Remove deprecated raw_key convenience property (#2209)

Removing disk_encryption_key_sha256 and disk_encryption_key_raw and removing the custom diff logic associated with them.

<!-- This change is generated by MagicModules. -->
/cc @chrisst

google/resource_compute_disk.go

@@ -232,26 +232,6 @@ func suppressWindowsFamilyDiff(imageName, familyName string) bool {
 	return false
 }
 
-func diskEncryptionKeyDiffSuppress(k, old, new string, d *schema.ResourceData) bool {
-	if strings.HasSuffix(k, "#") {
-		if old == "1" && new == "0" {
-			// If we have a disk_encryption_key_raw, we can trust that the diff will be handled there
-			// and we don't need to worry about it here.
-			return d.Get("disk_encryption_key_raw").(string) != ""
-		} else if new == "1" && old == "0" {
-			// This will be handled by diffing the 'raw_key' attribute.
-			return true
-		}
-	} else if strings.HasSuffix(k, "raw_key") {
-		disk_key := d.Get("disk_encryption_key_raw").(string)
-		return disk_key == old && old != "" && new == ""
-	} else if k == "disk_encryption_key_raw" {
-		disk_key := d.Get("disk_encryption_key.0.raw_key").(string)
-		return disk_key == old && old != "" && new == ""
-	}
-	return false
-}
-
 func resourceComputeDisk() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceComputeDiskCreate,
@@ -286,7 +266,6 @@ func resourceComputeDisk() *schema.Resource {
 				Type:     schema.TypeList,
 				Optional: true,
 				ForceNew: true,
-				DiffSuppressFunc: diskEncryptionKeyDiffSuppress,
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -408,20 +387,6 @@ func resourceComputeDisk() *schema.Resource {
 					DiffSuppressFunc: compareSelfLinkOrResourceName,
 				},
 			},
-			"disk_encryption_key_raw": &schema.Schema{
-				Type:             schema.TypeString,
-				Optional:         true,
-				ForceNew:         true,
-				Sensitive:        true,
-				DiffSuppressFunc: diskEncryptionKeyDiffSuppress,
-				Deprecated:       "Use disk_encryption_key.raw_key instead.",
-			},
-
-			"disk_encryption_key_sha256": &schema.Schema{
-				Type:       schema.TypeString,
-				Computed:   true,
-				Deprecated: "Use disk_encryption_key.sha256 instead.",
-			},
 			"project": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -1074,21 +1039,36 @@ func expandComputeDiskSourceImageEncryptionKeySha256(v interface{}, d *schema.Re
 
 func expandComputeDiskDiskEncryptionKey(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
 	l := v.([]interface{})
-	req := make([]interface{}, 0, 1)
-	if len(l) == 1 {
-		// There is a value
-		outMap := make(map[string]interface{})
-		outMap["rawKey"] = l[0].(map[string]interface{})["raw_key"]
-		req = append(req, outMap)
-	} else {
-		// Check alternative setting?
-		if altV, ok := d.GetOk("disk_encryption_key_raw"); ok && altV != "" {
-			outMap := make(map[string]interface{})
-			outMap["rawKey"] = altV
-			req = append(req, outMap)
+	if len(l) == 0 {
+		return nil, nil
 	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedRawKey, err := expandComputeDiskDiskEncryptionKeyRawKey(original["raw_key"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedRawKey); val.IsValid() && !isEmptyValue(val) {
+		transformed["rawKey"] = transformedRawKey
 	}
-	return req, nil
+
+	transformedSha256, err := expandComputeDiskDiskEncryptionKeySha256(original["sha256"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedSha256); val.IsValid() && !isEmptyValue(val) {
+		transformed["sha256"] = transformedSha256
+	}
+
+	return transformed, nil
+}
+
+func expandComputeDiskDiskEncryptionKeyRawKey(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandComputeDiskDiskEncryptionKeySha256(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
+	return v, nil
 }
 
