["active_directory"].([]interface{})) | ||
if ad.AzureStorageSid == nil { | ||
return nil, fmt.Errorf("`active_directory.0.storage_sid` is required when `directory_type` is `AD`") | ||
} | ||
if ad.DomainSid == nil { | ||
return nil, fmt.Errorf("`active_directory.0.domain_sid` is required when `directory_type` is `AD`") | ||
} | ||
if ad.ForestName == nil { | ||
return nil, fmt.Errorf("`active_directory.0.forest_name` is required when `directory_type` is `AD`") | ||
} | ||
if ad.NetBiosDomainName == nil { | ||
return nil, fmt.Errorf("`active_directory.0.netbios_domain_name` is required when `directory_type` is `AD`") | ||
} | ||
case string(storageaccounts.DirectoryServiceOptionsAADKERB): | ||
if _, ok := v["active_directory"]; ok { | ||
ad = expandArmStorageAccountActiveDirectoryProperties(v["active_directory"].([]interface{})) | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor but we need to call the expand function for the AD properties in all cases so I think we can simplify this to
var ad *storage.ActiveDirectoryProperties | |
switch string(directoryOption) { | |
case string(storage.DirectoryServiceOptionsAD): | |
if _, ok := v["active_directory"]; !ok { | |
return nil, fmt.Errorf("`active_directory` is required when `directory_type` is `AD`") | |
} | |
ad = expandArmStorageAccountActiveDirectoryProperties(v["active_directory"].([]interface{})) | |
if ad.AzureStorageSid == nil { | |
return nil, fmt.Errorf("`active_directory.0.storage_sid` is required when `directory_type` is `AD`") | |
} | |
if ad.DomainSid == nil { | |
return nil, fmt.Errorf("`active_directory.0.domain_sid` is required when `directory_type` is `AD`") | |
} | |
if ad.ForestName == nil { | |
return nil, fmt.Errorf("`active_directory.0.forest_name` is required when `directory_type` is `AD`") | |
} | |
if ad.NetBiosDomainName == nil { | |
return nil, fmt.Errorf("`active_directory.0.netbios_domain_name` is required when `directory_type` is `AD`") | |
} | |
case string(storageaccounts.DirectoryServiceOptionsAADKERB): | |
if _, ok := v["active_directory"]; ok { | |
ad = expandArmStorageAccountActiveDirectoryProperties(v["active_directory"].([]interface{})) | |
} | |
} | |
ad := expandArmStorageAccountActiveDirectoryProperties(v["active_directory"].([]interface{})) | |
if directoryOption == storage.DirectoryServiceOptionsAD { | |
if ad == nil { | |
return nil, fmt.Errorf("`active_directory` is required when `directory_type` is `AD`") | |
} | |
if ad.AzureStorageSid == nil { | |
return nil, fmt.Errorf("`active_directory.0.storage_sid` is required when `directory_type` is `AD`") | |
} | |
if ad.DomainSid == nil { | |
return nil, fmt.Errorf("`active_directory.0.domain_sid` is required when `directory_type` is `AD`") | |
} | |
if ad.ForestName == nil { | |
return nil, fmt.Errorf("`active_directory.0.forest_name` is required when `directory_type` is `AD`") | |
} | |
if ad.NetBiosDomainName == nil { | |
return nil, fmt.Errorf("`active_directory.0.netbios_domain_name` is required when `directory_type` is `AD`") | |
} | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the below check is removed, then the type assertion in the expand function will panic if there is no active_directory
specified?
if _, ok := v["active_directory"]; !ok {
return nil, fmt.Errorf("`active_directory` is required when `directory_type` is `AD`")
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure I follow? I pulled your branch and ran the test with those changes and it appears to be fine?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@magodo do you have an update?
@stephybun Thank you for the review! I've updated the code per your comment, please take another look!
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @magodo LGTM 🦕
<Actions> <action id="4a39167e811ac038e4a588362092472c27cfbe9e4929ae61d035f708a093a669"> <h3>Bump Terraform `azurerm` provider version</h3> <details id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24"> <summary>Update Terraform lock file</summary> <p>"hashicorp/azurerm" updated from "3.73.0" to "3.74.0" in file ".terraform.lock.hcl"</p> <details> <summary>3.74.0</summary> <pre>Changelog retrieved from:
	https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.74.0
NOTES:

* `azurerm_synapse_sql_pool` - users that have imported `azurerm_synapse_sql_pool` resources that were created outside of Terraform using an `LRS` storage account type will need to use `ignore_changes` to avoid the resource from being destroyed and recreated.

