DEVHIDE
Login Or Sign up

What are the values for the azurerm_storage_data_lake_gen2_filesystem template below?

143 Views Asked by At

I have an azurerm_storage_data_lake_gen2_filesystem template create by another team that i cannot get a hold of and i am trying to create the resources, but i am having a hard time creating a correct tfvars entry.

Template:

locals {
  access_map = {
    owner_other_access = {
      permissions_access = "---"
      type               = "other"
    },
    owner_group_access = {
      permissions_access = "r-x"
      type               = "group"
    },
    owner_mask_access = {
      permissions_access = "rwx"
      type               = "mask"
    },
    owner_user_access = {
      permissions_access = "rwx"
      type               = "user"
    }
  }

  default_map = {
    owner_other_default = {
      permissions_default = "---"
      type                = "other"
    },
    owner_group_default = {
      permissions_default = "rwx"
      type                = "group"
    },
    owner_mask_default = {
      permissions_default = "rwx"
      type                = "mask"
    },
    owner_user_default = {
      permissions_default = "rwx"
      type                = "user"
    }
  }
}


resource "azurerm_storage_data_lake_gen2_filesystem" "this" {
  for_each = var.storage_containers

  name               = each.value.sc_name
  storage_account_id = each.value.storage_account_id

  properties = {}

  dynamic "ace" {
    for_each = merge(local.access_map, jsondecode(each.value.acl_access))
    iterator = item

    content {
      type        = item.value.type
      scope       = "access"
      permissions = item.value.permissions_access
      id          = lookup(item.value, "id", null)
    }
  }

  dynamic "ace" {
    for_each = merge(local.default_map, jsondecode(each.value.acl_default))
    iterator = item

    content {
      type        = item.value.type
      scope       = "default"
      permissions = item.value.permissions_default
      id          = lookup(item.value, "id", null)
    }
  }
}

with variable as:

variable "storage_containers" {
  description = "Storage Containers settings"
  type = map(object({
    storage_account_id = string
    sc_name            = string
    acl_access         = string
    acl_default        = string
  }))
}

My struggle here is: id = lookup(item.value, "id", null) - where is the template getting the user or the group name from? and jsondecode(each.value.acl_access) or jsondecode(each.value.acl_default) - what value does this have? How will the tfvars variable look like in this case?

Thanks.

I am not sure if this template creates the containers and the ACL or just the ACL

Update: Is there a posibility to add a group or user asigned managed identity and allow it access?

terraform terraform-provider-azure azure-data-lake-gen2 terraform-template-file
Original Q&A
1

There are 1 best solutions below

7
Venkat V On BEST ANSWER

My struggle here is: id = lookup(item.value, "id", null) - where is the template getting the user or the group name from? and jsondecode(each.value.acl_access) or jsondecode(each.value.acl_default) - what value does this have? How will the tfvars variable look like in this case?

The ace blocks in the template use the jsondecode function to convert the JSON string to a map, which is then merged with the local.access_map and local.default_map to create the access control entries.

Here is the updated Terraform code to create the storage_containers using the terraform.tfvars file.

Main.tf

provider "azurerm" {
      features {}
    }
    locals {
      access_map = {
        owner_other_access = {
          permissions_access = "---"
          type               = "other"
        },
        owner_group_access = {
          permissions_access = "r-x"
          type               = "group"
        },
        owner_mask_access = {
          permissions_access = "rwx"
          type               = "mask"
        },
        owner_user_access = {
          permissions_access = "rwx"
          type               = "user"
        }
      }
    
      default_map = {
        owner_other_default = {
          permissions_default = "---"
          type                = "other"
        },
        owner_group_default = {
          permissions_default = "rwx"
          type                = "group"
        },
        owner_mask_default = {
          permissions_default = "rwx"
          type                = "mask"
        },
        owner_user_default = {
          permissions_default = "rwx"
          type                = "user"
        }
      }
    }
    
    resource "azurerm_storage_data_lake_gen2_filesystem" "this" {
      for_each = var.storage_containers
    
      name               = each.value.sc_name
      storage_account_id = each.value.storage_account_id
    
      properties = {}
    
      dynamic "ace" {
        for_each = merge(local.access_map, jsondecode(each.value.acl_access))
        iterator = item
    
        content {
          type        = item.value.type
          scope       = "access"
          permissions = item.value.permissions_access
          id          = lookup(item.value, "id", null)
        }
      }
    
      dynamic "ace" {
        for_each = merge(local.default_map, jsondecode(each.value.acl_default))
        iterator = item
    
        content {
          type        = item.value.type
          scope       = "default"
          permissions = item.value.permissions_default
          id          = lookup(item.value, "id", null)
        }
      }
    }

terraform.tfvars

terraform.tfvars

storage_containers = {
  container1 = {
    storage_account_id = ""
    sc_name            = "example-container1"
    acl_access         = "{\"owner_user_access\":{\"permissions_access\":\"rwx\",\"type\":\"user\"},\"owner_group_access\":{\"permissions_access\":\"r-x\",\"type\":\"group\",\"id\":\"<group_object_id>\"},\"owner_other_access\":{\"permissions_access\":\"---\",\"type\":\"other\"},\"owner_mask_access\":{\"permissions_access\":\"rwx\",\"type\":\"mask\"}}"
    acl_default        = "{\"owner_user_default\":{\"permissions_default\":\"rwx\",\"type\":\"user\"},\"owner_group_default\":{\"permissions_default\":\"rwx\",\"type\":\"group\",\"id\":\"<group_object_id>\"},\"owner_other_default\":{\"permissions_default\":\"---\",\"type\":\"other\"},\"owner_mask_default\":{\"permissions_default\":\"rwx\",\"type\":\"mask\"}}"
  },
  container2 = {
    storage_account_id = ""
    sc_name            = "example-container2"
    acl_access         = "{\"owner_user_access\":{\"permissions_access\":\"rwx\",\"type\":\"user\"},\"owner_group_access\":{\"permissions_access\":\"r-x\",\"type\":\"group\",\"id\":\"<group_object_id>\"},\"owner_other_access\":{\"permissions_access\":\"---\",\"type\":\"other\"},\"owner_mask_access\":{\"permissions_access\":\"rwx\",\"type\":\"mask\"}}"
    acl_default        = "{\"owner_user_default\":{\"permissions_default\":\"rwx\",\"type\":\"user\"},\"owner_group_default\":{\"permissions_default\":\"rwx\",\"type\":\"group\",\"id\":\"<group_object_id>\"},\"owner_other_default\":{\"permissions_default\":\"---\",\"type\":\"other\"},\"owner_mask_default\":{\"permissions_default\":\"rwx\",\"type\":\"mask\"}}"
  }
}

variables.tf

variable "storage_containers" {
  description = "Storage Containers settings"
  type        = map(object({
    storage_account_id = string
    sc_name            = string
    acl_access         = string
    acl_default        = string
  }))
}

After running the above Terraform code, the containers have been created.

Output:

terraform apply -var-file=terraform.tfvars

enter image description here

The specified group will have access to the storage containers.

enter image description here

Related Questions in TERRAFORM

Related Questions in TERRAFORM-PROVIDER-AZURE

Related Questions in AZURE-DATA-LAKE-GEN2

Related Questions in TERRAFORM-TEMPLATE-FILE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.