diskEncryptionSet.go

// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***

package compute

import (
	"context"
	"reflect"

	"errors"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/internal"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

// Manages a Disk Encryption Set.
//
// > **NOTE:** At this time the Key Vault used to store the Active Key for this Disk Encryption Set must have both Soft Delete & Purge Protection enabled - which are not yet supported by this provider.
//
// ## Example Usage
//
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
//	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/compute"
//	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
//	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			current, err := core.GetClientConfig(ctx, nil, nil)
//			if err != nil {
//				return err
//			}
//			example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
//				Name:     pulumi.String("example-resources"),
//				Location: pulumi.String("West Europe"),
//			})
//			if err != nil {
//				return err
//			}
//			exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
//				Name:                     pulumi.String("des-example-keyvault"),
//				Location:                 example.Location,
//				ResourceGroupName:        example.Name,
//				TenantId:                 pulumi.String(current.TenantId),
//				SkuName:                  pulumi.String("premium"),
//				EnabledForDiskEncryption: pulumi.Bool(true),
//				PurgeProtectionEnabled:   pulumi.Bool(true),
//			})
//			if err != nil {
//				return err
//			}
//			exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
//				Name:       pulumi.String("des-example-key"),
//				KeyVaultId: exampleKeyVault.ID(),
//				KeyType:    pulumi.String("RSA"),
//				KeySize:    pulumi.Int(2048),
//				KeyOpts: pulumi.StringArray{
//					pulumi.String("decrypt"),
//					pulumi.String("encrypt"),
//					pulumi.String("sign"),
//					pulumi.String("unwrapKey"),
//					pulumi.String("verify"),
//					pulumi.String("wrapKey"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			exampleDiskEncryptionSet, err := compute.NewDiskEncryptionSet(ctx, "example", &compute.DiskEncryptionSetArgs{
//				Name:              pulumi.String("des"),
//				ResourceGroupName: example.Name,
//				Location:          example.Location,
//				KeyVaultKeyId:     exampleKey.ID(),
//				Identity: &compute.DiskEncryptionSetIdentityArgs{
//					Type: pulumi.String("SystemAssigned"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			_, err = keyvault.NewAccessPolicy(ctx, "example-disk", &keyvault.AccessPolicyArgs{
//				KeyVaultId: exampleKeyVault.ID(),
//				TenantId: exampleDiskEncryptionSet.Identity.ApplyT(func(identity compute.DiskEncryptionSetIdentity) (*string, error) {
//					return &identity.TenantId, nil
//				}).(pulumi.StringPtrOutput),
//				ObjectId: exampleDiskEncryptionSet.Identity.ApplyT(func(identity compute.DiskEncryptionSetIdentity) (*string, error) {
//					return &identity.PrincipalId, nil
//				}).(pulumi.StringPtrOutput),
//				KeyPermissions: pulumi.StringArray{
//					pulumi.String("Create"),
//					pulumi.String("Delete"),
//					pulumi.String("Get"),
//					pulumi.String("Purge"),
//					pulumi.String("Recover"),
//					pulumi.String("Update"),
//					pulumi.String("List"),
//					pulumi.String("Decrypt"),
//					pulumi.String("Sign"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			_, err = keyvault.NewAccessPolicy(ctx, "example-user", &keyvault.AccessPolicyArgs{
//				KeyVaultId: exampleKeyVault.ID(),
//				TenantId:   pulumi.String(current.TenantId),
//				ObjectId:   pulumi.String(current.ObjectId),
//				KeyPermissions: pulumi.StringArray{
//					pulumi.String("Create"),
//					pulumi.String("Delete"),
//					pulumi.String("Get"),
//					pulumi.String("Purge"),
//					pulumi.String("Recover"),
//					pulumi.String("Update"),
//					pulumi.String("List"),
//					pulumi.String("Decrypt"),
//					pulumi.String("Sign"),
//					pulumi.String("GetRotationPolicy"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			_, err = authorization.NewAssignment(ctx, "example-disk", &authorization.AssignmentArgs{
//				Scope:              exampleKeyVault.ID(),
//				RoleDefinitionName: pulumi.String("Key Vault Crypto Service Encryption User"),
//				PrincipalId: exampleDiskEncryptionSet.Identity.ApplyT(func(identity compute.DiskEncryptionSetIdentity) (*string, error) {
//					return &identity.PrincipalId, nil
//				}).(pulumi.StringPtrOutput),
