From 3961f08e6310ec59183c53346fb7ade70e6d2a3c Mon Sep 17 00:00:00 2001 From: Matthew Frahry Date: Mon, 22 Mar 2021 09:22:16 -0700 Subject: [PATCH 1/9] dependencies: upgrade all the azure things --- go.mod | 18 +++++++++--------- go.sum | 48 +++++++++++++++++++++++++++++++----------------- 2 files changed, 40 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index 8a752c9c4..71f935225 100644 --- a/go.mod +++ b/go.mod @@ -2,8 +2,8 @@ module github.com/hashicorp/terraform require ( cloud.google.com/go/storage v1.10.0 - github.com/Azure/azure-sdk-for-go v47.1.0+incompatible - github.com/Azure/go-autorest/autorest v0.11.10 + github.com/Azure/azure-sdk-for-go v52.5.0+incompatible + github.com/Azure/go-autorest/autorest v0.11.18 github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c // indirect github.com/ChrisTrenkamp/goxpath v0.0.0-20190607011252-c5096ec8773d // indirect github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af // indirect @@ -38,7 +38,7 @@ require ( github.com/golang/mock v1.4.4 github.com/golang/protobuf v1.4.3 github.com/google/go-cmp v0.5.2 - github.com/google/uuid v1.1.2 + github.com/google/uuid v1.2.0 github.com/gophercloud/gophercloud v0.10.1-0.20200424014253-c3bfe50899e5 github.com/gophercloud/utils v0.0.0-20200423144003-7c72efc7435d github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 // indirect @@ -49,21 +49,21 @@ require ( github.com/hashicorp/aws-sdk-go-base v0.6.0 github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089 github.com/hashicorp/errwrap v1.1.0 - github.com/hashicorp/go-azure-helpers v0.13.0 + github.com/hashicorp/go-azure-helpers v0.14.0 github.com/hashicorp/go-checkpoint v0.5.0 github.com/hashicorp/go-cleanhttp v0.5.1 github.com/hashicorp/go-getter v1.5.1 github.com/hashicorp/go-hclog v0.15.0 github.com/hashicorp/go-immutable-radix v0.0.0-20180129170900-7f3cd4390caa // indirect github.com/hashicorp/go-msgpack v0.5.4 // indirect - github.com/hashicorp/go-multierror v1.1.0 + github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-plugin v1.4.0 github.com/hashicorp/go-retryablehttp v0.5.2 github.com/hashicorp/go-rootcerts v1.0.0 // indirect github.com/hashicorp/go-sockaddr v0.0.0-20180320115054-6d291a969b86 // indirect github.com/hashicorp/go-tfe v0.8.1 github.com/hashicorp/go-uuid v1.0.1 - github.com/hashicorp/go-version v1.2.0 + github.com/hashicorp/go-version v1.2.1 github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f github.com/hashicorp/hcl/v2 v2.9.1 github.com/hashicorp/memberlist v0.1.0 // indirect @@ -109,7 +109,7 @@ require ( github.com/tencentcloud/tencentcloud-sdk-go v3.0.82+incompatible github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20190808065407-f07404cefc8c github.com/tmc/grpc-websocket-proxy v0.0.0-20171017195756-830351dc03c6 // indirect - github.com/tombuildsstuff/giovanni v0.14.0 + github.com/tombuildsstuff/giovanni v0.15.1 github.com/ugorji/go v0.0.0-20180813092308-00b869d2f4a5 // indirect github.com/xanzy/ssh-agent v0.2.1 github.com/xiang90/probing v0.0.0-20160813154853-07dd2e8dfe18 // indirect @@ -120,9 +120,9 @@ require ( go.uber.org/atomic v1.3.2 // indirect go.uber.org/multierr v1.1.0 // indirect go.uber.org/zap v1.9.1 // indirect - golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 + golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 golang.org/x/mod v0.3.0 - golang.org/x/net v0.0.0-20201110031124-69a78807bb2b + golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf diff --git a/go.sum b/go.sum index d690fd871..4aa9a4667 100644 --- a/go.sum +++ b/go.sum @@ -34,17 +34,21 @@ cloud.google.com/go/storage v1.10.0 h1:STgFzyU5/8miMl0//zKh2aQeTyeaUH3WN9bSUiJ09 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-sdk-for-go v45.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v47.1.0+incompatible h1:D6MsWmsxF+pEjN/yZDyKXoUrsamdBdTlPedIgBlvVx4= github.com/Azure/azure-sdk-for-go v47.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v51.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v52.5.0+incompatible h1:/NLBWHCnIHtZyLPc1P7WIqi4Te4CC23kIQyK3Ep/7lA= +github.com/Azure/azure-sdk-for-go v52.5.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-autorest v11.1.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.3/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= -github.com/Azure/go-autorest/autorest v0.11.10 h1:j5sGbX7uj1ieYYkQ3Mpvewd4DCsEQ+ZeJpqnSM9pjnM= github.com/Azure/go-autorest/autorest v0.11.10/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= +github.com/Azure/go-autorest/autorest v0.11.18 h1:90Y4srNYrwOtAgVo3ndrQkTYn6kf1Eg/AjTFJ8Is2aM= +github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= -github.com/Azure/go-autorest/autorest/adal v0.9.5 h1:Y3bBUV4rTuxenJJs41HU3qmqsb+auo+a3Lz+PlJPpL0= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= +github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q= +github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s= github.com/Azure/go-autorest/autorest/azure/cli v0.4.2 h1:dMOmEJfkLKW/7JsokJqkyoYSgmR08hi9KrhjZb+JALY= github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= @@ -55,10 +59,12 @@ github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPu github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.3.0 h1:3I9AAI63HfcLtphd9g39ruUwRI+Ca+z/f36KHPFRUss= github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= -github.com/Azure/go-autorest/logger v0.2.0 h1:e4RVHVZKC5p6UANLJHkM4OfR1UKZPj8Wt8Pcx+3oqrE= +github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac= +github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= +github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/Azure/go-ntlmssp v0.0.0-20180810175552-4a21cbd618b4/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= @@ -161,8 +167,9 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TRo4= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= +github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= +github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/dylanmei/iso8601 v0.1.0 h1:812NGQDBcqquTfH5Yeo7lwR0nzx/cKdsmf3qMjPURUI= github.com/dylanmei/iso8601 v0.1.0/go.mod h1:w9KhXSgIyROl1DefbMYIE7UVSIvELTbMrCfx+QkYnoQ= @@ -271,8 +278,9 @@ github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hf github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= +github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= @@ -303,8 +311,8 @@ github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-azure-helpers v0.12.0/go.mod h1:Zc3v4DNeX6PDdy7NljlYpnrdac1++qNW0I4U+ofGwpg= -github.com/hashicorp/go-azure-helpers v0.13.0 h1:Gm1g5atSCHhQUoNGAotLB1o5mzg01RXi/zFQjDGGoiA= -github.com/hashicorp/go-azure-helpers v0.13.0/go.mod h1:NifBbLJtyUxdQrRVmIfr0VykEXZIlq3YfHFpFdyp7qY= +github.com/hashicorp/go-azure-helpers v0.14.0 h1:CdC2QqxK/Vk32YS5XMKXHjnpbtNIUCUv/PoSVQHx5jY= +github.com/hashicorp/go-azure-helpers v0.14.0/go.mod h1:kR7+sTDEb9TOp/O80ss1UEJg1t4/BHLD/U8wHLS4BGQ= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= @@ -320,8 +328,8 @@ github.com/hashicorp/go-immutable-radix v0.0.0-20180129170900-7f3cd4390caa/go.mo github.com/hashicorp/go-msgpack v0.5.4 h1:SFT72YqIkOcLdWJUYcriVX7hbrZpwc/f7h8aW2NUqrA= github.com/hashicorp/go-msgpack v0.5.4/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI= -github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.4.0 h1:b0O7rs5uiJ99Iu9HugEzsM67afboErkHUWddUSpUO3A= github.com/hashicorp/go-plugin v1.4.0/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= github.com/hashicorp/go-retryablehttp v0.5.2 h1:AoISa4P4IsW0/m4T6St8Yw38gTl5GtBAgfkhYh1xAz4= @@ -341,8 +349,9 @@ github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.0.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.2.0 h1:3vNe/fWF5CBgRIguda1meWhsZHy3m8gCJ5wx+dIzX/E= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI= +github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -558,8 +567,8 @@ github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20190808065407-f07404cefc8c h1:iRD1Cq github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20190808065407-f07404cefc8c/go.mod h1:wk2XFUg6egk4tSDNZtXeKfe2G6690UVyt163PuUxBZk= github.com/tmc/grpc-websocket-proxy v0.0.0-20171017195756-830351dc03c6 h1:lYIiVDtZnyTWlNwiAxLj0bbpTcx1BWCFhXjfsvmPdNc= github.com/tmc/grpc-websocket-proxy v0.0.0-20171017195756-830351dc03c6/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tombuildsstuff/giovanni v0.14.0 h1:vBgZJHNs8p42Nj4GaffPe7nzs2Z2qIyKUN+7793UggA= -github.com/tombuildsstuff/giovanni v0.14.0/go.mod h1:0TZugJPEtqzPlMpuJHYfXY6Dq2uLPrXf98D2XQSxNbA= +github.com/tombuildsstuff/giovanni v0.15.1 h1:CVRaLOJ7C/eercCrKIsarfJ4SZoGMdBL9Q2deFDUXco= +github.com/tombuildsstuff/giovanni v0.15.1/go.mod h1:0TZugJPEtqzPlMpuJHYfXY6Dq2uLPrXf98D2XQSxNbA= github.com/ugorji/go v0.0.0-20180813092308-00b869d2f4a5 h1:cMjKdf4PxEBN9K5HaD9UMW8gkTbM0kMzkTa9SJe0WNQ= github.com/ugorji/go v0.0.0-20180813092308-00b869d2f4a5/go.mod h1:hnLbHMwcvSihnDhEfx2/BzKp2xb0Y+ErdfYcrs9tkJQ= github.com/ulikunitz/xz v0.5.8 h1:ERv8V6GKqVi23rgu5cj9pVfVzJbOqAY2Ntl88O6c2nQ= @@ -583,7 +592,6 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= -github.com/zclconf/go-cty v1.8.0 h1:s4AvqaeQzJIu3ndv4gVIhplVD0krU+bgrcLSVUnaWuA= github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= github.com/zclconf/go-cty v1.8.1 h1:SI0LqNeNxAgv2WWqWJMlG2/Ad/6aYJ7IVYYMigmfkuI= github.com/zclconf/go-cty v1.8.1/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= @@ -616,8 +624,10 @@ golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E= golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= +golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 h1:It14KIkyBFYkHkwZ7k45minvA9aorojkyjGk9KJ5B/w= +golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -688,8 +698,9 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -728,6 +739,7 @@ golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -749,6 +761,8 @@ golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf h1:MZ2shdL+ZM/XzY3ZGOnh4Nlpnxz5GSOhOmtHo3iPU6M= golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 05b45ab4f38b6f2c86886280c182102775022476 Mon Sep 17 00:00:00 2001 From: Matthew Frahry Date: Mon, 22 Mar 2021 09:26:06 -0700 Subject: [PATCH 2/9] backend/azurerm: removing support for the deprecated fields --- backend/remote-state/azure/backend.go | 43 +++------------------------ 1 file changed, 4 insertions(+), 39 deletions(-) diff --git a/backend/remote-state/azure/backend.go b/backend/remote-state/azure/backend.go index 7e899ad9d..0e84c3a46 100644 --- a/backend/remote-state/azure/backend.go +++ b/backend/remote-state/azure/backend.go @@ -134,35 +134,6 @@ func New() backend.Backend { Description: "The Managed Service Identity Endpoint.", DefaultFunc: schema.EnvDefaultFunc("ARM_MSI_ENDPOINT", ""), }, - - // Deprecated fields - "arm_client_id": { - Type: schema.TypeString, - Optional: true, - Description: "The Client ID.", - Deprecated: "`arm_client_id` has been replaced by `client_id`", - }, - - "arm_client_secret": { - Type: schema.TypeString, - Optional: true, - Description: "The Client Secret.", - Deprecated: "`arm_client_secret` has been replaced by `client_secret`", - }, - - "arm_subscription_id": { - Type: schema.TypeString, - Optional: true, - Description: "The Subscription ID.", - Deprecated: "`arm_subscription_id` has been replaced by `subscription_id`", - }, - - "arm_tenant_id": { - Type: schema.TypeString, - Optional: true, - Description: "The Tenant ID.", - Deprecated: "`arm_tenant_id` has been replaced by `tenant_id`", - }, }, } @@ -215,18 +186,12 @@ func (b *Backend) configure(ctx context.Context) error { b.keyName = data.Get("key").(string) b.snapshot = data.Get("snapshot").(bool) - // support for previously deprecated fields - clientId := valueFromDeprecatedField(data, "client_id", "arm_client_id") - clientSecret := valueFromDeprecatedField(data, "client_secret", "arm_client_secret") - subscriptionId := valueFromDeprecatedField(data, "subscription_id", "arm_subscription_id") - tenantId := valueFromDeprecatedField(data, "tenant_id", "arm_tenant_id") - config := BackendConfig{ AccessKey: data.Get("access_key").(string), - ClientID: clientId, + ClientID: data.Get("client_id").(string), ClientCertificatePassword: data.Get("client_certificate_password").(string), ClientCertificatePath: data.Get("client_certificate_path").(string), - ClientSecret: clientSecret, + ClientSecret: data.Get("client_secret").(string), CustomResourceManagerEndpoint: data.Get("endpoint").(string), MetadataHost: data.Get("metadata_host").(string), Environment: data.Get("environment").(string), @@ -234,8 +199,8 @@ func (b *Backend) configure(ctx context.Context) error { ResourceGroupName: data.Get("resource_group_name").(string), SasToken: data.Get("sas_token").(string), StorageAccountName: data.Get("storage_account_name").(string), - SubscriptionID: subscriptionId, - TenantID: tenantId, + SubscriptionID: data.Get("subscription_id").(string), + TenantID: data.Get("tenant_id").(string), UseMsi: data.Get("use_msi").(bool), } From b0b0a44a67b68fdc32165366f03d2a5e23f378d6 Mon Sep 17 00:00:00 2001 From: Matthew Frahry Date: Mon, 22 Mar 2021 09:33:57 -0700 Subject: [PATCH 3/9] backend/azurerm: added a feature flag for using AzureAD to authenticate --- backend/remote-state/azure/backend.go | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/backend/remote-state/azure/backend.go b/backend/remote-state/azure/backend.go index 0e84c3a46..8b8c7d32e 100644 --- a/backend/remote-state/azure/backend.go +++ b/backend/remote-state/azure/backend.go @@ -125,7 +125,7 @@ func New() backend.Backend { "use_msi": { Type: schema.TypeBool, Optional: true, - Description: "Should Managed Service Identity be used?.", + Description: "Should Managed Service Identity be used?", DefaultFunc: schema.EnvDefaultFunc("ARM_USE_MSI", false), }, "msi_endpoint": { @@ -134,6 +134,14 @@ func New() backend.Backend { Description: "The Managed Service Identity Endpoint.", DefaultFunc: schema.EnvDefaultFunc("ARM_MSI_ENDPOINT", ""), }, + + // Feature Flags + "use_azuread_auth": { + Type: schema.TypeBool, + Optional: true, + Description: "Should Terraform use AzureAD Authentication to access the Blob?", + DefaultFunc: schema.EnvDefaultFunc("ARM_USE_AZUREAD", false), + }, }, } @@ -172,6 +180,7 @@ type BackendConfig struct { SubscriptionID string TenantID string UseMsi bool + UseAzureADAuthentication bool } func (b *Backend) configure(ctx context.Context) error { @@ -202,6 +211,7 @@ func (b *Backend) configure(ctx context.Context) error { SubscriptionID: data.Get("subscription_id").(string), TenantID: data.Get("tenant_id").(string), UseMsi: data.Get("use_msi").(bool), + UseAzureADAuthentication: data.Get("use_azuread_auth").(bool), } armClient, err := buildArmClient(context.TODO(), config) @@ -209,20 +219,11 @@ func (b *Backend) configure(ctx context.Context) error { return err } - if config.AccessKey == "" && config.SasToken == "" && config.ResourceGroupName == "" { - return fmt.Errorf("Either an Access Key / SAS Token or the Resource Group for the Storage Account must be specified") + thingsNeededToLookupAccessKeySpecified := config.AccessKey == "" && config.SasToken == "" && config.ResourceGroupName == "" + if thingsNeededToLookupAccessKeySpecified && !config.UseAzureADAuthentication { + return fmt.Errorf("Either an Access Key / SAS Token or the Resource Group for the Storage Account must be specified - or Azure AD Authentication must be enabled") } b.armClient = armClient return nil } - -func valueFromDeprecatedField(d *schema.ResourceData, key, deprecatedFieldKey string) string { - v := d.Get(key).(string) - - if v == "" { - v = d.Get(deprecatedFieldKey).(string) - } - - return v -} From a978d4ee99048967895eb48a208e731e5b00a36f Mon Sep 17 00:00:00 2001 From: Matthew Frahry Date: Mon, 22 Mar 2021 09:53:52 -0700 Subject: [PATCH 4/9] website: adding the new fields to azurerm --- .../settings/backends/azurerm.html.md | 63 ++++++++++++++++++- 1 file changed, 61 insertions(+), 2 deletions(-) diff --git a/website/docs/language/settings/backends/azurerm.html.md b/website/docs/language/settings/backends/azurerm.html.md index 0286a8b09..c0ab248d2 100644 --- a/website/docs/language/settings/backends/azurerm.html.md +++ b/website/docs/language/settings/backends/azurerm.html.md @@ -28,6 +28,8 @@ terraform { } ``` +--- + When authenticating using Managed Service Identity (MSI): ```hcl @@ -43,6 +45,27 @@ terraform { } ``` +--- + +When authenticating using Azure AD Authentication: + +```hcl +terraform { + backend "azurerm" { + storage_account_name = "abcd1234" + container_name = "tfstate" + key = "prod.terraform.tfstate" + use_azuread_auth = true + subscription_id = "00000000-0000-0000-0000-000000000000" + tenant_id = "00000000-0000-0000-0000-000000000000" + } +} +``` + +-> **Note:** When using AzureAD for Authentication to Storage you also need to ensure the `XXX` and `XXX` roles are assigned. + +--- + When authenticating using the Access Key associated with the Storage Account: ```hcl @@ -59,6 +82,8 @@ terraform { } ``` +--- + When authenticating using a SAS Token associated with the Storage Account: ```hcl @@ -92,6 +117,8 @@ data "terraform_remote_state" "foo" { } ``` +--- + When authenticating