From 2d6015f2fbd1a94b94b67ff8fa6d1d9d9f30341f Mon Sep 17 00:00:00 2001
From: Alex Bance <Alex.Bance@justice.gov.uk>
Date: Fri, 8 Mar 2024 14:42:31 +0000
Subject: [PATCH 1/2] feat: allow Richard/Scott/Ben to manually trigger backups

---
 migration-backup-policy.tf | 7 +++++++
 prod.tfvars                | 6 ++++++
 variables.tf               | 6 ++++++
 3 files changed, 19 insertions(+)

diff --git a/migration-backup-policy.tf b/migration-backup-policy.tf
index d34ab46b..ffebfd83 100644
--- a/migration-backup-policy.tf
+++ b/migration-backup-policy.tf
@@ -6,6 +6,13 @@ resource "azurerm_recovery_services_vault" "darts-migration-backup" {
   sku                 = "Standard"
 }
 
+resource "azurerm_role_assignment" "backup-operator" {
+  for_each             = toset(var.backup_operators)
+  scope                = azurerm_recovery_services_vault.darts-migration-backup.id
+  role_definition_name = "Backup Operator"
+  principal_id         = each.value
+}
+
 resource "azurerm_backup_policy_vm" "darts-migration-backup" {
   name                = "darts-prod-policy"
   resource_group_name = azurerm_resource_group.darts_migration_resource_group[0].name
diff --git a/prod.tfvars b/prod.tfvars
index 4d33b059..8b16e2e8 100644
--- a/prod.tfvars
+++ b/prod.tfvars
@@ -91,3 +91,9 @@ palo_networks = {
     enable_ip_forwarding = true
   }
 }
+
+backup_operators = [
+  "e1ba3996-34e9-4ce2-b34f-4d5f28a9310c", // Richard Penswick
+  "675f1c23-3e46-4cf8-867b-747eb60fe89d", // Scott Robertson
+  "1d52a6eb-aa62-4dff-a7ac-3d71bccb67fc"  // Ben Neill
+]
diff --git a/variables.tf b/variables.tf
index 786f341f..72978a99 100644
--- a/variables.tf
+++ b/variables.tf
@@ -258,3 +258,9 @@ variable "max-file-upload-megabytes" {
   default     = "350"
   description = "The file upload size threshold in megabytes "
 }
+
+variable "backup_operators" {
+  description = "List of pricipal IDs to assign the 'Backup Operator' role over the RSV."
+  type        = list(string)
+  default     = []
+}

From b841821f9461a43343fa292a557c17c289d4972c Mon Sep 17 00:00:00 2001
From: Alex Bance <Alex.Bance@justice.gov.uk>
Date: Fri, 8 Mar 2024 14:44:56 +0000
Subject: [PATCH 2/2] fix: add tags to RSV

---
 migration-backup-policy.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/migration-backup-policy.tf b/migration-backup-policy.tf
index ffebfd83..c5d41b76 100644
--- a/migration-backup-policy.tf
+++ b/migration-backup-policy.tf
@@ -4,6 +4,7 @@ resource "azurerm_recovery_services_vault" "darts-migration-backup" {
   location            = azurerm_resource_group.darts_migration_resource_group[0].location
   resource_group_name = azurerm_resource_group.darts_migration_resource_group[0].name
   sku                 = "Standard"
+  tags                = var.common_tags
 }
 
 resource "azurerm_role_assignment" "backup-operator" {