From f8e85a1563facabdaba2cc3938b0c7dc7fb8c553 Mon Sep 17 00:00:00 2001 From: Slawomir Koszewski Date: Sun, 1 Mar 2026 10:31:45 +0100 Subject: [PATCH] initialize backup vault module with configuration, outputs, and variable definitions --- main.tf | 34 +++++++++++++++ outputs.tf | 15 +++++++ variables.tf | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++ versions.tf | 10 +++++ 4 files changed, 178 insertions(+) create mode 100644 main.tf create mode 100644 outputs.tf create mode 100644 variables.tf create mode 100644 versions.tf diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..7b92ed2 --- /dev/null +++ b/main.tf @@ -0,0 +1,34 @@ +data "azurerm_client_config" "current" {} + +locals { + backup_vault_name = ( + var.name != null && + trimspace(var.name) != "" ? + var.name : + "${coalesce(var.base_name, "")}${substr(md5("${data.azurerm_client_config.current.subscription_id}/${var.rg_name}/${coalesce(var.base_name, "")}"), 0, 6)}" + ) +} + +resource "azurerm_data_protection_backup_vault" "this" { + name = local.backup_vault_name + resource_group_name = var.rg_name + location = var.location + datastore_type = var.datastore_type + redundancy = var.redundancy + + cross_region_restore_enabled = var.cross_region_restore_enabled + retention_duration_in_days = var.retention_duration_in_days + immutability = var.immutability + soft_delete = var.soft_delete + + dynamic "identity" { + for_each = var.identity == null ? [] : [var.identity] + + content { + type = identity.value.type + identity_ids = try(identity.value.identity_ids, null) + } + } + + tags = var.tags +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..9bb04e6 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,15 @@ +output "backup_vault_id" { + value = azurerm_data_protection_backup_vault.this.id +} + +output "backup_vault_name" { + value = azurerm_data_protection_backup_vault.this.name +} + +output "backup_vault_identity_principal_id" { + value = try(azurerm_data_protection_backup_vault.this.identity[0].principal_id, null) +} + +output "backup_vault_identity_tenant_id" { + value = try(azurerm_data_protection_backup_vault.this.identity[0].tenant_id, null) +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..b216ec9 --- /dev/null +++ b/variables.tf @@ -0,0 +1,119 @@ +variable "rg_name" { + type = string +} + +variable "location" { + type = string +} + +variable "base_name" { + type = string + default = null +} + +variable "name" { + type = string + default = null + + validation { + condition = ( + (var.name != null && trimspace(var.name) != "") || + (var.base_name != null && trimspace(var.base_name) != "") + ) + error_message = "Provide name or base_name with a non-empty value." + } +} + +variable "datastore_type" { + type = string + default = "VaultStore" + + validation { + condition = contains(["ArchiveStore", "OperationalStore", "SnapshotStore", "VaultStore"], var.datastore_type) + error_message = "datastore_type must be one of 'ArchiveStore', 'OperationalStore', 'SnapshotStore', or 'VaultStore'." + } +} + +variable "redundancy" { + type = string + default = "LocallyRedundant" + + validation { + condition = contains(["GeoRedundant", "LocallyRedundant", "ZoneRedundant"], var.redundancy) + error_message = "redundancy must be one of 'GeoRedundant', 'LocallyRedundant', or 'ZoneRedundant'." + } +} + +variable "cross_region_restore_enabled" { + type = bool + default = false + + validation { + condition = var.cross_region_restore_enabled == false || var.redundancy == "GeoRedundant" + error_message = "cross_region_restore_enabled can only be true when redundancy is 'GeoRedundant'." + } +} + +variable "retention_duration_in_days" { + type = number + default = 14 + + validation { + condition = var.retention_duration_in_days >= 14 && var.retention_duration_in_days <= 180 + error_message = "retention_duration_in_days must be between 14 and 180." + } +} + +variable "immutability" { + type = string + default = "Disabled" + + validation { + condition = contains(["Disabled", "Locked", "Unlocked"], var.immutability) + error_message = "immutability must be one of 'Disabled', 'Locked', or 'Unlocked'." + } +} + +variable "soft_delete" { + type = string + default = "On" + + validation { + condition = contains(["AlwaysOn", "Off", "On"], var.soft_delete) + error_message = "soft_delete must be one of 'AlwaysOn', 'Off', or 'On'." + } +} + +variable "identity" { + type = object({ + type = string + identity_ids = optional(list(string)) + }) + default = null + + validation { + condition = ( + var.identity == null || + contains([ + "SystemAssigned", + "UserAssigned", + "SystemAssigned, UserAssigned", + ], var.identity.type) + ) + error_message = "identity.type must be one of 'SystemAssigned', 'UserAssigned', or 'SystemAssigned, UserAssigned'." + } + + validation { + condition = ( + var.identity == null || + var.identity.type != "UserAssigned" || + length(try(var.identity.identity_ids, [])) > 0 + ) + error_message = "identity.identity_ids must be provided when identity.type is 'UserAssigned'." + } +} + +variable "tags" { + type = map(string) + default = {} +} diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..98391a2 --- /dev/null +++ b/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 4.0.0, < 5.0.0" + } + } + + required_version = ">= 1.0.0" +}