Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for immutable_storage_with_versioning #1802

Open
wants to merge 3 commits into
base: dev
Choose a base branch
from
Open

Add support for immutable_storage_with_versioning #1802

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e2da1ed
Add support for immutable_storage_with_versioning
Fred-sun Jan 10, 2025
3df3880
Fix sanity error
Fred-sun Jan 10, 2025
8f3775b
Fix sanity error 02
Fred-sun Jan 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
107 changes: 107 additions & 0 deletions plugins/modules/azure_rm_storageaccount.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -324,6 +324,43 @@
description:
- A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
type: bool
immutable_storage_with_versioning:
description:
- The property is immutable and can only be set to true at the account creation time.
- When set to true, it enables object level immutability for all the containers in the account by default.
type: dict
suboptions:
enabled:
description:
- A boolean flag which enables account-level immutability.
- All the containers under such an account have object-level immutability enabled by default.
type: bool
immutability_policy:
description:
- Specifies the default account-level immutability policy which is inherited and
applied to objects that do not possess an explicit immutability policy at the object level.
- The object-level immutability policy has higher precedence than the container-level immutability policy,
which has a higher precedence than the account-level immutability policy.
type: dict
suboptions:
allow_protected_append_writes:
description:
- This property can only be changed for C(disabled) and C(unlocked) time-based retention policies.
- When C(enabled), new blocks can be written to an append blob while maintaining immutability protection and compliance.
- Only new blocks can be added and any existing blocks cannot be modified or deleted.
type: bool
state:
description:
- The ImmutabilityPolicy state defines the mode of the policy.
type: str
choices:
- Unlocked
- Locked
- Disabled
immutability_period_since_creation_in_days:
description:
- The immutability period for the blobs in the container since the policy creation, in days.
type: int

extends_documentation_fragment:
- azure.azcollection.azure
Expand Down Expand Up @@ -518,6 +555,49 @@
type: bool
returned: always
sample: true
immutable_storage_with_versioning:
description:
- The property is immutable and can only be set to true at the account creation time.
- When set to true, it enables object level immutability for all the containers in the account by default.
type: complex
returned: when-used
contains:
enabled:
description:
- A boolean flag which enables account-level immutability.
- All the containers under such an account have object-level immutability enabled by default.
type: bool
returned: when-used
sample: true
immutability_policy:
description:
- Specifies the default account-level immutability policy which is inherited and
applied to objects that do not possess an explicit immutability policy at the object level.
- The object-level immutability policy has higher precedence than the container-level immutability policy,
which has a higher precedence than the account-level immutability policy.
type: dict
returned: when-used
contains:
allow_protected_append_writes:
description:
- This property can only be changed for disabled and unlocked time-based retention policies.
- When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance.
- Only new blocks can be added and any existing blocks cannot be modified or deleted.
type: bool
returned: when-used
sample: true
state:
description:
- The ImmutabilityPolicy state defines the mode of the policy.
type: str
returned: when-used
sample: Unlocked
immutability_period_since_creation_in_days:
description:
- The immutability period for the blobs in the container since the policy creation, in days.
type: int
returned: when-used
sample: true
enable_nfs_v3:
description:
- NFS 3.0 protocol.
Expand Down Expand Up @@ -824,6 +904,20 @@ def __init__(self):
type="dict",
options=self.managed_identity_single_spec
),
immutable_storage_with_versioning=dict(
type='dict',
options=dict(
enabled=dict(type='bool'),
immutability_policy=dict(
type='dict',
options=dict(
immutability_period_since_creation_in_days=dict(type='int'),
state=dict(type='str', choices=['Unlocked', 'Locked', 'Disabled']),
allow_protected_append_writes=dict(type='bool')
)
)
)
)
)

self.results = dict(
Expand Down Expand Up @@ -859,6 +953,7 @@ def __init__(self):
self._managed_identity = None
self.identity = None
self.update_identity = False
self.immutable_storage_with_versioning = None

super(AzureRMStorageAccount, self).__init__(self.module_arg_spec,
supports_check_mode=True)
Expand Down Expand Up @@ -990,6 +1085,7 @@ def account_obj_to_dict(self, account_obj, blob_mgmt_props=None, blob_client_pro
index_document=None,
error_document404_path=None,
),
immutable_storage_with_versioning=account_obj.immutable_storage_with_versioning.as_dict() if account_obj.immutable_storage_with_versioning else None
)
account_dict['custom_domain'] = None
if account_obj.custom_domain:
Expand Down Expand Up @@ -1322,6 +1418,15 @@ def update_account(self):
except Exception as exc:
self.fail("Failed to update tags: {0}".format(str(exc)))

if not self.default_compare({}, self.immutable_storage_with_versioning, self.account_dict['immutable_storage_with_versioning'], '', dict(compare=[])):
self.results['changed'] = True
if not self.check_mode:
parameters = self.storage_models.StorageAccountUpdateParameters(immutable_storage_with_versioning=self.immutable_storage_with_versioning)
try:
self.storage_client.storage_accounts.update(self.resource_group, self.name, parameters)
except Exception as exc:
self.fail("Failed to update immutable_storage_with_versioning: {0}".format(str(exc)))

if self.blob_cors and not compare_cors(self.account_dict.get('blob_cors', []), self.blob_cors):
self.results['changed'] = True
if not self.check_mode:
Expand Down Expand Up @@ -1389,6 +1494,7 @@ def create_account(self):
allow_cross_tenant_replication=self.allow_cross_tenant_replication,
allow_shared_key_access=self.allow_shared_key_access,
identity=self.identity,
immutable_storage_with_versioning=self.immutable_storage_with_versioning,
tags=dict()
)
if self.tags:
Expand Down Expand Up @@ -1420,6 +1526,7 @@ def create_account(self):
allow_shared_key_access=self.allow_shared_key_access,
default_to_o_auth_authentication=self.default_to_o_auth_authentication,
allow_cross_tenant_replication=self.allow_cross_tenant_replication,
immutable_storage_with_versioning=self.immutable_storage_with_versioning,
large_file_shares_state=self.large_file_shares_state)
self.log(str(parameters))
try:
Expand Down
44 changes: 44 additions & 0 deletions plugins/modules/azure_rm_storageaccount_info.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,49 @@
type: bool
returned: always
sample: true
immutable_storage_with_versioning:
description:
- The property is immutable and can only be set to true at the account creation time.
- When set to true, it enables object level immutability for all the containers in the account by default.
type: complex
returned: when-used
contains:
enabled:
description:
- A boolean flag which enables account-level immutability.
- All the containers under such an account have object-level immutability enabled by default.
type: bool
returned: when-used
sample: true
immutability_policy:
description:
- Specifies the default account-level immutability policy which is inherited and
applied to objects that do not possess an explicit immutability policy at the object level.
- The object-level immutability policy has higher precedence than the container-level immutability policy,
which has a higher precedence than the account-level immutability policy.
type: dict
returned: when-used
contains:
allow_protected_append_writes:
description:
- This property can only be changed for disabled and unlocked time-based retention policies.
- When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance.
- Only new blocks can be added and any existing blocks cannot be modified or deleted.
type: bool
returned: when-used
sample: true
state:
description:
- The ImmutabilityPolicy state defines the mode of the policy.
type: str
returned: when-used
sample: Unlocked
immutability_period_since_creation_in_days:
description:
- The immutability period for the blobs in the container since the policy creation, in days.
type: int
returned: when-used
sample: true
enable_nfs_v3:
description:
- NFS 3.0 protocol.
Expand Down Expand Up @@ -715,6 +758,7 @@ def account_obj_to_dict(self, account_obj):
index_document=None,
error_document404_path=None,
),
immutable_storage_with_versioning=account_obj.immutable_storage_with_versioning.as_dict() if account_obj.immutable_storage_with_versioning else None
)

account_dict['geo_replication_stats'] = None
Expand Down
73 changes: 73 additions & 0 deletions tests/integration/targets/azure_rm_storageaccount/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@
- "{{ storage_account_name_default }}03"
- "{{ storage_account_name_default }}04"
- "{{ storage_account_name_default }}06"
- "{{ storage_account_name_default }}07"
- "{{ storage_account_name_default }}08"

- name: Create new storage account with defaults (omitted parameters)
azure_rm_storageaccount:
Expand Down Expand Up @@ -182,6 +184,76 @@
- output.storageaccounts[0].is_hns_enabled == true
- output.storageaccounts[0].large_file_shares_state == 'Enabled'

- name: Create new storage account with immutable_storage_with_versioning
azure_rm_storageaccount:
resource_group: "{{ resource_group }}"
name: "{{ storage_account_name_default }}08"
account_type: Standard_GRS
kind: StorageV2
immutable_storage_with_versioning:
enabled: true
immutability_policy:
immutability_period_since_creation_in_days: 10
state: Disabled
allow_protected_append_writes: false
register: output

- name: Assert the storage account well created
ansible.builtin.assert:
that:
- output.changed

- name: Create new storage account with immutable_storage_with_versioning(Idempotent test)
azure_rm_storageaccount:
resource_group: "{{ resource_group }}"
name: "{{ storage_account_name_default }}08"
account_type: Standard_GRS
kind: StorageV2
immutable_storage_with_versioning:
enabled: true
immutability_policy:
immutability_period_since_creation_in_days: 10
state: Disabled
allow_protected_append_writes: false
register: output

- name: Assert the storage account no change
ansible.builtin.assert:
that:
- not output.changed

- name: Update the storage account with immutable_storage_with_versioning
azure_rm_storageaccount:
resource_group: "{{ resource_group }}"
name: "{{ storage_account_name_default }}08"
account_type: Standard_GRS
kind: StorageV2
immutable_storage_with_versioning:
enabled: true
immutability_policy:
immutability_period_since_creation_in_days: 20
state: Unlocked
allow_protected_append_writes: true
register: output

- name: Assert the storage account well updated
ansible.builtin.assert:
that:
- output.changed

- name: Gather facts of storage account
azure_rm_storageaccount_info:
resource_group: "{{ resource_group }}"
name: "{{ storage_account_name_default }}08"
register: output

- name: Assert the storage account facts
ansible.builtin.assert:
that:
- output.storageaccounts[0].immutable_storage_with_versioning.enabled is true
- output.storageaccounts[0].immutable_storage_with_versioning.immutability_policy.allow_protected_append_writes is true
- output.storageaccounts[0].immutable_storage_with_versioning.immutability_policy.state == 'Unlocked'

- name: Create storage account with static website enabled
azure_rm_storageaccount:
resource_group: "{{ resource_group }}"
Expand Down Expand Up @@ -741,6 +813,7 @@
- "{{ storage_account_name_default }}05"
- "{{ storage_account_name_default }}06"
- "{{ storage_account_name_default }}07"
- "{{ storage_account_name_default }}08"

- name: Delete user managed identities
ansible.builtin.include_tasks: "{{ role_path }}/../../../integration_common_tasks/managed_identity.yml"
Expand Down