feat: Make log analytics mandatory

docs/usage.md

@@ -134,7 +134,7 @@ module "my_backup" {
 | `backup_vault_name` | The name of the backup vault. The value supplied will be automatically prefixed with `rg-nhsbackup-`. If more than one az-backup module is created, this value must be unique across them. | Yes | n/a |
 | `backup_vault_redundancy` | The redundancy of the vault, e.g. `GeoRedundant`. [See the following link for the possible values.](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_vault#redundancy) | No | `LocallyRedundant` |
 | `backup_vault_immutability` | The immutability of the vault, e.g. `Locked`. [See the following link for the possible values.](https://learn.microsoft.com/en-us/azure/templates/microsoft.dataprotection/backupvaults?pivots=deployment-language-terraform#immutabilitysettings-2) | No | `Disabled` |
-| `log_analytics_workspace_id` | The id of the log analytics workspace that backup telemetry and diagnostics should be sent to. When no value is provided then diagnostics will not be sent anywhere. | No | n/a |
+| `log_analytics_workspace_id` | The id of the log analytics workspace that backup telemetry and diagnostics should be sent to. **NOTE** this variable was made mandatory in v2 of the module. | Yes | n/a |
 | `tags` | A map of tags which will be applied to the resource group and backup vault. When no tags are specified then no tags are added. NOTE when using an externally managed resource group the tags will not be applied to it (they will still be applied to the backup vault). | No | n/a |
 | `use_extended_retention` | If set to true, then the backup retention periods can be set to anything, otherwise they are limited to 7 days. | No | `false` |
 | `blob_storage_backups` | A map of blob storage backups that should be created. For each backup the following values should be provided: `storage_account_id`, `backup_name` and `retention_period`. When no value is provided then no backups are created. | No | n/a |

infrastructure/backup_vault.tf

@@ -27,7 +27,6 @@ locals {
 }
 
 resource "azurerm_monitor_diagnostic_setting" "backup_vault" {
-  count                      = length(var.log_analytics_workspace_id) > 0 ? 1 : 0
   name                       = "${var.backup_vault_name}-diagnostic-settings"
   target_resource_id         = azurerm_data_protection_backup_vault.backup_vault.id
   log_analytics_workspace_id = var.log_analytics_workspace_id

infrastructure/variables.tf

@@ -40,7 +40,6 @@ variable "backup_vault_immutability" {
 variable "log_analytics_workspace_id" {
   description = "The id of the log analytics workspace to use for backup vault diagnostic settings"
   type        = string
-  default     = ""
 }
 
 variable "tags" {

tests/end-to-end-tests/basic_deployment_test.go

@@ -2,15 +2,43 @@ package e2e_tests
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 	test_structure "github.com/gruntwork-io/terratest/modules/test-structure"
 	"github.com/stretchr/testify/assert"
 )
 
+type TestBasicDeploymentExternalResources struct {
+	ResourceGroup         armresources.ResourceGroup
+	LogAnalyticsWorkspace armoperationalinsights.Workspace
+}
+
+/*
+ * Creates resources which are "external" to the az-backup module, and models
+ * what would be backed up in a real scenario.
+ */
+func setupExternalResourcesForBasicDeploymentTest(t *testing.T, credential *azidentity.ClientSecretCredential, subscriptionID string, resourceGroupName string, resourceGroupLocation string, uniqueId string) *TestDiagnosticSettingsExternalResources {
+	externalResourceGroupName := fmt.Sprintf("%s-external", resourceGroupName)
+	resourceGroup := CreateResourceGroup(t, credential, subscriptionID, externalResourceGroupName, resourceGroupLocation)
+
+	logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId))
+	logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation)
+
+	externalResources := &TestDiagnosticSettingsExternalResources{
+		ResourceGroup:         resourceGroup,
+		LogAnalyticsWorkspace: logAnalyticsWorkspace,
+	}
+
+	return externalResources
+}
+
 /*
  * TestBasicDeployment tests the basic deployment of the infrastructure using Terraform.
  */
@@ -32,6 +60,8 @@ func TestBasicDeployment(t *testing.T) {
 		"tagThree": "tagThreeValue",
 	}
 
+	externalResources := setupExternalResourcesForBasicDeploymentTest(t, credential, environment.SubscriptionID, resourceGroupName, resourceGroupLocation, uniqueId)
+
 	// Teardown stage
 	// ...
 
