r\hpc_cache: Add support for encryption key
#16972
Conversation
There was a problem hiding this comment.
hi @myc2h6o
Thanks for this PR - I've taken a look through and left a few comments inline, if we can fix those comments up then we should be able to take another look.
Thanks!
| "identity": { | ||
| Type: pluginsdk.TypeList, | ||
| Optional: true, | ||
| ForceNew: true, | ||
| MaxItems: 1, | ||
| Elem: &pluginsdk.Resource{ | ||
| Schema: map[string]*pluginsdk.Schema{ | ||
| "type": { | ||
| Type: pluginsdk.TypeString, | ||
| Required: true, | ||
| ValidateFunc: validation.StringInSlice([]string{ | ||
| // System-assigned Managed Identity requires manual operation on Portal | ||
| string(storagecache.CacheIdentityTypeUserAssigned), | ||
| }, false), | ||
| }, | ||
| "identity_ids": { | ||
| Type: pluginsdk.TypeSet, | ||
| Optional: true, | ||
| Elem: &pluginsdk.Schema{ | ||
| Type: pluginsdk.TypeString, | ||
| ValidateFunc: msivalidate.UserAssignedIdentityID, | ||
| }, | ||
| }, | ||
| }, | ||
| }, | ||
| }, |
There was a problem hiding this comment.
this needs to be using Common Schema: https://github.com/hashicorp/go-azure-helpers/blob/main/resourcemanager/commonschema/identity_user.go
There was a problem hiding this comment.
have updated to commonschema.UserAssignedIdentityOptionalForceNew()
|
|
||
| * `identity` - (Optional) An `identity` block as defined below. | ||
|
|
||
| * `key_vault_key_id` - (Optional) Specifies the URL to a Key Vault Key. |
There was a problem hiding this comment.
is this the Resource Manager or Data Plane Key ID?
There was a problem hiding this comment.
this is Resource Managed ID, which is azurerm_key_vault_key.id, have updated the description to be clear
|
|
||
| * `key_vault_key_id` - (Optional) Specifies the URL to a Key Vault Key. | ||
|
|
||
| ~> **NOTE:** `auto_key_rotation_enabled` must be set to `false` when updating `key_vault_key_id`. |
There was a problem hiding this comment.
that'd be a provider behaviour we're missing, to disable this, then re-enable it during the update?
There was a problem hiding this comment.
Yes make sense, I've updated the code to trigger another update when the key is updated and auto key rotation is enabled
| @@ -83,7 +83,15 @@ The following arguments are supported: | |||
| * `directory_ldap` - (Optional) A `directory_ldap` block as defined below. | |||
|
|
|||
| ~> **Note:** Only one of `directory_active_directory`, `directory_flat_file` and `directory_ldap` can be set. | |||
|
|
|||
|
|
|||
| * `identity` - (Optional) An `identity` block as defined below. | |||
There was a problem hiding this comment.
Added the forceNew description
| * `type` - (Required) Specifies the type of Managed Service Identity that should be configured on this HPC Cache. Possible value is `UserAssigned`. | ||
|
|
||
| * `identity_ids` - (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this HPC Cache. |
There was a problem hiding this comment.
there's common phrasing for these now, can we pull these from another resource
There was a problem hiding this comment.
Have updated to use the common phrasing
|
Hi @tombuildsstuff thanks for reviewing the change! I've resolved the comment, could you please take another look? |
|
Updated test result: (Failed test
|
| autoKeyRotationEnabled = *props.RotationToLatestKeyVersionEnabled | ||
| } | ||
| } | ||
| d.Set("key_vault_key_id", keyVaultKeyId) | ||
| d.Set("auto_key_rotation_enabled", autoKeyRotationEnabled) |
There was a problem hiding this comment.
given the name of the property
| autoKeyRotationEnabled = *props.RotationToLatestKeyVersionEnabled | |
| } | |
| } | |
| d.Set("key_vault_key_id", keyVaultKeyId) | |
| d.Set("auto_key_rotation_enabled", autoKeyRotationEnabled) | |
| autoKeyRotationEnabled = *props.RotationToLatestKeyVersionEnabled | |
| } | |
| } | |
| d.Set("key_vault_key_id", keyVaultKeyId) | |
| d.Set("automatically_rotate_key_to_latest_enabled", autoKeyRotationEnabled) |
There was a problem hiding this comment.
@katbyte I've renamed the property name.
|
Updated test result |
|
This functionality has been released in v3.10.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
terraform-provider-azurerm/internal/services/compute/disk_encryption_set_resource.go
Line 113 in 82de9ae
key_vault_key_id,auto_key_rotation_enabledwill be set tofalseat backend, have confirmed with service team that this is by design, so added validation to enforceauto_key_rotation_enabledto befalsewhen changingkey_vault_key_id