slawek/terraform-azurerm-backup-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
terraform-azurerm-backup-vault/variables.tf

165 lines
4.2 KiB
HCL
Raw Permalink Blame History

variable "rg_name" {
type = string
}
variable "location" {
type = string
}
variable "base_name" {
type = string
default = null
}
variable "name" {
type = string
default = null
validation {
condition = (
(var.name != null && trimspace(var.name) != "") ||
(var.base_name != null && trimspace(var.base_name) != "")
)
error_message = "Provide name or base_name with a non-empty value."
}
}
variable "datastore_type" {
type = string
default = "VaultStore"
validation {
condition = contains(["ArchiveStore", "OperationalStore", "SnapshotStore", "VaultStore"], var.datastore_type)
error_message = "datastore_type must be one of 'ArchiveStore', 'OperationalStore', 'SnapshotStore', or 'VaultStore'."
}
}
variable "redundancy" {
type = string
default = "LocallyRedundant"
validation {
condition = contains(["GeoRedundant", "LocallyRedundant", "ZoneRedundant"], var.redundancy)
error_message = "redundancy must be one of 'GeoRedundant', 'LocallyRedundant', or 'ZoneRedundant'."
}
}
variable "cross_region_restore_enabled" {
type = bool
default = false
validation {
condition = var.cross_region_restore_enabled == false || var.redundancy == "GeoRedundant"
error_message = "cross_region_restore_enabled can only be true when redundancy is 'GeoRedundant'."
}
}
variable "retention_duration_in_days" {
type = number
default = 14
validation {
condition = var.retention_duration_in_days >= 14 && var.retention_duration_in_days <= 180
error_message = "retention_duration_in_days must be between 14 and 180."
}
}
variable "immutability" {
type = string
default = "Disabled"
validation {
condition = contains(["Disabled", "Locked", "Unlocked"], var.immutability)
error_message = "immutability must be one of 'Disabled', 'Locked', or 'Unlocked'."
}
}
variable "soft_delete" {
type = string
default = "On"
validation {
condition = contains(["AlwaysOn", "Off", "On"], var.soft_delete)
error_message = "soft_delete must be one of 'AlwaysOn', 'Off', or 'On'."
}
}
variable "identity" {
type = object({
type = string
identity_ids = optional(list(string))
})
default = null
validation {
condition = (
var.identity == null ||
contains([
"SystemAssigned",
"UserAssigned",
"SystemAssigned, UserAssigned",
], var.identity.type)
)
error_message = "identity.type must be one of 'SystemAssigned', 'UserAssigned', or 'SystemAssigned, UserAssigned'."
}
validation {
condition = (
var.identity == null ||
var.identity.type != "UserAssigned" ||
length(try(var.identity.identity_ids, [])) > 0
)
error_message = "identity.identity_ids must be provided when identity.type is 'UserAssigned'."
}
}
variable "tags" {
type = map(string)
default = {}
}
variable "protected_blob_storage_accounts" {
type = map(object({
id = string
container_names = optional(list(string))
backup_instance_location = optional(string)
backup_instance_name = optional(string)
backup_policy_key = optional(string)
}))
default = {}
validation {
condition = (
length(var.protected_blob_storage_accounts) == 0 ||
(
var.identity != null &&
contains([
"SystemAssigned",
"SystemAssigned, UserAssigned",
], var.identity.type)
)
)
error_message = "When protected_blob_storage_accounts is set, identity.type must include SystemAssigned."
}
validation {
condition = alltrue([
for sa in values(var.protected_blob_storage_accounts) : (
try(sa.backup_policy_key, null) == null ||
contains(keys(var.blob_backup_policies), sa.backup_policy_key)
)
])
error_message = "Each protected_blob_storage_accounts[*].backup_policy_key must exist in blob_backup_policies."
}
}
variable "blob_backup_policies" {
type = map(object({
name = optional(string)
backup_repeating_time_intervals = optional(list(string))
operational_default_retention_duration = optional(string)
vault_default_retention_duration = optional(string)
}))
default = {}
}
Reference in New Issue View Git Blame Copy Permalink