using Managed Service Identity (MSI): ```hcl @@ -102,12 +129,34 @@ data "terraform_remote_state" "foo" { container_name = "terraform-state" key = "prod.terraform.tfstate" use_msi = true - subscription_id = "00000000-0000-0000-0000-000000000000" - tenant_id = "00000000-0000-0000-0000-000000000000" + subscription_id = "00000000-0000-0000-0000-000000000000" + tenant_id = "00000000-0000-0000-0000-000000000000" } } ``` +--- + +When authenticating using AzureAD Authentication: + +```hcl +data "terraform_remote_state" "foo" { + backend = "azurerm" + config = { + storage_account_name = "terraform123abc" + container_name = "terraform-state" + key = "prod.terraform.tfstate" + use_azuread_auth = true + subscription_id = "00000000-0000-0000-0000-000000000000" + tenant_id = "00000000-0000-0000-0000-000000000000" + } +} +``` + +-> **Note:** When using AzureAD for Authentication to Storage you also need to ensure the `XXX` and `XXX` roles are assigned. + +--- + When authenticating using the Access Key associated with the Storage Account: ```hcl @@ -125,6 +174,8 @@ data "terraform_remote_state" "foo" { } ``` +--- + When authenticating using a SAS Token associated with the Storage Account: ```hcl @@ -186,6 +237,14 @@ When authenticating using the Storage Account's Access Key - the following field --- +When authenticating using AzureAD Authentication - the following fields are also supported: + +* `use_azuread_auth` - (Optional) Should AzureAD Authentication be used to access the Blob Storage Account. This can also be sourced from the `ARM_USE_AZUREAD` environment variable. + +-> **Note:** When using AzureAD for Authentication to Storage you also need to ensure the `XXX` and `XXX` roles are assigned. + +--- + When authenticating using a Service Principal with a Client Certificate - the following fields are also supported: * `resource_group_name` - (Required) The Name of the Resource Group in which the Storage Account exists. From 341479087c8de35c71a700ef8001e71c0a229784 Mon Sep 17 00:00:00 2001 From: Matthew Frahry Date: Mon, 22 Mar 2021 10:15:41 -0700 Subject: [PATCH 5/9] backend/azurerm: adding support for azuread authentication --- backend/remote-state/azure/arm_client.go | 29 +++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/backend/remote-state/azure/arm_client.go b/backend/remote-state/azure/arm_client.go index 81c6d2a91..a407b785b 100644 --- a/backend/remote-state/azure/arm_client.go +++ b/backend/remote-state/azure/arm_client.go @@ -26,6 +26,9 @@ type ArmClient struct { containersClient *containers.Client blobsClient *blobs.Client + // azureAdStorageAuth is only here if we're using AzureAD Authentication but is an Authorizer for Storage + azureAdStorageAuth *autorest.Authorizer + accessKey string environment azure.Environment resourceGroupName string @@ -92,11 +95,20 @@ func buildArmClient(ctx context.Context, config BackendConfig) (*ArmClient, erro return nil, err } - auth, err := armConfig.GetAuthorizationToken(sender.BuildSender("backend/remote-state/azure"), oauthConfig, env.TokenAudience) + sender := sender.BuildSender("backend/remote-state/azure") + auth, err := armConfig.GetAuthorizationToken(sender, oauthConfig, env.TokenAudience) if err != nil { return nil, err } + if config.UseAzureADAuthentication { + storageAuth, err := armConfig.GetAuthorizationToken(sender, oauthConfig, env.ResourceIdentifiers.Storage) + if err != nil { + return nil, err + } + client.azureAdStorageAuth = &storageAuth + } + accountsClient := armStorage.NewAccountsClientWithBaseURI(env.ResourceManagerEndpoint, armConfig.SubscriptionID) client.configureClient(&accountsClient.Client, auth) client.storageAccountsClient = &accountsClient @@ -109,6 +121,8 @@ func buildArmClient(ctx context.Context, config BackendConfig) (*ArmClient, erro } func buildArmEnvironment(config BackendConfig) (*azure.Environment, error) { + // TODO: can we remove this? + // https://github.com/hashicorp/terraform/issues/27156 if config.CustomResourceManagerEndpoint != "" { log.Printf("[DEBUG] Loading Environment from Endpoint %q", config.CustomResourceManagerEndpoint) return authentication.LoadEnvironmentFromUrl(config.CustomResourceManagerEndpoint) @@ -131,6 +145,12 @@ func (c ArmClient) getBlobClient(ctx context.Context) (*blobs.Client, error) { return &blobsClient, nil } + if c.azureAdStorageAuth != nil { + blobsClient := blobs.NewWithEnvironment(c.environment) + c.configureClient(&blobsClient.Client, *c.azureAdStorageAuth) + return &blobsClient, nil + } + accessKey := c.accessKey if accessKey == "" { log.Printf("[DEBUG] Building the Blob Client from an Access Token (using user credentials)") @@ -169,6 +189,13 @@ func (c ArmClient) getContainersClient(ctx context.Context) (*containers.Client, c.configureClient(&containersClient.Client, storageAuth) return &containersClient, nil } + + if c.azureAdStorageAuth != nil { + containersClient := containers.NewWithEnvironment(c.environment) + c.configureClient(&containersClient.Client, *c.azureAdStorageAuth) + return &containersClient, nil + } + accessKey := c.accessKey if accessKey == "" { log.Printf("[DEBUG] Building the Container Client from an Access Token (using user credentials)") From 3722b1b6130cfaec5544c0b05a64d979fe22ddd1 Mon Sep 17 00:00:00 2001 From: Matthew Frahry Date: Mon, 22 Mar 2021 10:49:34 -0700 Subject: [PATCH 6/9] backend/azurerm: support for using azuread authentication for blobs --- backend/remote-state/azure/arm_client.go | 6 +-- backend/remote-state/azure/backend_test.go | 28 ++++++++++++ backend/remote-state/azure/helpers_test.go | 52 ++++++++++++++-------- 3 files changed, 64 insertions(+), 22 deletions(-) diff --git a/backend/remote-state/azure/arm_client.go b/backend/remote-state/azure/arm_client.go index a407b785b..53a436641 100644 --- a/backend/remote-state/azure/arm_client.go +++ b/backend/remote-state/azure/arm_client.go @@ -11,7 +11,7 @@ import ( "github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/containers" "github.com/Azure/azure-sdk-for-go/profiles/2017-03-09/resources/mgmt/resources" - armStorage "github.com/Azure/azure-sdk-for-go/profiles/2017-03-09/storage/mgmt/storage" + armStorage "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2021-01-01/storage" "github.com/Azure/go-autorest/autorest" "github.com/Azure/go-autorest/autorest/azure" "github.com/hashicorp/go-azure-helpers/authentication" @@ -154,7 +154,7 @@ func (c ArmClient) getBlobClient(ctx context.Context) (*blobs.Client, error) { accessKey := c.accessKey if accessKey == "" { log.Printf("[DEBUG] Building the Blob Client from an Access Token (using user credentials)") - keys, err := c.storageAccountsClient.ListKeys(ctx, c.resourceGroupName, c.storageAccountName) + keys, err := c.storageAccountsClient.ListKeys(ctx, c.resourceGroupName, c.storageAccountName, "") if err != nil { return nil, fmt.Errorf("Error retrieving keys for Storage Account %q: %s", c.storageAccountName, err) } @@ -199,7 +199,7 @@ func (c ArmClient) getContainersClient(ctx context.Context) (*containers.Client, accessKey := c.accessKey if accessKey == "" { log.Printf("[DEBUG] Building the Container Client from an Access Token (using user credentials)") - keys, err := c.storageAccountsClient.ListKeys(ctx, c.resourceGroupName, c.storageAccountName) + keys, err := c.storageAccountsClient.ListKeys(ctx, c.resourceGroupName, c.storageAccountName, "") if err != nil { return nil, fmt.Errorf("Error retrieving keys for Storage Account %q: %s", c.storageAccountName, err) } diff --git a/backend/remote-state/azure/backend_test.go b/backend/remote-state/azure/backend_test.go index a0eb1f5ae..c292fd63a 100644 --- a/backend/remote-state/azure/backend_test.go +++ b/backend/remote-state/azure/backend_test.go @@ -123,6 +123,34 @@ func TestBackendSASTokenBasic(t *testing.T) { backend.TestBackendStates(t, b) } +func TestBackendAzureADAuthBasic(t *testing.T) { + testAccAzureBackend(t) + rs := acctest.RandString(4) + res := testResourceNames(rs, "testState") + res.useAzureADAuth = true + armClient := buildTestClient(t, res) + + ctx := context.TODO() + err := armClient.buildTestResources(ctx, &res) + defer armClient.destroyTestResources(ctx, res) + if err != nil { + armClient.destroyTestResources(ctx, res) + t.Fatalf("Error creating Test Resources: %q", err) + } + + b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ + "storage_account_name": res.storageAccountName, + "container_name": res.storageContainerName, + "key": res.storageKeyName, + "access_key": res.storageAccountAccessKey, + "environment": os.Getenv("ARM_ENVIRONMENT"), + "endpoint": os.Getenv("ARM_ENDPOINT"), + "use_azuread_auth": true, + })).