 func expandComputeDiskSnapshot(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
@@ -1204,10 +1184,6 @@ func resourceComputeDiskDecoder(d *schema.ResourceData, meta interface{}, res ma
 		// The raw key won't be returned, so we need to use the original.
 		transformed["rawKey"] = d.Get("disk_encryption_key.0.raw_key")
 		transformed["sha256"] = original["sha256"]
-		if v, ok := d.GetOk("disk_encryption_key_raw"); ok {
-			transformed["rawKey"] = v
-		}
-		d.Set("disk_encryption_key_sha256", original["sha256"])
 		res["diskEncryptionKey"] = transformed
 	}
 

google/resource_compute_disk_test.go

@@ -338,26 +338,6 @@ func TestAccComputeDisk_encryption(t *testing.T) {
 						"google_compute_disk.foobar", &disk),
 				),
 			},
-			// Update from top-level attribute to nested.
-			resource.TestStep{
-				Config: testAccComputeDisk_encryptionMigrate(diskName),
-				Check: resource.ComposeTestCheckFunc(
-					testAccCheckComputeDiskExists(
-						"google_compute_disk.foobar", &disk),
-					testAccCheckEncryptionKey(
-						"google_compute_disk.foobar", &disk),
-				),
-			},
-			// Update from nested attribute back to top-level.
-			resource.TestStep{
-				Config: testAccComputeDisk_encryption(diskName),
-				Check: resource.ComposeTestCheckFunc(
-					testAccCheckComputeDiskExists(
-						"google_compute_disk.foobar", &disk),
-					testAccCheckEncryptionKey(
-						"google_compute_disk.foobar", &disk),
-				),
-			},
 		},
 	})
 }
@@ -571,7 +551,7 @@ func testAccCheckEncryptionKey(n string, disk *compute.Disk) resource.TestCheckF
 			return fmt.Errorf("Not found: %s", n)
 		}
 
-		attr := rs.Primary.Attributes["disk_encryption_key_sha256"]
+		attr := rs.Primary.Attributes["disk_encryption_key.0.sha256"]
 		if disk.DiskEncryptionKey == nil {
 			return fmt.Errorf("Disk %s has mismatched encryption key.\nTF State: %+v\nGCP State: <empty>", n, attr)
 		} else if attr != disk.DiskEncryptionKey.Sha256 {
@@ -701,23 +681,6 @@ data "google_compute_image" "my_image" {
 	project = "debian-cloud"
 }
 
-resource "google_compute_disk" "foobar" {
-	name = "%s"
-	image = "${data.google_compute_image.my_image.self_link}"
-	size = 50
-	type = "pd-ssd"
-	zone = "us-central1-a"
-	disk_encryption_key_raw = "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-}`, diskName)
-}
-
-func testAccComputeDisk_encryptionMigrate(diskName string) string {
-	return fmt.Sprintf(`
-data "google_compute_image" "my_image" {
-	family  = "debian-9"
-	project = "debian-cloud"
-}
-
 resource "google_compute_disk" "foobar" {
 	name = "%s"
 	image = "${data.google_compute_image.my_image.self_link}"

