-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #6 from Datatamer/14968-sas-token
DEV-14968: Add optional sas token submodule
- Loading branch information
Showing
8 changed files
with
144 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
1.0.0 | ||
1.1.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
# Tamr Azure SAS token module | ||
|
||
This terraform module creates a Shared Access Signature for an existing storage account | ||
|
||
## Assumptions | ||
* A resource group exists | ||
* A storage account exists for which the token will be created | ||
|
||
# Examples | ||
## Basic | ||
`terraform apply` | ||
|
||
main.tf: | ||
``` | ||
module "sas-token" { | ||
source = "git::https://github.com/Datatamer/terraform-azure-adls-gen2.git//modules/azure-sas-token?ref=x.y.z" | ||
storage_account_primary_connection_string = azurerm_storage_account.adls2_storage.primary_connection_string | ||
start_time = "2021-01-1T00:00:00Z" | ||
end_time = "2021-12-31T00:00:00Z" | ||
} | ||
``` | ||
|
||
## SAS token | ||
Smallest complete fully working example with a SAS Token. This example might require extra resources to run the example. | ||
- [Minimal](https://github.com/Datatamer/terraform-adls-gen2/tree/master/examples/minimal) | ||
|
||
# Resources Created | ||
This modules creates no new resources | ||
|
||
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
## Requirements | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| terraform | >= 0.12 | | ||
| azuread | >= 1.5.0 | | ||
| azurerm | >= 2.60.0 | | ||
|
||
## Providers | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| azurerm | >= 2.60.0 | | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| end\_time | The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string | `string` | n/a | yes | | ||
| start\_time | The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string | `string` | n/a | yes | | ||
| storage\_account\_primary\_connection\_string | Primary connection string associated with the storage account for which the token will be created | `string` | n/a | yes | | ||
| delete\_allowed | Whether or not to give this token permission to delete blobs | `bool` | `false` | no | | ||
| signed\_version | Specifies the signed storage service version to use to authorize requests made with this account SAS | `string` | `"2017-07-29"` | no | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| sas\_url\_query\_string | Token for client usage | | ||
|
||
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
data "azurerm_storage_account_sas" "sas_token" { | ||
connection_string = var.storage_account_primary_connection_string | ||
https_only = true | ||
signed_version = var.signed_version | ||
|
||
resource_types { | ||
service = true | ||
container = true | ||
object = true | ||
} | ||
|
||
services { | ||
blob = true | ||
queue = false | ||
table = false | ||
file = true | ||
} | ||
|
||
start = var.start_time | ||
expiry = var.end_time | ||
|
||
permissions { | ||
read = true | ||
write = true | ||
delete = var.delete_allowed | ||
list = true | ||
add = true | ||
create = true | ||
update = false | ||
process = false | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
output "sas_url_query_string" { | ||
description = "Token for client usage" | ||
value = data.azurerm_storage_account_sas.sas_token.sas | ||
sensitive = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
variable "storage_account_primary_connection_string" { | ||
description = "Primary connection string associated with the storage account for which the token will be created" | ||
type = string | ||
} | ||
|
||
variable "signed_version" { | ||
description = "Specifies the signed storage service version to use to authorize requests made with this account SAS" | ||
type = string | ||
default = "2017-07-29" | ||
} | ||
|
||
variable "start_time" { | ||
description = "The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string" | ||
type = string | ||
} | ||
|
||
variable "end_time" { | ||
description = "The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string" | ||
type = string | ||
} | ||
|
||
variable "delete_allowed" { | ||
description = "Whether or not to give this token permission to delete blobs" | ||
type = bool | ||
default = false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
terraform { | ||
required_version = ">= 0.12" | ||
required_providers { | ||
azuread = ">= 1.5.0" | ||
azurerm = ">= 2.60.0" | ||
} | ||
} |