(*Backend) + + backend.TestBackendStates(t, b) +} + func TestBackendServicePrincipalClientCertificateBasic(t *testing.T) { testAccAzureBackend(t) diff --git a/backend/remote-state/azure/helpers_test.go b/backend/remote-state/azure/helpers_test.go index a98793217..c1d2ffd41 100644 --- a/backend/remote-state/azure/helpers_test.go +++ b/backend/remote-state/azure/helpers_test.go @@ -10,7 +10,7 @@ import ( "time" "github.com/Azure/azure-sdk-for-go/profiles/2017-03-09/resources/mgmt/resources" - armStorage "github.com/Azure/azure-sdk-for-go/profiles/2017-03-09/storage/mgmt/storage" + armStorage "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2021-01-01/storage" "github.com/Azure/go-autorest/autorest" sasStorage "github.com/hashicorp/go-azure-helpers/storage" "github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/containers" @@ -83,6 +83,7 @@ func buildTestClient(t *testing.T, res resourceNames) *ArmClient { ResourceGroupName: res.resourceGroup, StorageAccountName: res.storageAccountName, UseMsi: msiEnabled, + UseAzureADAuthentication: res.useAzureADAuth, }) if err != nil { t.Fatalf("Failed to build ArmClient: %+v", err) @@ -125,6 +126,7 @@ type resourceNames struct { storageContainerName string storageKeyName string storageAccountAccessKey string + useAzureADAuth bool } func testResourceNames(rString string, keyName string) resourceNames { @@ -134,6 +136,7 @@ func testResourceNames(rString string, keyName string) resourceNames { storageAccountName: fmt.Sprintf("acctestsa%s", rString), storageContainerName: "acctestcont", storageKeyName: keyName, + useAzureADAuth: false, } } @@ -145,13 +148,20 @@ func (c *ArmClient) buildTestResources(ctx context.Context, names *resourceNames } log.Printf("Creating Storage Account %q in Resource Group %q", names.storageAccountName, names.resourceGroup) - future, err := c.storageAccountsClient.Create(ctx, names.resourceGroup, names.storageAccountName, armStorage.AccountCreateParameters{ + storageProps := armStorage.AccountCreateParameters{ Sku: &armStorage.Sku{ Name: armStorage.StandardLRS, Tier: armStorage.Standard, }, Location: &names.location, - }) + } + if names.useAzureADAuth { + allowSharedKeyAccess := false + storageProps.AccountPropertiesCreateParameters = &armStorage.AccountPropertiesCreateParameters{ + AllowSharedKeyAccess: &allowSharedKeyAccess, + } + } + future, err := c.storageAccountsClient.Create(ctx, names.resourceGroup, names.storageAccountName, storageProps) if err != nil { return fmt.Errorf("failed to create test storage account: %s", err) } @@ -161,23 +171,27 @@ func (c *ArmClient) buildTestResources(ctx context.Context, names *resourceNames return fmt.Errorf("failed waiting for the creation of storage account: %s", err) } - log.Printf("fetching access key for storage account") - resp, err := c.storageAccountsClient.ListKeys(ctx, names.resourceGroup, names.storageAccountName) - if err != nil { - return fmt.Errorf("failed to list storage account keys %s:", err) - } - - keys := *resp.Keys - accessKey := *keys[0].Value - names.storageAccountAccessKey = accessKey - - storageAuth, err := autorest.NewSharedKeyAuthorizer(names.storageAccountName, accessKey, autorest.SharedKey) - if err != nil { - return fmt.Errorf("Error building Authorizer: %+v", err) - } - containersClient := containers.NewWithEnvironment(c.environment) - containersClient.Client.Authorizer = storageAuth + if names.useAzureADAuth { + containersClient.Client.Authorizer = *c.azureAdStorageAuth + } else { + log.Printf("fetching access key for storage account") + resp, err := c.storageAccountsClient.ListKeys(ctx, names.resourceGroup, names.storageAccountName, "") + if err != nil { + return fmt.Errorf("failed to list storage account keys %s:", err) + } + + keys := *resp.Keys + accessKey := *keys[0].Value + names.storageAccountAccessKey = accessKey + + storageAuth, err := autorest.NewSharedKeyAuthorizer(names.storageAccountName, accessKey, autorest.SharedKey) + if err != nil { + return fmt.Errorf("Error building Authorizer: %+v", err) + } + + containersClient.Client.Authorizer = storageAuth + } log.Printf("Creating Container %q in Storage Account %q (Resource Group %q)", names.storageContainerName, names.storageAccountName, names.resourceGroup) _, err = containersClient.Create(ctx, names.storageAccountName, names.storageContainerName, containers.CreateInput{}) From 3546650ac6e8c5f2e85efd5d6c8bb7aee4ba3150 Mon Sep 17 00:00:00 2001 From: Matthew Frahry Date: Mon, 22 Mar 2021 10:51:01 -0700 Subject: [PATCH 7/9] backend/azurerm: adding the right role name --- website/docs/language/settings/backends/azurerm.html.