Skip to content

Commit

Permalink
Merge pull request #6 from Datatamer/14968-sas-token
Browse files Browse the repository at this point in the history
DEV-14968: Add optional sas token submodule
  • Loading branch information
schwartzmanb authored Sep 9, 2021
2 parents 057efef + d2c5c1c commit ef2f879
Show file tree
Hide file tree
Showing 8 changed files with 144 additions and 1 deletion.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
# Tamr Terraform ADLS Gen2 module

# v1.1.0 - Aug 25th 2021
* Add optional `azure-sas-token` submodule

# v1.0.0 - June 1st 2021
* Upgrade `azurerm` provider
* Upgrade `azuread` provider
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.0.0
1.1.0
8 changes: 8 additions & 0 deletions examples/minimal/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -41,3 +41,11 @@ module "rules" {
allowed_ips = ["4.3.2.1"]
allowed_subnet_ids = [azurerm_subnet.example-subnet.id]
}

module "sas-token" {
source = "../../modules/azure-sas-token"

storage_account_primary_connection_string = module.minimal.storage_account_primary_connection_string
start_time = "2021-01-1T00:00:00Z"
end_time = "2021-12-31T00:00:00Z"
}
62 changes: 62 additions & 0 deletions modules/azure-sas-token/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# Tamr Azure SAS token module

This terraform module creates a Shared Access Signature for an existing storage account

## Assumptions
* A resource group exists
* A storage account exists for which the token will be created

# Examples
## Basic
`terraform apply`

main.tf:
```
module "sas-token" {
source = "git::https://github.com/Datatamer/terraform-azure-adls-gen2.git//modules/azure-sas-token?ref=x.y.z"
storage_account_primary_connection_string = azurerm_storage_account.adls2_storage.primary_connection_string
start_time = "2021-01-1T00:00:00Z"
end_time = "2021-12-31T00:00:00Z"
}
```

## SAS token
Smallest complete fully working example with a SAS Token. This example might require extra resources to run the example.
- [Minimal](https://github.com/Datatamer/terraform-adls-gen2/tree/master/examples/minimal)

# Resources Created
This modules creates no new resources

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

| Name | Version |
|------|---------|
| terraform | >= 0.12 |
| azuread | >= 1.5.0 |
| azurerm | >= 2.60.0 |

## Providers

| Name | Version |
|------|---------|
| azurerm | >= 2.60.0 |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| end\_time | The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string | `string` | n/a | yes |
| start\_time | The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string | `string` | n/a | yes |
| storage\_account\_primary\_connection\_string | Primary connection string associated with the storage account for which the token will be created | `string` | n/a | yes |
| delete\_allowed | Whether or not to give this token permission to delete blobs | `bool` | `false` | no |
| signed\_version | Specifies the signed storage service version to use to authorize requests made with this account SAS | `string` | `"2017-07-29"` | no |

## Outputs

| Name | Description |
|------|-------------|
| sas\_url\_query\_string | Token for client usage |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
32 changes: 32 additions & 0 deletions modules/azure-sas-token/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
data "azurerm_storage_account_sas" "sas_token" {
connection_string = var.storage_account_primary_connection_string
https_only = true
signed_version = var.signed_version

resource_types {
service = true
container = true
object = true
}

services {
blob = true
queue = false
table = false
file = true
}

start = var.start_time
expiry = var.end_time

permissions {
read = true
write = true
delete = var.delete_allowed
list = true
add = true
create = true
update = false
process = false
}
}
5 changes: 5 additions & 0 deletions modules/azure-sas-token/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
output "sas_url_query_string" {
description = "Token for client usage"
value = data.azurerm_storage_account_sas.sas_token.sas
sensitive = true
}
26 changes: 26 additions & 0 deletions modules/azure-sas-token/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
variable "storage_account_primary_connection_string" {
description = "Primary connection string associated with the storage account for which the token will be created"
type = string
}

variable "signed_version" {
description = "Specifies the signed storage service version to use to authorize requests made with this account SAS"
type = string
default = "2017-07-29"
}

variable "start_time" {
description = "The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string"
type = string
}

variable "end_time" {
description = "The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string"
type = string
}

variable "delete_allowed" {
description = "Whether or not to give this token permission to delete blobs"
type = bool
default = false
}
7 changes: 7 additions & 0 deletions modules/azure-sas-token/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
terraform {
required_version = ">= 0.12"
required_providers {
azuread = ">= 1.5.0"
azurerm = ">= 2.60.0"
}
}

0 comments on commit ef2f879

Please sign in to comment.