diff --git a/docs/usage.md b/docs/usage.md index 67eee3e..373813a 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -134,7 +134,7 @@ module "my_backup" { | `backup_vault_name` | The name of the backup vault. The value supplied will be automatically prefixed with `rg-nhsbackup-`. If more than one az-backup module is created, this value must be unique across them. | Yes | n/a | | `backup_vault_redundancy` | The redundancy of the vault, e.g. `GeoRedundant`. [See the following link for the possible values.](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_vault#redundancy) | No | `LocallyRedundant` | | `backup_vault_immutability` | The immutability of the vault, e.g. `Locked`. [See the following link for the possible values.](https://learn.microsoft.com/en-us/azure/templates/microsoft.dataprotection/backupvaults?pivots=deployment-language-terraform#immutabilitysettings-2) | No | `Disabled` | -| `log_analytics_workspace_id` | The id of the log analytics workspace that backup telemetry and diagnostics should be sent to. When no value is provided then diagnostics will not be sent anywhere. | No | n/a | +| `log_analytics_workspace_id` | The id of the log analytics workspace that backup telemetry and diagnostics will be sent to. | Yes | n/a | | `tags` | A map of tags which will be applied to the resource group and backup vault. When no tags are specified then no tags are added. NOTE when using an externally managed resource group the tags will not be applied to it (they will still be applied to the backup vault). | No | n/a | | `use_extended_retention` | If set to true, then the backup retention periods can be set to anything, otherwise they are limited to 7 days. | No | `false` | | `blob_storage_backups` | A map of blob storage backups that should be created. For each backup the following values should be provided: `storage_account_id`, `backup_name` and `retention_period`. When no value is provided then no backups are created. | No | n/a | diff --git a/infrastructure/backup_vault.tf b/infrastructure/backup_vault.tf index d599c25..538a5af 100644 --- a/infrastructure/backup_vault.tf +++ b/infrastructure/backup_vault.tf @@ -27,7 +27,6 @@ locals { } resource "azurerm_monitor_diagnostic_setting" "backup_vault" { - count = length(var.log_analytics_workspace_id) > 0 ? 1 : 0 name = "${var.backup_vault_name}-diagnostic-settings" target_resource_id = azurerm_data_protection_backup_vault.backup_vault.id log_analytics_workspace_id = var.log_analytics_workspace_id diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf index 93a306f..78372a2 100644 --- a/infrastructure/variables.tf +++ b/infrastructure/variables.tf @@ -40,7 +40,6 @@ variable "backup_vault_immutability" { variable "log_analytics_workspace_id" { description = "The id of the log analytics workspace to use for backup vault diagnostic settings" type = string - default = "" } variable "tags" { diff --git a/tests/end-to-end-tests/basic_deployment_test.go b/tests/end-to-end-tests/basic_deployment_test.go index 0936d39..7d217bc 100644 --- a/tests/end-to-end-tests/basic_deployment_test.go +++ b/tests/end-to-end-tests/basic_deployment_test.go @@ -2,15 +2,40 @@ package e2e_tests import ( "fmt" + "strings" "testing" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" test_structure "github.com/gruntwork-io/terratest/modules/test-structure" "github.com/stretchr/testify/assert" ) +type BasicDeploymentTestExternalResources struct { + ResourceGroup armresources.ResourceGroup + LogAnalyticsWorkspace armoperationalinsights.Workspace +} + +/* + * Creates resources which are "external" to the az-backup module, and models + * what would be backed up in a real scenario. + */ +func setupExternalResourcesForBasicDeploymentTest(t *testing.T, credential *azidentity.ClientSecretCredential, subscriptionID string, resourceGroupName string, resourceGroupLocation string, uniqueId string) *BasicDeploymentTestExternalResources { + + logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId)) + logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, resourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation) + + externalResources := &BasicDeploymentTestExternalResources{ + LogAnalyticsWorkspace: logAnalyticsWorkspace, + } + + return externalResources +} + /* * TestBasicDeployment tests the basic deployment of