Enviroment storageaccount (#1211)

* Updates storageaccount with velero

* Updates storageaccount with velero

* lifecycle input

---------

Co-authored-by: Automatic Update <radix@statoilsrm.onmicrosoft.com>

terraform/subscriptions/modules/storageaccount/main.tf

@@ -68,7 +68,7 @@ data "azuread_service_principal" "velero" { # wip To be changed to workload iden
 resource "azurerm_role_assignment" "storage_blob_data_conntributor" {
   for_each             = can(regex("radixvelero.*", var.name)) ? { "${var.name}" : true } : {}
   scope                = azurerm_storage_account.storageaccount.id
-  role_definition_name = "Storage Blob Data Contributor"
+  role_definition_name = "Storage Account Contributor"
   principal_id         = data.azuread_service_principal.velero.id
   depends_on           = [azurerm_storage_account.storageaccount]
 }
@@ -89,9 +89,9 @@ resource "azurerm_data_protection_backup_instance_blob_storage" "backupinstanceb
 
 resource "azurerm_storage_account_network_rules" "this" {
   # for_each                   = var.firewall ? { "${var.name}" : true } : {}
-  storage_account_id         = azurerm_storage_account.storageaccount.id
-  default_action             = "Deny"
-  ip_rules                   = []
+  storage_account_id = azurerm_storage_account.storageaccount.id
+  default_action     = "Deny"
+  ip_rules           = []
   # virtual_network_subnet_ids = [var.subnet_id]
 
 }
@@ -122,3 +122,30 @@ resource "azurerm_private_dns_a_record" "this" {
   ttl                 = 60
   records             = [azurerm_private_endpoint.this.private_service_connection.0.private_ip_address]
 }
+
+resource "azurerm_storage_management_policy" "this" {
+  for_each           = var.lifecyclepolicy ? { "${var.name}" : true } : {}
+  storage_account_id = azurerm_storage_account.storageaccount.id
+  rule {
+    name    = "lifecycle-blockblob"
+    enabled = true
+
+    filters {
+      blob_types = ["blockBlob"]
+    }
+
+    actions {
+      version {
+        delete_after_days_since_creation = 60
+      }
+      base_blob {
+        delete_after_days_since_modification_greater_than       = 90
+        tier_to_cool_after_days_since_modification_greater_than = 30
+      }
+    }
+  }
+  depends_on = [azurerm_storage_account.storageaccount]
+}
+
+
+

terraform/subscriptions/modules/storageaccount/variables.tf

@@ -107,4 +107,9 @@ variable "virtual_network" {
 
 variable "vnet_resource_group" {
   type = string
+}
+variable "lifecyclepolicy" {
+  type    = bool
+  default = false
+
 }

terraform/subscriptions/s940/c2/common/main.tf

@@ -57,5 +57,6 @@ module "storageaccount" {
   subnet_id                = local.external_outputs.virtualnetwork.data.vnet_subnet.id
   velero_service_principal = each.value.velero_service_principal
   vnet_resource_group      = module.config.vnet_resource_group
+  lifecyclepolicy          = each.value.lifecyclepolicy
 }
 

terraform/subscriptions/s940/c2/common/variables.tf

@@ -37,6 +37,7 @@ variable "storageaccounts" {
     backup                   = optional(bool, false)
     principal_id             = optional(string)
     private_endpoint         = optional(bool, false)
+    lifecyclepolicy          = optional(bool, false)
   }))
   default = {
     log = {
@@ -49,6 +50,7 @@ variable "storageaccounts" {
       name                     = "velero"
       account_replication_type = "GRS"
       backup                   = true
+      lifecyclepolicy          = true
     }
   }
 }

terraform/subscriptions/s940/extmon/common/main.tf

@@ -55,4 +55,5 @@ module "storageaccount" {
   subnet_id                = local.external_outputs.virtualnetwork.data.vnet_subnet.id
   velero_service_principal = each.value.velero_service_principal
   vnet_resource_group      = module.config.vnet_resource_group
+  lifecyclepolicy          = each.value.lifecyclepolicy
 }

