azurerm_storage_management_policy: Documentation / plan does not specify requirement for blob_types if using rule with filter

[kmcneelyshaw]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

0.14.9

AzureRM Provider Version

2.92.0

Affected Resource(s)/Data Source(s)

azurerm_storage_management_policy

Terraform Configuration Files

resource "azurerm_resource_group" "my_resource_group" {
  name     = "my_resource_group"
  location = "eastus2"
}

resource "azurerm_storage_account" "my_storage_account" {
  name                     = "my_storage_account"
  resource_group_name      = azurerm_resource_group.my_resource_group.name
  location                 = "eastus2"
  account_tier             = "Standard"
  account_replication_type = "RAGRS"
  min_tls_version          = "TLS1_2"
}

resource "azurerm_storage_container" "my_storage_container" {
  name                  = "my_storage_container"
  storage_account_name  = azurerm_storage_account.my_storage_account.name
  container_access_type = "private"
}

resource "azurerm_storage_management_policy" "my_storage_management_policy" {
  storage_account_id = azurerm_storage_account.my_storage_account.id
  rule {
    name    = "Delete-after-two-months"
    enabled = true
    filters {
      prefix_match = [azurerm_storage_container.my_storage_container.name]
    }
    actions {
      base_blob {
        delete_after_days_since_modification_greater_than = 62
      }
      snapshot {
        delete_after_days_since_creation_greater_than = 62
      }
      version {
        delete_after_days_since_creation = 62
      }
    }
  }
}

Debug Output/Panic Output

On terraform apply:

Error: creating Storage Account Management Policy: (Management Policy Name "default" / Storage Account Name "my_storage_account" / Resource Group "my_resource_group"): storage.ManagementPoliciesClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="InvalidManagementPolicyRule" Message="ManagementPolicy rule Delete-after-two-months is invalid. Invalid value for parameter : blobType For more information, see - https://aka.ms/managementpolicyexamples"

Expected Behaviour

I would expect to hear from documentation or from terraform plan that this will not succeed.

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_management_policy says

[rule] (https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_management_policy#rule) - (Optional) A rule block as documented below.

rule supports the following:

name - (Required) A rule name can contain any combination of alpha numeric characters. Rule name is case-sensitive. It must be unique within a policy.

enabled - (Required) Boolean to specify whether the rule is enabled.

[filters] (https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_management_policy#filters) - A filter block as documented below.

actions - An actions block as documented below.

filters supports the following:

prefix_match - An array of strings for prefixes to be matched.
blob_types - An array of predefined values. Valid options are blockBlob and appendBlob.
match_blob_index_tag - A match_blob_index_tag block as defined below. The block defines the blob index tag based filtering for blob objects.

"supports the following" does not indicate "if you choose filters you must specify blob_types." I don't know if this can be caught at plan time, but at the least the documentation could be improved to capture this requirement.

Thank you.

Actual Behaviour

On terraform apply:

Error: creating Storage Account Management Policy: (Management Policy Name "default" / Storage Account Name "my_storage_account" / Resource Group "my_resource_group"): storage.ManagementPoliciesClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="InvalidManagementPolicyRule" Message="ManagementPolicy rule Delete-after-two-months is invalid. Invalid value for parameter : blobType For more information, see - https://aka.ms/managementpolicyexamples"

Steps to Reproduce

terraform apply above configuration

Important Factoids

No response

References

No response

[kmcneelyshaw]

@magodo @katbyte Thanks so much for the prompt response.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.