I am trying to create a path with specific ACLs in Azure storage using Terraform/OpenTofu. I have something like this:
resource "azurerm_storage_data_lake_gen2_path" "example" {
path = "example"
filesystem_name = "example"
storage_account_id = var.storage_account_id
resource = "directory"
ace {
scope = "access"
type = "user"
id = azuread_application.example.object_id
permissions = "rwx"
}
ace {
scope = "default"
type = "user"
id = azuread_application.example.object_id
permissions = "rwx"
}
}
I'm specifying the storage_account_id as a variable as the storage account was created outside of Terraform.
However, when I try to apply this, I get the following error:
Error: checking for existence of existing Path "example" in File System "example" in Storage Account (Subscription: "abc123"
Resource Group Name: "example"
Storage Account Name: "example"): datalakestore.Client#GetProperties: Failure sending request: StatusCode=409 -- Original Error: autorest/azure: Service
eturned an error. Status=<nil> <nil>
with module.example.azurerm_storage_data_lake_gen2_path.example,
on modules/example/main.tf line 45, in resource "azurerm_storage_data_lake_gen2_path" "example":
45: resource "azurerm_storage_data_lake_gen2_path" "example" {
My first guess was that I was hitting a limitation of the azurerm provider and the control plane API, as I have public network access disabled. However, enabling public network access on a test account did not change the error.
Double-check the storage account type. If it's not Azure Data Lake Gen2, then you'll get the above error when trying to modify it with
azurerm_storage_data_lake_gen2_path.When I switched to the correct type of storage account, everything worked.