azurermStorageAccountLocalUser
Manages a Storage Account Local User.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "WestEurope",
name: "example-rg",
}
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
this,
"example_2",
{
account_kind: "StorageV2",
account_replication_type: "LRS",
account_tier: "Standard",
is_hns_enabled: true,
location: azurermResourceGroupExample.location,
name: "example-account",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermStorageContainerExample =
new azurerm.storageContainer.StorageContainer(this, "example_3", {
name: "example-container",
storage_account_name: azurermStorageAccountExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageContainerExample.overrideLogicalId("example");
const azurermStorageAccountLocalUserExample =
new azurerm.storageAccountLocalUser.StorageAccountLocalUser(
this,
"example_4",
{
home_directory: "example_path",
name: "user1",
permission_scope: [
{
permissions: [
{
create: true,
read: true,
},
],
resource_name: azurermStorageContainerExample.name,
service: "blob",
},
],
ssh_authorized_key: [
{
description: "key1",
key: "${local.first_public_key}",
},
{
description: "key2",
key: "${local.second_public_key}",
},
],
ssh_key_enabled: true,
ssh_password_enabled: true,
storage_account_id: azurermStorageAccountExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountLocalUserExample.overrideLogicalId("example");
Arguments Reference
The following arguments are supported:
-
name
- (Required) The name which should be used for this Storage Account Local User. Changing this forces a new Storage Account Local User to be created. -
storageAccountId
- (Required) The ID of the Storage Account that this Storage Account Local User resides in. Changing this forces a new Storage Account Local User to be created.
-
homeDirectory
- (Optional) The home directory of the Storage Account Local User. -
permissionScope
- (Optional) One or morepermissionScope
blocks as defined below. -
sshAuthorizedKey
- (Optional) One or moresshAuthorizedKey
blocks as defined below. Changing this forces a new Storage Account Local User to be created. -
sshKeyEnabled
- (Optional) Specifies whether SSH Key Authentication is enabled. Defaults tofalse
. -
sshPasswordEnabled
- (Optional) Specifies whether SSH Password Authentication is enabled. Defaults tofalse
.
A permissionScope
block supports the following:
-
permissions
- (Required) Apermissions
block as defined below. -
resourceName
- (Required) The container name (whenservice
is set toblob
) or the file share name (whenservice
is set tofile
), used by the Storage Account Local User. -
service
- (Required) The storage service used by this Storage Account Local User. Possible values areblob
andfile
.
A permissions
block supports the following:
-
create
- (Optional) Specifies if the Local User has the create permission for this scope. Defaults tofalse
. -
delete
- (Optional) Specifies if the Local User has the delete permission for this scope. Defaults tofalse
. -
list
- (Optional) Specifies if the Local User has the list permission for this scope. Defaults tofalse
. -
read
- (Optional) Specifies if the Local User has the read permission for this scope. Defaults tofalse
. -
write
- (Optional) Specifies if the Local User has the write permission for this scope. Defaults tofalse
.
A sshAuthorizedKey
block supports the following:
-
key
- (Required) The public key value of this SSH authorized key. -
description
- (Optional) The description of this SSH authorized key.
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
-
id
- The ID of the Storage Account Local User. -
password
- The value of the password, which is only available whensshPasswordEnabled
is set totrue
.
\~> Note: The password
will be updated everytime when sshPasswordEnabled
got updated. If sshPasswordEnabled
is updated from false
to true
, the password
is updated to be the value of the SSH password. If sshPasswordEnabled
is updated from true
to false
, the password
is reset to empty string.
sid
- The unique Security Identifier of this Storage Account Local User.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Storage Account Local User.read
- (Defaults to 5 minutes) Used when retrieving the Storage Account Local User.update
- (Defaults to 30 minutes) Used when updating the Storage Account Local User.delete
- (Defaults to 30 minutes) Used when deleting the Storage Account Local User.
Import
Storage Account Local Users can be imported using the resourceId
, e.g.