FEATURES:

* **New Resource**: `azurerm_arc_resource_bridge_appliance` ([#23108](hashicorp/terraform-provider-azurerm#23108 **New Resource**: `azurerm_data_factory_dataset_azure_sql_table` ([#23264](hashicorp/terraform-provider-azurerm#23264 **New Resource**: `azurerm_function_app_connection` ([#23127](https://github.com/hashicorp/terraform-provider-azurerm/issues/23127))

ENHANCEMENTS:

* dependencies: updating to `v0.20230918.1115907` of `github.com/hashicorp/go-azure-sdk` ([#23337](hashicorp/terraform-provider-azurerm#23337 dependencies: downgrading to `v1.12.5` of `github.com/rickb777/date` ([#23296](hashicorp/terraform-provider-azurerm#23296 `mysql`: updating to use API Version `2022-01-01` ([#23320](hashicorp/terraform-provider-azurerm#23320 `azurerm_app_configuration` - support for the `replica` block ([#22452](hashicorp/terraform-provider-azurerm#22452 `azurerm_bot_channel_directline` - support for `user_upload_enabled`, `endpoint_parameters_enabled`, and `storage_enabled` ([#23149](hashicorp/terraform-provider-azurerm#23149 `azurerm_container_app` - support for scale rules ([#23294](hashicorp/terraform-provider-azurerm#23294 `azurerm_container_app_environment` - support for zone redundancy ([#23313](hashicorp/terraform-provider-azurerm#23313 `azurerm_container_group` - support for the `key_vault_user_identity_id` property for Customer Managed Keys ([#23332](hashicorp/terraform-provider-azurerm#23332 `azurerm_cosmosdb_account` - support for MongoDB connection strings ([#23331](hashicorp/terraform-provider-azurerm#23331 `azurerm_data_factory_dataset_delimited_text` - support for the `dynamic_file_system_enabled`, `dynamic_path_enabled`, and `dynamic_filename_enabled` properties ([#23261](hashicorp/terraform-provider-azurerm#23261 `azurerm_data_factory_dataset_parquet` - support for the `azure_blob_fs_location` block ([#23261](hashicorp/terraform-provider-azurerm#23261 `azurerm_monitor_diagnostic_setting` - validation to ensure either `category` or `category_group` are supplied in `enabled_log` and `log` blocks ([#23308](hashicorp/terraform-provider-azurerm#23308 `azurerm_network_interface` - support for the `auxiliary_mode` and `auxiliary_sku` properties ([#22979](hashicorp/terraform-provider-azurerm#22979 `azurerm_postgresql_flexible_server` - increased the maximum supported value for `storage_mb` ([#23277](hashicorp/terraform-provider-azurerm#23277 `azurerm_shared_image_version` - support for the `replicated_region_deletion_enabled` and `target_region.exclude_from_latest_enabled` properties ([#23147](hashicorp/terraform-provider-azurerm#23147 `azurerm_storage_account` - support for setting `domain_name` and `domain_guid` for `AADKERB` ([#22833](hashicorp/terraform-provider-azurerm#22833 `azurerm_storage_account_customer_managed_key` - support for cross-tenant customer-managed keys with the `federated_identity_client_id`, and `key_vault_uri` properties ([#20356](hashicorp/terraform-provider-azurerm#20356 `azurerm_web_application_firewall_policy` - support for the `rate_limit_duration`, `rate_limit_threshold`, `group_rate_limit_by`, and `request_body_inspect_limit_in_kb` properties ([#23239](https://github.com/hashicorp/terraform-provider-azurerm/issues/23239))

BUG FIXES:

