Problem statement I am trying to automatically map an Azure file share to Windows VMs using Azure VM extension. The VM extension installs successfully, the command runs but on logging into the VM I see that my drive is disconnected.
On trying to access it, I get an incorrect username or password error. However, running the PowerShell script on the machine correctly maps the network drive and I can access it.
Code
resource "azurerm_virtual_machine_extension" "test" {
# Custom VM extension documentation https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
# additional documentation http://teknews.cloud/bootstrapping-azure-vms-with-terraform/, https://github.com/terraform-providers/terraform-provider-azurerm/issues/728
name = "network_share"
location = "${azurerm_resource_group.main.location}"
resource_group_name = "${azurerm_resource_group.main.name}"
#virtual_machine_name = "${azurerm_virtual_machine.vm.name}"
virtual_machine_name = "${element(azurerm_virtual_machine.vm.*.name, count.index)}"
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.9"
count = "${var.vm_count}"
settings = <<SETTINGS
{
"commandToExecute": "powershell -command \"[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('${base64encode(data.template_file.net_fileshare_script.rendered)}')) | Out-File -filepath net_fileshare_script.ps1\" && powershell -File net_fileshare_script.ps1"
}
SETTINGS
depends_on = ["azurerm_virtual_machine.vm"]
}
data "template_file" "net_fileshare_script" {
template = "${file("./scripts/net_fileshare_script.ps1")}"
}
I found out the script works as it is. The problem is that the credentials for the storage share aren't available to the remote user once logged in.
Once the remote user logs in, running this command
Invoke-Expression -Command "cmdkey /add:storageaccount.file.core.windows.net /user:AZURE\storageaccount /pass:storagekey"
makes the storage share accessible to the remote user account.
NB: Is it possible to make a credential available to multiple user accounts via a one time script?