add test for disk_encryption_set_id modification, update docs

hashicorp · Mar 21, 2020 · 3be60e5 · 3be60e5
1 parent 2bdf3c9
commit 3be60e5
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 5 deletions.
diff --git a/azurerm/internal/services/compute/tests/resource_arm_managed_disk_test.go b/azurerm/internal/services/compute/tests/resource_arm_managed_disk_test.go
@@ -324,7 +324,41 @@ func TestAccAzureRMManagedDisk_diskEncryptionSet(t *testing.T) {
 				),
 			},
 			{
-				Config: testAccAzureRMManagedDisk_diskEncryptionSet(data),
+				Config: testAccAzureRMManagedDisk_diskEncryptionSet(data, true),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
+func TestAccAzureRMManagedDisk_diskEncryptionSet_update(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_managed_disk", "test")
+	var d compute.Disk
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMManagedDiskDestroy,
+		Steps: []resource.TestStep{
+			{
+				// TODO: After applying soft-delete and purge-protection in keyVault, this extra step can be removed.
+				Config: testAccAzureRMManagedDisk_diskEncryptionSetDependencies(data),
+				Check: resource.ComposeTestCheckFunc(
+					enableSoftDeleteAndPurgeProtectionForKeyVault("azurerm_key_vault.test"),
+				),
+			},
+			{
+				Config: testAccAzureRMManagedDisk_diskEncryptionSet(data, false),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true),
+				),
+			},
+			data.ImportStep(),
+			{
+				Config: testAccAzureRMManagedDisk_diskEncryptionSet(data, true),
 				Check: resource.ComposeTestCheckFunc(
 					testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true),
 				),
@@ -947,8 +981,13 @@ resource "azurerm_key_vault_key" "test" {
 `, data.RandomInteger, location, data.RandomString)
 }
 
-func testAccAzureRMManagedDisk_diskEncryptionSet(data acceptance.TestData) string {
+func testAccAzureRMManagedDisk_diskEncryptionSet(data acceptance.TestData, complete bool) string {
 	template := testAccAzureRMManagedDisk_diskEncryptionSetDependencies(data)
+	diskEncryptionSetLine := ""
+	if complete {
+		diskEncryptionSetLine = "disk_encryption_set_id = azurerm_disk_encryption_set.test.id"
+	}
+
 	return fmt.Sprintf(`
 %s
 
@@ -989,14 +1028,14 @@ resource "azurerm_managed_disk" "test" {
   storage_account_type   = "Standard_LRS"
   create_option          = "Empty"
   disk_size_gb           = 1
-  disk_encryption_set_id = azurerm_disk_encryption_set.test.id
+  %s
 
   depends_on = [
     "azurerm_role_assignment.disk-encryption-read-keyvault",
     "azurerm_key_vault_access_policy.disk-encryption",
   ]
 }
-`, template, data.RandomInteger, data.RandomInteger)
+`, template, data.RandomInteger, data.RandomInteger, diskEncryptionSetLine)
 }
 
 func testAccAzureRMManagedDisk_managedDiskAttached(data acceptance.TestData, diskSize int) string {

diff --git a/website/docs/r/managed_disk.html.markdown b/website/docs/r/managed_disk.html.markdown
@@ -91,7 +91,7 @@ The following arguments are supported:
 
 ---
 
-* `disk_encryption_set_id` - (Optional) The ID of a Disk Encryption Set which should be used to encrypt this Managed Disk. Changing this forces a new resource to be created.
+* `disk_encryption_set_id` - (Optional) The ID of a Disk Encryption Set which should be used to encrypt this Managed Disk.
 
 -> **NOTE:** The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault