feat: add support for volume encryption

[belleatkins]

###Description As per issue: (https://github.com/hashicorp/terraform-provider-vsphere/issues/1796) This MR is to add Volume Encryption Support for deploying in VSphere. It does this by running additional post-deployment steps to set the storage policy separately (to get around the fact that vSphere doesn't support setting the storage policy on disk attachment). It runs an additional step to revert the name change that occurs under foot.

A storage policy would be specified in the main.tf as follows:

`resource "vsphere_virtual_machine" "belle-pcc_vms" {
  clone {
    template_uuid    = data.vsphere_virtual_machine.template.id
  }
  count              = 1
  scsi_type          = data.vsphere_virtual_machine.template.scsi_type
  datastore_id       = data.vsphere_datastore.datastore[count.index].id
  storage_policy_id  = data.vsphere_storage_policy.policy[count.index].id

  depends_on         = [local_file.user_data_json]
  disk {
    datastore_id        = data.vsphere_datastore.datastore[count.index].id
    label               = "disk0"
    keep_on_remove      = false
    size                = var.boot_disk_size
    thin_provisioned    = true
    storage_policy_id   = data.vsphere_storage_policy.policy[count.index].id
  }
  disk {
    datastore_id        = data.vsphere_datastore.datastore[count.index].id
    label               = "disk1"
    unit_number         = 1
    attach              = true
    path                = vsphere_virtual_disk.disk[count.index].vmdk_path
    storage_policy_id   = data.vsphere_storage_policy.policy[count.index].id
  }`

Use of this feature requires the correct VSphere Cryptography permissions.

Acceptance tests Have you added an acceptance test for the functionality being added? Have you run the acceptance tests on this branch? [ ] I have not run acceptance tests as my vsphere environment does not have access to any NAS storage, so I cannot set environment variable TF_VAR_VSPHERE_NAS_HOST or TF_VAR_VSPHERE_NFS_PATH, so tests are failing with

make testacc TESTARGS="-run=TestAccResourceVSphereVirtualMachine_basic"
Error: error mounting datastore: host "<TF_VAR_VSPHERE_ESXI2>": ServerFaultCode: A specified parameter was not correct:

  with vsphere_nas_datastore.ds1,
  on terraform_plugin_test.tf line 29, in resource "vsphere_nas_datastore" "ds1":
  29: resource "vsphere_nas_datastore" "ds1" {

I'd appreciate guidance on how to get around this, and which acceptance tests to run if it is possible.

Manual testing of this feature is complete. This feature is now used in our product. Manual testing included test sessions under:

• performance
• robustness and resiliency
• deleting the VM and attaching a new VM to the existing encrypted disks
• deploying a VM with fresh encrypted disks
• One bug was found and fixed: datastores containing the encrypted disks were not successfully detected when inside a folder
• a light cross spectrum of storage policies were tried and tested

Release Note Release note for CHANGELOG: FEATURES:

virtual_machine_disk_subresource: Add support for deploying a VM with encrypted disks via specifying a storage policy which has encryption enabled. ...

References

Closes #1796

[hashicorp-cla]

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

---

1 out of 2 committers have signed the CLA.

• [x] belleatkins
• [ ] martons-msw

_{Have you signed the CLA already but the status is still pending? Recheck it.}

[tenthirtyam]

Marking as draft due to merge conflicts.

[tenthirtyam]

CI is failing.

==> Checking that code complies with gofmt requirements...
[5](https://github.com/hashicorp/terraform-provider-vsphere/actions/runs/4447034308/jobs/7808976110#step:5:6)
gofmt needs running on the following files:
[6](https://github.com/hashicorp/terraform-provider-vsphere/actions/runs/4447034308/jobs/7808976110#step:5:7)
make: *** [GNUmakefile:27: fmtcheck] Error 1
[7](https://github.com/hashicorp/terraform-provider-vsphere/actions/runs/4447034308/jobs/7808976110#step:5:8)
./vsphere/internal/virtualdevice/virtual_machine_disk_subresource.go
[8](https://github.com/hashicorp/terraform-provider-vsphere/actions/runs/4447034308/jobs/7808976110#step:5:9)
./vsphere/data_source_vsphere_host.go
[9](https://github.com/hashicorp/terraform-provider-vsphere/actions/runs/4447034308/jobs/7808976110#step:5:10)
You can use the command: `make fmt` to reformat code.
[10](https://github.com/hashicorp/terraform-provider-vsphere/actions/runs/4447034308/jobs/7808976110#step:5:11)
Error: Process completed with exit code 2.

[belleatkins]

fixed CI

[tenthirtyam]

CI Failing

==> Checking that code complies with gofmt requirements...
[5](https://github.com/hashicorp/terraform-provider-vsphere/actions/runs/4448677556/jobs/7812906362?pr=1839#step:5:6)
gofmt needs running on the following files:
[6](https://github.com/hashicorp/terraform-provider-vsphere/actions/runs/4448677556/jobs/7812906362?pr=1839#step:5:7)
./vsphere/internal/virtualdevice/virtual_machine_disk_subresource.go
[7](https://github.com/hashicorp/terraform-provider-vsphere/actions/runs/4448677556/jobs/7812906362?pr=1839#step:5:8)
make: *** [GNUmakefile:27: fmtcheck] Error 1
[8](https://github.com/hashicorp/terraform-provider-vsphere/actions/runs/4448677556/jobs/7812906362?pr=1839#step:5:9)
./vsphere/data_source_vsphere_host.go
[9](https://github.com/hashicorp/terraform-provider-vsphere/actions/runs/4448677556/jobs/7812906362?pr=1839#step:5:10)
You can use the command: `make fmt` to reformat code.
[10](https://github.com/hashicorp/terraform-provider-vsphere/actions/runs/4448677556/jobs/7812906362?pr=1839#step:5:11)
Error: Process completed with exit code 2.

[belleatkins]

fixed CI

[tenthirtyam]

CI Passing

[tenthirtyam]

Marked as draft as this needs an acceptance test and there are no updates on manual testing per OP.

[belleatkins]

Marked as draft as this needs an acceptance test and there are no updates on manual testing per OP.

manual testing completed

[tenthirtyam]

Hi @belleatkins! There are still merge conflicts for this one that need to be addressed.

Hi @martons-msw! You'll need to sign the HashiCorp CLA before this can be reviewed and merged.

[tenthirtyam]

Hi @belleatkins! There are still merge conflicts for this one that need to be addressed.

Hi @martons-msw! You'll need to sign the HashiCorp CLA before this can be reviewed and merged.

[DariusMR]

Hello, any news on this topic ?

[tenthirtyam]

Hi @martons-msw! You'll need to sign the HashiCorp CLA before this can be reviewed and merged.

[tenthirtyam]

There haven't been any updates.

• @belleatkins - there were still merge conflicts for this one that need to be addressed.

• @martons-msw! - the HashiCorp CLA needed to be signed.

I'm closing this pull request for now. Please feel free to create a new pull request if this feature is still desired.

[github-actions[bot]]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.