Merge pull request #8 from lgallard/feature/copy_action_support

Add support for copy_action block
lgallard · Apr 17, 2020 · 6519ff4 · 6519ff4
2 parents 4b401c6 + 6104083
commit 6519ff4
Show file tree

Hide file tree

Showing 14 changed files with 101 additions and 37 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.3.0 (April 17, 2020)
+
+ENHANCEMENTS:
+
+* Add support for Copy Action
+
+UPDATES:
+
+* Update completed_example to include copy_action block
+* Update simple_plan_using_\* examples
+
 ## 0.2.1 (April 1, 2020)
 
 UPDATES:

diff --git a/README.md b/README.md
@@ -81,39 +81,48 @@ module "aws_backup_example" {
 }
 ```
 
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | >= 2.58.0 |
+
 ## Inputs
 
-| Name                                  | Description                                                                                                                         | Type            | Default  | Required |
-| ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | --------------- | -------- | -------- |
-| enabled                               | Change to false to avoid deploying any AWS Backup resources                                                                         | `bool`        | `true` | no       |
-| plan\_name                            | The display name of a backup plan                                                                                                   | `string`      | n/a      | yes      |
-| rule\_completion\_window              | The amount of time AWS Backup attempts a backup before canceling the job and returning an error                                     | `number`      | n/a      | yes      |
-| rule\_lifecycle\_cold\_storage\_after | Specifies the number of days after creation that a recovery point is moved to cold storage                                          | `number`      | n/a      | yes      |
-| rule\_lifecycle\_delete\_after        | Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold\_storage\_after` | `number`      | n/a      | yes      |
-| rule\_name                            | An display name for a backup rule                                                                                                   | `string`      | n/a      | yes      |
-| rule\_recovery\_point\_tags           | Metadata that you can assign to help organize the resources that you create                                                         | `map(string)` | `{}`   | no       |
-| rule\_schedule                        | A CRON expression specifying when AWS Backup initiates a backup job                                                                 | `string`      | n/a      | yes      |
-| rule\_start\_window                   | The amount of time in minutes before beginning a backup                                                                             | `number`      | n/a      | yes      |
-| rules                                 | A list of rule maps                                                                                                                 | `list`        | `[]` | no       |
-| selection\_name                       | The display name of a resource selection document                                                                                   | `string`      | n/a      | yes      |
-| selection\_resources                  | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan      | `list`        | `[]` | no       |
-| selection\_tag\_key                   | The key in a key-value pair                                                                                                         | `string`      | n/a      | yes      |
-| selection\_tag\_type                  | An operation, such as StringEquals, that is applied to a key-value pair used to filter resources in a selection                     | `string`      | n/a      | yes      |
-| selection\_tag\_value                 | The value in a key-value pair                                                                                                       | `string`      | n/a      | yes      |
-| selections                            | A list of selction maps                                                                                                             | `list`        | `[]` | no       |
-| tags                                  | A mapping of tags to assign to the resource                                                                                         | `map(string)` | `{}`   | no       |
-| vault\_kms\_key\_arn                  | The server-side encryption key that is used to protect your backups                                                                 | `string`      | n/a      | yes      |
-| vault\_name                           | Name of the backup vault to create. If not given, AWS use default                                                                   | `string`      | n/a      | yes      |
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| enabled | Change to false to avoid deploying any AWS Backup resources | `bool` | `true` | no |
+| plan\_name | The display name of a backup plan | `string` | n/a | yes |
+| rule\_completion\_window | The amount of time AWS Backup attempts a backup before canceling the job and returning an error | `number` | n/a | yes |
+| rule\_copy\_action\_destination\_vault\_arn | An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. | `string` | n/a | yes |
+| rule\_copy\_action\_lifecycle | The lifecycle defines when a protected resource is copied over to a backup vault and when it expires. | `map` | `{}` | no |
+| rule\_lifecycle\_cold\_storage\_after | Specifies the number of days after creation that a recovery point is moved to cold storage | `number` | n/a | yes |
+| rule\_lifecycle\_delete\_after | Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold_storage_after` | `number` | n/a | yes |
+| rule\_name | An display name for a backup rule | `string` | n/a | yes |
+| rule\_recovery\_point\_tags | Metadata that you can assign to help organize the resources that you create | `map(string)` | `{}` | no |
+| rule\_schedule | A CRON expression specifying when AWS Backup initiates a backup job | `string` | n/a | yes |
+| rule\_start\_window | The amount of time in minutes before beginning a backup | `number` | n/a | yes |
+| rules | A list of rule maps | `any` | `[]` | no |
+| selection\_name | The display name of a resource selection document | `string` | n/a | yes |
+| selection\_resources | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan | `list` | `[]` | no |
+| selection\_tag\_key | The key in a key-value pair | `string` | n/a | yes |
+| selection\_tag\_type | An operation, such as StringEquals, that is applied to a key-value pair used to filter resources in a selection | `string` | n/a | yes |
+| selection\_tag\_value | The value in a key-value pair | `string` | n/a | yes |
+| selections | A list of selction maps | `list` | `[]` | no |
+| tags | A mapping of tags to assign to the resource | `map(string)` | `{}` | no |
+| vault\_kms\_key\_arn | The server-side encryption key that is used to protect your backups | `string` | n/a | yes |
+| vault\_name | Name of the backup vault to create. If not given, AWS use default | `string` | n/a | yes |
 
 ## Outputs
 
-| Name          | Description                                                                                                |
-| ------------- | ---------------------------------------------------------------------------------------------------------- |
-| plan\_arn     | The ARN of the backup plan                                                                                 |
-| plan\_id      | The id of the backup plan                                                                                  |
+| Name | Description |
+|------|-------------|
+| plan\_arn | The ARN of the backup plan |
+| plan\_id | The id of the backup plan |
 | plan\_version | Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan |
-| vault\_arn    | The ARN of the vault                                                                                       |
-| vault\_id     | The name of the vault                                                                                      |
+| vault\_arn | The ARN of the vault |
+| vault\_id | The name of the vault |
+
 
 ## Known issues
 

diff --git a/examples/complete_plan/main.tf b/examples/complete_plan/main.tf
@@ -1,6 +1,6 @@
 module "aws_backup_example" {
 
-  source = "../modules/terraform-aws-backup"
+  source = "git::https://github.com/lgallard/terraform-aws-backup.git"
 
   # Vault
   vault_name = "vault-3"
@@ -20,6 +20,13 @@ module "aws_backup_example" {
         cold_storage_after = 0
         delete_after       = 90
       },
+      copy_action = {
+        lifecycle = {
+          cold_storage_after = 0
+          delete_after       = 90
+        },
+        destination_vault_arn = "arn:aws:backup:us-west-2:123456789101:backup-vault:Default"
+      }
       recovery_point_tags = {
         Environment = "production"
       }
@@ -31,6 +38,7 @@ module "aws_backup_example" {
       start_window        = 120
       completion_window   = 360
       lifecycle           = {}
+      copy_action         = {}
       recovery_point_tags = {}
     },
   ]

diff --git a/examples/complete_plan/terraform.tfvars b/examples/complete_plan/terraform.tfvars
@@ -1,5 +1,5 @@
 env = {
   region  = "us-east-1"
-  profile = "myprofile"
+  profile = "default"
 }
 
diff --git a/examples/complete_plan/variables.tf b/examples/complete_plan/variables.tf
@@ -1,5 +1,5 @@
 variable "env" {
-  type    = "map"
+  type    = map
   default = {}
 }
 
diff --git a/examples/simple_plan_using_lists/main.tf b/examples/simple_plan_using_lists/main.tf
@@ -1,6 +1,6 @@
 module "aws_backup_example" {
 
-  source = "../modulesi/terraform-aws-backup"
+  source = "git::https://github.com/lgallard/terraform-aws-backup.git"
 
   # Vault
   vault_name = "vault-1"

diff --git a/examples/simple_plan_using_lists/terraform.tfvars b/examples/simple_plan_using_lists/terraform.tfvars
@@ -1,5 +1,5 @@
 env = {
   region  = "us-east-1"
-  profile = "myprofile"
+  profile = "default"
 }
 
diff --git a/examples/simple_plan_using_lists/variables.tf b/examples/simple_plan_using_lists/variables.tf
@@ -1,5 +1,5 @@
 variable "env" {
-  type    = "map"
+  type    = map
   default = {}
 }
 
diff --git a/examples/simple_plan_using_variables/main.tf b/examples/simple_plan_using_variables/main.tf
@@ -1,6 +1,6 @@
 module "aws_backup_example" {
 
-  source = "../modules/terraform-aws-backup"
+  source = "git::https://github.com/lgallard/terraform-aws-backup.git"
 
   # Vault
   vault_name = "vault-0"

diff --git a/examples/simple_plan_using_variables/terraform.tfvars b/examples/simple_plan_using_variables/terraform.tfvars
@@ -1,5 +1,5 @@
 env = {
   region  = "us-east-1"
-  profile = "myprofile"
+  profile = "default"
 }
 
diff --git a/examples/simple_plan_using_variables/variables.tf b/examples/simple_plan_using_variables/variables.tf
@@ -1,5 +1,5 @@
 variable "env" {
-  type    = "map"
+  type    = map
   default = {}
 }
 
diff --git a/main.tf b/main.tf
@@ -30,6 +30,24 @@ resource "aws_backup_plan" "ab_plan" {
           delete_after       = lookup(lifecycle.value, "delete_after", 90)
         }
       }
+
+      # Copy action
+      dynamic "copy_action" {
+        for_each = length(lookup(rule.value, "copy_action", {})) == 0 ? [] : [lookup(rule.value, "copy_action", {})]
+        content {
+          destination_vault_arn = lookup(copy_action.value, "destination_vault_arn", null)
+
+          # Copy Action Lifecycle
+          dynamic "lifecycle" {
+            for_each = length(lookup(copy_action.value, "lifecycle", {})) == 0 ? [] : [lookup(copy_action.value, "lifecycle", {})]
+            content {
+              cold_storage_after = lookup(lifecycle.value, "cold_storage_after", 0)
+              delete_after       = lookup(lifecycle.value, "delete_after", 90)
+            }
+          }
+        }
+      }
+
     }
   }
 

diff --git a/variables.tf b/variables.tf
@@ -71,10 +71,24 @@ variable "rule_lifecycle_delete_after" {
   default     = null
 }
 
+# Rule copy action
+variable "rule_copy_action_lifecycle" {
+  description = "The lifecycle defines when a protected resource is copied over to a backup vault and when it expires."
+  type        = map
+  default     = {}
+}
+
+variable "rule_copy_action_destination_vault_arn" {
+  description = "An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup."
+  type        = string
+  default     = null
+}
+
+
 # Rules
 variable "rules" {
   description = "A list of rule maps"
-  type        = list
+  type        = any
   default     = []
 }
 

diff --git a/versions.tf b/versions.tf
@@ -1,4 +1,8 @@
 terraform {
   required_version = ">= 0.12"
+
+  required_providers {
+    aws = ">= 2.58.0"
+  }
 }