Resolve comments

internal/services/compute/disk_encryption_set.go

@@ -9,21 +9,26 @@ import (
 )
 
 // retrieveDiskEncryptionSetEncryptionType returns encryption type of the disk encryption set
-func retrieveDiskEncryptionSetEncryptionType(ctx context.Context, client *compute.DiskEncryptionSetsClient, diskEncryptionSetId string) (*string, error) {
+func retrieveDiskEncryptionSetEncryptionType(ctx context.Context, client *compute.DiskEncryptionSetsClient, diskEncryptionSetId string) (*compute.EncryptionType, error) {
 	diskEncryptionSet, err := parse.DiskEncryptionSetID(diskEncryptionSetId)
 	if err != nil {
 		return nil, err
 	}
 
 	resp, err := client.Get(ctx, diskEncryptionSet.ResourceGroup, diskEncryptionSet.Name)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("retrieving %s: %+v", *diskEncryptionSet, err)
+	}
+
+	var encryptionType *compute.EncryptionType
+	if props := resp.EncryptionSetProperties; props != nil && string(props.EncryptionType) != "" {
+		v := compute.EncryptionType(props.EncryptionType)
+		encryptionType = &v
 	}
 
-	if properties := resp.EncryptionSetProperties; properties != nil {
-		encryptionType := string(properties.EncryptionType)
-		return &encryptionType, nil
-	} else {
-		return nil, fmt.Errorf("could not get EncryptionSetProperties")
+	if encryptionType == nil {
+		return nil, fmt.Errorf("retrieving %s: EncryptionType was nil", *diskEncryptionSet)
 	}
+
+	return encryptionType, nil
 }

internal/services/compute/disk_encryption_set_resource.go

@@ -69,11 +69,11 @@ func resourceDiskEncryptionSet() *pluginsdk.Resource {
 				Type:     pluginsdk.TypeString,
 				Optional: true,
 				ForceNew: true,
-				Default:  compute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey,
+				Default:  string(compute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
 				ValidateFunc: validation.StringInSlice([]string{
 					string(compute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
 					string(compute.DiskEncryptionSetTypeEncryptionAtRestWithPlatformAndCustomerKeys),
-				}, true),
+				}, false),
 			},
 
 			"identity": {
@@ -216,7 +216,12 @@ func resourceDiskEncryptionSetRead(d *pluginsdk.ResourceData, meta interface{})
 		}
 		d.Set("key_vault_key_id", keyVaultKeyId)
 		d.Set("auto_key_rotation_enabled", props.RotationToLatestKeyVersionEnabled)
-		d.Set("encryption_type", props.EncryptionType)
+
+		encryptionType := string(compute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey)
+		if props.EncryptionType != "" {
+			encryptionType = string(props.EncryptionType)
+		}
+		d.Set("encryption_type", encryptionType)
 	}
 
 	if err := d.Set("identity", flattenDiskEncryptionSetIdentity(resp.Identity)); err != nil {

internal/services/compute/disk_encryption_set_resource_test.go

@@ -25,6 +25,7 @@ func TestAccDiskEncryptionSet_basic(t *testing.T) {
 			Config: r.basic(data),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("encryption_type").HasValue("EncryptionAtRestWithCustomerKey"),
 			),
 		},
 		data.ImportStep(),
@@ -110,18 +111,9 @@ func TestAccDiskEncryptionSet_withEncryptionType(t *testing.T) {
 
 	data.ResourceTest(t, r, []acceptance.TestStep{
 		{
-			Config: r.withEncryptionTypeDefault(data),
-			Check: acceptance.ComposeTestCheckFunc(
-				check.That(data.ResourceName).ExistsInAzure(r),
-				check.That(data.ResourceName).Key("encryption_type").HasValue("EncryptionAtRestWithCustomerKey"),
-			),
-		},
-		data.ImportStep(),
-		{
-			Config: r.withEncryptionTypeUpdated(data),
+			Config: r.withPlatformAndCustomerKeys(data),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
-				check.That(data.ResourceName).Key("encryption_type").HasValue("EncryptionAtRestWithPlatformAndCustomerKeys"),
 			),
 		},
 		data.ImportStep(),
@@ -317,24 +309,7 @@ resource "azurerm_disk_encryption_set" "test" {
 `, r.dependencies(data), data.RandomInteger)
 }
 
-func (r DiskEncryptionSetResource) withEncryptionTypeDefault(data acceptance.TestData) string {
-	return fmt.Sprintf(`
-%s
-
-resource "azurerm_disk_encryption_set" "test" {
-  name                = "acctestDES-%d"
-  resource_group_name = azurerm_resource_group.test.name
-  location            = azurerm_resource_group.test.location
-  key_vault_key_id    = azurerm_key_vault_key.test.id
-
-  identity {
-    type = "SystemAssigned"
-  }
-}
-`, r.dependencies(data), data.RandomInteger)
-}
-
-func (r DiskEncryptionSetResource) withEncryptionTypeUpdated(data acceptance.TestData) string {
+func (r DiskEncryptionSetResource) withPlatformAndCustomerKeys(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 %s
 

internal/services/compute/linux_virtual_machine_resource.go

@@ -1091,15 +1091,15 @@ func resourceLinuxVirtualMachineUpdate(d *pluginsdk.ResourceData, meta interface
 
 			encryptionType, err := retrieveDiskEncryptionSetEncryptionType(ctx, meta.(*clients.Client).Compute.DiskEncryptionSetsClient, diskEncryptionSetId)
 			if err != nil {
-				return fmt.Errorf("retrieving encryption type from disk encryption set %q: %+v", diskEncryptionSetId, err)
+				return err
 			}
 
 			disksClient := meta.(*clients.Client).Compute.DisksClient
 
 			update := compute.DiskUpdate{
 				DiskUpdateProperties: &compute.DiskUpdateProperties{
 					Encryption: &compute.Encryption{
-						Type:                compute.EncryptionType(*encryptionType),
+						Type:                *encryptionType,
 						DiskEncryptionSetID: utils.String(diskEncryptionSetId),
 					},
 				},

internal/services/compute/managed_disk_resource.go

@@ -346,11 +346,11 @@ func resourceManagedDiskCreate(d *pluginsdk.ResourceData, meta interface{}) erro
 	if diskEncryptionSetId := d.Get("disk_encryption_set_id").(string); diskEncryptionSetId != "" {
 		encryptionType, err := retrieveDiskEncryptionSetEncryptionType(ctx, meta.(*clients.Client).Compute.DiskEncryptionSetsClient, diskEncryptionSetId)
 		if err != nil {
-			return fmt.Errorf("retrieving encryption type from disk encryption set %q: %+v", diskEncryptionSetId, err)
+			return err
 		}
 
 		props.Encryption = &compute.Encryption{
-			Type:                compute.EncryptionType(*encryptionType),
+			Type:                *encryptionType,
 			DiskEncryptionSetID: utils.String(diskEncryptionSetId),
 		}
 	}
@@ -544,7 +544,7 @@ func resourceManagedDiskUpdate(d *pluginsdk.ResourceData, meta interface{}) erro
 		if diskEncryptionSetId := d.Get("disk_encryption_set_id").(string); diskEncryptionSetId != "" {
 			encryptionType, err := retrieveDiskEncryptionSetEncryptionType(ctx, meta.(*clients.Client).Compute.DiskEncryptionSetsClient, diskEncryptionSetId)
 			if err != nil {
-				return fmt.Errorf("retrieving encryption type from disk encryption set %q: %+v", diskEncryptionSetId, err)
+				return err
 			}
 
