Skip to content

Commit ac4528e

Browse files
modular-magicianmodular-magician
authored
Add key_revocation_action_field to google_compute_instance and related resources (#11920) (#8473)
[upstream:24a8c2f1cbc42d4d29703b9ad928019ad0119b79] Signed-off-by: Modular Magician <[email protected]>
1 parent ea0ab1a commit ac4528e

14 files changed

+287
-0
lines changed

.changelog/11920.txt

+3
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:enhancement
2+
compute: added `key_revocation_action_type` to `google_compute_instance` and related resources
3+
```

google-beta/services/compute/data_source_google_compute_instance.go

+4
Original file line numberDiff line numberDiff line change
@@ -204,9 +204,13 @@ func dataSourceGoogleComputeInstanceRead(d *schema.ResourceData, meta interface{
204204
if err := d.Set("name", instance.Name); err != nil {
205205
return fmt.Errorf("Error setting name: %s", err)
206206
}
207+
if err := d.Set("key_revocation_action_type", instance.KeyRevocationActionType); err != nil {
208+
return fmt.Errorf("Error setting key_revocation_action_type: %s", err)
209+
}
207210
if err := d.Set("creation_timestamp", instance.CreationTimestamp); err != nil {
208211
return fmt.Errorf("Error setting creation_timestamp: %s", err)
209212
}
213+
210214
d.SetId(fmt.Sprintf("projects/%s/zones/%s/instances/%s", project, tpgresource.GetResourceNameFromSelfLink(instance.Zone), instance.Name))
211215
return nil
212216
}

google-beta/services/compute/resource_compute_instance.go

+12
Original file line numberDiff line numberDiff line change
@@ -1252,6 +1252,14 @@ be from 0 to 999,999,999 inclusive.`,
12521252
},
12531253
},
12541254
},
1255+
1256+
"key_revocation_action_type": {
1257+
Type: schema.TypeString,
1258+
Optional: true,
1259+
ForceNew: true,
1260+
ValidateFunc: validation.StringInSlice([]string{"STOP", "NONE", ""}, false),
1261+
Description: `Action to be taken when a customer's encryption key is revoked. Supports "STOP" and "NONE", with "NONE" being the default.`,
1262+
},
12551263
},
12561264
CustomizeDiff: customdiff.All(
12571265
tpgresource.DefaultProviderProject,
@@ -1419,6 +1427,7 @@ func expandComputeInstance(project string, d *schema.ResourceData, config *trans
14191427
DisplayDevice: expandDisplayDevice(d),
14201428
ResourcePolicies: tpgresource.ConvertStringArr(d.Get("resource_policies").([]interface{})),
14211429
ReservationAffinity: reservationAffinity,
1430+
KeyRevocationActionType: d.Get("key_revocation_action_type").(string),
14221431
}, nil
14231432
}
14241433

@@ -1814,6 +1823,9 @@ func resourceComputeInstanceRead(d *schema.ResourceData, meta interface{}) error
18141823
if err := d.Set("reservation_affinity", flattenReservationAffinity(instance.ReservationAffinity)); err != nil {
18151824
return fmt.Errorf("Error setting reservation_affinity: %s", err)
18161825
}
1826+
if err := d.Set("key_revocation_action_type", instance.KeyRevocationActionType); err != nil {
1827+
return fmt.Errorf("Error setting key_revocation_action_type: %s", err)
1828+
}
18171829

18181830
d.SetId(fmt.Sprintf("projects/%s/zones/%s/instances/%s", project, zone, instance.Name))
18191831

google-beta/services/compute/resource_compute_instance_template.go

+12
Original file line numberDiff line numberDiff line change
@@ -1091,6 +1091,14 @@ be from 0 to 999,999,999 inclusive.`,
10911091
},
10921092
},
10931093
},
1094+
1095+
"key_revocation_action_type": {
1096+
Type: schema.TypeString,
1097+
Optional: true,
1098+
ForceNew: true,
1099+
ValidateFunc: validation.StringInSlice([]string{"NONE", "STOP", ""}, false),
1100+
Description: `Action to be taken when a customer's encryption key is revoked. Supports "STOP" and "NONE", with "NONE" being the default.`,
1101+
},
10941102
},
10951103
UseJSONNumber: true,
10961104
}
@@ -1426,6 +1434,7 @@ func resourceComputeInstanceTemplateCreate(d *schema.ResourceData, meta interfac
14261434
DisplayDevice: expandDisplayDevice(d),
14271435
ResourcePolicies: resourcePolicies,
14281436
ReservationAffinity: reservationAffinity,
1437+
KeyRevocationActionType: d.Get("key_revocation_action_type").(string),
14291438
}
14301439

14311440
if _, ok := d.GetOk("effective_labels"); ok {
@@ -1832,6 +1841,9 @@ func resourceComputeInstanceTemplateRead(d *schema.ResourceData, meta interface{
18321841
if err = d.Set("instance_description", instanceTemplate.Properties.Description); err != nil {
18331842
return fmt.Errorf("Error setting instance_description: %s", err)
18341843
}
1844+
if err = d.Set("key_revocation_action_type", instanceTemplate.Properties.KeyRevocationActionType); err != nil {
1845+
return fmt.Errorf("Error setting key_revocation_action_type: %s", err)
1846+
}
18351847
if err = d.Set("project", project); err != nil {
18361848
return fmt.Errorf("Error setting project: %s", err)
18371849
}

google-beta/services/compute/resource_compute_instance_template_test.go

+77
Original file line numberDiff line numberDiff line change
@@ -1614,6 +1614,56 @@ func TestAccComputeInstanceTemplate_resourceManagerTags(t *testing.T) {
16141614
})
16151615
}
16161616

1617+
func TestAccComputeInstanceTemplate_keyRevocationActionType(t *testing.T) {
1618+
t.Parallel()
1619+
1620+
var instanceTemplate compute.InstanceTemplate
1621+
context_1 := map[string]interface{}{
1622+
"instance_name": fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)),
1623+
"key_revocation_action_type": `"NONE"`,
1624+
}
1625+
context_2 := map[string]interface{}{
1626+
"instance_name": context_1["instance_name"].(string),
1627+
"key_revocation_action_type": `"STOP"`,
1628+
}
1629+
context_3 := map[string]interface{}{
1630+
"instance_name": context_1["instance_name"].(string),
1631+
"key_revocation_action_type": `""`,
1632+
}
1633+
1634+
acctest.VcrTest(t, resource.TestCase{
1635+
PreCheck: func() { acctest.AccTestPreCheck(t) },
1636+
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
1637+
CheckDestroy: testAccCheckComputeInstanceTemplateDestroyProducer(t),
1638+
Steps: []resource.TestStep{
1639+
{
1640+
Config: testAccComputeInstanceTemplate_keyRevocationActionType(context_1),
1641+
Check: resource.ComposeTestCheckFunc(
1642+
testAccCheckComputeInstanceTemplateExists(
1643+
t, "google_compute_instance_template.foobar", &instanceTemplate),
1644+
resource.TestCheckResourceAttr("google_compute_instance_template.foobar", "key_revocation_action_type", "NONE"),
1645+
),
1646+
},
1647+
{
1648+
Config: testAccComputeInstanceTemplate_keyRevocationActionType(context_2),
1649+
Check: resource.ComposeTestCheckFunc(
1650+
testAccCheckComputeInstanceTemplateExists(
1651+
t, "google_compute_instance_template.foobar", &instanceTemplate),
1652+
resource.TestCheckResourceAttr("google_compute_instance_template.foobar", "key_revocation_action_type", "STOP"),
1653+
),
1654+
},
1655+
{
1656+
Config: testAccComputeInstanceTemplate_keyRevocationActionType(context_3),
1657+
Check: resource.ComposeTestCheckFunc(
1658+
testAccCheckComputeInstanceTemplateExists(
1659+
