Make Log Analytics Workspace ID mandatory

.github/workflows/ci-pipeline.yaml

@@ -11,6 +11,7 @@ on:
     branches:
       - main
   pull_request:
+  workflow_dispatch:
 
 jobs:
   build-verification:

.releaserc

@@ -3,14 +3,30 @@
     "main"
   ],
   "plugins": [
-    "@semantic-release/commit-analyzer", 
-    "@semantic-release/release-notes-generator", 
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
     "@semantic-release/github"
   ],
   "releaseRules": [
-    { "breaking": true, "release": "major" },
-    { "revert": true, "release": "patch" },
-    { "type": "feat", "release": "minor" },
-    { "message": "*", "release": "patch" }
+    {
+      "breaking": true,
+      "release": "major"
+    },
+    {
+      "revert": true,
+      "release": "patch"
+    },
+    {
+      "type": "feat",
+      "release": "minor"
+    },
+    {
+      "message": "*",
+      "release": "patch"
+    },
+    {
+      "type": "*",
+      "release": "patch"
+    }
   ]
-}
+}

docs/usage.md

@@ -134,7 +134,7 @@ module "my_backup" {
 | `backup_vault_name` | The name of the backup vault. The value supplied will be automatically prefixed with `rg-nhsbackup-`. If more than one az-backup module is created, this value must be unique across them. | Yes | n/a |
 | `backup_vault_redundancy` | The redundancy of the vault, e.g. `GeoRedundant`. [See the following link for the possible values.](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_vault#redundancy) | No | `LocallyRedundant` |
 | `backup_vault_immutability` | The immutability of the vault, e.g. `Locked`. [See the following link for the possible values.](https://learn.microsoft.com/en-us/azure/templates/microsoft.dataprotection/backupvaults?pivots=deployment-language-terraform#immutabilitysettings-2) | No | `Disabled` |
-| `log_analytics_workspace_id` | The id of the log analytics workspace that backup telemetry and diagnostics should be sent to. When no value is provided then diagnostics will not be sent anywhere. | No | n/a |
+| `log_analytics_workspace_id` | The id of the log analytics workspace that backup telemetry and diagnostics will be sent to. | Yes | n/a |
 | `tags` | A map of tags which will be applied to the resource group and backup vault. When no tags are specified then no tags are added. NOTE when using an externally managed resource group the tags will not be applied to it (they will still be applied to the backup vault). | No | n/a |
 | `use_extended_retention` | If set to true, then the backup retention periods can be set to anything, otherwise they are limited to 7 days. | No | `false` |
 | `blob_storage_backups` | A map of blob storage backups that should be created. For each backup the following values should be provided: `storage_account_id`, `backup_name` and `retention_period`. When no value is provided then no backups are created. | No | n/a |

infrastructure/backup_vault.tf

@@ -27,7 +27,6 @@ locals {
 }
 
 resource "azurerm_monitor_diagnostic_setting" "backup_vault" {
-  count                      = length(var.log_analytics_workspace_id) > 0 ? 1 : 0
   name                       = "${var.backup_vault_name}-diagnostic-settings"
   target_resource_id         = azurerm_data_protection_backup_vault.backup_vault.id
   log_analytics_workspace_id = var.log_analytics_workspace_id

infrastructure/variables.tf

@@ -40,7 +40,6 @@ variable "backup_vault_immutability" {
 variable "log_analytics_workspace_id" {
   description = "The id of the log analytics workspace to use for backup vault diagnostic settings"
   type        = string
-  default     = ""
 }
 
 variable "tags" {

tests/end-to-end-tests/blob_storage_backup_test.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
 	"github.com/gruntwork-io/terratest/modules/random"
@@ -21,6 +22,7 @@ type TestBlobStorageBackupExternalResources struct {
 	StorageAccountOneContainer armstorage.BlobContainer
 	StorageAccountTwo          armstorage.Account
 	StorageAccountTwoContainer armstorage.BlobContainer
+	LogAnalyticsWorkspace      armoperationalinsights.Workspace
 }
 
 /*
@@ -39,12 +41,16 @@ func setupExternalResourcesForBlobStorageBackupTest(t *testing.T, credential *az
 	storageAccountTwo := CreateStorageAccount(t, credential, subscriptionID, externalResourceGroupName, storageAccountTwoName, resourceGroupLocation)
 	storageAccountTwoContainer := CreateStorageAccountContainer(t, credential, subscriptionID, externalResourceGroupName, storageAccountTwoName, "test-container")
 
+	logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId))
+	logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation)
+
 	externalResources := &TestBlobStorageBackupExternalResources{
 		ResourceGroup:              resourceGroup,
 		StorageAccountOne:          storageAccountOne,
 		StorageAccountOneContainer: storageAccountOneContainer,
 		StorageAccountTwo:          storageAccountTwo,
 		StorageAccountTwoContainer: storageAccountTwoContainer,
+		LogAnalyticsWorkspace:      logAnalyticsWorkspace,
 	}
 
 	return externalResources
@@ -104,10 +110,11 @@ func TestBlobStorageBackup(t *testing.T) {
 			TerraformDir: environment.TerraformFolder,
 
 			Vars: map[string]interface{}{
-				"resource_group_name":     resourceGroupName,
-				"resource_group_location": resourceGroupLocation,
-				"backup_vault_name":       backupVaultName,
-				"blob_storage_backups":    blobStorageBackups,
+				"resource_group_name":        resourceGroupName,
+				"resource_group_location":    resourceGroupLocation,
+				"backup_vault_name":          backupVaultName,
+				"blob_storage_backups":       blobStorageBackups,
+				"log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID,
 			},
 
 			BackendConfig: map[string]interface{}{

tests/end-to-end-tests/existing_resource_group_test.go

@@ -2,6 +2,7 @@ package e2e_tests
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
@@ -10,20 +11,26 @@ import (
 	"github.com/gruntwork-io/terratest/modules/terraform"
 	test_structure "github.com/gruntwork-io/terratest/modules/test-structure"
 	"github.com/stretchr/testify/assert"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights"
 )
 
 type TestExistingResourceGroupExternalResources struct {
-	ResourceGroup armresources.ResourceGroup
+	ResourceGroup         armresources.ResourceGroup
+	LogAnalyticsWorkspace armoperationalinsights.Workspace
 }
 
 /*
  * Creates resources which are "external" to the az-backup module.
  */
-func setupExternalResourcesForExistingResourceGroupTest(t *testing.T, credential *azidentity.ClientSecretCredential, subscriptionID string, resourceGroupName string, resourceGroupLocation string) *TestExistingResourceGroupExternalResources {
+func setupExternalResourcesForExistingResourceGroupTest(t *testing.T, credential *azidentity.ClientSecretCredential, subscriptionID string, resourceGroupName string, resourceGroupLocation string, uniqueId string) *TestExistingResourceGroupExternalResources {
 	resourceGroup := CreateResourceGroup(t, credential, subscriptionID, resourceGroupName, resourceGroupLocation)
 
+	logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId))
+	logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, resourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation)
+
 	externalResources := &TestExistingResourceGroupExternalResources{
-		ResourceGroup: resourceGroup,
+		ResourceGroup:         resourceGroup,
+		LogAnalyticsWorkspace: logAnalyticsWorkspace,
 	}
 
 	return externalResources
@@ -43,7 +50,7 @@ func TestExistingResourceGroup(t *testing.T) {
 	resourceGroupLocation := "uksouth"
 	backupVaultName := fmt.Sprintf("bvault-nhsbackup-%s", uniqueId)
 
-	externalResources := setupExternalResourcesForExistingResourceGroupTest(t, credential, environment.SubscriptionID, resourceGroupName, resourceGroupLocation)
+	externalResources := setupExternalResourcesForExistingResourceGroupTest(t, credential, environment.SubscriptionID, resourceGroupName, resourceGroupLocation, uniqueId)
 
 	// Teardown stage
 	// ...
@@ -64,10 +71,11 @@ func TestExistingResourceGroup(t *testing.T) {
 			TerraformDir: environment.TerraformFolder,
 
