diff --git a/internal/services/compute/snapshot_data_source.go b/internal/services/compute/snapshot_data_source.go
index d088865afaff..6f1b445dffd5 100644
--- a/internal/services/compute/snapshot_data_source.go
+++ b/internal/services/compute/snapshot_data_source.go
@@ -4,6 +4,7 @@ import (
"fmt"
"time"
+ "github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2021-11-01/compute"
"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/compute/parse"
@@ -104,6 +105,11 @@ func dataSourceSnapshot() *pluginsdk.Resource {
},
},
},
+
+ "trusted_launch_enabled": {
+ Type: pluginsdk.TypeBool,
+ Computed: true,
+ },
},
}
}
@@ -137,6 +143,14 @@ func dataSourceSnapshotRead(d *pluginsdk.ResourceData, meta interface{}) error {
if err := d.Set("encryption_settings", flattenManagedDiskEncryptionSettings(props.EncryptionSettingsCollection)); err != nil {
return fmt.Errorf("setting `encryption_settings`: %+v", err)
}
+
+ trustedLaunchEnabled := false
+ if securityProfile := props.SecurityProfile; securityProfile != nil {
+ if securityProfile.SecurityType == compute.DiskSecurityTypesTrustedLaunch {
+ trustedLaunchEnabled = true
+ }
+ }
+ d.Set("trusted_launch_enabled", trustedLaunchEnabled)
}
if data := resp.CreationData; data != nil {
diff --git a/internal/services/compute/snapshot_data_source_test.go b/internal/services/compute/snapshot_data_source_test.go
index 5b6c917cd056..6e8ed2137b30 100644
--- a/internal/services/compute/snapshot_data_source_test.go
+++ b/internal/services/compute/snapshot_data_source_test.go
@@ -41,6 +41,20 @@ func TestAccDataSourceSnapshot_encryption(t *testing.T) {
})
}
+func TestAccDataSourceSnapshot_trustedLaunch(t *testing.T) {
+ data := acceptance.BuildTestData(t, "data.azurerm_snapshot", "snapshot")
+ r := SnapshotDataSource{}
+
+ data.DataSourceTest(t, []acceptance.TestStep{
+ {
+ Config: r.trustedLaunch(data),
+ Check: acceptance.ComposeTestCheckFunc(
+ check.That(data.ResourceName).Key("trusted_launch_enabled").HasValue("true"),
+ ),
+ },
+ })
+}
+
func (SnapshotDataSource) basic(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
@@ -179,3 +193,48 @@ data "azurerm_snapshot" "snapshot" {
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomString, data.RandomInteger)
}
+
+func (SnapshotDataSource) trustedLaunch(data acceptance.TestData) string {
+ return fmt.Sprintf(`
+provider "azurerm" {
+ features {}
+}
+
+data "azurerm_platform_image" "test" {
+ location = "%[2]s"
+ publisher = "Canonical"
+ offer = "UbuntuServer"
+ sku = "18_04-LTS-gen2"
+}
+
+resource "azurerm_resource_group" "test" {
+ name = "acctestRG-%[1]d"
+ location = "%[2]s"
+}
+
+resource "azurerm_managed_disk" "test" {
+ name = "acctestd-%[1]d"
+ location = azurerm_resource_group.test.location
+ resource_group_name = azurerm_resource_group.test.name
+ os_type = "Linux"
+ create_option = "FromImage"
+ image_reference_id = data.azurerm_platform_image.test.id
+ storage_account_type = "Standard_LRS"
+ hyper_v_generation = "V2"
+ trusted_launch_enabled = true
+}
+
+resource "azurerm_snapshot" "test" {
+ name = "acctestss_%[1]d"
+ location = azurerm_resource_group.test.location
+ resource_group_name = azurerm_resource_group.test.name
+ create_option = "Copy"
+ source_uri = azurerm_managed_disk.test.id
+}
+
+data "azurerm_snapshot" "snapshot" {
+ name = azurerm_snapshot.test.name
+ resource_group_name = azurerm_resource_group.test.name
+}
+`, data.RandomInteger, data.Locations.Primary)
+}
diff --git a/internal/services/compute/snapshot_resource.go b/internal/services/compute/snapshot_resource.go
index af96d9074b3a..aae61110d5b2 100644
--- a/internal/services/compute/snapshot_resource.go
+++ b/internal/services/compute/snapshot_resource.go
@@ -86,6 +86,11 @@ func resourceSnapshot() *pluginsdk.Resource {
"encryption_settings": encryptionSettingsSchema(),
+ "trusted_launch_enabled": {
