diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index d1bde72..a7006c9 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -11,6 +11,7 @@ on: branches: - main pull_request: + workflow_dispatch: jobs: build-verification: diff --git a/.releaserc b/.releaserc index 086ad8e..eac1edb 100644 --- a/.releaserc +++ b/.releaserc @@ -3,14 +3,30 @@ "main" ], "plugins": [ - "@semantic-release/commit-analyzer", - "@semantic-release/release-notes-generator", + "@semantic-release/commit-analyzer", + "@semantic-release/release-notes-generator", "@semantic-release/github" ], "releaseRules": [ - { "breaking": true, "release": "major" }, - { "revert": true, "release": "patch" }, - { "type": "feat", "release": "minor" }, - { "message": "*", "release": "patch" } + { + "breaking": true, + "release": "major" + }, + { + "revert": true, + "release": "patch" + }, + { + "type": "feat", + "release": "minor" + }, + { + "message": "*", + "release": "patch" + }, + { + "type": "*", + "release": "patch" + } ] -} \ No newline at end of file +} diff --git a/docs/usage.md b/docs/usage.md index 67eee3e..373813a 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -134,7 +134,7 @@ module "my_backup" { | `backup_vault_name` | The name of the backup vault. The value supplied will be automatically prefixed with `rg-nhsbackup-`. If more than one az-backup module is created, this value must be unique across them. | Yes | n/a | | `backup_vault_redundancy` | The redundancy of the vault, e.g. `GeoRedundant`. [See the following link for the possible values.](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_vault#redundancy) | No | `LocallyRedundant` | | `backup_vault_immutability` | The immutability of the vault, e.g. `Locked`. [See the following link for the possible values.](https://learn.microsoft.com/en-us/azure/templates/microsoft.dataprotection/backupvaults?pivots=deployment-language-terraform#immutabilitysettings-2) | No | `Disabled` | -| `log_analytics_workspace_id` | The id of the log analytics workspace that backup telemetry and diagnostics should be sent to. When no value is provided then diagnostics will not be sent anywhere. | No | n/a | +| `log_analytics_workspace_id` | The id of the log analytics workspace that backup telemetry and diagnostics will be sent to. | Yes | n/a | | `tags` | A map of tags which will be applied to the resource group and backup vault. When no tags are specified then no tags are added. NOTE when using an externally managed resource group the tags will not be applied to it (they will still be applied to the backup vault). | No | n/a | | `use_extended_retention` | If set to true, then the backup retention periods can be set to anything, otherwise they are limited to 7 days. | No | `false` | | `blob_storage_backups` | A map of blob storage backups that should be created. For each backup the following values should be provided: `storage_account_id`, `backup_name` and `retention_period`. When no value is provided then no backups are created. | No | n/a | diff --git a/infrastructure/.terraform.lock.hcl b/infrastructure/.terraform.lock.hcl index 3f35bbc..aff7b5a 100644 --- a/infrastructure/.terraform.lock.hcl +++ b/infrastructure/.terraform.lock.hcl @@ -2,21 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "4.35.0" + version = "4.37.0" constraints = ">= 4.18.0, < 5.0.0" hashes = [ - "h1:3zJsyLWItriZDhtx6kBkoy9UPcA9l5G4PKi4ZYxhsnA=", - "zh:05a7fac1291517527d272dd2e22a8b3223775d399dc608c8250435e63d437386", - "zh:3519dae43473cb5a82c026d664572859e2fc886fe2a54ecc59007186ef4aa166", - "zh:57cd9d04334d296a9af3aa54d776bc3b4709ecf5d511fee94dc7420a547364ab", - "zh:7d57cbd44ebf959fc496743b4e3587a51dd7546a687bab404dc3f5899d3ef764", - "zh:8c1e722c84aa8d769cdef0be933d6f096ff0ec8224eaf1ae2c7bdb93b0365c6f", - "zh:9519f72c937003ecc97a0a5a60c0ad1063dafa3d431cf04067bdc4b40ebfd023", - "zh:9bf108a2840ecfb3d2e76b1ac59d0d9bed418b1b28df8c2c5dd09e34cb1e3699", - "zh:b870884accad83c437a12a577933f378a21bb6663a6034a3fb219b4c1f4b9188", - "zh:cf3292dd535133afe16614ac84241065485d581ab67b4abf857db5bfbba7109e", - "zh:d48aa50227ca3701a16d2818b5d059c5f236344e3a90162fb930ecc6f136c9b0", - "zh:e63733db32189c1e849b5dbf7c10dd852f48ed4186c8af81240ee643d2df3425", + "h1:MfFA2dyXwJlMi4p7PBjQzyRDLm0vcpnVeMPedvUT6BE=", + "zh:10acb818823a0319215beb796af1a7a97820be5d40ec1779deb8c2bdb1cac6d0", + "zh:31cac8c98e4b8e1f44e33394e6ed375552aea204ef9ce2e8612719c5ebb8ffae", + "zh:32048bf10eec89819f73de86a478aced0101be9d480badad8dec31f65b65590a", + "zh:38236dfd5e28c4ceaf27b3a719deb40802159ceed810c667be3a42ee8bc384d8", + "zh:438cff6ac72117016975d47fadfdbccb33218274c6c74fd4ff4f1eea2ec18b6a", + "zh:7763f4d97b3f67e65e730023755db6b567644c0fab9a65e966c9a34fb4690a97", + "zh:799eca3363eda85a6f6678d47bf01cb48dcb9296ecd6165814eb696a9d9e2c7d", + "zh:8508771cedbaa651156a3726cda04e1f28443a46e3a7c72b4a9a7abbf671aed9", + "zh:96b016af4ebe0db58ba51e40dd419465b5152f98842d366a5b5b8835f2c7be58", + "zh:eb7d0efaaaef225b6e867e5cbd0514f39f0bc4e12e6c3cdfdb666776c5948995", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:ffa8d70d432894b7b023f50831490bd5db762c8f48d5f7607888aaa5d0da39e8", ] } diff --git a/infrastructure/backup_vault.tf b/infrastructure/backup_vault.tf index d599c25..538a5af 100644 --- a/infrastructure/backup_vault.tf +++ b/infrastructure/backup_vault.tf @@ -27,7 +27,6 @@ locals { } resource "azurerm_monitor_diagnostic_setting" "backup_vault" { - count = length(var.log_analytics_workspace_id) > 0 ? 1 : 0 name = "${var.backup_vault_name}-diagnostic-settings" target_resource_id = azurerm_data_protection_backup_vault.backup_vault.id log_analytics_workspace_id = var.log_analytics_workspace_id diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf index 93a306f..78372a2 100644 --- a/infrastructure/variables.tf +++ b/infrastructure/variables.tf @@ -40,7 +40,6 @@ variable "backup_vault_immutability" { variable "log_analytics_workspace_id" { description = "The id of the log analytics workspace to use for backup vault diagnostic settings" type = string - default = "" } variable "tags" { diff --git a/tests/end-to-end-tests/blob_storage_backup_test.go b/tests/end-to-end-tests/blob_storage_backup_test.go index 899259a..a81f025 100644 --- a/tests/end-to-end-tests/blob_storage_backup_test.go +++ b/tests/end-to-end-tests/blob_storage_backup_test.go @@ -7,6 +7,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage" "github.com/gruntwork-io/terratest/modules/random" @@ -21,6 +22,7 @@ type TestBlobStorageBackupExternalResources struct { StorageAccountOneContainer armstorage.BlobContainer StorageAccountTwo armstorage.Account StorageAccountTwoContainer armstorage.BlobContainer + LogAnalyticsWorkspace armoperationalinsights.Workspace } /* @@ -39,12 +41,16 @@ func setupExternalResourcesForBlobStorageBackupTest(t *testing.T, credential *az storageAccountTwo := CreateStorageAccount(t, credential, subscriptionID, externalResourceGroupName, storageAccountTwoName, resourceGroupLocation) storageAccountTwoContainer := CreateStorageAccountContainer(t, credential, subscriptionID, externalResourceGroupName, storageAccountTwoName, "test-container") + logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId)) + logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation) + externalResources := &TestBlobStorageBackupExternalResources{ ResourceGroup: resourceGroup, StorageAccountOne: storageAccountOne, StorageAccountOneContainer: storageAccountOneContainer, StorageAccountTwo: storageAccountTwo, StorageAccountTwoContainer: storageAccountTwoContainer, + LogAnalyticsWorkspace: logAnalyticsWorkspace, } return externalResources @@ -104,10 +110,11 @@ func TestBlobStorageBackup(t *testing.T) { TerraformDir: environment.TerraformFolder, Vars: map[string]interface{}{ - "resource_group_name": resourceGroupName, - "resource_group_location": resourceGroupLocation, - "backup_vault_name": backupVaultName, - "blob_storage_backups": blobStorageBackups, + "resource_group_name": resourceGroupName, + "resource_group_location": resourceGroupLocation, + "backup_vault_name": backupVaultName, + "blob_storage_backups": blobStorageBackups, + "log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID, }, BackendConfig: map[string]interface{}{ diff --git a/tests/end-to-end-tests/existing_resource_group_test.go b/tests/end-to-end-tests/existing_resource_group_test.go index e2feca0..e77721f 100644 --- a/tests/end-to-end-tests/existing_resource_group_test.go +++ b/tests/end-to-end-tests/existing_resource_group_test.go @@ -2,6 +2,7 @@ package e2e_tests import ( "fmt" + "strings" "testing" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" @@ -10,20 +11,26 @@ import ( "github.com/gruntwork-io/terratest/modules/terraform" test_structure "github.com/gruntwork-io/terratest/modules/test-structure" "github.com/stretchr/testify/assert" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights" ) type TestExistingResourceGroupExternalResources struct { - ResourceGroup armresources.ResourceGroup + ResourceGroup armresources.ResourceGroup + LogAnalyticsWorkspace armoperationalinsights.Workspace } /* * Creates resources which are "external" to the az-backup module. */ -func setupExternalResourcesForExistingResourceGroupTest(t *testing.T, credential *azidentity.ClientSecretCredential, subscriptionID string, resourceGroupName string, resourceGroupLocation string) *TestExistingResourceGroupExternalResources { +func setupExternalResourcesForExistingResourceGroupTest(t *testing.T, credential *azidentity.ClientSecretCredential, subscriptionID string, resourceGroupName string, resourceGroupLocation string, uniqueId string) *TestExistingResourceGroupExternalResources { resourceGroup := CreateResourceGroup(t, credential, subscriptionID, resourceGroupName, resourceGroupLocation) + logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId)) + logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, resourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation) + externalResources := &TestExistingResourceGroupExternalResources{ - ResourceGroup: resourceGroup, + ResourceGroup: resourceGroup, + LogAnalyticsWorkspace: logAnalyticsWorkspace, } return externalResources @@ -43,7 +50,7 @@ func TestExistingResourceGroup(t *testing.T) { resourceGroupLocation := "uksouth" backupVaultName := fmt.Sprintf("bvault-nhsbackup-%s", uniqueId) - externalResources := setupExternalResourcesForExistingResourceGroupTest(t, credential, environment.SubscriptionID, resourceGroupName, resourceGroupLocation) + externalResources := setupExternalResourcesForExistingResourceGroupTest(t, credential, environment.SubscriptionID, resourceGroupName, resourceGroupLocation, uniqueId) // Teardown stage // ... @@ -64,10 +71,11 @@ func TestExistingResourceGroup(t *testing.T) { TerraformDir: environment.TerraformFolder, Vars: map[string]interface{}{ - "resource_group_name": resourceGroupName, - "resource_group_location": resourceGroupLocation, - "create_resource_group": false, - "backup_vault_name": backupVaultName, + "resource_group_name": resourceGroupName, + "resource_group_location": resourceGroupLocation, + "create_resource_group": false, + "backup_vault_name": backupVaultName, + "log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID, }, BackendConfig: map[string]interface{}{ diff --git a/tests/end-to-end-tests/go.mod b/tests/end-to-end-tests/go.mod index c6024c5..b3d507f 100644 --- a/tests/end-to-end-tests/go.mod +++ b/tests/end-to-end-tests/go.mod @@ -17,7 +17,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.8.1 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.2 github.com/gruntwork-io/go-commons v0.17.2 - github.com/gruntwork-io/terratest v0.48.2 + github.com/gruntwork-io/terratest v0.50.0 github.com/stretchr/testify v1.10.0 ) diff --git a/tests/end-to-end-tests/go.sum b/tests/end-to-end-tests/go.sum index 6bc9b21..a81854f 100644 --- a/tests/end-to-end-tests/go.sum +++ b/tests/end-to-end-tests/go.sum @@ -176,8 +176,8 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gruntwork-io/go-commons v0.17.2 h1:14dsCJ7M5Vv2X3BIPKeG9Kdy6vTMGhM8L4WZazxfTuY= github.com/gruntwork-io/go-commons v0.17.2/go.mod h1:zs7Q2AbUKuTarBPy19CIxJVUX/rBamfW8IwuWKniWkE= -github.com/gruntwork-io/terratest v0.48.2 h1:+VwfODchq8jxZZWD+s8gBlhD1z6/C4bFLNrhpm9ONrs= -github.com/gruntwork-io/terratest v0.48.2/go.mod h1:Y5ETyD4ZQ2MZhasPno272fWuCpKwvTPYDi8Y0tIMqTE= +github.com/gruntwork-io/terratest v0.50.0 