fix: adding cmk to data disks

avm/res/compute/virtual-machine/CHANGELOG.md

@@ -2,6 +2,16 @@
 
 The latest version of the changelog can be found [here](https://github.com/Azure/bicep-registry-modules/blob/main/avm/res/compute/virtual-machine/CHANGELOG.md).
 
+## 0.20.1
+
+### Changes
+
+- added encryption to Data disks
+
+### Breaking Changes
+
+- Renamed `zone` parameter to `availabilityZone` in public IP config
+
 ## 0.20.0
 
 ### Changes

avm/res/compute/virtual-machine/README.md

@@ -82,12 +82,12 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:<version>' = {
           {
             name: 'ipconfig01'
             pipConfiguration: {
-              publicIpNameSuffix: '-pip-01'
-              zones: [
+              availabilityZones: [
                 1
                 2
                 3
               ]
+              publicIpNameSuffix: '-pip-01'
             }
             subnetResourceId: '<subnetResourceId>'
           }
@@ -154,12 +154,12 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:<version>' = {
             {
               "name": "ipconfig01",
               "pipConfiguration": {
-                "publicIpNameSuffix": "-pip-01",
-                "zones": [
+                "availabilityZones": [
                   1,
                   2,
                   3
-                ]
+                ],
+                "publicIpNameSuffix": "-pip-01"
               },
               "subnetResourceId": "<subnetResourceId>"
             }
@@ -230,12 +230,12 @@ param nicConfigurations = [
       {
         name: 'ipconfig01'
         pipConfiguration: {
-          publicIpNameSuffix: '-pip-01'
-          zones: [
+          availabilityZones: [
             1
             2
             3
           ]
+          publicIpNameSuffix: '-pip-01'
         }
         subnetResourceId: '<subnetResourceId>'
       }
@@ -2734,8 +2734,8 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:<version>' = {
           {
             name: 'ipconfig01'
             pipConfiguration: {
+              availabilityZones: []
               publicIpNameSuffix: '-pip-01'
-              zones: []
             }
             subnetResourceId: '<subnetResourceId>'
           }
@@ -2825,8 +2825,8 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:<version>' = {
             {
               "name": "ipconfig01",
               "pipConfiguration": {
-                "publicIpNameSuffix": "-pip-01",
-                "zones": []
+                "availabilityZones": [],
+                "publicIpNameSuffix": "-pip-01"
               },
               "subnetResourceId": "<subnetResourceId>"
             }
@@ -2922,8 +2922,8 @@ param nicConfigurations = [
       {
         name: 'ipconfig01'
         pipConfiguration: {
+          availabilityZones: []
           publicIpNameSuffix: '-pip-01'
-          zones: []
         }
         subnetResourceId: '<subnetResourceId>'
       }
@@ -4549,6 +4549,7 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:<version>' = {
         diskSizeGB: 128
         managedDisk: {
           diskEncryptionSetResourceId: '<diskEncryptionSetResourceId>'
+          diskEncryptionType: 'EncryptionAtRestWithPlatformAndCustomerKeys'
           storageAccountType: 'Premium_LRS'
         }
       }
@@ -4626,6 +4627,7 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:<version>' = {
           "diskSizeGB": 128,
           "managedDisk": {
             "diskEncryptionSetResourceId": "<diskEncryptionSetResourceId>",
+            "diskEncryptionType": "EncryptionAtRestWithPlatformAndCustomerKeys",
             "storageAccountType": "Premium_LRS"
           }
         }
@@ -4685,6 +4687,7 @@ param dataDisks = [
     diskSizeGB: 128
     managedDisk: {
       diskEncryptionSetResourceId: '<diskEncryptionSetResourceId>'
+      diskEncryptionType: 'EncryptionAtRestWithPlatformAndCustomerKeys'
       storageAccountType: 'Premium_LRS'
     }
   }
@@ -7344,6 +7347,7 @@ The managed disk parameters.
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
 | [`diskEncryptionSetResourceId`](#parameter-datadisksmanageddiskdiskencryptionsetresourceid) | string | Specifies the customer managed disk encryption set resource id for the managed disk. |
+| [`diskEncryptionType`](#parameter-datadisksmanageddiskdiskencryptiontype) | string | The type of key used to encrypt the data of the disk. |
 | [`id`](#parameter-datadisksmanageddiskid) | string | Specifies the resource id of a pre-existing managed disk. If the disk should be created, this property should be empty. |
 | [`storageAccountType`](#parameter-datadisksmanageddiskstorageaccounttype) | string | Specifies the storage account type for the managed disk. Ignored when attaching a pre-existing disk. |
 