the infrastructure using Terraform. */ @@ -26,6 +51,8 @@ func TestBasicDeployment(t *testing.T) { backupVaultName := fmt.Sprintf("bvault-nhsbackup-%s", uniqueId) backupVaultRedundancy := "LocallyRedundant" + externalResources := setupExternalResourcesForBasicDeploymentTest(t, credential, environment.SubscriptionID, resourceGroupName, resourceGroupLocation, uniqueId) + tags := map[string]string{ "tagOne": "tagOneValue", "tagTwo": "tagTwoValue", @@ -54,6 +81,7 @@ func TestBasicDeployment(t *testing.T) { "backup_vault_name": backupVaultName, "backup_vault_redundancy": backupVaultRedundancy, "tags": tags, + "log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID, }, BackendConfig: map[string]interface{}{ @@ -106,5 +134,9 @@ func TestBasicDeployment(t *testing.T) { assert.True(t, exists, "Tag %s does not exist", key) assert.Equal(t, expectedValue, *value, "Tag %s value does not match", key) } + + // Validate log analytics workspace + logAnalyticsWorkspace := GetLogAnalyticsWorkspace(t, credential, environment.SubscriptionID, resourceGroupName, *externalResources.LogAnalyticsWorkspace.Name) + assert.NotNil(t, logAnalyticsWorkspace, "Log Analytics Workspace does not exist") }) } diff --git a/tests/end-to-end-tests/blob_storage_backup_test.go b/tests/end-to-end-tests/blob_storage_backup_test.go index 899259a..1c5fd01 100644 --- a/tests/end-to-end-tests/blob_storage_backup_test.go +++ b/tests/end-to-end-tests/blob_storage_backup_test.go @@ -7,6 +7,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage" "github.com/gruntwork-io/terratest/modules/random" @@ -21,6 +22,7 @@ type TestBlobStorageBackupExternalResources struct { StorageAccountOneContainer armstorage.BlobContainer StorageAccountTwo armstorage.Account StorageAccountTwoContainer armstorage.BlobContainer + LogAnalyticsWorkspace armoperationalinsights.Workspace } /* @@ -39,12 +41,16 @@ func setupExternalResourcesForBlobStorageBackupTest(t *testing.T, credential *az storageAccountTwo := CreateStorageAccount(t, credential, subscriptionID, externalResourceGroupName, storageAccountTwoName, resourceGroupLocation) storageAccountTwoContainer := CreateStorageAccountContainer(t, credential, subscriptionID, externalResourceGroupName, storageAccountTwoName, "test-container") + logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId)) + logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation) + externalResources := &TestBlobStorageBackupExternalResources{ ResourceGroup: resourceGroup, StorageAccountOne: storageAccountOne, StorageAccountOneContainer: storageAccountOneContainer, StorageAccountTwo: storageAccountTwo, StorageAccountTwoContainer: storageAccountTwoContainer, + LogAnalyticsWorkspace: logAnalyticsWorkspace, } return externalResources @@ -104,10 +110,11 @@ func TestBlobStorageBackup(t *testing.T) { TerraformDir: environment.TerraformFolder, Vars: map[string]interface{}{ - "resource_group_name": resourceGroupName, - "resource_group_location": resourceGroupLocation, - "backup_vault_name": backupVaultName, - "blob_storage_backups": blobStorageBackups, + "resource_group_name": resourceGroupName, + "resource_group_location": resourceGroupLocation, + "backup_vault_name": backupVaultName, + "blob_storage_backups": blobStorageBackups, + "log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID, }, BackendConfig: map[string]interface{}{ @@ -132,6 +139,10 @@ func TestBlobStorageBackup(t *testing.T) { backupPolicies := GetBackupPolicies(t, credential, environment.SubscriptionID, resourceGroupName, backupVaultName) backupInstances := GetBackupInstances(t, credential, environment.SubscriptionID, resourceGroupName, backupVaultName) + // Validate log analytics workspace + logAnalyticsWorkspace := GetLogAnalyticsWorkspace(t, credential, environment.SubscriptionID, resourceGroupName, *externalResources.LogAnalyticsWorkspace.Name) + assert.NotNil(t, logAnalyticsWorkspace, "Log Analytics Workspace does not exist") + assert.Equal(t, len(blobStorageBackups), len(backupPolicies), "Expected to find %2 backup policies in vault", len(blobStorageBackups)) assert.Equal(t, len(blobStorageBackups), len(backupInstances), "Expected to find %2 backup instances in vault", len(blobStorageBackups)) diff --git a/tests/end-to-end-tests/diagnostic_settings_test.go b/tests/end-to-end-tests/diagnostic_settings_test.go index 