From ab3702b3f90680b721e28370faeb3b1ec6405c6b Mon Sep 17 00:00:00 2001 From: "Yun Liu (from Dev Box)" Date: Tue, 24 Sep 2024 15:43:12 +0800 Subject: [PATCH 1/4] add attribute `customer_managed_key_encryption_compliance_status` in search_service --- internal/services/search/search_service_data_source.go | 9 +++++++++ .../services/search/search_service_data_source_test.go | 1 + internal/services/search/search_service_resource.go | 8 ++++++++ internal/services/search/search_service_resource_test.go | 1 + website/docs/d/search_service.html.markdown | 2 ++ website/docs/r/search_service.html.markdown | 2 ++ 6 files changed, 23 insertions(+) diff --git a/internal/services/search/search_service_data_source.go b/internal/services/search/search_service_data_source.go index 8111ac0e912d..f306523e1ec2 100644 --- a/internal/services/search/search_service_data_source.go +++ b/internal/services/search/search_service_data_source.go @@ -39,6 +39,11 @@ func dataSourceSearchService() *pluginsdk.Resource { "resource_group_name": commonschema.ResourceGroupNameForDataSource(), + "customer_managed_key_encryption_compliance_status": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "replica_count": { Type: pluginsdk.TypeInt, Computed: true, @@ -116,6 +121,10 @@ func dataSourceSearchServiceRead(d *pluginsdk.ResourceData, meta interface{}) er replicaCount := 1 publicNetworkAccess := true + if props.EncryptionWithCmk != nil && props.EncryptionWithCmk.EncryptionComplianceStatus != nil { + d.Set("customer_managed_key_encryption_compliance_status", string(pointer.From(props.EncryptionWithCmk.EncryptionComplianceStatus))) + } + if count := props.PartitionCount; count != nil { partitionCount = int(*count) } diff --git a/internal/services/search/search_service_data_source_test.go b/internal/services/search/search_service_data_source_test.go index 8b6a90886d5f..a0353257ca01 100644 --- a/internal/services/search/search_service_data_source_test.go +++ b/internal/services/search/search_service_data_source_test.go @@ -21,6 +21,7 @@ func TestAccDataSourceSearchService_basic(t *testing.T) { { Config: r.basic(data), Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).Key("customer_managed_key_encryption_compliance_status").Exists(), check.That(data.ResourceName).Key("replica_count").Exists(), check.That(data.ResourceName).Key("partition_count").Exists(), check.That(data.ResourceName).Key("primary_key").Exists(), diff --git a/internal/services/search/search_service_resource.go b/internal/services/search/search_service_resource.go index 37a6a261f3d3..5e28d4bf5c2f 100644 --- a/internal/services/search/search_service_resource.go +++ b/internal/services/search/search_service_resource.go @@ -125,6 +125,11 @@ func resourceSearchService() *pluginsdk.Resource { Default: false, }, + "customer_managed_key_encryption_compliance_status": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "primary_key": { Type: pluginsdk.TypeString, Computed: true, @@ -557,6 +562,9 @@ func resourceSearchServiceRead(d *pluginsdk.ResourceData, meta interface{}) erro if props.EncryptionWithCmk != nil { cmkEnforcement = strings.EqualFold(string(pointer.From(props.EncryptionWithCmk.Enforcement)), string(services.SearchEncryptionWithCmkEnabled)) + if props.EncryptionWithCmk.EncryptionComplianceStatus != nil { + d.Set("customer_managed_key_encryption_compliance_status", string(pointer.From(props.EncryptionWithCmk.EncryptionComplianceStatus))) + } } // I am using 'DisableLocalAuth' here because when you are in diff --git a/internal/services/search/search_service_resource_test.go b/internal/services/search/search_service_resource_test.go index c63a93a7dd94..058fc5f3bfc5 100644 --- a/internal/services/search/search_service_resource_test.go +++ b/internal/services/search/search_service_resource_test.go @@ -337,6 +337,7 @@ func TestAccSearchService_customerManagedKeyEnforcement(t *testing.T) { Config: r.customerManagedKeyEnforcement(data, true), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("customer_managed_key_encryption_compliance_status").HasValue("Compliant"), ), }, data.ImportStep(), diff --git a/website/docs/d/search_service.html.markdown b/website/docs/d/search_service.html.markdown index d1e0a2b8eb37..9cb2e29c4a3a 100644 --- a/website/docs/d/search_service.html.markdown +++ b/website/docs/d/search_service.html.markdown @@ -38,6 +38,8 @@ In addition to the Arguments listed above - the following Attributes are exporte * `id` - The ID of the Search Service. +* `customer_managed_key_encryption_compliance_status` - Describes whether the search service is compliant or not with respect to having non-customer-encrypted resources. If a service has more than one non-customer-encrypted resource and 'Enforcement' is 'enabled' then the service will be marked as 'NonCompliant'. If all the resources are customer-encrypted, then the service will be marked as 'Compliant'. + * `primary_key` - The Primary Key used for Search Service Administration. * `secondary_key` - The Secondary Key used for Search Service Administration. diff --git a/website/docs/r/search_service.html.markdown b/website/docs/r/search_service.html.markdown index 3d39cdaefcb9..024d49b074a2 100644 --- a/website/docs/r/search_service.html.markdown +++ b/website/docs/r/search_service.html.markdown @@ -128,6 +128,8 @@ In addition to the Arguments listed above - the following Attributes are exporte * `id` - The ID of the Search Service. +* `customer_managed_key_encryption_compliance_status` - Describes whether the search service is compliant or not with respect to having non-customer-encrypted resources. If a service has more than one non-customer-encrypted resource and 'Enforcement' is 'enabled' then the service will be marked as 'NonCompliant'. If all the resources are customer-encrypted, then the service will be marked as 'Compliant'. + * `primary_key` - The Primary Key used for Search Service Administration. * `query_keys` - A `query_keys` block as defined below. From 8510974d3702a07d7b88d2183c73d48870077a1c Mon Sep 17 00:00:00 2001 From: Yun Liu Date: Mon, 25 Nov 2024 09:15:24 +0800 Subject: [PATCH 2/4] Update internal/services/search/search_service_data_source.go Co-authored-by: stephybun --- internal/services/search/search_service_data_source.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/services/search/search_service_data_source.go b/internal/services/search/search_service_data_source.go index f306523e1ec2..b645b0493db3 100644 --- a/internal/services/search/search_service_data_source.go +++ b/internal/services/search/search_service_data_source.go @@ -121,7 +121,7 @@ func dataSourceSearchServiceRead(d *pluginsdk.ResourceData, meta interface{}) er replicaCount := 1 publicNetworkAccess := true - if props.EncryptionWithCmk != nil && props.EncryptionWithCmk.EncryptionComplianceStatus != nil { + if props.EncryptionWithCmk != nil && props.EncryptionWithCmk { d.Set("customer_managed_key_encryption_compliance_status", string(pointer.From(props.EncryptionWithCmk.EncryptionComplianceStatus))) } From b8624855060f695b979a9467b7e07020abb3b69d Mon Sep 17 00:00:00 2001 From: Yun Liu Date: Mon, 25 Nov 2024 09:15:58 +0800 Subject: [PATCH 3/4] Apply suggestions from code review Co-authored-by: stephybun --- internal/services/search/search_service_resource.go | 4 +--- website/docs/d/search_service.html.markdown | 2 +- website/docs/r/search_service.html.markdown | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/internal/services/search/search_service_resource.go b/internal/services/search/search_service_resource.go index 5e28d4bf5c2f..355a7c4d5d7e 100644 --- a/internal/services/search/search_service_resource.go +++ b/internal/services/search/search_service_resource.go @@ -562,9 +562,7 @@ func resourceSearchServiceRead(d *pluginsdk.ResourceData, meta interface{}) erro if props.EncryptionWithCmk != nil { cmkEnforcement = strings.EqualFold(string(pointer.From(props.EncryptionWithCmk.Enforcement)), string(services.SearchEncryptionWithCmkEnabled)) - if