h1:AbBJ7IRCpLZ9H4HBrjeoWESITv8nLjN6/f1riMNcAsw= +github.com/gruntwork-io/terratest v0.50.0/go.mod h1:see0lbKvAqz6rvzvN2wyfuFQQG4PWcAb2yHulF6B2q4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= diff --git a/tests/end-to-end-tests/managed_disk_backup_test.go b/tests/end-to-end-tests/managed_disk_backup_test.go index d628b8d..8053178 100644 --- a/tests/end-to-end-tests/managed_disk_backup_test.go +++ b/tests/end-to-end-tests/managed_disk_backup_test.go @@ -8,6 +8,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" @@ -19,6 +20,7 @@ type TestManagedDiskBackupExternalResources struct { ResourceGroup armresources.ResourceGroup ManagedDiskOne armcompute.Disk ManagedDiskTwo armcompute.Disk + LogAnalyticsWorkspace armoperationalinsights.Workspace } /* @@ -35,10 +37,14 @@ func setupExternalResourcesForManagedDiskBackupTest(t *testing.T, credential *az managedDiskTwoName := fmt.Sprintf("disk-%s-external-2", strings.ToLower(uniqueId)) managedDiskTwo := CreateManagedDisk(t, credential, subscriptionID, externalResourceGroupName, managedDiskTwoName, resourceGroupLocation, int32(1)) + logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId)) + logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation) + externalResources := &TestManagedDiskBackupExternalResources{ - ResourceGroup: resourceGroup, - ManagedDiskOne: managedDiskOne, - ManagedDiskTwo: managedDiskTwo, + ResourceGroup: resourceGroup, + ManagedDiskOne: managedDiskOne, + ManagedDiskTwo: managedDiskTwo, + LogAnalyticsWorkspace: logAnalyticsWorkspace, } return externalResources @@ -104,10 +110,11 @@ func TestManagedDiskBackup(t *testing.T) { TerraformDir: environment.TerraformFolder, Vars: map[string]interface{}{ - "resource_group_name": resourceGroupName, - "resource_group_location": resourceGroupLocation, - "backup_vault_name": backupVaultName, - "managed_disk_backups": managedDiskBackups, + "resource_group_name": resourceGroupName, + "resource_group_location": resourceGroupLocation, + "backup_vault_name": backupVaultName, + "managed_disk_backups": managedDiskBackups, + "log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID, }, BackendConfig: map[string]interface{}{ diff --git a/tests/end-to-end-tests/postgresql_flexible_server_backup_test.go b/tests/end-to-end-tests/postgresql_flexible_server_backup_test.go index 1168881..76e3032 100644 --- a/tests/end-to-end-tests/postgresql_flexible_server_backup_test.go +++ b/tests/end-to-end-tests/postgresql_flexible_server_backup_test.go @@ -7,6 +7,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresqlflexibleservers" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/gruntwork-io/terratest/modules/random" @@ -19,6 +20,7 @@ type TestPostgresqlFlexibleServerBackupExternalResources struct { ResourceGroup armresources.ResourceGroup PostgresqlFlexibleServerOne armpostgresqlflexibleservers.Server PostgresqlFlexibleServerTwo armpostgresqlflexibleservers.Server + LogAnalyticsWorkspace armoperationalinsights.Workspace } /* @@ -35,10 +37,14 @@ func setupExternalResourcesForPostgresqlFlexibleServerBackupTest(t *testing.T, c PostgresqlFlexibleServerTwoName := fmt.Sprintf("pgflexserver-%s-external-2", strings.ToLower(uniqueId)) PostgresqlFlexibleServerTwo := CreatePostgresqlFlexibleServer(t, credential, subscriptionID, externalResourceGroupName, PostgresqlFlexibleServerTwoName, resourceGroupLocation, int32(32)) + logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId)) + logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation) + externalResources := &TestPostgresqlFlexibleServerBackupExternalResources{ ResourceGroup: resourceGroup, PostgresqlFlexibleServerOne: PostgresqlFlexibleServerOne, PostgresqlFlexibleServerTwo: PostgresqlFlexibleServerTwo, + LogAnalyticsWorkspace: logAnalyticsWorkspace, } return externalResources @@ -102,6 +108,7 @@ func TestPostgresqlFlexibleServerBackup(t *testing.T) { "resource_group_location": resourceGroupLocation, "backup_vault_name": backupVaultName, "postgresql_flexible_server_backups": PostgresqlFlexibleServerBackups, + "log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID, }, BackendConfig: map[string]interface{}{ diff --git a/tests/end-to-end-tests/vault_immutability_test.go b/tests/end-to-end-tests/vault_immutability_test.go index 26810f7..788cc53 100644 --- a/tests/end-to-end-tests/vault_immutability_test.go +++ b/tests/end-to-end-tests/vault_immutability_test.go @@ -8,6 +8,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage" "github.com/gruntwork-io/terratest/modules/random" @@ -20,6 +21,7 @@ type TestVaultImmutabilityExternalResources struct { ResourceGroup armresources.ResourceGroup StorageAccount armstorage.Account StorageAccountContainer armstorage.BlobContainer + LogAnalyticsWorkspace armoperationalinsights.Workspace } /* @@ -34,10 +36,14 @@ func setupExternalResourcesForVaultImmutabilityTest(t *testing.T, credential *az storageAccount := CreateStorageAccount(t, credential, subscriptionID, externalResourceGroupName, storageAccountName, resourceGroupLocation) storageAccountContainer := CreateStorageAccountContainer(t, credential, subscriptionID, externalResourceGroupName, storageAccountName, "test-container") + logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId)) + logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation) + externalResources := &TestVaultImmutabilityExternalResources{ ResourceGroup: resourceGroup, StorageAccount: storageAccount, StorageAccountContainer: storageAccountContainer, + LogAnalyticsWorkspace: logAnalyticsWorkspace, } return externalResources @@ -91,11 +97,12 @@ func TestVaultImmutability(t *testing.T) { TerraformDir: environment.TerraformFolder, Vars: map[string]interface{}{ - "resource_group_name": resourceGroupName, - "resource_group_location": resourceGroupLocation, - "backup_vault_name": backupVaultName, - "backup_vault_immutability": backupVaultImmutability, - "blob_storage_backups": blobStorageBackups, + "resource_group_name": resourceGroupName, + "resource_group_location": resourceGroupLocation, + "backup_vault_name": backupVaultName, + "backup_vault_immutability": backupVaultImmutability, + "blob_storage_backups": blobStorageBackups, + "log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID, }, BackendConfig: map[string]interface{}{ diff --git a/tests/integration-tests/.terraform.lock.hcl b/tests/integration-tests/.terraform.lock.hcl index fccc261..eda0cbb 100644 --- a/tests/integration-tests/.terraform.lock.hcl +++ b/tests/integration-tests/.terraform.lock.hcl @@ -2,41 +2,41 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "4.35.0" + version = "4.37.0" constraints = ">= 4.18.0, < 5.0.0" hashes = [ - "h1:3zJsyLWItriZDhtx6kBkoy9UPcA9l5G4PKi4ZYxhsnA=", - "zh:05a7fac1291517527d272dd2e22a8b3223775d399dc608c8250435e63d437386", - "zh:3519dae43473cb5a82c026d664572859e2fc886fe2a54ecc59007186ef4aa166", - "zh:57cd9d04334d296a9af3aa54d776bc3b4709ecf5d511fee94dc7420a547364ab", - "zh:7d57cbd44ebf959fc496743b4e3587a51dd7546a687bab404dc3f5899d3ef764", - "zh:8c1e722c84aa8d769cdef0be933d6f096ff0ec8224eaf1ae2c7bdb93b0365c6f", - "zh:9519f72c937003ecc97a0a5a60c0ad1063dafa3d431cf04067bdc4b40ebfd023", - "zh:9bf108a2840ecfb3d2e76b1ac59d0d9bed418b1b28df8c2c5dd09e34cb1e3699", - "zh:b870884accad83c437a12a577933f378a21bb6663a6034a3fb219b4c1f4b9188", - "zh:cf3292dd535133afe16614ac84241065485d581ab67b4abf857db5bfbba7109e", - "zh:d48aa50227ca3701a16d2818b5d059c5f236344e3a90162fb930ecc6f136c9b0", - "zh:e63733db32189c1e849b5dbf7c10dd852f48ed4186c8af81240ee643d2df3425", + "h1:MfFA2dyXwJlMi4p7PBjQzyRDLm0vcpnVeMPedvUT6BE=", + "zh:10acb818823a0319215beb796af1a7a97820be5d40ec1779deb8c2bdb1cac6d0", + "zh:31cac8c98e4b8e1f44e33394e6ed375552aea204ef9ce2e8612719c5ebb8ffae", + "zh:32048bf10eec89819f73de86a478aced0101be9d480badad8dec31f65b65590a", + "zh:38236dfd5e28c4ceaf27b3a719deb40802159ceed810c667be3a42ee8bc384d8", + "zh:438cff6ac72117016975d47fadfdbccb33218274c6c74fd4ff4f1eea2ec18b6a", + "zh:7763f4d97b3f67e65e730023755db6b567644c0fab9a65e966c9a34fb4690a97", + "zh:799eca3363eda85a6f6678d47bf01cb48dcb9296ecd6165814eb696a9d9e2c7d", + "zh:8508771cedbaa651156a3726cda04e1f28443a46e3a7c72b4a9a7abbf671aed9", + "zh:96b016af4ebe0db58ba51e40dd419465b5152f98842d366a5b5b8835f2c7be58", + "zh:eb7d0efaaaef225b6e867e5cbd0514f39f0bc4e12e6c3cdfdb666776c5948995", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:ffa8d70d432894b7b023f50831490bd5db762c8f48d5f7607888aaa5d0da39e8", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.5.1" - constraints = "3.5.1" + version = "3.7.2" + constraints = "3.7.2" hashes = [ - "h1:3hjTP5tQBspPcFAJlfafnWrNrKnr7J4Cp0qB9jbqf30=", - "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", - "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", - "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831", - "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3", - "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f", + "h1:0hcNr59VEJbhZYwuDE/ysmyTS0evkfcLarlni+zATPM=", + "zh:14829603a32e4bc4d05062f059e545a91e27ff033756b48afbae6b3c835f508f", + "zh:1527fb07d9fea400d70e9e6eb4a2b918d5060d604749b6f1c361518e7da546dc", + "zh:1e86bcd7ebec85ba336b423ba1db046aeaa3c0e5f921039b3f1a6fc2f978feab", + "zh:24536dec8bde66753f4b4030b8f3ef43c196d69cccbea1c382d01b222478c7a3", + "zh:29f1786486759fad9b0ce4fdfbbfece9343ad47cd50119045075e05afe49d212", + "zh:4d701e978c2dd8604ba1ce962b047607701e65c078cb22e97171513e9e57491f", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b", - "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2", - "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865", - "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03", - "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602", - "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", + "zh:7b8434212eef0f8c83f5a90c6d76feaf850f6502b61b53c329e85b3b281cba34", + "zh:ac8a23c212258b7976e1621275e3af7099e7e4a3d4478cf8d5d2a27f3bc3e967", + "zh:b516ca74431f3df4c6cf90ddcdb4042c626e026317a33c53f0b445a3d93b720d", + "zh:dc76e4326aec2490c1600d6871a95e78f9050f9ce427c71707ea412a2f2f1a62", + "zh:eac7b63e86c749c7d48f527671c7aee5b4e26c10be6ad7232d6860167f99dbb0", ] } diff --git a/tests/integration-tests/azurerm/data.tfmock.hcl b/tests/integration-tests/azurerm/data.tfmock.hcl index 2d3f941..e1fd138 100644 --- a/tests/integration-tests/azurerm/data.tfmock.hcl +++ b/tests/integration-tests/azurerm/data.tfmock.hcl @@ -27,3 +27,9 @@ mock_resource "azurerm_data_protection_backup_policy_postgresql_flexible_server" id = "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.DataProtection/backupVaults/bvault-testvault/backupPolicies/bkpol-testvault-testpolicy" } } + +mock_resource "azurerm_log_analytics_workspace" { + defaults = { + id = "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.OperationalInsights/workspaces/law-testworkspace" + } +} diff --git a/tests/integration-tests/backup_modules_blob_storage.tftest.hcl b/tests/integration-tests/backup_modules_blob_storage.tftest.hcl index 00d3b4a..58c1281 100644 --- a/tests/integration-tests/backup_modules_blob_storage.tftest.hcl +++ b/tests/integration-tests/backup_modules_blob_storage.tftest.hcl @@ -16,10 +16,11 @@ run "create_blob_storage_backup" { } variables { - resource_group_name = run.setup_tests.resource_group_name - resource_group_location = "uksouth" - backup_vault_name = run.setup_tests.backup_vault_name - tags = run.setup_tests.tags + resource_group_name = run.setup_tests.resource_group_name + resource_group_location = "uksouth" + backup_vault_name = run.setup_tests.backup_vault_name + tags = run.setup_tests.tags + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id blob_storage_backups = { backup1 = { backup_name = "storage1" @@ -175,6 +176,7 @@ run "validate_retention_period" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags blob_storage_backups = { backup1 = { @@ -204,6 +206,7 @@ run "validate_retention_period_with_extended_retention" { resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name tags = run.setup_tests.tags + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id use_extended_retention = true blob_storage_backups = { backup1 = { @@ -233,6 +236,7 @@ run "validate_backup_intervals" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags blob_storage_backups = { backup1 = { @@ -261,6 +265,7 @@ run "validate_storage_account_containers" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags blob_storage_backups = { backup1 = { diff --git