search

prefapp / tfm

Reusable Terraform modules
0 stars 0 forks source link

Create a Storage Account Module for Azure in Terraform `azure-sa` #120

Open jcframil opened 3 weeks ago

jcframil commented 3 weeks ago

Description

We need to develop a Terraform module that simplifies the provisioning and management of Azure Storage Accounts. The module should allow for the creation and configuration of all necessary resources related to a storage account, including containers, file shares, as well as setting up necessary networking configurations.

Requirements

The module should support the creation of different types of storage accounts, shares and network related resources

Resource Configurations

The module should allow for configuring the following resources:

Input Variables

    values:
      # data values
      resource_group_name: "rg_test"
      allowed_subnets:
        - name: "data"
          vnet: "test-vnet"
          resource_group: "rg-test"
        - name: "video"
          vnet: "test-vnet1"
          resource_group: "rg-test1"
      additional_allowed_subnet_ids:
        - "/subscriptions/324ca80b-cea7-41ff-ac13-25441f452f33/resourceGroups/rg_test/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/test-subnet"
        - "/subscriptions/c9e99a2d-e0cd-473b-935c-bc2e37ea8511/resourceGroups/rg_test/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/test-subnet1"

      # storage account
      storage_account:
        name: "mystorageaccount"
        account_tier: "Standard"
        account_replication_type: "LRS"
        account_kind: "StorageV2"
        access_tier: "Hot"
        cross_tenant_replication_enabled: false
        https_traffic_only_enabled: true
        min_tls_version: "TLS1_2"
        identity:
          type: "SystemAssigned"

      # storage account network rules
      network_rules:
        default_action: "Deny"
        bypass: "AzureServices"
        private_link_access:
          - endpoint_resource_id: "/subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.Network/privateLinkService/xxxx"
            endpoint_tenant_id: "66666666-7777-8888-9999-000000000000"
          - endpoint_resource_id: "/subscriptions/yyyy/resourceGroups/yyyy/providers/Microsoft.Network/privateLinkService/yyyy"

      # storage containers
      containers:
        - name: "test"
          container_access_type: "private"
        - name: "test2"
          container_access_type: "private"

      # storage queues
      queues:
        - name: "test"
          metadata:
            queuename: functionsqueue
            queuelength: '5'
            connection: STORAGE_CONNECTIONSTRING_ENV_NAME

      # storage tables
      tables:
        - name: "Table1"
          acl:
            id: "policy1"
            access_policy:
              permissions: "rwd"
              start: "2024-09-01T00:00:00Z"
              expiry: "2024-09-30T23:59:59Z"

      # storage shares
      shares:
        - name: "share1"
          access_tier: "Hot"
          enabled_protocol: "SMB"
          quota: 100
          metadata:
            environment: "production"
            owner: "teamA"
        - name: "share2"
          quota: 200
          metadata:
            environment: "staging"
          acl:
            - id: "policy2"
              access_policy:
                permissions: "r"
                start: "2024-10-01T00:00:00Z"
                expiry: "2024-10-31T23:59:59Z"
        - name: "share3"
          access_tier: "Cool"
          quota: 50

      # storage management policy rules
      lifecycle_policy_rules:
        - name: "rule1"
          enabled: true
          filters:
            blob_types: 
              - "blockBlob"
            prefix_match: 
              - "container1/prefix1"
            match_blob_index_tag:
              - name: "tag1"
                operation: "=="
                value: "val1"
          actions:
            base_blob:
              tier_to_cool_after_days_since_modification_greater_than: 10
              tier_to_archive_after_days_since_modification_greater_than: 50
              delete_after_days_since_modification_greater_than: 100
            snapshot:
              delete_after_days_since_creation_greater_than: 30
            version:
              delete_after_days_since_creation: 90
        - name: "rule2"
          enabled: false
          filters:
            blob_types: 
              - "blockBlob"
            prefix_match:
              - "container2/prefix1"
              - "container2/prefix2"
          actions:
            base_blob:
              tier_to_cool_after_days_since_modification_greater_than: 11
              tier_to_archive_after_days_since_modification_greater_than: 51
              delete_after_days_since_modification_greater_than: 101
            snapshot:
              change_tier_to_cool_after_days_since_creation: 23
              change_tier_to_archive_after_days_since_creation: 90
              delete_after_days_since_creation_greater_than: 31
            version:
              change_tier_to_archive_after_days_since_creation: 9
              change_tier_to_cool_after_days_since_creation: 90
              delete_after_days_since_creation: 3
      # tags
      tags:
        cliente: "test"
        tenant: "test"
        Producto: "test"
        application: "test"
        env: "test"

Output Variables

ID of the storage account

Documentation

Provide comprehensive documentation including examples for different use cases (e.g., file storage, blobs and shares, identity, etc.)

Acceptance Criteria:

The module is tested and validated with different configurations. Code is well-structured, following Terraform best practices. Comprehensive documentation and usage examples are provided.

### Tasks
- [ ] https://github.com/prefapp/tfm/pull/124
### Tasks
- [x] Añadir lifecycle policies
- [x] Bloque de subnets y permitir manejo de ids
- [x] Permitir añadir shares
- [x] Permitir añadir container
- [x] Permitir añadir queues y tables