@@ -49,11 +79,12 @@ func TestBasicDeployment(t *testing.T) {
 			TerraformDir: environment.TerraformFolder,
 
 			Vars: map[string]interface{}{
-				"resource_group_name":     resourceGroupName,
-				"resource_group_location": resourceGroupLocation,
-				"backup_vault_name":       backupVaultName,
-				"backup_vault_redundancy": backupVaultRedundancy,
-				"tags":                    tags,
+				"resource_group_name":        resourceGroupName,
+				"resource_group_location":    resourceGroupLocation,
+				"backup_vault_name":          backupVaultName,
+				"backup_vault_redundancy":    backupVaultRedundancy,
+				"log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID,
+				"tags":                       tags,
 			},
 
 			BackendConfig: map[string]interface{}{

tests/end-to-end-tests/blob_storage_backup_test.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
 	"github.com/gruntwork-io/terratest/modules/random"
@@ -17,6 +18,7 @@ import (
 
 type TestBlobStorageBackupExternalResources struct {
 	ResourceGroup              armresources.ResourceGroup
+	LogAnalyticsWorkspace      armoperationalinsights.Workspace
 	StorageAccountOne          armstorage.Account
 	StorageAccountOneContainer armstorage.BlobContainer
 	StorageAccountTwo          armstorage.Account
@@ -31,6 +33,9 @@ func setupExternalResourcesForBlobStorageBackupTest(t *testing.T, credential *az
 	externalResourceGroupName := fmt.Sprintf("%s-external", resourceGroupName)
 	resourceGroup := CreateResourceGroup(t, credential, subscriptionID, externalResourceGroupName, resourceGroupLocation)
 
+	logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId))
+	logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation)
+
 	storageAccountOneName := fmt.Sprintf("sa%sexternal1", strings.ToLower(uniqueId))
 	storageAccountOne := CreateStorageAccount(t, credential, subscriptionID, externalResourceGroupName, storageAccountOneName, resourceGroupLocation)
 	storageAccountOneContainer := CreateStorageAccountContainer(t, credential, subscriptionID, externalResourceGroupName, storageAccountOneName, "test-container")
@@ -41,6 +46,7 @@ func setupExternalResourcesForBlobStorageBackupTest(t *testing.T, credential *az
 
 	externalResources := &TestBlobStorageBackupExternalResources{
 		ResourceGroup:              resourceGroup,
+		LogAnalyticsWorkspace:      logAnalyticsWorkspace,
 		StorageAccountOne:          storageAccountOne,
 		StorageAccountOneContainer: storageAccountOneContainer,
 		StorageAccountTwo:          storageAccountTwo,
@@ -104,10 +110,11 @@ func TestBlobStorageBackup(t *testing.T) {
 			TerraformDir: environment.TerraformFolder,
 
 			Vars: map[string]interface{}{
-				"resource_group_name":     resourceGroupName,
-				"resource_group_location": resourceGroupLocation,
-				"backup_vault_name":       backupVaultName,
-				"blob_storage_backups":    blobStorageBackups,
+				"resource_group_name":        resourceGroupName,
+				"resource_group_location":    resourceGroupLocation,
+				"backup_vault_name":          backupVaultName,
+				"log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID,
+				"blob_storage_backups":       blobStorageBackups,
 			},
 
 			BackendConfig: map[string]interface{}{

tests/end-to-end-tests/existing_resource_group_test.go

@@ -2,9 +2,11 @@ package e2e_tests
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/gruntwork-io/terratest/modules/terraform"
@@ -13,17 +15,22 @@ import (
 )
 
 type TestExistingResourceGroupExternalResources struct {
-	ResourceGroup armresources.ResourceGroup
+	ResourceGroup         armresources.ResourceGroup
+	LogAnalyticsWorkspace armoperationalinsights.Workspace
 }
 
