Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r\azurerm_recovery_services_vault #13178 Support for customer-managed keys (CMK) for azurerm_recovery_services_vault #14718

Merged
merged 5 commits into from
Jan 12, 2022
Merged

r\azurerm_recovery_services_vault #13178 Support for customer-managed keys (CMK) for azurerm_recovery_services_vault #14718

merged 5 commits into from
Jan 12, 2022

Conversation

lonegunmanb
Copy link
Contributor

r\azurerm_recovery_services_vault #13178 Support for customer-managed keys (CMK) for azurerm_recovery_services_vault.

Please note that encryption cannot been removed after turned on, and encryption.infrastructure_encryption_state cannot been changed once has been set. Considering user could turn on encryption on existing recovery vault, and data in recovery vault might be extremely important, ForceNew is not an option so this patch added some runtime checks.

Though key from hsm is labeled as "Preview" on portal, I've tested that hsm key also works by creating hsm key via azure cli, but since we are lacking of hsm key resource, no acc test for this scenario.

Acc tests:

=== RUN TestAccRecoveryServicesVault_basic
=== PAUSE TestAccRecoveryServicesVault_basic
=== RUN TestAccRecoveryServicesVault_complete
=== PAUSE TestAccRecoveryServicesVault_complete
=== RUN TestAccRecoveryServicesVault_update
=== PAUSE TestAccRecoveryServicesVault_update
=== RUN TestAccRecoveryServicesVault_requiresImport
=== PAUSE TestAccRecoveryServicesVault_requiresImport
=== RUN TestAccRecoveryServicesVault_basicWithIdentity
=== PAUSE TestAccRecoveryServicesVault_basicWithIdentity
=== RUN TestAccRecoveryServicesVault_encryptionWithKeyVaultKey
=== PAUSE TestAccRecoveryServicesVault_encryptionWithKeyVaultKey
=== RUN TestAccRecoveryServicesVault_turnOnEncryptionWithKeyVaultKey
=== PAUSE TestAccRecoveryServicesVault_turnOnEncryptionWithKeyVaultKey
=== RUN TestAccRecoveryServicesVault_turnOffEncryptionWithKeyVaultKeyShouldHaveClearlyErrorMessage
=== PAUSE TestAccRecoveryServicesVault_turnOffEncryptionWithKeyVaultKeyShouldHaveClearlyErrorMessage
=== RUN TestAccRecoveryServicesVault_changeInfrastructureEncryptionStateShouldHaveClearlyErrorMessage
=== PAUSE TestAccRecoveryServicesVault_changeInfrastructureEncryptionStateShouldHaveClearlyErrorMessage
=== RUN TestAccRecoveryServicesVault_encryptionWithInfrastructureEncryption
=== PAUSE TestAccRecoveryServicesVault_encryptionWithInfrastructureEncryption
=== RUN TestAccRecoveryServicesVault_switchEncryptionKeyVaultKey
=== PAUSE TestAccRecoveryServicesVault_switchEncryptionKeyVaultKey
=== CONT TestAccRecoveryServicesVault_basic
=== CONT TestAccRecoveryServicesVault_turnOnEncryptionWithKeyVaultKey
=== CONT TestAccRecoveryServicesVault_basicWithIdentity
=== CONT TestAccRecoveryServicesVault_update
=== CONT TestAccRecoveryServicesVault_complete
=== CONT TestAccRecoveryServicesVault_encryptionWithInfrastructureEncryption
=== CONT TestAccRecoveryServicesVault_requiresImport
=== CONT TestAccRecoveryServicesVault_encryptionWithKeyVaultKey
--- PASS: TestAccRecoveryServicesVault_complete (225.65s)
=== CONT TestAccRecoveryServicesVault_changeInfrastructureEncryptionStateShouldHaveClearlyErrorMessage
--- PASS: TestAccRecoveryServicesVault_basicWithIdentity (233.41s)
=== CONT TestAccRecoveryServicesVault_switchEncryptionKeyVaultKey
--- PASS: TestAccRecoveryServicesVault_requiresImport (237.54s)

=== CONT TestAccRecoveryServicesVault_turnOffEncryptionWithKeyVaultKeyShouldHaveClearlyErrorMessage
--- PASS: TestAccRecoveryServicesVault_basic (243.88s)
--- PASS: TestAccRecoveryServicesVault_update (446.29s)
--- PASS: TestAccRecoveryServicesVault_encryptionWithKeyVaultKey (537.05s)
--- PASS: TestAccRecoveryServicesVault_encryptionWithInfrastructureEncryption (539.03s)

--- PASS: TestAccRecoveryServicesVault_turnOnEncryptionWithKeyVaultKey (692.59s)
--- PASS: TestAccRecoveryServicesVault_changeInfrastructureEncryptionStateShouldHaveClearlyErrorMessage (526.44s)
--- PASS: TestAccRecoveryServicesVault_turnOffEncryptionWithKeyVaultKeyShouldHaveClearlyErrorMessage (609.27s)
--- PASS: TestAccRecoveryServicesVault_switchEncryptionKeyVaultKey (742.61s)
PASS

Process finished with the exit code 0

@lonegunmanb
r\azurerm_recovery_services_vault hashicorp#13178 Support for custo…
fbce448 
…mer-managed keys (CMK) for azurerm_recovery_services_vault
katbyte
katbyte reviewed Dec 27, 2021
View reviewed changes
internal/services/recoveryservices/recovery_services_vault_resource.go Outdated
Required: true,
ValidateFunc: keyvaultValidate.NestedItemIdWithOptionalVersion,
},
"infrastructure_encryption_state": {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could we change this to a bool?

Suggested change
"infrastructure_encryption_state": {
"infrastructure_encryption_enabled": {

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Roger that @katbyte !

@katbyte
Copy link
Collaborator

katbyte commented Jan 2, 2022

Thanks @lonegunmanb - looks like we have a test failure now

<div class="rightBlock expandedDetails" style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; float: right; background-color: rgba(245, 245, 245, 0.81); border-left-width: 5px; border-left-style: solid; border-left-color: rgb(255, 255, 255); border-bottom-width: 5px; border-bottom-style: solid; border-bottom-color: rgb(255, 255, 255); caret-color: rgb(31, 35, 38); color: rgb(31, 35, 38); font-family: system-ui, -apple-system, BlinkMacSystemFont, &quot;Segoe UI&quot;, Roboto, Oxygen, Ubuntu, Cantarell, &quot;Droid Sans&quot;, &quot;Helvetica Neue&quot;, Arial, sans-serif; font-size: 13px;"><br class="Apple-interchange-newline"><div class="icon_before icon16 collapser collapser_expanded" title="Click to hide the details block" style="float: right; height: 2em; padding: 5px; cursor: pointer;"></div><div class="relatedBuildsWrapper" style="border-right-width: 3px; border-right-style: solid; border-right-color: white; float: right;">

  | First failure: |   | #514 | Changes (5) | 28 Dec 21 17:57
-- | -- | -- | -- | -- | --


<div id="div_iaa_17c31fc7bf9"></div></div></div><span style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; caret-color: rgb(31, 35, 38); color: rgb(31, 35, 38); font-family: system-ui, -apple-system, BlinkMacSystemFont, &quot;Segoe UI&quot;, Roboto, Oxygen, Ubuntu, Cantarell, &quot;Droid Sans&quot;, &quot;Helvetica Neue&quot;, Arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); float: none; display: inline !important;"></span><span style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; caret-color: rgb(31, 35, 38); color: rgb(31, 35, 38); font-family: system-ui, -apple-system, BlinkMacSystemFont, &quot;Segoe UI&quot;, Roboto, Oxygen, Ubuntu, Cantarell, &quot;Droid Sans&quot;, &quot;Helvetica Neue&quot;, Arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); float: none; display: inline !important;"></span><div class="testMetadata" id="testMetadata_tdi_17c31fc7bf7" style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; caret-color: rgb(31, 35, 38); color: rgb(31, 35, 38); font-family: system-ui, -apple-system, BlinkMacSystemFont, &quot;Segoe UI&quot;, Roboto, Oxygen, Ubuntu, Cantarell, &quot;Droid Sans&quot;, &quot;Helvetica Neue&quot;, Arial, sans-serif; font-size: 13px;"></div><pre class="fullStacktrace" id="fullStacktrace_237194_2997311079393941221" style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; font-stretch: normal; font-size: 12px; line-height: 1.2em; font-family: Menlo, &quot;Bitstream Vera Sans Mono&quot;, &quot;Ubuntu Mono&quot;, Consolas, &quot;Courier New&quot;, Courier, monospace; padding: 3px 3px 0px; color: darkred; margin-top: 0.5em; margin-bottom: 0.5em; white-space: pre-wrap; overflow-wrap: break-word;">------- Stdout: -------
=== RUN   TestAccRecoveryServicesVault_changeInfrastructureEncryptionStateShouldHaveClearlyErrorMessage
=== PAUSE TestAccRecoveryServicesVault_changeInfrastructureEncryptionStateShouldHaveClearlyErrorMessage
=== CONT  TestAccRecoveryServicesVault_changeInfrastructureEncryptionStateShouldHaveClearlyErrorMessage
    testcase.go:110: Step 3/3, expected an error with pattern, no match on: Error running apply: exit status 1
        
        Error: once `infrastructure_encryption_enabled` has been set it's not possible to change it
        
          with azurerm_recovery_services_vault.test,
          on terraform_plugin_test.tf line 15, in resource "azurerm_recovery_services_vault" "test":
          15: resource "azurerm_recovery_services_vault" "test" {
        
--- FAIL: TestAccRecoveryServicesVault_changeInfrastructureEncryptionStateShouldHaveClearlyErrorMessage (541.52s)
FAIL</pre>

@lonegunmanb
Copy link
Contributor Author

Hi @katbyte , sorry for that, I'll fix this issue asap.

