hashicorp · Kiliandeca · Jan 8, 2025
@@ -69,32 +69,72 @@ func dataSourceStorageAccountBlobContainerSharedAccessSignature() *pluginsdk.Res
 					Schema: map[string]*pluginsdk.Schema{
 						"read": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"add": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"create": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"write": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"delete": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
+						},
+
+						"delete_version": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
 						},
 
 						"list": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
+						},
+
+						"tags": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+						},
+
+						"find": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+						},
+
+						"move": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+						},
+
+						"execute": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+						},
+
+						"ownership": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+						},
+
+						"permissions": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+						},
+
+						"set_immutability_policy": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
 						},
 					},
 				},
@@ -184,30 +224,32 @@ func dataSourceStorageContainerSasRead(d *pluginsdk.ResourceData, _ interface{})
 }
 
 func BuildContainerPermissionsString(perms map[string]interface{}) string {
-	retVal := ""
-
-	if val, pres := perms["read"].(bool); pres && val {
-		retVal += "r"
+	orderedPermissions := []struct {
+		name   string
+		letter string
+	}{
+		{"read", "r"},
+		{"add", "a"},
+		{"create", "c"},
+		{"write", "w"},
+		{"delete", "d"},
+		{"delete_version", "x"},
+		{"list", "l"},
+		{"tags", "t"},
+		{"find", "f"},
+		{"move", "m"},
+		{"execute", "e"},
+		{"ownership", "o"},
+		{"permissions", "p"},
+		{"set_immutability_policy", "i"},
 	}
 
-	if val, pres := perms["add"].(bool); pres && val {
-		retVal += "a"
-	}
-
-	if val, pres := perms["create"].(bool); pres && val {
-		retVal += "c"
-	}
-
-	if val, pres := perms["write"].(bool); pres && val {
-		retVal += "w"
-	}
-
-	if val, pres := perms["delete"].(bool); pres && val {
-		retVal += "d"
-	}
+	retVal := ""
 
-	if val, pres := perms["list"].(bool); pres && val {
-		retVal += "l"
+	for _, perm := range orderedPermissions {
+		if val, pres := perms[perm.name].(bool); pres && val {
+			retVal += perm.letter
+		}
 	}
 
 	return retVal

@@ -35,7 +35,55 @@ func TestAccDataSourceStorageAccountBlobContainerSas_basic(t *testing.T) {
 				check.That(data.ResourceName).Key("permissions.0.create").HasValue("false"),
 				check.That(data.ResourceName).Key("permissions.0.write").HasValue("false"),
 				check.That(data.ResourceName).Key("permissions.0.delete").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.delete_version").HasValue("true"),
 				check.That(data.ResourceName).Key("permissions.0.list").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.tags").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.find").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.move").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.execute").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.ownership").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.permissions").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.set_immutability_policy").HasValue("true"),
+				check.That(data.ResourceName).Key("cache_control").HasValue("max-age=5"),
+				check.That(data.ResourceName).Key("content_disposition").HasValue("inline"),
+				check.That(data.ResourceName).Key("content_encoding").HasValue("deflate"),
+				check.That(data.ResourceName).Key("content_language").HasValue("en-US"),
+				check.That(data.ResourceName).Key("content_type").HasValue("application/json"),
+				check.That(data.ResourceName).Key("sas").Exists(),
+			),
+		},
+	})
+}
+
+func TestAccDataSourceStorageAccountBlobContainerSas_partial(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_storage_account_blob_container_sas", "test")
+	utcNow := time.Now().UTC()
+	startDate := utcNow.Format(time.RFC3339)
+	endDate := utcNow.Add(time.Hour * 24).Format(time.RFC3339)
+
+	data.DataSourceTest(t, []acceptance.TestStep{
+		{
+			Config: StorageAccountBlobContainerSASDataSource{}.partial(data, startDate, endDate),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("https_only").HasValue("true"),
+				check.That(data.ResourceName).Key("start").HasValue(startDate),
+				check.That(data.ResourceName).Key("expiry").HasValue(endDate),
+				check.That(data.ResourceName).Key("ip_address").HasValue("168.1.5.65"),
+				check.That(data.ResourceName).Key("permissions.#").HasValue("1"),
+				check.That(data.ResourceName).Key("permissions.0.read").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.add").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.create").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.write").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.delete").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.delete_version").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.list").HasValue("true"),
+				check.That(data.ResourceName).Key("permissions.0.tags").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.find").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.move").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.execute").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.ownership").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.permissions").HasValue("false"),
+				check.That(data.ResourceName).Key("permissions.0.set_immutability_policy").HasValue("false"),
 				check.That(data.ResourceName).Key("cache_control").HasValue("max-age=5"),
 				check.That(data.ResourceName).Key("content_disposition").HasValue("inline"),
 				check.That(data.ResourceName).Key("content_encoding").HasValue("deflate"),
@@ -84,12 +132,74 @@ data "azurerm_storage_account_blob_container_sas" "test" {
   expiry = "%s"
 
   permissions {
-    read   = true
-    add    = true
-    create = false
-    write  = false
-    delete = true
-    list   = true
+    read   				 					= true
+    add    				 					= true
+    create 				 					= false
+    write  				 					= false
+    delete 				 					= true
+		delete_version 					= true
+    list   									= true
+		tags   									= true
+		find   									= true
+		move   									= false
+		execute 								= false
+		ownership 							= true
+		permissions 						= true
+		set_immutability_policy = true
+  }
+
+  cache_control       = "max-age=5"
+  content_disposition = "inline"
+  content_encoding    = "deflate"
+  content_language    = "en-US"
+  content_type        = "application/json"
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomString, startDate, endDate)
+}
+
+func (d StorageAccountBlobContainerSASDataSource) partial(data acceptance.TestData, startDate string, endDate string) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "rg" {
+  name     = "acctestRG-storage-%d"
+  location = "%s"
+}
+
+resource "azurerm_storage_account" "storage" {
+  name                = "acctestsads%s"
+  resource_group_name = azurerm_resource_group.rg.name
+
+  location                 = azurerm_resource_group.rg.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}
+
+resource "azurerm_storage_container" "container" {
+  name                  = "sas-test"
+  storage_account_name  = azurerm_storage_account.storage.name
+  container_access_type = "private"
+}
+
+data "azurerm_storage_account_blob_container_sas" "test" {
+  connection_string = azurerm_storage_account.storage.primary_connection_string
+  container_name    = azurerm_storage_container.container.name
+  https_only        = true
+
+  ip_address = "168.1.5.65"
+
+  start  = "%s"
+  expiry = "%s"
+
+  permissions {
+    read   				 					= true
+    add    				 					= true
+    create 				 					= false
+    write  				 					= false
+    delete 				 					= true
+    list   									= true
   }
 
   cache_control       = "max-age=5"
@@ -113,6 +223,8 @@ func TestAccDataSourceStorageAccountBlobContainerSas_permissionsString(t *testin
 		{map[string]interface{}{"delete": true}, "d"},
 		{map[string]interface{}{"list": true}, "l"},
 		{map[string]interface{}{"add": true, "write": true, "read": true, "delete": true}, "rawd"},
+		{map[string]interface{}{"add": true, "write": false, "read": true, "delete": false}, "ra"},
+		{map[string]interface{}{"add": true, "write": true, "read": true, "delete": true, "delete_version": true, "list": true, "tags": true, "find": true, "move": true, "execute": true, "ownership": true, "permissions": true, "set_immutability_policy": true}, "rawdxltfmeopi"},
 	}
 
 	for _, test := range testCases {

@@ -133,52 +133,52 @@ func dataSourceStorageAccountSharedAccessSignature() *pluginsdk.Resource {
 					Schema: map[string]*pluginsdk.Schema{
 						"read": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"write": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"delete": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"list": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"add": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"create": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"update": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"process": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"tag": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 
 						"filter": {
 							Type:     pluginsdk.TypeBool,
-							Required: true,
+							Optional: true,
 						},
 					},
 				},

@@ -98,17 +98,21 @@ output "sas_url_query_string" {
 
 A `permissions` block contains:
 
-* `read` - Should Read permissions be enabled for this SAS?
+* `read` - (Optional) Should Read permissions be enabled for this SAS?
+* `add` - (Optional) Should Add permissions be enabled for this SAS?
+* `create` - (Optional) Should Create permissions be enabled for this SAS?
+* `write` - (Optional) Should Write permissions be enabled for this SAS?
+* `delete` - (Optional) Should Delete permissions be enabled for this SAS?
+* `delete_version` - (Optional) Should Delete version permissions be enabled for this SAS?
+* `list` - (Optional) Should List permissions be enabled for this SAS?
+* `tags` - (Optional) Should Tags permissions be enabled for this SAS?
+* `find` - (Optional) Should Find permissions be enabled for this SAS?
+* `move` - (Optional) Should Move permissions be enabled for this SAS?
+* `execute` - (Optional) Should Execute permissions be enabled for this SAS?
+* `ownership` - (Optional) Should Ownership permissions be enabled for this SAS?
+* `permissions` - (Optional) Should Permissions permissions be enabled for this SAS?
+* `set_immutability_policy` - (Optional) Should Set Immutability Policy permissions be enabled for this SAS?
 
-* `add` - Should Add permissions be enabled for this SAS?
-
-* `create` - Should Create permissions be enabled for this SAS?
-
-* `write` - Should Write permissions be enabled for this SAS?
-
-* `delete` - Should Delete permissions be enabled for this SAS?
-
-* `list` - Should List permissions be enabled for this SAS?
 
 Refer to the [SAS creation reference from Azure](https://docs.microsoft.com/rest/api/storageservices/create-service-sas)
 for additional details on the fields above.