 			Vars: map[string]interface{}{
-				"resource_group_name":     resourceGroupName,
-				"resource_group_location": resourceGroupLocation,
-				"create_resource_group":   false,
-				"backup_vault_name":       backupVaultName,
+				"resource_group_name":        resourceGroupName,
+				"resource_group_location":    resourceGroupLocation,
+				"create_resource_group":      false,
+				"backup_vault_name":          backupVaultName,
+				"log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID,
 			},
 
 			BackendConfig: map[string]interface{}{

tests/end-to-end-tests/go.mod

@@ -17,7 +17,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.8.1
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.2
 	github.com/gruntwork-io/go-commons v0.17.2
-	github.com/gruntwork-io/terratest v0.48.2
+	github.com/gruntwork-io/terratest v0.50.0
 	github.com/stretchr/testify v1.10.0
 )
 

tests/end-to-end-tests/go.sum

@@ -176,8 +176,8 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gruntwork-io/go-commons v0.17.2 h1:14dsCJ7M5Vv2X3BIPKeG9Kdy6vTMGhM8L4WZazxfTuY=
 github.com/gruntwork-io/go-commons v0.17.2/go.mod h1:zs7Q2AbUKuTarBPy19CIxJVUX/rBamfW8IwuWKniWkE=
-github.com/gruntwork-io/terratest v0.48.2 h1:+VwfODchq8jxZZWD+s8gBlhD1z6/C4bFLNrhpm9ONrs=
-github.com/gruntwork-io/terratest v0.48.2/go.mod h1:Y5ETyD4ZQ2MZhasPno272fWuCpKwvTPYDi8Y0tIMqTE=
+github.com/gruntwork-io/terratest v0.50.0 h1:AbBJ7IRCpLZ9H4HBrjeoWESITv8nLjN6/f1riMNcAsw=
+github.com/gruntwork-io/terratest v0.50.0/go.mod h1:see0lbKvAqz6rvzvN2wyfuFQQG4PWcAb2yHulF6B2q4=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=

tests/end-to-end-tests/managed_disk_backup_test.go

@@ -8,6 +8,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/gruntwork-io/terratest/modules/terraform"
@@ -19,6 +20,7 @@ type TestManagedDiskBackupExternalResources struct {
 	ResourceGroup  armresources.ResourceGroup
 	ManagedDiskOne armcompute.Disk
 	ManagedDiskTwo armcompute.Disk
+	LogAnalyticsWorkspace armoperationalinsights.Workspace
 }
 
 /*
@@ -35,10 +37,14 @@ func setupExternalResourcesForManagedDiskBackupTest(t *testing.T, credential *az
 	managedDiskTwoName := fmt.Sprintf("disk-%s-external-2", strings.ToLower(uniqueId))
 	managedDiskTwo := CreateManagedDisk(t, credential, subscriptionID, externalResourceGroupName, managedDiskTwoName, resourceGroupLocation, int32(1))
 
+	logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId))
+	logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation)
+
 	externalResources := &TestManagedDiskBackupExternalResources{
-		ResourceGroup:  resourceGroup,
-		ManagedDiskOne: managedDiskOne,
-		ManagedDiskTwo: managedDiskTwo,
+		ResourceGroup:         resourceGroup,
+		ManagedDiskOne:        managedDiskOne,
+		ManagedDiskTwo:        managedDiskTwo,
+		LogAnalyticsWorkspace: logAnalyticsWorkspace,
 	}
 
 	return externalResources
@@ -104,10 +110,11 @@ func TestManagedDiskBackup(t *testing.T) {
 			TerraformDir: environment.TerraformFolder,
 
 			Vars: map[string]interface{}{
-				"resource_group_name":     resourceGroupName,
-				"resource_group_location": resourceGroupLocation,
-				"backup_vault_name":       backupVaultName,
-				"managed_disk_backups":    managedDiskBackups,
+				"resource_group_name":        resourceGroupName,
+				"resource_group_location":    resourceGroupLocation,
+				"backup_vault_name":          backupVaultName,
+				"managed_disk_backups":       managedDiskBackups,
+				"log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID,
 			},
 
