diff --git a/google/resource_compute_disk.go b/google/resource_compute_disk.go index ece6ac40..3e18a5e4 100644 --- a/google/resource_compute_disk.go +++ b/google/resource_compute_disk.go @@ -270,6 +270,12 @@ func resourceComputeDisk() *schema.Resource { MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "kms_key_self_link": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + DiffSuppressFunc: compareSelfLinkRelativePaths, + }, "raw_key": { Type: schema.TypeString, Optional: true, @@ -311,6 +317,12 @@ func resourceComputeDisk() *schema.Resource { MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "kms_key_self_link": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + DiffSuppressFunc: compareSelfLinkRelativePaths, + }, "raw_key": { Type: schema.TypeString, Optional: true, @@ -330,6 +342,12 @@ func resourceComputeDisk() *schema.Resource { MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "kms_key_self_link": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + DiffSuppressFunc: compareSelfLinkRelativePaths, + }, "raw_key": { Type: schema.TypeString, Optional: true, @@ -899,6 +917,8 @@ func flattenComputeDiskSourceImageEncryptionKey(v interface{}, d *schema.Resourc flattenComputeDiskSourceImageEncryptionKeyRawKey(original["rawKey"], d) transformed["sha256"] = flattenComputeDiskSourceImageEncryptionKeySha256(original["sha256"], d) + transformed["kms_key_self_link"] = + flattenComputeDiskSourceImageEncryptionKeyKmsKeySelfLink(original["kmsKeyName"], d) return []interface{}{transformed} } func flattenComputeDiskSourceImageEncryptionKeyRawKey(v interface{}, d *schema.ResourceData) interface{} { @@ -909,6 +929,10 @@ func flattenComputeDiskSourceImageEncryptionKeySha256(v interface{}, d *schema.R return v } +func flattenComputeDiskSourceImageEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData) interface{} { + return v +} + func flattenComputeDiskSourceImageId(v interface{}, d *schema.ResourceData) interface{} { return v } @@ -926,6 +950,8 @@ func flattenComputeDiskDiskEncryptionKey(v interface{}, d *schema.ResourceData) flattenComputeDiskDiskEncryptionKeyRawKey(original["rawKey"], d) transformed["sha256"] = flattenComputeDiskDiskEncryptionKeySha256(original["sha256"], d) + transformed["kms_key_self_link"] = + flattenComputeDiskDiskEncryptionKeyKmsKeySelfLink(original["kmsKeyName"], d) return []interface{}{transformed} } func flattenComputeDiskDiskEncryptionKeyRawKey(v interface{}, d *schema.ResourceData) interface{} { @@ -936,6 +962,10 @@ func flattenComputeDiskDiskEncryptionKeySha256(v interface{}, d *schema.Resource return v } +func flattenComputeDiskDiskEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData) interface{} { + return v +} + func flattenComputeDiskSnapshot(v interface{}, d *schema.ResourceData) interface{} { if v == nil { return v @@ -954,6 +984,8 @@ func flattenComputeDiskSourceSnapshotEncryptionKey(v interface{}, d *schema.Reso transformed := make(map[string]interface{}) transformed["raw_key"] = flattenComputeDiskSourceSnapshotEncryptionKeyRawKey(original["rawKey"], d) + transformed["kms_key_self_link"] = + flattenComputeDiskSourceSnapshotEncryptionKeyKmsKeySelfLink(original["kmsKeyName"], d) transformed["sha256"] = flattenComputeDiskSourceSnapshotEncryptionKeySha256(original["sha256"], d) return []interface{}{transformed} @@ -962,6 +994,10 @@ func flattenComputeDiskSourceSnapshotEncryptionKeyRawKey(v interface{}, d *schem return v } +func flattenComputeDiskSourceSnapshotEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData) interface{} { + return v +} + func flattenComputeDiskSourceSnapshotEncryptionKeySha256(v interface{}, d *schema.ResourceData) interface{} { return v } @@ -1040,6 +1076,13 @@ func expandComputeDiskSourceImageEncryptionKey(v interface{}, d *schema.Resource transformed["sha256"] = transformedSha256 } + transformedKmsKeySelfLink, err := expandComputeDiskSourceImageEncryptionKeyKmsKeySelfLink(original["kms_key_self_link"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedKmsKeySelfLink); val.IsValid() && !isEmptyValue(val) { + transformed["kmsKeyName"] = transformedKmsKeySelfLink + } + return transformed, nil } @@ -1051,6 +1094,10 @@ func expandComputeDiskSourceImageEncryptionKeySha256(v interface{}, d *schema.Re return v, nil } +func expandComputeDiskSourceImageEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) { + return v, nil +} + func expandComputeDiskDiskEncryptionKey(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 || l[0] == nil { @@ -1074,6 +1121,13 @@ func expandComputeDiskDiskEncryptionKey(v interface{}, d *schema.ResourceData, c transformed["sha256"] = transformedSha256 } + transformedKmsKeySelfLink, err := expandComputeDiskDiskEncryptionKeyKmsKeySelfLink(original["kms_key_self_link"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedKmsKeySelfLink); val.IsValid() && !isEmptyValue(val) { + transformed["kmsKeyName"] = transformedKmsKeySelfLink + } + return transformed, nil } @@ -1085,6 +1139,10 @@ func expandComputeDiskDiskEncryptionKeySha256(v interface{}, d *schema.ResourceD return v, nil } +func expandComputeDiskDiskEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) { + return v, nil +} + func expandComputeDiskSnapshot(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) { f, err := parseGlobalFieldValue("snapshots", v.(string), "project", d, config, true) if err != nil { @@ -1109,6 +1167,13 @@ func expandComputeDiskSourceSnapshotEncryptionKey(v interface{}, d *schema.Resou transformed["rawKey"] = transformedRawKey } + transformedKmsKeySelfLink, err := expandComputeDiskSourceSnapshotEncryptionKeyKmsKeySelfLink(original["kms_key_self_link"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedKmsKeySelfLink); val.IsValid() && !isEmptyValue(val) { + transformed["kmsKeyName"] = transformedKmsKeySelfLink + } + transformedSha256, err := expandComputeDiskSourceSnapshotEncryptionKeySha256(original["sha256"], d, config) if err != nil { return nil, err @@ -1123,6 +1188,10 @@ func expandComputeDiskSourceSnapshotEncryptionKeyRawKey(v interface{}, d *schema return v, nil } +func expandComputeDiskSourceSnapshotEncryptionKeyKmsKeySelfLink(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) { + return v, nil +} + func expandComputeDiskSourceSnapshotEncryptionKeySha256(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) { return v, nil } diff --git a/website/docs/r/compute_disk.html.markdown b/website/docs/r/compute_disk.html.markdown index 889b049a..55368e34 100644 --- a/website/docs/r/compute_disk.html.markdown +++ b/website/docs/r/compute_disk.html.markdown @@ -175,6 +175,13 @@ The `source_image_encryption_key` block supports: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. +* `kms_key_self_link` - + (Optional) + The self link of the encryption key used to encrypt the disk. Also called KmsKeyName + in the cloud console. In order to use this additional + IAM permissions need to be set on the Compute Engine Service Agent. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + The `disk_encryption_key` block supports: * `raw_key` - @@ -186,6 +193,13 @@ The `disk_encryption_key` block supports: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. +* `kms_key_self_link` - + (Optional) + The self link of the encryption key used to encrypt the disk. Also called KmsKeyName + in the cloud console. In order to use this additional + IAM permissions need to be set on the Compute Engine Service Agent. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + The `source_snapshot_encryption_key` block supports: * `raw_key` - @@ -193,6 +207,13 @@ The `source_snapshot_encryption_key` block supports: Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. +* `kms_key_self_link` - + (Optional) + The self link of the encryption key used to encrypt the disk. Also called KmsKeyName + in the cloud console. In order to use this additional + IAM permissions need to be set on the Compute Engine Service Agent. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + * `sha256` - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.