From 286fac3284d1bf881e12e69723c2c4a838f355f8 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 6 Dec 2021 20:15:35 +0100 Subject: [PATCH 1/3] Added backup config to rsv module --- .../vaults/.parameters/parameters.json | 6 ++ .../backupConfig/.bicep/nested_cuaId.bicep | 1 + .../vaults/backupConfig/deploy.bicep | 82 +++++++++++++++++++ .../vaults/backupConfig/readme.md | 35 ++++++++ .../vaults/deploy.bicep | 17 ++++ .../vaults/readme.md | 3 + 6 files changed, 144 insertions(+) create mode 100644 arm/Microsoft.RecoveryServices/vaults/backupConfig/.bicep/nested_cuaId.bicep create mode 100644 arm/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep create mode 100644 arm/Microsoft.RecoveryServices/vaults/backupConfig/readme.md diff --git a/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json b/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json index a575657a6e..dd44b491a5 100644 --- a/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json +++ b/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json @@ -5,6 +5,12 @@ "name": { "value": "sxx-az-rsv-x-001" }, + "backupConfig": { + "value": { + "enhancedSecurityState": "Disabled", + "softDeleteFeatureState": "Disabled" + } + }, "backupPolicies": { "value": [ { diff --git a/arm/Microsoft.RecoveryServices/vaults/backupConfig/.bicep/nested_cuaId.bicep b/arm/Microsoft.RecoveryServices/vaults/backupConfig/.bicep/nested_cuaId.bicep new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/arm/Microsoft.RecoveryServices/vaults/backupConfig/.bicep/nested_cuaId.bicep @@ -0,0 +1 @@ + diff --git a/arm/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep new file mode 100644 index 0000000000..3beaadb916 --- /dev/null +++ b/arm/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep @@ -0,0 +1,82 @@ +@description('Required. Name of the Azure Recovery Service Vault') +@minLength(1) +param recoveryVaultName string + +@description('Optional. Name of the Azure Recovery Service Vault Backup Policy') +param name string = 'vaultconfig' + +@description('Optional. Enable this setting to protect hybrid backups against accidental deletes and add additional layer of authentication for critical operations.') +@allowed([ + 'Disabled' + 'Enabled' +]) +param enhancedSecurityState string = 'Enabled' + +@description('Optional. ResourceGuard Operation Requests') +param resourceGuardOperationRequests array = [] + +@description('Optional. Enable this setting to protect backup data for Azure VM, SQL Server in Azure VM and SAP HANA in Azure VM from accidental deletes') +@allowed([ + 'Disabled' + 'Enabled' +]) +param softDeleteFeatureState string = 'Enabled' + +@description('Optional. Storage type') +@allowed([ + 'GeoRedundant' + 'LocallyRedundant' + 'ReadAccessGeoZoneRedundant' + 'ZoneRedundant' +]) +param storageModelType string = 'GeoRedundant' + +@description('Optional. Storage type') +@allowed([ + 'GeoRedundant' + 'LocallyRedundant' + 'ReadAccessGeoZoneRedundant' + 'ZoneRedundant' +]) +param storageType string = 'GeoRedundant' + +@description('Optional. Once a machine is registered against a resource, the storageTypeState is always Locked.') +@allowed([ + 'Locked' + 'Unlocked' +]) +param storageTypeState string = 'Locked' + +@description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') +param cuaId string = '' + +module pid_cuaId './.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { + name: 'pid-${cuaId}' + params: {} +} + +resource rsv 'Microsoft.RecoveryServices/vaults@2021-08-01' existing = { + name: recoveryVaultName +} + +resource backupConfig 'Microsoft.RecoveryServices/vaults/backupconfig@2021-08-01' = { + name: name + parent: rsv + properties: { + enhancedSecurityState: enhancedSecurityState + resourceGuardOperationRequests: resourceGuardOperationRequests + softDeleteFeatureState: softDeleteFeatureState + storageModelType: storageModelType + storageType: storageType + storageTypeState: storageTypeState + } +} + +@description('The name of the backup config') +output backupConfigName string = backupConfig.name + +@description('The Resource ID of the backup config') +output backupConfigResourceId string = backupConfig.id + +@description('The name of the Resource Group the backup config was created in.') +output backupConfigResourceGroup string = resourceGroup().name diff --git a/arm/Microsoft.RecoveryServices/vaults/backupConfig/readme.md b/arm/Microsoft.RecoveryServices/vaults/backupConfig/readme.md new file mode 100644 index 0000000000..aec587b7d6 --- /dev/null +++ b/arm/Microsoft.RecoveryServices/vaults/backupConfig/readme.md @@ -0,0 +1,35 @@ +# Recovery Services Vault Backup Config `[Microsoft.RecoveryServices/vaults/backupconfig]` + +This module deploys recovery services vault backup config. + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.RecoveryServices/vaults/backupconfig` | 2021-08-01 | + +## Parameters + +| Parameter Name | Type | Default Value | Possible Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `enhancedSecurityState` | string | `Enabled` | `[Disabled, Enabled]` | Optional. Enable this setting to protect hybrid backups against accidental deletes and add additional layer of authentication for critical operations. | +| `name` | string | `vaultconfig` | | Optional. Name of the Azure Recovery Service Vault Backup Policy | +| `recoveryVaultName` | string | | | Required. Name of the Azure Recovery Service Vault | +| `resourceGuardOperationRequests` | array | `[]` | | Optional. ResourceGuard Operation Requests | +| `softDeleteFeatureState` | string | `Enabled` | `[Disabled, Enabled]` | Optional. Enable this setting to protect backup data for Azure VM, SQL Server in Azure VM and SAP HANA in Azure VM from accidental deletes | +| `storageModelType` | string | `GeoRedundant` | `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` | Optional. Storage type | +| `storageType` | string | `GeoRedundant` | `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` | Optional. Storage type | +| `storageTypeState` | string | `Locked` | `[Locked, Unlocked]` | Optional. Once a machine is registered against a resource, the storageTypeState is always Locked. | + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `backupConfigName` | string | The name of the backup config | +| `backupConfigResourceGroup` | string | The name of the Resource Group the backup config was created in. | +| `backupConfigResourceId` | string | The Resource ID of the backup config | + +## Template references + +- [Vaults/Backupconfig](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupconfig) diff --git a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep index 8ec2d1e4e7..54fa5f8392 100644 --- a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep @@ -14,6 +14,9 @@ param location string = resourceGroup().location @description('Optional. List of all backup policies.') param backupPolicies array = [] +@description('Optional. The backup configuration.') +param backupConfig object = {} + @description('Optional. List of all protection containers.') @minLength(0) param protectionContainers array = [] @@ -170,6 +173,20 @@ module rsv_backupPolicies 'backupPolicies/deploy.bicep' = [for (backupPolicy, in } }] +module rsv_backupConfig 'backupConfig/deploy.bicep' = if (!empty(backupConfig)) { + name: '${uniqueString(deployment().name, location)}-RSV-BackupConfig' + params: { + recoveryVaultName: rsv.name + name: contains(backupConfig, 'name') ? backupConfig.name : 'vaultconfig' + enhancedSecurityState: contains(backupConfig, 'enhancedSecurityState') ? backupConfig.enhancedSecurityState : 'Enabled' + resourceGuardOperationRequests: contains(backupConfig, 'resourceGuardOperationRequests') ? backupConfig.resourceGuardOperationRequests : [] + softDeleteFeatureState: contains(backupConfig, 'softDeleteFeatureState') ? backupConfig.softDeleteFeatureState : 'Enabled' + storageModelType: contains(backupConfig, 'storageModelType') ? backupConfig.storageModelType : 'GeoRedundant' + storageType: contains(backupConfig, 'storageType') ? backupConfig.storageType : 'GeoRedundant' + storageTypeState: contains(backupConfig, 'storageTypeState') ? backupConfig.storageTypeState : 'Locked' + } +} + resource rsv_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { name: '${rsv.name}-${lock}-lock' properties: { diff --git a/arm/Microsoft.RecoveryServices/vaults/readme.md b/arm/Microsoft.RecoveryServices/vaults/readme.md index bef829c61f..1d21d42b42 100644 --- a/arm/Microsoft.RecoveryServices/vaults/readme.md +++ b/arm/Microsoft.RecoveryServices/vaults/readme.md @@ -10,6 +10,7 @@ This module deploys a recovery service vault. | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.RecoveryServices/vaults` | 2021-08-01 | +| `Microsoft.RecoveryServices/vaults/backupconfig` | 2021-08-01 | | `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers` | 2021-08-01 | | `Microsoft.RecoveryServices/vaults/backupPolicies` | 2021-08-01 | | `Microsoft.RecoveryServices/vaults/backupstorageconfig` | 2021-08-01 | @@ -18,6 +19,7 @@ This module deploys a recovery service vault. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | +| `backupConfig` | _[backupConfig](backupConfig/readme.md)_ object | `{object}` | | Optional. The backup configuration. | | `backupPolicies` | _[backupPolicies](backupPolicies/readme.md)_ array | `[]` | | Optional. List of all backup policies. | | `backupStorageConfig` | _[backupStorageConfig](backupStorageConfig/readme.md)_ object | `{object}` | | Optional. The storage configuration for the Azure Recovery Service Vault | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | @@ -357,6 +359,7 @@ You can specify multiple user assigned identities to a resource by providing add - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Vaults](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults) +- [Vaults/Backupconfig](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupconfig) - [Vaults/Backupfabrics/Protectioncontainers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupFabrics/protectionContainers) - [Vaults/Backuppolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupPolicies) - [Vaults/Backupstorageconfig](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupstorageconfig) From 0b775bf7204f4c7254fa0a26959c267f2519cc79 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 6 Dec 2021 22:12:02 +0100 Subject: [PATCH 2/3] Update to latest --- .../vaults/backupConfig/deploy.bicep | 5 ++--- .../vaults/backupConfig/readme.md | 4 ++-- .../vaults/backupPolicies/deploy.bicep | 4 ++-- .../vaults/backupPolicies/readme.md | 4 ++-- arm/Microsoft.RecoveryServices/vaults/deploy.bicep | 6 +++--- arm/Microsoft.RecoveryServices/vaults/readme.md | 6 +++--- 6 files changed, 14 insertions(+), 15 deletions(-) diff --git a/arm/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep index 3beaadb916..aaa8464dc0 100644 --- a/arm/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep @@ -1,5 +1,4 @@ @description('Required. Name of the Azure Recovery Service Vault') -@minLength(1) param recoveryVaultName string @description('Optional. Name of the Azure Recovery Service Vault Backup Policy') @@ -75,8 +74,8 @@ resource backupConfig 'Microsoft.RecoveryServices/vaults/backupconfig@2021-08-01 @description('The name of the backup config') output backupConfigName string = backupConfig.name -@description('The Resource ID of the backup config') +@description('The resource ID of the backup config') output backupConfigResourceId string = backupConfig.id -@description('The name of the Resource Group the backup config was created in.') +@description('The name of the resource group the backup config was created in.') output backupConfigResourceGroup string = resourceGroup().name diff --git a/arm/Microsoft.RecoveryServices/vaults/backupConfig/readme.md b/arm/Microsoft.RecoveryServices/vaults/backupConfig/readme.md index aec587b7d6..530d35af21 100644 --- a/arm/Microsoft.RecoveryServices/vaults/backupConfig/readme.md +++ b/arm/Microsoft.RecoveryServices/vaults/backupConfig/readme.md @@ -27,8 +27,8 @@ This module deploys recovery services vault backup config. | Output Name | Type | Description | | :-- | :-- | :-- | | `backupConfigName` | string | The name of the backup config | -| `backupConfigResourceGroup` | string | The name of the Resource Group the backup config was created in. | -| `backupConfigResourceId` | string | The Resource ID of the backup config | +| `backupConfigResourceGroup` | string | The name of the resource group the backup config was created in. | +| `backupConfigResourceId` | string | The resource ID of the backup config | ## Template references diff --git a/arm/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep index 60596e5caf..845f913f99 100644 --- a/arm/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep @@ -29,8 +29,8 @@ resource backupPolicy 'Microsoft.RecoveryServices/vaults/backupPolicies@2021-08- @description('The name of the backup policy') output backupPolicyName string = backupPolicy.name -@description('The Resource ID of the backup policy') +@description('The resource ID of the backup policy') output backupPolicyResourceId string = backupPolicy.id -@description('The name of the Resource Group the backup policy was created in.') +@description('The name of the resource group the backup policy was created in.') output backupPolicyResourceGroup string = resourceGroup().name diff --git a/arm/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md b/arm/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md index 781229bbad..237b87fbfd 100644 --- a/arm/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md +++ b/arm/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md @@ -110,8 +110,8 @@ Object continaining the configuration for backup policies. It needs to be proper | Output Name | Type | Description | | :-- | :-- | :-- | | `backupPolicyName` | string | The name of the backup policy | -| `backupPolicyResourceGroup` | string | The name of the Resource Group the backup policy was created in. | -| `backupPolicyResourceId` | string | The Resource ID of the backup policy | +| `backupPolicyResourceGroup` | string | The name of the resource group the backup policy was created in. | +| `backupPolicyResourceId` | string | The resource ID of the backup policy | ## Template references diff --git a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep index 54fa5f8392..a73c1b5942 100644 --- a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep @@ -218,13 +218,13 @@ module rsv_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) in rol } }] -@description('The resource ID of the Recovery Services Vault') +@description('The resource ID of the recovery services vault') output recoveryServicesVaultResourceId string = rsv.id -@description('The name of the Resource Group the Recovery Services Vault was created in') +@description('The name of the resource group the recovery services vault was created in') output recoveryServicesVaultResourceGroup string = resourceGroup().name -@description('The Name of the Recovery Services Vault') +@description('The Name of the recovery services vault') output recoveryServicesVaultName string = rsv.name @description('The principal ID of the system assigned identity.') diff --git a/arm/Microsoft.RecoveryServices/vaults/readme.md b/arm/Microsoft.RecoveryServices/vaults/readme.md index 1d21d42b42..78c7dfd2fd 100644 --- a/arm/Microsoft.RecoveryServices/vaults/readme.md +++ b/arm/Microsoft.RecoveryServices/vaults/readme.md @@ -348,9 +348,9 @@ You can specify multiple user assigned identities to a resource by providing add | Output Name | Type | Description | | :-- | :-- | :-- | -| `recoveryServicesVaultName` | string | The Name of the Recovery Services Vault | -| `recoveryServicesVaultResourceGroup` | string | The name of the Resource Group the Recovery Services Vault was created in | -| `recoveryServicesVaultResourceId` | string | The resource ID of the Recovery Services Vault | +| `recoveryServicesVaultName` | string | The Name of the recovery services vault | +| `recoveryServicesVaultResourceGroup` | string | The name of the resource group the recovery services vault was created in | +| `recoveryServicesVaultResourceId` | string | The resource ID of the recovery services vault | | `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | ## Template references From 16497dec86487da9a2bcdfced963016e283e507d Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 6 Dec 2021 22:21:26 +0100 Subject: [PATCH 3/3] Update to latest --- .../vaults/backupPolicies/deploy.bicep | 1 - .../vaults/backupStorageConfig/deploy.bicep | 1 - arm/Microsoft.RecoveryServices/vaults/deploy.bicep | 1 - .../vaults/protectionContainers/deploy.bicep | 1 - 4 files changed, 4 deletions(-) diff --git a/arm/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep index 845f913f99..de18d25358 100644 --- a/arm/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep @@ -1,5 +1,4 @@ @description('Required. Name of the Azure Recovery Service Vault') -@minLength(1) param recoveryVaultName string @description('Required. Name of the Azure Recovery Service Vault Backup Policy') diff --git a/arm/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep index a22171776d..f8fa588a87 100644 --- a/arm/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep @@ -1,5 +1,4 @@ @description('Required. Name of the Azure Recovery Service Vault') -@minLength(1) param recoveryVaultName string @description('Optional. The name of the backup storage config') diff --git a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep index a73c1b5942..866f57ad00 100644 --- a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep @@ -1,5 +1,4 @@ @description('Required. Name of the Azure Recovery Service Vault') -@minLength(1) param name string @description('Optional. The storage configuration for the Azure Recovery Service Vault') diff --git a/arm/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep index 5ba15da6e3..36d5c8aa0b 100644 --- a/arm/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep @@ -1,5 +1,4 @@ @description('Required. Name of the Azure Recovery Service Vault') -@minLength(1) param recoveryVaultName string @description('Required. Name of the Azure Recovery Service Vault Protection Container')