Skip to content

Commit

Permalink
Add support allow_shared_key_access to azure_rm_storageaccount.py (a…
Browse files Browse the repository at this point in the history 
…nsible-collections#1583)

* Add support 'allow_shared_key_access' to azure_rm_storageaccount.py

* small change

* fix sanity fail
  • Loading branch information
@Fred-sun @Justwmz
Fred-sun authored and Justwmz committed Nov 4, 2024
1 parent 28831a6 commit c090594
Show file tree
Hide file tree
Showing 3 changed files with 170 additions and 0 deletions.
86 changes: 86 additions & 0 deletions plugins/modules/azure_rm_storageaccount.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,21 @@
choices:
- Enabled
- Disabled
allow_cross_tenant_replication:
description:
- Allow or disallow cross AAD tenant object replication.
type: bool
allow_shared_key_access:
description:
- Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key.
- If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD).
- The default value is null, which is equivalent to true.
type: bool
default_to_o_auth_authentication:
description:
- A boolean flag which indicates whether the default authentication is OAuth or not.
- The default interpretation is false for this property.
type: bool
encryption:
description:
- The encryption settings on the storage account.
Expand Down Expand Up @@ -405,6 +420,25 @@
returned: always
type: str
sample: Standard_RAGRS
allow_cross_tenant_replication:
description:
- Allow or disallow cross AAD tenant object replication.
type: bool
returned: always
sample: true
allow_shared_key_access:
description:
- Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key.
type: bool
returned: always
sample: true
default_to_o_auth_authentication:
description:
- A boolean flag which indicates whether the default authentication is OAuth or not.
- The default interpretation is false for this property.
type: bool
returned: always
sample: true
custom_domain:
description:
- User domain assigned to the storage account.
Expand Down Expand Up @@ -740,6 +774,9 @@ def __init__(self):
minimum_tls_version=dict(type='str', choices=['TLS1_0', 'TLS1_1', 'TLS1_2']),
public_network_access=dict(type='str', choices=['Enabled', 'Disabled']),
allow_blob_public_access=dict(type='bool'),
allow_shared_key_access=dict(type='bool'),
allow_cross_tenant_replication=dict(type='bool'),
default_to_o_auth_authentication=dict(type='bool'),
network_acls=dict(type='dict'),
blob_cors=dict(type='list', options=cors_rule_spec, elements='dict'),
static_website=dict(type='dict', options=static_website_spec),
Expand Down Expand Up @@ -803,6 +840,9 @@ def __init__(self):
self.is_hns_enabled = None
self.large_file_shares_state = None
self.enable_nfs_v3 = None
self.allow_shared_key_access = None
self.allow_cross_tenant_replication = None
self.default_to_o_auth_authentication = None

super(AzureRMStorageAccount, self).__init__(self.module_arg_spec,
supports_check_mode=True)
Expand Down Expand Up @@ -905,6 +945,9 @@ def account_obj_to_dict(self, account_obj, blob_mgmt_props=None, blob_client_pro
minimum_tls_version=account_obj.minimum_tls_version,
public_network_access=account_obj.public_network_access,
allow_blob_public_access=account_obj.allow_blob_public_access,
default_to_o_auth_authentication=account_obj.default_to_o_auth_authentication,
allow_cross_tenant_replication=account_obj.allow_cross_tenant_replication,
allow_shared_key_access=account_obj.allow_shared_key_access,
network_acls=account_obj.network_rule_set,
is_hns_enabled=account_obj.is_hns_enabled if account_obj.is_hns_enabled else False,
enable_nfs_v3=account_obj.enable_nfs_v3 if hasattr(account_obj, 'enable_nfs_v3') else None,
Expand Down Expand Up @@ -1118,6 +1161,43 @@ def update_account(self):
except Exception as exc:
self.fail("Failed to update allow public blob access: {0}".format(str(exc)))

if self.allow_shared_key_access is not None and self.allow_shared_key_access != self.account_dict.get('allow_shared_key_access'):
self.results['changed'] = True
self.account_dict['allow_shared_key_access'] = self.allow_shared_key_access
if not self.check_mode:
try:
parameters = self.storage_models.StorageAccountUpdateParameters(allow_shared_key_access=self.allow_shared_key_access)
self.storage_client.storage_accounts.update(self.resource_group,
self.name,
parameters)
except Exception as exc:
self.fail("Failed to update allow shared key access: {0}".format(str(exc)))

if self.allow_cross_tenant_replication is not None and self.allow_cross_tenant_replication != self.account_dict.get('allow_cross_tenant_replication'):
self.results['changed'] = True
self.account_dict['allow_cross_tenant_replication'] = self.allow_cross_tenant_replication
if not self.check_mode:
try:
parameters = self.storage_models.StorageAccountUpdateParameters(allow_cross_tenant_replication=self.allow_cross_tenant_replication)
self.storage_client.storage_accounts.update(self.resource_group,
self.name,
parameters)
except Exception as exc:
self.fail("Failed to update allow cross tenant replication: {0}".format(str(exc)))

if self.default_to_o_auth_authentication is not None and \
self.default_to_o_auth_authentication != self.account_dict.get('default_to_o_auth_authentication'):
self.results['changed'] = True
self.account_dict['default_to_o_auth_authentication'] = self.default_to_o_auth_authentication
if not self.check_mode:
try:
parameters = self.storage_models.StorageAccountUpdateParameters(default_to_o_auth_authentication=self.default_to_o_auth_authentication)
self.storage_client.storage_accounts.update(self.resource_group,
self.name,
parameters)
except Exception as exc:
self.fail("Failed to update default_to_o_auth_authentication: {0}".format(str(exc)))

if self.account_type:
if self.account_type != self.account_dict['sku_name']:
# change the account type
Expand Down Expand Up @@ -1258,6 +1338,9 @@ def create_account(self):
is_hns_enabled=self.is_hns_enabled,
enable_nfs_v3=self.enable_nfs_v3,
large_file_shares_state=self.large_file_shares_state,
default_to_o_auth_authentication=self.default_to_o_auth_authentication,
allow_cross_tenant_replication=self.allow_cross_tenant_replication,
allow_shared_key_access=self.allow_shared_key_access,
tags=dict()
)
if self.tags:
Expand Down Expand Up @@ -1285,6 +1368,9 @@ def create_account(self):
is_hns_enabled=self.is_hns_enabled,
enable_nfs_v3=self.enable_nfs_v3,
access_tier=self.access_tier,
allow_shared_key_access=self.allow_shared_key_access,
default_to_o_auth_authentication=self.default_to_o_auth_authentication,
allow_cross_tenant_replication=self.allow_cross_tenant_replication,
large_file_shares_state=self.large_file_shares_state)
self.log(str(parameters))
try:
Expand Down
22 changes: 22 additions & 0 deletions plugins/modules/azure_rm_storageaccount_info.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,25 @@
returned: always
type: str
sample: Standard_ZRS
allow_cross_tenant_replication:
description:
- Allow or disallow cross AAD tenant object replication.
type: bool
returned: always
sample: true
allow_shared_key_access:
description:
- Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key.
type: bool
returned: always
sample: true
default_to_o_auth_authentication:
description:
- A boolean flag which indicates whether the default authentication is OAuth or not.
- The default interpretation is false for this property.
type: bool
returned: always
sample: true
custom_domain:
description:
- User domain assigned to the storage account.
Expand Down Expand Up @@ -688,6 +707,9 @@ def account_obj_to_dict(self, account_obj):
is_hns_enabled=account_obj.is_hns_enabled if account_obj.is_hns_enabled else False,
large_file_shares_state=account_obj.large_file_shares_state,
enable_nfs_v3=account_obj.enable_nfs_v3 if hasattr(account_obj, 'enable_nfs_v3') else None,
allow_cross_tenant_replication=account_obj.allow_cross_tenant_replication,
allow_shared_key_access=account_obj.allow_shared_key_access,
default_to_o_auth_authentication=account_obj.default_to_o_auth_authentication,
static_website=dict(
enabled=False,
index_document=None,
Expand Down
62 changes: 62 additions & 0 deletions tests/integration/targets/azure_rm_storageaccount/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -578,6 +578,67 @@
- not output.storageaccounts[0].encryption.require_infrastructure_encryption
- output.storageaccounts[0].encryption.services | length == 2

- name: Create a storage account with allow_shared_key_access
azure_rm_storageaccount:
resource_group: "{{ resource_group }}"
name: "{{ storage_account_name_default }}07"
account_type: Standard_LRS
kind: StorageV2
allow_shared_key_access: true
default_to_o_auth_authentication: true
allow_cross_tenant_replication: true
register: output

- name: Assert storage account is well created
ansible.builtin.assert:
that:
- output.changed

- name: Create a storage account with allow_shared_key_access(Idempotent test)
azure_rm_storageaccount:
resource_group: "{{ resource_group }}"
name: "{{ storage_account_name_default }}07"
account_type: Standard_LRS
kind: StorageV2
allow_shared_key_access: true
default_to_o_auth_authentication: true
allow_cross_tenant_replication: true
register: output

- name: Assert storage account no changed
ansible.builtin.assert:
that:
- not output.changed

- name: Update the storage account
azure_rm_storageaccount:
resource_group: "{{ resource_group }}"
name: "{{ storage_account_name_default }}07"
account_type: Standard_LRS
kind: StorageV2
allow_shared_key_access: false
default_to_o_auth_authentication: false
allow_cross_tenant_replication: false
register: output

- name: Assert storage account is well updated
ansible.builtin.assert:
that:
- output.changed

- name: Get the storage accounts facts
azure_rm_storageaccount_info:
resource_group: "{{ resource_group }}"
name: "{{ storage_account_name_default }}07"
register: output

- name: Assert the storage accounts facts
ansible.builtin.assert:
that:
- output.storageaccounts[0].allow_cross_tenant_replication == false
- output.storageaccounts[0].allow_shared_key_access == false
- output.storageaccounts[0].default_to_o_auth_authentication == false

- name: List storage accounts by resource group.
azure_rm_storageaccount_info:
resource_group: "{{ resource_group }}"
Expand All @@ -602,3 +663,4 @@
- "{{ storage_account_name_default }}04"
- "{{ storage_account_name_default }}05"
- "{{ storage_account_name_default }}06"
- "{{ storage_account_name_default }}07"

0 comments on commit c090594

Please sign in to comment.