Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: Add support for Azure Container SAS tokens #3068

Closed
jrauschenbusch opened this issue Mar 18, 2019 · 5 comments · Fixed by #4195
Closed

Feature Request: Add support for Azure Container SAS tokens #3068

jrauschenbusch opened this issue Mar 18, 2019 · 5 comments · Fixed by #4195

Comments

@jrauschenbusch
Copy link
Contributor

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Currently there is no native support for Azure Service SAS tokens.

As already mentioned #59 there are different types of SAS tokens.

To allow a more fine-grained access control it would be nice to have native support inside terraform without the need to use local-exec.

As the configuration options (especially the permission semantic) for Service SAS tokens depends on the service type i would suggest to create different SAS data sources for each of the following types: blob, container, share, file, queue, table

New or Affected Resource(s)

  • azurerm_storage_container_sas
  • azurerm_storage_<type>_sas

Potential Terraform Configuration

data "azurerm_storage_container_sas" "foo" {
  connection_string = "DefaultEndpointsProtocol=https;..."
  https_only = true
  ip = "127.0.0.1" // optional

  container_name = "bar"

   // Response header settings
  cache-control = ""
  content-disposition = ""
  content-encoding =  ""
  content-language = ""
  content-type = ""

  start  = "2019-03-18" // optional
  expiry = "2020-01-01"

  permissions {
    read    = true
    write   = true
    delete  = true
    list    = true
    add     = true
    create  = true
  }

  // access policy as alternative for permissions and  validity period
  policy-name = ""
}

References

@dominik-lekse
Copy link
Contributor

I agree with @jrauschenbusch that there is a need for more extensive support for SAS tokens of different types.

In my opinion, it would be helpful to have resources instead of data sources for SAS tokens. The advantage of resources in this case is, that the generated SAS tokens stay persistent across multiple Terraform runs. An example use case is passing an Azure Storage Blob URL in the virtual machine custom script extension with a SAS token.

@aambert

This comment has been minimized.

@r0bnet
Copy link
Contributor

r0bnet commented Aug 7, 2019

I'll implement it as soon as this PR is through: hashicorp/go-azure-helpers#34

// edit: PR is through; waiting for release of 0.6.0 of the go-azure-helpers

@r0bnet
Copy link
Contributor

r0bnet commented Aug 30, 2019

PR: #4195

@ghost
Copy link

ghost commented Mar 29, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 29, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants