Use CMK blocks rather than CMK resources in Terraform #4242
Conversation
Unit Test Results0 tests 0 ✅ 0s ⏱️ Results for commit b887b4a. ♻️ This comment has been updated with latest results. |
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/12572911353 (with refid (in response to this comment from @yuvalyaron) |
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/12573094999 (with refid (in response to this comment from @yuvalyaron) |
… based on cmk encryption flag
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/12573272383 (with refid (in response to this comment from @yuvalyaron) |
…s based on cmk encryption flag
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/12573293655 (with refid (in response to this comment from @yuvalyaron) |
|
/test-force-approve |
|
🤖 pr-bot 🤖 ✅ Marking tests as complete (for commit b887b4a) (in response to this comment from @tamirkamara) |
Resolves #4241
What is being addressed
Currently, CMKs are configured using separate Terraform resources, where the Azure resource is created first, and the CMK is added as a separate resource later.
This approach is problematic for tenants with policies requiring CMK to be enabled, as the resource is initially created without the CMK, resulting in a policy violation even if the CMK is added later.
This PR addresses the issue by using CMK blocks within the resources themselves, instead of defining them as separate resources.