+ Type: pluginsdk.TypeBool,
+ Computed: true,
+ },
+
"tags": tags.Schema(),
},
}
@@ -205,6 +210,14 @@ func resourceSnapshotRead(d *pluginsdk.ResourceData, meta interface{}) error {
if err := d.Set("encryption_settings", flattenManagedDiskEncryptionSettings(props.EncryptionSettingsCollection)); err != nil {
return fmt.Errorf("setting `encryption_settings`: %+v", err)
}
+
+ trustedLaunchEnabled := false
+ if securityProfile := props.SecurityProfile; securityProfile != nil {
+ if securityProfile.SecurityType == compute.DiskSecurityTypesTrustedLaunch {
+ trustedLaunchEnabled = true
+ }
+ }
+ d.Set("trusted_launch_enabled", trustedLaunchEnabled)
}
return tags.FlattenAndSet(d, resp.Tags)
diff --git a/internal/services/compute/snapshot_resource_test.go b/internal/services/compute/snapshot_resource_test.go
index aeb60ccae8db..5f2745bde0e5 100644
--- a/internal/services/compute/snapshot_resource_test.go
+++ b/internal/services/compute/snapshot_resource_test.go
@@ -125,6 +125,22 @@ func TestAccSnapshot_fromUnmanagedDisk(t *testing.T) {
})
}
+func TestAccSnapshot_trustedLaunch(t *testing.T) {
+ data := acceptance.BuildTestData(t, "azurerm_snapshot", "test")
+ r := SnapshotResource{}
+
+ data.ResourceTest(t, r, []acceptance.TestStep{
+ {
+ Config: r.trustedLaunch(data),
+ Check: acceptance.ComposeTestCheckFunc(
+ check.That(data.ResourceName).ExistsInAzure(r),
+ check.That(data.ResourceName).Key("trusted_launch_enabled").HasValue("true"),
+ ),
+ },
+ data.ImportStep("source_uri"),
+ })
+}
+
func (t SnapshotResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
id, err := parse.SnapshotID(state.ID)
if err != nil {
@@ -497,3 +513,43 @@ resource "azurerm_snapshot" "test" {
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomString, data.RandomInteger, data.RandomInteger, data.RandomInteger)
}
+
+func (SnapshotResource) trustedLaunch(data acceptance.TestData) string {
+ return fmt.Sprintf(`
+provider "azurerm" {
+ features {}
+}
+
+data "azurerm_platform_image" "test" {
+ location = "%[2]s"
+ publisher = "Canonical"
+ offer = "UbuntuServer"
+ sku = "18_04-LTS-gen2"
+}
+
+resource "azurerm_resource_group" "test" {
+ name = "acctestRG-%[1]d"
+ location = "%[2]s"
+}
+
+resource "azurerm_managed_disk" "test" {
+ name = "acctestd-%[1]d"
+ location = azurerm_resource_group.test.location
+ resource_group_name = azurerm_resource_group.test.name
+ os_type = "Linux"
+ create_option = "FromImage"
+ image_reference_id = data.azurerm_platform_image.test.id
+ storage_account_type = "Standard_LRS"
+ hyper_v_generation = "V2"
+ trusted_launch_enabled = true
+}
+
+resource "azurerm_snapshot" "test" {
+ name = "acctestss_%[1]d"
+ location = azurerm_resource_group.test.location
+ resource_group_name = azurerm_resource_group.test.name
+ create_option = "Copy"
+ source_uri = azurerm_managed_disk.test.id
+}
+`, data.RandomInteger, data.Locations.Primary)
+}
diff --git a/website/docs/d/snapshot.html.markdown b/website/docs/d/snapshot.html.markdown
index 3056e986fc3c..059df64ff580 100644
--- a/website/docs/d/snapshot.html.markdown
+++ b/website/docs/d/snapshot.html.markdown
@@ -39,6 +39,8 @@ data "azurerm_snapshot" "example" {
* `disk_size_gb` - The size of the Snapshotted Disk in GB.
+* `trusted_launch_enabled` - Whether Trusted Launch is enabled for the Snapshot.
+
## Timeouts
The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions:
diff --git a/website/docs/r/snapshot.html.markdown b/website/docs/r/snapshot.html.markdown
index 00ad50a18d3b..3985293eeb13 100644
--- a/website/docs/r/snapshot.html.markdown
+++ b/website/docs/r/snapshot.html.markdown
@@ -69,6 +69,8 @@ The following attributes are exported:
* `disk_size_gb` - The Size of the Snapshotted Disk in GB.
+* `trusted_launch_enabled` - Whether Trusted Launch is enabled for the Snapshot.
+
## Timeouts
The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: