hashicorp · stephybun · Nov 25, 2024 · Sep 24, 2024 · Nov 25, 2024 · Nov 25, 2024
@@ -39,6 +39,11 @@ func dataSourceSearchService() *pluginsdk.Resource {
 
 			"resource_group_name": commonschema.ResourceGroupNameForDataSource(),
 
+			"customer_managed_key_encryption_compliance_status": {
+				Type:     pluginsdk.TypeString,
+				Computed: true,
+			},
+
 			"replica_count": {
 				Type:     pluginsdk.TypeInt,
 				Computed: true,
@@ -116,6 +121,10 @@ func dataSourceSearchServiceRead(d *pluginsdk.ResourceData, meta interface{}) er
 			replicaCount := 1
 			publicNetworkAccess := true
 
+			if props.EncryptionWithCmk != nil {
+				d.Set("customer_managed_key_encryption_compliance_status", string(pointer.From(props.EncryptionWithCmk.EncryptionComplianceStatus)))
+			}
+
 			if count := props.PartitionCount; count != nil {
 				partitionCount = int(*count)
 			}

@@ -21,6 +21,7 @@ func TestAccDataSourceSearchService_basic(t *testing.T) {
 		{
 			Config: r.basic(data),
 			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("customer_managed_key_encryption_compliance_status").Exists(),
 				check.That(data.ResourceName).Key("replica_count").Exists(),
 				check.That(data.ResourceName).Key("partition_count").Exists(),
 				check.That(data.ResourceName).Key("primary_key").Exists(),

@@ -125,6 +125,11 @@ func resourceSearchService() *pluginsdk.Resource {
 				Default:  false,
 			},
 
+			"customer_managed_key_encryption_compliance_status": {
+				Type:     pluginsdk.TypeString,
+				Computed: true,
+			},
+
 			"primary_key": {
 				Type:      pluginsdk.TypeString,
 				Computed:  true,
@@ -557,6 +562,7 @@ func resourceSearchServiceRead(d *pluginsdk.ResourceData, meta interface{}) erro
 
 			if props.EncryptionWithCmk != nil {
 				cmkEnforcement = strings.EqualFold(string(pointer.From(props.EncryptionWithCmk.Enforcement)), string(services.SearchEncryptionWithCmkEnabled))
+				d.Set("customer_managed_key_encryption_compliance_status", string(pointer.From(props.EncryptionWithCmk.EncryptionComplianceStatus)))
 			}
 
 			// I am using 'DisableLocalAuth' here because when you are in

@@ -337,6 +337,7 @@ func TestAccSearchService_customerManagedKeyEnforcement(t *testing.T) {
 			Config: r.customerManagedKeyEnforcement(data, true),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("customer_managed_key_encryption_compliance_status").HasValue("Compliant"),
 			),
 		},
 		data.ImportStep(),

@@ -38,6 +38,8 @@ In addition to the Arguments listed above - the following Attributes are exporte
 
 * `id` - The ID of the Search Service.
 
+* `customer_managed_key_encryption_compliance_status` - Describes whether the search service is compliant or not with respect to having non-customer encrypted resources. If a service has more than one non-customer encrypted resource and `Enforcement` is `enabled` then the service will be marked as `NonCompliant`. If all the resources are customer encrypted, then the service will be marked as `Compliant`.
+
 * `primary_key` - The Primary Key used for Search Service Administration.
 
 * `secondary_key` - The Secondary Key used for Search Service Administration.

@@ -128,6 +128,8 @@ In addition to the Arguments listed above - the following Attributes are exporte
 
 * `id` - The ID of the Search Service.
 
+* `customer_managed_key_encryption_compliance_status` - Describes whether the search service is compliant or not with respect to having non-customer encrypted resources. If a service has more than one non-customer encrypted resource and `Enforcement` is `enabled` then the service will be marked as `NonCompliant`. If all the resources are customer encrypted, then the service will be marked as `Compliant`.
+
 * `primary_key` - The Primary Key used for Search Service Administration.
 
 * `query_keys` - A `query_keys` block as defined below.