initialize backup vault module with configuration, outputs, and variable definitions

2026-03-01 10:31:45 +01:00
parent 7cfb463d38
commit f8e85a1563
4 changed files with 178 additions and 0 deletions
--- a/main.tf
+++ b/main.tf
@@ -0,0 +1,34 @@
+data "azurerm_client_config" "current" {}
+
+locals {
+  backup_vault_name = (
+    var.name != null &&
+    trimspace(var.name) != "" ?
+    var.name :
+    "${coalesce(var.base_name, "")}${substr(md5("${data.azurerm_client_config.current.subscription_id}/${var.rg_name}/${coalesce(var.base_name, "")}"), 0, 6)}"
+  )
+}
+
+resource "azurerm_data_protection_backup_vault" "this" {
+  name                = local.backup_vault_name
+  resource_group_name = var.rg_name
+  location            = var.location
+  datastore_type      = var.datastore_type
+  redundancy          = var.redundancy
+
+  cross_region_restore_enabled = var.cross_region_restore_enabled
+  retention_duration_in_days   = var.retention_duration_in_days
+  immutability                 = var.immutability
+  soft_delete                  = var.soft_delete
+
+  dynamic "identity" {
+    for_each = var.identity == null ? [] : [var.identity]
+
+    content {
+      type         = identity.value.type
+      identity_ids = try(identity.value.identity_ids, null)
+    }
+  }
+
+  tags = var.tags
+}
--- a/outputs.tf
+++ b/outputs.tf
@@ -0,0 +1,15 @@
+output "backup_vault_id" {
+  value = azurerm_data_protection_backup_vault.this.id
+}
+
+output "backup_vault_name" {
+  value = azurerm_data_protection_backup_vault.this.name
+}
+
+output "backup_vault_identity_principal_id" {
+  value = try(azurerm_data_protection_backup_vault.this.identity[0].principal_id, null)
+}
+
+output "backup_vault_identity_tenant_id" {
+  value = try(azurerm_data_protection_backup_vault.this.identity[0].tenant_id, null)
+}
--- a/variables.tf
+++ b/variables.tf
@@ -0,0 +1,119 @@
+variable "rg_name" {
+  type = string
+}
+
+variable "location" {
+  type = string
+}
+
+variable "base_name" {
+  type    = string
+  default = null
+}
+
+variable "name" {
+  type    = string
+  default = null
+
+  validation {
+    condition = (
+      (var.name != null && trimspace(var.name) != "") ||
+      (var.base_name != null && trimspace(var.base_name) != "")
+    )
+    error_message = "Provide name or base_name with a non-empty value."
+  }
+}
+
+variable "datastore_type" {
+  type    = string
+  default = "VaultStore"
+
+  validation {
+    condition     = contains(["ArchiveStore", "OperationalStore", "SnapshotStore", "VaultStore"], var.datastore_type)
+    error_message = "datastore_type must be one of 'ArchiveStore', 'OperationalStore', 'SnapshotStore', or 'VaultStore'."
+  }
+}
+
+variable "redundancy" {
+  type    = string
+  default = "LocallyRedundant"
+
+  validation {
+    condition     = contains(["GeoRedundant", "LocallyRedundant", "ZoneRedundant"], var.redundancy)
+    error_message = "redundancy must be one of 'GeoRedundant', 'LocallyRedundant', or 'ZoneRedundant'."
+  }
+}
+
+variable "cross_region_restore_enabled" {
+  type    = bool
+  default = false
+
+  validation {
+    condition     = var.cross_region_restore_enabled == false || var.redundancy == "GeoRedundant"
+    error_message = "cross_region_restore_enabled can only be true when redundancy is 'GeoRedundant'."
+  }
+}
+
+variable "retention_duration_in_days" {
+  type    = number
+  default = 14
+
+  validation {
+    condition     = var.retention_duration_in_days >= 14 && var.retention_duration_in_days <= 180
+    error_message = "retention_duration_in_days must be between 14 and 180."
+  }
+}
+
+variable "immutability" {
+  type    = string
+  default = "Disabled"
+
+  validation {
+    condition     = contains(["Disabled", "Locked", "Unlocked"], var.immutability)
+    error_message = "immutability must be one of 'Disabled', 'Locked', or 'Unlocked'."
+  }
+}
+
+variable "soft_delete" {
+  type    = string
+  default = "On"
+
+  validation {
+    condition     = contains(["AlwaysOn", "Off", "On"], var.soft_delete)
+    error_message = "soft_delete must be one of 'AlwaysOn', 'Off', or 'On'."
+  }
+}
+
+variable "identity" {
+  type = object({
+    type         = string
+    identity_ids = optional(list(string))
+  })
+  default = null
+
+  validation {
+    condition = (
+      var.identity == null ||
+      contains([
+        "SystemAssigned",
+        "UserAssigned",
+        "SystemAssigned, UserAssigned",
+      ], var.identity.type)
+    )
+    error_message = "identity.type must be one of 'SystemAssigned', 'UserAssigned', or 'SystemAssigned, UserAssigned'."
+  }
+
+  validation {
+    condition = (
+      var.identity == null ||
+      var.identity.type != "UserAssigned" ||
+      length(try(var.identity.identity_ids, [])) > 0
+    )
+    error_message = "identity.identity_ids must be provided when identity.type is 'UserAssigned'."
+  }
+}
+
+variable "tags" {
+  type    = map(string)
+  default = {}
+}
--- a/versions.tf
+++ b/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 4.0.0, < 5.0.0"
+    }
+  }
+
+  required_version = ">= 1.0.0"
+}