Skip to content

New Resource: alicloud_ecs_disk_encryption_by_default #9670

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
xuzhang3 merged 1 commit into from
Apr 22, 2026
Merged

New Resource: alicloud_ecs_disk_encryption_by_default #9670

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions alicloud/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -916,6 +916,7 @@ func Provider() terraform.ResourceProvider {
"alicloud_vpc_ipam_ipams": dataSourceAliCloudVpcIpamIpams(),
},
ResourcesMap: map[string]*schema.Resource{
"alicloud_ecs_disk_encryption_by_default": resourceAliCloudEcsDiskEncryptionByDefault(),
"alicloud_cms_workspace": resourceAliCloudCmsWorkspace(),
"alicloud_cloud_firewall_vpc_firewall_control_policy_order": resourceAliCloudCloudFirewallVpcFirewallControlPolicyOrder(),
"alicloud_cloud_firewall_nat_firewall_control_policy_order": resourceAliCloudCloudFirewallNatFirewallControlPolicyOrder(),
Expand Down
197 changes: 197 additions & 0 deletions alicloud/resource_alicloud_ecs_disk_encryption_by_default.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,197 @@
package alicloud

import (
"fmt"
"log"
"time"

"github.com/PaesslerAG/jsonpath"
"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
)

func resourceAliCloudEcsDiskEncryptionByDefault() *schema.Resource {
return &schema.Resource{
Create: resourceAliCloudEcsDiskEncryptionByDefaultCreate,
Read: resourceAliCloudEcsDiskEncryptionByDefaultRead,
Update: resourceAliCloudEcsDiskEncryptionByDefaultUpdate,
Delete: resourceAliCloudEcsDiskEncryptionByDefaultDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(5 * time.Minute),
Update: schema.DefaultTimeout(5 * time.Minute),
Delete: schema.DefaultTimeout(5 * time.Minute),
},
Schema: map[string]*schema.Schema{
"encrypted": {
Type: schema.TypeBool,
Optional: true,
},
},
}
}

func resourceAliCloudEcsDiskEncryptionByDefaultCreate(d *schema.ResourceData, meta interface{}) error {

client := meta.(*connectivity.AliyunClient)

var request map[string]interface{}
var response map[string]interface{}
query := make(map[string]interface{})
var err error
request = make(map[string]interface{})
request["RegionId"] = client.RegionId

isEncrypted := false
if v, ok := d.GetOkExists("encrypted"); ok {
isEncrypted = v.(bool)

if isEncrypted {
action := "EnableDiskEncryptionByDefault"

wait := incrementalWait(3*time.Second, 0*time.Second)
err = resource.Retry(d.Timeout(schema.TimeoutCreate), func() *resource.RetryError {
response, err = client.RpcPost("Ecs", "2014-05-26", action, query, request, true)
if err != nil {
if NeedRetry(err) {
wait()
return resource.RetryableError(err)
}
return resource.NonRetryableError(err)
}
return nil
})
addDebug(action, response, request)

if err != nil {
return WrapErrorf(err, DefaultErrorMsg, "alicloud_ecs_disk_encryption_by_default", action, AlibabaCloudSdkGoERROR)
}
} else {
action := "DisableDiskEncryptionByDefault"

wait := incrementalWait(3*time.Second, 0*time.Second)
err = resource.Retry(d.Timeout(schema.TimeoutCreate), func() *resource.RetryError {
response, err = client.RpcPost("Ecs", "2014-05-26", action, query, request, true)
if err != nil {
if NeedRetry(err) {
wait()
return resource.RetryableError(err)
}
return resource.NonRetryableError(err)
}
return nil
})
addDebug(action, response, request)

if err != nil {
return WrapErrorf(err, DefaultErrorMsg, "alicloud_ecs_disk_encryption_by_default", action, AlibabaCloudSdkGoERROR)
}
}

}

d.SetId(fmt.Sprint(request["RegionId"]))

return resourceAliCloudEcsDiskEncryptionByDefaultRead(d, meta)
}

func resourceAliCloudEcsDiskEncryptionByDefaultRead(d *schema.ResourceData, meta interface{}) error {
client := meta.(*connectivity.AliyunClient)
ecsServiceV2 := EcsServiceV2{client}

objectRaw, err := ecsServiceV2.DescribeEcsDiskEncryptionByDefault(d.Id())
if err != nil {
if !d.IsNewResource() && NotFoundError(err) {
log.Printf("[DEBUG] Resource alicloud_ecs_disk_encryption_by_default DescribeEcsDiskEncryptionByDefault Failed!!! %s", err)
d.SetId("")
return nil
}
return WrapError(err)
}

d.Set("encrypted", objectRaw["Encrypted"])

return nil
}

func resourceAliCloudEcsDiskEncryptionByDefaultUpdate(d *schema.ResourceData, meta interface{}) error {
client := meta.(*connectivity.AliyunClient)
var request map[string]interface{}
var response map[string]interface{}
var query map[string]interface{}

ecsServiceV2 := EcsServiceV2{client}
objectRaw, _ := ecsServiceV2.DescribeEcsDiskEncryptionByDefault(d.Id())

initedEncrypted := false
if _, ok := d.GetOkExists("encrypted"); ok && d.IsNewResource() {
initedEncrypted = true
}
if initedEncrypted || d.HasChange("encrypted") {
var err error
target := d.Get("encrypted").(bool)

currentStatus, err := jsonpath.Get("Encrypted", objectRaw)
if err != nil {
return WrapErrorf(err, FailedGetAttributeMsg, d.Id(), "Encrypted", objectRaw)
}
if formatBool(currentStatus) != target {
if target == true {
action := "EnableDiskEncryptionByDefault"
request = make(map[string]interface{})
query = make(map[string]interface{})
request["RegionId"] = d.Id()
wait := incrementalWait(3*time.Second, 0*time.Second)
err = resource.Retry(d.Timeout(schema.TimeoutUpdate), func() *resource.RetryError {
response, err = client.RpcPost("Ecs", "2014-05-26", action, query, request, true)
if err != nil {
if NeedRetry(err) {
wait()
return resource.RetryableError(err)
}
return resource.NonRetryableError(err)
}
return nil
})
addDebug(action, response, request)
if err != nil {
return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
}

}
if target == false {
action := "DisableDiskEncryptionByDefault"
request = make(map[string]interface{})
query = make(map[string]interface{})
request["RegionId"] = d.Id()
wait := incrementalWait(3*time.Second, 0*time.Second)
err = resource.Retry(d.Timeout(schema.TimeoutUpdate), func() *resource.RetryError {
response, err = client.RpcPost("Ecs", "2014-05-26", action, query, request, true)
if err != nil {
if NeedRetry(err) {
wait()
return resource.RetryableError(err)
}
return resource.NonRetryableError(err)
}
return nil
})
addDebug(action, response, request)
if err != nil {
return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
}

}
}
}

return resourceAliCloudEcsDiskEncryptionByDefaultRead(d, meta)
}

func resourceAliCloudEcsDiskEncryptionByDefaultDelete(d *schema.ResourceData, meta interface{}) error {
log.Printf("[WARN] Cannot destroy resource AliCloud Resource Disk Encryption By Default. Terraform will remove this resource from the state file, however resources may remain.")
return nil
}
165 changes: 165 additions & 0 deletions alicloud/resource_alicloud_ecs_disk_encryption_by_default_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
// Package alicloud. This file is generated automatically. Please do not modify it manually, thank you!
package alicloud

import (
"fmt"
"testing"

"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
)

