qmi-cloud-tf-modules/adls/main.tf

resource "random_id" "randomMachineId" {
    keepers = {
        # Generate a new ID only when a new resource group is defined
        resource_group = var.resource_group_name
    }
    
    byte_length = 5
}


resource "azurerm_storage_account" "saccount" {

  name = var.storage_account_name != null? var.storage_account_name : "qmiadlsgen2${random_id.randomMachineId.hex}"

  resource_group_name       = var.resource_group_name
  location                  = var.location

  account_kind              = "StorageV2"
  account_replication_type  = var.account_replication_type != null? var.account_replication_type : "RAGRS"
  account_tier              = "Standard"
  access_tier               = "Hot"

  is_hns_enabled            = "true"

  tags = var.tags
}

resource "azurerm_storage_container" "scontainer" {

  name                  = var.container_name != null? var.container_name : "qmicontainer"
  storage_account_name  = azurerm_storage_account.saccount.name
  #container_access_type = "container"
}

resource "azurerm_role_assignment" "data-contributor-role" {
  scope                = azurerm_storage_account.saccount.id
  role_definition_name = "Contributor"
  principal_id         = var.tpm_app_registration_principal_id
}

resource "azurerm_role_assignment" "data-contributor-role2" {  
  scope                = azurerm_storage_account.saccount.id
  role_definition_name = "Storage Blob Data Contributor"
  principal_id         = var.tpm_app_registration_principal_id
}


resource "azurerm_role_assignment" "data-contributor-dbricksapp1" {
  scope                = azurerm_storage_account.saccount.id
  role_definition_name = "Contributor"
  principal_id         = var.dbricks_app_registration_principal_id
}

resource "azurerm_role_assignment" "data-contributor-dbricksapp2" { 
  scope                = azurerm_storage_account.saccount.id
  role_definition_name = "Storage Blob Data Contributor"
  principal_id         = var.dbricks_app_registration_principal_id
}


###### EXTRA ASSIGN ROLE #######

resource "azurerm_role_assignment" "machine_role_assignment" { 

  count = var.principal_id_storage_blob_contributor != null? 1 : 0

  scope                = azurerm_storage_account.saccount.id
  role_definition_name = "Storage Blob Data Contributor"
  principal_id         = var.principal_id_storage_blob_contributor
}