t, "google_compute_instance_template.foobar", &instanceTemplate),
1660+
resource.TestCheckResourceAttr("google_compute_instance_template.foobar", "key_revocation_action_type", ""),
1661+
),
1662+
},
1663+
},
1664+
})
1665+
}
1666+
16171667
func TestUnitComputeInstanceTemplate_IpCidrRangeDiffSuppress(t *testing.T) {
16181668
cases := map[string]struct {
16191669
Old, New string
@@ -4411,3 +4461,30 @@ resource "google_compute_instance_template" "foobar" {
44114461
}
44124462
`, context)
44134463
}
4464+
4465+
func testAccComputeInstanceTemplate_keyRevocationActionType(context map[string]interface{}) string {
4466+
return acctest.Nprintf(`
4467+
data "google_compute_image" "my_image" {
4468+
family = "debian-11"
4469+
project = "debian-cloud"
4470+
}
4471+
4472+
resource "google_compute_instance_template" "foobar" {
4473+
name = "%{instance_name}"
4474+
machine_type = "e2-medium"
4475+
4476+
disk {
4477+
source_image = data.google_compute_image.my_image.self_link
4478+
auto_delete = true
4479+
disk_size_gb = 10
4480+
boot = true
4481+
}
4482+
4483+
network_interface {
4484+
network = "default"
4485+
}
4486+
4487+
key_revocation_action_type = %{key_revocation_action_type}
4488+
}
4489+
`, context)
4490+
}

google-beta/services/compute/resource_compute_instance_test.go

+77
Original file line numberDiff line numberDiff line change
@@ -3514,6 +3514,56 @@ func TestAccComputeInstance_proactiveAttributionLabel(t *testing.T) {
35143514
})
35153515
}
35163516

3517+
func TestAccComputeInstance_keyRevocationActionType(t *testing.T) {
3518+
t.Parallel()
3519+
3520+
var instance compute.Instance
3521+
context_1 := map[string]interface{}{
3522+
"instance_name": fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)),
3523+
"key_revocation_action_type": `"NONE"`,
3524+
}
3525+
context_2 := map[string]interface{}{
3526+
"instance_name": context_1["instance_name"].(string),
3527+
"key_revocation_action_type": `"STOP"`,
3528+
}
3529+
context_3 := map[string]interface{}{
3530+
"instance_name": context_1["instance_name"].(string),
3531+
"key_revocation_action_type": `""`,
3532+
}
3533+
3534+
acctest.VcrTest(t, resource.TestCase{
3535+
PreCheck: func() { acctest.AccTestPreCheck(t) },
3536+
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
3537+
CheckDestroy: testAccCheckComputeInstanceDestroyProducer(t),
3538+
Steps: []resource.TestStep{
3539+
{
3540+
Config: testAccComputeInstance_keyRevocationActionType(context_1),
3541+
Check: resource.ComposeTestCheckFunc(
3542+
testAccCheckComputeInstanceExists(
3543+
t, "google_compute_instance.foobar", &instance),
3544+
resource.TestCheckResourceAttr("google_compute_instance.foobar", "key_revocation_action_type", "NONE"),
3545+
),
3546+
},
3547+
{
3548+
Config: testAccComputeInstance_keyRevocationActionType(context_2),
3549+
Check: resource.ComposeTestCheckFunc(
3550+
testAccCheckComputeInstanceExists(
3551+
t, "google_compute_instance.foobar", &instance),
3552+
resource.TestCheckResourceAttr("google_compute_instance.foobar", "key_revocation_action_type", "STOP"),
3553+
),
3554+
},
3555+
{
3556+
Config: testAccComputeInstance_keyRevocationActionType(context_3),
3557+
Check: resource.ComposeTestCheckFunc(
3558+
testAccCheckComputeInstanceExists(
3559+
t, "google_compute_instance.foobar", &instance),
3560+
resource.TestCheckResourceAttr("google_compute_instance.foobar", "key_revocation_action_type", ""),
3561+
),
3562+
},
3563+
},
3564+
})
3565+
}
3566+
35173567
const errorDeleteAccessConfigWithSecPolicy = "Cannot delete an access config with a security policy set. Please remove the security policy first"
35183568

35193569
// The tests related to security_policy use network_edge_security_service resource
@@ -10789,3 +10839,30 @@ resource "google_compute_instance" "foobar" {
1078910839
}
1079010840
`, diskName, instanceName, machineType, zone, bootDiskInterface, allowStoppingForUpdate)
1079110841
}
10842+
10843+
func testAccComputeInstance_keyRevocationActionType(context map[string]interface{}) string {
10844+
return acctest.Nprintf(`
10845+
data "google_compute_image" "my_image" {
10846+
family = "debian-11"
10847+
project = "debian-cloud"
10848+
}
10849+
10850+
resource "google_compute_instance" "foobar" {
10851+
name = "%{instance_name}"
10852+
machine_type = "e2-medium"
10853+
zone = "us-central1-a"
10854+
10855+
boot_disk {
10856+
initialize_params {
10857+
image = data.google_compute_image.my_image.self_link
10858+
}
10859+
}
10860+
10861+
network_interface {
10862+
network = "default"
10863+
}
10864+
10865+
key_revocation_action_type = %{key_revocation_action_type}
10866+
}
10867+
`, context)
10868+
}

google-beta/services/compute/resource_compute_region_instance_template.go

+12
Original file line numberDiff line numberDiff line change
@@ -1047,6 +1047,14 @@ be from 0 to 999,999,999 inclusive.`,
10471047
},
10481048
},
10491049
},
1050+
1051+
"key_revocation_action_type": {
1052+
Type: schema.TypeString,
1053+
Optional: true,
1054+
ForceNew: true,
1055+
ValidateFunc: validation.StringInSlice([]string{"NONE", "STOP", ""}, false),
1056+
Description: `Action to be taken when a customer's encryption key is revoked. Supports "STOP" and "NONE", with "NONE" being the default.`,
1057+
},
10501058
},
10511059
UseJSONNumber: true,
10521060
}
@@ -1123,6 +1131,7 @@ func resourceComputeRegionInstanceTemplateCreate(d *schema.ResourceData, meta in
11231131
DisplayDevice: expandDisplayDevice(d),
11241132
ResourcePolicies: resourcePolicies,
11251133
ReservationAffinity: reservationAffinity,
1134+
KeyRevocationActionType: d.Get("key_revocation_action_type").(string),
11261135
}
11271136

11281137
if _, ok := d.GetOk("effective_labels"); ok {
@@ -1326,6 +1335,9 @@ func resourceComputeRegionInstanceTemplateRead(d *schema.ResourceData, meta inte
13261335
if err = d.Set("instance_description", instanceProperties.Description); err != nil {
13271336
return fmt.Errorf("Error setting instance_description: %s", err)
13281337
}
1338+
if err = d.Set("key_revocation_action_type", instanceProperties.KeyRevocationActionType); err != nil {
1339+
return fmt.Errorf("Error setting key_revocation_action_type: %s", err)
1340+
}
13291341
if err = d.Set("project", project); err != nil {
13301342
return fmt.Errorf("Error setting project: %s", err)
13311343
}

google-beta/services/compute/resource_compute_region_instance_template_test.go

+78
Original file line numberDiff line numberDiff line change
@@ -1269,6 +1269,56 @@ func TestAccComputeRegionInstanceTemplate_resourceManagerTags(t *testing.T) {
12691269
})
12701270
}
12711271

1272+
func TestAccComputeRegionInstanceTemplate_keyRevocationActionType(t *testing.T) {
1273+
t.Parallel()
1274+
1275+
var instanceTemplate compute.InstanceTemplate
1276+
context_1 := map[string]interface{}{
1277+
"instance_name": fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)),
1278+
"key_revocation_action_type": `"NONE"`,
1279+
}
1280+
context_2 := map[string]interface{}{
1281+
"instance_name": context_1["instance_name"].(string),
