Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New resource storage management policy and attributes #26

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

New resource storage management policy and attributes #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ffbfd53
feat: Storage account resource now includes all attributes from newes…
habr-mms Jul 19, 2024
23241a7
feat: Examples now include storage management policy
habr-mms Jul 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions examples/apply_main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,47 @@ module "storage" {
ip_rules = ["172.0.0.2"]
virtual_network_subnet_ids = [module.network.subnet["snet-app-mms"].id]
}
blob_properties = {
last_access_time_enabled = true
}
tags = {
project = "mms-github"
environment = terraform.workspace
managed-by = "terraform"
}
}
}
storage_management_policy = {
policy = {
storage_account_id = module.storage.storage_account.stmms.id
rule = {
rule1 = {
filters = {
blob_types = ["blockBlob"]
prefix_match = ["terraform"]
match_blob_index_tag = {
name = "project"
value = "mms-github"
operation = "=="
}
}
actions = {
base_blob = {
tier_to_cool_after_days_since_last_access_time_greater_than = 7
auto_tier_to_hot_from_cool_enabled = true
tier_to_cold_after_days_since_modification_greater_than = 30
}
snapshot = {
tier_to_archive_after_days_since_last_tier_change_greater_than = 60
delete_after_days_since_creation_greater_than = 180
}
version = {
tier_to_cold_after_days_since_creation_greater_than = 30
delete_after_days_since_creation = 90
}
}
}
}
}
}
storage_container = {
Expand Down
36 changes: 36 additions & 0 deletions examples/full_main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,49 @@ module "storage" {
ip_rules = ["172.0.0.2"]
virtual_network_subnet_ids = [module.network.subnet["snet-app-mms"].id]
}
blob_properties = {
last_access_time_enabled = true
}
tags = {
project = "mms-github"
environment = terraform.workspace
managed-by = "terraform"
}
}
}
storage_management_policy = {
policy = {
storage_account_id = module.storage.storage_account.stmms.id
rule = {
rule1 = {
filters = {
blob_types = ["blockBlob"]
prefix_match = ["terraform"]
match_blob_index_tag = {
name = "project"
value = "mms-github"
operation = "=="
}
}
actions = {
base_blob = {
tier_to_cool_after_days_since_last_access_time_greater_than = 7
auto_tier_to_hot_from_cool_enabled = true
tier_to_cold_after_days_since_modification_greater_than = 30
}
snapshot = {
tier_to_archive_after_days_since_last_tier_change_greater_than = 60
delete_after_days_since_creation_greater_than = 180
}
version = {
tier_to_cold_after_days_since_creation_greater_than = 30
delete_after_days_since_creation = 90
}
}
}
}
}
}
storage_container = {
terraform = {
storage_account_name = module.storage.storage_account["stmms"].name
Expand Down
17 changes: 17 additions & 0 deletions examples/min_main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,23 @@ module "storage" {
resource_group_name = "rg-mms-github"
}
}
storage_management_policy = {
policy = {
storage_account_id = module.storage.storage_account.stmms.id
rule = {
rule1 = {
filters = {
blob_types = ["blockBlob"]
}
actions = {
base_blob = {
delete_after_days_since_modification_greater_than = 7
}
}
}
}
}
}
storage_container = {
terraform = {
storage_account_name = module.storage.storage_account["stmms"].name
Expand Down
95 changes: 89 additions & 6 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,13 @@ resource "azurerm_storage_account" "storage_account" {
is_hns_enabled = local.storage_account[each.key].is_hns_enabled
nfsv3_enabled = local.storage_account[each.key].nfsv3_enabled
large_file_share_enabled = local.storage_account[each.key].large_file_share_enabled
local_user_enabled = local.storage_account[each.key].local_user_enabled
queue_encryption_key_type = local.storage_account[each.key].queue_encryption_key_type
table_encryption_key_type = local.storage_account[each.key].table_encryption_key_type
infrastructure_encryption_enabled = local.storage_account[each.key].infrastructure_encryption_enabled
allowed_copy_scope = local.storage_account[each.key].allowed_copy_scope
sftp_enabled = local.storage_account[each.key].sftp_enabled
dns_endpoint_type = local.storage_account[each.key].dns_endpoint_type

