Terraform-provider-azurerm: SAS connection string for Azure Storage Accounts
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Current SAS token implementation returns only the SAS query string, not a connection string which is easier to consume by various azure-storage libraries (like Python's azure.storage.blob.BlockBlobStorage). Please add a connection string feature for SAS authentication.
New or Affected Resource(s)
- azurerm/data_source_storage_account_sas.go
kopytjuk
All 6 comments
hey @kopytjuk
Thanks for opening this issue :)
Current SAS token implementation returns only the SAS query string, not a connection string which is easier to consume by various azure-storage libraries (like Python's azure.storage.blob.BlockBlobStorage). Please add a connection string feature for SAS authentication.
Would you be able to give a (sanitised) example of the connection string you're looking for this Data Source to expose?
Thanks!
tombuildsstuff
on 5 Sep 2018
Account name:
teststorage
SAS query string:
XYZ
SAS connection string:
SharedAccessSignature=XYZ;BlobEndpoint=https://teststorage.blob.core.windows.net/;
See: https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1#service-sas-example
kopytjuk
on 5 Sep 2018
@kopytjuk So I know that you mention the SAS String for Storage accounts. Are we focusing on the "Service SAS" or the "Account SAS" I know they are on the same page, but the one specifically linked is about Service SAS, and the resource azurerm/data_source_storage_account_sas.go is for Account SAS. Potentially we want both, just attempting to clarify. Already the Account SAS String seems to be exposed as connString
hdost
on 17 Sep 2018
Thank you for your feedback!
I am using this resource, in that way:
data "azurerm_storage_account_sas" "test_storage_reader" {
connection_string = "${azurerm_storage_account.test_storage.primary_connection_string}"
https_only = true
resource_types {
service = true
container = false
object = false
}
services {
blob = true
queue = false
table = false
file = false
}
...
}
and
output "test_storage_sas_connection_string" {
value = "SharedAccessSignature=${data.azurerm_storage_account_sas.test_storage_reader.sas};BlobEndpoint=https://${azurerm_storage_account.test_storage.name}.blob.core.windows.net/;"
sensitive = true
}
to build my connection string. What kind of attribute of azurerm/data_source_storage_account_sas.go is the right for me? Because the module just returns the queryString not the connection string.
kopytjuk
on 18 Sep 2018
Is there an option to skip the SAS data source if the SAS token was generated in the previous run?
When I run ‘terraform plan’, the data source shows 0 changes instead of no infrastructure changes.
dj-singh
on 3 Aug 2020
Is there an option to skip the SAS data source if the SAS token was generated in the previous run?
When I run ‘terraform plan’, the data source shows 0 changes instead of no infrastructure changes.
@dj-singh - From my testing, providing the data source with fixed start and expiry dates, rather than calculating variable ones using timestamp() and dateadd(), appears to keep the data source from generating a new SAS token on each plan and apply.
Example:
start = "2020-09-22"
expiry = "2220-09-22"
ssanderlin
on 23 Sep 2020
Related issues
akamalov
·
3Comments
alant94
·
3Comments
JayDoubleu
·
3Comments
rolandjohann
·
3Comments
pdeva
·
3Comments
Most helpful comment
Account name:
teststorageSAS query string:
XYZSAS connection string:
SharedAccessSignature=XYZ;BlobEndpoint=https://teststorage.blob.core.windows.net/;See: https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1#service-sas-example