a/tests/integration-tests/backup_modules_managed_disk.tftest.hcl b/tests/integration-tests/backup_modules_managed_disk.tftest.hcl index 47bd360..74a8ee1 100644 --- a/tests/integration-tests/backup_modules_managed_disk.tftest.hcl +++ b/tests/integration-tests/backup_modules_managed_disk.tftest.hcl @@ -16,10 +16,11 @@ run "create_managed_disk_backup" { } variables { - resource_group_name = run.setup_tests.resource_group_name - resource_group_location = "uksouth" - backup_vault_name = run.setup_tests.backup_vault_name - tags = run.setup_tests.tags + resource_group_name = run.setup_tests.resource_group_name + resource_group_location = "uksouth" + backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id + tags = run.setup_tests.tags managed_disk_backups = { backup1 = { backup_name = "disk1" @@ -181,6 +182,7 @@ run "validate_retention_period" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags managed_disk_backups = { backup1 = { @@ -212,6 +214,7 @@ run "validate_retention_period_with_extended_retention" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags use_extended_retention = true managed_disk_backups = { @@ -245,6 +248,7 @@ run "validate_backup_intervals" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags managed_disk_backups = { backup1 = { diff --git a/tests/integration-tests/backup_modules_postgresql_flexible_server.tftest.hcl b/tests/integration-tests/backup_modules_postgresql_flexible_server.tftest.hcl index bec91db..7175533 100644 --- a/tests/integration-tests/backup_modules_postgresql_flexible_server.tftest.hcl +++ b/tests/integration-tests/backup_modules_postgresql_flexible_server.tftest.hcl @@ -16,10 +16,11 @@ run "create_postgresql_flexible_server_backup" { } variables { - resource_group_name = run.setup_tests.resource_group_name - resource_group_location = "uksouth" - backup_vault_name = run.setup_tests.backup_vault_name - tags = run.setup_tests.tags + resource_group_name = run.setup_tests.resource_group_name + resource_group_location = "uksouth" + backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id + tags = run.setup_tests.tags postgresql_flexible_server_backups = { backup1 = { backup_name = "server1" @@ -165,6 +166,7 @@ run "validate_retention_period" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags postgresql_flexible_server_backups = { backup1 = { @@ -193,6 +195,7 @@ run "validate_retention_period_with_extended_retention" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags use_extended_retention = true postgresql_flexible_server_backups = { @@ -223,6 +226,7 @@ run "validate_backup_intervals" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags postgresql_flexible_server_backups = { backup1 = { diff --git a/tests/integration-tests/backup_vault.tftest.hcl b/tests/integration-tests/backup_vault.tftest.hcl index aaf4baa..a5b16a0 100644 --- a/tests/integration-tests/backup_vault.tftest.hcl +++ b/tests/integration-tests/backup_vault.tftest.hcl @@ -16,12 +16,13 @@ run "create_backup_vault" { } variables { - resource_group_name = run.setup_tests.resource_group_name - resource_group_location = "uksouth" - backup_vault_name = run.setup_tests.backup_vault_name - backup_vault_redundancy = "LocallyRedundant" - backup_vault_immutability = "Unlocked" - tags = run.setup_tests.tags + resource_group_name = run.setup_tests.resource_group_name + resource_group_location = "uksouth" + backup_vault_name = run.setup_tests.backup_vault_name + backup_vault_redundancy = "LocallyRedundant" + backup_vault_immutability = "Unlocked" + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id + tags = run.setup_tests.tags } assert { @@ -89,62 +90,42 @@ run "configure_vault_diagnostics_when_enabled" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name - log_analytics_workspace_id = "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.OperationalInsights/workspaces/workspace1" + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags } assert { - condition = length(azurerm_monitor_diagnostic_setting.backup_vault) == 1 + condition = azurerm_monitor_diagnostic_setting.backup_vault != null error_message = "Backup vault diagnostic settings