dynamic "custom_domain" {
for_each = length(compact(values(local.storage_account[each.key].custom_domain))) > 0 ? [0] : []
Expand All @@ -43,10 +45,11 @@ resource "azurerm_storage_account" "storage_account" {
}

dynamic "customer_managed_key" {
for_each = local.storage_account[each.key].customer_managed_key == {} ? [] : [0]
for_each = length(compact(values(local.storage_account[each.key].customer_managed_key))) > 0 ? [0] : []

content {
key_vault_key_id = local.storage_account[each.key].customer_managed_key.key_vault_key_id
managed_hsm_key_id = local.storage_account[each.key].customer_managed_key.managed_hsm_key_id
user_assigned_identity_id = local.storage_account[each.key].customer_managed_key.user_assigned_identity_id
}
}
Expand Down Expand Up @@ -86,7 +89,8 @@ resource "azurerm_storage_account" "storage_account" {
for_each = local.storage_account[each.key].blob_properties.delete_retention_policy == {} ? [] : [0]

content {
days = local.storage_account[each.key].blob_properties.delete_retention_policy.days
days = local.storage_account[each.key].blob_properties.delete_retention_policy.days
permanent_delete_enabled = local.storage_account[each.key].blob_properties.delete_retention_policy.permanent_delete_enabled
}
}

Expand Down Expand Up @@ -280,13 +284,92 @@ resource "azurerm_storage_account" "storage_account" {
tags = local.storage_account[each.key].tags
}

resource "azurerm_storage_management_policy" "storage_management_policy" {
for_each = var.storage_management_policy

storage_account_id = local.storage_management_policy[each.key].storage_account_id

dynamic "rule" {
for_each = local.storage_management_policy[each.key].rule

content {
name = local.storage_management_policy[each.key].rule[rule.key].name == "" ? rule.key : local.storage_management_policy[each.key].rule[rule.key].name
enabled = local.storage_management_policy[each.key].rule[rule.key].enabled

filters {
blob_types = local.storage_management_policy[each.key].rule[rule.key].filters.blob_types
prefix_match = local.storage_management_policy[each.key].rule[rule.key].filters.prefix_match

dynamic "match_blob_index_tag" {
for_each = length(compact(values(local.storage_management_policy[each.key].rule[rule.key].filters.match_blob_index_tag))) > 0 ? [0] : []

content {
name = local.storage_management_policy[each.key].rule[rule.key].filters.match_blob_index_tag.name
value = local.storage_management_policy[each.key].rule[rule.key].filters.match_blob_index_tag.value
operation = local.storage_management_policy[each.key].rule[rule.key].filters.match_blob_index_tag.operation
}
}
}

actions {
dynamic "base_blob" {
for_each = length(compact(values(local.storage_management_policy[each.key].rule[rule.key].actions.base_blob))) > 0 ? [0] : []

content {
tier_to_cool_after_days_since_modification_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_cool_after_days_since_modification_greater_than
tier_to_cool_after_days_since_last_access_time_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_cool_after_days_since_last_access_time_greater_than
tier_to_cool_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_cool_after_days_since_creation_greater_than
auto_tier_to_hot_from_cool_enabled = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.auto_tier_to_hot_from_cool_enabled
tier_to_archive_after_days_since_modification_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_archive_after_days_since_modification_greater_than
tier_to_archive_after_days_since_last_access_time_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_archive_after_days_since_last_access_time_greater_than
tier_to_archive_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_archive_after_days_since_creation_greater_than
tier_to_archive_after_days_since_last_tier_change_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_archive_after_days_since_last_tier_change_greater_than
tier_to_cold_after_days_since_modification_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_cold_after_days_since_modification_greater_than
tier_to_cold_after_days_since_last_access_time_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_cold_after_days_since_last_access_time_greater_than
tier_to_cold_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.tier_to_cold_after_days_since_creation_greater_than
delete_after_days_since_modification_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.delete_after_days_since_modification_greater_than
delete_after_days_since_last_access_time_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.delete_after_days_since_last_access_time_greater_than
delete_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.base_blob.delete_after_days_since_creation_greater_than
}
}

dynamic "snapshot" {
for_each = length(compact(values(local.storage_management_policy[each.key].rule[rule.key].actions.snapshot))) > 0 ? [0] : []

