Skip to content

Update Permission Details in Terraform #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 9, 2024
Merged

Update Permission Details in Terraform #101

merged 4 commits into from
Jan 9, 2024

Conversation

marvinbuss
Copy link
Contributor

@marvinbuss marvinbuss commented Jan 9, 2024
edited
Loading

Proposed changes:

  • Update Permission Details in Terraform
  • Add reference to docs for additional possible required role assignments
  • Add comments to storage account TF
  • Remove Storage lifecycle policy
  • Add comments to Function App config

@marvinbuss marvinbuss self-assigned this Jan 9, 2024
@marvinbuss marvinbuss added the enhancement New feature or request label Jan 9, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 9, 2024

Terraform Lint Results

  • Terraform Version 📎1.6.6
  • Working Directory 📂./code/infra
  • Terraform Format and Style 🖌success

marvinbuss
marvinbuss commented Jan 9, 2024
View reviewed changes
Copy link
Contributor Author

@marvinbuss marvinbuss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 9, 2024

Terraform Validation & Plan Results

  • Terraform Version 📎1.6.6
  • Working Directory 📂./code/infra
  • Terraform Initialization ⚙️success
  • Terraform Validation 🤖success
  • Terraform Plan 📖success
Show Plan 

terraform
�[0m�[1mazapi_resource.storage_file_share: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001/fileServices/default/shares/logicapp]�[0m
�[0m�[1mazurerm_resource_group.logging_rg: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-logging-rg]�[0m
�[0m�[1mazurerm_resource_group.app_rg: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg]�[0m
�[0m�[1mdata.azurerm_client_config.current: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_network_security_group.network_security_group: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_virtual_network.virtual_network: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_route_table.route_table: Reading...�[0m�[0m
�[0m�[1mazurerm_role_assignment.function_role_assignment_storage: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001/providers/Microsoft.Authorization/roleAssignments/2446da62-3d09-c496-34ee-7b8b00a79298]�[0m
�[0m�[1mazurerm_storage_management_policy.storage_management_policy: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001/managementPolicies/default]�[0m
�[0m�[1mdata.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD1iYWFhNzg4NS05MGQ5LTQ5YTYtYmZmMC1jMTJlYzczOGJmOWI7b2JqZWN0SWQ9ZTlmOGE5ZDUtMmI0ZC00ZDY1LTg1ZTMtZGNiNmVmNDk4OGJlO3N1YnNjcmlwdGlvbklkPThmMTcxZmY5LTJiNWItNGYwZi1hZWQ1LTdmYTM2MGExZDA5NDt0ZW5hbnRJZD0zNTU2YmU3OS0yOTc5LTRiMTktYTFhZi00ZGQ0ZTZkOWVkN2U=]�[0m
�[0m�[1mazurerm_service_plan.service_plan: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Web/serverfarms/myfunc-dev-asp001]�[0m
�[0m�[1mazurerm_log_analytics_workspace.log_analytics_workspace: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/myfunc-dev-log001]�[0m
�[0m�[1mazurerm_key_vault.key_vault: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.KeyVault/vaults/myfunc-dev-vault001]�[0m
�[0m�[1mdata.azurerm_network_security_group.network_security_group: Read complete after 0s [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/mycrp-prd-function-network-rg/providers/Microsoft.Network/networkSecurityGroups/mycrp-prd-function-nsg001]�[0m
�[0m�[1mazurerm_storage_account.storage: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001]�[0m
�[0m�[1mazurerm_monitor_private_link_scope.mpls: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-logging-rg/providers/Microsoft.Insights/privateLinkScopes/myfunc-dev-ampls001]�[0m
�[0m�[1mdata.azurerm_virtual_network.virtual_network: Read complete after 0s [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/mycrp-prd-function-network-rg/providers/Microsoft.Network/virtualNetworks/mycrp-prd-function-vnet001]�[0m
�[0m�[1mdata.azurerm_route_table.route_table: Read complete after 0s [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/mycrp-prd-function-network-rg/providers/Microsoft.Network/routeTables/mycrp-prd-function-rt001]�[0m
�[0m�[1mazapi_resource.subnet_function: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/mycrp-prd-function-network-rg/providers/Microsoft.Network/virtualNetworks/mycrp-prd-function-vnet001/subnets/FunctionSubnet]�[0m
�[0m�[1mdata.azurerm_monitor_diagnostic_categories.diagnostic_categories_service_plan: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_monitor_diagnostic_categories.diagnostic_categories_log_analytics_workspace: Reading...�[0m�[0m
�[0m�[1mazurerm_monitor_private_link_scoped_service.mpls_log_analytics_workspace: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-logging-rg/providers/Microsoft.Insights/privateLinkScopes/myfunc-dev-ampls001/scopedResources/ampls-myfunc-dev-log001]�[0m