 			diskUpdate.Encryption = &compute.Encryption{

internal/services/compute/windows_virtual_machine_resource.go

@@ -1128,15 +1128,15 @@ func resourceWindowsVirtualMachineUpdate(d *pluginsdk.ResourceData, meta interfa
 
 			encryptionType, err := retrieveDiskEncryptionSetEncryptionType(ctx, meta.(*clients.Client).Compute.DiskEncryptionSetsClient, diskEncryptionSetId)
 			if err != nil {
-				return fmt.Errorf("retrieving encryption type from disk encryption set %q: %+v", diskEncryptionSetId, err)
+				return err
 			}
 
 			disksClient := meta.(*clients.Client).Compute.DisksClient
 
 			update := compute.DiskUpdate{
 				DiskUpdateProperties: &compute.DiskUpdateProperties{
 					Encryption: &compute.Encryption{
-						Type:                compute.EncryptionType(*encryptionType),
+						Type:                *encryptionType,
 						DiskEncryptionSetID: utils.String(diskEncryptionSetId),
 					},
 				},

website/docs/r/disk_encryption_set.html.markdown

@@ -107,7 +107,7 @@ The following arguments are supported:
 
 * `auto_key_rotation_enabled` - (Optional) Boolean flag to specify whether Azure Disk Encryption Set automatically rotates encryption Key to latest version. Defaults to `false`.
 
-* `encryption_type` - (Optional) The type of key used to encrypt the data of the disk. Allowed values are `EncryptionAtRestWithCustomerKey` and `EncryptionAtRestWithPlatformAndCustomerKeys`. Defaults to `EncryptionAtRestWithCustomerKey`.
+* `encryption_type` - (Optional) The type of key used to encrypt the data of the disk. Possible values are `EncryptionAtRestWithCustomerKey` and `EncryptionAtRestWithPlatformAndCustomerKeys`. Defaults to `EncryptionAtRestWithCustomerKey`.
 
 * `identity` - (Required) An `identity` block as defined below.
 

website/docs/r/linux_virtual_machine.html.markdown

@@ -248,8 +248,6 @@ A `os_disk` block supports the following:
 
 -> **NOTE:** The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault
 
--> **NOTE:** Encryption type of the key will be decided by the disk encryption set. [More info on encryption type](https://docs.microsoft.com/en-us/azure/virtual-machines/disk-encryption)
-
 * `disk_size_gb` - (Optional) The Size of the Internal OS Disk in GB, if you wish to vary from the size used in the image this Virtual Machine is sourced from.
 
 -> **NOTE:** If specified this must be equal to or larger than the size of the Image the Virtual Machine is based on. When creating a larger disk than exists in the image you'll need to repartition the disk to use the remaining space.

website/docs/r/managed_disk.html.markdown

@@ -97,8 +97,6 @@ The following arguments are supported:
 
 ~> **NOTE:** Disk Encryption Sets are in Public Preview in a limited set of regions
 
--> **NOTE:** Encryption type of the key will be decided by the disk encryption set. [More info on encryption type](https://docs.microsoft.com/en-us/azure/virtual-machines/disk-encryption)
-
 * `disk_iops_read_write` - (Optional) The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes.
 
 * `disk_mbps_read_write` - (Optional) The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second.

website/docs/r/windows_virtual_machine.html.markdown

@@ -241,8 +241,6 @@ A `os_disk` block supports the following:
 
 -> **NOTE:** The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault
 
--> **NOTE:** Encryption type of the key will be decided by the disk encryption set. [More info on encryption type](https://docs.microsoft.com/en-us/azure/virtual-machines/disk-encryption)
-
 * `disk_size_gb` - (Optional) The Size of the Internal OS Disk in GB, if you wish to vary from the size used in the image this Virtual Machine is sourced from.
 
 -> **NOTE:** If specified this must be equal to or larger than the size of the Image the Virtual Machine is based on. When creating a larger disk than exists in the image you'll need to repartition the disk to use the remaining space.