-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new resource & data source: azurerm_disk_encryption_set #5249
Add new resource & data source: azurerm_disk_encryption_set #5249
Conversation
433b732
to
a497b8e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this PR - I've taken a look through and left some comments inline but this is off to a good start - if we can fix those up then we should be able to run the acceptance tests and take another look :)
Thanks!
azurerm/internal/services/compute/data_source_disk_encryption_set.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/compute/data_source_disk_encryption_set.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/compute/data_source_disk_encryption_set.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/compute/resource_arm_disk_encryption_set.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/compute/resource_arm_disk_encryption_set.go
Outdated
Show resolved
Hide resolved
return fmt.Errorf("Error setting `previous_keys`: %+v", err) | ||
} | ||
} | ||
if identity := resp.Identity; identity != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we need to ensure that identity
is set in all circumstances, so we can move this check inside the flatten function
azurerm/internal/services/compute/resource_arm_disk_encryption_set.go
Outdated
Show resolved
Hide resolved
|
||
Manage an Azure DiskEncryptionSet instance. | ||
|
||
-> **NOTE:** The DiskEncryptionSet service is currently in public preview and are only available in a limited set of regions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we make the phrasing consistent with other resources:
-> **NOTE:** The DiskEncryptionSet service is currently in public preview and are only available in a limited set of regions. | |
-> **NOTE:** Disk Encryption Sets are currently in Public Preview and are only available in a limited set of regions. |
how do users opt-into this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me ask the service team and then fill this information in.
Manage an Azure DiskEncryptionSet instance. | ||
|
||
-> **NOTE:** The DiskEncryptionSet service is currently in public preview and are only available in a limited set of regions. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
since this requires that the Key Vault is configured in a particular way - can we also document that here:
-> **NOTE:** At this time the Key Vault used to store the Active Key for this Disk Encryption Set must have both Soft Delete & Purge Protection enabled - which are not yet supported by Terraform - instead you can configure this using [a provisioner](https://www.terraform.io/docs/provisioners/local-exec.html) or [the `azurerm_template_deployment` resource](https://www.terraform.io/docs/providers/azurerm/r/template_deployment.html).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added. And do you think we should add the provisioner command in the example?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 - no this isn't something we'd recommend doing until it's natively supported (but that's blocked on the API issue mentioned above)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this PR - I've taken a look through and left some comments inline but this is off to a good start - if we can fix those up then we should be able to run the acceptance tests and take another look :)
Thanks!
Sorry for the double review - Github bug 🙃 |
83e5b2c
to
9d819ae
Compare
Hi @tombuildsstuff I have resolved some comments, and left some replies. Please have a look.
Could you please help me on this? What is possibly causing this error? Or is there some kinds of caches terraform are using during the acctest? |
9d819ae
to
22a999e
Compare
Hi @tombuildsstuff I have fixed the acc-tests:
|
55d4bc3
to
3f2b59c
Compare
@ArcturusZhang hope you don't mind but I've rebased this on top of master to fix the merge conflicts |
Sure, thanks. |
Hi @tombuildsstuff I should have fixed the CI failure, please have a look 🚀 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hey @ArcturusZhang
Thanks for pushing those changes - I've taken a look through and left some extra comments inline here. Since this is a Preview feature I've taken a closer look at this and noticed that the API Documentation is incorrect for the identity
field - insofar as this is Required rather than Optional.
As such I hope you don't mind but so that we can get this merged I'm going to push a couple of commits to resolve these comments (and also hard-code the test location for the moment to work around the limited regions supported by the Preview).
Thanks!
azurerm/internal/services/compute/data_source_disk_encryption_set.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/compute/resource_arm_disk_encryption_set.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/compute/resource_arm_disk_encryption_set.go
Outdated
Show resolved
Hide resolved
if location := resp.Location; location != nil { | ||
d.Set("location", azure.NormalizeLocation(*location)) | ||
} | ||
if encryptionSetProperties := resp.EncryptionSetProperties; encryptionSetProperties != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor to match everything else can we use props
here
azurerm/internal/services/compute/resource_arm_disk_encryption_set.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/compute/resource_arm_disk_encryption_set.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/compute/resource_arm_disk_encryption_set.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/compute/tests/resource_arm_disk_encryption_set_test.go
Outdated
Show resolved
Hide resolved
74ce628
to
b762f5a
Compare
Thanks @tombuildsstuff ! |
This has been released in version 1.41.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 1.41.0"
}
# ... other configuration ... |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
This is part of update of the SSE-CMK feature, adding a new resource and a data source:
azurerm_disk_encryption_set
.This feature requires Keyvault to enable
enable_soft_delete
andenable_purge_protection
, which are both not implemented in terraform. And the creation ofazurerm_disk_encryption_set
depends on those two switches, otherwise the service will return errors complaining about this.Therefore I did some workaround in the test of
azurerm_disk_encryption_set
. I will change the workaround back when these two features are implemented inazurerm_key_vault
.Currently the fields that could accept user input in a DiskEncryptionSet is all required, therefore I do not put a complete test, since all the fields are covered in the basic test.