@@ -7354,6 +7358,13 @@ Specifies the customer managed disk encryption set resource id for the managed d
 - Required: No
 - Type: string
 
+### Parameter: `dataDisks.managedDisk.diskEncryptionType`
+
+The type of key used to encrypt the data of the disk.
+
+- Required: No
+- Type: string
+
 ### Parameter: `dataDisks.managedDisk.id`
 
 Specifies the resource id of a pre-existing managed disk. If the disk should be created, this property should be empty.

avm/res/compute/virtual-machine/main.bicep

@@ -536,6 +536,10 @@ resource managedDataDisks 'Microsoft.Compute/disks@2024-03-02' = [
       diskMBpsReadWrite: dataDisk.?diskMBpsReadWrite
       publicNetworkAccess: publicNetworkAccess
       networkAccessPolicy: networkAccessPolicy
+      encryption: {
+        diskEncryptionSetId: dataDisk.managedDisk.?diskEncryptionSetResourceId
+        type: 'EncryptionAtRestWithCustomerKey'
+      }
     }
     zones: availabilityZone != -1 && !contains(dataDisk.managedDisk.?storageAccountType, 'ZRS')
       ? array(string(availabilityZone))
@@ -1223,6 +1227,9 @@ type dataDiskType = {
     @description('Optional. Specifies the customer managed disk encryption set resource id for the managed disk.')
     diskEncryptionSetResourceId: string?
 
+    @description('Optional. The type of key used to encrypt the data of the disk.')
+    diskEncryptionType: resourceInput<'Microsoft.Compute/disks@2024-03-02'>.properties.encryption.type?
+
     @description('Optional. Specifies the resource id of a pre-existing managed disk. If the disk should be created, this property should be empty.')
     id: string?
   }

avm/res/compute/virtual-machine/main.json

@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.37.4.10188",
-      "templateHash": "5626158199534722675"
+      "templateHash": "13239692483716196396"
     },
     "name": "Virtual Machines",
     "description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs."
@@ -220,6 +220,16 @@
                 "description": "Optional. Specifies the customer managed disk encryption set resource id for the managed disk."
               }
             },
+            "diskEncryptionType": {
+              "type": "string",
+              "metadata": {
+                "__bicep_resource_derived_type!": {
+                  "source": "Microsoft.Compute/disks@2024-03-02#properties/properties/properties/encryption/properties/type"
+                },
+                "description": "Optional. The type of key used to encrypt the data of the disk."
+              },
+              "nullable": true
+            },
             "id": {
               "type": "string",
               "nullable": true,
@@ -2617,7 +2627,11 @@
         "diskIOPSReadWrite": "[tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'diskIOPSReadWrite')]",
         "diskMBpsReadWrite": "[tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'diskMBpsReadWrite')]",
         "publicNetworkAccess": "[parameters('publicNetworkAccess')]",
-        "networkAccessPolicy": "[parameters('networkAccessPolicy')]"
+        "networkAccessPolicy": "[parameters('networkAccessPolicy')]",
+        "encryption": {
+          "diskEncryptionSetId": "[tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()].managedDisk, 'diskEncryptionSetResourceId')]",
+          "type": "EncryptionAtRestWithCustomerKey"
+        }
       },
       "zones": "[if(and(not(equals(parameters('availabilityZone'), -1)), not(contains(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()].managedDisk, 'storageAccountType'), 'ZRS'))), array(string(parameters('availabilityZone'))), null())]",
       "tags": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'tags'), parameters('tags'))]"

avm/res/compute/virtual-machine/tests/e2e/atmg/dependencies.bicep

@@ -15,7 +15,7 @@ param location string = resourceGroup().location
 
 var addressPrefix = '10.0.0.0/16'
 
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = {
   name: virtualNetworkName
   location: location
   properties: {
@@ -35,7 +35,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
   }
 }
 
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2024-11-30' = {
   name: managedIdentityName
   location: location
 }
@@ -53,7 +53,7 @@ resource msiRGContrRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-
   }
 }
 
-resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
   name: sshDeploymentScriptName
   location: location
   kind: 'AzurePowerShell'
@@ -64,7 +64,7 @@ resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01'
     }
   }
   properties: {
-    azPowerShellVersion: '9.0'
+    azPowerShellVersion: '11.0'
     retentionInterval: 'P1D'
     arguments: ' -SSHKeyName "${sshKeyName}" -ResourceGroupName "${resourceGroup().name}"'
     scriptContent: loadTextContent('../../../../../../../utilities/e2e-template-assets/scripts/New-SSHKey.ps1')
@@ -74,7 +74,7 @@ resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01'
   ]
 }
 
-resource sshKey 'Microsoft.Compute/sshPublicKeys@2022-03-01' = {
+resource sshKey 'Microsoft.Compute/sshPublicKeys@2024-11-01' = {
   name: sshKeyName
   location: location
   properties: {

avm/res/compute/virtual-machine/tests/e2e/atmg/main.test.bicep

@@ -28,7 +28,7 @@ param namePrefix string = '#_namePrefix_#'
 
 // General resources
 // =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2025-04-01' = {
   name: resourceGroupName
   location: enforcedLocation
 }
@@ -77,7 +77,7 @@ module testDeployment '../../../main.bicep' = [
               name: 'ipconfig01'
               pipConfiguration: {
                 publicIpNameSuffix: '-pip-01'
-                zones: [
+                availabilityZones: [
                   1
                   2
                   3

avm/res/compute/virtual-machine/tests/e2e/linux.defaults/dependencies.bicep

@@ -15,7 +15,7 @@ param location string = resourceGroup().location
 
 var addressPrefix = '10.0.0.0/16'
 
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = {
   name: virtualNetworkName
   location: location
   properties: {
@@ -35,7 +35,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
   }
 }
 
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2024-11-30' = {
   name: managedIdentityName
   location: location
 }
@@ -53,7 +53,7 @@ resource msiRGContrRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-
   }
 }
 
-resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
   name: sshDeploymentScriptName
   location: location
   kind: 'AzurePowerShell'
@@ -64,7 +64,7 @@ resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01'
     }
   }
   properties: {
-    azPowerShellVersion: '9.0'
+    azPowerShellVersion: '11.0'
     retentionInterval: 'P1D'
     arguments: '-SSHKeyName "${sshKeyName}" -ResourceGroupName "${resourceGroup().name}"'
     scriptContent: loadTextContent('../../../../../../../utilities/e2e-template-assets/scripts/New-SSHKey.ps1')
@@ -74,7 +74,7 @@ resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01'
   ]
 }
 
-resource sshKey 'Microsoft.Compute/sshPublicKeys@2022-03-01' = {
+resource sshKey 'Microsoft.Compute/sshPublicKeys@2024-11-01' = {
   name: sshKeyName
   location: location
   properties: {

avm/res/compute/virtual-machine/tests/e2e/linux.defaults/main.test.bicep

@@ -27,7 +27,7 @@ param namePrefix string = '#_namePrefix_#'
 
 // General resources
 // =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2025-04-01' = {
   name: resourceGroupName
   location: enforcedLocation
 }

avm/res/compute/virtual-machine/tests/e2e/windows.defaults/dependencies.bicep

@@ -6,7 +6,7 @@ param location string = resourceGroup().location
 
 var addressPrefix = '10.0.0.0/16'
 
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = {
   name: virtualNetworkName
   location: location
   properties: {

avm/res/compute/virtual-machine/tests/e2e/windows.defaults/main.test.bicep

@@ -31,7 +31,7 @@ param namePrefix string = '#_namePrefix_#'
 
 // General resources
 // =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2025-04-01' = {
   name: resourceGroupName
   location: enforcedLocation
 }

avm/res/compute/virtual-machine/tests/e2e/windows.disks/dependencies.bicep

@@ -9,7 +9,7 @@ param sharedDiskName string
 
 var addressPrefix = '10.0.0.0/16'
 
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = {
   name: virtualNetworkName
   location: location
   properties: {

avm/res/compute/virtual-machine/tests/e2e/windows.disks/main.test.bicep

@@ -31,7 +31,7 @@ param namePrefix string = '#_namePrefix_#'
 
 // General resources
 // =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2025-04-01' = {
   name: resourceGroupName
   location: enforcedLocation
 }

avm/res/compute/virtual-machine/tests/e2e/windows.guestconfiguration/dependencies.bicep

@@ -6,7 +6,7 @@ param location string = resourceGroup().location
 
 var addressPrefix = '10.0.0.0/16'
 
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-07-01' = {
   name: virtualNetworkName
   location: location
   properties: {

avm/res/compute/virtual-machine/tests/e2e/windows.guestconfiguration/main.test.bicep

@@ -31,7 +31,7 @@ param namePrefix string = '#_namePrefix_#'
 
 // General resources
 // =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2025-04-01' = {
   name: resourceGroupName
   location: enforcedLocation
 }
@@ -75,7 +75,7 @@ module testDeployment '../../../main.bicep' = [
               subnetResourceId: nestedDependencies.outputs.subnetResourceId
               pipConfiguration: {
                 publicIpNameSuffix: '-pip-01'
-                zones: []
+                availabilityZones: []
               }
             }
           ]