Add missing fields to compute resources [KMS and disks] (#12672) (#21416)

[upstream:d7f8e8a5a42907f8a0e072fb585c92ef9b32335a]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/12672.txt

@@ -0,0 +1,9 @@
+```release-note:enhancement
+compute: added several `boot_disk`, `attached_disk`, and `instance_encryption_key` fields for improved encryption key support in `google_compute_instance` and template resources
+```
+```release-note:enhancement
+compute: added support for `image_encryption_key.raw_key` and ` image_encryption_key.rsa_encrypted_key` to `google_compute_image` resource
+```
+```release-note:enhancement
+compute: added support for `snapshot_encryption_key.rsa_encrypted_key` to `google_compute_snapshot` resource
+```

google/services/compute/compute_instance_helpers.go

@@ -822,3 +822,89 @@ func flattenNetworkPerformanceConfig(c *compute.NetworkPerformanceConfig) []map[
 		},
 	}
 }
+
+func flattenComputeInstanceGuestOsFeatures(v interface{}) []interface{} {
+	if v == nil {
+		return nil
+	}
+	features, ok := v.([]*compute.GuestOsFeature)
+	if !ok {
+		return nil
+	}
+	var result []interface{}
+	for _, feature := range features {
+		if feature != nil && feature.Type != "" {
+			result = append(result, feature.Type)
+		}
+	}
+	return result
+}
+
+func expandComputeInstanceGuestOsFeatures(v interface{}) []*compute.GuestOsFeature {
+	if v == nil {
+		return nil
+	}
+	var result []*compute.GuestOsFeature
+	for _, feature := range v.([]interface{}) {
+		result = append(result, &compute.GuestOsFeature{Type: feature.(string)})
+	}
+	return result
+}
+
+func expandComputeInstanceEncryptionKey(d tpgresource.TerraformResourceData) *compute.CustomerEncryptionKey {
+	iek, ok := d.GetOk("instance_encryption_key")
+	if !ok {
+		return nil
+	}
+
+	iekRes := iek.([]interface{})[0].(map[string]interface{})
+	return &compute.CustomerEncryptionKey{
+		KmsKeyName:           iekRes["kms_key_self_link"].(string),
+		Sha256:               iekRes["sha256"].(string),
+		KmsKeyServiceAccount: iekRes["kms_key_service_account"].(string),
+	}
+}
+
+func flattenComputeInstanceEncryptionKey(v *compute.CustomerEncryptionKey) []map[string]interface{} {
+	if v == nil {
+		return nil
+	}
+	return []map[string]interface{}{
+		{
+			"kms_key_self_link":       v.KmsKeyName,
+			"sha256":                  v.Sha256,
+			"kms_key_service_account": v.KmsKeyServiceAccount,
+		},
+	}
+}
+
+func expandComputeInstanceSourceEncryptionKey(d tpgresource.TerraformResourceData, field string) *compute.CustomerEncryptionKey {
+	cek, ok := d.GetOk(field)
+	if !ok {
+		return nil
+	}
+
+	cekRes := cek.([]interface{})[0].(map[string]interface{})
+	return &compute.CustomerEncryptionKey{
+		RsaEncryptedKey:      cekRes["rsa_encrypted_key"].(string),
+		RawKey:               cekRes["raw_key"].(string),
+		KmsKeyName:           cekRes["kms_key_self_link"].(string),
+		Sha256:               cekRes["sha256"].(string),
+		KmsKeyServiceAccount: cekRes["kms_key_service_account"].(string),
+	}
+}
+
+func flattenComputeInstanceSourceEncryptionKey(v *compute.CustomerEncryptionKey) []map[string]interface{} {
+	if v == nil {
+		return nil
+	}
+	return []map[string]interface{}{
+		{
+			"rsa_encrypted_key":       v.RsaEncryptedKey,
+			"raw_key":                 v.RawKey,
+			"kms_key_self_link":       v.KmsKeyName,
+			"sha256":                  v.Sha256,
+			"kms_key_service_account": v.KmsKeyServiceAccount,
+		},
+	}
+}

google/services/compute/resource_compute_image.go

@@ -130,6 +130,22 @@ KMS.`,
 given KMS key. If absent, the Compute Engine default service
 account is used.`,
 						},
+						"raw_key": {
+							Type:     schema.TypeString,
+							Optional: true,
+							ForceNew: true,
+							Description: `Specifies a 256-bit customer-supplied encryption key, encoded in
+RFC 4648 base64 to either encrypt or decrypt this resource.`,
+							Sensitive: true,
+						},
+						"rsa_encrypted_key": {
+							Type:     schema.TypeString,
+							Optional: true,
+							ForceNew: true,
+							Description: `Specifies a 256-bit customer-supplied encryption key, encoded in
+RFC 4648 base64 to either encrypt or decrypt this resource.`,
+							Sensitive: true,
+						},
 					},
 				},
 			},
@@ -782,6 +798,10 @@ func flattenComputeImageImageEncryptionKey(v interface{}, d *schema.ResourceData
 		flattenComputeImageImageEncryptionKeyKmsKeySelfLink(original["kmsKeyName"], d, config)
 	transformed["kms_key_service_account"] =
 		flattenComputeImageImageEncryptionKeyKmsKeyServiceAccount(original["kmsKeyServiceAccount"], d, config)
+	transformed["raw_key"] =
+		flattenComputeImageImageEncryptionKeyRawKey(original["rawKey"], d, config)
+	transformed["rsa_encrypted_key"] =
+		flattenComputeImageImageEncryptionKeyRsaEncryptedKey(original["rsaEncryptedKey"], d, config)
 	return []interface{}{transformed}
 }
 func flattenComputeImageImageEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
@@ -796,6 +816,14 @@ func flattenComputeImageImageEncryptionKeyKmsKeyServiceAccount(v interface{}, d
 	return v
 }
 
+func flattenComputeImageImageEncryptionKeyRawKey(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return d.Get("image_encryption_key.0.raw_key")
+}
+
+func flattenComputeImageImageEncryptionKeyRsaEncryptedKey(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return d.Get("image_encryption_key.0.rsa_encrypted_key")
+}
+
 func flattenComputeImageLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	if v == nil {
 		return v
@@ -932,6 +960,20 @@ func expandComputeImageImageEncryptionKey(v interface{}, d tpgresource.Terraform
 		transformed["kmsKeyServiceAccount"] = transformedKmsKeyServiceAccount
 	}
 
+	transformedRawKey, err := expandComputeImageImageEncryptionKeyRawKey(original["raw_key"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedRawKey); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["rawKey"] = transformedRawKey
+	}
+
+	transformedRsaEncryptedKey, err := expandComputeImageImageEncryptionKeyRsaEncryptedKey(original["rsa_encrypted_key"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedRsaEncryptedKey); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["rsaEncryptedKey"] = transformedRsaEncryptedKey
+	}
+
 	return transformed, nil
 }
 
@@ -943,6 +985,14 @@ func expandComputeImageImageEncryptionKeyKmsKeyServiceAccount(v interface{}, d t
 	return v, nil
 }
 
+func expandComputeImageImageEncryptionKeyRawKey(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandComputeImageImageEncryptionKeyRsaEncryptedKey(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeImageLabelFingerprint(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

google/services/compute/resource_compute_image_generated_meta.yaml

@@ -16,6 +16,8 @@ fields:
   - field: 'image_encryption_key.kms_key_self_link'
     api_field: 'image_encryption_key.kms_key_name'
   - field: 'image_encryption_key.kms_key_service_account'
+  - field: 'image_encryption_key.raw_key'
+  - field: 'image_encryption_key.rsa_encrypted_key'
   - field: 'label_fingerprint'
   - field: 'labels'
   - field: 'licenses'

google/services/compute/resource_compute_image_generated_test.go

@@ -49,7 +49,7 @@ func TestAccComputeImage_imageBasicExample(t *testing.T) {
 				ResourceName:            "google_compute_image.example",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
+				ImportStateVerifyIgnore: []string{"image_encryption_key.0.raw_key", "image_encryption_key.0.rsa_encrypted_key", "labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
 			},
 		},
 	})
@@ -97,7 +97,7 @@ func TestAccComputeImage_imageGuestOsExample(t *testing.T) {
 				ResourceName:            "google_compute_image.example",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
+				ImportStateVerifyIgnore: []string{"image_encryption_key.0.raw_key", "image_encryption_key.0.rsa_encrypted_key", "labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
 			},
 		},
 	})
@@ -165,7 +165,7 @@ func TestAccComputeImage_imageBasicStorageLocationExample(t *testing.T) {
 				ResourceName:            "google_compute_image.example",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
+				ImportStateVerifyIgnore: []string{"image_encryption_key.0.raw_key", "image_encryption_key.0.rsa_encrypted_key", "labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
 			},
 		},
 	})