diff --git a/azurerm/resource_arm_storage_account.go b/azurerm/resource_arm_storage_account.go index 98823878ecbf..7e55f66b8cdc 100644 --- a/azurerm/resource_arm_storage_account.go +++ b/azurerm/resource_arm_storage_account.go @@ -167,8 +167,9 @@ func resourceArmStorageAccount() *schema.Resource { "network_rules": { Type: schema.TypeList, - MaxItems: 1, Optional: true, + Computed: true, + MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "bypass": { @@ -205,7 +206,7 @@ func resourceArmStorageAccount() *schema.Resource { "default_action": { Type: schema.TypeString, - Optional: true, + Required: true, ValidateFunc: validation.StringInSlice([]string{ string(storage.DefaultActionAllow), string(storage.DefaultActionDeny), diff --git a/website/docs/r/storage_account.html.markdown b/website/docs/r/storage_account.html.markdown index 4f92142fbfa9..e65bddea720e 100644 --- a/website/docs/r/storage_account.html.markdown +++ b/website/docs/r/storage_account.html.markdown @@ -105,77 +105,65 @@ The following arguments are supported: * `custom_domain` - (Optional) A `custom_domain` block as documented below. -* `network_rules` - (Optional) A `network_rules` block as documented below. - * `enable_advanced_threat_protection` (Optional) Boolean flag which controls if advanced threat protection is enabled, see [here](https://docs.microsoft.com/en-us/azure/storage/common/storage-advanced-threat-protection) for more information. Defaults to `false`. ~> **Note:** `enable_advanced_threat_protection` is not supported in all regions. -* `tags` - (Optional) A mapping of tags to assign to the resource. +* `identity` - (Optional) A `identity` block as defined below. -* `identity` - (Optional) A Managed Service Identity block as defined below. +* `queue_properties` - (Optional) A `queue_properties` block as defined below. -* `queue_properties` - (Optional) A Queue Property block as defined below. - ---- +~> **NOTE:** `queue_properties` cannot be set when the `access_tier` is set to `BlobStorage` -* `custom_domain` supports the following: +* `network_rules` - (Optional) A `network_rules` block as documented below. -* `name` - (Optional) The Custom Domain Name to use for the Storage Account, which will be validated by Azure. -* `use_subdomain` - (Optional) Should the Custom Domain Name be validated by using indirect CNAME validation? +* `tags` - (Optional) A mapping of tags to assign to the resource. --- -* `network_rules` supports the following: +A `cors_rule` block supports the following: -* `default_action` - (Required) Specifies the default action of allow or deny when no other rules match. Valid options are `Deny` or `Allow`. -* `bypass` - (Optional) Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are -any combination of `Logging`, `Metrics`, `AzureServices`, or `None`. -* `ip_rules` - (Optional) List of public IP or IP ranges in CIDR Format. Only IPV4 addresses are allowed. Private IP address ranges (as defined in [RFC 1918](https://tools.ietf.org/html/rfc1918#section-3)) are not allowed. -* `virtual_network_subnet_ids` - (Optional) A list of resource ids for subnets. - -~> **Note:** If specifying `network_rules`, one of either `ip_rules` or `virtual_network_subnet_ids` must be specified and `default_action` must be set to `Deny`. - -~> **Note:** [More information on Validation is available here](https://docs.microsoft.com/en-gb/azure/storage/blobs/storage-custom-domain-name) +* `allowed_headers` - (Required) A list of headers that are allowed to be a part of the cross-origin request. ---- +* `allowed_methods` - (Required) A list of http headers that are allowed to be executed by the origin. Valid options are +`DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS` or `PUT`. -`identity` supports the following: +* `allowed_origins` - (Required) A list of origin domains that will be allowed by CORS. -* `type` - (Required) Specifies the identity type of the Storage Account. At this time the only allowed value is `SystemAssigned`. +* `exposed_headers` - (Required) A list of response headers that are exposed to CORS clients. -~> The assigned `principal_id` and `tenant_id` can be retrieved after the identity `type` has been set to `SystemAssigned` and Storage Account has been created. More details are available below. +* `max_age_in_seconds` - (Required) The number of seconds the client should cache a preflight response. --- -`queue_properties` supports the following: not applicable when storage account type is **BlobStorage** +A `custom_domain` block supports the following: -* `cors_rule` - (Optional) A `cors_rule` block as defined below. +* `name` - (Optional) The Custom Domain Name to use for the