What are the values for the azurerm_storage_data_lake_gen2_filesystem template below?
I have an azurerm_storage_data_lake_gen2_filesystem template create by another team that i cannot get a hold of and i am trying to create the resources, but i am having a hard time creating a correct tfvars entry.
Template:
locals {
access_map = {
owner_other_access = {
permissions_access = "---"
type = "other"
},
owner_group_access = {
permissions_access = "r-x"
type = "group"
},
owner_mask_access = {
permissions_access = "rwx"
type = "mask"
},
owner_user_access = {
permissions_access = "rwx"
type = "user"
}
}
default_map = {
owner_other_default = {
permissions_default = "---"
type = "other"
},
owner_group_default = {
permissions_default = "rwx"
type = "group"
},
owner_mask_default = {
permissions_default = "rwx"
type = "mask"
},
owner_user_default = {
permissions_default = "rwx"
type = "user"
}
}
}
resource "azurerm_storage_data_lake_gen2_filesystem" "this" {
for_each = var.storage_containers
name = each.value.sc_name
storage_account_id = each.value.storage_account_id
properties = {}
dynamic "ace" {
for_each = merge(local.access_map, jsondecode(each.value.acl_access))
iterator = item
content {
type = item.value.type
scope = "access"
permissions = item.value.permissions_access
id = lookup(item.value, "id", null)
}
}
dynamic "ace" {
for_each = merge(local.default_map, jsondecode(each.value.acl_default))
iterator = item
content {
type = item.value.type
scope = "default"
permissions = item.value.permissions_default
id = lookup(item.value, "id", null)
}
}
}
with variable as:
variable "storage_containers" {
description = "Storage Containers settings"
type = map(object({
storage_account_id = string
sc_name = string
acl_access = string
acl_default = string
}))
}
My struggle here is:
id = lookup(item.value, "id", null) - where is the template getting the user or the group name from?
and
jsondecode(each.value.acl_access) or jsondecode(each.value.acl_default) - what value does this have?
How will the tfvars variable look like in this case?
Thanks.
I am not sure if this template creates the containers and the ACL or just the ACL
Update: Is there a posibility to add a group or user asigned managed identity and allow it access?
Solution
My struggle here is:
id = lookup(item.value, "id", null)- where is the template getting the user or the group name from? andjsondecode(each.value.acl_access)orjsondecode(each.value.acl_default)- what value does this have? How will the tfvars variable look like in this case?
The ace blocks in the template use the jsondecode function to convert the JSON string to a map, which is then merged with the local.access_map and local.default_map to create the access control entries.
Here is the updated Terraform code to create the storage_containers using the terraform.tfvars file.
Main.tf
provider "azurerm" {
features {}
}
locals {
access_map = {
owner_other_access = {
permissions_access = "---"
type = "other"
},
owner_group_access = {
permissions_access = "r-x"
type = "group"
},
owner_mask_access = {
permissions_access = "rwx"
type = "mask"
},
owner_user_access = {
permissions_access = "rwx"
type = "user"
}
}
default_map = {
owner_other_default = {
permissions_default = "---"
type = "other"
},
owner_group_default = {
permissions_default = "rwx"
type = "group"
},
owner_mask_default = {
permissions_default = "rwx"
type = "mask"
},
owner_user_default = {
permissions_default = "rwx"
type = "user"
}
}
}
resource "azurerm_storage_data_lake_gen2_filesystem" "this" {
for_each = var.storage_containers
name = each.value.sc_name
storage_account_id = each.value.storage_account_id
properties = {}
dynamic "ace" {
for_each = merge(local.access_map, jsondecode(each.value.acl_access))
iterator = item
content {
type = item.value.type
scope = "access"
permissions = item.value.permissions_access
id = lookup(item.value, "id", null)
}
}
dynamic "ace" {
for_each = merge(local.default_map, jsondecode(each.value.acl_default))
iterator = item
content {
