diff --git a/internal/services/search/search_service_data_source.go b/internal/services/search/search_service_data_source.go index 8111ac0e912d..10c03458d66f 100644 --- a/internal/services/search/search_service_data_source.go +++ b/internal/services/search/search_service_data_source.go @@ -39,6 +39,11 @@ func dataSourceSearchService() *pluginsdk.Resource { "resource_group_name": commonschema.ResourceGroupNameForDataSource(), + "customer_managed_key_encryption_compliance_status": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "replica_count": { Type: pluginsdk.TypeInt, Computed: true, @@ -116,6 +121,10 @@ func dataSourceSearchServiceRead(d *pluginsdk.ResourceData, meta interface{}) er replicaCount := 1 publicNetworkAccess := true + if props.EncryptionWithCmk != nil { + d.Set("customer_managed_key_encryption_compliance_status", string(pointer.From(props.EncryptionWithCmk.EncryptionComplianceStatus))) + } + if count := props.PartitionCount; count != nil { partitionCount = int(*count) } diff --git a/internal/services/search/search_service_data_source_test.go b/internal/services/search/search_service_data_source_test.go index 8b6a90886d5f..a0353257ca01 100644 --- a/internal/services/search/search_service_data_source_test.go +++ b/internal/services/search/search_service_data_source_test.go @@ -21,6 +21,7 @@ func TestAccDataSourceSearchService_basic(t *testing.T) { { Config: r.basic(data), Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).Key("customer_managed_key_encryption_compliance_status").Exists(), check.That(data.ResourceName).Key("replica_count").Exists(), check.That(data.ResourceName).Key("partition_count").Exists(), check.That(data.ResourceName).Key("primary_key").Exists(), diff --git a/internal/services/search/search_service_resource.go b/internal/services/search/search_service_resource.go index 37a6a261f3d3..355a7c4d5d7e 100644 --- a/internal/services/search/search_service_resource.go +++ b/internal/services/search/search_service_resource.go @@ -125,6 +125,11 @@ func resourceSearchService() *pluginsdk.Resource { Default: false, }, + "customer_managed_key_encryption_compliance_status": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "primary_key": { Type: pluginsdk.TypeString, Computed: true, @@ -557,6 +562,7 @@ func resourceSearchServiceRead(d *pluginsdk.ResourceData, meta interface{}) erro if props.EncryptionWithCmk != nil { cmkEnforcement = strings.EqualFold(string(pointer.From(props.EncryptionWithCmk.Enforcement)), string(services.SearchEncryptionWithCmkEnabled)) + d.Set("customer_managed_key_encryption_compliance_status", string(pointer.From(props.EncryptionWithCmk.EncryptionComplianceStatus))) } // I am using 'DisableLocalAuth' here because when you are in diff --git a/internal/services/search/search_service_resource_test.go b/internal/services/search/search_service_resource_test.go index c63a93a7dd94..058fc5f3bfc5 100644 --- a/internal/services/search/search_service_resource_test.go +++ b/internal/services/search/search_service_resource_test.go @@ -337,6 +337,7 @@ func TestAccSearchService_customerManagedKeyEnforcement(t *testing.T) { Config: r.customerManagedKeyEnforcement(data, true), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("customer_managed_key_encryption_compliance_status").HasValue("Compliant"), ), }, data.ImportStep(), diff --git a/website/docs/d/search_service.html.markdown b/website/docs/d/search_service.html.markdown index d1e0a2b8eb37..795657833859 100644 --- a/website/docs/d/search_service.html.markdown +++ b/website/docs/d/search_service.html.markdown @@ -38,6 +38,8 @@ In addition to the Arguments listed above - the following Attributes are exporte * `id` - The ID of the Search Service. +* `customer_managed_key_encryption_compliance_status` - Describes whether the search service is compliant or not with respect to having non-customer encrypted resources. If a service has more than one non-customer encrypted resource and `Enforcement` is `enabled` then the service will be marked as `NonCompliant`. If all the resources are customer encrypted, then the service will be marked as `Compliant`. + * `primary_key` - The Primary Key used for Search Service Administration. * `secondary_key` - The Secondary Key used for Search Service Administration. diff --git a/website/docs/r/search_service.html.markdown b/website/docs/r/search_service.html.markdown index 3d39cdaefcb9..3cff1397cb1d 100644 --- a/website/docs/r/search_service.html.markdown +++ b/website/docs/r/search_service.html.markdown @@ -128,6 +128,8 @@ In addition to the Arguments listed above - the following Attributes are exporte * `id` - The ID of the Search Service. +* `customer_managed_key_encryption_compliance_status` - Describes whether the search service is compliant or not with respect to having non-customer encrypted resources. If a service has more than one non-customer encrypted resource and `Enforcement` is `enabled` then the service will be marked as `NonCompliant`. If all the resources are customer encrypted, then the service will be marked as `Compliant`. + * `primary_key` - The Primary Key used for Search Service Administration. * `query_keys` - A `query_keys` block as defined below.