 			BackendConfig: map[string]interface{}{

tests/end-to-end-tests/postgresql_flexible_server_backup_test.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresqlflexibleservers"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
 	"github.com/gruntwork-io/terratest/modules/random"
@@ -19,6 +20,7 @@ type TestPostgresqlFlexibleServerBackupExternalResources struct {
 	ResourceGroup               armresources.ResourceGroup
 	PostgresqlFlexibleServerOne armpostgresqlflexibleservers.Server
 	PostgresqlFlexibleServerTwo armpostgresqlflexibleservers.Server
+	LogAnalyticsWorkspace armoperationalinsights.Workspace
 }
 
 /*
@@ -35,10 +37,14 @@ func setupExternalResourcesForPostgresqlFlexibleServerBackupTest(t *testing.T, c
 	PostgresqlFlexibleServerTwoName := fmt.Sprintf("pgflexserver-%s-external-2", strings.ToLower(uniqueId))
 	PostgresqlFlexibleServerTwo := CreatePostgresqlFlexibleServer(t, credential, subscriptionID, externalResourceGroupName, PostgresqlFlexibleServerTwoName, resourceGroupLocation, int32(32))
 
+	logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId))
+	logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation)
+
 	externalResources := &TestPostgresqlFlexibleServerBackupExternalResources{
 		ResourceGroup:               resourceGroup,
 		PostgresqlFlexibleServerOne: PostgresqlFlexibleServerOne,
 		PostgresqlFlexibleServerTwo: PostgresqlFlexibleServerTwo,
+		LogAnalyticsWorkspace:       logAnalyticsWorkspace,
 	}
 
 	return externalResources
@@ -102,6 +108,7 @@ func TestPostgresqlFlexibleServerBackup(t *testing.T) {
 				"resource_group_location":            resourceGroupLocation,
 				"backup_vault_name":                  backupVaultName,
 				"postgresql_flexible_server_backups": PostgresqlFlexibleServerBackups,
+				"log_analytics_workspace_id":         *externalResources.LogAnalyticsWorkspace.ID,
 			},
 
 			BackendConfig: map[string]interface{}{

tests/end-to-end-tests/vault_immutability_test.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
 	"github.com/gruntwork-io/terratest/modules/random"
@@ -20,6 +21,7 @@ type TestVaultImmutabilityExternalResources struct {
 	ResourceGroup           armresources.ResourceGroup
 	StorageAccount          armstorage.Account
 	StorageAccountContainer armstorage.BlobContainer
+	LogAnalyticsWorkspace   armoperationalinsights.Workspace
 }
 
 /*
@@ -34,10 +36,14 @@ func setupExternalResourcesForVaultImmutabilityTest(t *testing.T, credential *az
 	storageAccount := CreateStorageAccount(t, credential, subscriptionID, externalResourceGroupName, storageAccountName, resourceGroupLocation)
 	storageAccountContainer := CreateStorageAccountContainer(t, credential, subscriptionID, externalResourceGroupName, storageAccountName, "test-container")
 
+	logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId))
+	logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation)
+
 	externalResources := &TestVaultImmutabilityExternalResources{
 		ResourceGroup:           resourceGroup,
 		StorageAccount:          storageAccount,
 		StorageAccountContainer: storageAccountContainer,
+		LogAnalyticsWorkspace:   logAnalyticsWorkspace,
 	}
 
 	return externalResources
@@ -91,11 +97,12 @@ func TestVaultImmutability(t *testing.T) {
 			TerraformDir: environment.TerraformFolder,
 
 			Vars: map[string]interface{}{
-				"resource_group_name":       resourceGroupName,
-				"resource_group_location":   resourceGroupLocation,
-				"backup_vault_name":         backupVaultName,
-				"backup_vault_immutability": backupVaultImmutability,
-				"blob_storage_backups":      blobStorageBackups,
+				"resource_group_name":        resourceGroupName,
+				"resource_group_location":    resourceGroupLocation,
+				"backup_vault_name":          backupVaultName,
+				"backup_vault_immutability":  backupVaultImmutability,
+				"blob_storage_backups":       blobStorageBackups,
+				"log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID,
 			},
 
 			BackendConfig: map[string]interface{}{