Feat : Added Recovery Service Vault & Backup Policy (#74)

* Feat : Added Recovery Service Vault & Backup Policy --------- Co-authored-by: Ravi Malvia <[email protected]> Co-authored-by: Deepak verma <[email protected]>
clouddrove · Jan 9, 2025 · efa63df · efa63df
1 parent 4f76dd6
commit efa63df
Show file tree

Hide file tree

Showing 7 changed files with 193 additions and 15 deletions.
diff --git a/README.yaml b/README.yaml
@@ -194,4 +194,5 @@ usage: |-
     diagnostic_setting_enable  = false
     log_analytics_workspace_id = ""
    }
+   
   ```
diff --git a/examples/linux-vm/example.tf b/examples/linux-vm/example.tf
@@ -134,7 +134,7 @@ module "key_vault" {
 module "log-analytics" {
   source                           = "clouddrove/log-analytics/azure"
   version                          = "2.0.0"
-  name                             = "app"
+  name                             = "app1"
   environment                      = "test"
   label_order                      = ["name", "environment"]
   create_log_analytics_workspace   = true
@@ -170,16 +170,15 @@ module "virtual-machine" {
   ## Public IP
   public_ip_enabled = true
   ## Virtual Machine
-  vm_size         = "Standard_B1s"
-  public_key      = "ssh-rsa AAAA"
-  admin_username  = "ubuntu"
-  caching         = "ReadWrite"
-  disk_size_gb    = 30
-  image_publisher = "Canonical"
-  image_offer     = "0001-com-ubuntu-server-jammy"
-  image_sku       = "22_04-lts-gen2"
-  image_version   = "latest"
-
+  vm_size                    = "Standard_B1s"
+  public_key                 = "ssh-rsa AAAA"
+  admin_username             = "ubuntu"
+  caching                    = "ReadWrite"
+  disk_size_gb               = 30
+  image_publisher            = "Canonical"
+  image_offer                = "0001-com-ubuntu-server-jammy"
+  image_sku                  = "22_04-lts-gen2"
+  image_version              = "latest"
   enable_disk_encryption_set = true
   key_vault_id               = module.key_vault.id
   data_disks = [
@@ -204,5 +203,5 @@ module "virtual-machine" {
   log_analytics_workspace_id = module.log-analytics.workspace_id ## when diagnostic_setting_enable enable,  add log analytics workspace id
 
   #vm With User Data
-  user_data = file("user-data.sh")
-}
+  user_data = base64encode(file("user-data.sh"))
+}
diff --git a/examples/linux-vm/versions.tf b/examples/linux-vm/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">=3.112.0"
+      version = ">=3.108.0"
     }
   }
 }
diff --git a/examples/windows-vm/versions.tf b/examples/windows-vm/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">=3.112.0"
+      version = ">=3.108.0"
     }
   }
 }
diff --git a/main.tf b/main.tf
@@ -462,3 +462,65 @@ resource "azurerm_monitor_diagnostic_setting" "nic_diagnostic" {
     ignore_changes = [log_analytics_destination_type]
   }
 }
+
+
+resource "azurerm_recovery_services_vault" "example" {
+  count                         = (var.vault_service == null && var.backup_enabled && var.enabled) ? 1 : (var.vault_service != null ? 1 : 0)
+  name                          = var.vm_addon_name == null ? format("%s-vm-service-vault-%s", module.labels.id, count.index + 1) : format("vm-%s-service-vault-%s", module.labels.id, var.vm_addon_name)
+  location                      = var.location
+  resource_group_name           = var.resource_group_name
+  sku                           = var.vault_sku
+  tags                          = module.labels.tags
+  public_network_access_enabled = var.public_network_access_enabled
+  identity {
+    type = "SystemAssigned"
+  }
+}
+
+resource "azurerm_backup_policy_vm" "policy" {
+  count               = (var.backup_policy == null && var.backup_enabled && var.enabled) ? 1 : (var.backup_policy != null ? 1 : 0)
+  name                = var.vm_addon_name == null ? format("%s-policy-vm-%d", module.labels.id, count.index + 1) : format("%s-policy-vm-%d", module.labels.id, var.vm_addon_name)
+  resource_group_name = var.resource_group_name
+  recovery_vault_name = azurerm_recovery_services_vault.example[count.index].name
+  policy_type         = var.backup_policy_type != null ? var.backup_policy_type : "V2"
+
+  timezone = var.backup_policy_time_zone != null ? var.backup_policy_time_zone : "UTC"
+
+  backup {
+    frequency = var.backup_policy_frequency != null ? var.backup_policy_frequency : "Daily"
+    time      = var.backup_policy_time != null ? var.backup_policy_time : "23:00"
+  }
+
+  dynamic "retention_daily" {
+    for_each = var.backup_policy_retention["daily"].enabled ? [1] : []
+    content {
+      count = var.backup_policy_retention["daily"].count
+    }
+  }
+
+  dynamic "retention_weekly" {
+    for_each = var.backup_policy_retention["weekly"].enabled ? [1] : []
+    content {
+      count    = var.backup_policy_retention["weekly"].count
+      weekdays = var.backup_policy_retention["weekly"].weekdays
+    }
+  }
+
+  dynamic "retention_monthly" {
+    for_each = var.backup_policy_retention["monthly"].enabled ? [1] : []
+    content {
+      count    = var.backup_policy_retention["monthly"].count
+      weekdays = var.backup_policy_retention["monthly"].weekdays
+      weeks    = var.backup_policy_retention["monthly"].weeks
+    }
+  }
+
+}
+
+resource "azurerm_backup_protected_vm" "example" {
+  count               = var.enabled && var.backup_enabled ? var.machine_count : 0
+  resource_group_name = var.resource_group_name
+  recovery_vault_name = azurerm_recovery_services_vault.example[count.index].name
+  backup_policy_id    = azurerm_backup_policy_vm.policy[count.index].id
+  source_vm_id        = var.is_vm_linux ? azurerm_linux_virtual_machine.default[count.index].id : azurerm_windows_virtual_machine.win_vm[count.index].id
+}
diff --git a/outputs.tf b/outputs.tf
@@ -56,3 +56,19 @@ output "extension_id" {
   value       = { for id in azurerm_virtual_machine_extension.vm_insight_monitor_agent : id.name => id.id }
   description = "The ID of the Virtual Machine Extension."
 }
+
+output "service_vault_id" {
+  description = "The Principal ID associated with this Managed Service Identity."
+  value       = azurerm_recovery_services_vault.example[*].identity[0].principal_id
+}
+
+output "service_vault_tenant_id" {
+  description = "The Tenant ID associated with this Managed Service Identity."
+  value       = azurerm_recovery_services_vault.example[*].identity[0].tenant_id
+
+}
+
+output "vm_backup_policy_id" {
+  description = "The ID of the VM Backup Policy."
+  value       = azurerm_backup_policy_vm.policy[*].id
+}
diff --git a/variables.tf b/variables.tf
@@ -612,3 +612,103 @@ variable "user_data" {
   default     = null // Adjust this path accordingly
   description = "(Optional) A string of the desired User Data for the vm.(path/to/user-data.sh)"
 }
+
+variable "public_network_access_enabled" {
+  default = true
+  type    = bool
+}
+
+variable "vault_sku" {
+  default = "Standard"
+  type    = string
+}
+
+
+variable "backup_policy_time" {
+  description = "(Optional) Indicates the time for when to execute the backup policy"
+  default     = "23:00"
+  type        = string
+}
+
+variable "backup_policy_time_zone" {
+  description = "(Optional) Indicates the timezone that the policy will use"
+  default     = "UTC"
+  type        = string
+}
+
+variable "backup_policy_frequency" {
+  description = "(Optional) Indicate the fequency to use for the backup policy"
+  default     = "Daily"
+  type        = string
+
+  validation {
+    condition     = contains(["Daily", "Weekly", "Hourly"], var.backup_policy_frequency)
+    error_message = "The value must be set to one of the following: Daily, Weekly, Hourly"
+  }
+
+}
+
+variable "backup_policy_type" {
+  description = "(Optional) Indicates which version type to use when creating the backup policy"
+  default     = "V1"
+  type        = string
+
+  validation {
+    condition     = contains(["V1", "V2"], var.backup_policy_type)
+    error_message = "The value must be set to one of the following: V1, V2"
+  }
+}
+
+
+variable "backup_enabled" {
+  description = "Added Backup Policy and Service Vault for the Virtual Machine"
+  type        = bool
+  default     = false
+}
+
+
+variable "backup_policy_retention" {
+  type = map(object({
+    enabled   = bool
+    frequency = string
+    count     = string
+    weekdays  = list(string)
+    weeks     = list(string)
+  }))
+  default = {
+    daily = {
+      enabled   = true
+      frequency = "Daily"
+      count     = "7"
+      weekdays  = []
+      weeks     = []
+    },
+    weekly = {
+      enabled   = false
+      frequency = "Weekly"
+      count     = "4"
+      weekdays  = ["Saturday"]
+      weeks     = []
+    },
+    monthly = {
+      enabled   = false
+      frequency = "Monthly"
+      count     = "3"
+      weekdays  = ["Saturday"]
+      weeks     = ["Last"]
+    }
+  }
+}
+
+variable "vault_service" {
+  default     = null
+  type        = string
+  description = "Value for Service Vault ID"
+}
+
+variable "backup_policy" {
+  default     = null
+  type        = string
+  description = "Value for Backup Policy ID"
+
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -194,4 +194,5 @@ usage: |- @@
         diagnostic_setting_enable  = false
         log_analytics_workspace_id = ""
        }
       ```