From cd5176ea387e4eb57b77a14f0f3ed7799c191004 Mon Sep 17 00:00:00 2001
From: kevindelmont <133667252+kevindelmont@users.noreply.github.com>
Date: Wed, 29 Nov 2023 08:58:49 +0100
Subject: [PATCH] Add diagnostic on Azure Recovery Service Vault (#1824)

* Add diagnostic on Azure Recovery Service Vault

* fix example - missing closing bracket

* fix
---
 .github/workflows/standalone-scenarios.json   |   1 +
 .../107-asr-diagnostics/configuration.tfvars  | 151 ++++++++++++++++++
 modules/recovery_vault/diagnostics.tf         |   1 +
 modules/recovery_vault/variables.tf           |   9 +-
 recovery_vaults.tf                            |   1 +
 5 files changed, 162 insertions(+), 1 deletion(-)
 create mode 100644 examples/recovery_vault/107-asr-diagnostics/configuration.tfvars

diff --git a/.github/workflows/standalone-scenarios.json b/.github/workflows/standalone-scenarios.json
index 8e74ef48c4..7cf7abe72d 100644
--- a/.github/workflows/standalone-scenarios.json
+++ b/.github/workflows/standalone-scenarios.json
@@ -137,6 +137,7 @@
     "recovery_vault/104-backupvault-with-private-endpoint",
     "recovery_vault/105-asr-with-network-mapping",
     "recovery_vault/106-backupvault-with-sqldatabase-saphana",
+    "recovery_vault/107-asr-diagnostics",
     "redis_cache/103-redis-private-endpoints",
     "role_mapping/100-simple-role-mapping",
     "role_mapping/101-function-app-managed-identity",
diff --git a/examples/recovery_vault/107-asr-diagnostics/configuration.tfvars b/examples/recovery_vault/107-asr-diagnostics/configuration.tfvars
new file mode 100644
index 0000000000..bd90d904f5
--- /dev/null
+++ b/examples/recovery_vault/107-asr-diagnostics/configuration.tfvars
@@ -0,0 +1,151 @@
+global_settings = {
+  regions = {
+    region1 = "australiaeast"
+    region2 = "australiacentral"
+  }
+}
+resource_groups = {
+  primary = {
+    name = "sharedsvc_re1"
+  }
+}
+diagnostics_definition = {
+  azure_site_recovery = {
+    name                           = "operational_logs_and_metrics"
+    log_analytics_destination_type = "Dedicated"
+    categories = {
+      log = [
+        # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
+        ["AzureBackupReport", true, true, 0],
+        ["CoreAzureBackup", true, true, 0],
+        ["AddonAzureBackupAlerts", true, true, 0],
+        ["AddonAzureBackupJobs", true, true, 0],
+        ["AddonAzureBackupPolicy", true, true, 0],
+        ["AddonAzureBackupProtectedInstance", true, true, 0],
+        ["AddonAzureBackupStorage", true, true, 0],
+        ["AzureSiteRecoveryJobs", true, true, 0],
+        ["AzureSiteRecoveryEvents", true, true, 0],
+        ["AzureSiteRecoveryReplicatedItems", true, true, 0],
+        ["AzureSiteRecoveryReplicationStats", true, true, 0],
+        ["AzureSiteRecoveryRecoveryPoints", true, true, 0],
+        ["AzureSiteRecoveryReplicationDataUploadRate", true, true, 0],
+        ["AzureSiteRecoveryProtectedDiskDataChurn", true, true, 0],
+      ]
+      metric = [
+        ["AllMetrics", true, true, 0],
+      ]
+    }
+  }
+}
+
+diagnostic_event_hub_namespaces = {
+  event_hub_namespace1 = {
+    name               = "operation_logs"
+    resource_group_key = "primary"
+    sku                = "Standard"
+    region             = "region1"
+  }
+}
+
+diagnostics_destinations = {
+  event_hub_namespaces = {
+    central_logs_example = {
+      event_hub_namespace_key = "event_hub_namespace1"
+    }
+  }
+}
+
+recovery_vaults = {
+  asr1 = {
+    name               = "vault_re1"
+    resource_group_key = "primary"
+
+    diagnostic_profiles = {
+      azure_site_recovery = {
+        definition_key   = "azure_site_recovery"
+        destination_type = "event_hub"
+        destination_key  = "central_logs_example"
+      }
+    }
+    region = "region1"
+
+    replication_policies = {
+      repl1 = {
+        name               = "policy1"
+        resource_group_key = "primary"
+
+        recovery_point_retention_in_minutes                  = 24 * 60
+        application_consistent_snapshot_frequency_in_minutes = 4 * 60
+      }
+    }
+
+
+    backup_policies = {
+      vms = {
+        policy1 = {
+          name                           = "VMBackupPolicy1"
+          vault_key                      = "asr1"
+          rg_key                         = "primary"
+          timezone                       = "UTC"
+          instant_restore_retention_days = 5
+          backup = {
+            frequency = "Daily"
+            time      = "23:00"
+            #if not desired daily, can pick weekdays as below:
+            #weekdays  = ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"]
+          }
+          retention_daily = {
+            count = 10
+          }
+          retention_weekly = {
+            count    = 42
+            weekdays = ["Sunday", "Wednesday", "Friday", "Saturday"]
+          }
+          retention_monthly = {
+            count    = 7
+            weekdays = ["Sunday", "Wednesday"]
+            weeks    = ["First", "Last"]
+          }
+          retention_yearly = {
+            count    = 7
+            weekdays = ["Sunday"]
+            weeks    = ["Last"]
+            months   = ["January"]
+          }
+        }
+      }
+
+      fs = {
+        policy1 = {
+          name      = "FSBackupPolicy1"
+          vault_key = "asr1"
+          rg_key    = "primary"
+          timezone  = "UTC"
+          backup = {
+            frequency = "Daily"
+            time      = "23:00"
+          }
+          retention_daily = {
+            count = 1
+          }
+          retention_weekly = {
+            count    = 1
+            weekdays = ["Sunday", "Wednesday", "Friday", "Saturday"]
+          }
+          retention_monthly = {
+            count    = 1
+            weekdays = ["Sunday", "Wednesday"]
+            weeks    = ["First", "Last"]
+          }
+          retention_yearly = {
+            count    = 2
+            weekdays = ["Sunday"]
+            weeks    = ["Last"]
+            months   = ["January"]
+          }
+        }
+      }
+    }
+  }
+
+}
diff --git a/modules/recovery_vault/diagnostics.tf b/modules/recovery_vault/diagnostics.tf
index 0caaba4e20..50f56b34e9 100644
--- a/modules/recovery_vault/diagnostics.tf
+++ b/modules/recovery_vault/diagnostics.tf
@@ -1,6 +1,7 @@
 
 module "diagnostics" {
   source = "../diagnostics"
+  count  = var.diagnostic_profiles == null ? 0 : 1
 
   resource_id       = azurerm_recovery_services_vault.asr.id
   resource_location = local.location
diff --git a/modules/recovery_vault/variables.tf b/modules/recovery_vault/variables.tf
index 5f4359b7e4..aeae2a877a 100644
--- a/modules/recovery_vault/variables.tf
+++ b/modules/recovery_vault/variables.tf
@@ -4,7 +4,14 @@ variable "global_settings" {
   description = "Global settings object (see module README.md)"
 }
 
-variable "diagnostics" {}
+variable "diagnostic_profiles" {
+  default = {}
+}
+
+variable "diagnostics" {
+  default = null
+}
+
 variable "private_endpoints" {}
 variable "vnets" {}
 variable "client_config" {
diff --git a/recovery_vaults.tf b/recovery_vaults.tf
index 2449c3d201..47a45ccb57 100644
--- a/recovery_vaults.tf
+++ b/recovery_vaults.tf
@@ -6,6 +6,7 @@ module "recovery_vaults" {
   global_settings   = local.global_settings
   client_config     = local.client_config
   settings          = each.value
+  diagnostic_profiles = try(each.value.diagnostic_profiles, {})
   diagnostics       = local.combined_diagnostics
   identity          = try(each.value.identity, null)
   vnets             = try(local.combined_objects_networking, {})