Skip to content

Commit

Permalink
feat: Storage account resource now includes all attributes from newes…
Browse files Browse the repository at this point in the history
…t azurerm provider version

feat: Module now inclues a resource for storage management policy
  • Loading branch information
habr-mms committed Jul 19, 2024
1 parent 71e52a0 commit ffbfd53
Show file tree
Hide file tree
Showing 4 changed files with 237 additions and 13 deletions.
95 changes: 89 additions & 6 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,13 @@ resource "azurerm_storage_account" "storage_account" {
is_hns_enabled = local.storage_account[each.key].is_hns_enabled
nfsv3_enabled = local.storage_account[each.key].nfsv3_enabled
large_file_share_enabled = local.storage_account[each.key].large_file_share_enabled
local_user_enabled = local.storage_account[each.key].local_user_enabled
queue_encryption_key_type = local.storage_account[each.key].queue_encryption_key_type
table_encryption_key_type = local.storage_account[each.key].table_encryption_key_type
infrastructure_encryption_enabled = local.storage_account[each.key].infrastructure_encryption_enabled
allowed_copy_scope = local.storage_account[each.key].allowed_copy_scope
sftp_enabled = local.storage_account[each.key].sftp_enabled
dns_endpoint_type = local.storage_account[each.key].dns_endpoint_type

dynamic "custom_domain" {
for_each = length(compact(values(local.storage_account[each.key].custom_domain))) > 0 ? [0] : []
Expand All @@ -43,10 +45,11 @@ resource "azurerm_storage_account" "storage_account" {
}

dynamic "customer_managed_key" {
for_each = local.storage_account[each.key].customer_managed_key == {} ? [] : [0]
for_each = length(compact(values(local.storage_account[each.key].customer_managed_key))) > 0 ? [0] : []

content {
key_vault_key_id = local.storage_account[each.key].customer_managed_key.key_vault_key_id
managed_hsm_key_id = local.storage_account[each.key].customer_managed_key.managed_hsm_key_id
user_assigned_identity_id = local.storage_account[each.key].customer_managed_key.user_assigned_identity_id
}
}
Expand Down Expand Up @@ -86,7 +89,8 @@ resource "azurerm_storage_account" "storage_account" {
for_each = local.storage_account[each.key].blob_properties.delete_retention_policy == {} ? [] : [0]

content {
days = local.storage_account[each.key].blob_properties.delete_retention_policy.days
days = local.storage_account[each.key].blob_properties.delete_retention_policy.days
permanent_delete_enabled = local.storage_account[each.key].blob_properties.delete_retention_policy.permanent_delete_enabled
}
}

Expand Down Expand Up @@ -280,13 +284,92 @@ resource "azurerm_storage_account" "storage_account" {
tags = local.storage_account[each.key].tags
}

resource "azurerm_storage_management_policy" "storage_management_policy" {
for_each = var.storage_management_policy

storage_account_id = local.storage_management_policy[each.key].storage_account_id

dynamic "rule" {
for_each = local.storage_management_policy[each.key].rule

content {
name = local.storage_management_policy[each.key].rule[rule.key].name == "" ? rule.key : local.storage_management_policy[each.key].rule[rule.key].name
enabled = local.storage_management_policy[each.key].rule[rule.key].enabled

filters {
blob_types = local.storage_management_policy[each.key].rule[rule.key].filters.blob_types
prefix_match = local.storage_management_policy[each.key].rule[rule.key].filters.prefix_match

dynamic "match_blob_index_tag" {
for_each = length(compact(values(local.storage_management_policy[each.key].rule[rule.key].filters.match_blob_index_tag))) > 0 ? [0] : []

content {
name = local.storage_management_policy[each.key].rule[rule.key].filters.match_blob_index_tag.name
value = local.storage_management_policy[each.key].rule[rule.key].filters.match_blob_index_tag.value
operation = local.storage_management_policy[each.key].rule[rule.key].filters.match_blob_index_tag.operation
}
}
}

actions {
dynamic "base_blob" {
for_each = length(compact(values(local.storage_management_policy[each.key].rule[rule.key].actions.base_blob))) > 0 ? [0] : []

content {
tier_to_cool_after_days_since_modification_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_cool_after_days_since_modification_greater_than
tier_to_cool_after_days_since_last_access_time_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_cool_after_days_since_last_access_time_greater_than
tier_to_cool_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_cool_after_days_since_creation_greater_than
auto_tier_to_hot_from_cool_enabled = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.auto_tier_to_hot_from_cool_enabled
tier_to_archive_after_days_since_modification_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_archive_after_days_since_modification_greater_than
tier_to_archive_after_days_since_last_access_time_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_archive_after_days_since_last_access_time_greater_than
tier_to_archive_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_archive_after_days_since_creation_greater_than
tier_to_archive_after_days_since_last_tier_change_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_archive_after_days_since_last_tier_change_greater_than
tier_to_cold_after_days_since_modification_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_cold_after_days_since_modification_greater_than
tier_to_cold_after_days_since_last_access_time_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_cold_after_days_since_last_access_time_greater_than
tier_to_cold_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_cold_after_days_since_creation_greater_than
delete_after_days_since_modification_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.delete_after_days_since_modification_greater_than
delete_after_days_since_last_access_time_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.delete_after_days_since_last_access_time_greater_than
delete_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.delete_after_days_since_creation_greater_than
}
}

