Skip to content

azurermStorageDataLakeGen2Path

Manages a Data Lake Gen2 Path in a File System within an Azure Storage Account.

\~> NOTE: This resource requires some storage specific roles which are not granted by default. Some of the built-ins roles that can be attributed are storageAccountContributor, storageBlobDataOwner, storageBlobDataContributor, storageBlobDataReader.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
  this,
  "example_1",
  {
    account_kind: "StorageV2",
    account_replication_type: "LRS",
    account_tier: "Standard",
    is_hns_enabled: "true",
    location: azurermResourceGroupExample.location,
    name: "examplestorageacc",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermStorageDataLakeGen2FilesystemExample =
  new azurerm.storageDataLakeGen2Filesystem.StorageDataLakeGen2Filesystem(
    this,
    "example_2",
    {
      name: "example",
      storage_account_id: azurermStorageAccountExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageDataLakeGen2FilesystemExample.overrideLogicalId("example");
const azurermStorageDataLakeGen2PathExample =
  new azurerm.storageDataLakeGen2Path.StorageDataLakeGen2Path(
    this,
    "example_3",
    {
      filesystem_name: azurermStorageDataLakeGen2FilesystemExample.name,
      path: "example",
      resource: "directory",
      storage_account_id: azurermStorageAccountExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageDataLakeGen2PathExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • path - (Required) The path which should be created within the Data Lake Gen2 File System in the Storage Account. Changing this forces a new resource to be created.

  • filesystemName - (Required) The name of the Data Lake Gen2 File System which should be created within the Storage Account. Must be unique within the storage account the queue is located. Changing this forces a new resource to be created.

  • storageAccountId - (Required) Specifies the ID of the Storage Account in which the Data Lake Gen2 File System should exist. Changing this forces a new resource to be created.

  • resource - (Required) Specifies the type for path to create. Currently only directory is supported. Changing this forces a new resource to be created.

  • owner - (Optional) Specifies the Object ID of the Azure Active Directory User to make the owning user. Possible values also include $superuser.

  • group - (Optional) Specifies the Object ID of the Azure Active Directory Group to make the owning group. Possible values also include $superuser.

  • ace - (Optional) One or more ace blocks as defined below to specify the entries for the ACL for the path.

An ace block supports the following:

  • scope - (Optional) Specifies whether the ACE represents an access entry or a default entry. Default value is access.

  • type - (Required) Specifies the type of entry. Can be user, group, mask or other.

  • id - (Optional) Specifies the Object ID of the Azure Active Directory User or Group that the entry relates to. Only valid for user or group entries.

  • permissions - (Required) Specifies the permissions for the entry in rwx form. For example, rwx gives full permissions but r only gives read permissions.

More details on ACLs can be found here: https://docs.microsoft.com/azure/storage/blobs/data-lake-storage-access-control#access-control-lists-on-files-and-directories

\~> Note: Using the service's ACE inheritance features will not work well with terraform since we cannot handle changes that are taking place out-of-band. Setting the path to inherit its permissions from its parent will result in terraform trying to revert them in the next apply operation.

\~> NOTE: The Storage Account requires accountKind to be either storageV2 or blobStorage. In addition, isHnsEnabled has to be set to true.

Attributes Reference

The following attributes are exported in addition to the arguments listed above:

  • id - The ID of the Data Lake Gen2 File System.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the path.
  • update - (Defaults to 30 minutes) Used when updating the path.
  • read - (Defaults to 5 minutes) Used when retrieving the path.
  • delete - (Defaults to 30 minutes) Used when deleting the path.

Import

Data Lake Gen2 Paths can be imported using the resourceId, e.g.

terraform import azurerm_storage_data_lake_gen2_path.example https://account1.dfs.core.windows.net/fileSystem1/path