Skip to content

Commit

Permalink
feat: StorageAccount - Added allowed tier value, updated local user a…
Browse files Browse the repository at this point in the history
…uthorized key interface, added udts (#3645)

## Description

- Added tier 'Cold'
- Updated local user authorized key handling (secureList)
- Added udts for local user & sub-objects

Depends on microsoft/PSRule#2591 & Release
https://github.com/Azure/PSRule.Rules.Azure/milestone/127

Closes #3640
Closes #3629

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.res.storage.storage-account](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.storage.storage-account.yml/badge.svg?branch=users%2Falsehr%2FsaUpdates20241026)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.storage.storage-account.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [ ] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [x] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation
  • Loading branch information
AlexanderSehr authored Dec 12, 2024
1 parent 937f1c0 commit fb77b43
Show file tree
Hide file tree
Showing 18 changed files with 931 additions and 556 deletions.
137 changes: 126 additions & 11 deletions avm/res/storage/storage-account/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -603,7 +603,6 @@ module storageAccount 'br/public:avm/res/storage/storage-account:<version>' = {
service: 'blob'
}
]
storageAccountName: 'ssamax001'
}
]
location: '<location>'
Expand Down Expand Up @@ -1059,8 +1058,7 @@ module storageAccount 'br/public:avm/res/storage/storage-account:<version>' = {
"resourceName": "avdscripts",
"service": "blob"
}
],
"storageAccountName": "ssamax001"
]
}
]
},
Expand Down Expand Up @@ -1523,7 +1521,6 @@ param localUsers = [
service: 'blob'
}
]
storageAccountName: 'ssamax001'
}
]
param location = '<location>'
Expand Down Expand Up @@ -2431,7 +2428,6 @@ module storageAccount 'br/public:avm/res/storage/storage-account:<version>' = {
service: 'blob'
}
]
storageAccountName: 'ssawaf001'
}
]
location: '<location>'
Expand Down Expand Up @@ -2705,8 +2701,7 @@ module storageAccount 'br/public:avm/res/storage/storage-account:<version>' = {
"resourceName": "avdscripts",
"service": "blob"
}
],
"storageAccountName": "ssawaf001"
]
}
]
},
Expand Down Expand Up @@ -2983,7 +2978,6 @@ param localUsers = [
service: 'blob'
}
]
storageAccountName: 'ssawaf001'
}
]
param location = '<location>'
Expand Down Expand Up @@ -3202,6 +3196,7 @@ Required if the Storage Account kind is set to BlobStorage. The access tier is u
- Allowed:
```Bicep
[
'Cold'
'Cool'
'Hot'
'Premium'
Expand Down Expand Up @@ -3608,7 +3603,127 @@ Local users to deploy for SFTP authentication.

- Required: No
- Type: array
- Default: `[]`

**Required parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`hasSshKey`](#parameter-localusershassshkey) | bool | Indicates whether SSH key exists. Set it to false to remove existing SSH key. |
| [`hasSshPassword`](#parameter-localusershassshpassword) | bool | Indicates whether SSH password exists. Set it to false to remove existing SSH password. |
| [`name`](#parameter-localusersname) | string | The name of the local user used for SFTP Authentication. |
| [`permissionScopes`](#parameter-localuserspermissionscopes) | array | The permission scopes of the local user. |

**Optional parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`hasSharedKey`](#parameter-localusershassharedkey) | bool | Indicates whether shared key exists. Set it to false to remove existing shared key. |
| [`homeDirectory`](#parameter-localusershomedirectory) | string | The local user home directory. |
| [`sshAuthorizedKeys`](#parameter-localuserssshauthorizedkeys) | array | The local user SSH authorized keys for SFTP. |

### Parameter: `localUsers.hasSshKey`

Indicates whether SSH key exists. Set it to false to remove existing SSH key.

- Required: Yes
- Type: bool

### Parameter: `localUsers.hasSshPassword`

Indicates whether SSH password exists. Set it to false to remove existing SSH password.

- Required: Yes
- Type: bool

### Parameter: `localUsers.name`

The name of the local user used for SFTP Authentication.

- Required: Yes
- Type: string

### Parameter: `localUsers.permissionScopes`

The permission scopes of the local user.

- Required: Yes
- Type: array

**Required parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`permissions`](#parameter-localuserspermissionscopespermissions) | string | The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c). |
| [`resourceName`](#parameter-localuserspermissionscopesresourcename) | string | The name of resource, normally the container name or the file share name, used by the local user. |
| [`service`](#parameter-localuserspermissionscopesservice) | string | The service used by the local user, e.g. blob, file. |

### Parameter: `localUsers.permissionScopes.permissions`

The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c).

- Required: Yes
- Type: string

### Parameter: `localUsers.permissionScopes.resourceName`

The name of resource, normally the container name or the file share name, used by the local user.

- Required: Yes
- Type: string

### Parameter: `localUsers.permissionScopes.service`

The service used by the local user, e.g. blob, file.

- Required: Yes
- Type: string

### Parameter: `localUsers.hasSharedKey`

Indicates whether shared key exists. Set it to false to remove existing shared key.

- Required: No
- Type: bool

### Parameter: `localUsers.homeDirectory`

The local user home directory.

- Required: No
- Type: string

### Parameter: `localUsers.sshAuthorizedKeys`

The local user SSH authorized keys for SFTP.

- Required: No
- Type: array

**Required parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`key`](#parameter-localuserssshauthorizedkeyskey) | securestring | SSH public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB. |

**Optional parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`description`](#parameter-localuserssshauthorizedkeysdescription) | string | Description used to store the function/usage of the key. |

### Parameter: `localUsers.sshAuthorizedKeys.key`

SSH public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB.

- Required: Yes
- Type: securestring

### Parameter: `localUsers.sshAuthorizedKeys.description`

Description used to store the function/usage of the key.

- Required: No
- Type: string

### Parameter: `location`

Expand Down Expand Up @@ -4109,7 +4224,7 @@ Array of role assignments to create.
- `'Owner'`
- `'Private DNS Zone Contributor'`
- `'Reader'`
- `'Role Based Access Control Administrator (Preview)'`
- `'Role Based Access Control Administrator'`

**Required parameters**

Expand Down Expand Up @@ -4491,7 +4606,7 @@ This section gives you an overview of all local-referenced module files (i.e., o

| Reference | Type |
| :-- | :-- |
| `br/public:avm/res/network/private-endpoint:0.7.1` | Remote reference |
| `br/public:avm/res/network/private-endpoint:0.9.0` | Remote reference |
| `br/public:avm/utl/types/avm-common-types:0.2.1` | Remote reference |
| `br/public:avm/utl/types/avm-common-types:0.4.0` | Remote reference |

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "377117240673904242"
"version": "0.32.4.45862",
"templateHash": "13544771409253577128"
},
"name": "Storage Account Blob Container Immutability Policies",
"description": "This module deploys a Storage Account Blob Container Immutability Policy.",
Expand Down
21 changes: 7 additions & 14 deletions avm/res/storage/storage-account/blob-service/container/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "13866122608356514480"
"version": "0.32.4.45862",
"templateHash": "8294501714202659478"
},
"name": "Storage Account Blob Containers",
"description": "This module deploys a Storage Account Blob Container.",
Expand Down Expand Up @@ -218,10 +218,7 @@
"existing": true,
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2022-09-01",
"name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('blobServiceName'))]",
"dependsOn": [
"storageAccount"
]
"name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('blobServiceName'))]"
},
"storageAccount": {
"existing": true,
Expand All @@ -241,10 +238,7 @@
"immutableStorageWithVersioning": "[if(equals(parameters('immutableStorageWithVersioningEnabled'), true()), createObject('enabled', parameters('immutableStorageWithVersioningEnabled')), null())]",
"metadata": "[parameters('metadata')]",
"publicAccess": "[parameters('publicAccess')]"
},
"dependsOn": [
"storageAccount::blobServices"
]
}
},
"container_roleAssignments": {
"copy": {
Expand Down Expand Up @@ -301,8 +295,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "377117240673904242"
"version": "0.32.4.45862",
"templateHash": "13544771409253577128"
},
"name": "Storage Account Blob Container Immutability Policies",
"description": "This module deploys a Storage Account Blob Container Immutability Policy.",
Expand Down Expand Up @@ -382,8 +376,7 @@
}
},
"dependsOn": [
"container",
"storageAccount"
"container"
]
}
},
Expand Down
28 changes: 10 additions & 18 deletions avm/res/storage/storage-account/blob-service/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "13498928590492156888"
"version": "0.32.4.45862",
"templateHash": "17622492193190468017"
},
"name": "Storage Account blob Services",
"description": "This module deploys a Storage Account Blob Service.",
Expand Down Expand Up @@ -412,8 +412,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "13866122608356514480"
"version": "0.32.4.45862",
"templateHash": "8294501714202659478"
},
"name": "Storage Account Blob Containers",
"description": "This module deploys a Storage Account Blob Container.",
Expand Down Expand Up @@ -625,10 +625,7 @@
"existing": true,
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2022-09-01",
"name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('blobServiceName'))]",
"dependsOn": [
"storageAccount"
]
"name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('blobServiceName'))]"
},
"storageAccount": {
"existing": true,
Expand All @@ -648,10 +645,7 @@
"immutableStorageWithVersioning": "[if(equals(parameters('immutableStorageWithVersioningEnabled'), true()), createObject('enabled', parameters('immutableStorageWithVersioningEnabled')), null())]",
"metadata": "[parameters('metadata')]",
"publicAccess": "[parameters('publicAccess')]"
},
"dependsOn": [
"storageAccount::blobServices"
]
}
},
"container_roleAssignments": {
"copy": {
Expand Down Expand Up @@ -708,8 +702,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "377117240673904242"
"version": "0.32.4.45862",
"templateHash": "13544771409253577128"
},
"name": "Storage Account Blob Container Immutability Policies",
"description": "This module deploys a Storage Account Blob Container Immutability Policy.",
Expand Down Expand Up @@ -789,8 +783,7 @@
}
},
"dependsOn": [
"container",
"storageAccount"
"container"
]
}
},
Expand Down Expand Up @@ -820,8 +813,7 @@
}
},
"dependsOn": [
"blobServices",
"storageAccount"
"blobServices"
]
}
},
Expand Down
Loading

0 comments on commit fb77b43

Please sign in to comment.