Skip to content

Commit e35791a

Browse files
kharkevichkharkevich
authored
Merge pull request #5 from omartushevskyi/feature/custom-folders-permissions
feat: refactored the module to support different permissions for each folder
2 parents 63bd72c + 489f1d5 commit e35791a

File tree

5 files changed

+65
-131
lines changed

5 files changed

+65
-131
lines changed

README.md

Lines changed: 36 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -9,30 +9,38 @@ If your Service Principal for Terraform is assigned to **"Storage Blob Data Owne
99
Below is an example of module usage, here you are providing users in "_adls_ro_users_" and "_adls_rw_users_" variables. After, passing this map to ADLS module.
1010
```hcl
1111
locals {
12-
13-
# Read only users
14-
adls_ro_users = [
15-
"[email protected]",
16-
"[email protected]"
17-
]
18-
19-
# Read and Write users
20-
adls_rw_users = [
21-
"[email protected]"
22-
]
23-
24-
# Map with user permissions
12+
# Map with adls2 file systems configuration
2513
adls2fs = {
26-
"my-data-lake" = concat([
27-
for u in local.adls_ro_users : { user = var.user_object_ids[u], permissions = "r-x", scope = "access", type = "user" }
28-
], [
29-
for u in local.adls_ro_users : { user = var.user_object_ids[u], permissions = "r-x", scope = "default", type = "user" }
30-
], [
31-
for u in local.adls_rw_users : { user = var.user_object_ids[u], permissions = "rwx", scope = "access", type = "user" }
32-
], [
33-
for u in local.adls_rw_users : { user = var.user_object_ids[u], permissions = "rwx", scope = "default", type = "user" }
14+
"my-data-lake" = {
15+
permissions = [
16+
{ group = "********-****-****-****-************", permissions = "rwx", scope = "access", type = "group" },
17+
{ group = "********-****-****-****-************", permissions = "---", scope = "default", type = "group" },
18+
{ group = "********-****-****-****-************", permissions = "rwx", scope = "access", type = "group" },
19+
{ group = "********-****-****-****-************", permissions = "---", scope = "default", type = "group" }
3420
]
35-
)
21+
folders_config = [
22+
{
23+
path: "raw",
24+
permissions: [
25+
{ group = "********-****-****-****-************", permissions = "r-x", scope = "access", type = "group" },
26+
{ user = "********-****-****-****-************", permissions = "rwx", scope = "access", type = "user" },
27+
{ group = "********-****-****-****-************", permissions = "r-x", scope = "default", type = "group" },
28+
]
29+
},
30+
{
31+
path: "e2e",
32+
permissions: [
33+
{ group = "********-****-****-****-************", permissions = "r-x", scope = "access", type = "group" },
34+
{ user = "********-****-****-****-************", permissions = "rwx", scope = "access", type = "user" },
35+
{ group = "********-****-****-****-************", permissions = "r-x", scope = "default", type = "group" }
36+
]
37+
},
38+
{
39+
path: "test",
40+
permissions: []
41+
}
42+
]
43+
}
3644
}
3745
}
3846
@@ -41,11 +49,14 @@ module "adls" {
4149
for_each = local.adls2fs
4250
4351
name = each.key
44-
permissions = each.value
52+
permissions = each.value.permissions
4553
storage_role_assigned = true
46-
folders = ["raw", "refined", "test", "data-product", "e2e"]
54+
folders_config = each.value.folders_config
4755
storage_account_id = module.storage_account.id
4856
storage_account_name = module.storage_account.name
57+
properties = {
58+
env = "Development"
59+
}
4960
}
5061
```
5162
<!-- BEGIN_TF_DOCS -->
@@ -74,21 +85,17 @@ No modules.
7485
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|------|
7586
| [azurerm_storage_data_lake_gen2_filesystem.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_data_lake_gen2_filesystem) | resource |
7687
| [null_resource.create_folders](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
77-
| [null_resource.create_root_folder](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
78-
| [azurerm_storage_data_lake_gen2_path.root](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_data_lake_gen2_path) | resource |
7988
| [azurerm_storage_data_lake_gen2_path.other](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_data_lake_gen2_path) | resource |
8089