not as expected." } assert { - condition = azurerm_monitor_diagnostic_setting.backup_vault[0].target_resource_id == azurerm_data_protection_backup_vault.backup_vault.id + condition = azurerm_monitor_diagnostic_setting.backup_vault.target_resource_id == azurerm_data_protection_backup_vault.backup_vault.id error_message = "Backup vault diagnostic setting target resource id not as expected." } assert { - condition = length(azurerm_monitor_diagnostic_setting.backup_vault[0].log_analytics_workspace_id) > 0 + condition = length(azurerm_monitor_diagnostic_setting.backup_vault.log_analytics_workspace_id) > 0 error_message = "Backup vault diagnostic setting log analytics workspace id not as expected." } assert { - condition = length(azurerm_monitor_diagnostic_setting.backup_vault[0].enabled_log) == length(local.backup_vault_diagnostics_log_categories) + condition = length(azurerm_monitor_diagnostic_setting.backup_vault.enabled_log) == length(local.backup_vault_diagnostics_log_categories) error_message = "Backup vault diagnostic setting enabled logs not as expected." } assert { - condition = alltrue([for enabled_log in azurerm_monitor_diagnostic_setting.backup_vault[0].enabled_log : contains(local.backup_vault_diagnostics_log_categories, enabled_log.category)]) + condition = alltrue([for enabled_log in azurerm_monitor_diagnostic_setting.backup_vault.enabled_log : contains(local.backup_vault_diagnostics_log_categories, enabled_log.category)]) error_message = "Backup vault diagnostic setting enabled logs not as expected." } assert { - condition = length(azurerm_monitor_diagnostic_setting.backup_vault[0].enabled_metric) == length(local.backup_vault_diagnostics_metric_categories) + condition = length(azurerm_monitor_diagnostic_setting.backup_vault.enabled_metric) == length(local.backup_vault_diagnostics_metric_categories) error_message = "Backup vault diagnostic setting metrics not as expected." } assert { - condition = alltrue([for metric in azurerm_monitor_diagnostic_setting.backup_vault[0].enabled_metric : contains(local.backup_vault_diagnostics_metric_categories, metric.category)]) + condition = alltrue([for metric in azurerm_monitor_diagnostic_setting.backup_vault.enabled_metric : contains(local.backup_vault_diagnostics_metric_categories, metric.category)]) error_message = "Backup vault diagnostic setting metrics not as expected." } } - -run "configure_vault_diagnostics_when_disabled" { - command = apply - - module { - source = "../../infrastructure" - } - - variables { - resource_group_name = run.setup_tests.resource_group_name - resource_group_location = "uksouth" - backup_vault_name = run.setup_tests.backup_vault_name - tags = run.setup_tests.tags - } - - assert { - condition = length(azurerm_monitor_diagnostic_setting.backup_vault) == 0 - error_message = "Backup vault diagnostic settings not as expected." - } -} diff --git a/tests/integration-tests/resource_group.tftest.hcl b/tests/integration-tests/resource_group.tftest.hcl index 143f4a1..fd782a1 100644 --- a/tests/integration-tests/resource_group.tftest.hcl +++ b/tests/integration-tests/resource_group.tftest.hcl @@ -16,10 +16,11 @@ run "create_resource_group" { } variables { - resource_group_name = run.setup_tests.resource_group_name - resource_group_location = "uksouth" - backup_vault_name = run.setup_tests.backup_vault_name - tags = run.setup_tests.tags + resource_group_name = run.setup_tests.resource_group_name + resource_group_location = "uksouth" + backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id + tags = run.setup_tests.tags } assert { diff --git a/tests/integration-tests/setup/main.tf b/tests/integration-tests/setup/main.tf index 4dddade..621e2d7 100644 --- a/tests/integration-tests/setup/main.tf +++ b/tests/integration-tests/setup/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { random = { source = "hashicorp/random" - version = "3.5.1" + version = "3.7.2" } } } @@ -26,3 +26,7 @@ output "tags" { tagThree = "tagThreeValue" } } + +output "log_analytics_workspace_id" { + value = "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.OperationalInsights/workspaces/law-testworkspace" +}