From ba7be7d8d9d8213cc465d22c3a3e1023ec0ea19b Mon Sep 17 00:00:00 2001 From: Slawomir Koszewski Date: Fri, 20 Feb 2026 08:18:05 +0100 Subject: [PATCH] Added module code. --- README.md | 19 ++++++++++++ main.tf | 36 +++++++++++++++++++++++ outputs.tf | 11 +++++++ variables.tf | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++ versions.tf | 10 +++++++ 5 files changed, 157 insertions(+) create mode 100644 main.tf create mode 100644 outputs.tf create mode 100644 variables.tf create mode 100644 versions.tf diff --git a/README.md b/README.md index e69de29..3bdcd8c 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,19 @@ +# Azure Storage Account Module + +This module creates an Azure Storage Account with the specified name, resource group, and location. It also allows for the creation of storage containers within the account. + +## Variables + +- `rg_name`: The name of the resource group where the storage account will be created. +- `location`: The Azure region where the storage account will be created. +- `storage_account_base_name`: A base name for the storage account. If `storage_account_name` is not provided, the module will generate a unique name using this base name and a hash of the subscription ID, resource group name, and base name. +- `storage_account_name`: The name of the storage account. If not provided, it will be generated based on the `storage_account_base_name`. +- `containers`: A map of storage containers to be created within the storage account. Each container is defined as an object with the following properties: + - `name`: The name of the storage container. + - `container_access_type`: The access level of the container (e.g., "private", "blob", "container"). + +## Outputs + +- `storage_account_id`: The ID of the created storage account. +- `storage_account_name`: The name of the created storage account. +- `container_names`: A list of the names of the created storage containers. diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..0b08f60 --- /dev/null +++ b/main.tf @@ -0,0 +1,36 @@ +data "azurerm_client_config" "current" {} + +locals { + storage_account_name = ( + var.storage_account_name != null && + trimspace(var.storage_account_name) != "" ? + var.storage_account_name : + "${coalesce(var.storage_account_base_name, "")}${substr(md5("${data.azurerm_client_config.current.subscription_id}/${var.rg_name}/${coalesce(var.storage_account_base_name, "")}"), 0, 6)}" + ) +} + +# Azure Storage Account +resource "azurerm_storage_account" "this" { + name = local.storage_account_name + resource_group_name = var.rg_name + location = var.location + account_tier = var.account_tier + account_replication_type = var.account_replication_type + account_kind = "StorageV2" + + shared_access_key_enabled = false + allow_nested_items_to_be_public = var.allow_nested_items_to_be_public + https_traffic_only_enabled = true + public_network_access_enabled = var.public_network_access_enabled + min_tls_version = "TLS1_2" + + tags = var.tags +} + +# Azure Storage Container +resource "azurerm_storage_container" "containers" { + for_each = { for container in values(var.containers) : container.name => container } + name = each.value.name + storage_account_id = azurerm_storage_account.this.id + container_access_type = each.value.container_access_type +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..faea43a --- /dev/null +++ b/outputs.tf @@ -0,0 +1,11 @@ +output "storage_account_id" { + value = azurerm_storage_account.this.id +} + +output "storage_account_name" { + value = azurerm_storage_account.this.name +} + +output "container_names" { + value = [for container in azurerm_storage_container.containers : container.name] +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..2335e62 --- /dev/null +++ b/variables.tf @@ -0,0 +1,81 @@ +variable "rg_name" { + type = string +} + +variable "location" { + type = string +} + +variable "storage_account_base_name" { + type = string + default = null +} + +variable "storage_account_name" { + type = string + default = null + + validation { + condition = ( + (var.storage_account_name != null && trimspace(var.storage_account_name) != "") || + (var.storage_account_base_name != null && trimspace(var.storage_account_base_name) != "") + ) + error_message = "Provide storage_account_name or storage_account_base_name with a non-empty value." + } +} + +variable "account_tier" { + type = string + default = "Standard" +} + +variable "account_replication_type" { + type = string + default = "LRS" +} + +variable "allow_nested_items_to_be_public" { + type = bool + default = false +} + +variable "public_network_access_enabled" { + type = bool + default = true +} + +variable "tags" { + type = map(string) + default = {} + + description = "A map of tags to apply to the storage account resource." +} + +variable "containers" { + type = map(object({ + name = string + container_access_type = string + })) + + default = {} + + # Separate validations to provide specific error messages for each condition + validation { + condition = alltrue([ + for container in values(var.containers) : ( + container.name != null && + trimspace(container.name) != "" + ) + ]) + error_message = "container name must be a non-empty string." + } + + validation { + condition = alltrue([ + for container in values(var.containers) : + contains(["private", "blob", "container"], container.container_access_type) + ]) + + error_message = "container_access_type must be one of 'private', 'blob', or 'container'." + } +} diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..98391a2 --- /dev/null +++ b/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 4.0.0, < 5.0.0" + } + } + + required_version = ">= 1.0.0" +}