8190
## Inputs
8291

8392
| Name | Description | Type | Default | Required |
8493
|-------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------:|
8594
| <a name="input_ace_default"></a> [ace\_default](#input\_ace\_default) | Default ACE values | `list(map(string))` | <pre>[<br> {<br> "permissions": "---",<br> "scope": "access",<br> "type": "other"<br> },<br> {<br> "permissions": "---",<br> "scope": "default",<br> "type": "other"<br> },<br> {<br> "permissions": "rwx",<br> "scope": "access",<br> "type": "group"<br> },<br> {<br> "permissions": "rwx",<br> "scope": "access",<br> "type": "mask"<br> },<br> {<br> "permissions": "rwx",<br> "scope": "access",<br> "type": "user"<br> },<br> {<br> "permissions": "rwx",<br> "scope": "default",<br> "type": "group"<br> },<br> {<br> "permissions": "rwx",<br> "scope": "default",<br> "type": "mask"<br> },<br> {<br> "permissions": "rwx",<br> "scope": "default",<br> "type": "user"<br> }<br>]</pre> | no |
86-
| <a name="input_ad_groups"></a> [ad\_groups](#input\_ad\_groups) | Data which is contain mapping AD group name and GUID | `map(string)` | `{}` | no |
87-
| <a name="input_folders"></a> [folders](#input\_folders) | Name of ADLS folders to create in root directory | `list(any)` | `[]` | no |
95+
| <a name="input_folders_config"></a> [folders_config](#input\_folders\_config) | List of ADLS folders configuration to create | `list(object)` | `[]` | no |
8896
| <a name="input_storage_role_assigned"></a> [storage\_role\_assigned](#input\_storage\_role\_assigned) | Is Storage Blob Data Owner Role assigned to Terraform Service Principal? Provides an ability to create File System with bash script(false) or azurerm resources(true). | `bool` | false | no |
8997
| <a name="input_name"></a> [name](#input\_name) | Name of ADLS FS to create | `string` | n/a | yes |
9098
| <a name="input_permissions"></a> [permissions](#input\_permissions) | List of ADLS FS permissions | `list(map(string))` | <pre>[<br> {}<br>]</pre> | no |
91-
| <a name="input_root_dir"></a> [root\_dir](#input\_root\_dir) | Name of ADLS root directory | `string` | `"data"` | no |
9299
| <a name="input_storage_account_id"></a> [storage\_account\_id](#input\_storage\_account\_id) | ID of storage account to create ADLS in | `string` | n/a | yes |
93100
| <a name="input_storage_account_name"></a> [storage\_account\_name](#input\_storage\_account\_name) | Name of storage account to create ADLS in | `string` | n/a | yes |
94101
| <a name="input_properties"></a> [properties](#input\_properties) | Map of properties | `map(string)` | `{}` | no |
@@ -99,7 +106,6 @@ No modules.
99106
|------|-------------|
100107
| <a name="output_id"></a> [id](#output\_id) | The ID of the Data Lake Storage Gen2 Filesystem (container ID). |
101108
| <a name="output_name"></a> [name](#output\_name) | The name of the Data Lake Storage Gen2 Filesystem (container name). |
102-
| <a name="output_root_path"></a> [root\_path](#output\_root\_path) | The name of the root directory. |
103109
| <a name="output_storage_account_id"></a> [storage\_account\_id](#output\_storage\_account\_id) | The ID of the Storage Account where the Data Lake Storage Gen2 Filesystem exists. |
104110
<!-- END_TF_DOCS -->
105111

az_create_folders.sh

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,6 @@ FS_NAME=$2
44
FOLDERS_LIST=$3
55
EXTRA_ACL=$4
66

7-
#echo ${ACCOUNT_NAME}
8-
#echo ${FS_NAME}
9-
#echo ${FOLDERS_LIST}
10-
#echo ${EXTRA_ACL}
11-
127
for dir in ${FOLDERS_LIST//,/ };do
138
if [ "$(az storage fs directory exists --account-name ${ACCOUNT_NAME} --file-system ${FS_NAME} --name "/${dir}" --only-show-errors | jq -r .exists | tr -d '\n')" = "false" ] ;then
149
echo "Folder ${dir} already exists"

0 commit comments

Comments
 (0)