Terraform Azure使用SAS字符串生成BLOB URL

我正在尝试创建一个可用于下载文件的URL。
我尝试使用数据azurerm_storage_account_sas生成SAS并将其附加到azurerm_storage_blob中生成的导出URL。请看下面的例子。

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>3.0.0"
    }
    azuread = {
      source = "hashicorp/azuread"
    }
  }
  backend "azurerm" {
    resource_group_name  = "example"
    storage_account_name = "example"
    container_name       = "example"
    key                  = "terraform.tfstate"
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_storage_account" "example" {
 name = "${var.name}"
 resource_group_name = azurerm_resource_group.example.name
 location = azurerm_resource_group.example.location
 account_tier = "Standard"
 account_replication_type = "LRS"
 enable_https_traffic_only = true
 min_tls_version = "TLS1_2"
}

resource "azurerm_storage_container" "example" {
 name = "${var.name}-exampleconfig"
 storage_account_name = azurerm_storage_account.example.name
 container_access_type = "private"

}

resource "azurerm_storage_blob" "example" {

 name = var.profile_name
 storage_account_name = azurerm_storage_account.example.name
 storage_container_name = azurerm_storage_container.example.name
 type = "Block"
 source = ".\\example\\exampleconfig.xml"
}

locals {
 current_time = timestamp()
 twoweeks = timeadd(local.current_time, "336h") ## adds two weeks for use in the sas string below
}

data "azurerm_storage_account_sas" "example" {

 connection_string = azurerm_storage_account.example.primary_connection_string
 https_only = true
 start = local.current_time
 expiry = local.twoweeks
 signed_version = "2020-10-02"
 resource_types {
 service = false
 container = true
 object = false
  }

 services {
 blob = true
 queue = false
 table = false
 file = false
  }

 permissions {
 read = true
 write = false
 delete = false
 list = false
 add = false
 create = false
 update = false
 process = false
 tag = false
 filter = false
  }

}

locals {  ## attempting to parse the strings together using storage account name and blob and just the storage blob url ###
 sas_url_string = "https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}/${var.profile_name}${data.azurerm_storage_account_sas.example.sas}" 
 sas_uri_string = "${azurerm_storage_blob.example.url}${data.azurerm_storage_account_sas.example.sas}"
}

output "sas_url_query_string" {
  description = "Link to XML File"
  value       = local.sas_url_string
  sensitive   = true

}

output "sas_uri_query_string" {
  description = "Link to  XML File"
  value       = local.sas_uri_string
  sensitive   = true

}

字符串
这将输出下面的URL，当我转到URL时，我会收到此消息。

<Error>
<Code>ResourceNotFound</Code>
<Message>The specified resource does not exist. RequestId:XXXXXX Time:xxxxxx</Message>
</Error>

"sas_uri_query_string": {
    "sensitive": true,
    "type": "string",
    "value": "https://example.blob.core.windows.net/example-exampleconfig/exampleconfig.xml?sv=2020-10-02\u0026ss=b\u0026srt=c\u0026sp=r\u0026se=2023-08-10T18:16:49Z\u0026st=2023-07-27T18:16:49Z\u0026spr=https\u0026sig=U7ezaedrqqqAMEtEdeqLCwsEqghqRgSrzFMMpkhwBkk%3D"
  },
  "sas_url_query_string": {
    "sensitive": true,
    "type": "string",
    "value": "https://example.blob.core.windows.net/example-exampleconfig/exampleconfig.xml?sv=2020-10-02\u0026ss=b\u0026srt=c\u0026sp=r\u0026se=2023-08-10T18:16:49Z\u0026st=2023-07-27T18:16:49Z\u0026spr=https\u0026sig=U7ezaedrqqqAMEtEdeqLCwsEqghqRgSrzFMMpkhwBkk%3D"
  }

的数据
当我使用像azure storage explorer这样的工具时，这就是生成的内容，并且链接是可用的。

https://example.blob.core.windows.net/exampleexample/exampleconfig.xml?sv=2020-10-02&st=2023-07-27T17%3A59%3A56Z&se=2023-07-28T17%3A59%3A56Z&sr=b&sp=r&sig=nK%2FbGwwXXEb6e86rD2k3Poz8zGJaptv%2F6BeHdWCIypY%3D`

型

我尝试在Azure中使用Terrafrom使用SAS字符串配置BLOB URL，并成功配置了它。
如前所述，为了实现配置，创建了URL，可用于下载文件。我尝试使用数据azurerm_storage_account_sas生成SAS并将其附加到azurerm_storage_blob中生成的导出URL。
我试着在变量中做些改变，然后运行我的terraform代码

main.tf

data "azurerm_resource_group" "example" {
  name     = "v-bolliv"
}

resource "azurerm_storage_account" "example" {
  name                     = "storageaccountvkvk"
  resource_group_name      = data.azurerm_resource_group.example.name
  location                 = data.azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  enable_https_traffic_only = true
  min_tls_version           = "TLS1_2"
}

resource "azurerm_storage_container" "example" {
  name                  = "container326vk"
  storage_account_name  = azurerm_storage_account.example.name
  container_access_type = "private"
}

resource "azurerm_storage_blob" "example" {
  name                   = "test.txt"
  storage_account_name   = azurerm_storage_account.example.name
  storage_container_name = azurerm_storage_container.example.name
  type                   = "Block"
  source                 = ".\\example\\test.txt"
}

data "azurerm_storage_account_sas" "example" {
  connection_string = azurerm_storage_account.example.primary_connection_string
  https_only        = true
  start             = timestamp()
  expiry            = timeadd(timestamp(), "1h")
  signed_version = "2022-11-02"
  resource_types {
    service = false
    container = true
    object = true
  }
  services {
    blob = true
    queue = true
    table = true
    file = true
    }
    permissions {
        read = true
        write = true
        delete = true
        list = true
        add = true
        create = true
        update = true
        process = true
        tag = true
        filter = true
    }
}

output "sas_token_url" {
  value = "${azurerm_storage_blob.example.url}${data.azurerm_storage_account_sas.example.sas}"
  sensitive=true
 }

字符串

输出：

现在运行terraform_output命令提取blob_sas_url

的
在任何Web浏览器中运行URL以按要求下载文件。

的

Terraform Azure使用SAS字符串生成BLOB URL

1条答案

相关问题

热门标签

最新问答