dynamic "snapshot" {
for_each = length(compact(values(local.storage_management_policy[each.key].rule[rule.key].actions.snapshot))) > 0 ? [0] : []

content {
change_tier_to_archive_after_days_since_creation = local.storage_management_policy[each.key].rule[rule.key].actions.snapshot.change_tier_to_archive_after_days_since_creation
tier_to_archive_after_days_since_last_tier_change_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.snapshot.tier_to_archive_after_days_since_last_tier_change_greater_than
change_tier_to_cool_after_days_since_creation = local.storage_management_policy[each.key].rule[rule.key].actions.snapshot.change_tier_to_cool_after_days_since_creation
tier_to_cold_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.snapshot.tier_to_cold_after_days_since_creation_greater_than
delete_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.snapshot.delete_after_days_since_creation_greater_than
}
}

dynamic "version" {
for_each = length(compact(values(local.storage_management_policy[each.key].rule[rule.key].actions.version))) > 0 ? [0] : []

content {
change_tier_to_archive_after_days_since_creation = local.storage_management_policy[each.key].rule[rule.key].actions.version.change_tier_to_archive_after_days_since_creation
tier_to_archive_after_days_since_last_tier_change_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.version.tier_to_archive_after_days_since_last_tier_change_greater_than
change_tier_to_cool_after_days_since_creation = local.storage_management_policy[each.key].rule[rule.key].actions.version.change_tier_to_cool_after_days_since_creation
tier_to_cold_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.version.tier_to_cold_after_days_since_creation_greater_than
delete_after_days_since_creation = local.storage_management_policy[each.key].rule[rule.key].actions.version.delete_after_days_since_creation
}
}
}
}
}
}

resource "azurerm_storage_container" "storage_container" {
for_each = var.storage_container

name = local.storage_container[each.key].name == "" ? each.key : local.storage_container[each.key].name
storage_account_name = local.storage_container[each.key].storage_account_name
container_access_type = local.storage_container[each.key].container_access_type
metadata = local.storage_container[each.key].metadata
name = local.storage_container[each.key].name == "" ? each.key : local.storage_container[each.key].name
storage_account_name = local.storage_container[each.key].storage_account_name
container_access_type = local.storage_container[each.key].container_access_type
default_encryption_scope = local.storage_container[each.key].default_encryption_scope
encryption_scope_override_enabled = local.storage_container[each.key].encryption_scope_override_enabled
metadata = local.storage_container[each.key].metadata
}

resource "azurerm_storage_share" "storage_share" {
Expand Down
45 changes: 45 additions & 0 deletions outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,17 @@ output "storage_account" {
}
}

output "storage_management_policy" {
description = "Outputs all attributes of resource_type."
value = {
for storage_management_policy in keys(azurerm_storage_management_policy.storage_management_policy) :
storage_management_policy => {
for key, value in azurerm_storage_management_policy.storage_management_policy[storage_management_policy] :
key => value
}
}
}

