Add support for Azure Blob Storage backup policies and instances

2026-03-01 18:56:36 +01:00
parent 88abbff590
commit 5423105d39
4 changed files with 134 additions and 0 deletions
--- a/variables.tf
+++ b/variables.tf
@@ -117,3 +117,48 @@ variable "tags" {
  type    = map(string)
  default = {}
 }
+
+variable "protected_blob_storage_accounts" {
+  type = map(object({
+    id                       = string
+    container_names          = optional(list(string))
+    backup_instance_location = optional(string)
+    backup_instance_name     = optional(string)
+    backup_policy_key        = optional(string)
+  }))
+  default = {}
+
+  validation {
+    condition = (
+      length(var.protected_blob_storage_accounts) == 0 ||
+      (
+        var.identity != null &&
+        contains([
+          "SystemAssigned",
+          "SystemAssigned, UserAssigned",
+        ], var.identity.type)
+      )
+    )
+    error_message = "When protected_blob_storage_accounts is set, identity.type must include SystemAssigned."
+  }
+
+  validation {
+    condition = alltrue([
+      for sa in values(var.protected_blob_storage_accounts) : (
+        try(sa.backup_policy_key, null) == null ||
+        contains(keys(var.blob_backup_policies), sa.backup_policy_key)
+      )
+    ])
+    error_message = "Each protected_blob_storage_accounts[*].backup_policy_key must exist in blob_backup_policies."
+  }
+}
+
+variable "blob_backup_policies" {
+  type = map(object({
+    name                                   = optional(string)
+    backup_repeating_time_intervals        = optional(list(string))
+    operational_default_retention_duration = optional(string)
+    vault_default_retention_duration       = optional(string)
+  }))
+  default = {}
+}