Skip to content

Commit

Permalink
r\site_recovery_replicated_vm: Add support for `target_disk_encrypt…
Browse files Browse the repository at this point in the history
…ion_info`
  • Loading branch information
myc2h6o committed Mar 10, 2022
1 parent d50e6dd commit ebb2b51
Show file tree
Hide file tree
Showing 3 changed files with 429 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
"github.com/hashicorp/terraform-provider-azurerm/internal/features"
keyVaultValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/validate"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/recoveryservices/parse"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/recoveryservices/validate"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
Expand Down Expand Up @@ -175,6 +176,60 @@ func resourceSiteRecoveryReplicatedVM() *pluginsdk.Resource {
ValidateFunc: azure.ValidateResourceID,
DiffSuppressFunc: suppress.CaseDifference,
},

"target_disk_encryption_info": {
Type: pluginsdk.TypeList,
ConfigMode: pluginsdk.SchemaConfigModeAttr,
Optional: true,
ForceNew: true,
MaxItems: 1,
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"disk_encryption_key": {
Type: pluginsdk.TypeList,
ConfigMode: pluginsdk.SchemaConfigModeAttr,
Required: true,
MaxItems: 1,
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"secret_url": {
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: keyVaultValidate.NestedItemId,
},

"vault_id": {
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: keyVaultValidate.VaultID,
},
},
},
},
"key_encryption_key": {
Type: pluginsdk.TypeList,
ConfigMode: pluginsdk.SchemaConfigModeAttr,
Optional: true,
MaxItems: 1,
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"key_url": {
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: keyVaultValidate.NestedItemId,
},

"vault_id": {
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: keyVaultValidate.VaultID,
},
},
},
},
},
},
},
},
},
},
Expand Down Expand Up @@ -273,6 +328,7 @@ func resourceSiteRecoveryReplicatedItemCreate(d *pluginsdk.ResourceData, meta in
RecoveryReplicaDiskAccountType: &targetReplicaDiskType,
RecoveryTargetDiskAccountType: &targetDiskType,
RecoveryDiskEncryptionSetID: &targetEncryptionDiskSetID,
DiskEncryptionInfo: expandTargetDiskEncryptionInfo(diskInput["target_disk_encryption_info"].([]interface{})),
})
}

Expand Down Expand Up @@ -366,6 +422,7 @@ func resourceSiteRecoveryReplicatedItemUpdate(d *pluginsdk.ResourceData, meta in
DiskID: &diskId,
RecoveryReplicaDiskAccountType: &targetReplicaDiskType,
RecoveryTargetDiskAccountType: &targetDiskType,
DiskEncryptionInfo: expandTargetDiskEncryptionInfo(diskInput["target_disk_encryption_info"].([]interface{})),
})
}

Expand Down Expand Up @@ -492,6 +549,8 @@ func resourceSiteRecoveryReplicatedItemRead(d *pluginsdk.ResourceData, meta inte
}
diskOutput["target_disk_encryption_set_id"] = recoveryEncryptionSetId

diskOutput["target_disk_encryption_info"] = flattenTargetDiskEncryptionInfo(disk)

disksOutput = append(disksOutput, diskOutput)
}
d.Set("managed_disk", pluginsdk.NewSet(resourceSiteRecoveryReplicatedVMDiskHash, disksOutput))
Expand Down Expand Up @@ -626,3 +685,75 @@ func waitForReplicationToBeHealthyRefreshFunc(d *pluginsdk.ResourceData, meta in
return resp, *resp.Properties.ReplicationHealth, nil
}
}

func expandTargetDiskEncryptionInfo(diskEncryptionInfoList []interface{}) *siterecovery.DiskEncryptionInfo {
if len(diskEncryptionInfoList) == 0 {
return &siterecovery.DiskEncryptionInfo{}
}
diskEncryptionInfoMap := diskEncryptionInfoList[0].(map[string]interface{})

dek := diskEncryptionInfoMap["disk_encryption_key"].([]interface{})[0].(map[string]interface{})
diskEncryptionInfo := &siterecovery.DiskEncryptionInfo{
DiskEncryptionKeyInfo: &siterecovery.DiskEncryptionKeyInfo{
SecretIdentifier: utils.String(dek["secret_url"].(string)),
KeyVaultResourceArmID: utils.String(dek["vault_id"].(string)),
},
}

if keyEncryptionKey := diskEncryptionInfoMap["key_encryption_key"].([]interface{}); len(keyEncryptionKey) > 0 {
kek := keyEncryptionKey[0].(map[string]interface{})
diskEncryptionInfo.KeyEncryptionKeyInfo = &siterecovery.KeyEncryptionKeyInfo{
KeyIdentifier: utils.String(kek["key_url"].(string)),
KeyVaultResourceArmID: utils.String(kek["vault_id"].(string)),
}
}

return diskEncryptionInfo
}

func flattenTargetDiskEncryptionInfo(disk siterecovery.A2AProtectedManagedDiskDetails) []interface{} {
secretUrl := ""
dekVaultId := ""
keyUrl := ""
kekVaultId := ""

if disk.SecretIdentifier != nil {
secretUrl = *disk.SecretIdentifier
}
if disk.DekKeyVaultArmID != nil {
dekVaultId = *disk.DekKeyVaultArmID
}
if disk.KeyIdentifier != nil {
keyUrl = *disk.KeyIdentifier
}
if disk.KekKeyVaultArmID != nil {
kekVaultId = *disk.KekKeyVaultArmID
}

if secretUrl == "" && dekVaultId == "" && keyUrl == "" && kekVaultId == "" {
return []interface{}{}
}

diskEncryptionKeys := make([]interface{}, 0)
if secretUrl != "" || dekVaultId != "" {
diskEncryptionKeys = append(diskEncryptionKeys, map[string]interface{}{
"secret_url": secretUrl,
"vault_id": dekVaultId,
})
}

keyEncryptionKeys := make([]interface{}, 0)
if keyUrl != "" || kekVaultId != "" {
keyEncryptionKeys = append(keyEncryptionKeys, map[string]interface{}{
"key_url": keyUrl,
"vault_id": kekVaultId,
})
}

return []interface{}{
map[string]interface{}{
"disk_encryption_key": diskEncryptionKeys,
"key_encryption_key": keyEncryptionKeys,
},
}
}
Loading

0 comments on commit ebb2b51

Please sign in to comment.