// Test Ecs DiskEncryptionByDefault. >>> Resource test cases, automatically generated.
// Case 测试账号下云盘默认加密_正式 12733
func TestAccAliCloudEcsDiskEncryptionByDefault_basic12733(t *testing.T) {
var v map[string]interface{}
resourceId := "alicloud_ecs_disk_encryption_by_default.default"
ra := resourceAttrInit(resourceId, AliCloudEcsDiskEncryptionByDefaultMap12733)
rc := resourceCheckInitWithDescribeMethod(resourceId, &v, func() interface{} {
return &EcsServiceV2{testAccProvider.Meta().(*connectivity.AliyunClient)}
}, "DescribeEcsDiskEncryptionByDefault")
rac := resourceAttrCheckInit(rc, ra)
testAccCheck := rac.resourceAttrMapUpdateSet()
rand := acctest.RandIntRange(10000, 99999)
name := fmt.Sprintf("tfaccecs%d", rand)
testAccConfig := resourceTestAccConfigFunc(resourceId, name, AliCloudEcsDiskEncryptionByDefaultBasicDependence12733)
resource.Test(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
},
IDRefreshName: resourceId,
Providers: testAccProviders,
CheckDestroy: nil,
Steps: []resource.TestStep{
{
Config: testAccConfig(map[string]interface{}{}),
Check: resource.ComposeTestCheckFunc(
testAccCheck(map[string]string{}),
),
},
{
Config: testAccConfig(map[string]interface{}{
"encrypted": "true",
}),
Check: resource.ComposeTestCheckFunc(
testAccCheck(map[string]string{
"encrypted": "true",
}),
),
},
{
Config: testAccConfig(map[string]interface{}{
"encrypted": "false",
}),
Check: resource.ComposeTestCheckFunc(
testAccCheck(map[string]string{
"encrypted": "false",
}),
),
},
{
ResourceName: resourceId,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{},
},
},
})
}

func TestAccAliCloudEcsDiskEncryptionByDefault_basic12733_twin(t *testing.T) {
var v map[string]interface{}
resourceId := "alicloud_ecs_disk_encryption_by_default.default"
ra := resourceAttrInit(resourceId, AliCloudEcsDiskEncryptionByDefaultMap12733)
rc := resourceCheckInitWithDescribeMethod(resourceId, &v, func() interface{} {
return &EcsServiceV2{testAccProvider.Meta().(*connectivity.AliyunClient)}
}, "DescribeEcsDiskEncryptionByDefault")
rac := resourceAttrCheckInit(rc, ra)
testAccCheck := rac.resourceAttrMapUpdateSet()
rand := acctest.RandIntRange(10000, 99999)
name := fmt.Sprintf("tfaccecs%d", rand)
testAccConfig := resourceTestAccConfigFunc(resourceId, name, AliCloudEcsDiskEncryptionByDefaultBasicDependence12733)
resource.Test(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
},
IDRefreshName: resourceId,
Providers: testAccProviders,
CheckDestroy: nil,
Steps: []resource.TestStep{
{
Config: testAccConfig(map[string]interface{}{
"encrypted": "true",
}),
Check: resource.ComposeTestCheckFunc(
testAccCheck(map[string]string{
"encrypted": "true",
}),
),
},
{
ResourceName: resourceId,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{},
},
},
})
}

func TestAccAliCloudEcsDiskEncryptionByDefault_basic12735_twin(t *testing.T) {
var v map[string]interface{}
resourceId := "alicloud_ecs_disk_encryption_by_default.default"
ra := resourceAttrInit(resourceId, AliCloudEcsDiskEncryptionByDefaultMap12733)
rc := resourceCheckInitWithDescribeMethod(resourceId, &v, func() interface{} {
return &EcsServiceV2{testAccProvider.Meta().(*connectivity.AliyunClient)}
}, "DescribeEcsDiskEncryptionByDefault")
rac := resourceAttrCheckInit(rc, ra)
testAccCheck := rac.resourceAttrMapUpdateSet()
rand := acctest.RandIntRange(10000, 99999)
name := fmt.Sprintf("tfaccecs%d", rand)
testAccConfig := resourceTestAccConfigFunc(resourceId, name, AliCloudEcsDiskEncryptionByDefaultBasicDependence12733)
resource.Test(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
},
IDRefreshName: resourceId,
Providers: testAccProviders,
CheckDestroy: nil,
Steps: []resource.TestStep{
{
Config: testAccConfig(map[string]interface{}{
"encrypted": "false",
}),
Check: resource.ComposeTestCheckFunc(
testAccCheck(map[string]string{
"encrypted": "false",
}),
),
},
{
ResourceName: resourceId,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{},
},
},
})
}

var AliCloudEcsDiskEncryptionByDefaultMap12733 = map[string]string{
"encrypted": CHECKSET,
}

func AliCloudEcsDiskEncryptionByDefaultBasicDependence12733(name string) string {
return fmt.Sprintf(`
variable "name" {
default = "%s"
}


`, name)
}

// Test Ecs DiskEncryptionByDefault. <<< Resource test cases, automatically generated.
Loading
Loading