Open DevopsMercenary opened 11 months ago
@DevopsMercenary Thank you for taking the time to open this feature request!
The current terraform setting soft_delete_enabled = true
seems to have a strange effect when the Vault is already set to true and Always Enabled in the Azure Portal (the output implies that terraform maps anything other than true to false?).
This would be another reason to support this flag, like the immutability vault option (already implemented).
Our config/setting:
resource "azurerm_recovery_services_vault" "REDACTED" {
name = "REDACTED"
location = var.location
resource_group_name = var.resource_group
sku = "Standard"
soft_delete_enabled = true
Terraform output:
$ terraform version
Terraform v1.8.4
on linux_amd64
+ provider registry.terraform.io/hashicorp/azurerm v3.105.0
...
# module.REDACTED.azurerm_recovery_services_vault.REDACTED will be updated in-place
~ resource "azurerm_recovery_services_vault" "REDACTED" {
id = "/subscriptions/REDACTED"
name = "REDACTED"
~ soft_delete_enabled = false -> true
tags = {}
# (8 unchanged attributes hidden)
}
...
Error: backupresourcevaultconfigs.BackupResourceVaultConfigsClient#Update: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BMSUserErrorSoftDeleteStateAlwaysOn" Message="Soft delete cannot be disabled on this vault since it is configured to be ‘Always on’. This vault has soft delete in ‘Always on’ state, which prevents soft delete from being disabled. Learn more here: https://go.microsoft.com/fwlink/?linkid=2226845 "
│
│ with module.REDACTED.azurerm_recovery_services_vault.REDACTED,
│ on common/backup-recovery-services/main.tf line 35, in resource "azurerm_recovery_services_vault" "REDACTED":
│ 35: resource "azurerm_recovery_services_vault" "REDACTED" {
This would be really helpful! When I use "soft_delete_enabled = true", it sets the "Enable soft delete and security settings for hybrid workloads" setting, but it doesn't set "Enable soft delete for cloud workloads" or "Enable Always-on soft delete" (where the former is a pre-requisite for the latter), so it would be great if all of those could be exposed via Terraform.
Hi, any update here?
Is there an existing issue for this?
Community Note
Description
Please add support for the new checkbox 'Enable Always-on soft delete'
When in the console this is under Recovery Services vault / Settings / Properties / Security Settings
https://learn.microsoft.com/en-us/rest/api/recoveryservices/vaults/create-or-update?tabs=HTTP#softdeletestate
Possiblily changing soft_delete_enabled = true. to soft_delete_state = "AlwaysON"
New or Affected Resource(s)/Data Source(s)
azurerm_recovery_services_vault
Potential Terraform Configuration
References
No response