azurerm_data_protection_backup_policy_blob_storage most arguments are not expected and not configurable

[RodrigoGodoyDE]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.7

AzureRM Provider Version

3.106.1

Affected Resource(s)/Data Source(s)

azurerm_data_protection_backup_policy_blob_storage

Terraform Configuration Files

It seems the most of the arguments are not configurable for azurerm_data_protection_backup_policy_blob_storage.

After running terraform validate, plan or apply the most of the arguments appear as " ... is not expected here."

I have this variable definition, using all the arguments described on terraform registry:

# azurerm_data_protection_backup_policy_blob_storage
variable "data_protection_backup_policies_blob_storage" {
  type = list(object({
    name = string

    backup_repeating_time_intervals        = optional(list(string))
    operational_default_retention_duration = optional(string)
    retention_duration                     = optional(string)
    time_zone                              = optional(string)
    vault_default_retention_duration       = optional(string)
    vault_id                               = optional(string)

    retention_rules = optional(list(object({
      name     = string
      duration = string
      priority = number

      criteria = object({
        absolute_criteria      = optional(string)
        days_of_month          = optional(list(number))
        days_of_week           = optional(list(string))
        months_of_year         = optional(list(string))
        scheduled_backup_times = optional(list(string))
        weeks_of_month         = optional(list(string))
      })
      life_cycle = object({
        data_store_type = string
        duration        = string
      })
    })), [])

    timeouts = optional(object({
      create = optional(string, "30m")
      delete = optional(string, "30m")
      read   = optional(string, "5m")
    }), {})
  }))

  default = []
}

Terraform registry specify the following info:

At least one of operational_default_retention_duration, retention_duration or vault_default_retention_duration must be specified.

However the following arguments are not expected by terraform when you run terraform commands:

• operational_default_retention_duration (same specified above)
• vault_default_retention_duration (same specified above)
• backup_repeating_time_intervals
• time_zone
• Block: retention_rule

and we'll get the Error: Unsupported argument messages at the main.tf:

resource "azurerm_data_protection_backup_policy_blob_storage" "this" {
  for_each = { for obj in var.data_protection_backup_policies_blob_storage : obj.name => obj }

  name = each.value["name"]

  backup_repeating_time_intervals        = each.value["backup_repeating_time_intervals"]        #  An argument named "backup_repeating_time_intervals" is not expected here.
  operational_default_retention_duration = each.value["operational_default_retention_duration"] # An argument named "operational_default_retention_duration" is not expected here.
  retention_duration = each.value["retention_duration"]
  time_zone                              = each.value["time_zone"] ## An argument named "time_zone" is not expected here.
  vault_id                         = each.value["vault_id"] != null ? each.value["vault_id"] : azurerm_data_protection_backup_vault.this[0].id
  vault_default_retention_duration = each.value["vault_default_retention_duration"] ##An argument named "vault_default_retention_duration" is not expected here.

  dynamic "retention_rule" { ## Blocks of type "retention_rule" are not expected here.
    for_each = { for obj in each.value["retention_rules"] : obj.name => obj }
    content {
      name     = retention_rule.value["name"]
      duration = retention_rule.value["duration"]
      priority = retention_rule.value["priority"]

      dynamic "criteria" {
        for_each = retention_rule.value["criteria"] != null ? { 0 = 1 } : {}
        content {
          absolute_criteria      = criteria.each.value["absolute_criteria"]
          days_of_month          = criteria.each.value["days_of_month"]
          days_of_week           = criteria.each.value["days_of_week"]
          months_of_year         = criteria.each.value["months_of_year"]
          scheduled_backup_times = criteria.each.value["scheduled_backup_times"]
          weeks_of_month         = criteria.each.value["weeks_of_month"]
        }
      }
      dynamic "life_cycle" {
        for_each = retention_rule.value["life_cycle"] != null ? { 0 = 1 } : {}
        content {
          data_store_type = life_cycle.value["data_store_type"]
          duration        = life_cycle.value["duration"]
        }
      }
    }
  }

  timeouts {
    create = each.value["timeouts"]["create"]
    delete = each.value["timeouts"]["delete"]
    read   = each.value["timeouts"]["read"]
  }
}

It seems somehow all of them are not configurable, and can not be used as it is at: https://github.com/hashicorp/terraform-provider-azurerm/blob/main/internal/services/dataprotection/data_protection_backup_policy_blob_storage_resource_test.go

i.e.:

resource "azurerm_data_protection_backup_policy_blob_storage" "test" {
  name                                   = "acctest-dbp-%d"
  vault_id                               = azurerm_data_protection_backup_vault.test.id
  operational_default_retention_duration = "P30D"
  vault_default_retention_duration       = "P7D"
  backup_repeating_time_intervals        = ["R/2024-05-08T11:30:00+00:00/P1W"]

  retention_rule {
    name     = "Monthly"
    priority = 15
    life_cycle {
      duration        = "P6M"
      data_store_type = "VaultStore"
    }
    criteria {
      days_of_month = [1, 2, 0]
    }
  }

  retention_rule {
    name     = "Daily"
    priority = 25
    life_cycle {
      duration        = "P7D"
      data_store_type = "VaultStore"
    }
    criteria {
      days_of_week           = ["Thursday"]
      months_of_year         = ["November"]
      weeks_of_month         = ["First"]
      scheduled_backup_times = ["2024-05-08T02:30:00Z"]
    }
  }
}

Debug Output/Panic Output

╷
│ Error: Unsupported argument
│ 
│   on ../../main.tf line 373, in resource "azurerm_data_protection_backup_policy_blob_storage" "this":
│  373:   backup_repeating_time_intervals        = each.value["backup_repeating_time_intervals"]        ##  An argument named "backup_repeating_time_intervals" is not expected here.
│ 
│ An argument named "backup_repeating_time_intervals" is not expected here.
╵
╷
│ Error: Unsupported argument
│ 
│   on ../../main.tf line 374, in resource "azurerm_data_protection_backup_policy_blob_storage" "this":
│  374:   operational_default_retention_duration = each.value["operational_default_retention_duration"] ## An argument named "operational_default_retention_duration" is not expected here.
│ 
│ An argument named "operational_default_retention_duration" is not expected here.
╵
╷
│ Error: Unsupported argument
│ 
│   on ../../main.tf line 376, in resource "azurerm_data_protection_backup_policy_blob_storage" "this":
│  376:   time_zone                              = each.value["time_zone"] ## An argument named "time_zone" is not expected here.
│ 
│ An argument named "time_zone" is not expected here.
╵
╷
│ Error: Unsupported argument
│ 
│   on ../../main.tf line 378, in resource "azurerm_data_protection_backup_policy_blob_storage" "this":
│  378:   vault_default_retention_duration       = each.value["vault_default_retention_duration"] ##An argument named "vault_default_retention_duration" is not expected here.
│ 
│ An argument named "vault_default_retention_duration" is not expected here.
╵
╷
│ Error: Unsupported block type
│ 
│   on ../../main.tf line 380, in resource "azurerm_data_protection_backup_policy_blob_storage" "this":
│  380:   dynamic "retention_rule" { ## Blocks of type "retention_rule" are not expected here.
│ 
│ Blocks of type "retention_rule" are not expected here.

Expected Behaviour

All the arguments on terraform registry should be configurable. Even using it as simple as following we'll get the same Issue:

I had to add retention_duration because in fact is a Required instead an Optional Argument.

Actual Behaviour

Only the following arguments are valid to use this resource:

• name
• retention_duration
• vault_id

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[neil-yechenwei]

Thanks for raising this issue. Suggest use latest terraform azurerm provider for new features.

[fjalcarazp]

I have the same issue. In the azurerm provider documentation it states that is required to use the property «duration» in the block «retention_rule» but it doesn't work. A message like this appears:

Error:

│ Error: Unsupported argument
│
│   on main.tf line 29, in resource "azurerm_data_protection_backup_policy_blob_storage" "bkpol_blobs_01":
│   29:     duration = "P4W" # NOTE: Provider documentation issue in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage
│
│ An argument named "duration" is not expected here.
╵
╷
│ Error: Unsupported argument
│
│   on main.tf line 44, in resource "azurerm_data_protection_backup_policy_blob_storage" "bkpol_blobs_01":
│   44:     duration = "P6M" # NOTE: Provider documentation issue in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage
│
│ An argument named "duration" is not expected here.
╵
╷
│ Error: Unsupported argument
│
│   on main.tf line 59, in resource "azurerm_data_protection_backup_policy_blob_storage" "bkpol_blobs_01":
│   59:     duration = "P1Y" # NOTE: Provider documentation issue in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage
│
│ An argument named "duration" is not expected here.

Code that causes the error:

resource "azurerm_data_protection_backup_policy_blob_storage" "bkpol_blobs_01" {
  name                             = "bkpol-blobs-vaulted"
  vault_id                         = azurerm_data_protection_backup_vault.bvault_01.id
  time_zone                        = "Romance Standard Time"
  vault_default_retention_duration = "P30D"
  backup_repeating_time_intervals  = ["R/2024-06-01T23:00:00Z/P1D"]

  retention_rule {
    name = "Weekly"
    duration = "P4W" # NOTE: Provider documentation issue in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage
    priority = 20

    criteria {
      absolute_criteria = "FirstOfWeek"
    }

    life_cycle {
      data_store_type = "VaultStore"
      duration        = "P4W"
    }
  }

  retention_rule {
    name = "Monthly"
    duration = "P6M" # NOTE: Provider documentation issue in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage
    priority = 15

    criteria {
      absolute_criteria = "FirstOfMonth"
    }

    life_cycle {
      data_store_type = "VaultStore"
      duration        = "P6M"
    }
  }

  retention_rule {
    name = "Yearly"
    duration = "P1Y" # NOTE: Provider documentation issue in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage
    priority = 10

    criteria {
      absolute_criteria = "FirstOfYear"
    }

    life_cycle {
      data_store_type = "VaultStore"
      duration        = "P1Y"
    }
  }
}

It is necessary to include the duration parameter only in the life_cycle block like this:

Code that works correctly:

resource "azurerm_data_protection_backup_policy_blob_storage" "bkpol_blobs_01" {
  name                             = "bkpol-blobs-vaulted"
  vault_id                         = azurerm_data_protection_backup_vault.bvault_01.id
  time_zone                        = "Romance Standard Time"
  vault_default_retention_duration = "P30D"
  backup_repeating_time_intervals  = ["R/2024-06-01T23:00:00Z/P1D"]

  retention_rule {
    name = "Weekly"
    # duration = "P4W" # NOTE: Provider documentation issue in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage
    priority = 20

    criteria {
      absolute_criteria = "FirstOfWeek"
    }

    life_cycle {
      data_store_type = "VaultStore"
      duration        = "P4W"
    }
  }

  retention_rule {
    name = "Monthly"
    # duration = "P6M" # NOTE: Provider documentation issue in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage
    priority = 15

    criteria {
      absolute_criteria = "FirstOfMonth"
    }

    life_cycle {
      data_store_type = "VaultStore"
      duration        = "P6M"
    }
  }

  retention_rule {
    name = "Yearly"
    # duration = "P1Y" # NOTE: Provider documentation issue in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage
    priority = 10

    criteria {
      absolute_criteria = "FirstOfYear"
    }

    life_cycle {
      data_store_type = "VaultStore"
      duration        = "P1Y"
    }
  }
}