r/storage_account: accessing the data plane api's using Giovanni

This allows us to use SharedKey as an authorizer when AzureAD is not enabled
which is the case for the majority of users.

Fixes #6028
Fixes #5914

azurerm/internal/services/storage/client/client.go

@@ -4,16 +4,15 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/Azure/go-autorest/autorest"
-	"github.com/tombuildsstuff/giovanni/storage/2018-11-09/datalakestore/filesystems"
-
 	"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2019-04-01/storage"
 	"github.com/Azure/azure-sdk-for-go/services/storagecache/mgmt/2019-11-01/storagecache"
+	"github.com/Azure/go-autorest/autorest"
 	az "github.com/Azure/go-autorest/autorest/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/common"
 	"github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/accounts"
 	"github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/blobs"
 	"github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/containers"
+	"github.com/tombuildsstuff/giovanni/storage/2018-11-09/datalakestore/filesystems"
 	"github.com/tombuildsstuff/giovanni/storage/2018-11-09/file/directories"
 	"github.com/tombuildsstuff/giovanni/storage/2018-11-09/file/shares"
 	"github.com/tombuildsstuff/giovanni/storage/2018-11-09/queue/queues"
@@ -27,7 +26,6 @@ type Client struct {
 	ManagementPoliciesClient storage.ManagementPoliciesClient
 	BlobServicesClient       storage.BlobServicesClient
 	CachesClient             *storagecache.CachesClient
-	BlobAccountsClient       *accounts.Client
 
 	environment   az.Environment
 	storageAdAuth *autorest.Authorizer
@@ -60,7 +58,6 @@ func NewClient(options *common.ClientOptions) *Client {
 		ManagementPoliciesClient: managementPoliciesClient,
 		BlobServicesClient:       blobServicesClient,
 		CachesClient:             &cachesClient,
-		BlobAccountsClient:       &blobAccountsClient,
 		environment:              options.Environment,
 	}
 
@@ -71,6 +68,28 @@ func NewClient(options *common.ClientOptions) *Client {
 	return &client
 }
 
+func (client Client) AccountsDataPlaneClient(ctx context.Context, account accountDetails) (*accounts.Client, error) {
+	if client.storageAdAuth != nil {
+		accountsClient := accounts.NewWithEnvironment(client.environment)
+		accountsClient.Client.Authorizer = *client.storageAdAuth
+		return &accountsClient, nil
+	}
+
+	accountKey, err := account.AccountKey(ctx, client)
+	if err != nil {
+		return nil, fmt.Errorf("Error retrieving Account Key: %s", err)
+	}
+
+	storageAuth, err := autorest.NewSharedKeyAuthorizer(account.name, *accountKey, autorest.SharedKey)
+	if err != nil {
+		return nil, fmt.Errorf("Error building Authorizer: %+v", err)
+	}
+
+	accountsClient := accounts.NewWithEnvironment(client.environment)
+	accountsClient.Client.Authorizer = storageAuth
+	return &accountsClient, nil
+}
+
 func (client Client) BlobsClient(ctx context.Context, account accountDetails) (*blobs.Client, error) {
 	if client.storageAdAuth != nil {
 		blobsClient := blobs.NewWithEnvironment(client.environment)

azurerm/internal/services/storage/resource_arm_storage_account.go

@@ -28,8 +28,6 @@ import (
 	"github.com/tombuildsstuff/giovanni/storage/2018-11-09/queue/queues"
 )
 
-const blobStorageAccountDefaultAccessTier = "Hot"
-
 var storageAccountResourceName = "azurerm_storage_account"
 
 func resourceArmStorageAccount() *schema.Resource {
@@ -638,7 +636,7 @@ func resourceArmStorageAccountCreate(d *schema.ResourceData, meta interface{}) e
 		accessTier, ok := d.GetOk("access_tier")
 		if !ok {
 			// default to "Hot"
-			accessTier = blobStorageAccountDefaultAccessTier
+			accessTier = storage.Hot
 		}
 
