azurerm_storage_account default allow_blob_public_access to false

[marc-sensenich]

For azurerm_storage_account resources, default allow_blob_public_access to false to align with behavior prior to 2.19

Closes #7781

TF_ACC=1 go test -v ./azurerm/internal/services/storage/tests/ -run=TestAccAzureRMStorageAccount_allowBlobPublicAccess -timeout 60m -ldflags="-X=github.com/terraform-providers/terraform-provider-azurerm/version.ProviderVersion=acc"
=== RUN   TestAccAzureRMStorageAccount_allowBlobPublicAccess
=== PAUSE TestAccAzureRMStorageAccount_allowBlobPublicAccess
=== CONT  TestAccAzureRMStorageAccount_allowBlobPublicAccess
--- PASS: TestAccAzureRMStorageAccount_allowBlobPublicAccess (150.29s)
PASS
ok      github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/storage/tests 150.313s

[WodansSon]

@marc-sensenich, thanks for this! Pretty straight forward, this LGTM! Thanks again for the contribution! 🚀

[KulkarniAbhishek]

I am getting the following error:
_Error: Unsupported argument

on main.tf line 17, in resource "azurerm_storage_account" "test_sa":
17: allow_blob_public_access = false

An argument named "allow_blob_public_access" is not expected here._

Terraform version: v0.12.28
"azurerm" provider version: 2.0.0

How do I resolve this?

[marc-sensenich]

@KulkarniAbhishek this feature was added in version 2.19.0 of the provider, if you are running 2.0.0 of this provider you shouldn't be affected by #7739 or have the attribute available on the resource

[KulkarniAbhishek]

@KulkarniAbhishek this feature was added in version 2.19.0 of the provider, if you are running 2.0.0 of this provider you shouldn't be affected by #7739 or have the attribute available on the resource

Upgrading to 2.19.0 worked for me. Thank you.

[katbyte]

THis is a breaking change and should potentially wait until 3.0 @WodansSon ?

[BenWaller]

THis is a breaking change and should potentially wait until 3.0 @WodansSon ?

This reverts a breaking change from the 2.19.0 release, so having it fixed before 3.0 would be nice.

[katbyte]

Reading up on the ticket i'm going to approve this breaking change due to the security implications of defaulting public access to true.

[ghost]

This has been released in version 2.20.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.20.0"
}
# ... other configuration ...

[petenorth]

Thanks for the breaking change.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!