content {
change_tier_to_archive_after_days_since_creation = local.storage_management_policy[each.key].rule[rule.key].actions.snapshot.change_tier_to_archive_after_days_since_creation
tier_to_archive_after_days_since_last_tier_change_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.snapshot.tier_to_archive_after_days_since_last_tier_change_greater_than
change_tier_to_cool_after_days_since_creation = local.storage_management_policy[each.key].rule[rule.key].actions.snapshot.change_tier_to_cool_after_days_since_creation
tier_to_cold_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.snapshot.tier_to_cold_after_days_since_creation_greater_than
delete_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.snapshot.delete_after_days_since_creation_greater_than
}
}

dynamic "version" {
for_each = length(compact(values(local.storage_management_policy[each.key].rule[rule.key].actions.version))) > 0 ? [0] : []

content {
change_tier_to_archive_after_days_since_creation = local.storage_management_policy[each.key].rule[rule.key].actions.version.change_tier_to_archive_after_days_since_creation
tier_to_archive_after_days_since_last_tier_change_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.version.tier_to_archive_after_days_since_last_tier_change_greater_than
change_tier_to_cool_after_days_since_creation = local.storage_management_policy[each.key].rule[rule.key].actions.version.change_tier_to_cool_after_days_since_creation
tier_to_cold_after_days_since_creation_greater_than = local.storage_management_policy[each.key].rule[rule.key].actions.version.tier_to_cold_after_days_since_creation_greater_than
delete_after_days_since_creation = local.storage_management_policy[each.key].rule[rule.key].actions.version.delete_after_days_since_creation
}
}
}
}
}
}

resource "azurerm_storage_container" "storage_container" {
for_each = var.storage_container

name = local.storage_container[each.key].name == "" ? each.key : local.storage_container[each.key].name
storage_account_name = local.storage_container[each.key].storage_account_name
container_access_type = local.storage_container[each.key].container_access_type
metadata = local.storage_container[each.key].metadata
name = local.storage_container[each.key].name == "" ? each.key : local.storage_container[each.key].name
storage_account_name = local.storage_container[each.key].storage_account_name
container_access_type = local.storage_container[each.key].container_access_type
default_encryption_scope = local.storage_container[each.key].default_encryption_scope
encryption_scope_override_enabled = local.storage_container[each.key].encryption_scope_override_enabled
metadata = local.storage_container[each.key].metadata
}

resource "azurerm_storage_share" "storage_share" {
Expand Down
45 changes: 45 additions & 0 deletions outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,17 @@ output "storage_account" {
}
}

output "storage_management_policy" {
description = "Outputs all attributes of resource_type."
value = {
for storage_management_policy in keys(azurerm_storage_management_policy.storage_management_policy) :
storage_management_policy => {
for key, value in azurerm_storage_management_policy.storage_management_policy[storage_management_policy] :
key => value
}
}
}

output "storage_container" {
description = "Outputs all attributes of resource_type."
value = {
Expand Down Expand Up @@ -54,6 +65,10 @@ output "variables" {
for key in keys(var.storage_account) :
key => local.storage_account[key]
}
storage_management_policy = {
for key in keys(var.storage_management_policy) :
key => local.storage_management_policy[key]
}
storage_container = {
for key in keys(var.storage_container) :
key => local.storage_container[key]
Expand All @@ -67,11 +82,41 @@ output "variables" {
key => local.storage_share_directory[key]
}
}
values = {
storage_account = {
for key in keys(var.storage_account) :
key => local.storage_account_values[key]
}
storage_management_policy = {
for key in keys(var.storage_management_policy) :
key => local.storage_management_policy_values[key]
}
storage_share = {
for key in keys(var.storage_share) :
key => local.storage_share_values[key]
}
}
variable = {
storage_account = {
for key in keys(var.storage_account) :
key => var.storage_account[key]
}
storage_management_policy = {
for key in keys(var.storage_management_policy) :
key => var.storage_management_policy[key]
}
storage_container = {
for key in keys(var.storage_container) :
key => var.storage_container[key]
}
storage_share = {
for key in keys(var.storage_share) :
key => var.storage_share[key]
}
storage_share_directory = {
for key in keys(var.storage_share_directory) :
key => var.storage_share_directory[key]
}
}
}
}
Loading
Loading