This Terraform module generates a SAS token.
It could be either an Account SAS or a Container Service SAS.
Only the Service SAS for containers is implemented right now.
| Module version | Terraform version | OpenTofu version | AzureRM version |
|---|---|---|---|
| >= 8.x.x | Unverified | 1.8.x | >= 4.0 |
| >= 7.x.x | 1.3.x | >= 3.0 | |
| >= 6.x.x | 1.x | >= 3.0 | |
| >= 5.x.x | 0.15.x | >= 2.0 | |
| >= 4.x.x | 0.13.x / 0.14.x | >= 2.0 | |
| >= 3.x.x | 0.12.x | >= 2.0 | |
| >= 2.x.x | 0.12.x | < 2.0 | |
| < 2.x.x | 0.11.x | < 2.0 |
If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the CONTRIBUTING.md file.
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper available in the documentation.
module "azure_region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
location = module.azure_region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
### Account SAS
resource "azurerm_storage_account" "my_storage" {
account_replication_type = "LRS"
account_tier = "Standard"
location = module.azure_region.location
name = "mystorage"
resource_group_name = module.rg.resource_group_name
min_tls_version = "TLS1_2"
}
module "storage_sas_token" {
source = "claranet/storage-sas-token/azurerm"
version = "x.x.x"
storage_account_connection_string = azurerm_storage_account.my_storage.primary_connection_string
}
### Service SAS for a container
resource "azurerm_storage_container" "my_container" {
name = "mycontainer"
storage_account_name = azurerm_storage_account.my_storage.name
container_access_type = "private"
}
module "container_sas_token" {
source = "claranet/storage-sas-token/azurerm"
version = "x.x.x"
storage_account_connection_string = azurerm_storage_account.my_storage.primary_connection_string
storage_container = azurerm_storage_container.my_container.name
}| Name | Version |
|---|---|
| external | >= 2.0 |
No modules.
| Name | Type |
|---|---|
| external_external.generate_storage_sas_token | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| permissions_account | The permissions the Account SAS grants. Allowed values: (a)dd (c)reate (d)elete (l)ist (p)rocess (r)ead (u)pdate (w)rite. Can be combined. | string |
"wlacu" |
no |
| permissions_container | The permissions the Container SAS grants. Allowed values: (a)dd (c)reate (d)elete (l)ist (r)ead (w)rite. Can be combined. | string |
"dlrw" |
no |
| resources_types | The resource types the Account SAS is applicable for. Allowed values: (s)ervice (c)ontainer (o)bject. Can be combined. | string |
"sco" |
no |
| sas_token_expiry | Storage Account SAS Token end date (expiry). Specifies the UTC datetime (Y-m-d'T'H:M'Z') at which the SAS becomes invalid. | string |
"2042-01-01T00:00:00Z" |
no |
| services | The storage services the Account SAS is applicable for. Allowed values: (b)lob (f)ile (q)ueue (t)able. Can be combined. | string |
"bfqt" |
no |
| storage_account_connection_string | Connection String of the Storage Account | string |
n/a | yes |
| storage_container | Storage Account Container to use in order to generate a Service SAS Token. | string |
"" |
no |
| Name | Description |
|---|---|
| storage_account_sas_container_uri | SAS URI generated for access on Storage Account Container. |
| storage_account_sas_token | SAS Token generated for access on Storage Account. |
Microsoft Azure documentation: docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
Microsoft Azure CLI command documentation docs.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az-storage-account-generate-sas