hashicorp · katbyte · May 17, 2023 · May 8, 2023
@@ -143,6 +143,27 @@ func resourceRecoveryServicesVault() *pluginsdk.Resource {
 				Default:  true,
 			},
 
+			"monitoring": {
+				Type:     pluginsdk.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &pluginsdk.Resource{
+					Schema: map[string]*pluginsdk.Schema{
+						"alerts_for_all_job_failures_enabled": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+							Default:  true,
+						},
+
+						"alerts_for_critical_operation_failures_enabled": {
+							Type:     pluginsdk.TypeBool,
+							Optional: true,
+							Default:  true,
+						},
+					},
+				},
+			},
+
 			"classic_vmware_replication_enabled": {
 				Type:     pluginsdk.TypeBool,
 				Optional: true,
@@ -217,6 +238,7 @@ func resourceRecoveryServicesVaultCreate(d *pluginsdk.ResourceData, meta interfa
 		},
 		Properties: &vaults.VaultProperties{
 			PublicNetworkAccess: expandRecoveryServicesVaultPublicNetworkAccess(d.Get("public_network_access_enabled").(bool)),
+			MonitoringSettings:  expandRecoveryServicesVaultMonitorSettings(d.Get("monitoring").([]interface{})),
 		},
 	}
 
@@ -484,6 +506,7 @@ func resourceRecoveryServicesVaultUpdate(d *pluginsdk.ResourceData, meta interfa
 			},
 			Properties: &vaults.VaultProperties{
 				PublicNetworkAccess: expandRecoveryServicesVaultPublicNetworkAccess(d.Get("public_network_access_enabled").(bool)), // It's required to call CreateOrUpdate.
+				MonitoringSettings:  expandRecoveryServicesVaultMonitorSettings(d.Get("monitoring").([]interface{})),
 			},
 		}
 
@@ -505,6 +528,10 @@ func resourceRecoveryServicesVaultUpdate(d *pluginsdk.ResourceData, meta interfa
 		vault.Properties.PublicNetworkAccess = expandRecoveryServicesVaultPublicNetworkAccess(d.Get("public_network_access_enabled").(bool))
 	}
 
+	if d.HasChanges("monitoring") {
+		vault.Properties.MonitoringSettings = expandRecoveryServicesVaultMonitorSettings(d.Get("monitoring").([]interface{}))
+	}
+
 	if d.HasChange("identity") {
 		vault.Identity = expandedIdentity
 	}
@@ -622,6 +649,10 @@ func resourceRecoveryServicesVaultRead(d *pluginsdk.ResourceData, meta interface
 		d.Set("public_network_access_enabled", flattenRecoveryServicesVaultPublicNetworkAccess(model.Properties.PublicNetworkAccess))
 	}
 
+	if model.Properties != nil && model.Properties.MonitoringSettings != nil {
+		d.Set("monitoring", flattenRecoveryServicesVaultMonitorSettings(*model.Properties.MonitoringSettings))
+	}
+
 	cfg, err := cfgsClient.Get(ctx, cfgId)
 	if err != nil {
 		return fmt.Errorf("retrieving %s: %+v", cfgId, err)
@@ -805,6 +836,52 @@ func flattenRecoveryServicesVaultPublicNetworkAccess(input *vaults.PublicNetwork
 	return *input == vaults.PublicNetworkAccessEnabled
 }
 