�[0m�[1mazurerm_application_insights.application_insights: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-logging-rg/providers/Microsoft.Insights/components/myfunc-dev-appi001]�[0m
�[0m�[1mazapi_resource.subnet_services: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/mycrp-prd-function-network-rg/providers/Microsoft.Network/virtualNetworks/mycrp-prd-function-vnet001/subnets/PeSubnet]�[0m
�[0m�[1mdata.azurerm_monitor_diagnostic_categories.diagnostic_categories_log_analytics_workspace: Read complete after 0s [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/myfunc-dev-log001]�[0m
�[0m�[1mdata.azurerm_monitor_diagnostic_categories.diagnostic_categories_service_plan: Read complete after 0s [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Web/serverfarms/myfunc-dev-asp001]�[0m
�[0m�[1mazurerm_monitor_diagnostic_setting.diagnostic_setting_service_plan: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Web/serverfarms/myfunc-dev-asp001|logAnalytics]�[0m
�[0m�[1mazurerm_monitor_diagnostic_setting.diagnostic_setting_log_analytics_workspace: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/myfunc-dev-log001|logAnalytics]�[0m
�[0m�[1mazurerm_private_endpoint.mpls_private_endpoint: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-logging-rg/providers/Microsoft.Network/privateEndpoints/myfunc-dev-ampls001-pe]�[0m
�[0m�[1mdata.azurerm_monitor_diagnostic_categories.diagnostic_categories_key_vault: Reading...�[0m�[0m
�[0m�[1mazurerm_role_assignment.current_role_assignment_key_vault: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.KeyVault/vaults/myfunc-dev-vault001/providers/Microsoft.Authorization/roleAssignments/dd9b28fa-3515-5942-5840-235b31324faa]�[0m
�[0m�[1mazurerm_private_endpoint.key_vault_private_endpoint: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Network/privateEndpoints/myfunc-dev-vault001-pe]�[0m
�[0m�[1mdata.azurerm_monitor_diagnostic_categories.diagnostic_categories_key_vault: Read complete after 0s [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.KeyVault/vaults/myfunc-dev-vault001]�[0m
�[0m�[1mazurerm_monitor_diagnostic_setting.diagnostic_setting_key_vault: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.KeyVault/vaults/myfunc-dev-vault001|logAnalytics]�[0m
�[0m�[1mazurerm_private_endpoint.storage_private_endpoint_queue: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Network/privateEndpoints/myfuncdevstg001-queue-pe]�[0m
�[0m�[1mazurerm_private_endpoint.storage_private_endpoint_table: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Network/privateEndpoints/myfuncdevstg001-table-pe]�[0m
�[0m�[1mazurerm_monitor_diagnostic_setting.diagnostic_setting_storage: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001|logAnalytics]�[0m
�[0m�[1mazurerm_private_endpoint.storage_private_endpoint_blob: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Network/privateEndpoints/myfuncdevstg001-blob-pe]�[0m
�[0m�[1mazurerm_private_endpoint.storage_private_endpoint_file: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Network/privateEndpoints/myfuncdevstg001-file-pe]�[0m
�[0m�[1mazurerm_key_vault_secret.key_vault_secret_sample: Refreshing state... [id=https://myfunc-dev-vault001.vault.azure.net/secrets/MySampleSecret/8d26cf0a93f84ed592bfdcf88e540043]�[0m
�[0m�[1mdata.azurerm_monitor_diagnostic_categories.diagnostic_categories_application_insights: Reading...�[0m�[0m
�[0m�[1mazurerm_monitor_private_link_scoped_service.mpls_application_insights: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-logging-rg/providers/Microsoft.Insights/privateLinkScopes/myfunc-dev-ampls001/scopedResources/ampls-myfunc-dev-appi001]�[0m
�[0m�[1mazapi_resource.function: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Web/sites/myfunc-dev-fctn001]�[0m
�[0m�[1mdata.azurerm_monitor_diagnostic_categories.diagnostic_categories_application_insights: Read complete after 0s [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-logging-rg/providers/Microsoft.Insights/components/myfunc-dev-appi001]�[0m
�[0m�[1mazurerm_monitor_diagnostic_setting.diagnostic_setting_application_insights: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-logging-rg/providers/Microsoft.Insights/components/myfunc-dev-appi001|logAnalytics]�[0m
�[0m�[1mazurerm_role_assignment.function_role_assignment_key_vault: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.KeyVault/vaults/myfunc-dev-vault001/providers/Microsoft.Authorization/roleAssignments/d29c9d68-f762-450b-92e0-09ecf4d96b91]�[0m
�[0m�[1mazurerm_monitor_diagnostic_setting.diagnostic_setting_function: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Web/sites/myfunc-dev-fctn001|logAnalytics]�[0m
�[0m�[1mazurerm_private_endpoint.function_private_endpoint: Refreshing state... [id=/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Network/privateEndpoints/myfunc-dev-fctn001-pe]�[0m

