Update ManagedDisks for SSE-CMK feature #5250
Conversation
|
Dependent on #5249 |
tombuildsstuff
force-pushed
the
ManagedDisks
branch
from
45d873f
to
2f904d1
Compare
There was a problem hiding this comment.
hey @ArcturusZhang
Thanks for this PR - I've taken a look through and left some comments inline. As discussed offline since this needed to be rebased on top of #5249 so that we can add some acceptance tests I hope you don't mind but I've pushed some commits to resolve the issues raised and add some tests.
Thanks!
| } | ||
| } | ||
|
|
||
| createDisk.Encryption = &encryption |
There was a problem hiding this comment.
since this is optional we need to move this within the if statement
There was a problem hiding this comment.
on reflection we could also infer the value for encryption_type - since the value's dependent on disk_encryption_set_id?
| @@ -113,6 +113,12 @@ The following arguments are supported: | |||
|
|
|||
| * `encryption_settings` - (Optional) an `encryption_settings` block as defined below. | |||
|
|
|||
| * `encryption_type` - (Optional) The type of key used to encrypt the data of the disk. Valid values are `EncryptionAtRestWithPlatformKey` or `EncryptionAtRestWithCustomerKey`. Default value is `EncryptionAtRestWithPlatformKey`. When set to `EncryptionAtRestWithPlatformKey`, the disk is encrypted with XStore managed key at rest. When set to `EncryptionAtRestWithCustomerKey`, the disk is encrypted with Customer managed key at rest, and the `managed_disk_encryption_set_id` must be set to a valid `azurerm_disk_encryption_set` ID. | |||
|
|
|||
| * `managed_disk_encryption_set_id` - (Optional) ID of the disk encryption set to use for enabling encryption at rest. | |||
There was a problem hiding this comment.
| * `managed_disk_encryption_set_id` - (Optional) ID of the disk encryption set to use for enabling encryption at rest. | |
| * `disk_encryption_set_id` - (Optional) ID of the Disk Encryption Set which should be used to Encrypt the Disk. | |
| -> **NOTE:** This field can only be specified when `encryption_type` is set to `EncryptionAtRestWithCustomerKey` |
this also wants a Preview note:
~> **NOTE:** Disk Encryption Sets are in Preview.
| @@ -71,6 +71,16 @@ func dataSourceArmManagedDisk() *schema.Resource { | |||
| Computed: true, | |||
| }, | |||
|
|
|||
| "encryption_type": { | |||
There was a problem hiding this comment.
after investigating it appears we can set this field conditionally based on disk_encryption_set_id having a value - as such we can remove this
| d.Set("disk_size_gb", props.DiskSizeGB) | ||
| d.Set("disk_iops_read_write", props.DiskIOPSReadWrite) | ||
| d.Set("disk_mbps_read_write", props.DiskMBpsReadWrite) | ||
| d.Set("os_type", props.OsType) | ||
| if encryption := props.Encryption; encryption != nil { | ||
| d.Set("encryption_type", string(encryption.Type)) |
There was a problem hiding this comment.
after investigating it appears we can set this field conditionally based on disk_encryption_set_id having a value - as such we can remove this
| d.Set("encryption_type", string(encryption.Type)) |
| @@ -113,6 +113,12 @@ The following arguments are supported: | |||
|
|
|||
| * `encryption_settings` - (Optional) an `encryption_settings` block as defined below. | |||
|
|
|||
| * `encryption_type` - (Optional) The type of key used to encrypt the data of the disk. Valid values are `EncryptionAtRestWithPlatformKey` or `EncryptionAtRestWithCustomerKey`. Default value is `EncryptionAtRestWithPlatformKey`. When set to `EncryptionAtRestWithPlatformKey`, the disk is encrypted with XStore managed key at rest. When set to `EncryptionAtRestWithCustomerKey`, the disk is encrypted with Customer managed key at rest, and the `managed_disk_encryption_set_id` must be set to a valid `azurerm_disk_encryption_set` ID. | |||
There was a problem hiding this comment.
we can remove this:
| * `encryption_type` - (Optional) The type of key used to encrypt the data of the disk. Valid values are `EncryptionAtRestWithPlatformKey` or `EncryptionAtRestWithCustomerKey`. Default value is `EncryptionAtRestWithPlatformKey`. When set to `EncryptionAtRestWithPlatformKey`, the disk is encrypted with XStore managed key at rest. When set to `EncryptionAtRestWithCustomerKey`, the disk is encrypted with Customer managed key at rest, and the `managed_disk_encryption_set_id` must be set to a valid `azurerm_disk_encryption_set` ID. |
| @@ -113,5 +113,7 @@ resource "azurerm_virtual_machine" "example" { | |||
| * `disk_size_gb` - The size of the managed disk in gigabytes. | |||
| * `disk_iops_read_write` - The number of IOPS allowed for this disk. One operation can transfer between 4k and 256k bytes. | |||
| * `disk_mbps_read_write` - The bandwidth allowed for this disk. | |||
| * `encryption_type` - The type of key used to encrypt the data of the disk. | |||
There was a problem hiding this comment.
| * `encryption_type` - The type of key used to encrypt the data of the disk. |
|
Thanks a lot @tombuildsstuff for the modification! |
tombuildsstuff
force-pushed
the
ManagedDisks
branch
from
9c4cb43
to
189508e
Compare
Unfortunately it appears that this information is now required in the API as such we'll have to make this optional+required Fixes hashicorp#4994
|
Tests pass:
|
|
This has been released in version 1.41.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 1.41.0"
}
# ... other configuration ... |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
ghost
locked and limited conversation to collaborators
This is part of update of the SSE-CMK feature, adding new fields for
azurerm_managed_disk.