Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

storage - back-port storage data plane workarounds #27819

Merged
merged 9 commits into from
Nov 5, 2024

Conversation

jackofallops
Copy link
Member

@jackofallops jackofallops commented Oct 30, 2024

Community Note

  • Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

This PR back-ports work for azurerm_storage_account Data Plane access for Data Plane restricted agents from the v4.9.0 release to 3.x line of the provider. This will be a unique, one-time release of the v3 provider to allow users that cannot access Data Plane endpoints without Private Endpoints (and don't want the additional costs of setting them up when the features are not required in their environment) a viable upgrade path to v4 by permitting them to remove other "external" workarounds outside of the AzureRM provider, and have a minimal configuration change migration for this key resource. Users following this path must move from v3.117.0 directly to v4.9.0 to maintain compatibility with these changes.

Also back-ported is the data_plane_available Provider Feature flag. This allows the provider to be globally configured to not use the data plane APIs at all for azurerm_storage_account. The caveats are that the availability guarantees for the Data endpoints being ready are not available, and the queue_properties and static_website blocks become incompatible configuration, and will error on plan and apply. To allow these blocks to still be configured, 2 new sub-resources are added that allow users to configure these items post-creation of the account, and if necessary, after the creation of Private Endpoints. See below for example usage of the flag:

provider "azurerm" {
  features {
    storage {
        data_plane_available = false 
    }
  }
}

resource "azurerm_storage_account" "nodataplane" {
  provider                 = azurerm.no_data_plane
  name                     = "account1"
  resource_group_name      = azurerm_resource_group.example
  location                 = "westeurope"
  account_tier             = "Standard"
  account_kind             = "StorageV2"
  account_replication_type = "LRS"
  min_tls_version          = "TLS1_2"
}

resource "azurerm_private_endpoint" "static_website" {
#  network specific config...
}

resource "azurerm_storage_account_static_website" "test" {
  storage_account_id = azurerm_storage_account.test.id
  error_404_document = "sadpanda_2.html"
  index_document     = "index_2.html"
  depends_on = [ azurerm_private_endpoint.static_website ]
}

PR Checklist

  • I have followed the guidelines in our Contributing Documentation.
  • I have checked to ensure there aren't other open Pull Requests for the same update/change.
  • I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
  • I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
  • I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
    For example: “resource_name_here - description of change e.g. adding property new_property_name_here

Changes to existing Resource / Data Source

  • I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
  • I have written new tests for my resource or datasource changes & updated any relevent documentation.
  • I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
  • (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

  • My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

  • azurerm_storage_account - can now be created and managed if Data Plane endpoints are blocked by a firewall
  • New Resource: azurerm_storage_account_queue_properties
  • New Resource: azurerm_storage_account_static_website
  • New Provider Feature - storage data_plane_available feature flag

This is a (please select all that apply):

  • Bug Fix
  • New Feature (ie adding a service, resource, or data source)
  • Enhancement
  • Breaking Change

Depends on #27818

@jackofallops
Copy link
Member Author

testing results (failures unrelated to change):
image

Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jackofallops LGTM 🦇

@jackofallops jackofallops merged commit 7e34ba7 into tmp-3.117.0 Nov 5, 2024
30 of 31 checks passed
@jackofallops jackofallops deleted the f/backport-storage-dataplane-workarounds branch November 5, 2024 10:46
Copy link

github-actions bot commented Dec 7, 2024

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants