Skip to content

Commit 9b2bad5

Browse files
modular-magicianmodular-magician
committed
Add missing KMS fields to google_compute_instance (#13192)
[upstream:fac596fc9456290574009fc71cab3d570b38b13a] Signed-off-by: Modular Magician <[email protected]>
1 parent 966a71e commit 9b2bad5

14 files changed

+1227
-28
lines changed

.changelog/13192.txt

+9
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
```release-note:enhancement
2+
compute: added several `boot_disk`, `attached_disk`, and `instance_encryption_key` fields for improved encryption key support in `google_compute_instance` and template resources
3+
```
4+
```release-note:enhancement
5+
compute: added support for `image_encryption_key.raw_key` and ` image_encryption_key.rsa_encrypted_key` to `google_compute_image` resource
6+
```
7+
```release-note:enhancement
8+
compute: added support for `snapshot_encryption_key.rsa_encrypted_key` to `google_compute_snapshot` resource
9+
```

google-beta/services/compute/compute_instance_helpers.go

+58
Original file line numberDiff line numberDiff line change
@@ -1062,3 +1062,61 @@ func flattenNetworkPerformanceConfig(c *compute.NetworkPerformanceConfig) []map[
10621062
},
10631063
}
10641064
}
1065+
1066+
func expandComputeInstanceEncryptionKey(d tpgresource.TerraformResourceData) *compute.CustomerEncryptionKey {
1067+
iek, ok := d.GetOk("instance_encryption_key")
1068+
if !ok {
1069+
return nil
1070+
}
1071+
1072+
iekRes := iek.([]interface{})[0].(map[string]interface{})
1073+
return &compute.CustomerEncryptionKey{
1074+
KmsKeyName: iekRes["kms_key_self_link"].(string),
1075+
Sha256: iekRes["sha256"].(string),
1076+
KmsKeyServiceAccount: iekRes["kms_key_service_account"].(string),
1077+
}
1078+
}
1079+
1080+
func flattenComputeInstanceEncryptionKey(v *compute.CustomerEncryptionKey) []map[string]interface{} {
1081+
if v == nil {
1082+
return nil
1083+
}
1084+
return []map[string]interface{}{
1085+
{
1086+
"kms_key_self_link": v.KmsKeyName,
1087+
"sha256": v.Sha256,
1088+
"kms_key_service_account": v.KmsKeyServiceAccount,
1089+
},
1090+
}
1091+
}
1092+
1093+
func expandComputeInstanceSourceEncryptionKey(d tpgresource.TerraformResourceData, field string) *compute.CustomerEncryptionKey {
1094+
cek, ok := d.GetOk(field)
1095+
if !ok {
1096+
return nil
1097+
}
1098+
1099+
cekRes := cek.([]interface{})[0].(map[string]interface{})
1100+
return &compute.CustomerEncryptionKey{
1101+
RsaEncryptedKey: cekRes["rsa_encrypted_key"].(string),
1102+
RawKey: cekRes["raw_key"].(string),
1103+
KmsKeyName: cekRes["kms_key_self_link"].(string),
1104+
Sha256: cekRes["sha256"].(string),
1105+
KmsKeyServiceAccount: cekRes["kms_key_service_account"].(string),
1106+
}
1107+
}
1108+
1109+
func flattenComputeInstanceSourceEncryptionKey(v *compute.CustomerEncryptionKey) []map[string]interface{} {
1110+
if v == nil {
1111+
return nil
1112+
}
1113+
return []map[string]interface{}{
1114+
{
1115+
"rsa_encrypted_key": v.RsaEncryptedKey,
1116+
"raw_key": v.RawKey,
1117+
"kms_key_self_link": v.KmsKeyName,
1118+
"sha256": v.Sha256,
1119+
"kms_key_service_account": v.KmsKeyServiceAccount,
1120+
},
1121+
}
1122+
}

google-beta/services/compute/resource_compute_image.go

+50
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,22 @@ KMS.`,
132132
given KMS key. If absent, the Compute Engine default service
133133
account is used.`,
134134
},
135+
"raw_key": {
136+
Type: schema.TypeString,
137+
Optional: true,
138+
ForceNew: true,
139+
Description: `Specifies a 256-bit customer-supplied encryption key, encoded in
140+
RFC 4648 base64 to either encrypt or decrypt this resource.`,
141+
Sensitive: true,
142+
},
143+
"rsa_encrypted_key": {
144+
Type: schema.TypeString,
145+
Optional: true,
146+
ForceNew: true,
147+
Description: `Specifies a 256-bit customer-supplied encryption key, encoded in
148+
RFC 4648 base64 to either encrypt or decrypt this resource.`,
149+
Sensitive: true,
150+
},
135151
},
136152
},
137153
},
@@ -907,6 +923,10 @@ func flattenComputeImageImageEncryptionKey(v interface{}, d *schema.ResourceData
907923
flattenComputeImageImageEncryptionKeyKmsKeySelfLink(original["kmsKeyName"], d, config)
908924
transformed["kms_key_service_account"] =
909925
flattenComputeImageImageEncryptionKeyKmsKeyServiceAccount(original["kmsKeyServiceAccount"], d, config)
926+
transformed["raw_key"] =
927+
flattenComputeImageImageEncryptionKeyRawKey(original["rawKey"], d, config)
928+
transformed["rsa_encrypted_key"] =
929+
flattenComputeImageImageEncryptionKeyRsaEncryptedKey(original["rsaEncryptedKey"], d, config)
910930
return []interface{}{transformed}
911931
}
912932
func flattenComputeImageImageEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
@@ -921,6 +941,14 @@ func flattenComputeImageImageEncryptionKeyKmsKeyServiceAccount(v interface{}, d
921941
return v
922942
}
923943

944+
func flattenComputeImageImageEncryptionKeyRawKey(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
945+
return d.Get("image_encryption_key.0.raw_key")
946+
}
947+
948+
func flattenComputeImageImageEncryptionKeyRsaEncryptedKey(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
949+
return d.Get("image_encryption_key.0.rsa_encrypted_key")
950+
}
951+
924952
func flattenComputeImageLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
925953
if v == nil {
926954
return v
@@ -1180,6 +1208,20 @@ func expandComputeImageImageEncryptionKey(v interface{}, d tpgresource.Terraform
11801208
transformed["kmsKeyServiceAccount"] = transformedKmsKeyServiceAccount
11811209
}
11821210

1211+
transformedRawKey, err := expandComputeImageImageEncryptionKeyRawKey(original["raw_key"], d, config)
1212+
if err != nil {
1213+
return nil, err
1214+
} else if val := reflect.ValueOf(transformedRawKey); val.IsValid() && !tpgresource.IsEmptyValue(val) {
1215+
transformed["rawKey"] = transformedRawKey
1216+
}
1217+
1218+
transformedRsaEncryptedKey, err := expandComputeImageImageEncryptionKeyRsaEncryptedKey(original["rsa_encrypted_key"], d, config)
1219+
if err != nil {
1220+
return nil, err
1221+
} else if val := reflect.ValueOf(transformedRsaEncryptedKey); val.IsValid() && !tpgresource.IsEmptyValue(val) {
1222+
transformed["rsaEncryptedKey"] = transformedRsaEncryptedKey
1223+
}
1224+
11831225
return transformed, nil
11841226
}
11851227

@@ -1191,6 +1233,14 @@ func expandComputeImageImageEncryptionKeyKmsKeyServiceAccount(v interface{}, d t
11911233
return v, nil
11921234
}
11931235

1236+
func expandComputeImageImageEncryptionKeyRawKey(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
1237+
return v, nil
1238+
}
1239+
1240+
func expandComputeImageImageEncryptionKeyRsaEncryptedKey(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
1241+
return v, nil
1242+
}
1243+
11941244
func expandComputeImageLabelFingerprint(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
11951245
return v, nil
11961246
}

google-beta/services/compute/resource_compute_image_generated_meta.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ fields:
1616
- field: 'image_encryption_key.kms_key_self_link'
1717
api_field: 'image_encryption_key.kms_key_name'
1818
- field: 'image_encryption_key.kms_key_service_account'
19+
- field: 'image_encryption_key.raw_key'
20+
- field: 'image_encryption_key.rsa_encrypted_key'
1921
- field: 'label_fingerprint'
2022
- field: 'labels'
2123
- field: 'licenses'

google-beta/services/compute/resource_compute_image_generated_test.go

+3-3
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ func TestAccComputeImage_imageBasicExample(t *testing.T) {
4949
ResourceName: "google_compute_image.example",
5050
ImportState: true,
5151
ImportStateVerify: true,
52-
ImportStateVerifyIgnore: []string{"labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
52+
ImportStateVerifyIgnore: []string{"image_encryption_key.0.raw_key", "image_encryption_key.0.rsa_encrypted_key", "labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
5353
},
5454
},
5555
})
@@ -97,7 +97,7 @@ func TestAccComputeImage_imageGuestOsExample(t *testing.T) {
9797
ResourceName: "google_compute_image.example",
9898
ImportState: true,
9999
ImportStateVerify: true,
100-
ImportStateVerifyIgnore: []string{"labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
100+
ImportStateVerifyIgnore: []string{"image_encryption_key.0.raw_key", "image_encryption_key.0.rsa_encrypted_key", "labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
101101
},
102102
},
103103
})
@@ -165,7 +165,7 @@ func TestAccComputeImage_imageBasicStorageLocationExample(t *testing.T) {
165165
ResourceName: "google_compute_image.example",
166166
ImportState: true,
167167
ImportStateVerify: true,
168-
ImportStateVerifyIgnore: []string{"labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
168+
ImportStateVerifyIgnore: []string{"image_encryption_key.0.raw_key", "image_encryption_key.0.rsa_encrypted_key", "labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
169169
},
170170
},
171171
})

0 commit comments

Comments
 (0)