Add new resource & data source: azurerm_disk_encryption_set

[ArcturusZhang]

This is part of update of the SSE-CMK feature, adding a new resource and a data source: azurerm_disk_encryption_set.

This feature requires Keyvault to enable enable_soft_delete and enable_purge_protection, which are both not implemented in terraform. And the creation of azurerm_disk_encryption_set depends on those two switches, otherwise the service will return errors complaining about this.
Therefore I did some workaround in the test of azurerm_disk_encryption_set. I will change the workaround back when these two features are implemented in azurerm_key_vault.

Currently the fields that could accept user input in a DiskEncryptionSet is all required, therefore I do not put a complete test, since all the fields are covered in the basic test.

[tombuildsstuff]

hi @ArcturusZhang

Thanks for this PR - I've taken a look through and left some comments inline but this is off to a good start - if we can fix those up then we should be able to run the acceptance tests and take another look :)

Thanks!

[tombuildsstuff]

we need to ensure that identity is set in all circumstances, so we can move this check inside the flatten function

[tombuildsstuff]

can we make the phrasing consistent with other resources:

Suggested change

	-> **NOTE:** The DiskEncryptionSet service is currently in public preview and are only available in a limited set of regions.
	-> **NOTE:** Disk Encryption Sets are currently in Public Preview and are only available in a limited set of regions.

how do users opt-into this?

[ArcturusZhang]

Let me ask the service team and then fill this information in.

[tombuildsstuff]

since this requires that the Key Vault is configured in a particular way - can we also document that here:

-> **NOTE:** At this time the Key Vault used to store the Active Key for this Disk Encryption Set must have both Soft Delete & Purge Protection enabled - which are not yet supported by Terraform - instead you can configure this using [a provisioner](https://www.terraform.io/docs/provisioners/local-exec.html) or [the `azurerm_template_deployment` resource](https://www.terraform.io/docs/providers/azurerm/r/template_deployment.html).

[ArcturusZhang]

Added. And do you think we should add the provisioner command in the example?

[tombuildsstuff]

👍 - no this isn't something we'd recommend doing until it's natively supported (but that's blocked on the API issue mentioned above)

[tombuildsstuff]

hi @ArcturusZhang

Thanks for this PR - I've taken a look through and left some comments inline but this is off to a good start - if we can fix those up then we should be able to run the acceptance tests and take another look :)

Thanks!

[tombuildsstuff]

Sorry for the double review - Github bug 🙃

[ArcturusZhang]

Hi @tombuildsstuff I have resolved some comments, and left some replies. Please have a look.
Additionally, I cannot pass the acctest on my side now. It works well when I am submitting this PR.
It reports:

=== RUN   TestAccAzureRMDiskEncryptionSet_basic
=== PAUSE TestAccAzureRMDiskEncryptionSet_basic
=== CONT  TestAccAzureRMDiskEncryptionSet_basic
--- FAIL: TestAccAzureRMDiskEncryptionSet_basic (0.07s)
    testing.go:569: Step 0 error: Error initializing context: 2 problems:

        - Could not satisfy plugin requirements:
        Plugin reinitialization required. Please run "terraform init".

        Plugins are external binaries that Terraform uses to access and manipulate
        resources. The configuration provided requires plugins which can't be located,
        don't satisfy the version constraints, or are otherwise incompatible.

        Terraform automatically discovers provider requirements from your
        configuration, including providers used in child modules. To see the
        requirements and constraints from each module, run "terraform providers".

        - provider "azurerm" is not available

Could you please help me on this? What is possibly causing this error? Or is there some kinds of caches terraform are using during the acctest?

[ArcturusZhang]

Hi @tombuildsstuff I have fixed the acc-tests:

=== RUN   TestAccAzureRMDiskEncryptionSet_basic
=== PAUSE TestAccAzureRMDiskEncryptionSet_basic
=== CONT  TestAccAzureRMDiskEncryptionSet_basic
--- PASS: TestAccAzureRMDiskEncryptionSet_basic (367.77s)
PASS
=== RUN   TestAccDataSourceAzureRMDiskEncryptionSet_basic
=== PAUSE TestAccDataSourceAzureRMDiskEncryptionSet_basic
=== CONT  TestAccDataSourceAzureRMDiskEncryptionSet_basic
--- PASS: TestAccDataSourceAzureRMDiskEncryptionSet_basic (428.47s)
PASS

[tombuildsstuff]

@ArcturusZhang hope you don't mind but I've rebased this on top of master to fix the merge conflicts

[ArcturusZhang]

@ArcturusZhang hope you don't mind but I've rebased this on top of master to fix the merge conflicts

Sure, thanks.
But the CI is failing on website-lint, how do I fix this? Because i did not really catch any useful information on the log

[ArcturusZhang]

Hi @tombuildsstuff I should have fixed the CI failure, please have a look 🚀

[tombuildsstuff]

hey @ArcturusZhang

Thanks for pushing those changes - I've taken a look through and left some extra comments inline here. Since this is a Preview feature I've taken a closer look at this and noticed that the API Documentation is incorrect for the identity field - insofar as this is Required rather than Optional.

As such I hope you don't mind but so that we can get this merged I'm going to push a couple of commits to resolve these comments (and also hard-code the test location for the moment to work around the limited regions supported by the Preview).

Thanks!

[tombuildsstuff]

minor to match everything else can we use props here

[tombuildsstuff]

Tests pass:

[ArcturusZhang]

Thanks @tombuildsstuff !

[ghost]

This has been released in version 1.41.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 1.41.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!