Skip to content

Commit

Permalink
add test for disk_encryption_set_id modification, update docs
Browse files Browse the repository at this point in the history
  • Loading branch information
kazimierzbudzyk committed Mar 21, 2020
1 parent 2bdf3c9 commit 3ba2372
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -324,7 +324,41 @@ func TestAccAzureRMManagedDisk_diskEncryptionSet(t *testing.T) {
),
},
{
Config: testAccAzureRMManagedDisk_diskEncryptionSet(data),
Config: testAccAzureRMManagedDisk_diskEncryptionSet(data, true),
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true),
),
},
data.ImportStep(),
},
})
}

func TestAccAzureRMManagedDisk_diskEncryptionSet_update(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_managed_disk", "test")
var d compute.Disk

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { acceptance.PreCheck(t) },
Providers: acceptance.SupportedProviders,
CheckDestroy: testCheckAzureRMManagedDiskDestroy,
Steps: []resource.TestStep{
{
// TODO: After applying soft-delete and purge-protection in keyVault, this extra step can be removed.
Config: testAccAzureRMManagedDisk_diskEncryptionSetDependencies(data),
Check: resource.ComposeTestCheckFunc(
enableSoftDeleteAndPurgeProtectionForKeyVault("azurerm_key_vault.test"),
),
},
{
Config: testAccAzureRMManagedDisk_diskEncryptionSet(data, false),
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true),
),
},
data.ImportStep(),
{
Config: testAccAzureRMManagedDisk_diskEncryptionSet(data, true),
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true),
),
Expand Down Expand Up @@ -947,8 +981,13 @@ resource "azurerm_key_vault_key" "test" {
`, data.RandomInteger, location, data.RandomString)
}

func testAccAzureRMManagedDisk_diskEncryptionSet(data acceptance.TestData) string {
func testAccAzureRMManagedDisk_diskEncryptionSet(data acceptance.TestData, complete bool) string {
template := testAccAzureRMManagedDisk_diskEncryptionSetDependencies(data)
diskEncryptionSetLine := ""
if complete {
diskEncryptionSetLine = "disk_encryption_set_id = azurerm_disk_encryption_set.test.id"
}

return fmt.Sprintf(`
%s
Expand Down Expand Up @@ -989,14 +1028,14 @@ resource "azurerm_managed_disk" "test" {
storage_account_type = "Standard_LRS"
create_option = "Empty"
disk_size_gb = 1
disk_encryption_set_id = azurerm_disk_encryption_set.test.id
%s
depends_on = [
"azurerm_role_assignment.disk-encryption-read-keyvault",
"azurerm_key_vault_access_policy.disk-encryption",
]
}
`, template, data.RandomInteger, data.RandomInteger)
`, template, data.RandomInteger, data.RandomInteger, diskEncryptionSetLine)
}

func testAccAzureRMManagedDisk_managedDiskAttached(data acceptance.TestData, diskSize int) string {
Expand Down
10 changes: 7 additions & 3 deletions azurerm/internal/services/compute/virtual_machine.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package compute
import (
"context"
"fmt"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/suppress"

"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-07-01/compute"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
Expand Down Expand Up @@ -283,9 +284,12 @@ func virtualMachineOSDiskSchema() *schema.Schema {
},

"disk_encryption_set_id": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validate.DiskEncryptionSetID,
Type: schema.TypeString,
Optional: true,
// TODO: make this case-sensitive once this bug in the Azure API has been fixed:
// https://github.com/Azure/azure-rest-api-specs/issues/8132
DiffSuppressFunc: suppress.CaseDifference,
ValidateFunc: validate.DiskEncryptionSetID,
},

"disk_size_gb": {
Expand Down
2 changes: 1 addition & 1 deletion website/docs/r/managed_disk.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ The following arguments are supported:

---

* `disk_encryption_set_id` - (Optional) The ID of a Disk Encryption Set which should be used to encrypt this Managed Disk. Changing this forces a new resource to be created.
* `disk_encryption_set_id` - (Optional) The ID of a Disk Encryption Set which should be used to encrypt this Managed Disk.

-> **NOTE:** The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault

Expand Down

0 comments on commit 3ba2372

Please sign in to comment.