Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added versioning enabled argument #11

Merged
merged 2 commits into from
Mar 24, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions _example/default_storage/example.tf
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ module "log-analytics" {

## Storage Account
module "storage" {
depends_on = [module.resource_group]
source = "../.."
default_enabled = true
resource_group_name = module.resource_group.resource_group_name
Expand All @@ -41,8 +40,9 @@ module "storage" {
account_tier = "Standard"
account_replication_type = "GRS"
enable_https_traffic_only = true
is_hns_enabled = true
sftp_enabled = true
is_hns_enabled = false
sftp_enabled = false
versioning_enabled = true

network_rules = [
{
Expand All @@ -59,6 +59,7 @@ module "storage" {
## Storage Container
containers_list = [
{ name = "app-test", access_type = "private" },
{ name = "app2", access_type = "private" },
]

## Storage File Share
Expand All @@ -72,6 +73,7 @@ module "storage" {
## Storage Queues
queues = ["queue1"]

management_policy_enable = true
management_policy = [
{
prefix_match = ["app-test/folder_path"]
Expand Down
20 changes: 10 additions & 10 deletions _example/storage_with_cmk/example.tf
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,6 @@ module "vault" {

## Storage Account
module "storage" {
depends_on = [module.resource_group]
source = "../.."
name = "app"
environment = "test"
Expand All @@ -88,8 +87,9 @@ module "storage" {
object_id = ["71d1XXXXXXXXXXXXXXXXX7c97", "a9379eXXXXXXXXXXXXXXXa0ad6"]
account_replication_type = "ZRS"
enable_https_traffic_only = true
is_hns_enabled = true
sftp_enabled = true
is_hns_enabled = false
sftp_enabled = false
versioning_enabled = true
#### when CMK encryption enable required key-vault id
###customer_managed_key can only be set when the account_kind is set to StorageV2 or account_tier set to Premium, and the identity type is UserAssigned.
cmk_encryption_enabled = true
Expand All @@ -99,7 +99,7 @@ module "storage" {

network_rules = [
{
default_action = "Deny"
default_action = "Allow"
ip_rules = ["0.0.0.0/0"]
bypass = ["AzureServices"]
}
Expand All @@ -114,6 +114,7 @@ module "storage" {
{ name = "app-test", access_type = "private" },
]

management_policy_enable = false
management_policy = [
{
prefix_match = ["app-test/folder_path"]
Expand All @@ -124,13 +125,12 @@ module "storage" {
}
]

#enable private endpoint
# enabled_private_endpoint = true
# subnet_id = ""
# virtual_network_id = ""
enable_private_endpoint = true
subnet_id = module.vnet.vnet_subnets[0]
virtual_network_id = module.vnet.vnet_id[0]

enable_diagnostic = true
log_analytics_workspace_id = module.log-analytics.workspace_id
enable_diagnostic = false
log_analytics_workspace_id = ""
metrics = ["Transaction", "Capacity"]
metrics_enabled = [true, false]

Expand Down
53 changes: 44 additions & 9 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ resource "azurerm_storage_account" "storage" {
delete_retention_policy {
days = var.soft_delete_retention
}
versioning_enabled = var.versioning_enabled
last_access_time_enabled = var.last_access_time_enabled
}
dynamic "identity" {
for_each = var.identity_type != null ? [1] : []
Expand Down Expand Up @@ -76,6 +78,8 @@ resource "azurerm_storage_account" "default_storage" {
delete_retention_policy {
days = var.soft_delete_retention
}
versioning_enabled = var.versioning_enabled
last_access_time_enabled = var.last_access_time_enabled
}

}
Expand Down Expand Up @@ -184,7 +188,7 @@ resource "azurerm_storage_queue" "queues" {

## Management Policies
resource "azurerm_storage_management_policy" "lifecycle_management" {
count = length(var.management_policy) == 0 ? 0 : 1
count = var.management_policy_enable ? length(var.management_policy) : 0
storage_account_id = var.cmk_encryption_enabled ? join("", azurerm_storage_account.storage.*.id) : join("", azurerm_storage_account.default_storage.*.id)

dynamic "rule" {
Expand All @@ -211,15 +215,21 @@ resource "azurerm_storage_management_policy" "lifecycle_management" {
}
}

provider "azurerm" {
alias = "peer"
features {}
subscription_id = var.alias_sub
}

resource "azurerm_private_endpoint" "pep" {
count = var.enable_private_endpoint ? 1 : 0
name = format("%s-pe-kv", module.labels.id)
name = format("%s-pe-storage", module.labels.id)
location = local.location
resource_group_name = local.resource_group_name
subnet_id = var.subnet_id
tags = module.labels.tags
private_service_connection {
name = format("%s-psc-kv", module.labels.id)
name = format("%s-psc-storage", module.labels.id)
is_manual_connection = false
private_connection_resource_id = var.cmk_encryption_enabled ? join("", azurerm_storage_account.storage.*.id) : join("", azurerm_storage_account.default_storage.*.id)
subresource_names = ["blob"]
Expand Down Expand Up @@ -261,8 +271,18 @@ resource "azurerm_private_dns_zone" "dnszone" {
}

