Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.
Description
I like to understand why the property 'allow_nested_items_to_be_public' of a storage account is named this way.
In every other tooling this setting is called allowBlobPublicAccess. So why is it that different in azurem which is not even intuitive to find. What makes it even worse is that one would not find it by searching for "blob" in the documentation because not even the description is a hint to the actual setting in azure: " (Optional) Allow or disallow nested items within this Account to opt into being public."
In additional the default is exactly the opposite as it is actually in Azure. (Default in Azure is false where in azurerm it is true)
This all makes the setting very difficult to find. Especially when there is an Azure Policy which says you the storage account cannot be created because the setting allowBlobPublicAccess must be set to false but you cannot find it in Terraform azurerm.
Azure Portal:
Azure CLI:
az storage account create --allow-blob-public-access $false
ARM / Bicep:
properties: {
allowBlobPublicAccess: false
]
Azure PowserShell:
New-AzStorageAccount -AllowBlobPublicAccess
Terraform azurerm:
allow_nested_items_to_be_public = false
So, I think it would be worth considering if this cannot be changed to the actual name of the setting and to use the same default value as azure itself is using (false instead of true).
Chambras
commented
3 days ago
Is there an existing issue for this?
Community Note
Description
I like to understand why the property 'allow_nested_items_to_be_public' of a storage account is named this way.
In every other tooling this setting is called
allowBlobPublicAccess. So why is it that different in azurem which is not even intuitive to find. What makes it even worse is that one would not find it by searching for "blob" in the documentation because not even the description is a hint to the actual setting in azure: " (Optional) Allow or disallow nested items within this Account to opt into being public."In additional the default is exactly the opposite as it is actually in Azure. (Default in Azure is
falsewhere in azurerm it istrue)This all makes the setting very difficult to find. Especially when there is an Azure Policy which says you the storage account cannot be created because the setting
allowBlobPublicAccessmust be set tofalsebut you cannot find it in Terraform azurerm.Azure Portal:
Azure CLI:
ARM / Bicep:
Azure PowserShell:
Terraform azurerm:
So, I think it would be worth considering if this cannot be changed to the actual name of the setting and to use the same default value as azure itself is using (false instead of true).
Thanks!
New or Affected Resource(s)/Data Source(s)
azurerm_storage_account
Potential Terraform Configuration
References
https://learn.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure