Merge pull request #1 from data-platform-hq/add-module

feat: add module

Author: kharkevich

README.md

@@ -1,12 +1,59 @@
-# Azure <> Terraform module
-Terraform module for creation Azure <>
+# Azure Data Lake Storage Gen2 Terraform module
+Terraform module for creation Azure Data Lake Storage Gen2 file system
 
 ## Usage
 
 <!-- BEGIN_TF_DOCS -->
+## Requirements
 
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >= 3.23.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >=3.1.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.24.0 |
+| <a name="provider_null"></a> [null](#provider\_null) | 3.1.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_storage_data_lake_gen2_filesystem.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_data_lake_gen2_filesystem) | resource |
+| [null_resource.create_folders](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [null_resource.create_root_folder](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_ace_default"></a> [ace\_default](#input\_ace\_default) | Default ACE values | `list(map(string))` | <pre>[<br>  {<br>    "permissions": "---",<br>    "scope": "access",<br>    "type": "other"<br>  },<br>  {<br>    "permissions": "---",<br>    "scope": "default",<br>    "type": "other"<br>  },<br>  {<br>    "permissions": "rwx",<br>    "scope": "access",<br>    "type": "group"<br>  },<br>  {<br>    "permissions": "rwx",<br>    "scope": "access",<br>    "type": "mask"<br>  },<br>  {<br>    "permissions": "rwx",<br>    "scope": "access",<br>    "type": "user"<br>  },<br>  {<br>    "permissions": "rwx",<br>    "scope": "default",<br>    "type": "group"<br>  },<br>  {<br>    "permissions": "rwx",<br>    "scope": "default",<br>    "type": "mask"<br>  },<br>  {<br>    "permissions": "rwx",<br>    "scope": "default",<br>    "type": "user"<br>  }<br>]</pre> | no |
+| <a name="input_ad_groups"></a> [ad\_groups](#input\_ad\_groups) | Data which is contain mapping AD group name and GUID | `map(string)` | `{}` | no |
+| <a name="input_folders"></a> [folders](#input\_folders) | Name of ADLS folders to create in root directory | `list(any)` | `[]` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name of ADLS FS to create | `string` | n/a | yes |
+| <a name="input_permissions"></a> [permissions](#input\_permissions) | List of ADLS FS permissions | `list(map(string))` | <pre>[<br>  {}<br>]</pre> | no |
+| <a name="input_root_dir"></a> [root\_dir](#input\_root\_dir) | Name of ADLS root directory | `string` | `"data"` | no |
+| <a name="input_storage_account_id"></a> [storage\_account\_id](#input\_storage\_account\_id) | ID of storage account to create ADLS in | `string` | n/a | yes |
+| <a name="input_storage_account_name"></a> [storage\_account\_name](#input\_storage\_account\_name) | Name of storage account to create ADLS in | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_id"></a> [id](#output\_id) | The ID of the Data Lake Storage Gen2 Filesystem (container ID). |
+| <a name="output_name"></a> [name](#output\_name) | The name of the Data Lake Storage Gen2 Filesystem (container name). |
+| <a name="output_root_path"></a> [root\_path](#output\_root\_path) | The name of the root directory. |
+| <a name="output_storage_account_id"></a> [storage\_account\_id](#output\_storage\_account\_id) | The ID of the Storage Account where the Data Lake Storage Gen2 Filesystem exists. |
 <!-- END_TF_DOCS -->
 
 ## License
 
-Apache 2 Licensed. For more information please see [LICENSE](https://github.com/data-platform-hq/terraform-azurerm<>/tree/master/LICENSE)
+Apache 2 Licensed. For more information please see [LICENSE](https://github.com/data-platform-hq/terraform-azurerm-adls-v2/tree/main/LICENSE)

az_create_folders.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+ACCOUNT_NAME=$1
+FS_NAME=$2
+FOLDERS_LIST=$3
+EXTRA_ACL=$4
+
+#echo ${ACCOUNT_NAME}
+#echo ${FS_NAME}
+#echo ${FOLDERS_LIST}
+#echo ${EXTRA_ACL}
+
+for dir in ${FOLDERS_LIST//,/ };do
+  if [ "$(az storage fs directory exists --account-name ${ACCOUNT_NAME} --file-system ${FS_NAME} --name "/${dir}" --only-show-errors | jq -r .exists | tr -d '\n')" = "false" ] ;then
+    echo "Folder ${dir} already exists"
+    az storage fs directory create --account-name ${ACCOUNT_NAME} --file-system ${FS_NAME} --name "/${dir}" --only-show-errors
+    echo "Folder ${dir} created"
+  else
+    echo "Folder ${dir} already exists"
+  fi
+  default_acl=$(az storage fs access show --only-show-errors -p "/${FOLDER_NAME}" --account-name ${ACCOUNT_NAME} -f ${FS_NAME} | jq -r .acl | egrep -o "(default:)?(group|user|mask|other)::[rwx-]{3}" | uniq | sed -e 's/\(.*\)/\1,/' | tr -d '\n' | sed -e 's/,$//')
+  echo "Setting ACL='${default_acl}${EXTRA_ACL}' for folder ${dir}"
+  az storage fs access set-recursive --only-show-errors -p "/${FOLDER_NAME}" --account-name ${ACCOUNT_NAME} -f ${FS_NAME} --acl "${default_acl}${EXTRA_ACL}"
+done

