@@ -530,23 +530,29 @@ func (r *ServiceResource) ModifyPlan(ctx context.Context, req resource.ModifyPla
530530
531531 var isEnabled , wantEnabled bool
532532 var isKey , wantKey string
533- if ! state .TransparentEncryptionData .IsNull () {
534- stateTDE := models.TransparentEncryptionData {}
535- state .TransparentEncryptionData .As (ctx , & stateTDE , basetypes.ObjectAsOptions {UnhandledNullAsEmpty : false , UnhandledUnknownAsEmpty : false })
536- isEnabled = stateTDE .Enabled .ValueBool ()
537- isKey = stateTDE .KeyID .ValueString ()
538- }
539-
540- if ! plan .TransparentEncryptionData .IsNull () && ! plan .TransparentEncryptionData .IsUnknown () {
541- planTDE := models.TransparentEncryptionData {}
542- plan .TransparentEncryptionData .As (ctx , & planTDE , basetypes.ObjectAsOptions {UnhandledNullAsEmpty : false , UnhandledUnknownAsEmpty : false })
543- wantEnabled = planTDE .Enabled .ValueBool ()
544- wantKey = planTDE .KeyID .ValueString ()
545- } else {
546- wantEnabled = false
547- wantKey = ""
533+ {
534+ if ! state .TransparentEncryptionData .IsNull () {
535+ stateTDE := models.TransparentEncryptionData {}
536+ state .TransparentEncryptionData .As (ctx , & stateTDE , basetypes.ObjectAsOptions {UnhandledNullAsEmpty : false , UnhandledUnknownAsEmpty : false })
537+ isEnabled = stateTDE .Enabled .ValueBool ()
538+ isKey = stateTDE .KeyID .ValueString ()
539+ } else {
540+ wantEnabled = false
541+ wantKey = ""
542+ }
543+
544+ if ! plan .TransparentEncryptionData .IsNull () && ! plan .TransparentEncryptionData .IsUnknown () {
545+ planTDE := models.TransparentEncryptionData {}
546+ plan .TransparentEncryptionData .As (ctx , & planTDE , basetypes.ObjectAsOptions {UnhandledNullAsEmpty : false , UnhandledUnknownAsEmpty : false })
547+ wantEnabled = planTDE .Enabled .ValueBool ()
548+ wantKey = planTDE .KeyID .ValueString ()
549+ } else {
550+ wantEnabled = false
551+ wantKey = ""
552+ }
548553 }
549554
555+ // Attempt to disable TDE.
550556 if isEnabled && ! wantEnabled {
551557 resp .Diagnostics .AddAttributeError (
552558 path .Root ("transparent_data_encryption.enabled" ),
@@ -555,6 +561,7 @@ func (r *ServiceResource) ModifyPlan(ctx context.Context, req resource.ModifyPla
555561 )
556562 }
557563
564+ // Attempt to enable TDE.
558565 if ! isEnabled && wantEnabled {
559566 resp .Diagnostics .AddAttributeError (
560567 path .Root ("transparent_data_encryption.enabled" ),
@@ -563,6 +570,7 @@ func (r *ServiceResource) ModifyPlan(ctx context.Context, req resource.ModifyPla
563570 )
564571 }
565572
573+ // Attempt to blank out key ID.
566574 if isKey != "" && wantKey == "" {
567575 resp .Diagnostics .AddAttributeError (
568576 path .Root ("transparent_data_encryption.key_id" ),
0 commit comments