57a7e13..3c54809 100644 --- a/tests/end-to-end-tests/diagnostic_settings_test.go +++ b/tests/end-to-end-tests/diagnostic_settings_test.go @@ -114,6 +114,10 @@ func TestDiagnosticSettings(t *testing.T) { backupVault := GetBackupVault(t, credential, environment.SubscriptionID, resourceGroupName, backupVaultName) diagnosticSettings := GetDiagnosticSettings(t, credential, *backupVault.ID, *backupVault.Name) + // Validate log analytics workspace + logAnalyticsWorkspace := GetLogAnalyticsWorkspace(t, credential, environment.SubscriptionID, resourceGroupName, *externalResources.LogAnalyticsWorkspace.Name) + assert.NotNil(t, logAnalyticsWorkspace, "Log Analytics Workspace does not exist") + assert.Equal(t, len(diagnosticSettings.Properties.Logs), len(expectedLogCategories), "Expected to find %2 log categories in diagnostic settings", len(expectedLogCategories)) assert.Equal(t, len(diagnosticSettings.Properties.Metrics), len(expectedMetricCategories), "Expected to find %2 metric categories in diagnostic settings", len(expectedMetricCategories)) diff --git a/tests/end-to-end-tests/existing_resource_group_test.go b/tests/end-to-end-tests/existing_resource_group_test.go index e2feca0..70a53a6 100644 --- a/tests/end-to-end-tests/existing_resource_group_test.go +++ b/tests/end-to-end-tests/existing_resource_group_test.go @@ -2,6 +2,7 @@ package e2e_tests import ( "fmt" + "strings" "testing" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" @@ -10,20 +11,26 @@ import ( "github.com/gruntwork-io/terratest/modules/terraform" test_structure "github.com/gruntwork-io/terratest/modules/test-structure" "github.com/stretchr/testify/assert" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights" ) type TestExistingResourceGroupExternalResources struct { - ResourceGroup armresources.ResourceGroup + ResourceGroup armresources.ResourceGroup + LogAnalyticsWorkspace armoperationalinsights.Workspace } /* * Creates resources which are "external" to the az-backup module. */ -func setupExternalResourcesForExistingResourceGroupTest(t *testing.T, credential *azidentity.ClientSecretCredential, subscriptionID string, resourceGroupName string, resourceGroupLocation string) *TestExistingResourceGroupExternalResources { +func setupExternalResourcesForExistingResourceGroupTest(t *testing.T, credential *azidentity.ClientSecretCredential, subscriptionID string, resourceGroupName string, resourceGroupLocation string, uniqueId string) *TestExistingResourceGroupExternalResources { resourceGroup := CreateResourceGroup(t, credential, subscriptionID, resourceGroupName, resourceGroupLocation) + logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId)) + logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, resourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation) + externalResources := &TestExistingResourceGroupExternalResources{ - ResourceGroup: resourceGroup, + ResourceGroup: resourceGroup, + LogAnalyticsWorkspace: logAnalyticsWorkspace, } return externalResources @@ -43,7 +50,7 @@ func TestExistingResourceGroup(t *testing.T) { resourceGroupLocation := "uksouth" backupVaultName := fmt.Sprintf("bvault-nhsbackup-%s", uniqueId) - externalResources := setupExternalResourcesForExistingResourceGroupTest(t, credential, environment.SubscriptionID, resourceGroupName, resourceGroupLocation) + externalResources := setupExternalResourcesForExistingResourceGroupTest(t, credential, environment.SubscriptionID, resourceGroupName, resourceGroupLocation, uniqueId) // Teardown stage // ... @@ -64,10 +71,11 @@ func TestExistingResourceGroup(t *testing.T) { TerraformDir: environment.TerraformFolder, Vars: map[string]interface{}{ - "resource_group_name": resourceGroupName, - "resource_group_location": resourceGroupLocation, - "create_resource_group": false, - "backup_vault_name": backupVaultName, + "resource_group_name": resourceGroupName, + "resource_group_location": resourceGroupLocation, + "create_resource_group": false, + "backup_vault_name": backupVaultName, + "log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID, }, BackendConfig: map[string]interface{}{ @@ -93,5 +101,9 @@ func TestExistingResourceGroup(t *testing.T) { assert.NotNil(t, resourceGroup, "Resource group does not exist") assert.Equal(t, resourceGroupName, *resourceGroup.Name, "Resource group name does not