-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
storage: upgrade giovanni SDK and support AAD auth #24798
Conversation
@katbyte Yes and yes 👍 |
5f859e4
to
d61675f
Compare
ab0d29a
to
82a7b7c
Compare
82a7b7c
to
b76ce67
Compare
b76ce67
to
256ec27
Compare
256ec27
to
d238691
Compare
d238691
to
e01fadf
Compare
e01fadf
to
170d597
Compare
170d597
to
28a803d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some comments from a partial review inline
@@ -244,7 +243,7 @@ func (r KubernetesFluxConfigurationResource) Arguments() map[string]*pluginsdk.S | |||
"container_id": { | |||
Type: pluginsdk.TypeString, | |||
Required: true, | |||
ValidateFunc: storageValidate.StorageContainerDataPlaneID, | |||
ValidateFunc: validation.IsURLWithPath, // note: storage domain suffix cannot be determined at validation time, so just make sure it's a well-formed URL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whilst we don't have access to the Environment that doesn't mean we couldn't necessarily do an opt-in enhanced validation here? e.g. expose a global variable for StorageDomainSuffix
that's set in a similar manner as we do for Location
s and then conditionally validate the domain name, else just check the Path matches?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I couldn't see a race-free way to achieve this, since the environment
(cloud) can be set in provider configuration as well as via environment variable - building the provider also occurs post-validation so we still can't determine the appropriate domain?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems to work with populating a global variable! Validation function is updated accordingly :)
output.ContainerName = &id.Name | ||
output.Url = pointer.To(strings.TrimSuffix(input.ContainerID, "/"+id.Name)) | ||
output.ContainerName = &id.ContainerName | ||
output.Url = pointer.To(strings.TrimSuffix(input.ContainerID, "/"+id.ContainerName)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
perhaps pedantic but couldn't we make this:
output.Url = pointer.To(strings.TrimSuffix(input.ContainerID, "/"+id.ContainerName)) | |
output.Url = pointer.To(fmt.Sprintf("https://%s", id.Domain)) |
(or add a function to return this value?)
That'd allow the usage of this Resource ID to be better highlighted, to help us determine the impact of a change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah this can be a lot better. I've reworked so that presumptions about the URL structure are removed from the resource and instead it leans on the ID()
method of the underlying AccountId
(in both the flatten and expand functions).
} | ||
} | ||
|
||
func (client Client) ConfigureDataPlane(ctx context.Context, baseUri, clientName string, baseClient client.BaseClient, account accountDetails, operation DataPlaneOperation) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does this need to be public/exported?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does not 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aside from a couple comments and the ones Tom left this LGTM 💾
if err != nil { | ||
return fmt.Errorf("parsing ace list: %s", err) | ||
return fmt.Errorf("retrieving Account %q for Data Lake Filesystem %q: %v", accountResourceManagerId.StorageAccountName, filesystemName, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should these all be noted as Gen2?
return fmt.Errorf("retrieving Account %q for Data Lake Filesystem %q: %v", accountResourceManagerId.StorageAccountName, filesystemName, err) | |
return fmt.Errorf("retrieving Account %q for Data Lake Gen2 Filesystem %q: %v", accountResourceManagerId.StorageAccountName, filesystemName, err) |
if utils.ResponseWasNotFound(storageAccount.Response) { | ||
return fmt.Errorf("%s was not found", storageID) | ||
} | ||
return fmt.Errorf("building Data Lake Filesystems Client: %v", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
etc
return fmt.Errorf("building Data Lake Filesystems Client: %v", err) | |
return fmt.Errorf("building Data Lake Gen2 Filesystems Client: %v", err) |
<Actions> <action id="f410411e63aff4bb73a81c2aec1d373cf8a903e63b30dee2006b0030d8a94cc8"> <h3>Bump Terraform `azurerm` provider version</h3> <details id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24"> <summary>Update Terraform lock file</summary> <p>changes detected:
	"hashicorp/azurerm" updated from "3.95.0" to "3.96.0" in file ".terraform.lock.hcl"</p> <details> <summary>3.96.0</summary> <pre>Changelog retrieved from:
	https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.96.0
ENHANCEMENTS:

* dependencies: updating to `v0.20240314.1083835` of `github.com/hashicorp/go-azure-sdk` ([#25255](https://github.com/hashicorp/terraform-provider-azurerm/issues/25255))
* dependencies: updating to `v0.25.1` of `github.com/tombuildsstuff/giovanni` ([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
* dependencies: updating to `v1.33.0` of `google.golang.org/protobuf` ([#25243](https://github.com/hashicorp/terraform-provider-azurerm/issues/25243))
* `storage`: updating the data plane resources to use the transport layer from `hashicorp/go-azure-sdk` rather than `Azure/go-autorest` ([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
* Data Source: `azurerm_storage_table_entities` - support for AAD authentication ([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
* Data Source: `azurerm_storage_table_entity` - support for AAD authentication ([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
* `azurerm_kusto_cluster` - support `None` pattern for the `virtual_network_configuration` block ([#24733](https://github.com/hashicorp/terraform-provider-azurerm/issues/24733))
* `azurerm_linux_function_app` - support for the Node `20` runtime ([#24073](https://github.com/hashicorp/terraform-provider-azurerm/issues/24073))
* `azurerm_linux_function_app_slot` - support for the Node `20` runtime ([#24073](https://github.com/hashicorp/terraform-provider-azurerm/issues/24073))
* `azurerm_stack_hci_cluster` - support the `identity`, `cloud_id`, `service_endpoint` and `resource_provider_object_id` properties [GH-25031]
* `azurerm_storage_share_file` - support for AAD authentication ([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
* `azurerm_storage_share_directory` - support for AAD authentication, deprecate `share_name` and `storage_account_name` in favor of `storage_share_id` ([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
* `azurerm_storage_table_entity` - support for AAD authentication, deprecate `share_name` and `storage_account_name` in favor of `storage_table_id` ([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
* `azurerm_storage_table_entity` - support for AAD authentication ([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
* `azurerm_windows_function_app` - support for the Node `20` runtime ([#24073](https://github.com/hashicorp/terraform-provider-azurerm/issues/24073))
* `azurerm_windows_function_app_slot` - support for the Node `20` runtime ([#24073](https://github.com/hashicorp/terraform-provider-azurerm/issues/24073))
* `azurerm_windows_web_app` - support for the Node `20` runtime ([#24073](https://github.com/hashicorp/terraform-provider-azurerm/issues/24073))
* `azurerm_windows_web_app_slot` - support for the Node `20` runtime ([#24073](https://github.com/hashicorp/terraform-provider-azurerm/issues/24073))

BUG FIXES:

* `azurerm_container_app_custom_domain` - fix resource ID parsing bug preventing import ([#25192](https://github.com/hashicorp/terraform-provider-azurerm/issues/25192))
* `azurerm_windows_web_app` - fix incorrect warning message when checking name availability ([#25214](https://github.com/hashicorp/terraform-provider-azurerm/issues/25214))
* `azurerm_virtual_machine_run_command` - prevent a bug during updates ([#25186](https://github.com/hashicorp/terraform-provider-azurerm/issues/25186))
* Data Source: `azurerm_storage_table_entities` - Fix `items.x.properties` truncating to one entry ([#25211](https://github.com/hashicorp/terraform-provider-azurerm/issues/25211))</pre> </details> </details> <a href="https://infra.ci.jenkins.io/job/updatecli/job/azure/job/main/52/">Jenkins pipeline link</a> </action> </Actions> --- <table> <tr> <td width="77"> <img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli logo" width="50" height="50"> </td> <td> <p> Created automatically by <a href="https://www.updatecli.io/">Updatecli</a> </p> <details><summary>Options:</summary> <br /> <p>Most of Updatecli configuration is done via <a href="https://www.updatecli.io/docs/prologue/quick-start/">its manifest(s)</a>.</p> <ul> <li>If you close this pull request, Updatecli will automatically reopen it, the next time it runs.</li> <li>If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.</li> </ul> <p> Feel free to report any issues at <a href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br /> If you find this tool useful, do not hesitate to star <a href="https://github.com/updatecli/updatecli/stargazers">our GitHub repository</a> as a sign of appreciation, and/or to tell us directly on our <a href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>! </p> </details> </td> </tr> </table> Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Storage Data Plane upgrades and support for AAD authentication
tombuildsstuff/giovanni
which has switched to thego-azure-sdk
base layerazurerm_storage_share
andazurerm_storage_table
will continue to use shared key authentication due to API limitations (official docs)by endpoint but also by the capabilities of the operation (enables more granular support for preferred authentication methods).
provider
package - move helper functions into own source fileservices/storage/client
package - move data plane client helpers into own source file and add support for parsing out a storage account endpoint for constructing a data plane IDinternal/common
: adoptclient.BaseClient
interface from go-azure-sdk to support more SDK base clientsinternal/provider
: move helper functions into own source fileCHANGELOG
v0.25.1
ofgithub.com/tombuildsstuff/giovanni
data.azurerm_storage_table_entities
- support for AAD authenticationdata.azurerm_storage_table_entity
- support for AAD authenticationazurerm_storage_share_file
- support for AAD authenticationazurerm_storage_share_directory
- support for AAD authentication, deprecateshare_name
andstorage_account_name
in favor ofstorage_share_id
azurerm_storage_table_entity
- support for AAD authentication, deprecateshare_name
andstorage_account_name
in favor ofstorage_table_id
azurerm_storage_table_entity
- support for AAD authenticationDepends on:
http.Request.ContentLength
field instead ofContent-Length
header when building the signed assertion for shared key authorizer go-azure-sdk#906v0.20240227.1172434
ofgithub.com/hashicorp/go-azure-sdk
#25055x-ms-file-request-intent
header for the Files API when authenticating using OAuth tombuildsstuff/giovanni#107Closes: #22467