+func expandRecoveryServicesVaultMonitorSettings(input []interface{}) *vaults.MonitoringSettings {
+	if len(input) == 0 {
+		return nil
+	}
+
+	v := input[0].(map[string]interface{})
+
+	allJobAlert := vaults.AlertsStateDisabled
+	if v["alerts_for_all_job_failures_enabled"].(bool) {
+		allJobAlert = vaults.AlertsStateEnabled
+	}
+
+	criticalOperation := vaults.AlertsStateDisabled
+	if v["alerts_for_critical_operation_failures_enabled"].(bool) {
+		criticalOperation = vaults.AlertsStateEnabled
+	}
+
+	return pointer.To(vaults.MonitoringSettings{
+		AzureMonitorAlertSettings: pointer.To(vaults.AzureMonitorAlertSettings{
+			AlertsForAllJobFailures: pointer.To(allJobAlert),
+		}),
+		ClassicAlertSettings: pointer.To(vaults.ClassicAlertSettings{
+			AlertsForCriticalOperations: pointer.To(criticalOperation),
+		}),
+	})
+}
+
+func flattenRecoveryServicesVaultMonitorSettings(input vaults.MonitoringSettings) []interface{} {
+	allJobAlert := false
+	if input.AzureMonitorAlertSettings != nil && input.AzureMonitorAlertSettings.AlertsForAllJobFailures != nil {
+		allJobAlert = *input.AzureMonitorAlertSettings.AlertsForAllJobFailures == vaults.AlertsStateEnabled
+	}
+
+	criticalAlert := false
+	if input.ClassicAlertSettings != nil && input.ClassicAlertSettings.AlertsForCriticalOperations != nil {
+		criticalAlert = *input.ClassicAlertSettings.AlertsForCriticalOperations == vaults.AlertsStateEnabled
+	}
+
+	return []interface{}{
+		map[string]interface{}{
+			"alerts_for_all_job_failures_enabled":            allJobAlert,
+			"alerts_for_critical_operation_failures_enabled": criticalAlert,
+		},
+	}
+}
+
 func resourceRecoveryServicesVaultSoftDeleteRefreshFunc(ctx context.Context, cfgsClient *backupresourcevaultconfigs.BackupResourceVaultConfigsClient, id backupresourcevaultconfigs.VaultId) pluginsdk.StateRefreshFunc {
 	return func() (interface{}, string, error) {
 		resp, err := cfgsClient.Get(ctx, id)

@@ -504,6 +504,21 @@ func TestAccRecoveryServicesVault_basicWithClassicVmwareReplicateEnabled(t *test
 	})
 }
 
+func TestAccRecoveryServicesVault_basicWithMonitorDisabled(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_recovery_services_vault", "test")
+	r := RecoveryServicesVaultResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.basicWithMonitor(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func (RecoveryServicesVaultResource) basic(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {
@@ -689,6 +704,33 @@ resource "azurerm_recovery_services_vault" "test" {
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, immutability)
 }
 
+func (RecoveryServicesVaultResource) basicWithMonitor(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-recovery-%d"
+  location = "%s"
+}
+
+resource "azurerm_recovery_services_vault" "test" {
+  name                = "acctest-Vault-%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  sku                 = "Standard"
+
+  monitoring {
+    alerts_for_all_job_failures_enabled            = false
+    alerts_for_critical_operation_failures_enabled = false
+  }
+
+  soft_delete_enabled = false
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
+}
+
 func (RecoveryServicesVaultResource) complete(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {

@@ -62,6 +62,8 @@ The following arguments are supported:
 
 * `classic_vmware_replication_enabled` - (Optional) Whether to enable the Classic experience for VMware replication. If set to `false` VMware machines will be protected using the new stateless ASR replication appliance. Changing this forces a new resource to be created.
 
+* `monitoring` - (Optional) A `monitoring` block as defined below.
+
 ---
 
 An `identity` block supports the following:
@@ -90,6 +92,14 @@ An `encryption` block supports the following:
 
 ---
 
+A `monitoring` block supports the following:
+
+* `alerts_for_all_job_failures_enabled` - (Optional) Enabling/Disabling built-in Azure Monitor alerts for security scenarios and job failure scenarios. Defaults to `true`.
+
+* `alerts_for_critical_operation_failures_enabled` - (Optional) Enabling/Disabling alerts from the older (classic alerts) solution. Defaults to `true`. More details could be found [here](https://learn.microsoft.com/en-us/azure/backup/monitoring-and-alerts-overview).
+
+---
+
 ## Attributes Reference
 
 In addition to the Arguments listed above - the following Attributes are exported: