Search code examples
azureazure-storageterraformazure-filesazure-storage-files

Unable to automatically map azure storage share using terraform and Azure VM extensions on Windows VM

Problem statement I am trying to automatically map an Azure file share to Windows VMs using Azure VM extension. The VM extension installs successfully, the command runs but on logging into the VM I see that my drive is disconnected.

On trying to access it, I get an incorrect username or password error. However, running the PowerShell script on the machine correctly maps the network drive and I can access it.

Code

resource "azurerm_virtual_machine_extension" "test" {
  # Custom VM extension documentation https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
  # additional documentation http://teknews.cloud/bootstrapping-azure-vms-with-terraform/, https://github.com/terraform-providers/terraform-provider-azurerm/issues/728
  name = "network_share"
  location = "${azurerm_resource_group.main.location}"
  resource_group_name = "${azurerm_resource_group.main.name}"
  #virtual_machine_name = "${azurerm_virtual_machine.vm.name}"
  virtual_machine_name = "${element(azurerm_virtual_machine.vm.*.name, count.index)}"
  publisher = "Microsoft.Compute"
  type = "CustomScriptExtension"
  type_handler_version = "1.9"
  count = "${var.vm_count}"

  settings = <<SETTINGS
  {
      "commandToExecute": "powershell -command \"[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('${base64encode(data.template_file.net_fileshare_script.rendered)}')) | Out-File -filepath net_fileshare_script.ps1\" && powershell -File net_fileshare_script.ps1"
  }
  SETTINGS

  depends_on = ["azurerm_virtual_machine.vm"]
}

data "template_file" "net_fileshare_script" {
  template = "${file("./scripts/net_fileshare_script.ps1")}"
}
Solution

  • I found out the script works as it is. The problem is that the credentials for the storage share aren't available to the remote user once logged in.

    Once the remote user logs in, running this command Invoke-Expression -Command "cmdkey /add:storageaccount.file.core.windows.net /user:AZURE\storageaccount /pass:storagekey" makes the storage share accessible to the remote user account.

    NB: Is it possible to make a credential available to multiple user accounts via a one time script?