azurerm_virtual_network: support encryption
#22745
Conversation
wuxu92
commented
Jul 31, 2023
wuxu92
commented
There was a problem hiding this comment.
hi @wuxu92
Thanks for this PR - I've taken a look through and left some comments inline, if we can address those then we should be able to take another look.
Thanks!
| "enabled": { | ||
| Type: pluginsdk.TypeBool, | ||
| Required: true, | ||
| }, |
There was a problem hiding this comment.
we don't expose the enabled field, since this can be tracked by the presence of the block - can we remove this field (and make unencrypted_allowed required, since it'll be the only inner field)?
| @@ -430,6 +467,21 @@ func flattenVirtualNetworkDDoSProtectionPlan(input *network.VirtualNetworkProper | |||
| } | |||
| } | |||
|
|
|||
| func flattenVirtualNetworkEncryption(encryption *network.VirtualNetworkEncryption) interface{} { | |||
| if encryption == nil { | |||
| return nil | |||
There was a problem hiding this comment.
this means we won't be outputting this correctly
| return nil | |
| return make([]interface{}, 0) |
|
|
||
| * `enabled` - (Required) Enable/disable encryption on Virtual Network. | ||
|
|
||
| * `unencrypted_allowed` - (Optional) Whether ths virtual network allos VM that does not support encryption. value `false` for `DropUnencrypted`. value `true` for `AllowUnencrypted`. Defaults to `false`. |
There was a problem hiding this comment.
We should expose this as the string constant, not as a boolean, since it's likely other values will get added here in the future
There was a problem hiding this comment.
thanks! document updated.
github-actions
bot
added
size/S
waiting-response
and removed
waiting-response
size/M
labels
| if vList := v.([]interface{}); len(vList) > 0 && vList[0] != nil { | ||
| encryptionConf := vList[0].(map[string]interface{}) | ||
| properties.Encryption = &network.VirtualNetworkEncryption{ | ||
| Enabled: pointer.To(true), | ||
| Enforcement: network.VirtualNetworkEncryptionEnforcement(encryptionConf["enforcement"].(string)), | ||
| } | ||
| } |
There was a problem hiding this comment.
@wuxu92 how would users remove this value? We'd need to send Encryption.enabled = false when len(vList) == 0?
There was a problem hiding this comment.
the update method will set the Encryption.Enabled to false when leave the Encryption block as null(not set).
and I submitted a PR to update the acctest for this case: #22807.
so users can just remove the encryption block in terraform configuration, then it will be set to false automatically.
