Skip to content

Commit f9cc333

Browse files
MacMur85MacMur85
committed
feat: storage account data protection options configuration with variables validation in templates repository
1 parent 091ffeb commit f9cc333

16 files changed

Lines changed: 145 additions & 20 deletions

infrastructure/tf-audit/environments/development.tfvars

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,11 @@ storage_accounts = {
4141
replication_type = "LRS"
4242
public_network_access_enabled = false
4343
blob_properties_delete_retention_policy = 7
44+
blob_properties_restore_policy_days = 6
4445
blob_properties_versioning_enabled = true
46+
blob_properties_change_feed_enabled = true
47+
container_delete_retention_policy_days = 7
48+
share_properties_retention_policy_days = 7
4549
containers = {
4650
vulnerability-assessment = {
4751
container_name = "vulnerability-assessment"
@@ -55,7 +59,11 @@ storage_accounts = {
5559
replication_type = "LRS"
5660
public_network_access_enabled = false
5761
blob_properties_delete_retention_policy = 28
62+
blob_properties_restore_policy_days = 27
5863
blob_properties_versioning_enabled = true
64+
blob_properties_change_feed_enabled = true
65+
container_delete_retention_policy_days = 28
66+
share_properties_retention_policy_days = 28
5967
access_tier = "Cold"
6068
containers = {
6169
sql-backups-immutable = {

infrastructure/tf-audit/environments/integration.tfvars

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,11 @@ storage_accounts = {
5353
replication_type = "LRS"
5454
public_network_access_enabled = false
5555
blob_properties_delete_retention_policy = 7
56+
blob_properties_restore_policy_days = 6
5657
blob_properties_versioning_enabled = true
58+
blob_properties_change_feed_enabled = true
59+
container_delete_retention_policy_days = 7
60+
share_properties_retention_policy_days = 7
5761
containers = {
5862
vulnerability-assessment = {
5963
container_name = "vulnerability-assessment"
@@ -67,7 +71,11 @@ storage_accounts = {
6771
replication_type = "LRS"
6872
public_network_access_enabled = false
6973
blob_properties_delete_retention_policy = 7
74+
blob_properties_restore_policy_days = 6
7075
blob_properties_versioning_enabled = true
76+
blob_properties_change_feed_enabled = true
77+
container_delete_retention_policy_days = 7
78+
share_properties_retention_policy_days = 7
7179
access_tier = "Cold"
7280
containers = {
7381
sql-backups-immutable = {

infrastructure/tf-audit/environments/nft.tfvars

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,11 @@ storage_accounts = {
4545
replication_type = "LRS"
4646
public_network_access_enabled = false
4747
blob_properties_delete_retention_policy = 7
48+
blob_properties_restore_policy_days = 6
4849
blob_properties_versioning_enabled = true
50+
blob_properties_change_feed_enabled = true
51+
container_delete_retention_policy_days = 7
52+
share_properties_retention_policy_days = 7
4953
containers = {
5054
vulnerability-assessment = {
5155
container_name = "vulnerability-assessment"
@@ -59,7 +63,11 @@ storage_accounts = {
5963
replication_type = "LRS"
6064
public_network_access_enabled = false
6165
blob_properties_delete_retention_policy = 7
66+
blob_properties_restore_policy_days = 6
6267
blob_properties_versioning_enabled = true
68+
blob_properties_change_feed_enabled = true
69+
container_delete_retention_policy_days = 7
70+
share_properties_retention_policy_days = 7
6371
access_tier = "Cold"
6472
containers = {
6573
sql-backups-immutable = {

infrastructure/tf-audit/environments/preprod.tfvars

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,11 @@ storage_accounts = {
7171
replication_type = "LRS"
7272
public_network_access_enabled = false
7373
blob_properties_delete_retention_policy = 7
74+
blob_properties_restore_policy_days = 6
7475
blob_properties_versioning_enabled = true
76+
blob_properties_change_feed_enabled = true
77+
container_delete_retention_policy_days = 7
78+
share_properties_retention_policy_days = 7
7579
containers = {
7680
vulnerability-assessment = {
7781
container_name = "vulnerability-assessment"
@@ -85,7 +89,11 @@ storage_accounts = {
8589
replication_type = "LRS"
8690
public_network_access_enabled = false
8791
blob_properties_delete_retention_policy = 7
92+
blob_properties_restore_policy_days = 6
8893
blob_properties_versioning_enabled = true
94+
blob_properties_change_feed_enabled = true
95+
container_delete_retention_policy_days = 7
96+
share_properties_retention_policy_days = 7
8997
access_tier = "Cold"
9098
containers = {
9199
sql-backups-immutable = {

infrastructure/tf-audit/environments/production.tfvars

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,11 @@ storage_accounts = {
6464
replication_type = "LRS"
6565
public_network_access_enabled = false
6666
blob_properties_delete_retention_policy = 7
67+
blob_properties_restore_policy_days = 6
6768
blob_properties_versioning_enabled = true
69+
blob_properties_change_feed_enabled = true
70+
container_delete_retention_policy_days = 7
71+
share_properties_retention_policy_days = 7
6872
containers = {
6973
vulnerability-assessment = {
7074
container_name = "vulnerability-assessment"
@@ -78,7 +82,11 @@ storage_accounts = {
7882
replication_type = "GRS"
7983
public_network_access_enabled = false
8084
blob_properties_delete_retention_policy = 28
85+
blob_properties_restore_policy_days = 6
8186
blob_properties_versioning_enabled = true
87+
blob_properties_change_feed_enabled = true
88+
container_delete_retention_policy_days = 7
89+
share_properties_retention_policy_days = 7
8290
access_tier = "Cold"
8391
containers = {
8492
sql-backups-immutable = {

infrastructure/tf-audit/environments/sandbox.tfvars

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,11 @@ storage_accounts = {
4646
replication_type = "LRS"
4747
public_network_access_enabled = false
4848
blob_properties_delete_retention_policy = 7
49+
blob_properties_restore_policy_days = 6
4950
blob_properties_versioning_enabled = true
51+
blob_properties_change_feed_enabled = false
52+
container_delete_retention_policy_days = 7
53+
share_properties_retention_policy_days = 7
5054
containers = {
5155
vulnerability-assessment = {
5256
container_name = "vulnerability-assessment"
@@ -60,7 +64,11 @@ storage_accounts = {
6064
replication_type = "LRS"
6165
public_network_access_enabled = false
6266
blob_properties_delete_retention_policy = 7
67+
blob_properties_restore_policy_days = null
6368
blob_properties_versioning_enabled = true
69+
blob_properties_change_feed_enabled = false
70+
container_delete_retention_policy_days = 7
71+
share_properties_retention_policy_days = 7
6472
access_tier = "Cold"
6573
containers = {
6674
sql-backups-immutable = {

infrastructure/tf-audit/storage.tf

Lines changed: 17 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,11 @@ module "storage" {
1919
public_network_access_enabled = each.value.public_network_access_enabled
2020
access_tier = title(lower(each.value.access_tier))
2121

22+
container_delete_retention_policy_days = each.value.container_delete_retention_policy_days
23+
blob_properties_change_feed_enabled = each.value.blob_properties_change_feed_enabled
24+
blob_properties_restore_policy_days = each.value.blob_properties_restore_policy_days
25+
share_properties_retention_policy_days = each.value.share_properties_retention_policy_days
26+
2227
rbac_roles = []
2328

2429
# Private Endpoint Configuration if enabled
@@ -43,14 +48,18 @@ locals {
4348
storage_accounts_flatlist = flatten([
4449
for region_key, region_val in var.regions : [
4550
for storage_key, storage_val in var.storage_accounts : {
46-
name = "${storage_key}-${region_key}"
47-
region_key = region_key
48-
name_suffix = storage_val.name_suffix
49-
replication_type = storage_val.replication_type
50-
account_tier = storage_val.account_tier
51-
public_network_access_enabled = storage_val.public_network_access_enabled
52-
access_tier = storage_val.access_tier
53-
containers = storage_val.containers
51+
name = "${storage_key}-${region_key}"
52+
region_key = region_key
53+
name_suffix = storage_val.name_suffix
54+
replication_type = storage_val.replication_type
55+
account_tier = storage_val.account_tier
56+
public_network_access_enabled = storage_val.public_network_access_enabled
57+
access_tier = storage_val.access_tier
58+
containers = storage_val.containers
59+
container_delete_retention_policy_days = storage_val.container_delete_retention_policy_days
60+
blob_properties_change_feed_enabled = storage_val.blob_properties_change_feed_enabled
61+
blob_properties_restore_policy_days = storage_val.blob_properties_restore_policy_days
62+
share_properties_retention_policy_days = storage_val.share_properties_retention_policy_days
5463
}
5564
]
5665
])

infrastructure/tf-audit/variables.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,11 @@ variable "storage_accounts" {
111111
replication_type = optional(string, "LRS")
112112
public_network_access_enabled = optional(bool, false)
113113
access_tier = optional(string, "Hot")
114+
container_delete_retention_policy_days = optional(number, 7)
115+
blob_properties_change_feed_enabled = optional(bool, false)
116+
blob_properties_restore_policy_days = optional(number)
117+
blob_properties_delete_retention_policy = optional(number, 7)
118+
share_properties_retention_policy_days = optional(number)
114119
containers = optional(map(object({
115120
container_name = string
116121
container_access_type = optional(string, "private")
@@ -122,6 +127,7 @@ variable "storage_accounts" {
122127
}), null)
123128
})), {})
124129
}))
130+
125131
}
126132

127133
variable "tags" {

infrastructure/tf-core/environments/development.tfvars

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1338,7 +1338,11 @@ storage_accounts = {
13381338
replication_type = "LRS"
13391339
public_network_access_enabled = false
13401340
blob_properties_delete_retention_policy = 7
1341-
blob_properties_versioning_enabled = false
1341+
blob_properties_restore_policy_days = 6
1342+
blob_properties_versioning_enabled = true
1343+
blob_properties_change_feed_enabled = true
1344+
container_delete_retention_policy_days = 7
1345+
share_properties_retention_policy_days = 7
13421346
containers = {}
13431347
}
13441348
file_exceptions = {
@@ -1347,7 +1351,11 @@ storage_accounts = {
13471351
replication_type = "LRS"
13481352
public_network_access_enabled = false
13491353
blob_properties_delete_retention_policy = 7
1350-
blob_properties_versioning_enabled = false
1354+
blob_properties_restore_policy_days = 6
1355+
blob_properties_versioning_enabled = true
1356+
blob_properties_change_feed_enabled = true
1357+
container_delete_retention_policy_days = 7
1358+
share_properties_retention_policy_days = 7
13511359
containers = {
13521360
file-exceptions = {
13531361
container_name = "file-exceptions"

infrastructure/tf-core/environments/integration.tfvars

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1336,7 +1336,11 @@ storage_accounts = {
13361336
replication_type = "LRS"
13371337
public_network_access_enabled = false
13381338
blob_properties_delete_retention_policy = 7
1339-
blob_properties_versioning_enabled = false
1339+
blob_properties_restore_policy_days = 6
1340+
blob_properties_versioning_enabled = true
1341+
blob_properties_change_feed_enabled = true
1342+
container_delete_retention_policy_days = 7
1343+
share_properties_retention_policy_days = 7
13401344
containers = {}
13411345
}
13421346
file_exceptions = {
@@ -1345,7 +1349,11 @@ storage_accounts = {
13451349
replication_type = "LRS"
13461350
public_network_access_enabled = false
13471351
blob_properties_delete_retention_policy = 7
1348-
blob_properties_versioning_enabled = false
1352+
blob_properties_restore_policy_days = 6
1353+
blob_properties_versioning_enabled = true
1354+
blob_properties_change_feed_enabled = true
1355+
container_delete_retention_policy_days = 7
1356+
share_properties_retention_policy_days = 7
13491357
containers = {
13501358
file-exceptions = {
13511359
container_name = "file-exceptions"

0 commit comments

Comments
 (0)