variable "shares" { type = map(object({ access_tier = optional(string) enabled_protocol = optional(string) metadata = optional(map(string)) name = string quota = number root_squash = optional(string) signed_identifiers = optional(list(object({ id = string access_policy = optional(object({ expiry_time = string permission = string start_time = string })) }))) role_assignments = optional(map(object({ role_definition_id_or_name = string principal_id = string description = optional(string, null) skip_service_principal_aad_check = optional(bool, false) condition = optional(string, null) condition_version = optional(string, null) delegated_managed_identity_resource_id = optional(string, null) })), {}) timeouts = optional(object({ create = optional(string) delete = optional(string) read = optional(string) update = optional(string) })) })) default = {} description = <<-EOT - `access_tier` - (Optional) The access tier of the File Share. Possible values are `Hot`, `Cool` and `TransactionOptimized`, `Premium`. - `enabled_protocol` - (Optional) The protocol used for the share. Possible values are `SMB` and `NFS`. The `SMB` indicates the share can be accessed by SMBv3.0, SMBv2.1 and REST. The `NFS` indicates the share can be accessed by NFSv4.1. Defaults to `SMB`. Changing this forces a new resource to be created. - `metadata` - (Optional) A mapping of MetaData for this File Share. - `name` - (Required) The name of the share. Must be unique within the storage account where the share is located. Changing this forces a new resource to be created. - `quota` - (Required) The maximum size of the share, in gigabytes. For Standard storage accounts, this must be `1`GB (or higher) and at most `5120` GB (`5` TB). For Premium FileStorage storage accounts, this must be greater than 100 GB and at most `102400` GB (`100` TB). --- `acl` block supports the following: - `id` - (Required) The ID which should be used for this Shared Identifier. --- `access_policy` block supports the following: - `expiry` - (Optional) The time at which this Access Policy should be valid until, in [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) format. - `permissions` - (Required) The permissions which should be associated with this Shared Identifier. Possible value is combination of `r` (read), `w` (write), `d` (delete), and `l` (list). - `start` - (Optional) The time at which this Access Policy should be valid from, in [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) format. --- `timeouts` block supports the following: - `create` - (Defaults to 30 minutes) Used when creating the Storage Share. - `delete` - (Defaults to 30 minutes) Used when deleting the Storage Share. - `read` - (Defaults to 5 minutes) Used when retrieving the Storage Share. - `update` - (Defaults to 30 minutes) Used when updating the Storage Share. Supply role assignments in the same way as for `var.role_assignments`. EOT nullable = false } variable "share_properties" { type = object({ cors_rule = optional(list(object({ allowed_headers = list(string) allowed_methods = list(string) allowed_origins = list(string) exposed_headers = list(string) max_age_in_seconds = number }))) diagnostic_settings = optional(map(object({ name = optional(string, null) log_categories = optional(set(string), []) log_groups = optional(set(string), ["allLogs"]) metric_categories = optional(set(string), ["AllMetrics"]) log_analytics_destination_type = optional(string, "Dedicated") workspace_resource_id = optional(string, null) resource_id = optional(string, null) event_hub_authorization_rule_resource_id = optional(string, null) event_hub_name = optional(string, null) marketplace_partner_resource_id = optional(string, null) })), {}) retention_policy = optional(object({ days = optional(number) })) smb = optional(object({ authentication_types = optional(set(string)) channel_encryption_type = optional(set(string)) kerberos_ticket_encryption_type = optional(set(string)) multichannel_enabled = optional(bool) versions = optional(set(string)) })) }) default = null description = <<-EOT --- `cors_rule` block supports the following: - `allowed_headers` - (Required) A list of headers that are allowed to be a part of the cross-origin request. - `allowed_methods` - (Required) A list of HTTP methods that are allowed to be executed by the origin. Valid options are `DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS`, `PUT` or `PATCH`. - `allowed_origins` - (Required) A list of origin domains that will be allowed by CORS. - `exposed_headers` - (Required) A list of response headers that are exposed to CORS clients. - `max_age_in_seconds` - (Required) The number of seconds the client should cache a preflight response. --- `diagnostic_settings` block supports the following: - `name` - (Optional) The name of the diagnostic setting. Defaults to `null`. - `log_categories` - (Optional) A set of log categories to enable. Defaults to an empty set. - `log_groups` - (Optional) A set of log groups to enable. Defaults to `["allLogs"]`. - `metric_categories` - (Optional) A set of metric categories to enable. Defaults to `["AllMetrics"]`. - `log_analytics_destination_type` - (Optional) The destination type for log analytics. Defaults to `"Dedicated"`. - `workspace_resource_id` - (Optional) The resource ID of the Log Analytics workspace. Defaults to `null`. - `resource_id` - (Optional) The resource ID of the target resource for diagnostics. Defaults to `null`. - `event_hub_authorization_rule_resource_id` - (Optional) The resource ID of the Event Hub authorization rule. Defaults to `null`. - `event_hub_name` - (Optional) The name of the Event Hub. Defaults to `null`. - `marketplace_partner_resource_id` - (Optional) The resource ID of the marketplace partner. Defaults to `null`. --- `retention_policy` block supports the following: - `days` - (Optional) Specifies the number of days that the `azurerm_shares` should be retained, between `1` and `365` days. Defaults to `7`. --- `smb` block supports the following: - `authentication_types` - (Optional) A set of SMB authentication methods. Possible values are `NTLMv2`, and `Kerberos`. - `channel_encryption_type` - (Optional) A set of SMB channel encryption. Possible values are `AES-128-CCM`, `AES-128-GCM`, and `AES-256-GCM`. - `kerberos_ticket_encryption_type` - (Optional) A set of Kerberos ticket encryption. Possible values are `RC4-HMAC`, and `AES-256`. - `multichannel_enabled` - (Optional) Indicates whether multichannel is enabled. Defaults to `false`. This is only supported on Premium storage accounts. - `versions` - (Optional) A set of SMB protocol versions. Possible values are `SMB2.1`, `SMB3.0`, and `SMB3.1.1`. EOT } variable "large_file_share_enabled" { type = bool default = null description = "(Optional) Is Large File Share Enabled?" } variable "azure_files_authentication" { type = object({ directory_type = optional(string, "AADKERB") default_share_level_permission = optional(string) active_directory = optional(object({ domain_guid = string domain_name = string domain_sid = string forest_name = string netbios_domain_name = string storage_sid = string })) }) default = null description = <<-EOT - `directory_type` - (Required) Specifies the directory service used. Possible values are `AADDS`, `AD` and `AADKERB`. - `default_share_level_permission` - (Optional) Specifies the default share level permissions applied to all users. Possible values are StorageFileDataSmbShareReader, StorageFileDataSmbShareContributor, StorageFileDataSmbShareElevatedContributor, or None. --- `active_directory` block supports the following: - `domain_guid` - (Required) Specifies the domain GUID. - `domain_name` - (Required) Specifies the primary domain that the AD DNS server is authoritative for. - `domain_sid` - (Required) Specifies the security identifier (SID). - `forest_name` - (Required) Specifies the Active Directory forest. - `netbios_domain_name` - (Required) Specifies the NetBIOS domain name. - `storage_sid` - (Required) Specifies the security identifier (SID) for Azure Storage. EOT }