* Data Source: `azurerm_container_app_environment`: fix `log_analytics_workspace_name` output to correct value ([#23298](hashicorp/terraform-provider-azurerm#23298 `azurerm_api_management_api` - set the `service_url` property when importing the resource ([#23011](hashicorp/terraform-provider-azurerm#23011 `azurerm_app_configuration` - prevent crash by nil checking the encryption configuration ([#23302](hashicorp/terraform-provider-azurerm#23302 `azurerm_app_configuration_feature` - update `percentage_filter_value` to accept correct type of float ([#23263](hashicorp/terraform-provider-azurerm#23263 `azurerm_container_app` - fix an issue with `commands` and `args` being overwritten when using multiple containers ([#23338](hashicorp/terraform-provider-azurerm#23338 `azurerm_key_vault_certificate` - fix issue where certificates couldn't be recovered anymore ([#23204](hashicorp/terraform-provider-azurerm#23204 `azurerm_key_vault_key` - the ForceNew when `expiration_date` is removed from the config file ([#23327](hashicorp/terraform-provider-azurerm#23327 `azurerm_linux_function_app` - fix a bug in setting the storage settings when using Elastic Premium plans ([#21212](hashicorp/terraform-provider-azurerm#21212 `azurerm_linux_web_app` - fix docker app stack update ([#23303](hashicorp/terraform-provider-azurerm#23303 `azurerm_linux_web_app` - fix crash in auto heal expansion ([#21328](hashicorp/terraform-provider-azurerm#21328 `azurerm_linux_web_app_slot` - fix docker app stack update ([#23303](hashicorp/terraform-provider-azurerm#23303 `azurerm_linux_web_app_slot` - fix crash in auto heal expansion ([#21328](hashicorp/terraform-provider-azurerm#21328 `azurerm_log_analytics_solution` - fix bug where the resource wasn't handling successful creation on subsequent applies ([#23312](hashicorp/terraform-provider-azurerm#23312 `azurerm_management_group_subscription_association` - fix bug to correctly mark resource as gone if not found during read ([#23335](hashicorp/terraform-provider-azurerm#23335 `azurerm_mssql_elasticpool` - remove check that prevents `license_type` from being set for certain skus ([#23262](hashicorp/terraform-provider-azurerm#23262 `azurerm_servicebus_queue` - fixing an issue where `auto_delete_on_idle` couldn't be set to `P10675199DT2H48M5.4775807S` ([#23296](hashicorp/terraform-provider-azurerm#23296 `azurerm_servicebus_topic` - fixing an issue where `auto_delete_on_idle` couldn't be set to `P10675199DT2H48M5.4775807S` ([#23296](hashicorp/terraform-provider-azurerm#23296 `azurerm_storage_account` - prevent sending unsupported blob properties in payload for `Storage` account kind ([#23288](hashicorp/terraform-provider-azurerm#23288 `azurerm_synapse_sql_pool` - expose `storage_account_type` ([#23217](hashicorp/terraform-provider-azurerm#23217 `azurerm_windows_function_app` - fix a bug in setting the storage settings when using Elastic Premium plans ([#21212](hashicorp/terraform-provider-azurerm#21212 `azurerm_windows_web_app` - fix docker app stack update ([#23303](hashicorp/terraform-provider-azurerm#23303 `azurerm_windows_web_app_slot` - fix docker app stack update ([#23303](https://github.com/hashicorp/terraform-provider-azurerm/issues/23303))

DEPRECATIONS:

* `azurerm_application_gateway` - deprecate `Standard` and `WAF` skus ([#23310](hashicorp/terraform-provider-azurerm#23310 `azurerm_bot_channel_web_chat` - deprecate `site_names` in favour of `site` block ([#23161](hashicorp/terraform-provider-azurerm#23161 `azurerm_monitor_diagnostic_setting` - deprecate `retention_policy` in favour of `azurerm_storage_management_policy` ([#23260](https://github.com/hashicorp/terraform-provider-azurerm/issues/23260))


</pre> </details> </details> </action> </Actions> --- <table> <tr> <td width="77"> <img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli logo" width="50" height="50"> </td> <td> <p> Created automatically by <a href="https://www.updatecli.io/">Updatecli</a> </p> <details><summary>Options:</summary> <br /> <p>Most of Updatecli configuration is done via <a href="https://www.updatecli.io/docs/prologue/quick-start/">its manifest(s)</a>.</p> <ul> <li>If you close this pull request, Updatecli will automatically reopen it, the next time it runs.</li> <li>If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.</li> </ul> <p> Feel free to report any issues at <a href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br /> If you find this tool useful, do not hesitate to star <a href="https://github.com/updatecli/updatecli/stargazers">our GitHub repository</a> as a sign of appreciation, and/or to tell us directly on our <a href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>! </p> </details> </td> </tr> </table> Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
This PR changes downgrades the following properties in
azure_file_authentication.0.active_directory
block fromRequired
toOptional
+ (the unfortunate)Computed
:These 4 properties are not needed to be set in the
active_directory
when thedirectory_type
is set toAADKERB
The reason to add the
Computed
for them is to align with the current user experience of the wholeactive_directory
block (which was set to beO+C
for now). Since when setting toAADKERB
with omitting thedomain_name
anddomain_guid
, the whole block is returned back. Otherwise, users might be confused to be asked to explicitly ignore changes for those four properties once they set thedomain_name
anddomain_guid
.Fix #22784
Test