match") assert.Equal(t, resourceGroupLocation, *resourceGroup.Location, "Resource group location does not match") + + // Validate log analytics workspace + logAnalyticsWorkspace := GetLogAnalyticsWorkspace(t, credential, environment.SubscriptionID, resourceGroupName, *externalResources.LogAnalyticsWorkspace.Name) + assert.NotNil(t, logAnalyticsWorkspace, "Log Analytics Workspace does not exist") }) } diff --git a/tests/end-to-end-tests/go.mod b/tests/end-to-end-tests/go.mod index c6024c5..b3d507f 100644 --- a/tests/end-to-end-tests/go.mod +++ b/tests/end-to-end-tests/go.mod @@ -17,7 +17,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.8.1 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.2 github.com/gruntwork-io/go-commons v0.17.2 - github.com/gruntwork-io/terratest v0.48.2 + github.com/gruntwork-io/terratest v0.50.0 github.com/stretchr/testify v1.10.0 ) diff --git a/tests/end-to-end-tests/go.sum b/tests/end-to-end-tests/go.sum index 6bc9b21..a81854f 100644 --- a/tests/end-to-end-tests/go.sum +++ b/tests/end-to-end-tests/go.sum @@ -176,8 +176,8 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gruntwork-io/go-commons v0.17.2 h1:14dsCJ7M5Vv2X3BIPKeG9Kdy6vTMGhM8L4WZazxfTuY= github.com/gruntwork-io/go-commons v0.17.2/go.mod h1:zs7Q2AbUKuTarBPy19CIxJVUX/rBamfW8IwuWKniWkE= -github.com/gruntwork-io/terratest v0.48.2 h1:+VwfODchq8jxZZWD+s8gBlhD1z6/C4bFLNrhpm9ONrs= -github.com/gruntwork-io/terratest v0.48.2/go.mod h1:Y5ETyD4ZQ2MZhasPno272fWuCpKwvTPYDi8Y0tIMqTE= +github.com/gruntwork-io/terratest v0.50.0 h1:AbBJ7IRCpLZ9H4HBrjeoWESITv8nLjN6/f1riMNcAsw= +github.com/gruntwork-io/terratest v0.50.0/go.mod h1:see0lbKvAqz6rvzvN2wyfuFQQG4PWcAb2yHulF6B2q4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= diff --git a/tests/end-to-end-tests/helpers.go b/tests/end-to-end-tests/helpers.go index 34b5d99..f086b7f 100644 --- a/tests/end-to-end-tests/helpers.go +++ b/tests/end-to-end-tests/helpers.go @@ -297,6 +297,21 @@ func GetBackupInstanceForName(instances []*armdataprotection.BackupInstanceResou return nil } +/* + * Gets a Log Analytics Workspace for the provided name. + */ +func GetLogAnalyticsWorkspace(t *testing.T, credential *azidentity.ClientSecretCredential, subscriptionID string, + resourceGroupName string, workspaceName string) armoperationalinsights.Workspace { + client, err := armoperationalinsights.NewWorkspacesClient(subscriptionID, credential, nil) + assert.NoError(t, err, "Failed to create log analytics workspace client: %v", err) + + // Get the log analytics workspace + resp, err := client.Get(context.Background(), resourceGroupName, workspaceName, nil) + assert.NoError(t, err, "Failed to get log analytics workspace: %v", err) + + return resp.Workspace +} + /* * Creates a resource group that can be used for testing purposes. */ diff --git a/tests/end-to-end-tests/managed_disk_backup_test.go b/tests/end-to-end-tests/managed_disk_backup_test.go index d628b8d..8053178 100644 --- a/tests/end-to-end-tests/managed_disk_backup_test.go +++ b/tests/end-to-end-tests/managed_disk_backup_test.go @@ -8,6 +8,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" @@ -19,6 +20,7 @@ type TestManagedDiskBackupExternalResources struct { ResourceGroup armresources.ResourceGroup ManagedDiskOne armcompute.Disk ManagedDiskTwo armcompute.Disk + LogAnalyticsWorkspace armoperationalinsights.Workspace } /* @@ -35,10 +37,14 @@ func setupExternalResourcesForManagedDiskBackupTest(t *testing.T, credential *az managedDiskTwoName := fmt.Sprintf("disk-%s-external-2", strings.ToLower(uniqueId)) managedDiskTwo := CreateManagedDisk(t, credential, subscriptionID, externalResourceGroupName, managedDiskTwoName, resourceGroupLocation, int32(1)) + logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId)) + logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation) + externalResources := &TestManagedDiskBackupExternalResources{ - ResourceGroup: resourceGroup, - ManagedDiskOne: managedDiskOne, - ManagedDiskTwo: managedDiskTwo, + ResourceGroup: resourceGroup, + ManagedDiskOne: managedDiskOne, + ManagedDiskTwo: managedDiskTwo, + LogAnalyticsWorkspace: logAnalyticsWorkspace, } return externalResources @@ -104,10 +110,11 @@ func TestManagedDiskBackup(t *testing.T) { TerraformDir: environment.TerraformFolder, Vars: map[string]interface{}{ - "resource_group_name": resourceGroupName, - "resource_group_location": resourceGroupLocation, - "backup_vault_name": backupVaultName, - "managed_disk_backups": managedDiskBackups, + "resource_group_name": resourceGroupName, + "resource_group_location": resourceGroupLocation, + "backup_vault_name": backupVaultName, + "managed_disk_backups": managedDiskBackups, + "log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID, }, BackendConfig: map[string]interface{}{ diff --git a/tests/end-to-end-tests/postgresql_flexible_server_backup_test.go b/tests/end-to-end-tests/postgresql_flexible_server_backup_test.go index 1168881..76e3032 100644 --- a/tests/end-to-end-tests/postgresql_flexible_server_backup_test.go +++ b/tests/end-to-end-tests/postgresql_flexible_server_backup_test.go @@ -7,6 +7,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresqlflexibleservers" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/gruntwork-io/terratest/modules/random" @@ -19,6 +20,7 @@ type TestPostgresqlFlexibleServerBackupExternalResources struct { ResourceGroup armresources.ResourceGroup PostgresqlFlexibleServerOne armpostgresqlflexibleservers.Server PostgresqlFlexibleServerTwo armpostgresqlflexibleservers.Server + LogAnalyticsWorkspace armoperationalinsights.Workspace } /* @@ -35,10 +37,14 @@ func setupExternalResourcesForPostgresqlFlexibleServerBackupTest(t *testing.T, c PostgresqlFlexibleServerTwoName := fmt.Sprintf("pgflexserver-%s-external-2", strings.ToLower(uniqueId)) PostgresqlFlexibleServerTwo := CreatePostgresqlFlexibleServer(t, credential, subscriptionID, externalResourceGroupName, PostgresqlFlexibleServerTwoName, resourceGroupLocation, int32(32)) + logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId)) + logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation) + externalResources := &TestPostgresqlFlexibleServerBackupExternalResources{ ResourceGroup: resourceGroup, PostgresqlFlexibleServerOne: PostgresqlFlexibleServerOne, PostgresqlFlexibleServerTwo: PostgresqlFlexibleServerTwo, + LogAnalyticsWorkspace: logAnalyticsWorkspace, } return externalResources @@ -102,6 +108,7 @@ func TestPostgresqlFlexibleServerBackup(t *testing.T) { "resource_group_location": resourceGroupLocation, "backup_vault_name": backupVaultName, "postgresql_flexible_server_backups": PostgresqlFlexibleServerBackups, + "log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID, }, BackendConfig: map[string]interface{}{ diff --git a/tests/end-to-end-tests/vault_immutability_test.go b/tests/end-to-end-tests/vault_immutability_test.go index 26810f7..788cc53 100644 --- a/tests/end-to-end-tests/vault_immutability_test.go +++ b/tests/end-to-end-tests/vault_immutability_test.go @@ -8,6 +8,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage" "github.com/gruntwork-io/terratest/modules/random" @@ -20,6 +21,7 @@ type TestVaultImmutabilityExternalResources struct { ResourceGroup armresources.ResourceGroup StorageAccount armstorage.Account StorageAccountContainer armstorage.BlobContainer + LogAnalyticsWorkspace armoperationalinsights.Workspace } /* @@ -34,10 +36,14 @@ func setupExternalResourcesForVaultImmutabilityTest(t *testing.T, credential *az storageAccount := CreateStorageAccount(t, credential, subscriptionID, externalResourceGroupName, storageAccountName, resourceGroupLocation) storageAccountContainer := CreateStorageAccountContainer(t, credential, subscriptionID, externalResourceGroupName, storageAccountName, "test-container") + logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId)) + logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation) + externalResources := &TestVaultImmutabilityExternalResources{ ResourceGroup: resourceGroup, StorageAccount: storageAccount, StorageAccountContainer: storageAccountContainer, + LogAnalyticsWorkspace: logAnalyticsWorkspace, } return externalResources @@ -91,11 +97,12 @@ func TestVaultImmutability(t *testing.T) { TerraformDir: environment.TerraformFolder, Vars: map[string]interface{}{ - "resource_group_name": resourceGroupName, - "resource_group_location": resourceGroupLocation, - "backup_vault_name": backupVaultName, - "backup_vault_immutability": backupVaultImmutability, - "blob_storage_backups": blobStorageBackups, + "resource_group_name": resourceGroupName, + "resource_group_location": resourceGroupLocation, + "backup_vault_name": backupVaultName, + "backup_vault_immutability": backupVaultImmutability, + "blob_storage_backups": blobStorageBackups, + "log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID, }, BackendConfig: map[string]interface{}{ diff --git a/tests/integration-tests/.terraform.lock.hcl b/tests/integration-tests/.terraform.lock.hcl index 3378190..eda0cbb 100644 --- a/tests/integration-tests/.terraform.lock.hcl +++ b/tests/integration-tests/.terraform.lock.hcl @@ -22,21 +22,21 @@ provider "registry.terraform.io/hashicorp/azurerm" { } provider "registry.terraform.io/hashicorp/random" { - version = "3.5.1" - constraints = "3.5.1" + version = "3.7.2" + constraints = "3.7.2" hashes = [ - "h1:3hjTP5tQBspPcFAJlfafnWrNrKnr7J4Cp0qB9jbqf30=", - "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", - "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", - "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831", - "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3", - "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f", + "h1:0hcNr59VEJbhZYwuDE/ysmyTS0evkfcLarlni+zATPM=", + "zh:14829603a32e4bc4d05062f059e545a91e27ff033756b48afbae6b3c835f508f", + "zh:1527fb07d9fea400d70e9e6eb4a2b918d5060d604749b6f1c361518e7da546dc", + "zh:1e86bcd7ebec85ba336b423ba1db046aeaa3c0e5f921039b3f1a6fc2f978feab", + "zh:24536dec8bde66753f4b4030b8f3ef43c196d69cccbea1c382d01b222478c7a3", + "zh:29f1786486759fad9b0ce4fdfbbfece9343ad47cd50119045075e05afe49d212", + "zh:4d701e978c2dd8604ba1ce962b047607701e65c078cb22e97171513e9e57491f", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b", - "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2", - "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865", - "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03", - "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602", - "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", + "zh:7b8434212eef0f8c83f5a90c6d76feaf850f6502b61b53c329e85b3b281cba34", + "zh:ac8a23c212258b7976e1621275e3af7099e7e4a3d4478cf8d5d2a27f3bc3e967", + "zh:b516ca74431f3df4c6cf90ddcdb4042c626e026317a33c53f0b445a3d93b720d", + "zh:dc76e4326aec2490c1600d6871a95e78f9050f9ce427c71707ea412a2f2f1a62", + "zh:eac7b63e86c749c7d48f527671c7aee5b4e26c10be6ad7232d6860167f99dbb0", ] } diff --git a/tests/integration-tests/azurerm/data.tfmock.hcl b/tests/integration-tests/azurerm/data.tfmock.hcl index 2d3f941..e1fd138 100644 --- a/tests/integration-tests/azurerm/data.tfmock.hcl +++ b/tests/integration-tests/azurerm/data.tfmock.hcl @@ -27,3 +27,9 @@ mock_resource "azurerm_data_protection_backup_policy_postgresql_flexible_server" id = "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.DataProtection/backupVaults/bvault-testvault/backupPolicies/bkpol-testvault-testpolicy" } } + +mock_resource "azurerm_log_analytics_workspace" { + defaults = { + id = "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.OperationalInsights/workspaces/law-testworkspace" + } +} diff --git a/tests/integration-tests/backup_modules_blob_storage.tftest.hcl b/tests/integration-tests/backup_modules_blob_storage.tftest.hcl index 00d3b4a..58c1281 100644 --- a/tests/integration-tests/backup_modules_blob_storage.tftest.hcl +++ b/tests/integration-tests/backup_modules_blob_storage.tftest.hcl @@ -16,10 +16,11 @@ run "create_blob_storage_backup" { } variables { - resource_group_name = run.setup_tests.resource_group_name - resource_group_location = "uksouth" - backup_vault_name = run.setup_tests.backup_vault_name - tags = run.setup_tests.tags + resource_group_name = run.setup_tests.resource_group_name + resource_group_location = "uksouth" + backup_vault_name = run.setup_tests.backup_vault_name + tags = run.setup_tests.tags + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id blob_storage_backups = { backup1 = { backup_name = "storage1" @@ -175,6 +176,7 @@ run "validate_retention_period" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags blob_storage_backups = { backup1 = { @@ -204,6 +206,7 @@ run "validate_retention_period_with_extended_retention" { resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name tags = run.setup_tests.tags + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id use_extended_retention = true blob_storage_backups = { backup1 = { @@ -233,6 +236,7 @@ run "validate_backup_intervals" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags blob_storage_backups = { backup1 = { @@ -261,6 +265,7 @@ run "validate_storage_account_containers" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags blob_storage_backups = { backup1 = { diff --git a/tests/integration-tests/backup_modules_managed_disk.tftest.hcl b/tests/integration-tests/backup_modules_managed_disk.tftest.hcl index 47bd360..74a8ee1 100644 --- a/tests/integration-tests/backup_modules_managed_disk.tftest.hcl +++ b/tests/integration-tests/backup_modules_managed_disk.tftest.hcl @@ -16,10 +16,11 @@ run "create_managed_disk_backup" { } variables { - resource_group_name = run.setup_tests.resource_group_name - resource_group_location = "uksouth" - backup_vault_name = run.setup_tests.backup_vault_name - tags = run.setup_tests.tags + resource_group_name = run.setup_tests.resource_group_name + resource_group_location = "uksouth" + backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id + tags = run.setup_tests.tags managed_disk_backups = { backup1 = { backup_name = "disk1" @@ -181,6 +182,7 @@ run "validate_retention_period" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags managed_disk_backups = { backup1 = { @@ -212,6 +214,7 @@ run "validate_retention_period_with_extended_retention" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags use_extended_retention = true managed_disk_backups = { @@ -245,6 +248,7 @@ run "validate_backup_intervals" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags managed_disk_backups = { backup1 = { diff --git a/tests/integration-tests/backup_modules_postgresql_flexible_server.tftest.hcl b/tests/integration-tests/backup_modules_postgresql_flexible_server.tftest.hcl index bec91db..7175533 100644 --- a/tests/integration-tests/backup_modules_postgresql_flexible_server.tftest.hcl +++ b/tests/integration-tests/backup_modules_postgresql_flexible_server.tftest.hcl @@ -16,10 +16,11 @@ run "create_postgresql_flexible_server_backup" { } variables { - resource_group_name = run.setup_tests.resource_group_name - resource_group_location = "uksouth" - backup_vault_name = run.setup_tests.backup_vault_name - tags = run.setup_tests.tags + resource_group_name = run.setup_tests.resource_group_name + resource_group_location = "uksouth" + backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id + tags = run.setup_tests.tags postgresql_flexible_server_backups = { backup1 = { backup_name = "server1" @@ -165,6 +166,7 @@ run "validate_retention_period" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags postgresql_flexible_server_backups = { backup1 = { @@ -193,6 +195,7 @@ run "validate_retention_period_with_extended_retention" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags use_extended_retention = true postgresql_flexible_server_backups = { @@ -223,6 +226,7 @@ run "validate_backup_intervals" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags postgresql_flexible_server_backups = { backup1 = { diff --git a/tests/integration-tests/backup_vault.tftest.hcl b/tests/integration-tests/backup_vault.tftest.hcl index aaf4baa..a5b16a0 100644 --- a/tests/integration-tests/backup_vault.tftest.hcl +++ b/tests/integration-tests/backup_vault.tftest.hcl @@ -16,12 +16,13 @@ run "create_backup_vault" { } variables { - resource_group_name = run.setup_tests.resource_group_name - resource_group_location = "uksouth" - backup_vault_name = run.setup_tests.backup_vault_name - backup_vault_redundancy = "LocallyRedundant" - backup_vault_immutability = "Unlocked" - tags = run.setup_tests.tags + resource_group_name = run.setup_tests.resource_group_name + resource_group_location = "uksouth" + backup_vault_name = run.setup_tests.backup_vault_name + backup_vault_redundancy = "LocallyRedundant" + backup_vault_immutability = "Unlocked" + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id + tags = run.setup_tests.tags } assert { @@ -89,62 +90,42 @@ run "configure_vault_diagnostics_when_enabled" { resource_group_name = run.setup_tests.resource_group_name resource_group_location = "uksouth" backup_vault_name = run.setup_tests.backup_vault_name - log_analytics_workspace_id = "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.OperationalInsights/workspaces/workspace1" + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id tags = run.setup_tests.tags } assert { - condition = length(azurerm_monitor_diagnostic_setting.backup_vault) == 