Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_data_protection_backup_vault : support soft_delete and retention_duration_in_days properties #24775

Merged
merged 5 commits into from
Feb 20, 2024
Merged

azurerm_data_protection_backup_vault : support soft_delete and retention_duration_in_days properties #24775

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
568c3ed
Merge pull request #24737 from hashicorp/refactor/managed-hsm-to-its-…
tombuildsstuff Feb 2, 2024
ffe010d
update code
sinbai Feb 6, 2024
d008b88
update code
sinbai Feb 6, 2024
8326062
update code
sinbai Feb 8, 2024
6fa3c2f
update code
sinbai Feb 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions internal/services/dataprotection/data_protection_backup_vault_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
package dataprotection

import (
"context"
"fmt"
"log"
"regexp"
Expand Down Expand Up @@ -72,8 +73,35 @@ func resourceDataProtectionBackupVault() *pluginsdk.Resource {

"identity": commonschema.SystemAssignedIdentityOptional(),

"retention_duration_in_days": {
Type: pluginsdk.TypeFloat,
Optional: true,
ValidateFunc: validation.FloatBetween(14, 180),
},

"soft_delete_setting": {
Type: pluginsdk.TypeString,
Optional: true,
Default: backupvaults.SoftDeleteStateOn,
ValidateFunc: validation.StringInSlice(backupvaults.PossibleValuesForSoftDeleteState(), false),
},

"tags": tags.Schema(),
},

CustomizeDiff: pluginsdk.CustomDiffWithAll(
pluginsdk.ForceNewIfChange("soft_delete_setting", func(ctx context.Context, old, new, meta interface{}) bool {
return old.(string) == string(backupvaults.SoftDeleteStateAlwaysOn) && new.(string) != string(backupvaults.SoftDeleteStateAlwaysOn)
}),
pluginsdk.CustomizeDiffShim(func(ctx context.Context, d *pluginsdk.ResourceDiff, v interface{}) error {
state := d.Get("soft_delete_setting").(string)
_, ok := d.GetOk("retention_duration_in_days")
if state == string(backupvaults.SoftDeleteStateOn) && !ok {
return fmt.Errorf("`retention_duration_in_days` is required when the `soft_delete_setting` is `On`")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The way this is implemented will break users as the default is on but retention_duration_in_days hasn't been added to the provider yet. So when people update to this version of the provider, Terraform will error with this message. We should probably default retention_duration_in_days or remove this check.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @mbfrahry thanks a lot. I have updated the code. Could you please take another look?

}
return nil
}),
),
}

// Confirmed with the service team that `SnapshotStore` has been replaced with `OperationalStore`.
Expand Down Expand Up @@ -144,10 +172,20 @@ func resourceDataProtectionBackupVaultCreateUpdate(d *pluginsdk.ResourceData, me
Type: &storageSettingType,
},
},
SecuritySettings: &backupvaults.SecuritySettings{
SoftDeleteSettings: &backupvaults.SoftDeleteSettings{
State: pointer.To(backupvaults.SoftDeleteState(d.Get("soft_delete_setting").(string))),
},
},
},
Identity: expandedIdentity,
Tags: expandTags(d.Get("tags").(map[string]interface{})),
}

if v, ok := d.GetOk("retention_duration_in_days"); ok {
parameters.Properties.SecuritySettings.SoftDeleteSettings.RetentionDurationInDays = pointer.To(v.(float64))
}

err = client.CreateOrUpdateThenPoll(ctx, id, parameters)
if err != nil {
return fmt.Errorf("creating DataProtection BackupVault (%q): %+v", id, err)
Expand Down Expand Up @@ -186,6 +224,12 @@ func resourceDataProtectionBackupVaultRead(d *pluginsdk.ResourceData, meta inter
d.Set("datastore_type", string(pointer.From((props.StorageSettings)[0].DatastoreType)))
d.Set("redundancy", string(pointer.From((props.StorageSettings)[0].Type)))
}
if securitySetting := model.Properties.SecuritySettings; securitySetting != nil {
if softDelete := securitySetting.SoftDeleteSettings; softDelete != nil {
d.Set("soft_delete_setting", string(pointer.From(softDelete.State)))
d.Set("retention_duration_in_days", pointer.From(softDelete.RetentionDurationInDays))
}
}

if err = d.Set("identity", flattenBackupVaultDppIdentityDetails(model.Identity)); err != nil {
return fmt.Errorf("setting `identity`: %+v", err)
Expand Down
36 changes: 35 additions & 1 deletion internal/services/dataprotection/data_protection_backup_vault_resource_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,13 @@ func TestAccDataProtectionBackupVault_update(t *testing.T) {
),
},
data.ImportStep(),
{
Config: r.completeUpdate(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
{
Config: r.basic(data),
Check: acceptance.ComposeTestCheckFunc(
Expand Down Expand Up @@ -167,6 +174,7 @@ resource "azurerm_data_protection_backup_vault" "test" {
location = azurerm_resource_group.test.location
datastore_type = "VaultStore"
redundancy = "LocallyRedundant"
soft_delete_setting = "Off"
}
`, template, data.RandomInteger)
}
Expand All @@ -182,6 +190,7 @@ resource "azurerm_data_protection_backup_vault" "import" {
location = azurerm_data_protection_backup_vault.test.location
datastore_type = azurerm_data_protection_backup_vault.test.datastore_type
redundancy = azurerm_data_protection_backup_vault.test.redundancy
soft_delete_setting = azurerm_data_protection_backup_vault.test.soft_delete_setting
}
`, config)
}
Expand All @@ -200,7 +209,31 @@ resource "azurerm_data_protection_backup_vault" "test" {
identity {
type = "SystemAssigned"
}
soft_delete_setting = "On"
retention_duration_in_days = 14
tags = {
ENV = "Test"
}
}
`, template, data.RandomInteger)
}

func (r DataProtectionBackupVaultResource) completeUpdate(data acceptance.TestData) string {
template := r.template(data)
return fmt.Sprintf(`
%s

resource "azurerm_data_protection_backup_vault" "test" {
name = "acctest-bv-%d"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
datastore_type = "VaultStore"
redundancy = "LocallyRedundant"
identity {
type = "SystemAssigned"
}
soft_delete_setting = "On"
retention_duration_in_days = 15
tags = {
ENV = "Test"
}
Expand All @@ -219,7 +252,7 @@ resource "azurerm_data_protection_backup_vault" "test" {
location = azurerm_resource_group.test.location
datastore_type = "VaultStore"
redundancy = "LocallyRedundant"

soft_delete_setting = "Off"
tags = {
ENV = "Test"
}
Expand All @@ -238,6 +271,7 @@ resource "azurerm_data_protection_backup_vault" "test" {
location = azurerm_resource_group.test.location
datastore_type = "VaultStore"
redundancy = "ZoneRedundant"
soft_delete_setting = "Off"
}
`, template, data.RandomInteger)
}
8 changes: 8 additions & 0 deletions website/docs/r/data_protection_backup_vault.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,14 @@ The following arguments are supported:

* `identity` - (Optional) An `identity` block as defined below.

* `retention_duration_in_days` - (Optional) The soft delete retention duration for this Backup Vault. Possible values are between `14` and `180`.

-> **Note:** The `retention_duration_in_days` is the number of days for which deleted data is retained before being permanently deleted. Retention period till 14 days are free of cost, however, retention beyond 14 days may incur additional charges. The `retention_duration_in_days` is required when the `soft_delete_setting` is set to `On`.

* `soft_delete_setting` - (Optional) The state of soft delete for this Backup Vault. Possible values are `AlwaysOn`, `Off` and `On`. Defaults to `On`.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think setting is redundant? as it is implied?

Suggested change
* `soft_delete_setting` - (Optional) The state of soft delete for this Backup Vault. Possible values are `AlwaysOn`, `Off` and `On`. Defaults to `On`.
* `soft_delete` - (Optional) The state of soft delete for this Backup Vault. Possible values are `AlwaysOn`, `Off` and `On`. Defaults to `On`.

Copy link
Contributor Author

@sinbai sinbai Feb 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@katbyte thanks for your feedback. The code has been updated. Could you please take another look?

Test results: https://hashicorp.teamcity.com/buildConfiguration/TF_AzureRM_AZURERM_SERVICE_PUBLIC_DATAPROTECTION/102824?buildTab=tests

image


-> **Note:** Once the `soft_delete_setting` is set to `AlwaysOn`, the setting cannot be changed.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add a customize diff that forces a new resource to be created when changing this value from true to false

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.


* `tags` - (Optional) A mapping of tags which should be assigned to the Backup Vault.

---
Expand Down
Loading