From 9ae8610a5dcc9b0569ee41eb6338a9155712d13c Mon Sep 17 00:00:00 2001
From: Svein-Petter Johnsen <83902071+sveinpj@users.noreply.github.com>
Date: Thu, 22 Feb 2024 11:12:28 +0100
Subject: [PATCH] Enviroment storageaccount (#1211)

* Updates storageaccount with velero

* Updates storageaccount with velero

* lifecycle input

---------

Co-authored-by: Automatic Update <radix@statoilsrm.onmicrosoft.com>
---
 .../modules/storageaccount/main.tf            | 35 ++++++++++++++++---
 .../modules/storageaccount/variables.tf       |  5 +++
 .../subscriptions/s940/c2/common/main.tf      |  1 +
 .../subscriptions/s940/c2/common/variables.tf |  2 ++
 .../subscriptions/s940/extmon/common/main.tf  |  1 +
 .../s940/extmon/common/variables.tf           |  4 ++-
 .../subscriptions/s940/prod/common/main.tf    |  1 +
 .../s940/prod/common/variables.tf             |  2 ++
 .../subscriptions/s941/dev/common/main.tf     |  3 +-
 .../s941/dev/common/variables.tf              |  4 ++-
 terraform/subscriptions/s941/dev/config.yaml  |  2 +-
 .../s941/playground/common/main.tf            |  3 +-
 .../s941/playground/common/variables.tf       |  4 ++-
 13 files changed, 57 insertions(+), 10 deletions(-)

diff --git a/terraform/subscriptions/modules/storageaccount/main.tf b/terraform/subscriptions/modules/storageaccount/main.tf
index 6a10aebdb..799d66bde 100644
--- a/terraform/subscriptions/modules/storageaccount/main.tf
+++ b/terraform/subscriptions/modules/storageaccount/main.tf
@@ -68,7 +68,7 @@ data "azuread_service_principal" "velero" { # wip To be changed to workload iden
 resource "azurerm_role_assignment" "storage_blob_data_conntributor" {
   for_each             = can(regex("radixvelero.*", var.name)) ? { "${var.name}" : true } : {}
   scope                = azurerm_storage_account.storageaccount.id
-  role_definition_name = "Storage Blob Data Contributor"
+  role_definition_name = "Storage Account Contributor"
   principal_id         = data.azuread_service_principal.velero.id
   depends_on           = [azurerm_storage_account.storageaccount]
 }
@@ -89,9 +89,9 @@ resource "azurerm_data_protection_backup_instance_blob_storage" "backupinstanceb
 
 resource "azurerm_storage_account_network_rules" "this" {
   # for_each                   = var.firewall ? { "${var.name}" : true } : {}
-  storage_account_id         = azurerm_storage_account.storageaccount.id
-  default_action             = "Deny"
-  ip_rules                   = []
+  storage_account_id = azurerm_storage_account.storageaccount.id
+  default_action     = "Deny"
+  ip_rules           = []
   # virtual_network_subnet_ids = [var.subnet_id]
 
 }
@@ -122,3 +122,30 @@ resource "azurerm_private_dns_a_record" "this" {
   ttl                 = 60
   records             = [azurerm_private_endpoint.this.private_service_connection.0.private_ip_address]
 }
+
+resource "azurerm_storage_management_policy" "this" {
+  for_each           = var.lifecyclepolicy ? { "${var.name}" : true } : {}
+  storage_account_id = azurerm_storage_account.storageaccount.id
+  rule {
+    name    = "lifecycle-blockblob"
+    enabled = true
+
+    filters {
+      blob_types = ["blockBlob"]
+    }
+
+    actions {
+      version {
+        delete_after_days_since_creation = 60
+      }
+      base_blob {
+        delete_after_days_since_modification_greater_than       = 90
+        tier_to_cool_after_days_since_modification_greater_than = 30
+      }
+    }
+  }
+  depends_on = [azurerm_storage_account.storageaccount]
+}
+
+
+
diff --git a/terraform/subscriptions/modules/storageaccount/variables.tf b/terraform/subscriptions/modules/storageaccount/variables.tf
index adb736421..3e601655e 100644
--- a/terraform/subscriptions/modules/storageaccount/variables.tf
+++ b/terraform/subscriptions/modules/storageaccount/variables.tf
@@ -107,4 +107,9 @@ variable "virtual_network" {
 
 variable "vnet_resource_group" {
   type = string
+}
+variable "lifecyclepolicy" {
+  type    = bool
+  default = false
+
 }
\ No newline at end of file
diff --git a/terraform/subscriptions/s940/c2/common/main.tf b/terraform/subscriptions/s940/c2/common/main.tf
index 7e27d609f..a7c9ab260 100644
--- a/terraform/subscriptions/s940/c2/common/main.tf
+++ b/terraform/subscriptions/s940/c2/common/main.tf
@@ -57,5 +57,6 @@ module "storageaccount" {
   subnet_id                = local.external_outputs.virtualnetwork.data.vnet_subnet.id
   velero_service_principal = each.value.velero_service_principal
   vnet_resource_group      = module.config.vnet_resource_group
+  lifecyclepolicy          = each.value.lifecyclepolicy
 }
 
diff --git a/terraform/subscriptions/s940/c2/common/variables.tf b/terraform/subscriptions/s940/c2/common/variables.tf
index 0a8124f2c..d457e30f4 100644
--- a/terraform/subscriptions/s940/c2/common/variables.tf
+++ b/terraform/subscriptions/s940/c2/common/variables.tf
@@ -37,6 +37,7 @@ variable "storageaccounts" {
     backup                   = optional(bool, false)
     principal_id             = optional(string)
     private_endpoint         = optional(bool, false)
+    lifecyclepolicy          = optional(bool, false)
   }))
   default = {
     log = {
@@ -49,6 +50,7 @@ variable "storageaccounts" {
       name                     = "velero"
       account_replication_type = "GRS"
       backup                   = true
+      lifecyclepolicy          = true
     }
   }
 }
\ No newline at end of file
diff --git a/terraform/subscriptions/s940/extmon/common/main.tf b/terraform/subscriptions/s940/extmon/common/main.tf
index ea45bcd27..d2b6421cb 100644
--- a/terraform/subscriptions/s940/extmon/common/main.tf
+++ b/terraform/subscriptions/s940/extmon/common/main.tf
@@ -55,4 +55,5 @@ module "storageaccount" {
   subnet_id                = local.external_outputs.virtualnetwork.data.vnet_subnet.id
   velero_service_principal = each.value.velero_service_principal
   vnet_resource_group      = module.config.vnet_resource_group
+  lifecyclepolicy          = each.value.lifecyclepolicy
 }
\ No newline at end of file
diff --git a/terraform/subscriptions/s940/extmon/common/variables.tf b/terraform/subscriptions/s940/extmon/common/variables.tf
index c2341852f..9361e92dd 100644
--- a/terraform/subscriptions/s940/extmon/common/variables.tf
+++ b/terraform/subscriptions/s940/extmon/common/variables.tf
@@ -18,13 +18,15 @@ variable "storageaccounts" {
     backup                   = optional(bool, false)
     principal_id             = optional(string)
     private_endpoint         = optional(bool, false)
+    lifecyclepolicy          = optional(bool, false)
   }))
   default = {
     log = {
       name = "log"
     },
     velero = {
-      name = "velero"
+      name            = "velero"
+      lifecyclepolicy = true
     }
   }
 }
\ No newline at end of file
diff --git a/terraform/subscriptions/s940/prod/common/main.tf b/terraform/subscriptions/s940/prod/common/main.tf
index 7e27d609f..a7c9ab260 100644
--- a/terraform/subscriptions/s940/prod/common/main.tf
+++ b/terraform/subscriptions/s940/prod/common/main.tf
@@ -57,5 +57,6 @@ module "storageaccount" {
   subnet_id                = local.external_outputs.virtualnetwork.data.vnet_subnet.id
   velero_service_principal = each.value.velero_service_principal
   vnet_resource_group      = module.config.vnet_resource_group
+  lifecyclepolicy          = each.value.lifecyclepolicy
 }
 