type = item.value.type
scope = "default"
permissions = item.value.permissions_default
id = lookup(item.value, "id", null)
}
}
}
terraform.tfvars
terraform.tfvars
storage_containers = {
container1 = {
storage_account_id = ""
sc_name = "example-container1"
acl_access = "{\"owner_user_access\":{\"permissions_access\":\"rwx\",\"type\":\"user\"},\"owner_group_access\":{\"permissions_access\":\"r-x\",\"type\":\"group\",\"id\":\"<group_object_id>\"},\"owner_other_access\":{\"permissions_access\":\"---\",\"type\":\"other\"},\"owner_mask_access\":{\"permissions_access\":\"rwx\",\"type\":\"mask\"}}"
acl_default = "{\"owner_user_default\":{\"permissions_default\":\"rwx\",\"type\":\"user\"},\"owner_group_default\":{\"permissions_default\":\"rwx\",\"type\":\"group\",\"id\":\"<group_object_id>\"},\"owner_other_default\":{\"permissions_default\":\"---\",\"type\":\"other\"},\"owner_mask_default\":{\"permissions_default\":\"rwx\",\"type\":\"mask\"}}"
},
container2 = {
storage_account_id = ""
sc_name = "example-container2"
acl_access = "{\"owner_user_access\":{\"permissions_access\":\"rwx\",\"type\":\"user\"},\"owner_group_access\":{\"permissions_access\":\"r-x\",\"type\":\"group\",\"id\":\"<group_object_id>\"},\"owner_other_access\":{\"permissions_access\":\"---\",\"type\":\"other\"},\"owner_mask_access\":{\"permissions_access\":\"rwx\",\"type\":\"mask\"}}"
acl_default = "{\"owner_user_default\":{\"permissions_default\":\"rwx\",\"type\":\"user\"},\"owner_group_default\":{\"permissions_default\":\"rwx\",\"type\":\"group\",\"id\":\"<group_object_id>\"},\"owner_other_default\":{\"permissions_default\":\"---\",\"type\":\"other\"},\"owner_mask_default\":{\"permissions_default\":\"rwx\",\"type\":\"mask\"}}"
}
}
variables.tf
variable "storage_containers" {
description = "Storage Containers settings"
type = map(object({
storage_account_id = string
sc_name = string
acl_access = string
acl_default = string
}))
}
After running the above Terraform code, the containers have been created.
Output:
terraform apply -var-file=terraform.tfvars
The specified group will have access to the storage containers.
- Use Terraform to assign realm-management role to service account user in Keycloak
- terraform aws aurora module: argument "engine" required, but it's actually there
- How to execute kubectl commands in HCP?
- Terraform: Create tfvars from local values
- Terraform - Upload file to S3 on every apply
- AWS ECS creates two instances
- Copy a list of terraform objects, replacing values in each object
- How to configure autoscaler in managed instance group to autoscale when required?
- Terraform output: how to get the first item from a container if any exists
- How to use if/else statement in terraform for loop
- terraform storing sensitive data in state file
- How to deal with "Error: Duplicate object key" in Terraform
- Terraform Module for multiple rules in Cloudflare ruleset
- Terraform: Import resource which is held in a module, not root
- Deploying an OpenAPI-based API gateway via Terraform?
- How to get private ip of EC2 instances spin up by ASG using Terraform
- Terraform set data source of key vault based on variable
- How to create Azure ML Registry using Terraform?
- Terraform AzureRM - route table BGP propagation failing
- Gitlab Pipeline Failing on Terraform Init
- Unable to set JSON value to variable in Terraform
- How to use output from one terraform resource for_each in another resource?
- Handle Cors from lambda to cloudfront or s3
- How to attach AWS Auto Scaling group instances to ELB Target Group in Terraform ? Should `aws_autoscaling_attachment` or `target_group_arns` be used?
- Error: Terraform Docker Image Build Fails with 403 Status Code While Using docker_image Resource
- error while applying kubernetes from yml file
- Terraform: Use count.index in variable name
- schedule autoscaler in terraform for GCP?
- Gitlab CI Terraform use plan and apply in diferent stage
- RDS Proxy: PENDING_PROXY_CAPACITY and "DBProxy Target unavailable due to an internal error"