From 8888585f00e8d3a8a8883bec5f9274f28b9d8046 Mon Sep 17 00:00:00 2001
From: Christoffer Reijer <christoffer.reijer@redhat.com>
Date: Tue, 31 Oct 2023 11:11:32 +0100
Subject: [PATCH 1/2] Add disk_encryption_set for data disks in
 azure_rm_virtualmachine

Add the parameter `data_disks.disk_encryption_set` to the
`azure_rm_virtualmachine` module, making it possible to specify which
DES to use when encrypting the data disk.

This is required when creating a VM (with data disks) from an encrypted
image which resides in another landing zone.
---
 plugins/modules/azure_rm_virtualmachine.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/plugins/modules/azure_rm_virtualmachine.py b/plugins/modules/azure_rm_virtualmachine.py
index 35435b821..0e2355033 100644
--- a/plugins/modules/azure_rm_virtualmachine.py
+++ b/plugins/modules/azure_rm_virtualmachine.py
@@ -262,6 +262,10 @@
                     - Size can be changed only when the virtual machine is deallocated.
                     - Not sure when I(managed_disk_id) defined.
                 type: int
+            disk_encryption_set:
+                description:
+                    - ID of disk encryption set for data disk.
+                type: str
             managed_disk_type:
                 description:
                     - Managed data disk type.
@@ -1865,6 +1869,10 @@ def exec_module(self, **kwargs):
                             else:
                                 data_disk_vhd = None
                                 data_disk_managed_disk = self.compute_models.ManagedDiskParameters(storage_account_type=data_disk['managed_disk_type'])
+                                if data_disk.get('disk_encryption_set'):
+                                    data_disk_managed_disk.disk_encryption_set = self.compute_models.DiskEncryptionSetParameters(
+                                        id=data_disk['disk_encryption_set']
+                                    )
                                 disk_name = self.name + "-datadisk-" + str(count)
                                 count += 1
 
@@ -2116,6 +2124,10 @@ def exec_module(self, **kwargs):
                             if data_disk.get('managed_disk'):
                                 managed_disk_type = data_disk['managed_disk'].get('storage_account_type')
                                 data_disk_managed_disk = self.compute_models.ManagedDiskParameters(storage_account_type=managed_disk_type)
+                                if data_disk.get('disk_encryption_set'):
+                                    data_disk_managed_disk.disk_encryption_set = self.compute_models.DiskEncryptionSetParameters(
+                                        id=data_disk['disk_encryption_set']
+                                    )
                                 data_disk_vhd = None
                             else:
                                 data_disk_vhd = data_disk['vhd']['uri']

From 3de8cea104457c0c95f888c8c56ab2dc35396987 Mon Sep 17 00:00:00 2001
From: Christoffer Reijer <christoffer.reijer@redhat.com>
Date: Tue, 7 Nov 2023 17:27:42 +0100
Subject: [PATCH 2/2] Add disk_encryption_set to arg spec

---
 plugins/modules/azure_rm_virtualmachine.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/plugins/modules/azure_rm_virtualmachine.py b/plugins/modules/azure_rm_virtualmachine.py
index 0e2355033..5525d275c 100644
--- a/plugins/modules/azure_rm_virtualmachine.py
+++ b/plugins/modules/azure_rm_virtualmachine.py
@@ -1116,6 +1116,7 @@ def __init__(self):
                 options=dict(
                     lun=dict(type='int', required=True),
                     disk_size_gb=dict(type='int'),
+                    disk_encryption_set=dict(type='str'),
                     managed_disk_type=dict(type='str', choices=['Standard_LRS', 'StandardSSD_LRS',
                                            'StandardSSD_ZRS', 'Premium_LRS', 'Premium_ZRS', 'UltraSSD_LRS']),
                     storage_account_name=dict(type='str'),