Bug report-Transparent Data Encryption in Synapse

[kevintrannz]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Version of the module you are using

5.6.5

Rover Version

No response

Terraform Version

No response

AzureRM Provider Version

No response

Affected Resource(s)/Data Source(s)

azurerm_synapse

Terraform Configuration Files

synapse_sql_pools = {
                sql_pool_re1 = {
                    name                  = "pool1"
                    synapse_workspace_key = "synapse_ws"
                    sku_name              = "DW100c"
                    create_mode           = "Default"

                    # Does not work!
                    transparent_data_encryption = true
                    data_encrypted = true

                    tags = local.common_tags
                }
            }
        }

It seems there are no setting to pass through to the synapse_sql_pool resource in terraform-azurerm-caf/modules/analytics/synapse/sql_pool/sql_pool.tf

resource "azurecaf_name" "sqlpool" {
  name          = var.settings.name
  resource_type = "azurerm_synapse_spark_pool"
  prefixes      = var.global_settings.prefixes
  random_length = var.global_settings.random_length
  clean_input   = true
  passthrough   = var.global_settings.passthrough
  use_slug      = var.global_settings.use_slug
}

resource "azurerm_synapse_sql_pool" "sql_pool" {
  name                 = azurecaf_name.sqlpool.result
  synapse_workspace_id = var.synapse_workspace_id
  sku_name             = try(var.settings.sku_name, "DW100c")
  create_mode          = try(var.settings.create_mode, "Default")
  tags                 = local.tags
}

Expected Behaviour

Transparent data encryption is ENABLE

Actual Behaviour

Transparent data encryption is DISABLE

Steps to Reproduce

Reference: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_sql_pool [data_encrypted] (Optional) Is transparent data encryption enabled?

Important Factoids

No response

References

https://github.com/aztfmod/terraform-azurerm-caf

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_sql_pool

[arnaudlh]

@kevintrannz, this is the default behavior in the provider: https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/synapse_sql_pool#data_encrypted if the data_encrypted argument is not set.

Are you able to submit a PR to add the attribute?

[kevintrannz]

Hi @arnaudlh , Thank you for your response.

Yes, I have a fix. But I have a permission issue when I push the new feature branch. How could I become a committer please ?

I have a workaround to fix this issue in my Azure DevOps pipeline by overwritten the file with the current version.

Thanks, Kevin.

[LaurentLesle]

@kevintrannz - I suggest you fork the repositories you want to contribute. Fork all branches and then submit PR from your fork. Note you will have to refresh your fork with the upstream on regular basis.

[kevintrannz]

Hi @LaurentLesle, Thank you for that. I just create PR as in https://github.com/aztfmod/terraform-azurerm-caf/pull/1616

Thanks, Kevin.