 /*
  * Creates resources which are "external" to the az-backup module.
  */
-func setupExternalResourcesForExistingResourceGroupTest(t *testing.T, credential *azidentity.ClientSecretCredential, subscriptionID string, resourceGroupName string, resourceGroupLocation string) *TestExistingResourceGroupExternalResources {
+func setupExternalResourcesForExistingResourceGroupTest(t *testing.T, credential *azidentity.ClientSecretCredential, subscriptionID string, resourceGroupName string, resourceGroupLocation string, uniqueId string) *TestExistingResourceGroupExternalResources {
 	resourceGroup := CreateResourceGroup(t, credential, subscriptionID, resourceGroupName, resourceGroupLocation)
 
+	logAnalyticsWorkspaceName := fmt.Sprintf("law-%s", strings.ToLower(uniqueId))
+	logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, resourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation)
+
 	externalResources := &TestExistingResourceGroupExternalResources{
-		ResourceGroup: resourceGroup,
+		ResourceGroup:         resourceGroup,
+		LogAnalyticsWorkspace: logAnalyticsWorkspace,
 	}
 
 	return externalResources
@@ -43,7 +50,7 @@ func TestExistingResourceGroup(t *testing.T) {
 	resourceGroupLocation := "uksouth"
 	backupVaultName := fmt.Sprintf("bvault-nhsbackup-%s", uniqueId)
 
-	externalResources := setupExternalResourcesForExistingResourceGroupTest(t, credential, environment.SubscriptionID, resourceGroupName, resourceGroupLocation)
+	externalResources := setupExternalResourcesForExistingResourceGroupTest(t, credential, environment.SubscriptionID, resourceGroupName, resourceGroupLocation, uniqueId)
 
 	// Teardown stage
 	// ...
@@ -64,10 +71,11 @@ func TestExistingResourceGroup(t *testing.T) {
 			TerraformDir: environment.TerraformFolder,
 
 			Vars: map[string]interface{}{
-				"resource_group_name":     resourceGroupName,
-				"resource_group_location": resourceGroupLocation,
-				"create_resource_group":   false,
-				"backup_vault_name":       backupVaultName,
+				"resource_group_name":        resourceGroupName,
+				"resource_group_location":    resourceGroupLocation,
+				"create_resource_group":      false,
+				"backup_vault_name":          backupVaultName,
+				"log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID,
 			},
 
 			BackendConfig: map[string]interface{}{

tests/end-to-end-tests/managed_disk_backup_test.go

@@ -8,6 +8,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/gruntwork-io/terratest/modules/terraform"
@@ -16,9 +17,10 @@ import (
 )
 
 type TestManagedDiskBackupExternalResources struct {
-	ResourceGroup  armresources.ResourceGroup
-	ManagedDiskOne armcompute.Disk
-	ManagedDiskTwo armcompute.Disk
+	ResourceGroup         armresources.ResourceGroup
+	LogAnalyticsWorkspace armoperationalinsights.Workspace
+	ManagedDiskOne        armcompute.Disk
+	ManagedDiskTwo        armcompute.Disk
 }
 
 /*
@@ -29,16 +31,20 @@ func setupExternalResourcesForManagedDiskBackupTest(t *testing.T, credential *az
 	externalResourceGroupName := fmt.Sprintf("%s-external", resourceGroupName)
 	resourceGroup := CreateResourceGroup(t, credential, subscriptionID, externalResourceGroupName, resourceGroupLocation)
 
