Azure Terraspace Plugin

The Azure Terraspace Plugin adds support for the automatic creation of the backend storage Azure storage account, storage container, and resource group. By default, as of v0.4.0:

The plugin settings are configurable with:

config/plugins/azurerm.rb

TerraspacePluginAzurerm.configure do |config|
  config.auto_create = true # set to false to completely disable auto creation

  config.resource_group.update_existing = false

  config.storage_account.sku.name = "Standard_LRS"
  config.storage_account.sku.tier = "Standard"

  config.storage_account.update_existing = false
  config.storage_account.allow_blob_public_access = false

  # data protection management
  config.storage_account.configure_data_protection_for_existing = false
  config.storage_account.delete_retention_policy.days = 365
  config.storage_account.delete_retention_policy.enabled = true
  config.storage_account.is_versioning_enabled = true

  config.tags = {env: Terraspace.env, terraspace: true}
end

Plugin Options

Name Description Default
auto_create Whether or not to automatically create the Azure Storage Account. true
location Azure location. By default, it is automatically detected. nil
secrets.vault Key Vault name. Used by the azure_secret helper. nil
storage_account.sku.name Storage account SKU name. Standard_LRS
storage_account.sku.tier Storage account SKU tier. Standard
storage_account.update_existing Whether or not to update the existing storage account settings. Applies to settings directly set via the Azure Storage Account Service. Azure Ruby SDK Docs: StorageAccountUpdateParameters. Surfaced settings to Terraspace Azure plugin: terraspace_plugin_azurerm/interfaces/backend/storage_account.rb IE: allow_blob_public_access false
storage_account.allow_blob_public_access Whether or not to allow blob public access at the storage account level. Data is already private by default. This is an additional guardrail false
storage_account.configure_data_protection_for_existing Whether or not to configure the data protection settings for existing Storage Accounts. By default this is off to avoid the Azure API every time terraspace up is ran. For brand new Storage Accounts created by Terraspace, data protection settings will be configured. Applies to settings via the Azure BlobService. Azure SDK Docs: BlobServiceProperties Surfaced settings to Terraspace Azure Plugin: terraspace_plugin_azurerm/interfaces/backend/storage_account.rb false
storage_account.delete_retention_policy.days Number of days to retain blobs and containers after deleted. 365
storage_account.delete_retention_policy.days Number of days to retain blobs and containers after deleted. true
storage_account.blob_delete_retention_policy.days Number of days to retain blobs after deleted. Overrides the delete_retention_policy.days setting. 365
storage_account.blob_delete_retention_policy.enabled Whether or not to enable the retention policy for blobs. Overrides the delete_retention_policy.enabled setting. true
storage_account.container_delete_retention_policy.days Number of days to retain containers after deleted. Overrides the delete_retention_policy.days setting. 365
storage_account.container_delete_retention_policy.enabled Whether or not to enable the retention policy for containers. Overrides the delete_retention_policy.enabled setting. true
storage_account.is_versioning_enabled Enables versioning for blobs. true

The full list refer to plugin source code: terraspace_plugin_azurerm.

More tools: