azurerm_data_protection_backup_instance_blob_storage does not support container selection for vaulted backups

[Arturas-Parulis]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.5

AzureRM Provider Version

3.107.0

Affected Resource(s)/Data Source(s)

azurerm_data_protection_backup_instance_blob_storage

Terraform Configuration Files

resource "azurerm_data_protection_backup_policy_blob_storage" "example" {
  name               = "example-backup-policy"
  vault_id           = azurerm_data_protection_backup_vault.example.id
  vault_default_retention_duration = "P7D"
  backup_repeating_time_intervals   = ["R/2024-06-10T00:00:00+00:00/P1D"]
}

resource "azurerm_data_protection_backup_instance_blob_storage" "example" {
  name               = "example-backup-instance"
  vault_id           = azurerm_data_protection_backup_vault.example.id
  location           = azurerm_resource_group.example.location
  storage_account_id = azurerm_storage_account.example.id
  backup_policy_id   = azurerm_data_protection_backup_policy_blob_storage.example.id

  depends_on = [azurerm_role_assignment.example]
}

Debug Output/Panic Output

Error: waiting for BackupInstance("Backup Instance (Subscription: \"**********\"\nResource Group Name: \"example-group-name\"\nBackup Vault Name: \"example-vault-name\"\nBackup Instance Name: \"example-instance-name\")") policy protection to be completed: unexpected state 'ProtectionError', wanted target 'ProtectionConfigured'. last error: %!s(<nil>)

Expected Behaviour

Select containers to which vaulted backups are applicable.
This can be done with REST API (the policy parameter section) where you select containers to backup: https://learn.microsoft.com/en-us/azure/backup/backup-azure-dataprotection-use-rest-api-backup-blobs

Actual Behaviour

Backup has a ProtectionError

In the portal, in the json part, you can see the error that no containers were selected.

Steps to Reproduce

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_storage_account" "example" {
  name                     = "storageaccountname"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_data_protection_backup_vault" "example" {
  name                = "example-backup-vault"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  datastore_type      = "VaultStore"
  redundancy          = "LocallyRedundant"
  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_role_assignment" "example" {
  scope                = azurerm_storage_account.example.id
  role_definition_name = "Storage Account Backup Contributor"
  principal_id         = azurerm_data_protection_backup_vault.example.identity[0].principal_id
}

resource "azurerm_data_protection_backup_policy_blob_storage" "example" {
  name               = "example-backup-policy"
  vault_id           = azurerm_data_protection_backup_vault.example.id
  vault_default_retention_duration = "P7D"
  backup_repeating_time_intervals = ["R/2024-06-10T00:00:00+00:00/P1D"]
}

resource "azurerm_data_protection_backup_instance_blob_storage" "example" {
  name               = "example-backup-instance"
  vault_id           = azurerm_data_protection_backup_vault.example.id
  location           = azurerm_resource_group.example.location
  storage_account_id = azurerm_storage_account.example.id
  backup_policy_id   = azurerm_data_protection_backup_policy_blob_storage.example.id

  depends_on = [azurerm_role_assignment.example]
}

terraform apply

Important Factoids

No response

References

No response

[neil-yechenwei]

Thanks for raising this issue. Seems I can't reproduce it with tf config you provided on my local. Could you double check if the issue still exists? Thanks.

[Arturas-Parulis]

Sorry, the backup_policy should have vault default retention duration.

resource "azurerm_data_protection_backup_policy_blob_storage" "example" {
  name               = "example-backup-policy"
  vault_id           = azurerm_data_protection_backup_vault.example.id
  vault_default_retention_duration = "P7D"
  backup_repeating_time_intervals = ["R/2024-06-10T00:00:00+00:00/P1D"]
}

[Arturas-Parulis]

#26232

Maybe this PR would solve the issue.

[Arturas-Parulis]

Solved as container selection was added with 3.109 with the addition of property "storage_account_container_names"

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.