@lonegunmanb
Copy link
Contributor Author

Hi @katbyte , I think the acc tests should be ok this time, sorry for the failure.

=== RUN TestAccRecoveryServicesVault_basic
=== PAUSE TestAccRecoveryServicesVault_basic
=== CONT TestAccRecoveryServicesVault_basic
--- PASS: TestAccRecoveryServicesVault_basic (300.91s)
=== RUN TestAccRecoveryServicesVault_complete
=== PAUSE TestAccRecoveryServicesVault_complete
=== CONT TestAccRecoveryServicesVault_complete
--- PASS: TestAccRecoveryServicesVault_complete (305.12s)
=== RUN TestAccRecoveryServicesVault_update
=== PAUSE TestAccRecoveryServicesVault_update
=== CONT TestAccRecoveryServicesVault_update

--- PASS: TestAccRecoveryServicesVault_update (716.65s)
=== RUN TestAccRecoveryServicesVault_requiresImport
=== PAUSE TestAccRecoveryServicesVault_requiresImport

=== CONT TestAccRecoveryServicesVault_requiresImport
--- PASS: TestAccRecoveryServicesVault_requiresImport (218.65s)
=== RUN TestAccRecoveryServicesVault_basicWithIdentity
=== PAUSE TestAccRecoveryServicesVault_basicWithIdentity
=== CONT TestAccRecoveryServicesVault_basicWithIdentity
--- PASS: TestAccRecoveryServicesVault_basicWithIdentity (187.41s)
=== RUN TestAccRecoveryServicesVault_encryptionWithKeyVaultKey
=== PAUSE TestAccRecoveryServicesVault_encryptionWithKeyVaultKey
=== CONT TestAccRecoveryServicesVault_encryptionWithKeyVaultKey
--- PASS: TestAccRecoveryServicesVault_encryptionWithKeyVaultKey (472.50s)
=== RUN TestAccRecoveryServicesVault_turnOnEncryptionWithKeyVaultKey
=== PAUSE TestAccRecoveryServicesVault_turnOnEncryptionWithKeyVaultKey
=== CONT TestAccRecoveryServicesVault_turnOnEncryptionWithKeyVaultKey
--- PASS: TestAccRecoveryServicesVault_turnOnEncryptionWithKeyVaultKey (580.50s)
=== RUN TestAccRecoveryServicesVault_turnOffEncryptionWithKeyVaultKeyShouldHaveClearlyErrorMessage
=== PAUSE TestAccRecoveryServicesVault_turnOffEncryptionWithKeyVaultKeyShouldHaveClearlyErrorMessage
=== CONT TestAccRecoveryServicesVault_turnOffEncryptionWithKeyVaultKeyShouldHaveClearlyErrorMessage
--- PASS: TestAccRecoveryServicesVault_turnOffEncryptionWithKeyVaultKeyShouldHaveClearlyErrorMessage (605.17s)
=== RUN TestAccRecoveryServicesVault_changeInfrastructureEncryptionEnabledShouldHaveClearlyErrorMessage
=== PAUSE TestAccRecoveryServicesVault_changeInfrastructureEncryptionEnabledShouldHaveClearlyErrorMessage
=== CONT TestAccRecoveryServicesVault_changeInfrastructureEncryptionEnabledShouldHaveClearlyErrorMessage
--- PASS: TestAccRecoveryServicesVault_changeInfrastructureEncryptionEnabledShouldHaveClearlyErrorMessage (632.78s)
=== RUN TestAccRecoveryServicesVault_encryptionWithInfrastructureEncryption
=== PAUSE TestAccRecoveryServicesVault_encryptionWithInfrastructureEncryption
=== CONT TestAccRecoveryServicesVault_encryptionWithInfrastructureEncryption
--- PASS: TestAccRecoveryServicesVault_encryptionWithInfrastructureEncryption (560.11s)
=== RUN TestAccRecoveryServicesVault_switchEncryptionKeyVaultKey
=== PAUSE TestAccRecoveryServicesVault_switchEncryptionKeyVaultKey
=== CONT TestAccRecoveryServicesVault_switchEncryptionKeyVaultKey
--- PASS: TestAccRecoveryServicesVault_switchEncryptionKeyVaultKey (751.55s)
PASS

Process finished with the exit code 0

katbyte
katbyte approved these changes Jan 12, 2022
View reviewed changes
Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @lonegunmanb - LGTM now! 🏗️

@katbyte katbyte merged commit 222709f into hashicorp:main Jan 12, 2022
@github-actions github-actions bot added this to the v2.92.0 milestone Jan 12, 2022
katbyte added a commit that referenced this pull request Jan 12, 2022
@katbyte
CHANGELOG.md for #14718
b494bc4
@github-actions
Copy link

This functionality has been released in v2.92.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@katbyte katbyte katbyte approved these changes

Assignees
No one assigned
Labels
dependencies documentation service/recovery-services size/XL
Projects
None yet
Milestone
v2.92.0
Development

Successfully merging this pull request may close these issues.
2 participants
@lonegunmanb @katbyte