-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update ManagedDisks for SSE-CMK feature #5250
Conversation
Dependent on #5249 |
45d873f
to
2f904d1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hey @ArcturusZhang
Thanks for this PR - I've taken a look through and left some comments inline. As discussed offline since this needed to be rebased on top of #5249 so that we can add some acceptance tests I hope you don't mind but I've pushed some commits to resolve the issues raised and add some tests.
Thanks!
} | ||
} | ||
|
||
createDisk.Encryption = &encryption |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
since this is optional we need to move this within the if statement
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
on reflection we could also infer the value for encryption_type
- since the value's dependent on disk_encryption_set_id
?
@@ -113,6 +113,12 @@ The following arguments are supported: | |||
|
|||
* `encryption_settings` - (Optional) an `encryption_settings` block as defined below. | |||
|
|||
* `encryption_type` - (Optional) The type of key used to encrypt the data of the disk. Valid values are `EncryptionAtRestWithPlatformKey` or `EncryptionAtRestWithCustomerKey`. Default value is `EncryptionAtRestWithPlatformKey`. When set to `EncryptionAtRestWithPlatformKey`, the disk is encrypted with XStore managed key at rest. When set to `EncryptionAtRestWithCustomerKey`, the disk is encrypted with Customer managed key at rest, and the `managed_disk_encryption_set_id` must be set to a valid `azurerm_disk_encryption_set` ID. | |||
|
|||
* `managed_disk_encryption_set_id` - (Optional) ID of the disk encryption set to use for enabling encryption at rest. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* `managed_disk_encryption_set_id` - (Optional) ID of the disk encryption set to use for enabling encryption at rest. | |
* `disk_encryption_set_id` - (Optional) ID of the Disk Encryption Set which should be used to Encrypt the Disk. | |
-> **NOTE:** This field can only be specified when `encryption_type` is set to `EncryptionAtRestWithCustomerKey` |
this also wants a Preview note:
~> **NOTE:** Disk Encryption Sets are in Preview.
@@ -71,6 +71,16 @@ func dataSourceArmManagedDisk() *schema.Resource { | |||
Computed: true, | |||
}, | |||
|
|||
"encryption_type": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
after investigating it appears we can set this field conditionally based on disk_encryption_set_id
having a value - as such we can remove this
d.Set("disk_size_gb", props.DiskSizeGB) | ||
d.Set("disk_iops_read_write", props.DiskIOPSReadWrite) | ||
d.Set("disk_mbps_read_write", props.DiskMBpsReadWrite) | ||
d.Set("os_type", props.OsType) | ||
if encryption := props.Encryption; encryption != nil { | ||
d.Set("encryption_type", string(encryption.Type)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
after investigating it appears we can set this field conditionally based on disk_encryption_set_id
having a value - as such we can remove this
d.Set("encryption_type", string(encryption.Type)) |
@@ -113,6 +113,12 @@ The following arguments are supported: | |||
|
|||
* `encryption_settings` - (Optional) an `encryption_settings` block as defined below. | |||
|
|||
* `encryption_type` - (Optional) The type of key used to encrypt the data of the disk. Valid values are `EncryptionAtRestWithPlatformKey` or `EncryptionAtRestWithCustomerKey`. Default value is `EncryptionAtRestWithPlatformKey`. When set to `EncryptionAtRestWithPlatformKey`, the disk is encrypted with XStore managed key at rest. When set to `EncryptionAtRestWithCustomerKey`, the disk is encrypted with Customer managed key at rest, and the `managed_disk_encryption_set_id` must be set to a valid `azurerm_disk_encryption_set` ID. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can remove this:
* `encryption_type` - (Optional) The type of key used to encrypt the data of the disk. Valid values are `EncryptionAtRestWithPlatformKey` or `EncryptionAtRestWithCustomerKey`. Default value is `EncryptionAtRestWithPlatformKey`. When set to `EncryptionAtRestWithPlatformKey`, the disk is encrypted with XStore managed key at rest. When set to `EncryptionAtRestWithCustomerKey`, the disk is encrypted with Customer managed key at rest, and the `managed_disk_encryption_set_id` must be set to a valid `azurerm_disk_encryption_set` ID. |
@@ -113,5 +113,7 @@ resource "azurerm_virtual_machine" "example" { | |||
* `disk_size_gb` - The size of the managed disk in gigabytes. | |||
* `disk_iops_read_write` - The number of IOPS allowed for this disk. One operation can transfer between 4k and 256k bytes. | |||
* `disk_mbps_read_write` - The bandwidth allowed for this disk. | |||
* `encryption_type` - The type of key used to encrypt the data of the disk. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* `encryption_type` - The type of key used to encrypt the data of the disk. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM once tests are passing
Thanks a lot @tombuildsstuff for the modification! |
9c4cb43
to
189508e
Compare
Unfortunately it appears that this information is now required in the API as such we'll have to make this optional+required Fixes hashicorp#4994
This has been released in version 1.41.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 1.41.0"
}
# ... other configuration ... |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
This is part of update of the SSE-CMK feature, adding new fields for
azurerm_managed_disk
.