What are the values for the azurerm_storage_data_lake_gen2_filesystem template below?
I have an azurerm_storage_data_lake_gen2_filesystem template create by another team that i cannot get a hold of and i am trying to create the resources, but i am having a hard time creating a correct tfvars entry.
Template:
locals {
access_map = {
owner_other_access = {
permissions_access = "---"
type = "other"
},
owner_group_access = {
permissions_access = "r-x"
type = "group"
},
owner_mask_access = {
permissions_access = "rwx"
type = "mask"
},
owner_user_access = {
permissions_access = "rwx"
type = "user"
}
}
default_map = {
owner_other_default = {
permissions_default = "---"
type = "other"
},
owner_group_default = {
permissions_default = "rwx"
type = "group"
},
owner_mask_default = {
permissions_default = "rwx"
type = "mask"
},
owner_user_default = {
permissions_default = "rwx"
type = "user"
}
}
}
resource "azurerm_storage_data_lake_gen2_filesystem" "this" {
for_each = var.storage_containers
name = each.value.sc_name
storage_account_id = each.value.storage_account_id
properties = {}
dynamic "ace" {
for_each = merge(local.access_map, jsondecode(each.value.acl_access))
iterator = item
content {
type = item.value.type
scope = "access"
permissions = item.value.permissions_access
id = lookup(item.value, "id", null)
}
}
dynamic "ace" {
for_each = merge(local.default_map, jsondecode(each.value.acl_default))
iterator = item
content {
type = item.value.type
scope = "default"
permissions = item.value.permissions_default
id = lookup(item.value, "id", null)
}
}
}
with variable as:
variable "storage_containers" {
description = "Storage Containers settings"
type = map(object({
storage_account_id = string
sc_name = string
acl_access = string
acl_default = string
}))
}
My struggle here is:
id = lookup(item.value, "id", null) - where is the template getting the user or the group name from?
and
jsondecode(each.value.acl_access) or jsondecode(each.value.acl_default) - what value does this have?
How will the tfvars variable look like in this case?
Thanks.
I am not sure if this template creates the containers and the ACL or just the ACL
Update: Is there a posibility to add a group or user asigned managed identity and allow it access?
Solution
My struggle here is:
id = lookup(item.value, "id", null)- where is the template getting the user or the group name from? andjsondecode(each.value.acl_access)orjsondecode(each.value.acl_default)- what value does this have? How will the tfvars variable look like in this case?
The ace blocks in the template use the jsondecode function to convert the JSON string to a map, which is then merged with the local.access_map and local.default_map to create the access control entries.
Here is the updated Terraform code to create the storage_containers using the terraform.tfvars file.
Main.tf
provider "azurerm" {
features {}
}
locals {
access_map = {
owner_other_access = {
permissions_access = "---"
type = "other"
},
owner_group_access = {
permissions_access = "r-x"
type = "group"
},
owner_mask_access = {
permissions_access = "rwx"
type = "mask"
},
owner_user_access = {
permissions_access = "rwx"
type = "user"
}
}
default_map = {
owner_other_default = {
permissions_default = "---"
type = "other"
},
owner_group_default = {
permissions_default = "rwx"
type = "group"
},
owner_mask_default = {
permissions_default = "rwx"
type = "mask"
},
owner_user_default = {
permissions_default = "rwx"
type = "user"
}
}
}
resource "azurerm_storage_data_lake_gen2_filesystem" "this" {
for_each = var.storage_containers
name = each.value.sc_name
storage_account_id = each.value.storage_account_id
properties = {}
dynamic "ace" {
for_each = merge(local.access_map, jsondecode(each.value.acl_access))
iterator = item
content {
type = item.value.type
scope = "access"
permissions = item.value.permissions_access
id = lookup(item.value, "id", null)
}
}
dynamic "ace" {
for_each = merge(local.default_map, jsondecode(each.value.acl_default))
iterator = item
content {
type = item.value.type
scope = "default"
permissions = item.value.permissions_default
id = lookup(item.value, "id", null)
}
}
}
terraform.tfvars
terraform.tfvars
storage_containers = {
container1 = {
storage_account_id = ""
sc_name = "example-container1"
acl_access = "{\"owner_user_access\":{\"permissions_access\":\"rwx\",\"type\":\"user\"},\"owner_group_access\":{\"permissions_access\":\"r-x\",\"type\":\"group\",\"id\":\"<group_object_id>\"},\"owner_other_access\":{\"permissions_access\":\"---\",\"type\":\"other\"},\"owner_mask_access\":{\"permissions_access\":\"rwx\",\"type\":\"mask\"}}"
acl_default = "{\"owner_user_default\":{\"permissions_default\":\"rwx\",\"type\":\"user\"},\"owner_group_default\":{\"permissions_default\":\"rwx\",\"type\":\"group\",\"id\":\"<group_object_id>\"},\"owner_other_default\":{\"permissions_default\":\"---\",\"type\":\"other\"},\"owner_mask_default\":{\"permissions_default\":\"rwx\",\"type\":\"mask\"}}"
},
container2 = {
storage_account_id = ""
sc_name = "example-container2"
acl_access = "{\"owner_user_access\":{\"permissions_access\":\"rwx\",\"type\":\"user\"},\"owner_group_access\":{\"permissions_access\":\"r-x\",\"type\":\"group\",\"id\":\"<group_object_id>\"},\"owner_other_access\":{\"permissions_access\":\"---\",\"type\":\"other\"},\"owner_mask_access\":{\"permissions_access\":\"rwx\",\"type\":\"mask\"}}"
acl_default = "{\"owner_user_default\":{\"permissions_default\":\"rwx\",\"type\":\"user\"},\"owner_group_default\":{\"permissions_default\":\"rwx\",\"type\":\"group\",\"id\":\"<group_object_id>\"},\"owner_other_default\":{\"permissions_default\":\"---\",\"type\":\"other\"},\"owner_mask_default\":{\"permissions_default\":\"rwx\",\"type\":\"mask\"}}"
}
}
variables.tf
variable "storage_containers" {
description = "Storage Containers settings"
type = map(object({
storage_account_id = string
sc_name = string
acl_access = string
acl_default = string
}))
}
After running the above Terraform code, the containers have been created.
Output:
terraform apply -var-file=terraform.tfvars
The specified group will have access to the storage containers.
- terraform tags for list variable not working
- Terraform 13, Validate variable base on the value of another
- How do I reference a resource created from different module in my current module?
- Terraform - GCP - Import project IAM member
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Terraform doesn't allow to use variable when creating resource. How to go around?
- Authenticating using the Azure CLI is only supported as a User (not a Service Principal)
- Terraform outputs 'Error: Variables not allowed' when doing a plan
- Issue with Azure key vault and Azure storage account deployment
- temporary_name_for_rotation must be specified when changing any of the following properties: pod_subnet_id
- Why is TF build failing with "Error refreshing state: HTTP remote state endpoint requires auth"?
- With Gitlab, in the CI/CD pipeline, how can I dynamically create and save SSH key pairs as CI/CD project variables?
- Conditionally add element to existing map
- Parse HCL block into Golang map
- Run an AWS ECS task
- Terraform Error: Error locking state: Error acquiring the state lock: 2 errors occurred:
- Terraform: Error: retrieving static website properties for Storage Account (Subscription: *** : context deadline exceeded
- How to add additional security groups to EKS cluster?
- How to use a blue/green deployment style with CodeDeploy and Auto Scaling Groups that allows for repetitive deployments in Terraform?
- Self referenced Security group inbound rule in AWS RDS terraform?
- How to run this terraform nested for loop?
- Error: Failure when executing a Terraform Resource creation request
- Conditionally add property to object
- Registering a private endpoint in Azure private DNS automatically using Terraform
- How to deal with "Error: Duplicate object key" in Terraform
- Unable to use VARs from a tfvars file in Terraform
- Terraform AWS Provider: SecretsManager can't apply because version was deleted
- Experimenting Locally with Terraform
- Upgrade terraform to specific version
- When I used Terraform to organize Docker for deployment, pulling the image failed