azurerm_storage_account: add permanent_delete_enabled

Add `permanent_delete_enabled` to blob properties delete retention policy. Took over hashicorp#22109 Fixes hashicorp#21830
favoretti · Apr 27, 2024 · 6b8c54a · 6b8c54a
1 parent 6440011
commit 6b8c54a
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 3 deletions.
diff --git a/internal/services/storage/storage_account_resource.go b/internal/services/storage/storage_account_resource.go
@@ -489,6 +489,11 @@ func resourceStorageAccount() *pluginsdk.Resource {
 										Default:      7,
 										ValidateFunc: validation.IntBetween(1, 365),
 									},
+									"permanent_delete_enabled": {
+										Type:     pluginsdk.TypeBool,
+										Optional: true,
+										Default:  false,
+									},
 								},
 							},
 						},
@@ -1932,6 +1937,20 @@ func resourceStorageAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) e
 			return fmt.Errorf("`versioning_enabled` can't be true when `is_hns_enabled` is true")
 		}
 
+		// Disable restore_policy first. Disabling restore_policy and while setting delete_retention_policy.allow_permanent_delete to true cause error.
+		// Issue : https://github.com/Azure/azure-rest-api-specs/issues/11237
+		if v := d.Get("blob_properties.0.restore_policy"); d.HasChange("blob_properties.0.restore_policy") && len(v.([]interface{})) == 0 {
+			log.Print("[DEBUG] Disabling RestorePolicy prior to changing DeleteRetentionPolicy")
+			props := storage.BlobServiceProperties{
+				BlobServicePropertiesProperties: &storage.BlobServicePropertiesProperties{
+					RestorePolicy: expandBlobPropertiesRestorePolicy(v.([]interface{})),
+				},
+			}
+			if _, err := blobClient.SetServiceProperties(ctx, id.ResourceGroupName, id.StorageAccountName, props); err != nil {
+				return fmt.Errorf("updating Azure Storage Account blob restore policy %q: %+v", id.StorageAccountName, err)
+			}
+		}
+
 		if d.Get("dns_endpoint_type").(string) == string(storage.DNSEndpointTypeAzureDNSZone) {
 			if blobProperties.RestorePolicy != nil && blobProperties.RestorePolicy.Enabled != nil && *blobProperties.RestorePolicy.Enabled {
 				// Otherwise, API returns: "Required feature Global Dns is disabled"
@@ -2862,8 +2881,9 @@ func expandBlobPropertiesDeleteRetentionPolicy(input []interface{}) *storage.Del
 	policy := input[0].(map[string]interface{})
 
 	return &storage.DeleteRetentionPolicy{
-		Enabled: utils.Bool(true),
-		Days:    utils.Int32(int32(policy["days"].(int))),
+		Enabled:              utils.Bool(true),
+		Days:                 utils.Int32(int32(policy["days"].(int))),
+		AllowPermanentDelete: utils.Bool(policy["permanent_delete_enabled"].(bool)),
 	}
 }
 
@@ -3419,8 +3439,14 @@ func flattenBlobPropertiesDeleteRetentionPolicy(input *storage.DeleteRetentionPo
 			days = int(*input.Days)
 		}
 
+		var permanentDeleteEnabled bool
+		if input.AllowPermanentDelete != nil {
+			permanentDeleteEnabled = *input.AllowPermanentDelete
+		}
+
 		deleteRetentionPolicy = append(deleteRetentionPolicy, map[string]interface{}{
-			"days": days,
+			"days":                     days,
+			"permanent_delete_enabled": permanentDeleteEnabled,
 		})
 	}
 

diff --git a/internal/services/storage/storage_account_resource_test.go b/internal/services/storage/storage_account_resource_test.go
@@ -658,6 +658,7 @@ func TestAccStorageAccount_blobProperties(t *testing.T) {
 				check.That(data.ResourceName).Key("blob_properties.0.delete_retention_policy.0.days").HasValue("7"),
 				check.That(data.ResourceName).Key("blob_properties.0.versioning_enabled").HasValue("false"),
 				check.That(data.ResourceName).Key("blob_properties.0.change_feed_enabled").HasValue("false"),
+				check.That(data.ResourceName).Key("blob_properties.0.delete_retention_policy.0.permanent_delete_enabled").HasValue("true"),
 			),
 		},
 		data.ImportStep(),
@@ -2778,6 +2779,7 @@ resource "azurerm_storage_account" "test" {
     }
 
     delete_retention_policy {
+      permanant_delete_enabled = true
     }
 
     container_delete_retention_policy {

diff --git a/website/docs/r/storage_account.html.markdown b/website/docs/r/storage_account.html.markdown
@@ -254,6 +254,10 @@ A `delete_retention_policy` block supports the following:
 
 * `days` - (Optional) Specifies the number of days that the blob should be retained, between `1` and `365` days. Defaults to `7`.
 
+* `permanent_delete_enabled` - (Optional) Indicates whether permanent deletion of the soft deleted blob versions and snapshots is allowed. Defaults to `false`.
+
+~> **NOTE:** `permanent_delete_enabled` cannot be set to true if a `restore_policy` block is defined.
+
 ---
 
 A `restore_policy` block supports the following: