Closed aristosvo closed 1 year ago
Waiting for https://github.com/terraform-providers/terraform-provider-azurerm/pull/6147 or similar functionality
https://github.com/terraform-providers/terraform-provider-azurerm/pull/9277 already implements this functionality without the toggle .
Related: #8268
Hey i just deployed this feature with the tf resource "azurerm_resource_group_template_deployment". Here is the sample code, this might help someone:
resource "azurerm_storage_account" "pointintimerestore" {
name = "yourstorageaccountname"
resource_group_name = azurerm_resource_group.your_resource_group.name
location = azurerm_resource_your_resource_group.location
account_tier = "Standard"
account_replication_type = "LRS"
blob_properties {
change_feed_enabled = "true"
versioning_enabled = "true"
delete_retention_policy {
days = 8 #this value has to be greater than ARM value restorePolicy.days
}
container_delete_retention_policy {
days = "30"
}
}
}
resource "azurerm_resource_group_template_deployment" "pointintimerestore" {
name = "point-in-time-restore-deploy"
resource_group_name = azurerm_resource_group.your_resource_group.name
deployment_mode = "Incremental"
template_content = <<TEMPLATE
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"StorageAccountName": {
"type": "String"
}
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2021-04-01",
"name": "[concat(parameters('StorageAccountName'), '/default')]",
"properties": {
"restorePolicy": {
"enabled": true,
"days": 7
}
}
}
]
}
TEMPLATE
parameters_content = jsonencode({
"StorageAccountName" = {
value = azurerm_storage_account.pointintimerestore.name
}
})
}
Is this still being worked on to add restore_policy { days = 2 } into a potential terraform storage_account config? I see all last PRs closed
@reespozzi This is dependent on an upstream issue.
Last try can be found here, but it really depends on the upstream fixes.
any news , it would be nice to have that as well
Note that as a workaround, you can achieve the desired effect via Azure Backup Vault.
https://docs.microsoft.com/en-us/azure/backup/blob-backup-overview
When you configure backup for a storage account and assign a backup policy with a retention of ānā days, the underlying properties are set as described below. You can view these properties in the Data protection tab of the blob service in your storage account.
Point-in-time restore: Set to ānā days, as defined in the backup policy. If the storage account already had point-in-time enabled with a retention of, say āxā days, before configuring backup, the point-in-time restore duration will be set to the greater of the two values, that is max(n,x). If you had already enabled point-in-time restore and specified the retention to be greater than that in the backup policy, it will remain unchanged.
Soft delete: Set to ān+5ā days, that is, five days in addition to the duration specified in the backup policy. If the storage account that is being configured for operational backup already had soft delete enabled with a retention of, say āyā days, then the soft delete retention will be set to the maximum of the two values, that is, max(n+5,y). If you had already enabled soft delete and specified the retention to be greater than that according to the backup policy, it will remain unchanged.
Versioning for blobs and blob change feed: Versioning and change feed are enabled for storage accounts that have been configured for operational backup.
Delete Lock: Configuring operational backup on a storage account also applies a Delete Lock on the storage account. The Delete Lock applied by Backup can be viewed under the Locks tab of the storage account.
You need to create a Backup Vault, a Blob backup olicy and then to instantiate it on your blob. https://docs.microsoft.com/en-us/azure/backup/blob-backup-configure-manage
Have a look at
I tried https://github.com/hashicorp/terraform-provider-azurerm/issues/9020#issuecomment-1100169975 but the result was not the same as if doing from "Data protection" option in Azure portal
so is this implemented? I am a bit confused reading trough this issue.
I only want to set this checkbox. On Azure Portal it doesn't require any Backup Vault as (@PPACI suggested to use) so I would really like to use it without the Vault.
@mkemmerz I implemented with a workaround, below excerpt:
main.tf
# Ugly workaround for container PITR
module "storage_account_solution_pitr_containers" {
account_name = module.storage_account_solution.name
delete_retention_days = local.container_delete_retention_policy_days
// IMPORTANT: mandatory
depends_on = [
module.storage_account_solution
]
subscription = local.subscription_id
resource_group = module.resource_group_solution.name
restore_days = local.restore_days
source = "./modules/local-exec-storage-account-pitr-containers"
}
modules/local-exec-storage-account-pitr-containers/variables.tf
variable "account_name" {
description = "Storage Account name"
type = string
}
variable "delete_retention_days" {
description = "Storage account setting 'Keep deleted blobs for (in days)', in terraforms is 'container_delete_retention_policy_days'"
type = string
}
variable "subscription" {
description = "Subscription name or ID"
type = string
}
variable "resource_group" {
description = "Resource Group name"
type = string
}
variable "restore_days" {
description = "Storage account setting 'Maximum restore point (days ago)'"
type = string
}
modules/local-exec-storage-account-pitr-containers/main.tf
resource "null_resource" "storage_account_pitr_containers" {
provisioner "local-exec" {
command = <<-EOL
az account set \
--subscription '${var.subscription}' \
&& \
az storage account blob-service-properties update \
--resource-group ${var.resource_group} \
--account-name ${var.account_name} \
--enable-delete-retention true \
--delete-retention-days ${var.delete_retention_days} \
--enable-versioning true \
--enable-change-feed true \
--enable-restore-policy true \
--restore-days ${var.restore_days}
EOL
when = create
}
}
I asked Azure support, they said that the issue mentioned in the GitHub issue https://github.com/Azure/azure-rest-api-specs/issues/11237 has been fixed in the new version of REST API released after 2022-05-01. So maybe this PR can be merged now.
Fixed by #19644 (blob_properties.0.restore_policy
)
I'm going to lock this issue because it has been closed for 30 days ā³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Community Note
Description
Make Point in Time Restore for Blob storage available in Terraform
New or Affected Resource(s)
Potential Terraform Configuration
References