props.EncryptionWithCmk.EncryptionComplianceStatus != nil { - d.Set("customer_managed_key_encryption_compliance_status", string(pointer.From(props.EncryptionWithCmk.EncryptionComplianceStatus))) - } + d.Set("customer_managed_key_encryption_compliance_status", string(pointer.From(props.EncryptionWithCmk.EncryptionComplianceStatus))) } // I am using 'DisableLocalAuth' here because when you are in diff --git a/website/docs/d/search_service.html.markdown b/website/docs/d/search_service.html.markdown index 9cb2e29c4a3a..795657833859 100644 --- a/website/docs/d/search_service.html.markdown +++ b/website/docs/d/search_service.html.markdown @@ -38,7 +38,7 @@ In addition to the Arguments listed above - the following Attributes are exporte * `id` - The ID of the Search Service. -* `customer_managed_key_encryption_compliance_status` - Describes whether the search service is compliant or not with respect to having non-customer-encrypted resources. If a service has more than one non-customer-encrypted resource and 'Enforcement' is 'enabled' then the service will be marked as 'NonCompliant'. If all the resources are customer-encrypted, then the service will be marked as 'Compliant'. +* `customer_managed_key_encryption_compliance_status` - Describes whether the search service is compliant or not with respect to having non-customer encrypted resources. If a service has more than one non-customer encrypted resource and `Enforcement` is `enabled` then the service will be marked as `NonCompliant`. If all the resources are customer encrypted, then the service will be marked as `Compliant`. * `primary_key` - The Primary Key used for Search Service Administration. diff --git a/website/docs/r/search_service.html.markdown b/website/docs/r/search_service.html.markdown index 024d49b074a2..3cff1397cb1d 100644 --- a/website/docs/r/search_service.html.markdown +++ b/website/docs/r/search_service.html.markdown @@ -128,7 +128,7 @@ In addition to the Arguments listed above - the following Attributes are exporte * `id` - The ID of the Search Service. -* `customer_managed_key_encryption_compliance_status` - Describes whether the search service is compliant or not with respect to having non-customer-encrypted resources. If a service has more than one non-customer-encrypted resource and 'Enforcement' is 'enabled' then the service will be marked as 'NonCompliant'. If all the resources are customer-encrypted, then the service will be marked as 'Compliant'. +* `customer_managed_key_encryption_compliance_status` - Describes whether the search service is compliant or not with respect to having non-customer encrypted resources. If a service has more than one non-customer encrypted resource and `Enforcement` is `enabled` then the service will be marked as `NonCompliant`. If all the resources are customer encrypted, then the service will be marked as `Compliant`. * `primary_key` - The Primary Key used for Search Service Administration. From a8eb44925c471423ed75ea42f9dd802931cbc251 Mon Sep 17 00:00:00 2001 From: "Yun Liu (from Dev Box)" Date: Mon, 25 Nov 2024 15:51:35 +0800 Subject: [PATCH 4/4] Fix compile error in data source `azurerm_search_service` --- internal/services/search/search_service_data_source.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/services/search/search_service_data_source.go b/internal/services/search/search_service_data_source.go index b645b0493db3..10c03458d66f 100644 --- a/internal/services/search/search_service_data_source.go +++ b/internal/services/search/search_service_data_source.go @@ -121,7 +121,7 @@ func dataSourceSearchServiceRead(d *pluginsdk.ResourceData, meta interface{}) er replicaCount := 1 publicNetworkAccess := true - if props.EncryptionWithCmk != nil && props.EncryptionWithCmk { + if props.EncryptionWithCmk != nil { d.Set("customer_managed_key_encryption_compliance_status", string(pointer.From(props.EncryptionWithCmk.EncryptionComplianceStatus))) }