terraform-provider-netapp-cloudmanager icon indicating copy to clipboard operation
terraform-provider-netapp-cloudmanager copied to clipboard

Published 20 hours ago verified publisher icon NetApp

Infrastructure Encryption argument for Azure Storage Account needed in Cloud Manager provider

Open krishna7028 opened this issue 2 years ago • 4 comments

Team,

We were trying to deploy, Connector/CVO resources in azure using terraform cloud manager provider 22.12.0(latest in TF registry),however due to policy violation I was unable to apply the code,

Message="The template deployment failed because of policy violation. Please see details for more information."Please create all Storage Accounts with Infrastructure Encryption enabled.'

Our Company recently applied azure policy at company(tenant) level to have Infrastructure encryption enabled for all storage accounts, due to security compliance.

Upon checking, Cloud manager 22.12.0 provider doesn't have this argument to specify in TF code, in both cloumanger connector & CVO resources.. Please help to update this argument, from cloudmanager provider so we can update the code and try deploying Connector/CVO instance.

Argument:

**[infrastructure_encryption_enabled = True/False]

  • (Optional) Is infrastructure encryption enabled? Changing this forces a new resource to be created. Defaults to false.**(https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#infrastructure_encryption_enabled)

Regards,Sathish

krishna7028 avatar Dec 22 '22 18:12 krishna7028

Hi Team,

Could you please help get an update here, Awaiting for your response,

Regards,Sathish

krishna7028 avatar Jan 18 '23 18:01 krishna7028

We made a mistake in linking this to issue #145. Sorry for the delay.

We discussed this internally. The conclusion is that you have two ways to define a Storage Account when deploying a connector:

  1. create the Storage Account before hand, and reference the existing SA using the storage_account parameter.
  2. let our provider create the SA when creating the connector.

We want to keep method 2 as simple as possible. If anything else is required, it is better to create a customized SA in Azure first, and reference it when creating the container.

lonico avatar Jan 24 '23 21:01 lonico

Thanks Ionico,

Apologizes for late response, QQ,I am understanding, this is only for connector and not for CVO right?

Is there a way, can we achieve the same for CVO deployment, Please update ,thanks.

Regards,Sathish

krishna7028 avatar Feb 20 '23 17:02 krishna7028

Sorry for the delayed response, Laurent is no more at NetApp. Let me know how are things working related to this issue.

Suggestion from Laurent was helpful?

suhasbshekar avatar Jan 31 '25 20:01 suhasbshekar