storage: upgrade giovanni SDK and support AAD auth #24798
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@katbyte Yes and yes 👍 |
manicminer
force-pushed
the
feature/storage-aad-auth
branch
from
5f859e4
to
d61675f
Compare
manicminer
force-pushed
the
feature/storage-aad-auth
branch
3 times, most recently
from
ab0d29a
to
82a7b7c
Compare
manicminer
force-pushed
the
feature/storage-aad-auth
branch
from
82a7b7c
to
b76ce67
Compare
manicminer
force-pushed
the
feature/storage-aad-auth
branch
from
b76ce67
to
256ec27
Compare
manicminer
force-pushed
the
feature/storage-aad-auth
branch
from
256ec27
to
d238691
Compare
manicminer
force-pushed
the
feature/storage-aad-auth
branch
from
d238691
to
e01fadf
Compare
manicminer
force-pushed
the
feature/storage-aad-auth
branch
from
e01fadf
to
170d597
Compare
manicminer
force-pushed
the
feature/storage-aad-auth
branch
from
170d597
to
28a803d
Compare
| @@ -244,7 +243,7 @@ func (r KubernetesFluxConfigurationResource) Arguments() map[string]*pluginsdk.S | |||
| "container_id": { | |||
| Type: pluginsdk.TypeString, | |||
| Required: true, | |||
| ValidateFunc: storageValidate.StorageContainerDataPlaneID, | |||
| ValidateFunc: validation.IsURLWithPath, // note: storage domain suffix cannot be determined at validation time, so just make sure it's a well-formed URL | |||
There was a problem hiding this comment.
Whilst we don't have access to the Environment that doesn't mean we couldn't necessarily do an opt-in enhanced validation here? e.g. expose a global variable for StorageDomainSuffix that's set in a similar manner as we do for Locations and then conditionally validate the domain name, else just check the Path matches?
There was a problem hiding this comment.
I couldn't see a race-free way to achieve this, since the environment (cloud) can be set in provider configuration as well as via environment variable - building the provider also occurs post-validation so we still can't determine the appropriate domain?
There was a problem hiding this comment.
Seems to work with populating a global variable! Validation function is updated accordingly :)
| output.ContainerName = &id.Name | ||
| output.Url = pointer.To(strings.TrimSuffix(input.ContainerID, "/"+id.Name)) | ||
| output.ContainerName = &id.ContainerName | ||
| output.Url = pointer.To(strings.TrimSuffix(input.ContainerID, "/"+id.ContainerName)) |
There was a problem hiding this comment.
perhaps pedantic but couldn't we make this:
Suggested change
| output.Url = pointer.To(strings.TrimSuffix(input.ContainerID, "/"+id.ContainerName)) | |
| output.Url = pointer.To(fmt.Sprintf("https://%s", id.Domain)) |
(or add a function to return this value?)
That'd allow the usage of this Resource ID to be better highlighted, to help us determine the impact of a change?
There was a problem hiding this comment.
Yeah this can be a lot better. I've reworked so that presumptions about the URL structure are removed from the resource and instead it leans on the ID() method of the underlying AccountId (in both the flatten and expand functions).
| } | ||
| } | ||
|
|
||
| func (client Client) ConfigureDataPlane(ctx context.Context, baseUri, clientName string, baseClient client.BaseClient, account accountDetails, operation DataPlaneOperation) error { |
There was a problem hiding this comment.
does this need to be public/exported?
katbyte
approved these changes
Mar 12, 2024
| if err != nil { | ||
| return fmt.Errorf("parsing ace list: %s", err) | ||
| return fmt.Errorf("retrieving Account %q for Data Lake Filesystem %q: %v", accountResourceManagerId.StorageAccountName, filesystemName, err) |
There was a problem hiding this comment.
should these all be noted as Gen2?
