azurermStorageAccountLocalUser

Manages a Storage Account Local User.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
  features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "WestEurope",
    name: "example-rg",
  }
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
  this,
  "example_2",
  {
    account_kind: "StorageV2",
    account_replication_type: "LRS",
    account_tier: "Standard",
    is_hns_enabled: true,
    location: azurermResourceGroupExample.location,
    name: "example-account",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermStorageContainerExample =
  new azurerm.storageContainer.StorageContainer(this, "example_3", {
    name: "example-container",
    storage_account_name: azurermStorageAccountExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageContainerExample.overrideLogicalId("example");
const azurermStorageAccountLocalUserExample =
  new azurerm.storageAccountLocalUser.StorageAccountLocalUser(
    this,
    "example_4",
    {
      home_directory: "example_path",
      name: "user1",
      permission_scope: [
        {
          permissions: [
            {
              create: true,
              read: true,
            },
          ],
          resource_name: azurermStorageContainerExample.name,
          service: "blob",
        },
      ],
      ssh_authorized_key: [
        {
          description: "key1",
          key: "${local.first_public_key}",
        },
        {
          description: "key2",
          key: "${local.second_public_key}",
        },
      ],
      ssh_key_enabled: true,
      ssh_password_enabled: true,
      storage_account_id: azurermStorageAccountExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountLocalUserExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

name - (Required) The name which should be used for this Storage Account Local User. Changing this forces a new Storage Account Local User to be created.
storageAccountId - (Required) The ID of the Storage Account that this Storage Account Local User resides in. Changing this forces a new Storage Account Local User to be created.

homeDirectory - (Optional) The home directory of the Storage Account Local User.
permissionScope - (Optional) One or more permissionScope blocks as defined below.
sshAuthorizedKey - (Optional) One or more sshAuthorizedKey blocks as defined below. Changing this forces a new Storage Account Local User to be created.
sshKeyEnabled - (Optional) Specifies whether SSH Key Authentication is enabled. Defaults to false.
sshPasswordEnabled - (Optional) Specifies whether SSH Password Authentication is enabled. Defaults to false.

A permissionScope block supports the following:

permissions - (Required) A permissions block as defined below.
resourceName - (Required) The container name (when service is set to blob) or the file share name (when service is set to file), used by the Storage Account Local User.
service - (Required) The storage service used by this Storage Account Local User. Possible values are blob and file.

A permissions block supports the following:

create - (Optional) Specifies if the Local User has the create permission for this scope. Defaults to false.
delete - (Optional) Specifies if the Local User has the delete permission for this scope. Defaults to false.
list - (Optional) Specifies if the Local User has the list permission for this scope. Defaults to false.
read - (Optional) Specifies if the Local User has the read permission for this scope. Defaults to false.
write - (Optional) Specifies if the Local User has the write permission for this scope. Defaults to false.

A sshAuthorizedKey block supports the following:

key - (Required) The public key value of this SSH authorized key.
description - (Optional) The description of this SSH authorized key.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

id - The ID of the Storage Account Local User.
password - The value of the password, which is only available when sshPasswordEnabled is set to true.

\~> Note: The password will be updated everytime when sshPasswordEnabled got updated. If sshPasswordEnabled is updated from false to true, the password is updated to be the value of the SSH password. If sshPasswordEnabled is updated from true to false, the password is reset to empty string.

sid - The unique Security Identifier of this Storage Account Local User.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

create - (Defaults to 30 minutes) Used when creating the Storage Account Local User.
read - (Defaults to 5 minutes) Used when retrieving the Storage Account Local User.
update - (Defaults to 30 minutes) Used when updating the Storage Account Local User.
delete - (Defaults to 30 minutes) Used when deleting the Storage Account Local User.

Import

Storage Account Local Users can be imported using the resourceId, e.g.

terraform import azurerm_storage_account_local_user.example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Storage/storageAccounts/storageAccount1/localUsers/user1