Make Disk KMS features GA (#2884)

/cc @chrisst
2024-07-03 08:42:39 +00:00 · 2019-01-16 11:52:33 -08:00 · 2019-01-16 11:52:33 -08:00 · bb4697dd87
commit bb4697dd87
parent 411bf089d1
2 changed files with 90 additions and 0 deletions
--- a/google/resource_compute_disk.go
+++ b/google/resource_compute_disk.go
@ -270,6 +270,12 @@ func resourceComputeDisk() *schema.Resource {
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"kms_key_self_link": {
+							Type:             schema.TypeString,
+							Optional:         true,
+							ForceNew:         true,
+							DiffSuppressFunc: compareSelfLinkRelativePaths,
+						},
 						"raw_key": {
 							Type:     schema.TypeString,
 							Optional: true,
@ -311,6 +317,12 @@ func resourceComputeDisk() *schema.Resource {
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"kms_key_self_link": {
+							Type:             schema.TypeString,
+							Optional:         true,
+							ForceNew:         true,
+							DiffSuppressFunc: compareSelfLinkRelativePaths,
+						},
 						"raw_key": {
 							Type:     schema.TypeString,
 							Optional: true,
@ -330,6 +342,12 @@ func resourceComputeDisk() *schema.Resource {
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"kms_key_self_link": {
+							Type:             schema.TypeString,
+							Optional:         true,
+							ForceNew:         true,
+							DiffSuppressFunc: compareSelfLinkRelativePaths,
+						},
 						"raw_key": {
 							Type:     schema.TypeString,
 							Optional: true,
@ -899,6 +917,8 @@ func flattenComputeDiskSourceImageEncryptionKey(v interface{}, d *schema.Resourc
 		flattenComputeDiskSourceImageEncryptionKeyRawKey(original["rawKey"], d)
 	transformed["sha256"] =
 		flattenComputeDiskSourceImageEncryptionKeySha256(original["sha256"], d)
+	transformed["kms_key_self_link"] =
+		flattenComputeDiskSourceImageEncryptionKeyKmsKeySelfLink(original["kmsKeyName"], d)
 	return []interface{}{transformed}
 }
 func flattenComputeDiskSourceImageEncryptionKeyRawKey(v interface{}, d *schema.ResourceData) interface{} {
@ -909,6 +929,10 @@ func flattenComputeDiskSourceImageEncryptionKeySha256(v interface{}, d *schema.R
 	return v
 }

+func flattenComputeDiskSourceImageEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData) interface{} {
+	return v
+}
+
 func flattenComputeDiskSourceImageId(v interface{}, d *schema.ResourceData) interface{} {
 	return v
 }
@ -926,6 +950,8 @@ func flattenComputeDiskDiskEncryptionKey(v interface{}, d *schema.ResourceData)
 		flattenComputeDiskDiskEncryptionKeyRawKey(original["rawKey"], d)
 	transformed["sha256"] =
 		flattenComputeDiskDiskEncryptionKeySha256(original["sha256"], d)
+	transformed["kms_key_self_link"] =
+		flattenComputeDiskDiskEncryptionKeyKmsKeySelfLink(original["kmsKeyName"], d)
 	return []interface{}{transformed}
 }
 func flattenComputeDiskDiskEncryptionKeyRawKey(v interface{}, d *schema.ResourceData) interface{} {
@ -936,6 +962,10 @@ func flattenComputeDiskDiskEncryptionKeySha256(v interface{}, d *schema.Resource
 	return v
 }

+func flattenComputeDiskDiskEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData) interface{} {
+	return v
+}
+
 func flattenComputeDiskSnapshot(v interface{}, d *schema.ResourceData) interface{} {
 	if v == nil {
 		return v
@ -954,6 +984,8 @@ func flattenComputeDiskSourceSnapshotEncryptionKey(v interface{}, d *schema.Reso
 	transformed := make(map[string]interface{})
 	transformed["raw_key"] =
 		flattenComputeDiskSourceSnapshotEncryptionKeyRawKey(original["rawKey"], d)
+	transformed["kms_key_self_link"] =
+		flattenComputeDiskSourceSnapshotEncryptionKeyKmsKeySelfLink(original["kmsKeyName"], d)
 	transformed["sha256"] =
 		flattenComputeDiskSourceSnapshotEncryptionKeySha256(original["sha256"], d)
 	return []interface{}{transformed}
@ -962,6 +994,10 @@ func flattenComputeDiskSourceSnapshotEncryptionKeyRawKey(v interface{}, d *schem
 	return v
 }

+func flattenComputeDiskSourceSnapshotEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData) interface{} {
+	return v
+}
+
 func flattenComputeDiskSourceSnapshotEncryptionKeySha256(v interface{}, d *schema.ResourceData) interface{} {
 	return v
 }
@ -1040,6 +1076,13 @@ func expandComputeDiskSourceImageEncryptionKey(v interface{}, d *schema.Resource
 		transformed["sha256"] = transformedSha256
 	}

+	transformedKmsKeySelfLink, err := expandComputeDiskSourceImageEncryptionKeyKmsKeySelfLink(original["kms_key_self_link"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedKmsKeySelfLink); val.IsValid() && !isEmptyValue(val) {
+		transformed["kmsKeyName"] = transformedKmsKeySelfLink
+	}
+
 	return transformed, nil
 }

@ -1051,6 +1094,10 @@ func expandComputeDiskSourceImageEncryptionKeySha256(v interface{}, d *schema.Re
 	return v, nil
 }

+func expandComputeDiskSourceImageEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeDiskDiskEncryptionKey(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
 	l := v.([]interface{})
 	if len(l) == 0 || l[0] == nil {
@ -1074,6 +1121,13 @@ func expandComputeDiskDiskEncryptionKey(v interface{}, d *schema.ResourceData, c
 		transformed["sha256"] = transformedSha256
 	}

+	transformedKmsKeySelfLink, err := expandComputeDiskDiskEncryptionKeyKmsKeySelfLink(original["kms_key_self_link"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedKmsKeySelfLink); val.IsValid() && !isEmptyValue(val) {
+		transformed["kmsKeyName"] = transformedKmsKeySelfLink
+	}
+
 	return transformed, nil
 }

@ -1085,6 +1139,10 @@ func expandComputeDiskDiskEncryptionKeySha256(v interface{}, d *schema.ResourceD
 	return v, nil
 }

+func expandComputeDiskDiskEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeDiskSnapshot(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
 	f, err := parseGlobalFieldValue("snapshots", v.(string), "project", d, config, true)
 	if err != nil {
@ -1109,6 +1167,13 @@ func expandComputeDiskSourceSnapshotEncryptionKey(v interface{}, d *schema.Resou
 		transformed["rawKey"] = transformedRawKey
 	}

+	transformedKmsKeySelfLink, err := expandComputeDiskSourceSnapshotEncryptionKeyKmsKeySelfLink(original["kms_key_self_link"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedKmsKeySelfLink); val.IsValid() && !isEmptyValue(val) {
+		transformed["kmsKeyName"] = transformedKmsKeySelfLink
+	}
+
 	transformedSha256, err := expandComputeDiskSourceSnapshotEncryptionKeySha256(original["sha256"], d, config)
 	if err != nil {
 		return nil, err
@ -1123,6 +1188,10 @@ func expandComputeDiskSourceSnapshotEncryptionKeyRawKey(v interface{}, d *schema
 	return v, nil
 }

+func expandComputeDiskSourceSnapshotEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeDiskSourceSnapshotEncryptionKeySha256(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
--- a/website/docs/r/compute_disk.html.markdown
+++ b/website/docs/r/compute_disk.html.markdown
@ -175,6 +175,13 @@ The `source_image_encryption_key` block supports:
  The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
  encryption key that protects this resource.

+* `kms_key_self_link` -
+  (Optional)
+  The self link of the encryption key used to encrypt the disk. Also called KmsKeyName
+  in the cloud console. In order to use this additional
+  IAM permissions need to be set on the Compute Engine Service Agent. See
+  https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
+
 The `disk_encryption_key` block supports:

 * `raw_key` -
@ -186,6 +193,13 @@ The `disk_encryption_key` block supports:
  The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
  encryption key that protects this resource.

+* `kms_key_self_link` -
+  (Optional)
+  The self link of the encryption key used to encrypt the disk. Also called KmsKeyName
+  in the cloud console. In order to use this additional
+  IAM permissions need to be set on the Compute Engine Service Agent. See
+  https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
+
 The `source_snapshot_encryption_key` block supports:

 * `raw_key` -
@ -193,6 +207,13 @@ The `source_snapshot_encryption_key` block supports:
  Specifies a 256-bit customer-supplied encryption key, encoded in
  RFC 4648 base64 to either encrypt or decrypt this resource.

+* `kms_key_self_link` -
+  (Optional)
+  The self link of the encryption key used to encrypt the disk. Also called KmsKeyName
+  in the cloud console. In order to use this additional
+  IAM permissions need to be set on the Compute Engine Service Agent. See
+  https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
+
 * `sha256` -
  The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
  encryption key that protects this resource.