resource "azurerm_private_dns_zone_virtual_network_link" "vent-link" {
count = var.enabled && var.enable_private_endpoint ? 1 : 0
name = var.existing_private_dns_zone == null ? format("%s-pdz-vnet-link-kv", module.labels.id) : format("%s-pdz-vnet-link-kv-1", module.labels.id)
count = var.enabled && var.enable_private_endpoint && var.diff_sub == false ? 1 : 0
name = var.existing_private_dns_zone == null ? format("%s-pdz-vnet-link-storage", module.labels.id) : format("%s-pdz-vnet-link-storage-1", module.labels.id)
resource_group_name = local.valid_rg_name
private_dns_zone_name = local.private_dns_zone_name
virtual_network_id = var.virtual_network_id
tags = module.labels.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "vent-link-1" {
provider = azurerm.peer
count = var.enabled && var.enable_private_endpoint && var.diff_sub == true ? 1 : 0
name = var.existing_private_dns_zone == null ? format("%s-pdz-vnet-link-storage", module.labels.id) : format("%s-pdz-vnet-link-storage-1", module.labels.id)
resource_group_name = local.valid_rg_name
private_dns_zone_name = local.private_dns_zone_name
virtual_network_id = var.virtual_network_id
Expand All @@ -271,15 +291,30 @@ resource "azurerm_private_dns_zone_virtual_network_link" "vent-link" {

resource "azurerm_private_dns_zone_virtual_network_link" "addon_vent_link" {
count = var.enabled && var.addon_vent_link ? 1 : 0
name = format("%s-pdz-vnet-link-kv-addon", module.labels.id)
name = format("%s-pdz-vnet-link-storage-addon", module.labels.id)
resource_group_name = var.addon_resource_group_name
private_dns_zone_name = var.existing_private_dns_zone == null ? join("", azurerm_private_dns_zone.dnszone.*.name) : var.existing_private_dns_zone
virtual_network_id = var.addon_virtual_network_id
tags = module.labels.tags
}

resource "azurerm_private_dns_a_record" "arecord" {
count = var.enabled && var.enable_private_endpoint ? 1 : 0
count = var.enabled && var.enable_private_endpoint && var.diff_sub == false ? 1 : 0
name = var.cmk_encryption_enabled ? join("", azurerm_storage_account.storage.*.name) : join("", azurerm_storage_account.default_storage.*.name)
zone_name = local.private_dns_zone_name
resource_group_name = local.valid_rg_name
ttl = 3600
records = var.cmk_encryption_enabled ? [data.azurerm_private_endpoint_connection.private-ip-0.0.private_service_connection.0.private_ip_address] : [data.azurerm_private_endpoint_connection.private-ip-1.0.private_service_connection.0.private_ip_address]
tags = module.labels.tags
lifecycle {
ignore_changes = [
tags,
]
}
}
resource "azurerm_private_dns_a_record" "arecord1" {
count = var.enabled && var.enable_private_endpoint && var.diff_sub == true ? 1 : 0
provider = azurerm.peer
name = var.cmk_encryption_enabled ? join("", azurerm_storage_account.storage.*.name) : join("", azurerm_storage_account.default_storage.*.name)
zone_name = local.private_dns_zone_name
resource_group_name = local.valid_rg_name
Expand Down Expand Up @@ -317,7 +352,7 @@ resource "azurerm_monitor_diagnostic_setting" "storage" {
}

resource "azurerm_monitor_diagnostic_setting" "datastorage" {
count = length(var.datastorages)
count = var.enable_diagnostic ? length(var.datastorages) : 0
name = format("%s-diagnostic-log", var.datastorages[count.index])
target_resource_id = var.default_enabled ? "${azurerm_storage_account.default_storage[0].id}/${var.datastorages[count.index]}Services/default" : "${azurerm_storage_account.storage[0].id}/${var.datastorages[count.index]}Services/default" # "${azurerm_storage_account.core.id}/blobServices/default/"
storage_account_id = var.storage_account_id
Expand Down Expand Up @@ -349,4 +384,4 @@ resource "azurerm_monitor_diagnostic_setting" "datastorage" {
}
}

}
}
34 changes: 33 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,18 @@ variable "addon_virtual_network_id" {
description = "The name of the addon vnet link vnet id"
}

variable "versioning_enabled" {
type = bool
default = false
description = "Is versioning enabled? Default to false."
}

variable "last_access_time_enabled" {
type = bool
default = false
description = "(Optional) Is the last access time based tracking enabled? Default to true."
}

# Diagnosis Settings Enable

variable "enable_diagnostic" {
Expand Down Expand Up @@ -350,4 +362,24 @@ variable "logs_enabled" {
variable "datastorages" {
type = list(string)
default = null
}
}

variable "alias_sub" {
type = string
default = null
}

variable "diff_sub" {
type = bool
default = false
description = "The name of the addon vnet "
}

variable "alias" {
type = string
default = null
}
variable "management_policy_enable" {
type = bool
default = false
}