main.tf

@@ -0,0 +1,69 @@
+locals {
+  folders = length(var.folders) == 0 ? "" : join(",", [for f in var.folders : "${var.root_dir}/${f}"])
+  extra_acl = length(var.permissions) == 0 ? "" : format(",%s",
+    join(
+      ",",
+      concat(
+        [for v in [for k in var.permissions : k if(contains(keys(k), "user") && k["scope"] == "access")] : "${v.type}:${v.user}:${v.permissions}"],
+        [for v in [for k in var.permissions : k if(contains(keys(k), "user") && k["scope"] == "default")] : "default:${v.type}:${v.user}:${v.permissions}"]
+      )
+    )
+  )
+}
+
+resource "azurerm_storage_data_lake_gen2_filesystem" "this" {
+  name               = var.name
+  storage_account_id = var.storage_account_id
+
+  lifecycle { prevent_destroy = false }
+
+  dynamic "ace" {
+    for_each = length(var.permissions) == 0 ? [] : [for k in var.permissions : k if contains(keys(k), "group")]
+    content {
+      id          = lookup(var.ad_groups, ace.value["group"], "default")
+      permissions = ace.value["permissions"]
+      scope       = ace.value["scope"]
+      type        = ace.value["type"]
+    }
+  }
+  dynamic "ace" {
+    for_each = length(var.permissions) == 0 ? [] : [for k in var.permissions : k if contains(keys(k), "user")]
+    content {
+      id          = ace.value["user"]
+      permissions = ace.value["permissions"]
+      scope       = ace.value["scope"]
+      type        = ace.value["type"]
+    }
+  }
+  dynamic "ace" {
+    for_each = var.ace_default
+    content {
+      permissions = ace.value["permissions"]
+      scope       = ace.value["scope"]
+      type        = ace.value["type"]
+    }
+  }
+}
+
+resource "null_resource" "create_root_folder" {
+  triggers = {
+    build_number = "${timestamp()}${azurerm_storage_data_lake_gen2_filesystem.this.id}"
+  }
+  provisioner "local-exec" {
+    on_failure = continue
+    command    = "bash az_create_folders.sh \"${var.storage_account_name}\" \"${azurerm_storage_data_lake_gen2_filesystem.this.name}\" \"${var.root_dir}\" \"${local.extra_acl}\""
+  }
+}
+
+resource "null_resource" "create_folders" {
+  triggers = {
+    build_number = "${timestamp()}${azurerm_storage_data_lake_gen2_filesystem.this.id}"
+  }
+  provisioner "local-exec" {
+    on_failure = continue
+    command    = "bash az_create_folders.sh \"${var.storage_account_name}\" \"${azurerm_storage_data_lake_gen2_filesystem.this.name}\" \"${local.folders}\" \"${local.extra_acl}\""
+  }
+  depends_on = [
+    null_resource.create_root_folder
+  ]
+}

outputs.tf

@@ -0,0 +1,19 @@
+output "id" {
+  value       = azurerm_storage_data_lake_gen2_filesystem.this.id
+  description = "The ID of the Data Lake Storage Gen2 Filesystem (container ID)."
+}
+
+output "name" {
+  value       = azurerm_storage_data_lake_gen2_filesystem.this.name
+  description = "The name of the Data Lake Storage Gen2 Filesystem (container name)."
+}
+
+output "storage_account_id" {
+  value       = azurerm_storage_data_lake_gen2_filesystem.this.storage_account_id
+  description = "The ID of the Storage Account where the Data Lake Storage Gen2 Filesystem exists."
+}
+
+output "root_path" {
+  value       = var.root_dir
+  description = "The name of the root directory."
+}

variables.tf

@@ -0,0 +1,55 @@
+# Required
+variable "name" {
+  type        = string
+  description = "Name of ADLS FS to create"
+}
+
+variable "storage_account_id" {
+  type        = string
+  description = "ID of storage account to create ADLS in"
+}
+
+variable "storage_account_name" {
+  type        = string
+  description = "Name of storage account to create ADLS in"
+}
+
+# Optional
+variable "ace_default" {
+  type        = list(map(string))
+  description = "Default ACE values"
+  default = [
+    { "permissions" = "---", "scope" = "access", "type" = "other" },
+    { "permissions" = "---", "scope" = "default", "type" = "other" },
+    { "permissions" = "rwx", "scope" = "access", "type" = "group" },
+    { "permissions" = "rwx", "scope" = "access", "type" = "mask" },
+    { "permissions" = "rwx", "scope" = "access", "type" = "user" },
+    { "permissions" = "rwx", "scope" = "default", "type" = "group" },
+    { "permissions" = "rwx", "scope" = "default", "type" = "mask" },
+    { "permissions" = "rwx", "scope" = "default", "type" = "user" },
+  ]
+}
+
+variable "ad_groups" {
+  type        = map(string)
+  description = "Data which is contain mapping AD group name and GUID"
+  default     = {}
+}
+
+variable "permissions" {
+  type        = list(map(string))
+  description = "List of ADLS FS permissions"
+  default     = [{}]
+}
+
+variable "root_dir" {
+  type        = string
+  description = "Name of ADLS root directory"
+  default     = "data"
+}
+
+variable "folders" {
+  type        = list(any)
+  description = "Name of ADLS folders to create in root directory"
+  default     = []
+}

versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.0.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 3.23.0"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = ">=3.1.1"
+    }
+  }
+}