Merge pull request #4037 from terraform-providers/f/storage-account-d…

…efault-action r/storage_account: making `default_action` required
hashicorp · Aug 9, 2019 · bf975b3 · bf975b3
2 parents f1c8e18 + c67c666
commit bf975b3
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 47 deletions.
diff --git a/azurerm/resource_arm_storage_account.go b/azurerm/resource_arm_storage_account.go
@@ -167,8 +167,9 @@ func resourceArmStorageAccount() *schema.Resource {
 
 			"network_rules": {
 				Type:     schema.TypeList,
-				MaxItems: 1,
 				Optional: true,
+				Computed: true,
+				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"bypass": {
@@ -205,7 +206,7 @@ func resourceArmStorageAccount() *schema.Resource {
 
 						"default_action": {
 							Type:     schema.TypeString,
-							Optional: true,
+							Required: true,
 							ValidateFunc: validation.StringInSlice([]string{
 								string(storage.DefaultActionAllow),
 								string(storage.DefaultActionDeny),

diff --git a/website/docs/r/storage_account.html.markdown b/website/docs/r/storage_account.html.markdown
@@ -105,77 +105,65 @@ The following arguments are supported:
 
 * `custom_domain` - (Optional) A `custom_domain` block as documented below.
 
-* `network_rules` - (Optional) A `network_rules` block as documented below.
-
 * `enable_advanced_threat_protection` (Optional) Boolean flag which controls if advanced threat protection is enabled, see [here](https://docs.microsoft.com/en-us/azure/storage/common/storage-advanced-threat-protection) for more information. Defaults to `false`.
 
 ~> **Note:** `enable_advanced_threat_protection` is not supported in all regions.
 
-* `tags` - (Optional) A mapping of tags to assign to the resource.
+* `identity` - (Optional) A `identity` block as defined below.
 
-* `identity` - (Optional) A Managed Service Identity block as defined below.
+* `queue_properties` - (Optional) A `queue_properties` block as defined below.
 
-* `queue_properties` - (Optional) A Queue Property block as defined below.
-
----
+~> **NOTE:** `queue_properties` cannot be set when the `access_tier` is set to `BlobStorage`
 
-* `custom_domain` supports the following:
+* `network_rules` - (Optional) A `network_rules` block as documented below.
 
-* `name` - (Optional) The Custom Domain Name to use for the Storage Account, which will be validated by Azure.
-* `use_subdomain` - (Optional) Should the Custom Domain Name be validated by using indirect CNAME validation?
+* `tags` - (Optional) A mapping of tags to assign to the resource.
 
 ---
 
-* `network_rules` supports the following:
+A `cors_rule` block supports the following:
 
-* `default_action` - (Required) Specifies the default action of allow or deny when no other rules match. Valid options are `Deny` or `Allow`.
-* `bypass` - (Optional)  Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are
-any combination of `Logging`, `Metrics`, `AzureServices`, or `None`. 
-* `ip_rules` - (Optional) List of public IP or IP ranges in CIDR Format. Only IPV4 addresses are allowed. Private IP address ranges (as defined in [RFC 1918](https://tools.ietf.org/html/rfc1918#section-3)) are not allowed.
-* `virtual_network_subnet_ids` - (Optional) A list of resource ids for subnets.
-
-~> **Note:** If specifying `network_rules`, one of either `ip_rules` or `virtual_network_subnet_ids` must be specified and `default_action` must be set to `Deny`.
-
-~> **Note:** [More information on Validation is available here](https://docs.microsoft.com/en-gb/azure/storage/blobs/storage-custom-domain-name)
+* `allowed_headers` - (Required) A list of headers that are allowed to be a part of the cross-origin request.
 
----
+* `allowed_methods` - (Required) A list of http headers that are allowed to be executed by the origin. Valid options are
+`DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS` or `PUT`.
 
-`identity` supports the following:
+* `allowed_origins` - (Required) A list of origin domains that will be allowed by CORS. 
 
-* `type` - (Required) Specifies the identity type of the Storage Account. At this time the only allowed value is `SystemAssigned`.
+* `exposed_headers` - (Required) A list of response headers that are exposed to CORS clients. 
 
-~> The assigned `principal_id` and `tenant_id` can be retrieved after the identity `type` has been set to `SystemAssigned`  and Storage Account has been created. More details are available below.
+* `max_age_in_seconds` - (Required) The number of seconds the client should cache a preflight response.
 