1 + condition = azurerm_monitor_diagnostic_setting.backup_vault != null error_message = "Backup vault diagnostic settings not as expected." } assert { - condition = azurerm_monitor_diagnostic_setting.backup_vault[0].target_resource_id == azurerm_data_protection_backup_vault.backup_vault.id + condition = azurerm_monitor_diagnostic_setting.backup_vault.target_resource_id == azurerm_data_protection_backup_vault.backup_vault.id error_message = "Backup vault diagnostic setting target resource id not as expected." } assert { - condition = length(azurerm_monitor_diagnostic_setting.backup_vault[0].log_analytics_workspace_id) > 0 + condition = length(azurerm_monitor_diagnostic_setting.backup_vault.log_analytics_workspace_id) > 0 error_message = "Backup vault diagnostic setting log analytics workspace id not as expected." } assert { - condition = length(azurerm_monitor_diagnostic_setting.backup_vault[0].enabled_log) == length(local.backup_vault_diagnostics_log_categories) + condition = length(azurerm_monitor_diagnostic_setting.backup_vault.enabled_log) == length(local.backup_vault_diagnostics_log_categories) error_message = "Backup vault diagnostic setting enabled logs not as expected." } assert { - condition = alltrue([for enabled_log in azurerm_monitor_diagnostic_setting.backup_vault[0].enabled_log : contains(local.backup_vault_diagnostics_log_categories, enabled_log.category)]) + condition = alltrue([for enabled_log in azurerm_monitor_diagnostic_setting.backup_vault.enabled_log : contains(local.backup_vault_diagnostics_log_categories, enabled_log.category)]) error_message = "Backup vault diagnostic setting enabled logs not as expected." } assert { - condition = length(azurerm_monitor_diagnostic_setting.backup_vault[0].enabled_metric) == length(local.backup_vault_diagnostics_metric_categories) + condition = length(azurerm_monitor_diagnostic_setting.backup_vault.enabled_metric) == length(local.backup_vault_diagnostics_metric_categories) error_message = "Backup vault diagnostic setting metrics not as expected." } assert { - condition = alltrue([for metric in azurerm_monitor_diagnostic_setting.backup_vault[0].enabled_metric : contains(local.backup_vault_diagnostics_metric_categories, metric.category)]) + condition = alltrue([for metric in azurerm_monitor_diagnostic_setting.backup_vault.enabled_metric : contains(local.backup_vault_diagnostics_metric_categories, metric.category)]) error_message = "Backup vault diagnostic setting metrics not as expected." } } - -run "configure_vault_diagnostics_when_disabled" { - command = apply - - module { - source = "../../infrastructure" - } - - variables { - resource_group_name = run.setup_tests.resource_group_name - resource_group_location = "uksouth" - backup_vault_name = run.setup_tests.backup_vault_name - tags = run.setup_tests.tags - } - - assert { - condition = length(azurerm_monitor_diagnostic_setting.backup_vault) == 0 - error_message = "Backup vault diagnostic settings not as expected." - } -} diff --git a/tests/integration-tests/resource_group.tftest.hcl b/tests/integration-tests/resource_group.tftest.hcl index 143f4a1..fd782a1 100644 --- a/tests/integration-tests/resource_group.tftest.hcl +++ b/tests/integration-tests/resource_group.tftest.hcl @@ -16,10 +16,11 @@ run "create_resource_group" { } variables { - resource_group_name = run.setup_tests.resource_group_name - resource_group_location = "uksouth" - backup_vault_name = run.setup_tests.backup_vault_name - tags = run.setup_tests.tags + resource_group_name = run.setup_tests.resource_group_name + resource_group_location = "uksouth" + backup_vault_name = run.setup_tests.backup_vault_name + log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id + tags = run.setup_tests.tags } assert { diff --git a/tests/integration-tests/setup/main.tf b/tests/integration-tests/setup/main.tf index 4dddade..621e2d7 100644 --- a/tests/integration-tests/setup/main.tf +++ b/tests/integration-tests/setup/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { random = { source = "hashicorp/random" - version = "3.5.1" + version = "3.7.2" } } } @@ -26,3 +26,7 @@ output "tags" { tagThree = "tagThreeValue" } } + +output "log_analytics_workspace_id" { + value = "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.OperationalInsights/workspaces/law-testworkspace" +}