diff --git a/azurerm/internal/services/compute/resource_arm_managed_disk.go b/azurerm/internal/services/compute/resource_arm_managed_disk.go index ef3289334b18..aa04b66ec2c1 100644 --- a/azurerm/internal/services/compute/resource_arm_managed_disk.go +++ b/azurerm/internal/services/compute/resource_arm_managed_disk.go @@ -376,6 +376,11 @@ func resourceArmManagedDiskUpdate(d *schema.ResourceData, meta interface{}) erro } } + // whilst we need to shut this down, if we're not attached to anything there's no point + if shouldShutDown && disk.ManagedBy == nil { + shouldShutDown = false + } + // if we are attached to a VM we bring down the VM as necessary for the operations which are not allowed while it's online if shouldShutDown { virtualMachine, err := ParseVirtualMachineID(*disk.ManagedBy) diff --git a/azurerm/internal/services/compute/tests/resource_arm_managed_disk_test.go b/azurerm/internal/services/compute/tests/resource_arm_managed_disk_test.go index bd7acde6e151..af01f56f1204 100644 --- a/azurerm/internal/services/compute/tests/resource_arm_managed_disk_test.go +++ b/azurerm/internal/services/compute/tests/resource_arm_managed_disk_test.go @@ -317,14 +317,7 @@ func TestAccAzureRMManagedDisk_diskEncryptionSet(t *testing.T) { CheckDestroy: testCheckAzureRMManagedDiskDestroy, Steps: []resource.TestStep{ { - // TODO: After applying soft-delete and purge-protection in keyVault, this extra step can be removed. - Config: testAccAzureRMManagedDisk_diskEncryptionSetDependencies(data), - Check: resource.ComposeTestCheckFunc( - enableSoftDeleteAndPurgeProtectionForKeyVault("azurerm_key_vault.test"), - ), - }, - { - Config: testAccAzureRMManagedDisk_diskEncryptionSet(data, true), + Config: testAccAzureRMManagedDisk_diskEncryptionSetEncrypted(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true), ), @@ -344,21 +337,14 @@ func TestAccAzureRMManagedDisk_diskEncryptionSet_update(t *testing.T) { CheckDestroy: testCheckAzureRMManagedDiskDestroy, Steps: []resource.TestStep{ { - // TODO: After applying soft-delete and purge-protection in keyVault, this extra step can be removed. - Config: testAccAzureRMManagedDisk_diskEncryptionSetDependencies(data), - Check: resource.ComposeTestCheckFunc( - enableSoftDeleteAndPurgeProtectionForKeyVault("azurerm_key_vault.test"), - ), - }, - { - Config: testAccAzureRMManagedDisk_diskEncryptionSet(data, false), + Config: testAccAzureRMManagedDisk_diskEncryptionSetUnencrypted(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true), ), }, data.ImportStep(), { - Config: testAccAzureRMManagedDisk_diskEncryptionSet(data, true), + Config: testAccAzureRMManagedDisk_diskEncryptionSetEncrypted(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true), ), @@ -423,8 +409,6 @@ func TestAccAzureRMManagedDisk_attachedStorageTypeUpdate(t *testing.T) { }) } -// TODO: More property update tests? - func testCheckAzureRMManagedDiskExists(resourceName string, d *compute.Disk, shouldExist bool) resource.TestCheckFunc { return func(s *terraform.State) error { client := acceptance.AzureProvider.Meta().(*clients.Client).Compute.DisksClient @@ -758,7 +742,7 @@ resource "azurerm_managed_disk" "test" { resource_group_name = azurerm_resource_group.test.name os_type = "Linux" create_option = "FromImage" - disk_size_gb = "0" + disk_size_gb = 0 image_reference_id = data.azurerm_platform_image.test.id storage_account_type = "Standard_LRS" } @@ -783,10 +767,7 @@ resource "azurerm_key_vault" "test" { location = "${azurerm_resource_group.test.location}" resource_group_name = "${azurerm_resource_group.test.name}" tenant_id = "${data.azurerm_client_config.current.tenant_id}" - - sku { - name = "premium" - } + sku_name = "premium" access_policy { tenant_id = "${data.azurerm_client_config.current.tenant_id}" @@ -967,6 +948,8 @@ resource "azurerm_key_vault" "test" { tenant_id = data.azurerm_client_config.current.tenant_id sku_name = "premium" enabled_for_disk_encryption = true + soft_delete_enabled = true + purge_protection_enabled = true } resource "azurerm_key_vault_access_policy" "service-principal" { @@ -1005,18 +988,6 @@ resource "azurerm_key_vault_key" "test" { depends_on = ["azurerm_key_vault_access_policy.service-principal"] } -`, data.RandomInteger, location, data.RandomString) -} - -func testAccAzureRMManagedDisk_diskEncryptionSet(data acceptance.TestData, complete bool) string { - template := testAccAzureRMManagedDisk_diskEncryptionSetDependencies(data) - diskEncryptionSetLine := "" - if complete { - diskEncryptionSetLine = "disk_encryption_set_id = azurerm_disk_encryption_set.test.id" - } - - return fmt.Sprintf(` -%s resource "azurerm_disk_encryption_set" "test" { name = "acctestdes-%d" @@ -1047,22 +1018,51 @@ resource "azurerm_role_assignment" "disk-encryption-read-keyvault" { role_definition_name = "Reader" principal_id = azurerm_disk_encryption_set.test.identity.0.principal_id } +`, data.RandomInteger, location, data.RandomString, data.RandomInteger) +} + +func testAccAzureRMManagedDisk_diskEncryptionSetEncrypted(data acceptance.TestData) string { + template := testAccAzureRMManagedDisk_diskEncryptionSetDependencies(data) + return fmt.Sprintf(` +%s resource "azurerm_managed_disk" "test" { - name = "acctestd-%d" - location = azurerm_resource_group.test.location - resource_group_name = azurerm_resource_group.test.name - storage_account_type = "Standard_LRS" - create_option = "Empty" - disk_size_gb = 1 - %s + name = "acctestd-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + storage_account_type = "Standard_LRS" + create_option = "Empty" + disk_size_gb = 1 + disk_encryption_set_id = azurerm_disk_encryption_set.test.id + + depends_on = [ + "azurerm_role_assignment.disk-encryption-read-keyvault", + "azurerm_key_vault_access_policy.disk-encryption", + ] +} +`, template, data.RandomInteger) +} + +func testAccAzureRMManagedDisk_diskEncryptionSetUnencrypted(data acceptance.TestData) string { + template := testAccAzureRMManagedDisk_diskEncryptionSetDependencies(data) + + return fmt.Sprintf(` +%s + +resource "azurerm_managed_disk" "test" { + name = "acctestd-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + storage_account_type = "Standard_LRS" + create_option = "Empty" + disk_size_gb = 1 depends_on = [ "azurerm_role_assignment.disk-encryption-read-keyvault", "azurerm_key_vault_access_policy.disk-encryption", ] } -`, template, data.RandomInteger, data.RandomInteger, diskEncryptionSetLine) +`, template, data.RandomInteger) } func testAccAzureRMManagedDisk_managedDiskAttached(data acceptance.TestData, diskSize int) string { @@ -1085,7 +1085,7 @@ resource "azurerm_managed_disk" "test" { resource "azurerm_virtual_machine_data_disk_attachment" "test" { managed_disk_id = azurerm_managed_disk.test.id - virtual_machine_id = azurerm_virtual_machine.test.id + virtual_machine_id = azurerm_linux_virtual_machine.test.id lun = "0" caching = "None" } @@ -1112,7 +1112,7 @@ resource "azurerm_managed_disk" "test" { resource "azurerm_virtual_machine_data_disk_attachment" "test" { managed_disk_id = azurerm_managed_disk.test.id - virtual_machine_id = azurerm_virtual_machine.test.id + virtual_machine_id = azurerm_linux_virtual_machine.test.id lun = "0" caching = "None" } @@ -1152,36 +1152,30 @@ resource "azurerm_network_interface" "test" { } } -resource "azurerm_virtual_machine" "test" { - name = "acctvm-%d" - location = azurerm_resource_group.test.location - resource_group_name = azurerm_resource_group.test.name - network_interface_ids = [azurerm_network_interface.test.id] - vm_size = "Standard_F2" +resource "azurerm_linux_virtual_machine" "test" { + name = "acctestvm-%d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + size = "Standard_D2s_v3" + admin_username = "adminuser" + admin_password = "Password1234!" + disable_password_authentication = false + + network_interface_ids = [ + azurerm_network_interface.test.id, + ] + + os_disk { + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + } - storage_image_reference { + source_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" } - - storage_os_disk { - name = "myosdisk1" - caching = "ReadWrite" - create_option = "FromImage" - managed_disk_type = "Standard_LRS" - } - - os_profile { - computer_name = "hostname" - admin_username = "testadmin" - admin_password = "Password1234!" - } - - os_profile_linux_config { - disable_password_authentication = false - } } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) } diff --git a/azurerm/internal/services/compute/validation.go b/azurerm/internal/services/compute/validation.go index 0ac7280b5851..f1e6cdc88051 100644 --- a/azurerm/internal/services/compute/validation.go +++ b/azurerm/internal/services/compute/validation.go @@ -140,7 +140,7 @@ func validateDiskSizeGB(v interface{}, _ string) (warnings []string, errors []er func validateManagedDiskSizeGB(v interface{}, _ string) (warnings []string, errors []error) { value := v.(int) - if value < 1 || value > 32767 { + if value < 0 || value > 32767 { errors = append(errors, fmt.Errorf( "The `disk_size_gb` can only be between 0 and 32767")) }