data.azurerm_storage_account_sas/data.azurerm_storage_account_blob_container_sas - expand permissions block to include new fields

internal/services/storage/storage_account_blob_container_sas_data_source.go

@@ -63,38 +63,78 @@ func dataSourceStorageAccountBlobContainerSharedAccessSignature() *pluginsdk.Res
 
 			"permissions": {
 				Type:     pluginsdk.TypeList,
-				Required: true,
+				Optional: true,
 				MaxItems: 1,
 				Elem: &pluginsdk.Resource{
 					Schema: map[string]*pluginsdk.Schema{
 						"read": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"add": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"create": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"write": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"delete": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
+						},
+
+						"delete_version": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
 						},
 
 						"list": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
+						},
+
+						"tags": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+						},
+
+						"find": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+						},
+
+						"move": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+						},
+
+						"execute": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+						},
+
+						"ownership": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+						},
+
+						"permissions": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+						},
+
+						"set_immutability_policy": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
 						},
 					},
 				},
@@ -150,7 +190,10 @@ func dataSourceStorageContainerSasRead(d *pluginsdk.ResourceData, _ interface{})
 	contentLanguage := d.Get("content_language").(string)
 	contentType := d.Get("content_type").(string)
 
-	permissions := BuildContainerPermissionsString(permissionsIface[0].(map[string]interface{}))
+	permissions := ""
+	if len(permissionsIface) > 0 && permissionsIface[0] != nil {
+		permissions = BuildContainerPermissionsString(permissionsIface[0].(map[string]interface{}))
+	}
 
 	// Parse the connection string
 	kvp, err := storage.ParseAccountSASConnectionString(connString)
@@ -184,30 +227,32 @@ func dataSourceStorageContainerSasRead(d *pluginsdk.ResourceData, _ interface{})
 }
 
 func BuildContainerPermissionsString(perms map[string]interface{}) string {
-	retVal := ""
-
-	if val, pres := perms["read"].(bool); pres && val {
-		retVal += "r"
-	}
-
-	if val, pres := perms["add"].(bool); pres && val {
-		retVal += "a"
-	}
-
-	if val, pres := perms["create"].(bool); pres && val {
-		retVal += "c"
+	orderedPermissions := []struct {
+		name   string
+		letter string
+	}{
+		{"read", "r"},
+		{"add", "a"},
+		{"create", "c"},
+		{"write", "w"},
+		{"delete", "d"},
+		{"delete_version", "x"},
+		{"list", "l"},
+		{"tags", "t"},
+		{"find", "f"},
+		{"move", "m"},
+		{"execute", "e"},
+		{"ownership", "o"},
+		{"permissions", "p"},
+		{"set_immutability_policy", "i"},
 	}
 
-	if val, pres := perms["write"].(bool); pres && val {
-		retVal += "w"
-	}
-
-	if val, pres := perms["delete"].(bool); pres && val {
-		retVal += "d"
-	}
+	retVal := ""
 
-	if val, pres := perms["list"].(bool); pres && val {
-		retVal += "l"
+	for _, perm := range orderedPermissions {
+		if val, pres := perms[perm.name].(bool); pres && val {
+			retVal += perm.letter
+		}
 	}
 
 	return retVal

internal/services/storage/storage_account_blob_container_sas_data_source_test.go

@@ -35,7 +35,15 @@ func TestAccDataSourceStorageAccountBlobContainerSas_basic(t *testing.T) {
 				check.That(data.ResourceName).Key("permissions.0.create").HasValue("false"),
 				check.That(data.ResourceName).Key("permissions.0.write").HasValue("false"),
 				check.That(data.ResourceName).Key("permissions.0.delete").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.delete_version").HasValue("true"),
 				check.That(data.ResourceName).Key("permissions.0.list").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.tags").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.find").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.move").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.execute").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.ownership").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.permissions").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.set_immutability_policy").HasValue("true"),
 				check.That(data.ResourceName).Key("cache_control").HasValue("max-age=5"),
 				check.That(data.ResourceName).Key("content_disposition").HasValue("inline"),
 				check.That(data.ResourceName).Key("content_encoding").HasValue("deflate"),
@@ -47,6 +55,61 @@ func TestAccDataSourceStorageAccountBlobContainerSas_basic(t *testing.T) {
 	})
 }
 