Storage Account, which will be validated by Azure. +* `use_subdomain` - (Optional) Should the Custom Domain Name be validated by using indirect CNAME validation? -* `logging` - (Optional) A `logging` block as defined below. +--- -* `minute_metrics` - (Optional) A `minute_metrics` block as defined below. +A `hour_metrics` block supports the following: -* `hour_metrics` - (Optional) A `hour_metrics` block as defined below. +* `enabled` - (Required) Indicates whether hour metrics are enabled for the Queue service. Changing this forces a new resource. ---- +* `version` - (Required) The version of storage analytics to configure. Changing this forces a new resource. -`cors_rule` supports the following: +* `include_apis` - (Optional) Indicates whether metrics should generate summary statistics for called API operations. -* `allowed_headers` - (Required) A list of headers that are allowed to be a part of the cross-origin request. +* `retention_policy_days` - (Optional) Specifies the number of days that logs will be retained. Changing this forces a new resource. -* `allowed_methods` - (Required) A list of http headers that are allowed to be executed by the origin. Valid options are -`DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS` or `PUT`. +--- -* `allowed_origins` - (Required) A list of origin domains that will be allowed by CORS. +A `identity` block supports the following: -* `exposed_headers` - (Required) A list of response headers that are exposed to CORS clients. +* `type` - (Required) Specifies the identity type of the Storage Account. At this time the only allowed value is `SystemAssigned`. -* `max_age_in_seconds` - (Required) The number of seconds the client should cache a preflight response. +~> The assigned `principal_id` and `tenant_id` can be retrieved after the identity `type` has been set to `SystemAssigned` and Storage Account has been created. More details are available below. ---- +--- -`logging` supports the following: +A `logging` block supports the following: * `delete` - (Required) Indicates whether all delete requests should be logged. Changing this forces a new resource. @@ -187,7 +175,9 @@ any combination of `Logging`, `Metrics`, `AzureServices`, or `None`. * `retention_policy_days` - (Optional) Specifies the number of days that logs will be retained. Changing this forces a new resource. -`minute_metrics` supports the following: +--- + +A `minute_metrics` block supports the following: * `enabled` - (Required) Indicates whether minute metrics are enabled for the Queue service. Changing this forces a new resource. @@ -197,15 +187,31 @@ any combination of `Logging`, `Metrics`, `AzureServices`, or `None`. * `retention_policy_days` - (Optional) Specifies the number of days that logs will be retained. Changing this forces a new resource. -`hour_metrics` supports the following: +--- -* `enabled` - (Required) Indicates whether hour metrics are enabled for the Queue service. Changing this forces a new resource. +A `network_rules` block supports the following: -* `version` - (Required) The version of storage analytics to configure. Changing this forces a new resource. +* `default_action` - (Required) Specifies the default action of allow or deny when no other rules match. Valid options are `Deny` or `Allow`. +* `bypass` - (Optional) Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are +any combination of `Logging`, `Metrics`, `AzureServices`, or `None`. +* `ip_rules` - (Optional) List of public IP or IP ranges in CIDR Format. Only IPV4 addresses are allowed. Private IP address ranges (as defined in [RFC 1918](https://tools.ietf.org/html/rfc1918#section-3)) are not allowed. +* `virtual_network_subnet_ids` - (Optional) A list of resource ids for subnets. -* `include_apis` - (Optional) Indicates whether metrics should generate summary statistics for called API operations. +~> **Note:** If specifying `network_rules`, one of either `ip_rules` or `virtual_network_subnet_ids` must be specified and `default_action` must be set to `Deny`. -* `retention_policy_days` - (Optional) Specifies the number of days that logs will be retained. Changing this forces a new resource. +~> **Note:** [More information on Validation is available here](https://docs.microsoft.com/en-gb/azure/storage/blobs/storage-custom-domain-name) + +--- + +A `queue_properties` block supports the following: + +* `cors_rule` - (Optional) A `cors_rule` block as defined below. + +* `logging` - (Optional) A `logging` block as defined below. + +* `minute_metrics` - (Optional) A `minute_metrics` block as defined below. + +* `hour_metrics` - (Optional) A `hour_metrics` block as defined below. ## Attributes Reference