 ---
 
-`queue_properties` supports the following: not applicable when storage account type is **BlobStorage**
+A `custom_domain` block supports the following:
 
-* `cors_rule` - (Optional) A `cors_rule` block as defined below.
+* `name` - (Optional) The Custom Domain Name to use for the Storage Account, which will be validated by Azure.
+* `use_subdomain` - (Optional) Should the Custom Domain Name be validated by using indirect CNAME validation?
 
-* `logging` - (Optional) A `logging` block as defined below.
+--- 
 
-* `minute_metrics` - (Optional) A `minute_metrics` block as defined below.
+A `hour_metrics` block supports the following:
 
-* `hour_metrics` - (Optional) A `hour_metrics` block as defined below.
+* `enabled` - (Required) Indicates whether hour metrics are enabled for the Queue service. Changing this forces a new resource.
 
----
+* `version` - (Required) The version of storage analytics to configure. Changing this forces a new resource.
 
-`cors_rule` supports the following:
+* `include_apis` - (Optional) Indicates whether metrics should generate summary statistics for called API operations.
 
-* `allowed_headers` - (Required) A list of headers that are allowed to be a part of the cross-origin request.
+* `retention_policy_days` - (Optional) Specifies the number of days that logs will be retained. Changing this forces a new resource. 
 
-* `allowed_methods` - (Required) A list of http headers that are allowed to be executed by the origin. Valid options are
-`DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS` or `PUT`.
+---
 
-* `allowed_origins` - (Required) A list of origin domains that will be allowed by CORS. 
+A `identity` block supports the following:
 
-* `exposed_headers` - (Required) A list of response headers that are exposed to CORS clients. 
+* `type` - (Required) Specifies the identity type of the Storage Account. At this time the only allowed value is `SystemAssigned`.
 
-* `max_age_in_seconds` - (Required) The number of seconds the client should cache a preflight response.
+~> The assigned `principal_id` and `tenant_id` can be retrieved after the identity `type` has been set to `SystemAssigned`  and Storage Account has been created. More details are available below.
 
---- 
+---
 
-`logging` supports the following:
+A `logging` block supports the following:
 
 * `delete` - (Required) Indicates whether all delete requests should be logged. Changing this forces a new resource.
 
@@ -187,7 +175,9 @@ any combination of `Logging`, `Metrics`, `AzureServices`, or `None`.
 
 * `retention_policy_days` - (Optional) Specifies the number of days that logs will be retained. Changing this forces a new resource. 
 
-`minute_metrics` supports the following:
+---
+
+A `minute_metrics` block supports the following:
 
 * `enabled` - (Required) Indicates whether minute metrics are enabled for the Queue service. Changing this forces a new resource.
 
@@ -197,15 +187,31 @@ any combination of `Logging`, `Metrics`, `AzureServices`, or `None`.
 
 * `retention_policy_days` - (Optional) Specifies the number of days that logs will be retained. Changing this forces a new resource. 
 
-`hour_metrics` supports the following:
+---
 
-* `enabled` - (Required) Indicates whether hour metrics are enabled for the Queue service. Changing this forces a new resource.
+A `network_rules` block supports the following:
 
-* `version` - (Required) The version of storage analytics to configure. Changing this forces a new resource.
+* `default_action` - (Required) Specifies the default action of allow or deny when no other rules match. Valid options are `Deny` or `Allow`.
+* `bypass` - (Optional)  Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are
+any combination of `Logging`, `Metrics`, `AzureServices`, or `None`. 
+* `ip_rules` - (Optional) List of public IP or IP ranges in CIDR Format. Only IPV4 addresses are allowed. Private IP address ranges (as defined in [RFC 1918](https://tools.ietf.org/html/rfc1918#section-3)) are not allowed.
+* `virtual_network_subnet_ids` - (Optional) A list of resource ids for subnets.
 
-* `include_apis` - (Optional) Indicates whether metrics should generate summary statistics for called API operations.
+~> **Note:** If specifying `network_rules`, one of either `ip_rules` or `virtual_network_subnet_ids` must be specified and `default_action` must be set to `Deny`.
 
-* `retention_policy_days` - (Optional) Specifies the number of days that logs will be retained. Changing this forces a new resource. 
+~> **Note:** [More information on Validation is available here](https://docs.microsoft.com/en-gb/azure/storage/blobs/storage-custom-domain-name)
+
+---
+
+A `queue_properties` block supports the following:
+
+* `cors_rule` - (Optional) A `cors_rule` block as defined below.
+
+* `logging` - (Optional) A `logging` block as defined below.
+
+* `minute_metrics` - (Optional) A `minute_metrics` block as defined below.
+
+* `hour_metrics` - (Optional) A `hour_metrics` block as defined below.
 
 ## Attributes Reference