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  �[32m+�[0m create�[0m
  �[33m~�[0m update in-place�[0m
  �[31m-�[0m destroy�[0m
 �[36m<=�[0m read (data resources)�[0m

Terraform will perform the following actions:

�[1m  # data.azurerm_monitor_diagnostic_categories.diagnostic_categories_function�[0m will be read during apply
  # (depends on a resource or a module with changes pending)
�[0m �[36m<=�[0m�[0m data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_function" {
      �[32m+�[0m�[0m id                  = (known after apply)
      �[32m+�[0m�[0m log_category_groups = (known after apply)
      �[32m+�[0m�[0m log_category_types  = (known after apply)
      �[32m+�[0m�[0m logs                = (known after apply)
      �[32m+�[0m�[0m metrics             = (known after apply)
      �[32m+�[0m�[0m resource_id         = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Web/sites/myfunc-dev-fctn001"
    }

�[1m  # data.azurerm_monitor_diagnostic_categories.diagnostic_categories_storage�[0m will be read during apply
  # (depends on a resource or a module with changes pending)
�[0m �[36m<=�[0m�[0m data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_storage" {
      �[32m+�[0m�[0m id                  = (known after apply)
      �[32m+�[0m�[0m log_category_groups = (known after apply)
      �[32m+�[0m�[0m log_category_types  = (known after apply)
      �[32m+�[0m�[0m logs                = (known after apply)
      �[32m+�[0m�[0m metrics             = (known after apply)
      �[32m+�[0m�[0m resource_id         = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001"
    }

�[1m  # azapi_resource.function�[0m will be updated in-place
�[0m  �[33m~�[0m�[0m resource "azapi_resource" "function" {
      �[33m~�[0m�[0m body                      = (sensitive value)
        id                        = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Web/sites/myfunc-dev-fctn001"
        name                      = "myfunc-dev-fctn001"
      �[33m~�[0m�[0m output                    = jsonencode({}) -> (known after apply)
        tags                      = {}
        �[90m# (7 unchanged attributes hidden)�[0m�[0m

        �[90m# (1 unchanged block hidden)�[0m�[0m
    }

�[1m  # azapi_resource.storage_file_share�[0m will be �[1m�[31mdestroyed�[0m
  # (because azapi_resource.storage_file_share is not in configuration)
�[0m  �[31m-�[0m�[0m resource "azapi_resource" "storage_file_share" {
      �[31m-�[0m�[0m body                      = jsonencode(
            {
              �[31m-�[0m�[0m properties = {
                  �[31m-�[0m�[0m accessTier       = "TransactionOptimized"
                  �[31m-�[0m�[0m enabledProtocols = "SMB"
                  �[31m-�[0m�[0m shareQuota       = 5120
                }
            }
        ) �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m id                        = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001/fileServices/default/shares/logicapp" �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m ignore_casing             = false �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m ignore_missing_property   = true �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m name                      = "logicapp" �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m output                    = jsonencode({})
      �[31m-�[0m�[0m parent_id                 = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001/fileServices/default" �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m removing_special_chars    = false �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m schema_validation_enabled = true �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m tags                      = {} �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m type                      = "Microsoft.Storage/storageAccounts/fileServices/shares@2022-09-01" �[90m-> null�[0m�[0m
    }

