From 743e12f4e58923e198d9ec224e15459b136d12ea Mon Sep 17 00:00:00 2001
From: anmolhuro <nilesh.gadgi@clouddrove.com>
Date: Wed, 29 Mar 2023 19:03:00 +0530
Subject: [PATCH 1/2] changed format of disk encryption set and assigned id to
 key vault key

---
 main.tf | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/main.tf b/main.tf
index eedb938..b13acd3 100644
--- a/main.tf
+++ b/main.tf
@@ -310,7 +310,7 @@ resource "azurerm_network_interface_security_group_association" "default" {
 
 resource "azurerm_disk_encryption_set" "example" {
   count               = var.enable_disk_encryption_set ? 1 : 0
-  name                = "des"
+  name                = format("vm-%s-dsk-encrpt", module.labels.id)
   resource_group_name = var.resource_group_name
   location            = var.location
   key_vault_key_id    = var.enable_disk_encryption_set ? join("", azurerm_key_vault_key.example.*.id) : null
@@ -384,7 +384,7 @@ resource "azurerm_managed_disk" "data_disk" {
   storage_account_type   = lookup(each.value.data_disk, "storage_account_type", "StandardSSD_LRS")
   create_option          = "Empty"
   disk_size_gb           = each.value.data_disk.disk_size_gb
-  disk_encryption_set_id = var.enable_disk_encryption_set ? var.disk_encryption_set_id : null
+  disk_encryption_set_id = azurerm_disk_encryption_set.example[0].id != "" ? azurerm_disk_encryption_set.example[0].id : null #var.enable_disk_encryption_set ? var.disk_encryption_set_id : null
 
 }
 
@@ -475,6 +475,4 @@ resource "azurerm_monitor_diagnostic_setting" "nic_diagnostic" {
   lifecycle {
     ignore_changes = [log_analytics_destination_type]
   }
-}
-
-
+}
\ No newline at end of file

From 59ae1bd783f8aeae0e69c26493c10723066855b3 Mon Sep 17 00:00:00 2001
From: anmolhuro <nilesh.gadgi@clouddrove.com>
Date: Wed, 29 Mar 2023 19:20:36 +0530
Subject: [PATCH 2/2] added changes in example and removed useless variables

---
 README.yaml                  |  9 ++++++---
 _example/linux-vm/example.tf | 11 ++++++-----
 variables.tf                 |  9 ---------
 3 files changed, 12 insertions(+), 17 deletions(-)

diff --git a/README.yaml b/README.yaml
index 527449d..171ccd5 100644
--- a/README.yaml
+++ b/README.yaml
@@ -87,9 +87,12 @@ usage: |-
     image_version                   = "latest"
 
 
-    enable_disk_encryption_set = true
-    key_vault_id               = module.key_vault.id
-    key_vault_key_id           = module.virtual-machine.key_id
+    enable_disk_encryption_set     = true
+    key_vault_id                   = module.key_vault.id
+    addtional_capabilities_enabled = true
+    ultra_ssd_enabled              = false
+    enable_encryption_at_host      = true
+    key_vault_rbac_auth_enabled    = false
 
     data_disks = [
       {
diff --git a/_example/linux-vm/example.tf b/_example/linux-vm/example.tf
index 1cbc8c7..ac9f2d9 100644
--- a/_example/linux-vm/example.tf
+++ b/_example/linux-vm/example.tf
@@ -150,7 +150,6 @@ module "virtual-machine" {
   caching      = "ReadWrite"
   disk_size_gb = 30
 
-  disk_encryption_set_id          = module.virtual-machine.disk_encryption_set-id
   storage_image_reference_enabled = true
   image_publisher                 = "Canonical"
   image_offer                     = "0001-com-ubuntu-server-focal"
@@ -158,10 +157,12 @@ module "virtual-machine" {
   image_version                   = "latest"
 
 
-  enable_disk_encryption_set = true
-  key_vault_id               = module.key_vault.id
-  key_vault_key_id           = module.virtual-machine.key_id
-  enable_encryption_at_host  = true
+  enable_disk_encryption_set     = true
+  key_vault_id                   = module.key_vault.id
+  addtional_capabilities_enabled = true
+  ultra_ssd_enabled              = false
+  enable_encryption_at_host      = true
+  key_vault_rbac_auth_enabled    = false
 
   data_disks = [
     {
diff --git a/variables.tf b/variables.tf
index 9f76adf..b27a338 100644
--- a/variables.tf
+++ b/variables.tf
@@ -507,10 +507,6 @@ variable "os_disk_storage_account_type" {
   default     = "StandardSSD_LRS"
 }
 
-variable "disk_encryption_set_id" {
-  description = "The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk. The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault"
-  default     = null
-}
 
 variable "additional_unattend_content" {
   description = "The XML formatted content that is added to the unattend.xml file for the specified path and component."
@@ -831,11 +827,6 @@ variable "vm_availability_zone" {
   default     = null
 }
 
-variable "key_vault_key_id" {
-  type    = any
-  default = null
-}
-
 variable "enable_disk_encryption_set" {
   type    = bool
   default = false