Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update ManagedDisks for SSE-CMK feature #5250

Merged
merged 11 commits into from
Jan 14, 2020

Conversation

ArcturusZhang
Copy link
Contributor

This is part of update of the SSE-CMK feature, adding new fields for azurerm_managed_disk.

@tombuildsstuff
Copy link
Contributor

Dependent on #5249

Copy link
Contributor

@tombuildsstuff tombuildsstuff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hey @ArcturusZhang

Thanks for this PR - I've taken a look through and left some comments inline. As discussed offline since this needed to be rebased on top of #5249 so that we can add some acceptance tests I hope you don't mind but I've pushed some commits to resolve the issues raised and add some tests.

Thanks!

}
}

createDisk.Encryption = &encryption
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since this is optional we need to move this within the if statement

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

on reflection we could also infer the value for encryption_type - since the value's dependent on disk_encryption_set_id?

@@ -113,6 +113,12 @@ The following arguments are supported:

* `encryption_settings` - (Optional) an `encryption_settings` block as defined below.

* `encryption_type` - (Optional) The type of key used to encrypt the data of the disk. Valid values are `EncryptionAtRestWithPlatformKey` or `EncryptionAtRestWithCustomerKey`. Default value is `EncryptionAtRestWithPlatformKey`. When set to `EncryptionAtRestWithPlatformKey`, the disk is encrypted with XStore managed key at rest. When set to `EncryptionAtRestWithCustomerKey`, the disk is encrypted with Customer managed key at rest, and the `managed_disk_encryption_set_id` must be set to a valid `azurerm_disk_encryption_set` ID.

* `managed_disk_encryption_set_id` - (Optional) ID of the disk encryption set to use for enabling encryption at rest.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* `managed_disk_encryption_set_id` - (Optional) ID of the disk encryption set to use for enabling encryption at rest.
* `disk_encryption_set_id` - (Optional) ID of the Disk Encryption Set which should be used to Encrypt the Disk.
-> **NOTE:** This field can only be specified when `encryption_type` is set to `EncryptionAtRestWithCustomerKey`

this also wants a Preview note:

~> **NOTE:** Disk Encryption Sets are in Preview.

@@ -71,6 +71,16 @@ func dataSourceArmManagedDisk() *schema.Resource {
Computed: true,
},

"encryption_type": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

after investigating it appears we can set this field conditionally based on disk_encryption_set_id having a value - as such we can remove this

d.Set("disk_size_gb", props.DiskSizeGB)
d.Set("disk_iops_read_write", props.DiskIOPSReadWrite)
d.Set("disk_mbps_read_write", props.DiskMBpsReadWrite)
d.Set("os_type", props.OsType)
if encryption := props.Encryption; encryption != nil {
d.Set("encryption_type", string(encryption.Type))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

after investigating it appears we can set this field conditionally based on disk_encryption_set_id having a value - as such we can remove this

Suggested change
d.Set("encryption_type", string(encryption.Type))

@@ -113,6 +113,12 @@ The following arguments are supported:

* `encryption_settings` - (Optional) an `encryption_settings` block as defined below.

* `encryption_type` - (Optional) The type of key used to encrypt the data of the disk. Valid values are `EncryptionAtRestWithPlatformKey` or `EncryptionAtRestWithCustomerKey`. Default value is `EncryptionAtRestWithPlatformKey`. When set to `EncryptionAtRestWithPlatformKey`, the disk is encrypted with XStore managed key at rest. When set to `EncryptionAtRestWithCustomerKey`, the disk is encrypted with Customer managed key at rest, and the `managed_disk_encryption_set_id` must be set to a valid `azurerm_disk_encryption_set` ID.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can remove this:

Suggested change
* `encryption_type` - (Optional) The type of key used to encrypt the data of the disk. Valid values are `EncryptionAtRestWithPlatformKey` or `EncryptionAtRestWithCustomerKey`. Default value is `EncryptionAtRestWithPlatformKey`. When set to `EncryptionAtRestWithPlatformKey`, the disk is encrypted with XStore managed key at rest. When set to `EncryptionAtRestWithCustomerKey`, the disk is encrypted with Customer managed key at rest, and the `managed_disk_encryption_set_id` must be set to a valid `azurerm_disk_encryption_set` ID.

@@ -113,5 +113,7 @@ resource "azurerm_virtual_machine" "example" {
* `disk_size_gb` - The size of the managed disk in gigabytes.
* `disk_iops_read_write` - The number of IOPS allowed for this disk. One operation can transfer between 4k and 256k bytes.
* `disk_mbps_read_write` - The bandwidth allowed for this disk.
* `encryption_type` - The type of key used to encrypt the data of the disk.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* `encryption_type` - The type of key used to encrypt the data of the disk.

Copy link
Member

@mbfrahry mbfrahry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM once tests are passing

@ArcturusZhang
Copy link
Contributor Author

ArcturusZhang commented Jan 14, 2020

Thanks a lot @tombuildsstuff for the modification!
And I also made some changes in the VMSS PR to conform the changes here.

@tombuildsstuff
Copy link
Contributor

Tests pass:

Screenshot 2020-01-14 at 12 50 04

@tombuildsstuff tombuildsstuff merged commit 7e57289 into hashicorp:master Jan 14, 2020
tombuildsstuff added a commit that referenced this pull request Jan 14, 2020
@ghost
Copy link

ghost commented Jan 16, 2020

This has been released in version 1.41.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 1.41.0"
}
# ... other configuration ...

@ArcturusZhang ArcturusZhang deleted the ManagedDisks branch January 17, 2020 02:23
@ghost
Copy link

ghost commented Mar 28, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 28, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants