Here is my tf code to manage ACL dynamically
resource "azurerm_storage_data_lake_gen2_filesystem" "this" {
for_each = var.containers_acl
name = each.key
storage_account_id = data.azurerm_storage_account.this.id
dynamic "ace" {
for_each = each.value
content {
permissions = lookup(ace.value, "permissions", null)
scope = lookup(ace.value, "scope", "access")
type = lookup(ace.value, "type", null)
id = lookup(ace.value, "id", null)
}
}
}
Below are my tfvar.json file as input
{
"resource_group": "testresourcegorup-acl",
"storage_account_name": "adlstestaccount",
"containers_acl": {
"filesystemexample": [{
"permissions": "rwx",
"scope": "access",
"type": "user",
"id": "069f6b94-32b3-4ef1-b844-9f22047633a4"
}, {
"permissions": "rwx",
"scope": "access",
"type": "user",
"id": "069f6c94-b844-4830-b844-9f22047633a4"
}, {
"permissions": "rwx",
"scope": "access",
"type": "user",
"id": "069f6b94-b844-4830-b844-9f22047633a4"
}
],
"filesystemexample2": [{
"permissions": "rwx",
"scope": "access",
"type": "user",
"id": "069f6b94-32b3-4ef1-b844-fb5643fc0abd"
}, {
"permissions": "rwx",
"scope": "access",
"type": "user",
"id": "069f6b94-b844-4830-b844-9f22047633a4"
}
]
}
}
My need: (Where I need help) How can I pass the email id or group id instead of object ID and do the loop by using below data call to get the object id dynamically and pass in above tf code
data "azuread_user" "example" {
user_principal_name = "user@hashicorp.com"
}
data "azuread_group" "this" {
display_name = "tstst@hashicorp.com"
}