diff --git a/azurerm/internal/services/storage/resource_arm_storage_data_lake_gen2_filesystem_test.go b/azurerm/internal/services/storage/resource_arm_storage_data_lake_gen2_filesystem_test.go index e8fda1e30317..11ecf3b00c76 100644 --- a/azurerm/internal/services/storage/resource_arm_storage_data_lake_gen2_filesystem_test.go +++ b/azurerm/internal/services/storage/resource_arm_storage_data_lake_gen2_filesystem_test.go @@ -334,8 +334,8 @@ resource "azurerm_storage_data_lake_gen2_filesystem" "test" { permissions = "---" } depends_on = [ - azurerm_role_assignment.storageAccountRoleAssignment, - azuread_service_principal.test + azurerm_role_assignment.storageAccountRoleAssignment, + azuread_service_principal.test ] } `, template, data.RandomInteger) diff --git a/website/docs/r/storage_data_lake_gen2_filesystem.html.markdown b/website/docs/r/storage_data_lake_gen2_filesystem.html.markdown index c4fbd1a07571..4873ece5f8b5 100644 --- a/website/docs/r/storage_data_lake_gen2_filesystem.html.markdown +++ b/website/docs/r/storage_data_lake_gen2_filesystem.html.markdown @@ -48,9 +48,26 @@ The following arguments are supported: * `storage_account_id` - (Required) Specifies the ID of the Storage Account in which the Data Lake Gen2 File System should exist. Changing this forces a new resource to be created. +* `properties` - (Optional) A mapping of Key to Base64-Encoded Values which should be assigned to this Data Lake Gen2 File System. + +* `ace` - (Optional) One or more `ace` blocks as defined below to specify the entries for the ACL for the path. + ~> **NOTE:** The Storage Account requires `account_kind` to be either `StorageV2` or `BlobStorage`. In addition, `is_hns_enabled` has to be set to `true`. -* `properties` - (Optional) A mapping of Key to Base64-Encoded Values which should be assigned to this Data Lake Gen2 File System. +--- + +An `ace` block supports the following: + +* `scope` - (Optional) Specifies whether the ACE represents an `access` entry or a `default` entry. Default value is `access`. + +* `type` - (Required) Specifies the type of entry. Can be `user`, `group`, `mask` or `other`. + +* `id` - (Optional) Specifies the Object ID of the Azure Active Directory User or Group that the entry relates to. Only valid for `user` or `group` entries. + +* `permissions` - (Required) Specifies the permissions for the entry in `rwx` form. For example, `rwx` gives full permissions but `r--` only gives read permissions. + +More details on ACLs can be found here: https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control#access-control-lists-on-files-and-directories + ## Attributes Reference