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/docs/language/settings/backends/azurerm.html.md b/website/docs/language/settings/backends/azurerm.html.md index c0ab248d2..e2d2c2458 100644 --- a/website/docs/language/settings/backends/azurerm.html.md +++ b/website/docs/language/settings/backends/azurerm.html.md @@ -62,7 +62,7 @@ terraform { } ``` --> **Note:** When using AzureAD for Authentication to Storage you also need to ensure the `XXX` and `XXX` roles are assigned. +-> **Note:** When using AzureAD for Authentication to Storage you also need to ensure the `Storage Blob Data Owner` role is assigned. --- @@ -153,7 +153,7 @@ data "terraform_remote_state" "foo" { } ``` --> **Note:** When using AzureAD for Authentication to Storage you also need to ensure the `XXX` and `XXX` roles are assigned. +-> **Note:** When using AzureAD for Authentication to Storage you also need to ensure the `Storage Blob Data Owner` role is assigned. --- @@ -241,7 +241,7 @@ When authenticating using AzureAD Authentication - the following fields are also * `use_azuread_auth` - (Optional) Should AzureAD Authentication be used to access the Blob Storage Account. This can also be sourced from the `ARM_USE_AZUREAD` environment variable. --> **Note:** When using AzureAD for Authentication to Storage you also need to ensure the `XXX` and `XXX` roles are assigned. +-> **Note:** When using AzureAD for Authentication to Storage you also need to ensure the `Storage Blob Data Owner` role is assigned. --- From 0bbb0dc200c54629b83d5ba1ac0fb419d387ef5e Mon Sep 17 00:00:00 2001 From: Matthew Frahry Date: Mon, 22 Mar 2021 14:20:54 -0700 Subject: [PATCH 8/9] Fix for #27809 --- backend/remote-state/azure/client.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/remote-state/azure/client.go b/backend/remote-state/azure/client.go index d63e34ac4..d3066454d 100644 --- a/backend/remote-state/azure/client.go +++ b/backend/remote-state/azure/client.go @@ -110,7 +110,7 @@ func (c *RemoteClient) Delete() error { ctx := context.TODO() resp, err := c.giovanniBlobClient.Delete(ctx, c.accountName, c.containerName, c.keyName, options) if err != nil { - if resp.Response.StatusCode != 404 { + if !resp.IsHTTPStatus(http.StatusNotFound) { return err } } @@ -152,7 +152,7 @@ func (c *RemoteClient) Lock(info *statemgr.LockInfo) (string, error) { properties, err := c.giovanniBlobClient.GetProperties(ctx, c.accountName, c.containerName, c.keyName, blobs.GetPropertiesInput{}) if err != nil { // error if we had issues getting the blob - if properties.Response.StatusCode != 404 { + if !properties.Response.IsHTTPStatus(http.StatusNotFound) { return "", getLockInfoErr(err) } // if we don't find the blob, we need to build it From 13b41d59f5625f6369813665ca71e44519b95e81 Mon Sep 17 00:00:00 2001 From: Matthew Frahry Date: Thu, 25 Mar 2021 13:47:12 -0700 Subject: [PATCH 9/9] Website Test Fix --- website/docs/language/settings/backends/azurerm.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/language/settings/backends/azurerm.html.md b/website/docs/language/settings/backends/azurerm.html.md index e2d2c2458..d5796a348 100644 --- a/website/docs/language/settings/backends/azurerm.html.md +++ b/website/docs/language/settings/backends/azurerm.html.md @@ -11,7 +11,7 @@ description: |- **Kind: Standard (with state locking)** -Stores the state as a Blob with the given Key within the Blob Container within [the Blob Storage Account](https://docs.microsoft.com/azure/storage/common/storage-introduction). This backend also supports state locking and consistency checking via native capabilities of Azure Blob Storage. +Stores the state as a Blob with the given Key within the Blob Container within [the Blob Storage Account](https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction). This backend also supports state locking and consistency checking via native capabilities of Azure Blob Storage. ## Example Configuration