Skip to content

feat: [DTOSS-12152] Storage Account - enable Data Protection options #282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
MacMur85 wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

feat: [DTOSS-12152] Storage Account - enable Data Protection options #282

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a5a1483
feat: data protection options with variables validation for storage a…
MacMur85 Feb 24, 2026
b87a938
fix: check the variable value
MacMur85 Mar 2, 2026
3c642e8
fix: check the variable value
MacMur85 Mar 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions infrastructure/modules/storage/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,44 @@ resource "azurerm_storage_account" "storage_account" {
days = var.blob_properties_delete_retention_policy
}
versioning_enabled = var.blob_properties_versioning_enabled

container_delete_retention_policy {
days = var.container_delete_retention_policy_days
}

change_feed_enabled = var.blob_properties_change_feed_enabled

dynamic "restore_policy" {
for_each = var.blob_properties_restore_policy_days != null ? [1] : []
content {
days = var.blob_properties_restore_policy_days
}
}
}

dynamic "share_properties" {
for_each = var.share_properties_retention_policy_days != null ? [1] : []
content {
retention_policy {
days = var.share_properties_retention_policy_days
}
}
}

lifecycle {
ignore_changes = [tags]

# Validation 1: Prevent the Change Feed / Restore Policy mismatch
precondition {
condition = var.blob_properties_restore_policy_days == null || var.blob_properties_change_feed_enabled == true
error_message = "Invalid configuration: If blob_properties_restore_policy_days is set, blob_properties_change_feed_enabled must be explicitly set to true."
}

# Validation 2: Prevent the Days limit mismatch
precondition {
condition = var.blob_properties_restore_policy_days == null ? true : (var.blob_properties_restore_policy_days < var.blob_properties_delete_retention_policy)
error_message = "Invalid configuration: blob_properties_restore_policy_days must be strictly less than blob_properties_delete_retention_policy."
}
}
}

Expand Down
24 changes: 24 additions & 0 deletions infrastructure/modules/storage/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,30 @@ variable "queue_transactions_high_threshold" {
default = 1000
}

variable "container_delete_retention_policy_days" {
description = "Specifies the number of days that the container should be retained. Defaulting to 7 for baseline data protection."
type = number
default = 7
}

variable "blob_properties_change_feed_enabled" {
description = "Is the blob service properties for change feed events enabled? Required for Point-in-Time Restore."
type = bool
default = false
}

variable "blob_properties_restore_policy_days" {
description = "Specifies the number of days that the blob can be restored. Set to null to disable by default. Note: Must be less than blob and container delete retention policy days."
type = number
default = null
}

variable "share_properties_retention_policy_days" {
description = "Specifies the number of days that the file share should be retained. Set to null to disable by default, or provide a number to enable."
type = number
default = null
}

locals {
alert_frequency_map = {
PT5M = "PT1M"
Expand Down