Skip to content

Commit

Permalink
disk_encryption_set: Support managed HSMs (#26201)
Browse files Browse the repository at this point in the history 
* `disk_encryption_set`: Read for CMK

* `disk_encryption_set`: Create for CMK

* Extract helpers.DomainSuffixForManagedHSM

* Extract validateKeyVaultDetails

* Extract getManagedHsmKeyUrl

* `disk_encryption_set`: Update for CMK

* `disk_encryption_set`: data source

* `disk_encryption_set`: Documentation pass

* Remove purge protection check from create and update paths

See #20250 for motivation
  • Loading branch information
@Botje
Botje authored Jun 28, 2024
1 parent 0c70094 commit aa140a6
Show file tree
Hide file tree
Showing 5 changed files with 213 additions and 95 deletions.
13 changes: 12 additions & 1 deletion internal/services/compute/disk_encryption_set_data_source.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"github.com/hashicorp/go-azure-helpers/resourcemanager/location"
"github.com/hashicorp/go-azure-helpers/resourcemanager/tags"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
managedHsmHelpers "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/helpers"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
"github.com/hashicorp/terraform-provider-azurerm/internal/timeouts"
Expand Down Expand Up @@ -58,6 +59,7 @@ func dataSourceDiskEncryptionSet() *pluginsdk.Resource {

func dataSourceDiskEncryptionSetRead(d *pluginsdk.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).Compute.DiskEncryptionSetsClient
env := meta.(*clients.Client).Account.Environment
subscriptionId := meta.(*clients.Client).Account.SubscriptionId
ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
defer cancel()
Expand All @@ -84,7 +86,16 @@ func dataSourceDiskEncryptionSetRead(d *pluginsdk.ResourceData, meta interface{}
d.Set("auto_key_rotation_enabled", props.RotationToLatestKeyVersionEnabled)

if props.ActiveKey != nil && props.ActiveKey.KeyUrl != "" {
d.Set("key_vault_key_url", props.ActiveKey.KeyUrl)
keyVaultURI := props.ActiveKey.KeyUrl
isHSMURI, err, _, _ := managedHsmHelpers.IsManagedHSMURI(env, keyVaultURI)
if err != nil {
return fmt.Errorf("Parshing key vault URI: %+v", err)
}
if isHSMURI {
d.Set("managed_hsm_key_id", keyVaultURI)
} else {
d.Set("key_vault_key_url", keyVaultURI)
}
}
}

Expand Down
Loading

0 comments on commit aa140a6

Please sign in to comment.