Adding kms_key to google_lustre_instance (#15725)

Author: NA2047

mmv1/products/lustre/Instance.yaml

@@ -116,14 +116,7 @@ properties:
     type: String
     description: |-
       The state of the instance.
-      Possible values:
-      STATE_UNSPECIFIED
-      ACTIVE
-      CREATING
-      DELETING
-      UPGRADING
-      REPAIRING
-      STOPPED
+      Please see https://cloud.google.com/managed-lustre/docs/reference/rest/v1/projects.locations.instances#state for values
     output: true
   - name: mountPoint
     type: String
@@ -155,3 +148,13 @@ properties:
     description: |-
         The placement policy name for the instance in the format of
         projects/{project}/locations/{location}/resourcePolicies/{resource_policy}
+  - name: kmsKey
+    type: String
+    description: |-
+      The KMS key id to use for encryption of the Lustre instance.
+    immutable: true
+  - name: stateReason
+    type: String
+    description: |-
+        The reason why the instance is in a certain state.
+    output: true

mmv1/third_party/terraform/services/lustre/resource_lustre_instance_test.go

@@ -80,6 +80,66 @@ data "google_compute_network" "lustre-network" {
 `, context)
 }
 
+func TestAccLustreInstance_withKmsKey(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"network_name":  acctest.BootstrapSharedTestNetwork(t, "default-vpc"),
+		"random_suffix": acctest.RandString(t, 10),
+		"kms":           acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name,
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccLustreInstance_withKmsKey(context),
+			},
+			{
+				ResourceName:            "google_lustre_instance.instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"instance_id", "labels", "gke_support_enabled", "location", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccLustreInstance_withKmsKey(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_lustre_instance" "instance" {
+  instance_id                 = "tf-test-my-instance%{random_suffix}"
+  location                    = "us-central1-a"
+  filesystem                  = "testfs"
+  network                     = data.google_compute_network.lustre-network.id
+  gke_support_enabled         = false
+  capacity_gib                = 18000
+  per_unit_storage_throughput = 1000
+  kms_key                     = "%{kms}"
+  
+  timeouts {
+    create = "120m"
+  }
+  
+  depends_on = [google_kms_crypto_key_iam_member.lustre_sa_encrypter_decrypter]
+}
+
+resource "google_kms_crypto_key_iam_member" "lustre_sa_encrypter_decrypter" {
+  crypto_key_id = "%{kms}"
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member        = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-lustre.iam.gserviceaccount.com"
+}
+
+data "google_compute_network" "lustre-network" {
+  name = "%{network_name}"
+}
+
+data "google_project" "project" {
+}
+`, context)
+}
+
 func testAccLustreInstance_update(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 resource "google_lustre_instance" "instance" {