mssql_virtual_machine - Deprecated encryption_enabled and validate storage_account_access_key

[cgraf-spiria]

Community Note

• Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

• Fixes azurerm_mssql_virtual_machine auto_backup encryption_password failing #12811 by :

  • removing the pre-checks on encryption_enabled and encryption_password which caused the issue
  • deprecating encryption_enabled attribute
  • enable/disable encryption if encryption_password is defined or not

• Add a validation for storage_account_access_key to ensure it is a base64 string. Without the validation, when the users gives an invalid value, the Azure API gives an unclear base64 error which makes it hard to find the correct issue.

PR Checklist

• I have followed the guidelines in our Contributing Documentation.
• I have checked to ensure there aren't other open Pull Requests for the same update/change.
• I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
• I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
• I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
  For example: “resource_name_here - description of change e.g. adding property new_property_name_here”

Changes to existing Resource / Data Source

• I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
• I have written new tests for my resource or datasource changes & updated any relevant documentation.
• I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
• (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

• My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

Not a new resource. But I ran existing unit tests and used the compiled provider to test it works.

For state migrations please test the changes locally and provide details here, such as the versions involved in testing the migration path. For further details on testing state migration changes please see our guide on state migrations in the contributor documentation. -->

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

• mssql_virtual_machine - Deprecated encryption_enabled. Encryption is enabled when encryption_password is set; otherwise disabled.
• mssql_virtual_machine - Validate storage_account_access_key is a base64 string.

• Bug Fix
• New Feature (ie adding a service, resource, or data source)
• Enhancement
• Breaking Change

Related Issue(s)

Fixes #12811

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

[sreallymatt]

Thanks for submitting this PR @cgraf-spiria, for deprecations we follow a specific format that allows us to clean up deprecated properties in the code easily after a major release. I have left some comments inline if you wouldn't mind taking a look!

[sreallymatt]

Thanks for making those changes @cgraf-spiria, I left a few minor suggestions, once those are in this looks good to me!

[sreallymatt]

We've got one test failure, I had a peek at what's happening and the issue lies in the resourceMsSqlVirtualMachineAutoBackupSettingsRefreshFunc, specifically the default case on line 817

Could you add the following to that switch case, and resolve the 5.0-upgrade-guide merge conflict? (or if you prefer, I can push the changes to your fork!)

default:
	// To be removed in 5.0:
	// When `encryption_enabled` is not set in config, but `encryption_password` is, `v != val` will always be `true`.
	// This causes an infinite loop until the resource creation times out. To avoid this, continue to the next iteration of the loop if
	// `prop` is `encryption_enabled`.
	if !features.FivePointOh() && prop == "encryption_enabled" {
		continue
	}

	if v != val {
		return resp, "Pending", nil
	}

[cgraf-spiria]

I added the fix & resolved the conflict. Thanks again for helping me get this PR working, much appreciated. :)

[sreallymatt]

Thanks @cgraf-spiria, tests passed, LGTM 🚀