Enable Double (infrastructure) Encryption on ARO-provisioned storage accounts (#3216)

* Upgrade Microsoft.Storage API Version to 2019-06-01

* Explicitly set encryption Enabled=True on all storage account services

This is not strictly necessary, as the Storage API will default these to True.
This change is just to reconcile expected with actual.

* Update generated deployment assets

pkg/cluster/deploybaseresources_additional.go

@@ -153,15 +153,19 @@ func (m *manager) storageAccount(name, region string, ocpSubnets []string, encry
 			Services: &mgmtstorage.EncryptionServices{
 				Blob: &mgmtstorage.EncryptionService{
 					KeyType: mgmtstorage.KeyTypeAccount,
+					Enabled: to.BoolPtr(true),
 				},
 				File: &mgmtstorage.EncryptionService{
 					KeyType: mgmtstorage.KeyTypeAccount,
+					Enabled: to.BoolPtr(true),
 				},
 				Table: &mgmtstorage.EncryptionService{
 					KeyType: mgmtstorage.KeyTypeAccount,
+					Enabled: to.BoolPtr(true),
 				},
 				Queue: &mgmtstorage.EncryptionService{
 					KeyType: mgmtstorage.KeyTypeAccount,
+					Enabled: to.BoolPtr(true),
 				},
 			},
 			KeySource: mgmtstorage.KeySourceMicrosoftStorage,

pkg/deploy/assets/gateway-production.json

@@ -113,7 +113,7 @@
             "location": "[resourceGroup().location]",
             "name": "[substring(parameters('gatewayStorageAccountDomain'), 0, indexOf(parameters('gatewayStorageAccountDomain'), '.'))]",
             "type": "Microsoft.Storage/storageAccounts",
-            "apiVersion": "2019-04-01"
+            "apiVersion": "2019-06-01"
         },
         {
             "sku": {

pkg/deploy/assets/rp-production-global.json

@@ -107,7 +107,7 @@
             "location": "[resourceGroup().location]",
             "name": "[parameters('rpVersionStorageAccountName')]",
             "type": "Microsoft.Storage/storageAccounts",
-            "apiVersion": "2019-04-01"
+            "apiVersion": "2019-06-01"
         },
         {
             "properties": {
@@ -116,7 +116,7 @@
             },
             "name": "[concat(parameters('rpVersionStorageAccountName'), '/default/rpversion')]",
             "type": "Microsoft.Storage/storageAccounts/blobServices/containers",
-            "apiVersion": "2019-04-01",
+            "apiVersion": "2019-06-01",
             "dependsOn": [
                 "[resourceId('Microsoft.Storage/storageAccounts', parameters('rpVersionStorageAccountName'))]"
             ]
@@ -128,7 +128,7 @@
             },
             "name": "[concat(parameters('rpVersionStorageAccountName'), '/default/ocpversions')]",
             "type": "Microsoft.Storage/storageAccounts/blobServices/containers",
-            "apiVersion": "2019-04-01",
+            "apiVersion": "2019-06-01",
             "dependsOn": [
                 "[resourceId('Microsoft.Storage/storageAccounts', parameters('rpVersionStorageAccountName'))]"
             ]

pkg/deploy/assets/rp-production.json

@@ -552,7 +552,7 @@
             "location": "[resourceGroup().location]",
             "name": "[substring(parameters('storageAccountDomain'), 0, indexOf(parameters('storageAccountDomain'), '.'))]",
             "type": "Microsoft.Storage/storageAccounts",
-            "apiVersion": "2019-04-01"
+            "apiVersion": "2019-06-01"
         },
         {
             "properties": {

pkg/util/azureclient/apiversions.go

@@ -27,7 +27,7 @@ var apiVersions = map[string]string{
 	"microsoft.network":                        "2020-08-01",
 	"microsoft.network/dnszones":               "2018-05-01",
 	"microsoft.network/privatednszones":        "2018-09-01",
-	"microsoft.storage":                        "2019-04-01",
+	"microsoft.storage":                        "2019-06-01",
 }
 
 // APIVersion gets the APIVersion from a full resource type