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
//
// ### With Automatic Key Rotation Enabled
//
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
//	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/compute"
//	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
//	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			current, err := core.GetClientConfig(ctx, nil, nil)
//			if err != nil {
//				return err
//			}
//			example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
//				Name:     pulumi.String("example-resources"),
//				Location: pulumi.String("West Europe"),
//			})
//			if err != nil {
//				return err
//			}
//			exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
//				Name:                     pulumi.String("des-example-keyvault"),
//				Location:                 example.Location,
//				ResourceGroupName:        example.Name,
//				TenantId:                 pulumi.String(current.TenantId),
//				SkuName:                  pulumi.String("premium"),
//				EnabledForDiskEncryption: pulumi.Bool(true),
//				PurgeProtectionEnabled:   pulumi.Bool(true),
//			})
//			if err != nil {
//				return err
//			}
//			exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
//				Name:       pulumi.String("des-example-key"),
//				KeyVaultId: exampleKeyVault.ID(),
//				KeyType:    pulumi.String("RSA"),
//				KeySize:    pulumi.Int(2048),
//				KeyOpts: pulumi.StringArray{
//					pulumi.String("decrypt"),
//					pulumi.String("encrypt"),
//					pulumi.String("sign"),
//					pulumi.String("unwrapKey"),
//					pulumi.String("verify"),
//					pulumi.String("wrapKey"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			exampleDiskEncryptionSet, err := compute.NewDiskEncryptionSet(ctx, "example", &compute.DiskEncryptionSetArgs{
//				Name:                   pulumi.String("des"),
//				ResourceGroupName:      example.Name,
//				Location:               example.Location,
//				KeyVaultKeyId:          exampleKey.VersionlessId,
//				AutoKeyRotationEnabled: pulumi.Bool(true),
//				Identity: &compute.DiskEncryptionSetIdentityArgs{
//					Type: pulumi.String("SystemAssigned"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			_, err = keyvault.NewAccessPolicy(ctx, "example-disk", &keyvault.AccessPolicyArgs{
//				KeyVaultId: exampleKeyVault.ID(),
//				TenantId: exampleDiskEncryptionSet.Identity.ApplyT(func(identity compute.DiskEncryptionSetIdentity) (*string, error) {
//					return &identity.TenantId, nil
//				}).(pulumi.StringPtrOutput),
//				ObjectId: exampleDiskEncryptionSet.Identity.ApplyT(func(identity compute.DiskEncryptionSetIdentity) (*string, error) {
//					return &identity.PrincipalId, nil
//				}).(pulumi.StringPtrOutput),
//				KeyPermissions: pulumi.StringArray{
//					pulumi.String("Create"),
//					pulumi.String("Delete"),
//					pulumi.String("Get"),
//					pulumi.String("Purge"),
//					pulumi.String("Recover"),
//					pulumi.String("Update"),
//					pulumi.String("List"),
//					pulumi.String("Decrypt"),
//					pulumi.String("Sign"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			_, err = keyvault.NewAccessPolicy(ctx, "example-user", &keyvault.AccessPolicyArgs{
//				KeyVaultId: exampleKeyVault.ID(),
//				TenantId:   pulumi.String(current.TenantId),
//				ObjectId:   pulumi.String(current.ObjectId),
//				KeyPermissions: pulumi.StringArray{
//					pulumi.String("Create"),
//					pulumi.String("Delete"),
//					pulumi.String("Get"),
//					pulumi.String("Purge"),
//					pulumi.String("Recover"),
//					pulumi.String("Update"),
//					pulumi.String("List"),
//					pulumi.String("Decrypt"),
//					pulumi.String("Sign"),
//					pulumi.String("GetRotationPolicy"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			_, err = authorization.NewAssignment(ctx, "example-disk", &authorization.AssignmentArgs{
//				Scope:              exampleKeyVault.ID(),
//				RoleDefinitionName: pulumi.String("Key Vault Crypto Service Encryption User"),
//				PrincipalId: exampleDiskEncryptionSet.Identity.ApplyT(func(identity compute.DiskEncryptionSetIdentity) (*string, error) {
//					return &identity.PrincipalId, nil
//				}).(pulumi.StringPtrOutput),
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
//
// ## Import
//
// Disk Encryption Sets can be imported using the `resource id`, e.g.
//
// ```sh
// $ pulumi import azure:compute/diskEncryptionSet:DiskEncryptionSet example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Compute/diskEncryptionSets/encryptionSet1
// ```
type DiskEncryptionSet struct {
	pulumi.CustomResourceState

	AutoKeyRotationEnabled pulumi.BoolPtrOutput `pulumi:"autoKeyRotationEnabled"`
	// The type of key used to encrypt the data of the disk. Possible values are `EncryptionAtRestWithCustomerKey`, `EncryptionAtRestWithPlatformAndCustomerKeys` and `ConfidentialVmEncryptedWithCustomerKey`. Defaults to `EncryptionAtRestWithCustomerKey`. Changing this forces a new resource to be created.
	EncryptionType pulumi.StringPtrOutput `pulumi:"encryptionType"`
	// Multi-tenant application client id to access key vault in a different tenant.
	FederatedClientId pulumi.StringPtrOutput `pulumi:"federatedClientId"`
	// An `identity` block as defined below.
	Identity DiskEncryptionSetIdentityOutput `pulumi:"identity"`
	// Specifies the URL to a Key Vault Key (either from a Key Vault Key, or the Key URL for the Key Vault Secret).
	//
	// > **NOTE** Access to the KeyVault must be granted for this Disk Encryption Set, if you want to further use this Disk Encryption Set in a Managed Disk or Virtual Machine, or Virtual Machine Scale Set. For instructions, please refer to the doc of [Server side encryption of Azure managed disks](https://docs.microsoft.com/azure/virtual-machines/linux/disk-encryption).
	//
	// > **NOTE** A KeyVault using enableRbacAuthorization requires to use `authorization.Assignment` to assigne the role `Key Vault Crypto Service Encryption User` to this Disk Encryption Set.
	// In this case, `keyvault.AccessPolicy` is not needed.
	KeyVaultKeyId pulumi.StringOutput `pulumi:"keyVaultKeyId"`
	// The URL for the Key Vault Key or Key Vault Secret that is currently being used by the service.
	KeyVaultKeyUrl pulumi.StringOutput `pulumi:"keyVaultKeyUrl"`
	// Specifies the Azure Region where the Disk Encryption Set exists. Changing this forces a new resource to be created.
	Location pulumi.StringOutput `pulumi:"location"`
	// The name of the Disk Encryption Set. Changing this forces a new resource to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// Specifies the name of the Resource Group where the Disk Encryption Set should exist. Changing this forces a new resource to be created.
	ResourceGroupName pulumi.StringOutput `pulumi:"resourceGroupName"`
	// A mapping of tags to assign to the Disk Encryption Set.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

// NewDiskEncryptionSet registers a new resource with the given unique name, arguments, and options.
func NewDiskEncryptionSet(ctx *pulumi.Context,
	name string, args *DiskEncryptionSetArgs, opts ...pulumi.ResourceOption) (*DiskEncryptionSet, error) {
	if args == nil {
		return nil, errors.New("missing one or more required arguments")
	}

	if args.Identity == nil {
		return nil, errors.New("invalid value for required argument 'Identity'")
	}
	if args.KeyVaultKeyId == nil {
		return nil, errors.New("invalid value for required argument 'KeyVaultKeyId'")
	}
	if args.ResourceGroupName == nil {
		return nil, errors.New("invalid value for required argument 'ResourceGroupName'")
	}
	opts = internal.PkgResourceDefaultOpts(opts)
	var resource DiskEncryptionSet
	err := ctx.RegisterResource("azure:compute/diskEncryptionSet:DiskEncryptionSet", name, args, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// GetDiskEncryptionSet gets an existing DiskEncryptionSet resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetDiskEncryptionSet(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DiskEncryptionSetState, opts ...pulumi.ResourceOption) (*DiskEncryptionSet, error) {
	var resource DiskEncryptionSet
	err := ctx.ReadResource("azure:compute/diskEncryptionSet:DiskEncryptionSet", name, id, state, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// Input properties used for looking up and filtering DiskEncryptionSet resources.
type diskEncryptionSetState struct {
	AutoKeyRotationEnabled *bool `pulumi:"autoKeyRotationEnabled"`
	// The type of key used to encrypt the data of the disk. Possible values are `EncryptionAtRestWithCustomerKey`, `EncryptionAtRestWithPlatformAndCustomerKeys` and `ConfidentialVmEncryptedWithCustomerKey`. Defaults to `EncryptionAtRestWithCustomerKey`. Changing this forces a new resource to be created.
	EncryptionType *string `pulumi:"encryptionType"`
	// Multi-tenant application client id to access key vault in a different tenant.
	FederatedClientId *string `pulumi:"federatedClientId"`
	// An `identity` block as defined below.
	Identity *DiskEncryptionSetIdentity `pulumi:"identity"`
	// Specifies the URL to a Key Vault Key (either from a Key Vault Key, or the Key URL for the Key Vault Secret).
	//
	// > **NOTE** Access to the KeyVault must be granted for this Disk Encryption Set, if you want to further use this Disk Encryption Set in a Managed Disk or Virtual Machine, or Virtual Machine Scale Set. For instructions, please refer to the doc of [Server side encryption of Azure managed disks](https://docs.microsoft.com/azure/virtual-machines/linux/disk-encryption).
	//
	// > **NOTE** A KeyVault using enableRbacAuthorization requires to use `authorization.Assignment` to assigne the role `Key Vault Crypto Service Encryption User` to this Disk Encryption Set.
	// In this case, `keyvault.AccessPolicy` is not needed.
	KeyVaultKeyId *string `pulumi:"keyVaultKeyId"`
	// The URL for the Key Vault Key or Key Vault Secret that is currently being used by the service.
	KeyVaultKeyUrl *string `pulumi:"keyVaultKeyUrl"`
	// Specifies the Azure Region where the Disk Encryption Set exists. Changing this forces a new resource to be created.
	Location *string `pulumi:"location"`
	// The name of the Disk Encryption Set. Changing this forces a new resource to be created.
	Name *string `pulumi:"name"`
	// Specifies the name of the Resource Group where the Disk Encryption Set should exist. Changing this forces a new resource to be created.
	ResourceGroupName *string `pulumi:"resourceGroupName"`
	// A mapping of tags to assign to the Disk Encryption Set.
	Tags map[string]string `pulumi:"tags"`
}

type DiskEncryptionSetState struct {
	AutoKeyRotationEnabled pulumi.BoolPtrInput
	// The type of key used to encrypt the data of the disk. Possible values are `EncryptionAtRestWithCustomerKey`, `EncryptionAtRestWithPlatformAndCustomerKeys` and `ConfidentialVmEncryptedWithCustomerKey`. Defaults to `EncryptionAtRestWithCustomerKey`. Changing this forces a new resource to be created.
	EncryptionType pulumi.StringPtrInput
	// Multi-tenant application client id to access key vault in a different tenant.
	FederatedClientId pulumi.StringPtrInput
	// An `identity` block as defined below.
	Identity DiskEncryptionSetIdentityPtrInput
	// Specifies the URL to a Key Vault Key (either from a Key Vault Key, or the Key URL for the Key Vault Secret).
	//
	// > **NOTE** Access to the KeyVault must be granted for this Disk Encryption Set, if you want to further use this Disk Encryption Set in a Managed Disk or Virtual Machine, or Virtual Machine Scale Set. For instructions, please refer to the doc of [Server side encryption of Azure managed disks](https://docs.microsoft.com/azure/virtual-machines/linux/disk-encryption).
	//
	// > **NOTE** A KeyVault using enableRbacAuthorization requires to use `authorization.Assignment` to assigne the role `Key Vault Crypto Service Encryption User` to this Disk Encryption Set.
	// In this case, `keyvault.AccessPolicy` is not needed.
	KeyVaultKeyId pulumi.StringPtrInput
	// The URL for the Key Vault Key or Key Vault Secret that is currently being used by the service.
	KeyVaultKeyUrl pulumi.StringPtrInput
	// Specifies the Azure Region where the Disk Encryption Set exists. Changing this forces a new resource to be created.
	Location pulumi.StringPtrInput
	// The name of the Disk Encryption Set. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// Specifies the name of the Resource Group where the Disk Encryption Set should exist. Changing this forces a new resource to be created.
	ResourceGroupName pulumi.StringPtrInput
	// A mapping of tags to assign to the Disk Encryption Set.
	Tags pulumi.StringMapInput
}

func (DiskEncryptionSetState) ElementType() reflect.Type {
	return reflect.TypeOf((*diskEncryptionSetState)(nil)).Elem()
}

type diskEncryptionSetArgs struct {
	AutoKeyRotationEnabled *bool `pulumi:"autoKeyRotationEnabled"`
	// The type of key used to encrypt the data of the disk. Possible values are `EncryptionAtRestWithCustomerKey`, `EncryptionAtRestWithPlatformAndCustomerKeys` and `ConfidentialVmEncryptedWithCustomerKey`. Defaults to `EncryptionAtRestWithCustomerKey`. Changing this forces a new resource to be created.
	EncryptionType *string `pulumi:"encryptionType"`
	// Multi-tenant application client id to access key vault in a different tenant.
	FederatedClientId *string `pulumi:"federatedClientId"`
	// An `identity` block as defined below.
	Identity DiskEncryptionSetIdentity `pulumi:"identity"`
	// Specifies the URL to a Key Vault Key (either from a Key Vault Key, or the Key URL for the Key Vault Secret).
	//
	// > **NOTE** Access to the KeyVault must be granted for this Disk Encryption Set, if you want to further use this Disk Encryption Set in a Managed Disk or Virtual Machine, or Virtual Machine Scale Set. For instructions, please refer to the doc of [Server side encryption of Azure managed disks](https://docs.microsoft.com/azure/virtual-machines/linux/disk-encryption).
	//
	// > **NOTE** A KeyVault using enableRbacAuthorization requires to use `authorization.Assignment` to assigne the role `Key Vault Crypto Service Encryption User` to this Disk Encryption Set.
	// In this case, `keyvault.AccessPolicy` is not needed.
	KeyVaultKeyId string `pulumi:"keyVaultKeyId"`
	// Specifies the Azure Region where the Disk Encryption Set exists. Changing this forces a new resource to be created.
	Location *string `pulumi:"location"`
	// The name of the Disk Encryption Set. Changing this forces a new resource to be created.
	Name *string `pulumi:"name"`
	// Specifies the name of the Resource Group where the Disk Encryption Set should exist. Changing this forces a new resource to be created.
	ResourceGroupName string `pulumi:"resourceGroupName"`
	// A mapping of tags to assign to the Disk Encryption Set.
	Tags map[string]string `pulumi:"tags"`
}

// The set of arguments for constructing a DiskEncryptionSet resource.
type DiskEncryptionSetArgs struct {
	AutoKeyRotationEnabled pulumi.BoolPtrInput
	// The type of key used to encrypt the data of the disk. Possible values are `EncryptionAtRestWithCustomerKey`, `EncryptionAtRestWithPlatformAndCustomerKeys` and `ConfidentialVmEncryptedWithCustomerKey`. Defaults to `EncryptionAtRestWithCustomerKey`. Changing this forces a new resource to be created.
	EncryptionType pulumi.StringPtrInput
	// Multi-tenant application client id to access key vault in a different tenant.
	FederatedClientId pulumi.StringPtrInput
	// An `identity` block as defined below.
	Identity DiskEncryptionSetIdentityInput
	// Specifies the URL to a Key Vault Key (either from a Key Vault Key, or the Key URL for the Key Vault Secret).
	//
	// > **NOTE** Access to the KeyVault must be granted for this Disk Encryption Set, if you want to further use this Disk Encryption Set in a Managed Disk or Virtual Machine, or Virtual Machine Scale Set. For instructions, please refer to the doc of [Server side encryption of Azure managed disks](https://docs.microsoft.com/azure/virtual-machines/linux/disk-encryption).
	//
	// > **NOTE** A KeyVault using enableRbacAuthorization requires to use `authorization.Assignment` to assigne the role `Key Vault Crypto Service Encryption User` to this Disk Encryption Set.
	// In this case, `keyvault.AccessPolicy` is not needed.
	KeyVaultKeyId pulumi.StringInput
	// Specifies the Azure Region where the Disk Encryption Set exists. Changing this forces a new resource to be created.
	Location pulumi.StringPtrInput
	// The name of the Disk Encryption Set. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// Specifies the name of the Resource Group where the Disk Encryption Set should exist. Changing this forces a new resource to be created.
	ResourceGroupName pulumi.StringInput
	// A mapping of tags to assign to the Disk Encryption Set.
	Tags pulumi.StringMapInput
}

func (DiskEncryptionSetArgs) ElementType() reflect.Type {
	return reflect.TypeOf((*diskEncryptionSetArgs)(nil)).Elem()
}

type DiskEncryptionSetInput interface {
	pulumi.Input

	ToDiskEncryptionSetOutput() DiskEncryptionSetOutput
	ToDiskEncryptionSetOutputWithContext(ctx context.Context) DiskEncryptionSetOutput
}

func (*DiskEncryptionSet) ElementType() reflect.Type {
	return reflect.TypeOf((**DiskEncryptionSet)(nil)).Elem()
}

func (i *DiskEncryptionSet) ToDiskEncryptionSetOutput() DiskEncryptionSetOutput {
	return i.ToDiskEncryptionSetOutputWithContext(context.Background())
}

func (i *DiskEncryptionSet) ToDiskEncryptionSetOutputWithContext(ctx context.Context) DiskEncryptionSetOutput {
	return pulumi.ToOutputWithContext(ctx, i).(DiskEncryptionSetOutput)
}

// DiskEncryptionSetArrayInput is an input type that accepts DiskEncryptionSetArray and DiskEncryptionSetArrayOutput values.
// You can construct a concrete instance of `DiskEncryptionSetArrayInput` via:
//
//	DiskEncryptionSetArray{ DiskEncryptionSetArgs{...} }
type DiskEncryptionSetArrayInput interface {
	pulumi.Input

	ToDiskEncryptionSetArrayOutput() DiskEncryptionSetArrayOutput
	ToDiskEncryptionSetArrayOutputWithContext(context.Context) DiskEncryptionSetArrayOutput
}

type DiskEncryptionSetArray []DiskEncryptionSetInput

func (DiskEncryptionSetArray) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*DiskEncryptionSet)(nil)).Elem()
}

func (i DiskEncryptionSetArray) ToDiskEncryptionSetArrayOutput() DiskEncryptionSetArrayOutput {
	return i.ToDiskEncryptionSetArrayOutputWithContext(context.Background())
}

func (i DiskEncryptionSetArray) ToDiskEncryptionSetArrayOutputWithContext(ctx context.Context) DiskEncryptionSetArrayOutput {
	return pulumi.ToOutputWithContext(ctx, i).(DiskEncryptionSetArrayOutput)
}

// DiskEncryptionSetMapInput is an input type that accepts DiskEncryptionSetMap and DiskEncryptionSetMapOutput values.
// You can construct a concrete instance of `DiskEncryptionSetMapInput` via:
//
//	DiskEncryptionSetMap{ "key": DiskEncryptionSetArgs{...} }
type DiskEncryptionSetMapInput interface {
	pulumi.Input

	ToDiskEncryptionSetMapOutput() DiskEncryptionSetMapOutput
	ToDiskEncryptionSetMapOutputWithContext(context.Context) DiskEncryptionSetMapOutput
}

type DiskEncryptionSetMap map[string]DiskEncryptionSetInput

func (DiskEncryptionSetMap) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*DiskEncryptionSet)(nil)).Elem()
}

func (i DiskEncryptionSetMap) ToDiskEncryptionSetMapOutput() DiskEncryptionSetMapOutput {
	return i.ToDiskEncryptionSetMapOutputWithContext(context.Background())
}

func (i DiskEncryptionSetMap) ToDiskEncryptionSetMapOutputWithContext(ctx context.Context) DiskEncryptionSetMapOutput {
	return pulumi.ToOutputWithContext(ctx, i).(DiskEncryptionSetMapOutput)
}

type DiskEncryptionSetOutput struct{ *pulumi.OutputState }

func (DiskEncryptionSetOutput) ElementType() reflect.Type {
	return reflect.TypeOf((**DiskEncryptionSet)(nil)).Elem()
}

func (o DiskEncryptionSetOutput) ToDiskEncryptionSetOutput() DiskEncryptionSetOutput {
	return o
}

func (o DiskEncryptionSetOutput) ToDiskEncryptionSetOutputWithContext(ctx context.Context) DiskEncryptionSetOutput {
	return o
}

func (o DiskEncryptionSetOutput) AutoKeyRotationEnabled() pulumi.BoolPtrOutput {
	return o.ApplyT(func(v *DiskEncryptionSet) pulumi.BoolPtrOutput { return v.AutoKeyRotationEnabled }).(pulumi.BoolPtrOutput)
}

// The type of key used to encrypt the data of the disk. Possible values are `EncryptionAtRestWithCustomerKey`, `EncryptionAtRestWithPlatformAndCustomerKeys` and `ConfidentialVmEncryptedWithCustomerKey`. Defaults to `EncryptionAtRestWithCustomerKey`. Changing this forces a new resource to be created.
func (o DiskEncryptionSetOutput) EncryptionType() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *DiskEncryptionSet) pulumi.StringPtrOutput { return v.EncryptionType }).(pulumi.StringPtrOutput)
}

// Multi-tenant application client id to access key vault in a different tenant.
func (o DiskEncryptionSetOutput) FederatedClientId() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *DiskEncryptionSet) pulumi.StringPtrOutput { return v.FederatedClientId }).(pulumi.StringPtrOutput)
}

// An `identity` block as defined below.
func (o DiskEncryptionSetOutput) Identity() DiskEncryptionSetIdentityOutput {
	return o.ApplyT(func(v *DiskEncryptionSet) DiskEncryptionSetIdentityOutput { return v.Identity }).(DiskEncryptionSetIdentityOutput)
}

// Specifies the URL to a Key Vault Key (either from a Key Vault Key, or the Key URL for the Key Vault Secret).
//
// > **NOTE** Access to the KeyVault must be granted for this Disk Encryption Set, if you want to further use this Disk Encryption Set in a Managed Disk or Virtual Machine, or Virtual Machine Scale Set. For instructions, please refer to the doc of [Server side encryption of Azure managed disks](https://docs.microsoft.com/azure/virtual-machines/linux/disk-encryption).
//
// > **NOTE** A KeyVault using enableRbacAuthorization requires to use `authorization.Assignment` to assigne the role `Key Vault Crypto Service Encryption User` to this Disk Encryption Set.
// In this case, `keyvault.AccessPolicy` is not needed.
func (o DiskEncryptionSetOutput) KeyVaultKeyId() pulumi.StringOutput {
	return o.ApplyT(func(v *DiskEncryptionSet) pulumi.StringOutput { return v.KeyVaultKeyId }).(pulumi.StringOutput)
}

// The URL for the Key Vault Key or Key Vault Secret that is currently being used by the service.
func (o DiskEncryptionSetOutput) KeyVaultKeyUrl() pulumi.StringOutput {
	return o.ApplyT(func(v *DiskEncryptionSet) pulumi.StringOutput { return v.KeyVaultKeyUrl }).(pulumi.StringOutput)
}

// Specifies the Azure Region where the Disk Encryption Set exists. Changing this forces a new resource to be created.
func (o DiskEncryptionSetOutput) Location() pulumi.StringOutput {
	return o.ApplyT(func(v *DiskEncryptionSet) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput)
}

// The name of the Disk Encryption Set. Changing this forces a new resource to be created.
func (o DiskEncryptionSetOutput) Name() pulumi.StringOutput {
	return o.ApplyT(func(v *DiskEncryptionSet) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput)
}

// Specifies the name of the Resource Group where the Disk Encryption Set should exist. Changing this forces a new resource to be created.
func (o DiskEncryptionSetOutput) ResourceGroupName() pulumi.StringOutput {
	return o.ApplyT(func(v *DiskEncryptionSet) pulumi.StringOutput { return v.ResourceGroupName }).(pulumi.StringOutput)
}

// A mapping of tags to assign to the Disk Encryption Set.
func (o DiskEncryptionSetOutput) Tags() pulumi.StringMapOutput {
	return o.ApplyT(func(v *DiskEncryptionSet) pulumi.StringMapOutput { return v.Tags }).(pulumi.StringMapOutput)
}

type DiskEncryptionSetArrayOutput struct{ *pulumi.OutputState }

func (DiskEncryptionSetArrayOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*DiskEncryptionSet)(nil)).Elem()
}

func (o DiskEncryptionSetArrayOutput) ToDiskEncryptionSetArrayOutput() DiskEncryptionSetArrayOutput {
	return o
}

func (o DiskEncryptionSetArrayOutput) ToDiskEncryptionSetArrayOutputWithContext(ctx context.Context) DiskEncryptionSetArrayOutput {
	return o
}

func (o DiskEncryptionSetArrayOutput) Index(i pulumi.IntInput) DiskEncryptionSetOutput {
	return pulumi.All(o, i).ApplyT(func(vs []interface{}) *DiskEncryptionSet {
		return vs[0].([]*DiskEncryptionSet)[vs[1].(int)]
	}).(DiskEncryptionSetOutput)
}

type DiskEncryptionSetMapOutput struct{ *pulumi.OutputState }

func (DiskEncryptionSetMapOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*DiskEncryptionSet)(nil)).Elem()
}

func (o DiskEncryptionSetMapOutput) ToDiskEncryptionSetMapOutput() DiskEncryptionSetMapOutput {
	return o
}

func (o DiskEncryptionSetMapOutput) ToDiskEncryptionSetMapOutputWithContext(ctx context.Context) DiskEncryptionSetMapOutput {
	return o
}

func (o DiskEncryptionSetMapOutput) MapIndex(k pulumi.StringInput) DiskEncryptionSetOutput {
	return pulumi.All(o, k).ApplyT(func(vs []interface{}) *DiskEncryptionSet {
		return vs[0].(map[string]*DiskEncryptionSet)[vs[1].(string)]
	}).(DiskEncryptionSetOutput)
}

func init() {
	pulumi.RegisterInputType(reflect.TypeOf((*DiskEncryptionSetInput)(nil)).Elem(), &DiskEncryptionSet{})
	pulumi.RegisterInputType(reflect.TypeOf((*DiskEncryptionSetArrayInput)(nil)).Elem(), DiskEncryptionSetArray{})
	pulumi.RegisterInputType(reflect.TypeOf((*DiskEncryptionSetMapInput)(nil)).Elem(), DiskEncryptionSetMap{})
	pulumi.RegisterOutputType(DiskEncryptionSetOutput{})
	pulumi.RegisterOutputType(DiskEncryptionSetArrayOutput{})
	pulumi.RegisterOutputType(DiskEncryptionSetMapOutput{})
}