diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_instance.go.erb b/mmv1/third_party/terraform/services/compute/resource_compute_instance.go.erb index 9f0a9fc61106..d0e8b81c8d0f 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_instance.go.erb +++ b/mmv1/third_party/terraform/services/compute/resource_compute_instance.go.erb @@ -46,6 +46,9 @@ var ( "boot_disk.0.initialize_params.0.image", "boot_disk.0.initialize_params.0.labels", "boot_disk.0.initialize_params.0.resource_manager_tags", +<% unless version == 'ga' -%> + "boot_disk.0.initialize_params.0.enable_confidential_compute", +<% end -%> } schedulingKeys = []string{ @@ -241,6 +244,15 @@ func ResourceComputeInstance() *schema.Resource { ForceNew: true, Description: `A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT & PATCH) when empty.`, }, +<% unless version == 'ga' -%> + "enable_confidential_compute": { + Type: schema.TypeBool, + Optional: true, + AtLeastOneOf: initializeParamsKeys, + ForceNew: true, + Description: `A flag to enable confidential compute mode on boot disk`, + }, +<% end -%> }, }, }, @@ -2729,6 +2741,12 @@ func expandBootDisk(d *schema.ResourceData, config *transport_tpg.Config, projec disk.InitializeParams.DiskSizeGb = int64(v.(int)) } + <% unless version == 'ga' -%> + if v, ok := d.GetOk("boot_disk.0.initialize_params.0.enable_confidential_compute"); ok { + disk.InitializeParams.EnableConfidentialCompute = v.(bool) + } + <% end -%> + if v, ok := d.GetOk("boot_disk.0.initialize_params.0.type"); ok { diskTypeName := v.(string) diskType, err := readDiskType(config, d, diskTypeName) @@ -2794,6 +2812,9 @@ func flattenBootDisk(d *schema.ResourceData, disk *compute.AttachedDisk, config "size": diskDetails.SizeGb, "labels": diskDetails.Labels, "resource_manager_tags": d.Get("boot_disk.0.initialize_params.0.resource_manager_tags"), +<% unless version == 'ga' -%> + "enable_confidential_compute": diskDetails.EnableConfidentialCompute, +<% end -%> }} } diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_instance_test.go.erb b/mmv1/third_party/terraform/services/compute/resource_compute_instance_test.go.erb index d5b876786501..e41d6e123624 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_instance_test.go.erb +++ b/mmv1/third_party/terraform/services/compute/resource_compute_instance_test.go.erb @@ -1785,6 +1785,48 @@ func TestAccComputeInstanceConfidentialInstanceConfigMain(t *testing.T) { }) } + +<% unless version == 'ga' -%> +func TestAccComputeInstance_confidentialHyperDiskBootDisk(t *testing.T) { + t.Parallel() + kms := acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us-central1", "tf-bootstrap-hyperdisk-key1") + + context_1 := map[string]interface{}{ + "instance_name": fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)), + "confidential_compute": true, + "key_ring": kms.KeyRing.Name, + "key_name": kms.CryptoKey.Name, + "zone": "us-central1-a", + + } + + context_2 := map[string]interface{}{ + "instance_name": context_1["instance_name"], + "confidential_compute": false, + "key_ring" : context_1["key_ring"], + "key_name": context_1["key_name"], + "zone": context_1["zone"], + } + + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckComputeInstanceDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeInstanceConfidentialHyperDiskBootDisk(context_1), + }, + computeInstanceImportStep(context_1["zone"].(string), context_1["instance_name"].(string), []string{"allow_stopping_for_update"}), + { + Config: testAccComputeInstanceConfidentialHyperDiskBootDisk(context_2), + }, + computeInstanceImportStep(context_2["zone"].(string), context_2["instance_name"].(string), []string{"allow_stopping_for_update"}), + }, + }) +} +<% end -%> + func TestAccComputeInstance_enableDisplay(t *testing.T) { t.Parallel() @@ -6850,6 +6892,50 @@ resource "google_compute_instance" "foobar" { `, instance, enableConfidentialCompute) } +<% unless version == 'ga' -%> +func testAccComputeInstanceConfidentialHyperDiskBootDisk(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_compute_image" "my_image" { + family = "ubuntu-2204-lts" + project = "ubuntu-os-cloud" +} + +data "google_project" "project" {} + +resource "google_kms_crypto_key_iam_binding" "crypto_key" { + crypto_key_id = "%{key_name}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + members = [ + "serviceAccount:${data.google_project.project.number}-compute@developer.gserviceaccount.com", + ] +} + +resource "google_compute_instance" "foobar" { + name = "%{instance_name}" + machine_type = "n2-standard-2" + zone = "%{zone}" + + boot_disk { + + initialize_params { + image = data.google_compute_image.my_image.self_link + enable_confidential_compute = %{confidential_compute} + type = "hyperdisk-balanced" + } + + kms_key_self_link = "%{key_name}" + } + + network_interface { + network = "default" + } + depends_on = [google_kms_crypto_key_iam_binding.crypto_key] + +} +`, context) +} +<% end -%> + func testAccComputeInstance_enableDisplay(instance string) string { return fmt.Sprintf(` data "google_compute_image" "my_image" {