variable "rg_name" { type = string } variable "location" { type = string } variable "base_name" { type = string default = null } variable "name" { type = string default = null validation { condition = ( (var.name != null && trimspace(var.name) != "") || (var.base_name != null && trimspace(var.base_name) != "") ) error_message = "Provide name or base_name with a non-empty value." } } variable "datastore_type" { type = string default = "VaultStore" validation { condition = contains(["ArchiveStore", "OperationalStore", "SnapshotStore", "VaultStore"], var.datastore_type) error_message = "datastore_type must be one of 'ArchiveStore', 'OperationalStore', 'SnapshotStore', or 'VaultStore'." } } variable "redundancy" { type = string default = "LocallyRedundant" validation { condition = contains(["GeoRedundant", "LocallyRedundant", "ZoneRedundant"], var.redundancy) error_message = "redundancy must be one of 'GeoRedundant', 'LocallyRedundant', or 'ZoneRedundant'." } } variable "cross_region_restore_enabled" { type = bool default = false validation { condition = var.cross_region_restore_enabled == false || var.redundancy == "GeoRedundant" error_message = "cross_region_restore_enabled can only be true when redundancy is 'GeoRedundant'." } } variable "retention_duration_in_days" { type = number default = 14 validation { condition = var.retention_duration_in_days >= 14 && var.retention_duration_in_days <= 180 error_message = "retention_duration_in_days must be between 14 and 180." } } variable "immutability" { type = string default = "Disabled" validation { condition = contains(["Disabled", "Locked", "Unlocked"], var.immutability) error_message = "immutability must be one of 'Disabled', 'Locked', or 'Unlocked'." } } variable "soft_delete" { type = string default = "On" validation { condition = contains(["AlwaysOn", "Off", "On"], var.soft_delete) error_message = "soft_delete must be one of 'AlwaysOn', 'Off', or 'On'." } } variable "identity" { type = object({ type = string identity_ids = optional(list(string)) }) default = null validation { condition = ( var.identity == null || contains([ "SystemAssigned", "UserAssigned", "SystemAssigned, UserAssigned", ], var.identity.type) ) error_message = "identity.type must be one of 'SystemAssigned', 'UserAssigned', or 'SystemAssigned, UserAssigned'." } validation { condition = ( var.identity == null || var.identity.type != "UserAssigned" || length(try(var.identity.identity_ids, [])) > 0 ) error_message = "identity.identity_ids must be provided when identity.type is 'UserAssigned'." } } variable "tags" { type = map(string) default = {} } variable "protected_blob_storage_accounts" { type = map(object({ id = string container_names = optional(list(string)) backup_instance_location = optional(string) backup_instance_name = optional(string) backup_policy_key = optional(string) })) default = {} validation { condition = ( length(var.protected_blob_storage_accounts) == 0 || ( var.identity != null && contains([ "SystemAssigned", "SystemAssigned, UserAssigned", ], var.identity.type) ) ) error_message = "When protected_blob_storage_accounts is set, identity.type must include SystemAssigned." } validation { condition = alltrue([ for sa in values(var.protected_blob_storage_accounts) : ( try(sa.backup_policy_key, null) == null || contains(keys(var.blob_backup_policies), sa.backup_policy_key) ) ]) error_message = "Each protected_blob_storage_accounts[*].backup_policy_key must exist in blob_backup_policies." } } variable "blob_backup_policies" { type = map(object({ name = optional(string) backup_repeating_time_intervals = optional(list(string)) operational_default_retention_duration = optional(string) vault_default_retention_duration = optional(string) })) default = {} }