Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for filter permissions for azurerm_storage_account_sas. #14317

Closed
joshua-hancox opened this issue Nov 24, 2021 · 3 comments · Fixed by #15863
Closed

Support for filter permissions for azurerm_storage_account_sas. #14317

joshua-hancox opened this issue Nov 24, 2021 · 3 comments · Fixed by #15863
Labels
enhancement service/storage
Milestone
v3.0.0

Comments

@joshua-hancox
Copy link

joshua-hancox commented Nov 24, 2021
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support filter permissions for azurerm_storage_account_sas. There are potential other options that could also be supported (most are).

ms docs:

  • Read (r): Valid for all signed resources types (Service, Container, and Object). Permits read permissions to the specified resource type.
  • Write (w): Valid for all signed resources types (Service, Container, and Object). Permits write permissions to the specified resource type.
  • Delete (d): Valid for Container and Object resource types, except for queue messages.
  • Permanent Delete (y): Valid for Object resource type of Blob only.
  • List (l): Valid for Service and Container resource types only.
  • Add (a): Valid for the following Object resource types only: queue messages, table entities, and append blobs.
  • Create (c): Valid for the following Object resource types only: blobs and files. Users can create new blobs or files, but may not overwrite existing blobs or files.
  • Update (u): Valid for the following Object resource types only: queue messages and table entities.
  • Process (p): Valid for the following Object resource type only: queue messages.
  • Tag (t): Valid for the following Object resource type only: blobs. Permits blob tag operations.
  • Filter (f): Valid for the following Object resource type only: blob. Permits filtering by blob tag.
  • Set Immutability Policy (i): Valid for the following Object resource type only: blob. Permits set/delete immutability policy and legal hold on a blob.

New or Affected Resource(s)

  • azurerm_storage_account_sas

Potential Terraform Configuration

data "azurerm_storage_account_sas" "example" {
  connection_string = azurerm_storage_account.example.primary_connection_string
  https_only        = true
  signed_version    = "2017-07-29"

  resource_types {
    service   = true
    container = false
    object    = false
  }

  services {
    blob  = true
    queue = false
    table = false
    file  = false
  }

  start  = "2018-03-21T00:00:00Z"
  expiry = "2020-03-21T00:00:00Z"

  permissions {
    read    = true
    write   = true
    delete  = false
    list    = false
    add     = true
    create  = true
    update  = false
    process = false
    filter  = true
  }
}

References

  • #0000
@HerbertoHanso
Copy link

This issue mainly focuses on support for filter. Support for Tag (t) would also be essential as they both handle Tag permissions

@alxndr13 alxndr13 mentioned this issue Mar 17, 2022
Merged
katbyte pushed a commit that referenced this issue Mar 22, 2022
@alxndr13
Data Source: azurerm_storage_account_sas - support for tag and filter (
f385694 
…#15863)

Co-authored-by: Alexander Huck <[email protected]>

Fixes #14317 and additionally adds the ability to add the tag permissions to account sas tokens.

See also: docs.microsoft.com/en-us/azure/storage/blobs/storage-manage-find-blobs?tabs=azure-portal#service-sas-for-a-blob
@github-actions github-actions bot added this to the v3.0.0 milestone Mar 22, 2022
@github-actions
Copy link

This functionality has been released in v3.0.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 24, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement service/storage
Projects
None yet
Milestone
v3.0.0
Development

Successfully merging a pull request may close this issue.

Data Source: azurerm_storage_account_sas - support for tag and filter
3 participants
@HerbertoHanso @jackofallops @joshua-hancox