Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for azurerm_storage_account sas_policy.expiration_action set to "Block" #28477

Open
1 task done
scratch85 opened this issue Jan 10, 2025 · 1 comment
Open
1 task done

Support for azurerm_storage_account sas_policy.expiration_action set to "Block" #28477

scratch85 opened this issue Jan 10, 2025 · 1 comment
Labels
enhancement sdk/requires-newer-api-version This requires upgrading the version of the API being used service/storage

Comments

@scratch85
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Configuring

  sas_policy {
    expiration_period = "00.01:00:00"
    expiration_action = "Block"
  }

leads to error:

Error: expected sas_policy.0.expiration_action to be one of ["Log"], got Block

Terraform docs say:

[expiration_action](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#expiration_action-4) - (Optional) The SAS expiration action. The only possible value is Log at this moment. Defaults to Log.

But actually "Block" is a valid value according to Azure Storage Account API:

The SAS Expiration Action defines the action to be performed when sasPolicy.sasExpirationPeriod is violated. The 'Log' action can be used for audit purposes and the 'Block' action can be used to block and deny the usage of SAS tokens that do not adhere to the sas policy expiration period.

New or Affected Resource(s)/Data Source(s)

azurerm_storage_account

Potential Terraform Configuration

sas_policy {
  expiration_period = "00.01:00:00"
  expiration_action = "Block"
}

References
@magodo
Copy link
Collaborator

magodo commented Jan 13, 2025

This new enum value is introduced in API version 2023-05-01 (even 2023-04-01 doesn't have that), so the issue is depending on #27760.

@magodo magodo added the sdk/requires-newer-api-version This requires upgrading the version of the API being used label Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement sdk/requires-newer-api-version This requires upgrading the version of the API being used service/storage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@scratch85 @magodo @rcskosir