output "storage_container" {
description = "Outputs all attributes of resource_type."
value = {
Expand Down Expand Up @@ -54,6 +65,10 @@ output "variables" {
for key in keys(var.storage_account) :
key => local.storage_account[key]
}
storage_management_policy = {
for key in keys(var.storage_management_policy) :
key => local.storage_management_policy[key]
}
storage_container = {
for key in keys(var.storage_container) :
key => local.storage_container[key]
Expand All @@ -67,11 +82,41 @@ output "variables" {
key => local.storage_share_directory[key]
}
}
values = {
storage_account = {
for key in keys(var.storage_account) :
key => local.storage_account_values[key]
}
storage_management_policy = {
for key in keys(var.storage_management_policy) :
key => local.storage_management_policy_values[key]
}
storage_share = {
for key in keys(var.storage_share) :
key => local.storage_share_values[key]
}
}
variable = {
storage_account = {
for key in keys(var.storage_account) :
key => var.storage_account[key]
}
storage_management_policy = {
for key in keys(var.storage_management_policy) :
key => var.storage_management_policy[key]
}
storage_container = {
for key in keys(var.storage_container) :
key => var.storage_container[key]
}
storage_share = {
for key in keys(var.storage_share) :
key => var.storage_share[key]
}
storage_share_directory = {
for key in keys(var.storage_share_directory) :
key => var.storage_share_directory[key]
}
}
}
}
106 changes: 101 additions & 5 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@ variable "storage_account" {
default = {}
description = "Resource definition, default settings are defined within locals and merged with var settings. For more information look at [Outputs](#Outputs)."
}
variable "storage_management_policy" {
type = any
default = {}
description = "Resource definition, default settings are defined within locals and merged with var settings. For more information look at [Outputs](#Outputs)."
}
variable "storage_container" {
type = any
default = {}
Expand Down Expand Up @@ -39,16 +44,21 @@ locals {
is_hns_enabled = null
nfsv3_enabled = null
large_file_share_enabled = null
local_user_enabled = null
queue_encryption_key_type = null
table_encryption_key_type = null
infrastructure_encryption_enabled = null
allowed_copy_scope = null
sftp_enabled = null
dns_endpoint_type = null
custom_domain = {
name = ""
use_subdomain = null
}
customer_managed_key = {}
customer_managed_key = {
key_vault_key_id = null
managed_hsm_key_id = null
}
identity = {
identity_ids = null
}
Expand All @@ -60,7 +70,8 @@ locals {
last_access_time_enabled = null
cors_rule = {}
delete_retention_policy = {
days = null
days = null
permanent_delete_enabled = null
}
restore_policy = {}
container_delete_retention_policy = {
Expand Down Expand Up @@ -122,10 +133,56 @@ locals {
}
tags = {}
}
storage_management_policy = {
rule = {
name = ""
enabled = true // defined default
filters = {
prefix_match = []
match_blob_index_tag = {
operation = null
}
}
actions = {
base_blob = {
tier_to_cool_after_days_since_modification_greater_than = null
tier_to_cool_after_days_since_last_access_time_greater_than = null
tier_to_cool_after_days_since_creation_greater_than = null
auto_tier_to_hot_from_cool_enabled = null
tier_to_archive_after_days_since_modification_greater_than = null
tier_to_archive_after_days_since_last_access_time_greater_than = null
tier_to_archive_after_days_since_creation_greater_than = null
tier_to_archive_after_days_since_last_tier_change_greater_than = null
tier_to_cold_after_days_since_modification_greater_than = null
tier_to_cold_after_days_since_last_access_time_greater_than = null
tier_to_cold_after_days_since_creation_greater_than = null
delete_after_days_since_modification_greater_than = null
delete_after_days_since_last_access_time_greater_than = null
delete_after_days_since_creation_greater_than = null
}
snapshot = {
change_tier_to_archive_after_days_since_creation = null
tier_to_archive_after_days_since_last_tier_change_greater_than = null
change_tier_to_cool_after_days_since_creation = null
tier_to_cold_after_days_since_creation_greater_than = null
delete_after_days_since_creation_greater_than = null
}
version = {
change_tier_to_archive_after_days_since_creation = null
tier_to_archive_after_days_since_last_tier_change_greater_than = null
change_tier_to_cool_after_days_since_creation = null
tier_to_cold_after_days_since_creation_greater_than = null
delete_after_days_since_creation = null
}
}
}
}
storage_container = {
name = ""
container_access_type = null
metadata = null
name = ""
container_access_type = null
default_encryption_scope = null
encryption_scope_override_enabled = null
metadata = null
}
storage_share = {
name = ""
Expand All @@ -150,6 +207,10 @@ locals {
for storage_account in keys(var.storage_account) :
storage_account => merge(local.default.storage_account, var.storage_account[storage_account])
}
storage_management_policy_values = {
for storage_management_policy in keys(var.storage_management_policy) :
storage_management_policy => merge(local.default.storage_management_policy, var.storage_management_policy[storage_management_policy])
}
storage_share_values = {
for storage_share in keys(var.storage_share) :
storage_share => merge(local.default.storage_share, var.storage_share[storage_share])
Expand Down Expand Up @@ -215,6 +276,41 @@ locals {
}
)
}
storage_management_policy = {
for storage_management_policy in keys(var.storage_management_policy) :
storage_management_policy => merge(
local.storage_management_policy_values[storage_management_policy],
{
for config in ["rule"] :
config => lookup(var.storage_management_policy[storage_management_policy], config, {}) == {} ? {} : {
for key in keys(local.storage_management_policy_values[storage_management_policy][config]) :
key => merge(
merge(local.default.storage_management_policy[config], local.storage_management_policy_values[storage_management_policy][config][key]),
{
for subconfig in ["filters"] :
subconfig => merge(
merge(local.default.storage_management_policy[config][subconfig], local.storage_management_policy_values[storage_management_policy][config][key][subconfig]),
{
for subsubconfig in ["match_blob_index_tag"] :
subsubconfig => merge(local.default.storage_management_policy[config][subconfig][subsubconfig], lookup(local.storage_management_policy_values[storage_management_policy][config][key][subconfig], subsubconfig, {}))
}
)
},
{
for subconfig in ["actions"] :
subconfig => merge(
merge(local.default.storage_management_policy[config][subconfig], local.storage_management_policy_values[storage_management_policy][config][key][subconfig]),
{
for subsubconfig in ["base_blob", "snapshot", "version"] :
subsubconfig => merge(local.default.storage_management_policy[config][subconfig][subsubconfig], lookup(local.storage_management_policy_values[storage_management_policy][config][key][subconfig], subsubconfig, {}))
}
)
}
)
}
}
)
}
storage_container = {
for storage_container in keys(var.storage_container) :
storage_container => merge(local.default.storage_container, var.storage_container[storage_container])
Expand Down
Loading

0 comments on commit ffbfd53

Please sign in to comment.