Suggested change
| return fmt.Errorf("retrieving Account %q for Data Lake Filesystem %q: %v", accountResourceManagerId.StorageAccountName, filesystemName, err) | |
| return fmt.Errorf("retrieving Account %q for Data Lake Gen2 Filesystem %q: %v", accountResourceManagerId.StorageAccountName, filesystemName, err) |
| if utils.ResponseWasNotFound(storageAccount.Response) { | ||
| return fmt.Errorf("%s was not found", storageID) | ||
| } | ||
| return fmt.Errorf("building Data Lake Filesystems Client: %v", err) |
There was a problem hiding this comment.
etc
Suggested change
| return fmt.Errorf("building Data Lake Filesystems Client: %v", err) | |
| return fmt.Errorf("building Data Lake Gen2 Filesystems Client: %v", err) |
|
Latest test results 
|
manicminer
added a commit
that referenced
this pull request
Mar 14, 2024
reastyn
pushed a commit
to reastyn/terraform-provider-azurerm
that referenced
this pull request
Mar 14, 2024
1 task
dduportal
pushed a commit
to jenkins-infra/azure
that referenced
this pull request
Mar 18, 2024
<Actions>
<action
id="f410411e63aff4bb73a81c2aec1d373cf8a903e63b30dee2006b0030d8a94cc8">
<h3>Bump Terraform `azurerm` provider version</h3>
<details
id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24">
<summary>Update Terraform lock file</summary>
<p>changes detected:
	"hashicorp/azurerm" updated from
"3.95.0" to "3.96.0" in file
".terraform.lock.hcl"</p>
<details>
<summary>3.96.0</summary>
<pre>Changelog retrieved
from:
	https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.96.0
ENHANCEMENTS:

*
dependencies: updating to `v0.20240314.1083835` of
`github.com/hashicorp/go-azure-sdk`
([#25255](https://github.com/hashicorp/terraform-provider-azurerm/issues/25255))
*
dependencies: updating to `v0.25.1` of
`github.com/tombuildsstuff/giovanni`
([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
*
dependencies: updating to `v1.33.0` of `google.golang.org/protobuf`
([#25243](https://github.com/hashicorp/terraform-provider-azurerm/issues/25243))
*
`storage`: updating the data plane resources to use the transport layer
from `hashicorp/go-azure-sdk` rather than `Azure/go-autorest`
([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
*
Data Source: `azurerm_storage_table_entities` - support for AAD
authentication
([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
*
Data Source: `azurerm_storage_table_entity` - support for AAD
authentication
([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
*
`azurerm_kusto_cluster` - support `None` pattern for the
`virtual_network_configuration` block
([#24733](https://github.com/hashicorp/terraform-provider-azurerm/issues/24733))
*
`azurerm_linux_function_app` - support for the Node `20` runtime
([#24073](https://github.com/hashicorp/terraform-provider-azurerm/issues/24073))
*
`azurerm_linux_function_app_slot` - support for the Node `20` runtime
([#24073](https://github.com/hashicorp/terraform-provider-azurerm/issues/24073))
*
`azurerm_stack_hci_cluster` - support the `identity`, `cloud_id`,
`service_endpoint` and `resource_provider_object_id` properties
[GH-25031]
* `azurerm_storage_share_file` - support for AAD
authentication
([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
*
`azurerm_storage_share_directory` - support for AAD authentication,
deprecate `share_name` and `storage_account_name` in favor of
`storage_share_id`
([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
*
`azurerm_storage_table_entity` - support for AAD authentication,
deprecate `share_name` and `storage_account_name` in favor of
`storage_table_id`
([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
*
`azurerm_storage_table_entity` - support for AAD authentication
([#24798](https://github.com/hashicorp/terraform-provider-azurerm/issues/24798))
*
`azurerm_windows_function_app` - support for the Node `20` runtime
([#24073](https://github.com/hashicorp/terraform-provider-azurerm/issues/24073))
*
`azurerm_windows_function_app_slot` - support for the Node `20` runtime
