Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for specifying target disk encryption set id in resource azurerm_site_recovery_replicated_vm #11769

Open
indranil-chakraborty-thd opened this issue May 18, 2021 · 3 comments
Open

Support for specifying target disk encryption set id in resource azurerm_site_recovery_replicated_vm #11769

indranil-chakraborty-thd opened this issue May 18, 2021 · 3 comments
Labels
enhancement service/recovery-services

Comments

@indranil-chakraborty-thd
Copy link

indranil-chakraborty-thd commented May 18, 2021
edited

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I'm setting up replication of VMs across regions as a BCDR (business continuity / disaster recovery) measure. This is done using resource azurerm_site_recovery_replicated_vm.
However, my VM disks are encrypted using a CMK (customer managed key) and so when I try to replicate using TFE I get an error as below

Error: Error creating replicated vm vm-replication (vault rv-iiq-sb-eastus-001): Code="150353" Message="Azure virtual machine disk is encrypted at rest with customer managed keys, but target disk encryption set is not provided."
Per article at https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-how-to-enable-replication-cmk-disks#customize-target-resources [docs.microsoft.com] it looks like we should be able to specify target disk encryption sets.

However, I don't see that option in the TFE resource settings

New or Affected Resource(s)

  • azurerm_site_recovery_replicated_vm

Potential Terraform Configuration

resource "azurerm_site_recovery_replicated_vm" "replication_vms" {
...
  managed_disk{
    ....
    target_disk_encryption_set_id = `disk_encryption_set_id`
  }
}

References
@myc2h6o
Copy link
Contributor

myc2h6o commented Feb 24, 2022

This seems to be supported via #12374

@darren-johnson
Copy link

I've just tested this and it is now supported. This issue could be closed.

@JD-Phx
Copy link

JD-Phx commented Sep 4, 2023
edited

This seems to be broken somewhat, as when trying to import (note this resource was created outside of terraform) an azurerm_site_recovery_replicated_vm resource with a managed disk that has platform managed keys, then the target_disk_encryption and target_disk_encryption_set_id are unknown and export as empty variable. This shouldn't be a problem as they're supposedly optional, however when a plan is run and these properties are left out, it errors with "attributes target_disk_encryption and target_disk_encryption_set_id are required."

Either I'm missing something obvious, which is highly likely, or this is broken.

Yes, I know I need to log a new issue about this, but I'm mid project, and don't have time to pull the relevant files together. Once completed I'll officially open an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement service/recovery-services
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@katbyte @myc2h6o @darren-johnson @indranil-chakraborty-thd @JD-Phx