Support for restore point collection resource group prefix and suffix for azurerm_backup_policy_vm

AliMBajwa commented 3 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Per this link you can configure recovery vault backup policies to create the restore point collection in a named resource group (this will then be created automatically the first time the backup policy is used to back up something like a VM).

I currently use a cli (bash) script in a local-exec provisioner to check the prefix/suffix settings and set it correctly if it's misconfigured. Having this set in terraform would remove the need to manually manage this setting. The default name for this resource group is AzureBackupRG_{region}_1 e.g. AzureBackupRG_uksouth_1. Not very good for enterprise naming conventions.

New or Affected Resource(s)

azurerm_backup_policy_vm

Potential Terraform Configuration

resource "azurerm_recovery_services_vault" "vault" {
  name                = "myBackupVault"
  location            = var.location
  resource_group_name = "myResourceGroup"
  sku                 = "Standard"
  soft_delete_enabled = True
  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_backup_policy_vm" "policy" {
  name                = "myPolicyName"
  resource_group_name = "myResourceGroup"
  recovery_vault_name = "myBackupVault"
  timezone            = "GMT Standard Time"
  restore_point_collection_resource_group_name_prefix = var.rpc_rg_name_prefix
  restore_point_collection_resource_group_name_suffix = var.rpc_rg_name_suffix

  backup {
    frequency = "Daily"
    time      = "08:00"
  }

  retention_daily {
    count = 7
  }
}

References

0000

WimSchepkens commented 2 years ago

I'm sorry, but for enterprise users this is not an enhancement, it's functionality which is missing in TF..

mleziva commented 2 years ago

For users who have a policy enforcing tags or other creation deny policies, this is a must-have.

Netkracker commented 1 year ago

We at @swisspost also miss the feature to directly set the "azureBackupRgNamePrefix" and "azureBackupRgNameSuffix" with terraform. We also currently rely on azurecli running inside of bash to set these to vaules after the policy got created see below code if you are intrested.

any news on this ?

az login --service-principal -u {ARM_CLIENT_ID} -p {ARM_CLIENT_SECRET} --tenant {ARM_TENANT_ID} az account set --subscription ${ARM_SUBSCRIPTION_ID}

json=$(az backup policy list --resource-group {RG_NAME} --vault-name {VAULT_NAME} --output json) declare -a policies policies=$(echo "$json" | jq -r '.[].name' | grep backup)

for i in $policies; do echo "changing azureBackupRgNamePrefix for policy $i" policy=$(az backup policy show --name $i --resource-group {RG_NAME} --vault-name {VAULT_NAME} --output json) a="rg-backup-$i" newpolicy=$(echo "$policy" | jq --arg a "$a" '.properties.instantRpDetails.azureBackupRgNamePrefix = $a') echo "$newpolicy" > json.json az backup policy set --resource-group {RG_NAME} --vault-name {VAULT_NAME} --policy json.json --name $i > /dev/null done

rm -rf json.json

Netkracker commented 1 year ago

Feature is available with the newest version of azurerm 3.47.0 https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_vm#instant_restore_resource_group

hashicorp / terraform-provider-azurerm