0
votes

I have a storage account created in azure portal(out side of terraform). I want to configure lifecycle management policy to delete older blob. I have tried terraform import to import the resource(storage account), but seems settings are different terraform plan, when I run terraform plan it say, it will replace or create storage account.

But I dont want to recreate the storage account which has some date in it.

provider "azurerm" {
  features {}
  skip_provider_registration = "true"
}

variable "LOCATION" {
  default     = "northeurope"
  description = "Region to deploy into"
}

variable "RESOURCE_GROUP" {
  default     = "[RETRACTED]" # The value is same in azure portal
  description = "Name of the resource group"
}

variable "STORAGE_ACCOUNT" {
  default     = "[RETRACTED]" # The value is same in azure portal
  description = "Name of the storage account where to store the backup"
}

variable "STORAGE_ACCOUNT_RETENTION_DAYS" {
  default     = "180"
  description = "Number of days to keep the backups"
}

resource "azurerm_resource_group" "storage-account" {
  name     = var.RESOURCE_GROUP
  location = var.LOCATION
}

resource "azurerm_storage_account" "storage-account-lifecycle" {
  name                     = var.STORAGE_ACCOUNT
  location                 = azurerm_resource_group.storage-account.location
  resource_group_name      = azurerm_resource_group.storage-account.name
  account_tier             = "Standard"
  account_replication_type = "RAGRS" #Read-access geo-redundant storage

}

resource "azurerm_storage_management_policy" "storage-account-lifecycle-management-policy" {
  storage_account_id = azurerm_storage_account.storage-account-lifecycle.id

  rule {
    name    = "DeleteOldBackups"
    enabled = true
    filters {
      blob_types = ["blockBlob"]
    }
    actions {
      base_blob {
        delete_after_days_since_modification_greater_than = var.STORAGE_ACCOUNT_RETENTION_DAYS
      }
    }
  }
}

Import resource

$ terraform import azurerm_storage_account.storage-account-lifecycle /subscriptions/[RETRACTED]
azurerm_storage_account.storage-account-lifecycle: Importing from ID "/subscriptions/[RETRACTED]...
azurerm_storage_account.storage-account-lifecycle: Import prepared!
  Prepared azurerm_storage_account for import
azurerm_storage_account.storage-account-lifecycle: Refreshing state... [id=/subscriptions/[RETRACTED]]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

The plan is below

$ terraform plan
azurerm_storage_account.storage-account-lifecycle: Refreshing state... [id=/subscriptions/[RETRACTED]]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply":


Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following
plan may include actions to undo or respond to these changes.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  + create

Terraform will perform the following actions:

  # azurerm_resource_group.storage-account will be created
  + resource "azurerm_resource_group" "storage-account" {
      + id       = (known after apply)
      + location = "northeurope"
      + name     = "[RETRACTED]"
    }

  # azurerm_storage_management_policy.storage-account-lifecycle-management-policy will be created
  + resource "azurerm_storage_management_policy" "storage-account-lifecycle-management-policy" {
      + id                 = (known after apply)
      + storage_account_id = "/subscriptions/[RETRACTED]"

      + rule {
          + enabled = true
          + name    = "DeleteOldBackups"

          + actions {
              + base_blob {
                  + delete_after_days_since_modification_greater_than = 180
                }
            }

          + filters {
              + blob_types = [
                  + "blockBlob",
                ]
            }
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform
apply" now.

From the plan, I see it will create "storage account". I also tried removing azurerm_storage_account section and specified resource id for the var storage_account_id in azurerm_storage_management_policy section, but still it is saying # azurerm_resource_group.storage-account will be created.

How to configure lifecycle management policy without modifying/creating existing storage account.

PS: This is my first terraform script

1
According to the plan, it will create resource group.Jim Xu

1 Answers

0
votes

Ok, I see the problem as @Jim Xu pointed in the comment. I didn't import resource group which is what it is saying. I imported resource group like and ran terraform plan

$ terraform import azurerm_resource_group.storage-account /subscriptions/[RETRACTED]
$ $ terraform plan
azurerm_resource_group.storage-account: Refreshing state... [id=/subscriptions/[RETRACTED]]
azurerm_storage_account.storage-account-lifecycle: Refreshing state... [id=/subscriptions/[RETRACTED]]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply":


Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following
plan may include actions to undo or respond to these changes.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  + create

Terraform will perform the following actions:

  # azurerm_storage_management_policy.storage-account-lifecycle-management-policy will be created
  + resource "azurerm_storage_management_policy" "storage-account-lifecycle-management-policy" {
      + id                 = (known after apply)
      + storage_account_id = "/subscriptions/[RETRACTED]"

      + rule {
          + enabled = true
          + name    = "DeleteOldBackups"

          + actions {
              + base_blob {
                  + delete_after_days_since_modification_greater_than = 180
                }
            }

          + filters {
              + blob_types = [
                  + "blockBlob",
                ]
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.