�[1m  # azurerm_monitor_diagnostic_setting.diagnostic_setting_function�[0m will be updated in-place
�[0m  �[33m~�[0m�[0m resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_function" {
        id                         = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Web/sites/myfunc-dev-fctn001|logAnalytics"
        name                       = "logAnalytics"
        �[90m# (2 unchanged attributes hidden)�[0m�[0m

      �[31m-�[0m�[0m metric {
          �[31m-�[0m�[0m category = "AllMetrics" �[90m-> null�[0m�[0m
          �[31m-�[0m�[0m enabled  = true �[90m-> null�[0m�[0m

          �[31m-�[0m�[0m retention_policy {
              �[31m-�[0m�[0m days    = 0 �[90m-> null�[0m�[0m
              �[31m-�[0m�[0m enabled = false �[90m-> null�[0m�[0m
            }
        }

        �[90m# (4 unchanged blocks hidden)�[0m�[0m
    }

�[1m  # azurerm_monitor_diagnostic_setting.diagnostic_setting_storage�[0m will be updated in-place
�[0m  �[33m~�[0m�[0m resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_storage" {
        id                         = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001|logAnalytics"
        name                       = "logAnalytics"
        �[90m# (2 unchanged attributes hidden)�[0m�[0m

      �[31m-�[0m�[0m metric {
          �[31m-�[0m�[0m category = "Capacity" �[90m-> null�[0m�[0m
          �[31m-�[0m�[0m enabled  = true �[90m-> null�[0m�[0m

          �[31m-�[0m�[0m retention_policy {
              �[31m-�[0m�[0m days    = 30 �[90m-> null�[0m�[0m
              �[31m-�[0m�[0m enabled = true �[90m-> null�[0m�[0m
            }
        }
      �[31m-�[0m�[0m metric {
          �[31m-�[0m�[0m category = "Transaction" �[90m-> null�[0m�[0m
          �[31m-�[0m�[0m enabled  = true �[90m-> null�[0m�[0m

          �[31m-�[0m�[0m retention_policy {
              �[31m-�[0m�[0m days    = 30 �[90m-> null�[0m�[0m
              �[31m-�[0m�[0m enabled = true �[90m-> null�[0m�[0m
            }
        }
    }

�[1m  # azurerm_role_assignment.function_role_assignment_storage�[0m will be �[1m�[31mdestroyed�[0m
  # (because azurerm_role_assignment.function_role_assignment_storage is not in configuration)
�[0m  �[31m-�[0m�[0m resource "azurerm_role_assignment" "function_role_assignment_storage" {
      �[31m-�[0m�[0m id                   = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001/providers/Microsoft.Authorization/roleAssignments/2446da62-3d09-c496-34ee-7b8b00a79298" �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m name                 = "2446da62-3d09-c496-34ee-7b8b00a79298" �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m principal_id         = "940e1b66-a07f-4308-a15e-48f9b9fe2f41" �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m principal_type       = "ServicePrincipal" �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m role_definition_id   = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b" �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m role_definition_name = "Storage Blob Data Owner" �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m scope                = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001" �[90m-> null�[0m�[0m
    }

�[1m  # azurerm_role_assignment.function_role_assignment_storage_blob_data_owner�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_role_assignment" "function_role_assignment_storage_blob_data_owner" {
      �[32m+�[0m�[0m id                               = (known after apply)
      �[32m+�[0m�[0m name                             = (known after apply)
      �[32m+�[0m�[0m principal_id                     = "940e1b66-a07f-4308-a15e-48f9b9fe2f41"
      �[32m+�[0m�[0m principal_type                   = (known after apply)
      �[32m+�[0m�[0m role_definition_id               = (known after apply)
      �[32m+�[0m�[0m role_definition_name             = "Storage Blob Data Owner"
      �[32m+�[0m�[0m scope                            = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001"
      �[32m+�[0m�[0m skip_service_principal_aad_check = (known after apply)
    }

�[1m  # azurerm_storage_account.storage�[0m will be updated in-place
�[0m  �[33m~�[0m�[0m resource "azurerm_storage_account" "storage" {
        id                                = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001"
        name                              = "myfuncdevstg001"
        tags                              = {}
        �[90m# (39 unchanged attributes hidden)�[0m�[0m

      �[33m~�[0m�[0m network_rules {
            �[90m# (4 unchanged attributes hidden)�[0m�[0m

          �[31m-�[0m�[0m private_link_access {
              �[31m-�[0m�[0m endpoint_resource_id = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/providers/Microsoft.Security/datascanners/storageDataScanner" �[90m-> null�[0m�[0m
              �[31m-�[0m�[0m endpoint_tenant_id   = "3556be79-2979-4b19-a1af-4dd4e6d9ed7e" �[90m-> null�[0m�[0m
            }
        }

        �[90m# (4 unchanged blocks hidden)�[0m�[0m
    }

�[1m  # azurerm_storage_management_policy.storage_management_policy�[0m will be �[1m�[31mdestroyed�[0m
  # (because azurerm_storage_management_policy.storage_management_policy is not in configuration)
�[0m  �[31m-�[0m�[0m resource "azurerm_storage_management_policy" "storage_management_policy" {
      �[31m-�[0m�[0m id                 = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001/managementPolicies/default" �[90m-> null�[0m�[0m
      �[31m-�[0m�[0m storage_account_id = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/myfunc-dev-app-rg/providers/Microsoft.Storage/storageAccounts/myfuncdevstg001" �[90m-> null�[0m�[0m

      �[31m-�[0m�[0m rule {
          �[31m-�[0m�[0m enabled = true �[90m-> null�[0m�[0m
          �[31m-�[0m�[0m name    = "default" �[90m-> null�[0m�[0m

          �[31m-�[0m�[0m actions {
              �[31m-�[0m�[0m base_blob {
                  �[31m-�[0m�[0m auto_tier_to_hot_from_cool_enabled                             = false �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m delete_after_days_since_creation_greater_than                  = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m delete_after_days_since_last_access_time_greater_than          = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m delete_after_days_since_modification_greater_than              = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_archive_after_days_since_creation_greater_than         = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_archive_after_days_since_last_access_time_greater_than = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_archive_after_days_since_last_tier_change_greater_than = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_archive_after_days_since_modification_greater_than     = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_cold_after_days_since_creation_greater_than            = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_cold_after_days_since_last_access_time_greater_than    = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_cold_after_days_since_modification_greater_than        = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_cool_after_days_since_creation_greater_than            = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_cool_after_days_since_last_access_time_greater_than    = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_cool_after_days_since_modification_greater_than        = 360 �[90m-> null�[0m�[0m
                }
              �[31m-�[0m�[0m snapshot {
                  �[31m-�[0m�[0m change_tier_to_archive_after_days_since_creation               = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m change_tier_to_cool_after_days_since_creation                  = 180 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m delete_after_days_since_creation_greater_than                  = 360 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_archive_after_days_since_last_tier_change_greater_than = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_cold_after_days_since_creation_greater_than            = -1 �[90m-> null�[0m�[0m
                }
              �[31m-�[0m�[0m version {
                  �[31m-�[0m�[0m change_tier_to_archive_after_days_since_creation               = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m change_tier_to_cool_after_days_since_creation                  = 180 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m delete_after_days_since_creation                               = 360 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_archive_after_days_since_last_tier_change_greater_than = -1 �[90m-> null�[0m�[0m
                  �[31m-�[0m�[0m tier_to_cold_after_days_since_creation_greater_than            = -1 �[90m-> null�[0m�[0m
                }
            }

          �[31m-�[0m�[0m filters {
              �[31m-�[0m�[0m blob_types   = [
                  �[31m-�[0m�[0m "blockBlob",
                ] �[90m-> null�[0m�[0m
              �[31m-�[0m�[0m prefix_match = [] �[90m-> null�[0m�[0m
            }
        }
    }

�[1mPlan:�[0m 1 to add, 4 to change, 3 to destroy.
�[0m�[90m
─────────────────────────────────────────────────────────────────────────────�[0m

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@marvinbuss marvinbuss merged commit 8fa3e6c into main Jan 9, 2024
@marvinbuss marvinbuss deleted the marvinbuss/update_storage branch January 9, 2024 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@marvinbuss marvinbuss

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@marvinbuss