terraform/subscriptions/s940/extmon/common/variables.tf

@@ -18,13 +18,15 @@ variable "storageaccounts" {
     backup                   = optional(bool, false)
     principal_id             = optional(string)
     private_endpoint         = optional(bool, false)
+    lifecyclepolicy          = optional(bool, false)
   }))
   default = {
     log = {
       name = "log"
     },
     velero = {
-      name = "velero"
+      name            = "velero"
+      lifecyclepolicy = true
     }
   }
 }

terraform/subscriptions/s940/prod/common/main.tf

@@ -57,5 +57,6 @@ module "storageaccount" {
   subnet_id                = local.external_outputs.virtualnetwork.data.vnet_subnet.id
   velero_service_principal = each.value.velero_service_principal
   vnet_resource_group      = module.config.vnet_resource_group
+  lifecyclepolicy          = each.value.lifecyclepolicy
 }
 

terraform/subscriptions/s940/prod/common/variables.tf

@@ -38,6 +38,7 @@ variable "storageaccounts" {
     backup                   = optional(bool, false)
     principal_id             = optional(string)
     private_endpoint         = optional(bool, false)
+    lifecyclepolicy          = optional(bool, false)
   }))
   default = {
     log = {
@@ -50,6 +51,7 @@ variable "storageaccounts" {
       name                     = "velero"
       account_replication_type = "GRS"
       backup                   = true
+      lifecyclepolicy          = true
     }
   }
 }

terraform/subscriptions/s941/dev/common/main.tf

@@ -46,7 +46,7 @@ module "storageaccount" {
   account_replication_type = each.value.account_replication_type
   resource_group_name      = each.value.resource_group_name
   location                 = each.value.location
-  environment              = module.config.environment_L
+  environment              = module.config.environment
   kind                     = each.value.kind
   change_feed_enabled      = each.value.change_feed_enabled
   versioning_enabled       = each.value.versioning_enabled
@@ -57,5 +57,6 @@ module "storageaccount" {
   subnet_id                = local.external_outputs.virtualnetwork.data.vnet_subnet.id
   velero_service_principal = each.value.velero_service_principal
   vnet_resource_group      = module.config.vnet_resource_group
+  lifecyclepolicy          = each.value.lifecyclepolicy
 }
 

terraform/subscriptions/s941/dev/common/variables.tf

@@ -46,13 +46,15 @@ variable "storageaccounts" {
     backup                   = optional(bool, false)
     principal_id             = optional(string)
     private_endpoint         = optional(bool, false)
+    lifecyclepolicy          = optional(bool, false)
   }))
   default = {
     log = {
       name = "log"
     },
     velero = {
-      name = "velero"
+      name            = "velero"
+      lifecyclepolicy = true
     }
   }
 }

terraform/subscriptions/s941/dev/config.yaml

@@ -6,4 +6,4 @@ backend:
   container_name:        "infrastructure"
   subscription_id:       "16ede44b-1f74-40a5-b428-46cca9a5741b"
   tenant_id:             "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
-clusters: ["weekly-07"]
+clusters: ["weekly-07","weekly-08"]

terraform/subscriptions/s941/playground/common/main.tf

@@ -46,7 +46,7 @@ module "storageaccount" {
   account_replication_type = each.value.account_replication_type
   resource_group_name      = each.value.resource_group_name
   location                 = each.value.location
-  environment              = module.config.environment_L
+  environment              = module.config.environment
   kind                     = each.value.kind
   change_feed_enabled      = each.value.change_feed_enabled
   versioning_enabled       = each.value.versioning_enabled
@@ -57,5 +57,6 @@ module "storageaccount" {
   subnet_id                = local.external_outputs.virtualnetwork.data.vnet_subnet.id
   velero_service_principal = each.value.velero_service_principal
   vnet_resource_group      = module.config.vnet_resource_group
+  lifecyclepolicy          = each.value.lifecyclepolicy
 }
 

terraform/subscriptions/s941/playground/common/variables.tf

@@ -37,13 +37,15 @@ variable "storageaccounts" {
     backup                   = optional(bool, false)
     principal_id             = optional(string)
     private_endpoint         = optional(bool, false)
+    lifecyclepolicy          = optional(bool, false)
   }))
   default = {
     log = {
       name = "log"
     },
     velero = {
-      name = "velero"
+      name            = "velero"
+      lifecyclepolicy = true
     }
   }
 }