backup: added suuport for cross region copy for vpc backup

IBM-Cloud · Jul 19, 2023 · bdb7195 · bdb7195
1 parent 7293a8a
commit bdb7195
Show file tree

Hide file tree

Showing 13 changed files with 411 additions and 5 deletions.
diff --git a/go.mod b/go.mod
@@ -30,7 +30,7 @@ require (
 	github.com/IBM/schematics-go-sdk v0.2.1
 	github.com/IBM/secrets-manager-go-sdk/v2 v2.0.0
 	github.com/IBM/vpc-beta-go-sdk v0.4.0
-	github.com/IBM/vpc-go-sdk v0.38.0
+	github.com/IBM/vpc-go-sdk v0.40.0
 	github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5
 	github.com/Shopify/sarama v1.29.1
 	github.com/apache/openwhisk-client-go v0.0.0-20200201143223-a804fb82d105

diff --git a/go.sum b/go.sum
@@ -174,6 +174,10 @@ github.com/IBM/vpc-beta-go-sdk v0.4.0 h1:OxABcc2GeclCMN/bpcQfM2cmNB2GuajwuocsPJS
 github.com/IBM/vpc-beta-go-sdk v0.4.0/go.mod h1:fzHDAQIqH/5yJmYsKodKHLcqxMDT+yfH6vZjdiw8CQA=
 github.com/IBM/vpc-go-sdk v0.38.0 h1:iB2/ukDciK6s2VBnMmNQeZqenOaUXJSt+V2M4fMjAnM=
 github.com/IBM/vpc-go-sdk v0.38.0/go.mod h1:MgZrbITC067AlcE5oy4hwylasFvrePL4RVxeF6GTdKQ=
+github.com/IBM/vpc-go-sdk v0.39.0 h1:5O7MnZJCpcuxx4g0HXznnvVAWGroVkqfp2aIxBlIdk4=
+github.com/IBM/vpc-go-sdk v0.39.0/go.mod h1:MgZrbITC067AlcE5oy4hwylasFvrePL4RVxeF6GTdKQ=
+github.com/IBM/vpc-go-sdk v0.40.0 h1:p4E1dIQc6+WmqLwRTzgWA2udqFw6nypOg+8R0WxTgX0=
+github.com/IBM/vpc-go-sdk v0.40.0/go.mod h1:MgZrbITC067AlcE5oy4hwylasFvrePL4RVxeF6GTdKQ=
 github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
 github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
 github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56 h1:vuquMR410psHNax14XKNWa0Ae/kYgWJcXi0IFuX60N0=

diff --git a/ibm/acctest/acctest.go b/ibm/acctest/acctest.go
@@ -141,6 +141,7 @@ var IcdDbTaskId string
 var KmsInstanceID string
 var CrkID string
 var KmsAccountID string
+var BaasEncryptionkeyCRN string
 
 // for snapshot encryption
 var IsKMSInstanceId string
@@ -632,6 +633,12 @@ func init() {
 		fmt.Println("[INFO] Set the environment variable IS_BACKUP_POLICY_ID for testing ibm_is_backup_policy_jobs datasource")
 	}
 
+	BaasEncryptionkeyCRN = os.Getenv("IS_REMOTE_CP_BAAS_ENCRYPTION_KEY_CRN")
+	if BaasEncryptionkeyCRN == "" {
+		BaasEncryptionkeyCRN = "crn:v1:bluemix:public:kms:us-south:a/dffc98a0f1f0f95f6613b3b752286b87:e4a29d1a-2ef0-42a6-8fd2-350deb1c647e:key:5437653b-c4b1-447f-9646-b2a2a4cd6179"
+		fmt.Println("[INFO] Set the environment variable IS_REMOTE_CP_BAAS_ENCRYPTION_KEY_CRN for testing remote_copies_policy with Baas plans, else it is set to default value, 'crn:v1:bluemix:public:kms:us-south:a/dffc98a0f1f0f95f6613b3b752286b87:e4a29d1a-2ef0-42a6-8fd2-350deb1c647e:key:5437653b-c4b1-447f-9646-b2a2a4cd6179'")
+	}
+
 	InstanceProfileName = os.Getenv("SL_INSTANCE_PROFILE")
 	if InstanceProfileName == "" {
 		//InstanceProfileName = "bc1-2x8" // for classic infrastructure

diff --git a/ibm/service/vpc/data_source_ibm_is_backup_policy_plan.go b/ibm/service/vpc/data_source_ibm_is_backup_policy_plan.go
@@ -113,6 +113,30 @@ func DataSourceIBMIsBackupPolicyPlan() *schema.Resource {
 					},
 				},
 			},
+			"remote_region_policy": &schema.Schema{
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "Policies for creating remote copies of this backup.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"delete_over_count": &schema.Schema{
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "The maximum number of recent remote copies to keep in this region.",
+						},
+						"encryption_key": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The CRN of the [Key Protect Root Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto Services Root Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource.",
+						},
+						"region": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The globally unique name for this region.",
+						},
+					},
+				},
+			},
 			"resource_type": &schema.Schema{
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -215,6 +239,19 @@ func dataSourceIBMIsBackupPolicyPlanRead(context context.Context, d *schema.Reso
 	if err = d.Set("name", backupPolicyPlan.Name); err != nil {
 		return diag.FromErr(fmt.Errorf("[ERROR] Error setting name: %s", err))
 	}
+	remoteRegionPolicies := []map[string]interface{}{}
+	if backupPolicyPlan.RemoteRegionPolicies != nil {
+		for _, remoteCopyPolicy := range backupPolicyPlan.RemoteRegionPolicies {
+			remoteRegionPoliciesMap, err := dataSourceIBMIsVPCBackupPolicyPlanRemoteCopyPolicyItemToMap(&remoteCopyPolicy)
+			if err != nil {
+				return diag.FromErr(fmt.Errorf("[ERROR] Error setting remote copy policies: %s", err))
+			}
+			remoteRegionPolicies = append(remoteRegionPolicies, remoteRegionPoliciesMap)
+		}
+	}
+	if err = d.Set("remote_region_policy", remoteRegionPolicies); err != nil {
+		return diag.FromErr(fmt.Errorf("Error setting remote_region_policy %s", err))
+	}
 	if err = d.Set("resource_type", backupPolicyPlan.ResourceType); err != nil {
 		return diag.FromErr(fmt.Errorf("[ERROR] Error setting resource_type: %s", err))
 	}
@@ -242,3 +279,17 @@ func dataSourceBackupPolicyPlanDeletionTriggerToMap(deletionTriggerItem vpcv1.Ba
 
 	return deletionTriggerMap
 }
+
+func dataSourceIBMIsVPCBackupPolicyPlanRemoteCopyPolicyItemToMap(remoteCopyPolicyItem *vpcv1.BackupPolicyPlanRemoteRegionPolicy) (map[string]interface{}, error) {
+	remoteCopyPolicyItemMap := make(map[string]interface{})
+	if remoteCopyPolicyItem.DeleteOverCount != nil {
+		remoteCopyPolicyItemMap["delete_over_count"] = *remoteCopyPolicyItem.DeleteOverCount
+	}
+	if remoteCopyPolicyItem.EncryptionKey != nil {
+		remoteCopyPolicyItemMap["encryption_key"] = *remoteCopyPolicyItem.EncryptionKey.CRN
+	}
+	if remoteCopyPolicyItem.Region.Name != nil {
+		remoteCopyPolicyItemMap["region"] = *remoteCopyPolicyItem.Region.Name
+	}
+	return remoteCopyPolicyItemMap, nil
+}
diff --git a/ibm/service/vpc/data_source_ibm_is_backup_policy_plan_test.go b/ibm/service/vpc/data_source_ibm_is_backup_policy_plan_test.go
@@ -43,6 +43,9 @@ func TestAccIBMIsBackupPolicyPlanDataSourceBasic(t *testing.T) {
 					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "lifecycle_state"),
 					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "name"),
 					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "resource_type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "remote_region_policy.0.delete_over_count"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "remote_region_policy.0.encryption_key"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "remote_region_policy.0.region"),
 				),
 			},
 		},
@@ -86,6 +89,42 @@ func TestAccIBMIsBackupPolicyPlanDataSourceClonesBasic(t *testing.T) {
 	})
 }
 
+func TestAccIBMIsBackupPolicyPlanDataSourceRemoteCopyPolicy(t *testing.T) {
+	vpcname := fmt.Sprintf("tf-vpc-%d", acctest.RandIntRange(10, 100))
+	name := fmt.Sprintf("tf-instnace-%d", acctest.RandIntRange(10, 100))
+	subnetname := fmt.Sprintf("tf-subnet-%d", acctest.RandIntRange(10, 100))
+	sshname := fmt.Sprintf("tf-ssh-%d", acctest.RandIntRange(10, 100))
+	volname := fmt.Sprintf("tf-vol-%d", acctest.RandIntRange(10, 100))
+	bakupPolicyName := fmt.Sprintf("tfbakuppolicyname%d", acctest.RandIntRange(10, 100))
+	bakupPolicyPlanName := fmt.Sprintf("tfbakuppolicyplanname%d", acctest.RandIntRange(10, 100))
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheck(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccCheckIBMIsBackupPolicyPlansDataSourceConfigRemoteCopyPolicies(bakupPolicyName, vpcname, subnetname, sshname, volname, name, bakupPolicyPlanName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "id"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "backup_policy_id"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "active"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "attach_user_tags.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "copy_user_tags"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "created_at"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "cron_spec"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "deletion_trigger.0.delete_after"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "href"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "lifecycle_state"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "name"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "resource_type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "remote_region_policy.0.delete_over_count"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "remote_region_policy.0.encryption_key"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plan.is_backup_policy_plan", "remote_region_policy.0.region"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckIBMIsBackupPolicyPlanDataSourceConfigBasic(backupPolicyName, vpcname, subnetname, sshname, volName, name, cronSpec, bakupPolicyPlanName string) string {
 
 	return testAccCheckIBMIsBackupPolicyPlanConfigBasic(backupPolicyName, vpcname, subnetname, sshname, volName, name, cronSpec, bakupPolicyPlanName) + fmt.Sprintf(`

diff --git a/ibm/service/vpc/data_source_ibm_is_backup_policy_plans.go b/ibm/service/vpc/data_source_ibm_is_backup_policy_plans.go
@@ -117,6 +117,30 @@ func DataSourceIBMIsBackupPolicyPlans() *schema.Resource {
 							Computed:    true,
 							Description: "The lifecycle state of this backup policy plan.",
 						},
+						"remote_region_policy": &schema.Schema{
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "Backup policy plan cross region rule.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"delete_over_count": &schema.Schema{
+										Type:        schema.TypeInt,
+										Computed:    true,
+										Description: "The maximum number of recent remote copies to keep in this region.",
+									},
+									"encryption_key": {
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The CRN of the [Key Protect Root Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto Services Root Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource.",
+									},
+									"region": {
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The globally unique name for this region.",
+									},
+								},
+							},
+						},
 						"name": &schema.Schema{
 							Type:        schema.TypeString,
 							Computed:    true,
@@ -233,6 +257,14 @@ func dataSourceBackupPolicyPlanCollectionPlansToMap(plansItem vpcv1.BackupPolicy
 	if plansItem.Name != nil {
 		plansMap["name"] = plansItem.Name
 	}
+	remoteRegionPolicies := []map[string]interface{}{}
+	if plansItem.RemoteRegionPolicies != nil {
+		for _, remoteCopyPolicy := range plansItem.RemoteRegionPolicies {
+			remoteRegionPoliciesMap, _ := dataSourceIBMIsVPCBackupPolicyPlanRemoteCopyPolicyItemToMap(&remoteCopyPolicy)
+			remoteRegionPolicies = append(remoteRegionPolicies, remoteRegionPoliciesMap)
+		}
+		plansMap["remote_region_policy"] = remoteRegionPolicies
+	}
 	if plansItem.ResourceType != nil {
 		plansMap["resource_type"] = plansItem.ResourceType
 	}

diff --git a/ibm/service/vpc/data_source_ibm_is_backup_policy_plans_test.go b/ibm/service/vpc/data_source_ibm_is_backup_policy_plans_test.go
@@ -45,6 +45,9 @@ func TestAccIBMIsBackupPolicyPlansDataSourceBasic(t *testing.T) {
 					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.lifecycle_state"),
 					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.name"),
 					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.resource_type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.remote_region_policy.0.delete_over_count"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.remote_region_policy.0.encryption_key"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.remote_region_policy.0.region"),
 				),
 			},
 		},
@@ -90,6 +93,44 @@ func TestAccIBMIsBackupPolicyPlansDataSourceClonesBasic(t *testing.T) {
 	})
 }
 
+func TestAccIBMIsBackupPolicyPlansDataSourceRemoteCopyPolicy(t *testing.T) {
+	vpcname := fmt.Sprintf("tf-vpc-%d", acctest.RandIntRange(10, 100))
+	name := fmt.Sprintf("tf-instnace-%d", acctest.RandIntRange(10, 100))
+	subnetname := fmt.Sprintf("tf-subnet-%d", acctest.RandIntRange(10, 100))
+	sshname := fmt.Sprintf("tf-ssh-%d", acctest.RandIntRange(10, 100))
+	volname := fmt.Sprintf("tf-vol-%d", acctest.RandIntRange(10, 100))
+	bakupPolicyName := fmt.Sprintf("tfbakuppolicyname%d", acctest.RandIntRange(10, 100))
+	bakupPolicyPlanName := fmt.Sprintf("tfbakuppolicyplanname%d", acctest.RandIntRange(10, 100))
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheck(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccCheckIBMIsBackupPolicyPlansDataSourceConfigRemoteCopyPolicies(bakupPolicyName, vpcname, subnetname, sshname, volname, name, bakupPolicyPlanName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "id"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "backup_policy_id"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.active"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.attach_user_tags.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.copy_user_tags"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.created_at"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.cron_spec"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.deletion_trigger.0.delete_after"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.href"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.id"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.lifecycle_state"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.name"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.resource_type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.remote_region_policy.0.delete_over_count"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.remote_region_policy.0.encryption_key"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_backup_policy_plans.is_backup_policy_plans", "plans.0.remote_region_policy.0.region"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckIBMIsBackupPolicyPlansDataSourceConfigBasic(backupPolicyName, vpcname, subnetname, sshname, volName, name, cronSpec, bakupPolicyPlanName string) string {
 
 	return testAccCheckIBMIsBackupPolicyPlanConfigBasic(backupPolicyName, vpcname, subnetname, sshname, volName, name, cronSpec, bakupPolicyPlanName) + fmt.Sprintf(`
@@ -110,3 +151,54 @@ func testAccCheckIBMIsBackupPolicyPlansDataSourceConfigClonesBasic(backupPolicyN
 		}
 	`, bakupPolicyPlanName+"-1")
 }
+
+func testAccCheckIBMIsBackupPolicyPlansDataSourceConfigRemoteCopyPolicies(backupPolicyName, vpcname, subnetname, sshname, volName, name, bakupPolicyPlanName string) string {
+	return fmt.Sprintf(`
+	resource "ibm_is_vpc" "testacc_vpc" {
+		name = "%s"
+	  }
+
+	  resource "ibm_is_subnet" "testacc_subnet" {
+		name            = "%s"
+		vpc             = ibm_is_vpc.testacc_vpc.id
+		zone            = "%s"
+		ipv4_cidr_block = "%s"
+	  }
+
+	  resource "ibm_is_ssh_key" "testacc_sshkey" {
+		name       = "%s"
+		public_key = file("~/.ssh/id_rsa.pub")
+	  }
+
+	  resource "ibm_is_volume" "storage" {
+		name    = "%s"
+		profile = "10iops-tier"
+		zone    = "%s"
+		# capacity= 200
+		tags 	= ["tag-0"]
+	  }
+
+	  resource "ibm_is_instance" "testacc_instance" {
+		name    = "%s"
+		image   = "%s"
+		profile = "%s"
+		primary_network_interface {
+		  subnet = ibm_is_subnet.testacc_subnet.id
+		}
+		vpc     = ibm_is_vpc.testacc_vpc.id
+		zone    = "%s"
+		keys    = [ibm_is_ssh_key.testacc_sshkey.id]
+		volumes = [ibm_is_volume.storage.id]
+	  }
+
+	  resource "ibm_is_backup_policy" "is_backup_policy" {
+		depends_on  		= [ibm_is_instance.testacc_instance]
+		match_user_tags 	= ["tag-0"]
+		name            	= "%s"
+		remote_region_policy {
+			delete_over_count 		= 1
+			encryption_key 			= "%s"
+			region 					= "us-south"
+		}
+	}`, vpcname, subnetname, acc.ISZoneName, acc.ISCIDR, sshname, volName, acc.ISZoneName, name, acc.IsImage, acc.InstanceProfileName, acc.ISZoneName, backupPolicyName, acc.BaasEncryptionkeyCRN)
+}