Added support for Storage Account Require secure transfer [MS] (#167)

* Added support for "SupportHttpsTrafficOnly"

* Added support for Require secure transfer

* Added support for Require secure transfer (Docs)

* Ran go fmt

* Changed properties to reflect what was in the azure go sdk

* Set Property in AccountProperties constructor

azurerm/resource_arm_storage_account.go

@@ -81,6 +81,11 @@ func resourceArmStorageAccount() *schema.Resource {
 				Optional: true,
 			},
 
+			"enable_https_traffic_only": {
+				Type:     schema.TypeBool,
+				Optional: true,
+			},
+
 			"primary_location": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -164,6 +169,7 @@ func resourceArmStorageAccountCreate(d *schema.ResourceData, meta interface{}) e
 	location := d.Get("location").(string)
 	tags := d.Get("tags").(map[string]interface{})
 	enableBlobEncryption := d.Get("enable_blob_encryption").(bool)
+	enableHTTPSTrafficOnly := d.Get("enable_https_traffic_only").(bool)
 
 	sku := storage.Sku{
 		Name: storage.SkuName(accountType),
@@ -183,6 +189,7 @@ func resourceArmStorageAccountCreate(d *schema.ResourceData, meta interface{}) e
 				},
 				KeySource: &storageAccountEncryptionSource,
 			},
+			EnableHTTPSTrafficOnly: &enableHTTPSTrafficOnly,
 		},
 	}
 
@@ -329,6 +336,22 @@ func resourceArmStorageAccountUpdate(d *schema.ResourceData, meta interface{}) e
 		d.SetPartial("enable_blob_encryption")
 	}
 
+	if d.HasChange("enable_https_traffic_only") {
+		enableHTTPSTrafficOnly := d.Get("enable_https_traffic_only").(bool)
+
+		opts := storage.AccountUpdateParameters{
+			AccountPropertiesUpdateParameters: &storage.AccountPropertiesUpdateParameters{
+				EnableHTTPSTrafficOnly: &enableHTTPSTrafficOnly,
+			},
+		}
+		_, err := client.Update(resourceGroupName, storageAccountName, opts)
+		if err != nil {
+			return fmt.Errorf("Error updating Azure Storage Account enable_https_traffic_only %q: %s", storageAccountName, err)
+		}
+
+		d.SetPartial("enable_https_traffic_only")
+	}
+
 	d.Partial(false)
 	return nil
 }
@@ -366,6 +389,7 @@ func resourceArmStorageAccountRead(d *schema.ResourceData, meta interface{}) err
 	d.Set("account_type", resp.Sku.Name)
 	d.Set("primary_location", resp.AccountProperties.PrimaryLocation)
 	d.Set("secondary_location", resp.AccountProperties.SecondaryLocation)
+	d.Set("enable_https_traffic_only", resp.AccountProperties.EnableHTTPSTrafficOnly)
 
 	if resp.AccountProperties.AccessTier != "" {
 		d.Set("access_tier", resp.AccountProperties.AccessTier)

azurerm/resource_arm_storage_account_test.go

@@ -160,6 +160,36 @@ func TestAccAzureRMStorageAccount_blobEncryption(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMStorageAccount_enableHttpsTrafficOnly(t *testing.T) {
+	ri := acctest.RandInt()
+	rs := acctest.RandString(4)
+	preConfig := testAccAzureRMStorageAccount_enableHttpsTrafficOnly(ri, rs)
+	postConfig := testAccAzureRMStorageAccount_enableHttpsTrafficOnlyDisabled(ri, rs)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMStorageAccountDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: preConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMStorageAccountExists("azurerm_storage_account.testsa"),
+					resource.TestCheckResourceAttr("azurerm_storage_account.testsa", "enable_https_traffic_only", "true"),
+				),
+			},
+
+			{
+				Config: postConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMStorageAccountExists("azurerm_storage_account.testsa"),
+					resource.TestCheckResourceAttr("azurerm_storage_account.testsa", "enable_https_traffic_only", "false"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAzureRMStorageAccount_blobStorageWithUpdate(t *testing.T) {
 	ri := acctest.RandInt()
 	rs := acctest.RandString(4)
@@ -373,6 +403,48 @@ resource "azurerm_storage_account" "testsa" {
 }`, rInt, rString)
 }
 
+func testAccAzureRMStorageAccount_enableHttpsTrafficOnly(rInt int, rString string) string {
+	return fmt.Sprintf(`
+resource "azurerm_resource_group" "testrg" {
+    name = "testAccAzureRMSA-%d"
+    location = "westus"
+}
+
+resource "azurerm_storage_account" "testsa" {
+    name = "unlikely23exst2acct%s"
+    resource_group_name = "${azurerm_resource_group.testrg.name}"
+
+    location = "westus"
+    account_type = "Standard_LRS"
+    enable_https_traffic_only = true
+
+    tags {
+        environment = "production"
+    }
+}`, rInt, rString)
+}
+
+func testAccAzureRMStorageAccount_enableHttpsTrafficOnlyDisabled(rInt int, rString string) string {
+	return fmt.Sprintf(`
+resource "azurerm_resource_group" "testrg" {
+    name = "testAccAzureRMSA-%d"
+    location = "westus"
+}
+
+resource "azurerm_storage_account" "testsa" {
+    name = "unlikely23exst2acct%s"
+    resource_group_name = "${azurerm_resource_group.testrg.name}"
+
+    location = "westus"
+    account_type = "Standard_LRS"
+    enable_https_traffic_only = false
+
+    tags {
+        environment = "production"
+    }
+}`, rInt, rString)
+}
+
 // BlobStorage accounts are not available in WestUS
 func testAccAzureRMStorageAccount_blobStorage(rInt int, rString string) string {
 	return fmt.Sprintf(`

website/docs/r/storage_account.html.markdown

@@ -63,6 +63,9 @@ The following arguments are supported:
     Services are enabled for Blob storage, see [here](https://azure.microsoft.com/en-us/documentation/articles/storage-service-encryption/)
     for more information.
 
+* `enable_https_traffic_only` - (Optional) Boolean flag which forces HTTPS if enabled, see [here] (https://docs.microsoft.com/en-us/azure/storage/storage-require-secure-transfer/)
+    for more information.
+
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 
 Note that although the Azure API supports setting custom domain names for