azurerm_search_service - support attribute `customer_managed_key_en…

…cryption_compliance_status` (#27478) * add attribute `customer_managed_key_encryption_compliance_status` in search_service * Update internal/services/search/search_service_data_source.go Co-authored-by: stephybun <[email protected]> * Apply suggestions from code review Co-authored-by: stephybun <[email protected]> * Fix compile error in data source `azurerm_search_service` --------- Co-authored-by: stephybun <[email protected]>
hashicorp · Nov 25, 2024 · 72efe20 · 72efe20
1 parent 4a162aa
commit 72efe20
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 0 deletions.
diff --git a/internal/services/search/search_service_data_source.go b/internal/services/search/search_service_data_source.go
@@ -38,6 +38,11 @@ func dataSourceSearchService() *pluginsdk.Resource {
 
 			"resource_group_name": commonschema.ResourceGroupNameForDataSource(),
 
+			"customer_managed_key_encryption_compliance_status": {
+				Type:     pluginsdk.TypeString,
+				Computed: true,
+			},
+
 			"replica_count": {
 				Type:     pluginsdk.TypeInt,
 				Computed: true,
@@ -115,6 +120,10 @@ func dataSourceSearchServiceRead(d *pluginsdk.ResourceData, meta interface{}) er
 			replicaCount := 1
 			publicNetworkAccess := true
 
+			if props.EncryptionWithCmk != nil {
+				d.Set("customer_managed_key_encryption_compliance_status", string(pointer.From(props.EncryptionWithCmk.EncryptionComplianceStatus)))
+			}
+
 			if count := props.PartitionCount; count != nil {
 				partitionCount = int(*count)
 			}

diff --git a/internal/services/search/search_service_data_source_test.go b/internal/services/search/search_service_data_source_test.go
@@ -21,6 +21,7 @@ func TestAccDataSourceSearchService_basic(t *testing.T) {
 		{
 			Config: r.basic(data),
 			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("customer_managed_key_encryption_compliance_status").Exists(),
 				check.That(data.ResourceName).Key("replica_count").Exists(),
 				check.That(data.ResourceName).Key("partition_count").Exists(),
 				check.That(data.ResourceName).Key("primary_key").Exists(),

diff --git a/internal/services/search/search_service_resource.go b/internal/services/search/search_service_resource.go
@@ -125,6 +125,11 @@ func resourceSearchService() *pluginsdk.Resource {
 				Default:  false,
 			},
 
+			"customer_managed_key_encryption_compliance_status": {
+				Type:     pluginsdk.TypeString,
+				Computed: true,
+			},
+
 			"primary_key": {
 				Type:      pluginsdk.TypeString,
 				Computed:  true,
@@ -557,6 +562,7 @@ func resourceSearchServiceRead(d *pluginsdk.ResourceData, meta interface{}) erro
 
 			if props.EncryptionWithCmk != nil {
 				cmkEnforcement = strings.EqualFold(string(pointer.From(props.EncryptionWithCmk.Enforcement)), string(services.SearchEncryptionWithCmkEnabled))
+				d.Set("customer_managed_key_encryption_compliance_status", string(pointer.From(props.EncryptionWithCmk.EncryptionComplianceStatus)))
 			}
 
 			// I am using 'DisableLocalAuth' here because when you are in

diff --git a/internal/services/search/search_service_resource_test.go b/internal/services/search/search_service_resource_test.go
@@ -337,6 +337,7 @@ func TestAccSearchService_customerManagedKeyEnforcement(t *testing.T) {
 			Config: r.customerManagedKeyEnforcement(data, true),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("customer_managed_key_encryption_compliance_status").HasValue("Compliant"),
 			),
 		},
 		data.ImportStep(),

diff --git a/website/docs/d/search_service.html.markdown b/website/docs/d/search_service.html.markdown
@@ -38,6 +38,8 @@ In addition to the Arguments listed above - the following Attributes are exporte
 
 * `id` - The ID of the Search Service.
 
+* `customer_managed_key_encryption_compliance_status` - Describes whether the search service is compliant or not with respect to having non-customer encrypted resources. If a service has more than one non-customer encrypted resource and `Enforcement` is `enabled` then the service will be marked as `NonCompliant`. If all the resources are customer encrypted, then the service will be marked as `Compliant`.
+
 * `primary_key` - The Primary Key used for Search Service Administration.
 
 * `secondary_key` - The Secondary Key used for Search Service Administration.

diff --git a/website/docs/r/search_service.html.markdown b/website/docs/r/search_service.html.markdown
@@ -128,6 +128,8 @@ In addition to the Arguments listed above - the following Attributes are exporte
 
 * `id` - The ID of the Search Service.
 
+* `customer_managed_key_encryption_compliance_status` - Describes whether the search service is compliant or not with respect to having non-customer encrypted resources. If a service has more than one non-customer encrypted resource and `Enforcement` is `enabled` then the service will be marked as `NonCompliant`. If all the resources are customer encrypted, then the service will be marked as `Compliant`.
+
 * `primary_key` - The Primary Key used for Search Service Administration.
 
 * `query_keys` - A `query_keys` block as defined below.