([#24073](https://github.com/hashicorp/terraform-provider-azurerm/issues/24073))
*
`azurerm_windows_web_app` - support for the Node `20` runtime
([#24073](https://github.com/hashicorp/terraform-provider-azurerm/issues/24073))
*
`azurerm_windows_web_app_slot` - support for the Node `20` runtime
([#24073](https://github.com/hashicorp/terraform-provider-azurerm/issues/24073))

BUG
FIXES:

* `azurerm_container_app_custom_domain` - fix
resource ID parsing bug preventing import
([#25192](https://github.com/hashicorp/terraform-provider-azurerm/issues/25192))
*
`azurerm_windows_web_app` - fix incorrect warning message when checking
name availability
([#25214](https://github.com/hashicorp/terraform-provider-azurerm/issues/25214))
*
`azurerm_virtual_machine_run_command` - prevent a bug during updates
([#25186](https://github.com/hashicorp/terraform-provider-azurerm/issues/25186))
*
Data Source: `azurerm_storage_table_entities` - Fix `items.x.properties`
truncating to one entry
([#25211](https://github.com/hashicorp/terraform-provider-azurerm/issues/25211))</pre>
</details>
</details>
<a
href="https://infra.ci.jenkins.io/job/updatecli/job/azure/job/main/52/">Jenkins
pipeline link</a>
</action>
</Actions>
---
<table>
<tr>
<td width="77">
<img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli
logo" width="50" height="50">
</td>
<td>
<p>
Created automatically by <a
href="https://www.updatecli.io/">Updatecli</a>
</p>
<details><summary>Options:</summary>
<br />
<p>Most of Updatecli configuration is done via <a
href="https://www.updatecli.io/docs/prologue/quick-start/">its
manifest(s)</a>.</p>
<ul>
<li>If you close this pull request, Updatecli will automatically reopen
it, the next time it runs.</li>
<li>If you close this pull request and delete the base branch, Updatecli
will automatically recreate it, erasing all previous commits made.</li>
</ul>
<p>
Feel free to report any issues at <a
href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br
/>
If you find this tool useful, do not hesitate to star <a
href="https://github.com/updatecli/updatecli/stargazers">our GitHub
repository</a> as a sign of appreciation, and/or to tell us directly on
our <a
href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>!
</p>
</details>
</td>
</tr>
</table>
Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Storage Data Plane upgrades and support for AAD authentication
tombuildsstuff/giovanniwhich has switched to thego-azure-sdkbase layerazurerm_storage_shareandazurerm_storage_tablewill continue to use shared key authentication due to API limitations (official docs)by endpoint but also by the capabilities of the operation (enables more granular support for preferred authentication methods).
providerpackage - move helper functions into own source fileservices/storage/clientpackage - move data plane client helpers into own source file and add support for parsing out a storage account endpoint for constructing a data plane IDinternal/common: adoptclient.BaseClientinterface from go-azure-sdk to support more SDK base clientsinternal/provider: move helper functions into own source fileCHANGELOG
v0.25.1ofgithub.com/tombuildsstuff/giovannidata.azurerm_storage_table_entities- support for AAD authenticationdata.azurerm_storage_table_entity- support for AAD authenticationazurerm_storage_share_file- support for AAD authenticationazurerm_storage_share_directory- support for AAD authentication, deprecateshare_nameandstorage_account_namein favor ofstorage_share_idazurerm_storage_table_entity- support for AAD authentication, deprecateshare_nameandstorage_account_namein favor ofstorage_table_idazurerm_storage_table_entity- support for AAD authenticationDepends on:
http.Request.ContentLengthfield instead ofContent-Lengthheader when building the signed assertion for shared key authorizer go-azure-sdk#906v0.20240227.1172434ofgithub.com/hashicorp/go-azure-sdk#25055x-ms-file-request-intentheader for the Files API when authenticating using OAuth tombuildsstuff/giovanni#107Closes: #22467