Terraform-provider-azurerm: Create a storage_account_network_rules resource
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Create a azurerm_storage_account_network_rules resource so they can be managed separately from the azurerm_storage_account resource.
New or Affected Resource(s)
- azurerm_storage_account_network_rules
- azurerm_storage_account
Potential Terraform Configuration
resource "azurerm_storage_account_network_rules" "network_rules" {
name = "network_rules
storage_account = "${azurerm_storage_account.storage_account.id}"
bypass = "None"
ip_rules = "${var.myip}"
virtual_network_subnet_ids = ["${var.my_vnet_list}"]
}
References
MattMencel
All 8 comments
we were looking into this (or similar) recently at work -- is what this is proposing effectively different than https://www.terraform.io/docs/providers/azurerm/r/storage_account.html#network_rules ?
lawrenae
on 26 Jun 2019
I'm proposing a separate resource if possible. Similar to the way it works with azurerm_sql_firewall_rule. I've got a customer that would like to manage the network_rules outside of the storage_account resource. There's not a separate API for network_rules like there is for the sql firewall rules though.... so I'm hoping there's another way to make it work.
MattMencel
on 26 Jun 2019
This functionality is very much needed, thanks for reporting and opening up a PR @MattMencel.
evenh
on 5 Jul 2019
See #4186 for an example of why this is needed. Currently, a storage account can't be created that allows access from the IPs from a Function App without creating a circular reference that Terraform can't resolve. Something similar would happen with any resource that can't be attached to a specific pre-existing virtual network or IP resource.
derekrprice
on 29 Aug 2019
Not sure if this affects your work but please take note of:
https://github.com/terraform-providers/terraform-provider-azurerm/issues/4574
Just a FYI
geertn
on 7 Nov 2019
Fixed via #5082
tombuildsstuff
on 6 Dec 2019
This has been released in version 1.38.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:
provider "azurerm" {
version = "~> 1.38.0"
}
# ... other configuration ...
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 7 Dec 2019
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
hashibot[bot]
on 6 Jan 2020
Related issues
bentterp
·
3Comments
jansepke
·
3Comments
alant94
·
3Comments
MMollyy
·
3Comments
sam-cogan
·
3Comments
Most helpful comment
I'm proposing a separate resource if possible. Similar to the way it works with
azurerm_sql_firewall_rule. I've got a customer that would like to manage the network_rules outside of the storage_account resource. There's not a separate API fornetwork_ruleslike there is for the sql firewall rules though.... so I'm hoping there's another way to make it work.