Azure Question posted in
The official documentation to get you started can be found here.

Terraform code not creating multiple rules in Azure Storage lifecycle

I have tried to create Azure storage lifecycle via IAC terraform. But facing the below error.

Expected to create multiples rules for storage lifecycle , but only one rule is created. If we re-run the terraform apply , it is overlapping old rule and still creating 1 rule. I am using default value of variable "rules" .

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=3.72.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_storage_account" "storage_account" {
  name                     = var.storage_account_name
  resource_group_name      = var.resource_group_name
  location                 = var.location
  account_kind             = var.account_kind
  account_tier             = var.account_tier
  account_replication_type = "LRS"
  access_tier              = var.access_tier
}

resource "azurerm_storage_management_policy" "storage_management_policy" {
  storage_account_id = azurerm_storage_account.storage_account.id

  for_each = var.rules

  rule {
    name    = each.value.name
    enabled = true
    
    filters {
      prefix_match = each.value.prefix_match
      blob_types   = ["blockBlob"]
    }

    actions {
      base_blob {
        delete_after_days_since_creation_greater_than= each.value.base_blob.delete_after_days_since_creation_greater_than
      }

    }
  }
}

Var.tf:

variable "storage_account_name" {
  type        = string
  description = "The name of the Storage Account."
  default     = "sakinaka"
}

variable "resource_group_name" {
  type        = string
  description = "The name of the Resource Group where the Storage Account is located."
  default     = "bombay"
}

variable "location" {
  type        = string
  description = "The location where the Storage Account is created."
  default     = "East US"
}

variable "account_kind" {
  type        = string
  description = "The kind of the Storage Account."
  default     = "StorageV2"
}

variable "account_tier" {
  type        = string
  description = "The tier of the Storage Account."
  default     = "Standard"
}

variable "access_tier" {
  type        = string
  description = "The access tier of the Storage Account."
  default     = "Hot"
}

variable "rules" {
  type = map(object({
    name            = string
    prefix_match    = list(string)
    base_blob       = object({
      delete_after_days_since_creation_greater_than  = number
    })
  }))
  default = {
    rule3 = {
      name          = "samplerule3"
      prefix_match  = []
      base_blob     = {
        delete_after_days_since_creation_greater_than  = 365
      }
    },
    rule4 = {
      name          = "samplerule4"
      type          = "Lifecycle"
      prefix_match  = ["arch/"]
      base_blob     = {
        delete_after_days_since_creation_greater_than  = 90
      }
    }
  }
}

Kindly have a look on this

Tags:

2

Answers


  1. 0

    I think in this case you want to use the dynamic block with for_each, something along the lines of:

    resource "azurerm_storage_management_policy" "storage_management_policy" {
  storage_account_id = azurerm_storage_account.storage_account.id

  dynamic "rule" {
    for_each = var.rules
    content {
      enabled = rule.value.enabled
      name    = rule.key

      actions {
        base_blob {
          delete_after_days_since_creation_greater_than = rule.value.base_blob.delete_after_days_since_creation_greater_than
        }
      }
      
      filters {
        blob_types   = rule.value.blob_types
        prefix_match = rule.value.prefix_match
      }
    }
  }
}

    The variable definition would also have to be updated:

    variable "rules" {
  type = map(object({
    name         = string
    enabled      = bool
    prefix_match = list(string)
    blob_types   = list(string)
    base_blob    = object({
      delete_after_days_since_modification_greater_than = number
    })
  }))

  default = {
    rule3 = {
      name         = "rule3"
      enabled      = true
      prefix_match = []
      blob_types   = ["blockBlob"]
      base_blob    = {
        delete_after_days_since_modification_greater_than = 365
      }
    },
    rule4 = {
      name         = "rule4"
      enabled      = true
      prefix_match = ["arch/"]
      blob_types   = ["blockBlob"]
      base_blob    = {
        delete_after_days_since_modification_greater_than = 90
      }
    }
  }
}
    Login or Signup to reply.
  2. 0

    You can use below code to create storage account and 2 lifecycle rules. Follow the Azure Storage Account Management Policy for more details.

    main.tf

    terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=3.72.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_storage_account" "storage_account" {
  name                     = var.storage_account_name
  resource_group_name      = var.resource_group_name
  location                 = var.location
  account_kind             = var.account_kind
  account_tier             = var.account_tier
  account_replication_type = "LRS"
  access_tier              = var.access_tier

  lifecycle {
    prevent_destroy = true
  }
}

resource "azurerm_storage_management_policy" "storage_management_policy" {
  storage_account_id = azurerm_storage_account.storage_account.id

  dynamic "rule" {
    for_each = var.storage_account_rules

    content {
      enabled = rule.value.enabled
      name    = rule.value.name

      actions {
        base_blob {
          delete_after_days_since_modification_greater_than = rule.value.base_blob.delete_after_days_since_modification_greater_than
        }
      }
      
      filters {
        blob_types   =  rule.value.blob_types 
        prefix_match =  rule.value.prefix_match 
      }
    }
  }
}

    varaibles.tf

    variable "storage_account_name" {
  type        = string
  description = "The name of the Storage Account."
  default     = "venaktstoragetest1"
}

variable "resource_group_name" {
  type        = string
  description = "The name of the Resource Group where the Storage Account is located."
  default     = "storage-RG"
}

variable "location" {
  type        = string
  description = "The location where the Storage Account is created."
  default     = "East US"
}

variable "account_kind" {
  type        = string
  description = "The kind of the Storage Account."
  default     = "StorageV2"
}

variable "account_tier" {
  type        = string
  description = "The tier of the Storage Account."
  default     = "Standard"
}

variable "access_tier" {
  type        = string
  description = "The access tier of the Storage Account."
  default     = "Hot"
}

variable "storage_account_rules" {
  type = map(object({
    name      = string
    enabled   = bool
    prefix_match = list(string)
    blob_types  = list(string)
    base_blob = object({
      delete_after_days_since_modification_greater_than = number
    })
  }))

  default = {
    rule1 = {
      name      = "rule1"
      enabled   = true
      prefix_match = ["container1/prefix1"]
      blob_types  = ["blockBlob"]
      base_blob = {
        delete_after_days_since_modification_greater_than = 100
      }
    },
    rule2 = {
      name      = "rule2"
      enabled   = false
      prefix_match = ["container2/prefix1", "container2/prefix2"]
      blob_types  = ["blockBlob"]
      base_blob = {
        delete_after_days_since_modification_greater_than = 101
      }
    }
  }
}

    Terraform apply

    enter image description here

    After executing the terraform, the storage account with 2 lifecycles rules has beeen created successfully.

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search