forked from aztfmod/terraform-azurerm-caf
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathbackup_vaults.tf
90 lines (76 loc) · 6.58 KB
/
backup_vaults.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
module "backup_vaults" {
source = "./modules/backup_vault"
for_each = local.data_protection.backup_vaults
global_settings = local.global_settings
client_config = local.client_config
settings = each.value
storage_accounts = local.combined_objects_storage_accounts
diagnostics = local.combined_diagnostics
identity = try(each.value.identity, {})
resource_groups = local.combined_objects_resource_groups
location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location
resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name
base_tags = try(local.global_settings.inherit_tags, false) ? try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].tags, {}) : {}
}
output "backup_vaults" {
value = module.backup_vaults
}
module "backup_vault_policies_blob_storage" {
source = "./modules/backup_vault/backup_vault_policy_blob_storage"
for_each = {
for key, value in local.data_protection.backup_vault_policies : key => value
if value.type == "blob_storage"
}
global_settings = local.global_settings
settings = each.value
vault_id = can(each.value.backup_vault.id) || can(each.value.backup_vault_key) == false ? try(each.value.backup_vault.id, null) : local.combined_objects_backup_vaults[try(each.value.backup_vault.lz_key, local.client_config.landingzone_key)][try(each.value.backup_vault_key, each.value.backup_vault.key)].id
}
module "backup_vault_policies_disk" {
source = "./modules/backup_vault/backup_vault_policy_disk"
for_each = {
for key, value in local.data_protection.backup_vault_policies : key => value
if value.type == "disk"
}
global_settings = local.global_settings
settings = each.value
vault_id = can(each.value.backup_vault.id) || can(each.value.backup_vault_key) == false ? try(each.value.backup_vault.id, null) : local.combined_objects_backup_vaults[try(each.value.backup_vault.lz_key, local.client_config.landingzone_key)][try(each.value.backup_vault_key, each.value.backup_vault.key)].id
}
locals {
backup_vault_policies = merge(module.backup_vault_policies_blob_storage, module.backup_vault_policies_disk)
}
output "backup_vault_policies" {
value = local.backup_vault_policies
}
module "backup_vault_instances_blob_storage" {
source = "./modules/backup_vault/backup_vault_instance_blob_storage"
depends_on = [azurerm_role_assignment.for]
for_each = {
for key, value in local.data_protection.backup_vault_instances : key => value
if value.type == "blob_storage"
}
settings = each.value
vault_id = can(each.value.backup_vault.id) ? each.value.backup_vault.id : local.combined_objects_backup_vaults[try(each.value.backup_vault.lz_key, local.client_config.landingzone_key)][try(each.value.backup_vault_key, each.value.backup_vault.key)].id
location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location
storage_account_id = can(each.value.storage_account.id) ? each.value.storage_account.id : local.combined_objects_storage_accounts[try(each.value.storage_account.lz_key, local.client_config.landingzone_key)][try(each.value.storage_account_key, each.value.storage_account.key)].id
backup_policy_id = can(each.value.backup_vault_policy.id) ? each.value.backup_vault_policy.id : local.combined_objects_backup_vault_policies[try(each.value.backup_vault_policy.lz_key, local.client_config.landingzone_key)][try(each.value.backup_vault_policy_key, each.value.backup_vault_policy.key)].id
}
module "backup_vault_instances_disk" {
source = "./modules/backup_vault/backup_vault_instance_disk"
depends_on = [azurerm_role_assignment.for]
for_each = {
for key, value in local.data_protection.backup_vault_instances : key => value
if value.type == "disk"
}
settings = each.value
vault_id = can(each.value.backup_vault.id) ? each.value.backup_vault.id : local.combined_objects_backup_vaults[try(each.value.backup_vault.lz_key, local.client_config.landingzone_key)][try(each.value.backup_vault_key, each.value.backup_vault.key)].id
location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location
backup_policy_id = can(each.value.backup_vault_policy.id) ? each.value.backup_vault_policy.id : local.combined_objects_backup_vault_policies[try(each.value.backup_vault_policy.lz_key, local.client_config.landingzone_key)][try(each.value.backup_vault_policy_key, each.value.backup_vault_policy.key)].id
snapshot_resource_group_name = can(each.value.snapshot_resource_group.name) || can(each.value.snapshot_resource_group_name) ? try(each.value.snapshot_resource_group.name, each.value.snapshot_resource_group_name) : local.combined_objects_resource_groups[try(each.value.snapshot_resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.snapshot_resource_group_key, each.value.snapshot_resource_group.key)].name
disk_id = try(each.value.disk.os_disk, false) == true ? try(local.combined_objects_virtual_machines[try(each.value.disk.lz_key, local.client_config.landingzone_key)][each.value.disk.vm_key].os_disk_id) : try(local.combined_objects_virtual_machines[try(each.value.disk.lz_key, local.client_config.landingzone_key)][each.value.disk.vm_key].data_disks[each.value.disk.disk_key])
}
locals {
backup_vault_instances = merge(module.backup_vault_instances_blob_storage, module.backup_vault_instances_disk)
}
output "backup_vault_instances" {
value = local.backup_vault_instances
}