+	logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId))
+	logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation)
+
 	managedDiskOneName := fmt.Sprintf("disk-%s-external-1", strings.ToLower(uniqueId))
 	managedDiskOne := CreateManagedDisk(t, credential, subscriptionID, externalResourceGroupName, managedDiskOneName, resourceGroupLocation, int32(1))
 
 	managedDiskTwoName := fmt.Sprintf("disk-%s-external-2", strings.ToLower(uniqueId))
 	managedDiskTwo := CreateManagedDisk(t, credential, subscriptionID, externalResourceGroupName, managedDiskTwoName, resourceGroupLocation, int32(1))
 
 	externalResources := &TestManagedDiskBackupExternalResources{
-		ResourceGroup:  resourceGroup,
-		ManagedDiskOne: managedDiskOne,
-		ManagedDiskTwo: managedDiskTwo,
+		ResourceGroup:         resourceGroup,
+		LogAnalyticsWorkspace: logAnalyticsWorkspace,
+		ManagedDiskOne:        managedDiskOne,
+		ManagedDiskTwo:        managedDiskTwo,
 	}
 
 	return externalResources
@@ -104,10 +110,11 @@ func TestManagedDiskBackup(t *testing.T) {
 			TerraformDir: environment.TerraformFolder,
 
 			Vars: map[string]interface{}{
-				"resource_group_name":     resourceGroupName,
-				"resource_group_location": resourceGroupLocation,
-				"backup_vault_name":       backupVaultName,
-				"managed_disk_backups":    managedDiskBackups,
+				"resource_group_name":        resourceGroupName,
+				"resource_group_location":    resourceGroupLocation,
+				"backup_vault_name":          backupVaultName,
+				"log_analytics_workspace_id": *externalResources.LogAnalyticsWorkspace.ID,
+				"managed_disk_backups":       managedDiskBackups,
 			},
 
 			BackendConfig: map[string]interface{}{

tests/end-to-end-tests/postgresql_flexible_server_backup_test.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresqlflexibleservers"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
 	"github.com/gruntwork-io/terratest/modules/random"
@@ -17,6 +18,7 @@ import (
 
 type TestPostgresqlFlexibleServerBackupExternalResources struct {
 	ResourceGroup               armresources.ResourceGroup
+	LogAnalyticsWorkspace       armoperationalinsights.Workspace
 	PostgresqlFlexibleServerOne armpostgresqlflexibleservers.Server
 	PostgresqlFlexibleServerTwo armpostgresqlflexibleservers.Server
 }
@@ -29,6 +31,9 @@ func setupExternalResourcesForPostgresqlFlexibleServerBackupTest(t *testing.T, c
 	externalResourceGroupName := fmt.Sprintf("%s-external", resourceGroupName)
 	resourceGroup := CreateResourceGroup(t, credential, subscriptionID, externalResourceGroupName, resourceGroupLocation)
 
+	logAnalyticsWorkspaceName := fmt.Sprintf("law-%s-external", strings.ToLower(uniqueId))
+	logAnalyticsWorkspace := CreateLogAnalyticsWorkspace(t, credential, subscriptionID, externalResourceGroupName, logAnalyticsWorkspaceName, resourceGroupLocation)
+
 	PostgresqlFlexibleServerOneName := fmt.Sprintf("pgflexserver-%s-external-1", strings.ToLower(uniqueId))
 	PostgresqlFlexibleServerOne := CreatePostgresqlFlexibleServer(t, credential, subscriptionID, externalResourceGroupName, PostgresqlFlexibleServerOneName, resourceGroupLocation, int32(32))
 
@@ -37,6 +42,7 @@ func setupExternalResourcesForPostgresqlFlexibleServerBackupTest(t *testing.T, c
 
 	externalResources := &TestPostgresqlFlexibleServerBackupExternalResources{
 		ResourceGroup:               resourceGroup,
+		LogAnalyticsWorkspace:       logAnalyticsWorkspace,
 		PostgresqlFlexibleServerOne: PostgresqlFlexibleServerOne,
 		PostgresqlFlexibleServerTwo: PostgresqlFlexibleServerTwo,
 	}
@@ -101,6 +107,7 @@ func TestPostgresqlFlexibleServerBackup(t *testing.T) {
 				"resource_group_name":                resourceGroupName,
 				"resource_group_location":            resourceGroupLocation,
 				"backup_vault_name":                  backupVaultName,
+				"log_analytics_workspace_id":         *externalResources.LogAnalyticsWorkspace.ID,
 				"postgresql_flexible_server_backups": PostgresqlFlexibleServerBackups,
 			},