 		parameters.AccountPropertiesCreateParameters.AccessTier = storage.AccessTier(accessTier.(string))
@@ -722,21 +720,31 @@ func resourceArmStorageAccountCreate(d *schema.ResourceData, meta interface{}) e
 		if accountKind != string(storage.StorageV2) {
 			return fmt.Errorf("`static_website` is only supported for Storage V2.")
 		}
-		blobAccountClient := meta.(*clients.Client).Storage.BlobAccountsClient
+		storageClient := meta.(*clients.Client).Storage
+
+		account, err := storageClient.FindAccount(ctx, storageAccountName)
+		if err != nil {
+			return fmt.Errorf("Error retrieving Account %q: %s", storageAccountName, err)
+		}
+		if account == nil {
+			return fmt.Errorf("Unable to locate Storage Account %q!", storageAccountName)
+		}
+
+		accountsClient, err := storageClient.AccountsDataPlaneClient(ctx, *account)
+		if err != nil {
+			return fmt.Errorf("Error building Accounts Data Plane Client: %s", err)
+		}
 
 		staticWebsiteProps := expandStaticWebsiteProperties(val.([]interface{}))
 
-		if _, err = blobAccountClient.SetServiceProperties(ctx, storageAccountName, staticWebsiteProps); err != nil {
+		if _, err = accountsClient.SetServiceProperties(ctx, storageAccountName, staticWebsiteProps); err != nil {
 			return fmt.Errorf("Error updating Azure Storage Account `static_website` %q: %+v", storageAccountName, err)
 		}
 	}
 
 	return resourceArmStorageAccountRead(d, meta)
 }
 
-// resourceArmStorageAccountUpdate is unusual in the ARM API where most resources have a combined
-// and idempotent operation for CreateOrUpdate. In particular updating all of the parameters
-// available requires a call to Update per parameter...
 func resourceArmStorageAccountUpdate(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*clients.Client).Storage.AccountsClient
 	ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d)
@@ -911,11 +919,24 @@ func resourceArmStorageAccountUpdate(d *schema.ResourceData, meta interface{}) e
 		if accountKind != string(storage.StorageV2) {
 			return fmt.Errorf("`static_website` is only supported for Storage V2.")
 		}
-		blobAccountClient := meta.(*clients.Client).Storage.BlobAccountsClient
+		storageClient := meta.(*clients.Client).Storage
+
+		account, err := storageClient.FindAccount(ctx, storageAccountName)
+		if err != nil {
+			return fmt.Errorf("Error retrieving Account %q: %s", storageAccountName, err)
+		}
+		if account == nil {
+			return fmt.Errorf("Unable to locate Storage Account %q!", storageAccountName)
+		}
+
+		accountsClient, err := storageClient.AccountsDataPlaneClient(ctx, *account)
+		if err != nil {
+			return fmt.Errorf("Error building Accounts Data Plane Client: %s", err)
+		}
 
 		staticWebsiteProps := expandStaticWebsiteProperties(d.Get("static_website").([]interface{}))
 
-		if _, err = blobAccountClient.SetServiceProperties(ctx, storageAccountName, staticWebsiteProps); err != nil {
+		if _, err = accountsClient.SetServiceProperties(ctx, storageAccountName, staticWebsiteProps); err != nil {
 			return fmt.Errorf("Error updating Azure Storage Account `static_website` %q: %+v", storageAccountName, err)
 		}
 
@@ -1109,9 +1130,19 @@ func resourceArmStorageAccountRead(d *schema.ResourceData, meta interface{}) err
 
 	// static website only supported on Storage V2
 	if resp.Kind == storage.StorageV2 {
-		blobAccountClient := storageClient.BlobAccountsClient
+		storageClient := meta.(*clients.Client).Storage
+
+		account, err := storageClient.FindAccount(ctx, name)
+		if err != nil {
+			return fmt.Errorf("Error retrieving Account %q: %s", name, err)
+		}
+
+		accountsClient, err := storageClient.AccountsDataPlaneClient(ctx, *account)
+		if err != nil {
+			return fmt.Errorf("Error building Accounts Data Plane Client: %s", err)
+		}
 
-		staticWebsiteProps, err := blobAccountClient.GetServiceProperties(ctx, name)
+		staticWebsiteProps, err := accountsClient.GetServiceProperties(ctx, name)
 		if err != nil {
 			if staticWebsiteProps.Response.Response != nil && !utils.ResponseWasNotFound(staticWebsiteProps.Response) {
 				return fmt.Errorf("Error reading static website for AzureRM Storage Account %q: %+v", name, err)