diff --git a/terraform/subscriptions/s940/prod/common/variables.tf b/terraform/subscriptions/s940/prod/common/variables.tf
index 5e1b96e3a..42b641014 100644
--- a/terraform/subscriptions/s940/prod/common/variables.tf
+++ b/terraform/subscriptions/s940/prod/common/variables.tf
@@ -38,6 +38,7 @@ variable "storageaccounts" {
     backup                   = optional(bool, false)
     principal_id             = optional(string)
     private_endpoint         = optional(bool, false)
+    lifecyclepolicy          = optional(bool, false)
   }))
   default = {
     log = {
@@ -50,6 +51,7 @@ variable "storageaccounts" {
       name                     = "velero"
       account_replication_type = "GRS"
       backup                   = true
+      lifecyclepolicy          = true
     }
   }
 }
\ No newline at end of file
diff --git a/terraform/subscriptions/s941/dev/common/main.tf b/terraform/subscriptions/s941/dev/common/main.tf
index 8e046b073..a7c9ab260 100644
--- a/terraform/subscriptions/s941/dev/common/main.tf
+++ b/terraform/subscriptions/s941/dev/common/main.tf
@@ -46,7 +46,7 @@ module "storageaccount" {
   account_replication_type = each.value.account_replication_type
   resource_group_name      = each.value.resource_group_name
   location                 = each.value.location
-  environment              = module.config.environment_L
+  environment              = module.config.environment
   kind                     = each.value.kind
   change_feed_enabled      = each.value.change_feed_enabled
   versioning_enabled       = each.value.versioning_enabled
@@ -57,5 +57,6 @@ module "storageaccount" {
   subnet_id                = local.external_outputs.virtualnetwork.data.vnet_subnet.id
   velero_service_principal = each.value.velero_service_principal
   vnet_resource_group      = module.config.vnet_resource_group
+  lifecyclepolicy          = each.value.lifecyclepolicy
 }
 
diff --git a/terraform/subscriptions/s941/dev/common/variables.tf b/terraform/subscriptions/s941/dev/common/variables.tf
index 619d583de..5592376ca 100644
--- a/terraform/subscriptions/s941/dev/common/variables.tf
+++ b/terraform/subscriptions/s941/dev/common/variables.tf
@@ -46,13 +46,15 @@ variable "storageaccounts" {
     backup                   = optional(bool, false)
     principal_id             = optional(string)
     private_endpoint         = optional(bool, false)
+    lifecyclepolicy          = optional(bool, false)
   }))
   default = {
     log = {
       name = "log"
     },
     velero = {
-      name = "velero"
+      name            = "velero"
+      lifecyclepolicy = true
     }
   }
 }
diff --git a/terraform/subscriptions/s941/dev/config.yaml b/terraform/subscriptions/s941/dev/config.yaml
index a5ba6a85b..a8dd0fe32 100644
--- a/terraform/subscriptions/s941/dev/config.yaml
+++ b/terraform/subscriptions/s941/dev/config.yaml
@@ -6,4 +6,4 @@ backend:
   container_name:        "infrastructure"
   subscription_id:       "16ede44b-1f74-40a5-b428-46cca9a5741b"
   tenant_id:             "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
-clusters: ["weekly-07"]
+clusters: ["weekly-07","weekly-08"]
diff --git a/terraform/subscriptions/s941/playground/common/main.tf b/terraform/subscriptions/s941/playground/common/main.tf
index 8e046b073..a7c9ab260 100644
--- a/terraform/subscriptions/s941/playground/common/main.tf
+++ b/terraform/subscriptions/s941/playground/common/main.tf
@@ -46,7 +46,7 @@ module "storageaccount" {
   account_replication_type = each.value.account_replication_type
   resource_group_name      = each.value.resource_group_name
   location                 = each.value.location
-  environment              = module.config.environment_L
+  environment              = module.config.environment
   kind                     = each.value.kind
   change_feed_enabled      = each.value.change_feed_enabled
   versioning_enabled       = each.value.versioning_enabled
@@ -57,5 +57,6 @@ module "storageaccount" {
   subnet_id                = local.external_outputs.virtualnetwork.data.vnet_subnet.id
   velero_service_principal = each.value.velero_service_principal
   vnet_resource_group      = module.config.vnet_resource_group
+  lifecyclepolicy          = each.value.lifecyclepolicy
 }
 
diff --git a/terraform/subscriptions/s941/playground/common/variables.tf b/terraform/subscriptions/s941/playground/common/variables.tf
index 754f7b587..3871148bf 100644
--- a/terraform/subscriptions/s941/playground/common/variables.tf
+++ b/terraform/subscriptions/s941/playground/common/variables.tf
@@ -37,13 +37,15 @@ variable "storageaccounts" {
     backup                   = optional(bool, false)
     principal_id             = optional(string)
     private_endpoint         = optional(bool, false)
+    lifecyclepolicy          = optional(bool, false)
   }))
   default = {
     log = {
       name = "log"
     },
     velero = {
-      name = "velero"
+      name            = "velero"
+      lifecyclepolicy = true
     }
   }
 }
\ No newline at end of file