1282+
"key_revocation_action_type": `"STOP"`,
1283+
}
1284+
context_3 := map[string]interface{}{
1285+
"instance_name": context_1["instance_name"].(string),
1286+
"key_revocation_action_type": `""`,
1287+
}
1288+
1289+
acctest.VcrTest(t, resource.TestCase{
1290+
PreCheck: func() { acctest.AccTestPreCheck(t) },
1291+
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
1292+
CheckDestroy: testAccCheckComputeRegionInstanceTemplateDestroyProducer(t),
1293+
Steps: []resource.TestStep{
1294+
{
1295+
Config: testAccComputeRegionInstanceTemplate_keyRevocationActionType(context_1),
1296+
Check: resource.ComposeTestCheckFunc(
1297+
testAccCheckComputeRegionInstanceTemplateExists(
1298+
t, "google_compute_region_instance_template.foobar", &instanceTemplate),
1299+
resource.TestCheckResourceAttr("google_compute_region_instance_template.foobar", "key_revocation_action_type", "NONE"),
1300+
),
1301+
},
1302+
{
1303+
Config: testAccComputeRegionInstanceTemplate_keyRevocationActionType(context_2),
1304+
Check: resource.ComposeTestCheckFunc(
1305+
testAccCheckComputeRegionInstanceTemplateExists(
1306+
t, "google_compute_region_instance_template.foobar", &instanceTemplate),
1307+
resource.TestCheckResourceAttr("google_compute_region_instance_template.foobar", "key_revocation_action_type", "STOP"),
1308+
),
1309+
},
1310+
{
1311+
Config: testAccComputeRegionInstanceTemplate_keyRevocationActionType(context_3),
1312+
Check: resource.ComposeTestCheckFunc(
1313+
testAccCheckComputeRegionInstanceTemplateExists(
1314+
t, "google_compute_region_instance_template.foobar", &instanceTemplate),
1315+
resource.TestCheckResourceAttr("google_compute_region_instance_template.foobar", "key_revocation_action_type", ""),
1316+
),
1317+
},
1318+
},
1319+
})
1320+
}
1321+
12721322
func testAccCheckComputeRegionInstanceTemplateDestroyProducer(t *testing.T) func(s *terraform.State) error {
12731323
return func(s *terraform.State) error {
12741324
config := acctest.GoogleProviderConfig(t)
@@ -3791,3 +3841,31 @@ resource "google_compute_region_instance_template" "foobar" {
37913841
}
37923842
`, context)
37933843
}
3844+
3845+
func testAccComputeRegionInstanceTemplate_keyRevocationActionType(context map[string]interface{}) string {
3846+
return acctest.Nprintf(`
3847+
data "google_compute_image" "my_image" {
3848+
family = "debian-11"
3849+
project = "debian-cloud"
3850+
}
3851+
3852+
resource "google_compute_region_instance_template" "foobar" {
3853+
name = "%{instance_name}"
3854+
machine_type = "e2-medium"
3855+
region = "us-central1"
3856+
3857+
disk {
3858+
source_image = data.google_compute_image.my_image.self_link
3859+
auto_delete = true
3860+
disk_size_gb = 10
3861+
boot = true
3862+
}
3863+
3864+
network_interface {
3865+
network = "default"
3866+
}
3867+
3868+
key_revocation_action_type = %{key_revocation_action_type}
3869+
}
3870+
`, context)
3871+
}

website/docs/d/compute_instance.html.markdown

+2
Original file line numberDiff line numberDiff line change
@@ -109,6 +109,8 @@ The following arguments are supported:
109109
encoded SHA-256 hash of the [customer-supplied encryption key]
110110
(https://cloud.google.com/compute/docs/disks/customer-supplied-encryption) that protects this resource.
111111

112+
* `key_revocation_action_type` - Action to be taken when a customer's encryption key is revoked.
113+
112114
---
113115

114116
<a name="nested_boot_disk"></a>The `boot_disk` block supports:

0 commit comments

Comments
 (0)