+func TestAccDataSourceStorageAccountBlobContainerSas_partial(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_storage_account_blob_container_sas", "test")
+	utcNow := time.Now().UTC()
+	startDate := utcNow.Format(time.RFC3339)
+	endDate := utcNow.Add(time.Hour * 24).Format(time.RFC3339)
+
+	data.DataSourceTest(t, []acceptance.TestStep{
+		{
+			Config: StorageAccountBlobContainerSASDataSource{}.partial(data, startDate, endDate),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("https_only").HasValue("true"),
+				check.That(data.ResourceName).Key("start").HasValue(startDate),
+				check.That(data.ResourceName).Key("expiry").HasValue(endDate),
+				check.That(data.ResourceName).Key("ip_address").HasValue("168.1.5.65"),
+				check.That(data.ResourceName).Key("permissions.#").HasValue("1"),
+				check.That(data.ResourceName).Key("permissions.0.read").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.add").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.create").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.write").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.delete").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.delete_version").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.list").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.tags").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.find").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.move").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.execute").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.ownership").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.permissions").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.set_immutability_policy").HasValue("false"),
+				check.That(data.ResourceName).Key("cache_control").HasValue("max-age=5"),
+				check.That(data.ResourceName).Key("content_disposition").HasValue("inline"),
+				check.That(data.ResourceName).Key("content_encoding").HasValue("deflate"),
+				check.That(data.ResourceName).Key("content_language").HasValue("en-US"),
+				check.That(data.ResourceName).Key("content_type").HasValue("application/json"),
+				check.That(data.ResourceName).Key("sas").Exists(),
+			),
+		},
+	})
+}
+
+func TestAccDataSourceStorageAccountBlobContainerSas_noPermissions(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_storage_account_blob_container_sas", "test")
+	utcNow := time.Now().UTC()
+	startDate := utcNow.Format(time.RFC3339)
+	endDate := utcNow.Add(time.Hour * 24).Format(time.RFC3339)
+
+	data.DataSourceTest(t, []acceptance.TestStep{
+		{
+			Config: StorageAccountBlobContainerSASDataSource{}.noPermissions(data, startDate, endDate),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("sas").Exists()),
+		},
+	})
+}
+
 func (d StorageAccountBlobContainerSASDataSource) basic(data acceptance.TestData, startDate string, endDate string) string {
 	return fmt.Sprintf(`
 provider "azurerm" {
@@ -73,6 +136,68 @@ resource "azurerm_storage_container" "container" {
   container_access_type = "private"
 }
 
+data "azurerm_storage_account_blob_container_sas" "test" {
+  connection_string = azurerm_storage_account.storage.primary_connection_string
+  container_name    = azurerm_storage_container.container.name
+  https_only        = true
+
+  ip_address = "168.1.5.65"
+
+  start  = "%s"
+  expiry = "%s"
+
+  permissions {
+    read                    = true
+    add                     = true
+    create                  = false
+    write                   = false
+    delete                  = true
+    delete_version          = true
+    list                    = true
+    tags                    = true
+    find                    = true
+    move                    = false
+    execute                 = false
+    ownership               = true
+    permissions             = true
+    set_immutability_policy = true
+  }
+
+  cache_control       = "max-age=5"
+  content_disposition = "inline"
+  content_encoding    = "deflate"
+  content_language    = "en-US"
+  content_type        = "application/json"
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomString, startDate, endDate)
+}
+
+func (d StorageAccountBlobContainerSASDataSource) partial(data acceptance.TestData, startDate string, endDate string) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "rg" {
+  name     = "acctestRG-storage-%d"
+  location = "%s"
+}
+
+resource "azurerm_storage_account" "storage" {
+  name                = "acctestsads%s"
+  resource_group_name = azurerm_resource_group.rg.name
+
+  location                 = azurerm_resource_group.rg.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}
+
+resource "azurerm_storage_container" "container" {
+  name                  = "sas-test"
+  storage_account_name  = azurerm_storage_account.storage.name
+  container_access_type = "private"
+}
+
 data "azurerm_storage_account_blob_container_sas" "test" {
   connection_string = azurerm_storage_account.storage.primary_connection_string
   container_name    = azurerm_storage_container.container.name
@@ -101,6 +226,51 @@ data "azurerm_storage_account_blob_container_sas" "test" {
 `, data.RandomInteger, data.Locations.Primary, data.RandomString, startDate, endDate)
 }
 
+func (d StorageAccountBlobContainerSASDataSource) noPermissions(data acceptance.TestData, startDate string, endDate string) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "rg" {
+  name     = "acctestRG-storage-%d"
+  location = "%s"
+}
+
+resource "azurerm_storage_account" "storage" {
+  name                = "acctestsads%s"
+  resource_group_name = azurerm_resource_group.rg.name
+
+  location                 = azurerm_resource_group.rg.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}
+
+resource "azurerm_storage_container" "container" {
+  name                  = "sas-test"
+  storage_account_name  = azurerm_storage_account.storage.name
+  container_access_type = "private"
+}
+
+data "azurerm_storage_account_blob_container_sas" "test" {
+  connection_string = azurerm_storage_account.storage.primary_connection_string
+  container_name    = azurerm_storage_container.container.name
+  https_only        = true
+
+  ip_address = "168.1.5.65"
+
+  start  = "%s"
+  expiry = "%s"
+
+  cache_control       = "max-age=5"
+  content_disposition = "inline"
+  content_encoding    = "deflate"
+  content_language    = "en-US"
+  content_type        = "application/json"
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomString, startDate, endDate)
+}
+
 func TestAccDataSourceStorageAccountBlobContainerSas_permissionsString(t *testing.T) {
 	testCases := []struct {
 		input    map[string]interface{}
@@ -113,6 +283,8 @@ func TestAccDataSourceStorageAccountBlobContainerSas_permissionsString(t *testin
 		{map[string]interface{}{"delete": true}, "d"},
 		{map[string]interface{}{"list": true}, "l"},
 		{map[string]interface{}{"add": true, "write": true, "read": true, "delete": true}, "rawd"},
+		{map[string]interface{}{"add": true, "write": false, "read": true, "delete": false}, "ra"},
+		{map[string]interface{}{"add": true, "write": true, "read": true, "delete": true, "delete_version": true, "list": true, "tags": true, "find": true, "move": true, "execute": true, "ownership": true, "permissions": true, "set_immutability_policy": true}, "rawdxltfmeopi"},
 	}
 
 	for _, test := range testCases {