google/resource_compute_instance_migrate_test.go

@@ -154,16 +154,16 @@ func TestAccComputeInstanceMigrateState_bootDisk(t *testing.T) {
 		"disk.0.auto_delete":                   "false",
 		"disk.0.size":                          "12",
 		"disk.0.device_name":                   "persistent-disk-0",
-		"disk.0.disk_encryption_key_raw":    "encrypt-key",
-		"disk.0.disk_encryption_key_sha256": "encrypt-key-sha",
+		"disk.0.disk_encryption_key.0.raw_key": "encrypt-key",
+		"disk.0.disk_encryption_key.0.sha256":  "encrypt-key-sha",
 		"zone":                                 zone,
 	}
 	expected := map[string]string{
 		"boot_disk.#":                               "1",
 		"boot_disk.0.auto_delete":                   "false",
 		"boot_disk.0.device_name":                   "persistent-disk-0",
-		"boot_disk.0.disk_encryption_key_raw":    "encrypt-key",
-		"boot_disk.0.disk_encryption_key_sha256": "encrypt-key-sha",
+		"boot_disk.0.disk_encryption_key.0.raw_key": "encrypt-key",
+		"boot_disk.0.disk_encryption_key.0.sha256":  "encrypt-key-sha",
 		"boot_disk.0.initialize_params.#":           "1",
 		"boot_disk.0.initialize_params.0.size":      "12",
 		"boot_disk.0.initialize_params.0.type":      "pd-ssd",
@@ -221,16 +221,16 @@ func TestAccComputeInstanceMigrateState_v4FixBootDisk(t *testing.T) {
 		"disk.0.auto_delete":                   "false",
 		"disk.0.size":                          "12",
 		"disk.0.device_name":                   "persistent-disk-0",
-		"disk.0.disk_encryption_key_raw":    "encrypt-key",
-		"disk.0.disk_encryption_key_sha256": "encrypt-key-sha",
+		"disk.0.disk_encryption_key.0.raw_key": "encrypt-key",
+		"disk.0.disk_encryption_key.0.sha256":  "encrypt-key-sha",
 		"zone":                                 zone,
 	}
 	expected := map[string]string{
 		"boot_disk.#":                               "1",
 		"boot_disk.0.auto_delete":                   "false",
 		"boot_disk.0.device_name":                   "persistent-disk-0",
-		"boot_disk.0.disk_encryption_key_raw":    "encrypt-key",
-		"boot_disk.0.disk_encryption_key_sha256": "encrypt-key-sha",
+		"boot_disk.0.disk_encryption_key.0.raw_key": "encrypt-key",
+		"boot_disk.0.disk_encryption_key.0.sha256":  "encrypt-key-sha",
 		"boot_disk.0.initialize_params.#":           "1",
 		"boot_disk.0.initialize_params.0.size":      "12",
 		"boot_disk.0.initialize_params.0.type":      "pd-ssd",
@@ -303,8 +303,8 @@ func TestAccComputeInstanceMigrateState_attachedDiskFromSource(t *testing.T) {
 		"disk.#":                               "1",
 		"disk.0.disk":                          diskName,
 		"disk.0.device_name":                   "persistent-disk-1",
-		"disk.0.disk_encryption_key_raw":    "encrypt-key",
-		"disk.0.disk_encryption_key_sha256": "encrypt-key-sha",
+		"disk.0.disk_encryption_key.0.raw_key": "encrypt-key",
+		"disk.0.disk_encryption_key.0.sha256":  "encrypt-key-sha",
 		"zone":                                 zone,
 	}
 	expected := map[string]string{
@@ -312,8 +312,8 @@ func TestAccComputeInstanceMigrateState_attachedDiskFromSource(t *testing.T) {
 		"attached_disk.#":                               "1",
 		"attached_disk.0.source":                        "https://www.googleapis.com/compute/v1/projects/" + config.Project + "/zones/" + zone + "/disks/" + diskName,
 		"attached_disk.0.device_name":                   "persistent-disk-1",
-		"attached_disk.0.disk_encryption_key_raw":    "encrypt-key",
-		"attached_disk.0.disk_encryption_key_sha256": "encrypt-key-sha",
+		"attached_disk.0.disk_encryption_key.0.raw_key": "encrypt-key",
+		"attached_disk.0.disk_encryption_key.0.sha256":  "encrypt-key-sha",
 		"zone":           zone,
 		"create_timeout": "4",
 	}
@@ -383,8 +383,8 @@ func TestAccComputeInstanceMigrateState_v4FixAttachedDiskFromSource(t *testing.T
 		"disk.#":                               "1",
 		"disk.0.disk":                          diskName,
 		"disk.0.device_name":                   "persistent-disk-1",
-		"disk.0.disk_encryption_key_raw":    "encrypt-key",
-		"disk.0.disk_encryption_key_sha256": "encrypt-key-sha",
+		"disk.0.disk_encryption_key.0.raw_key": "encrypt-key",
+		"disk.0.disk_encryption_key.0.sha256":  "encrypt-key-sha",
 		"zone":                                 zone,
 	}
 	expected := map[string]string{
@@ -392,8 +392,8 @@ func TestAccComputeInstanceMigrateState_v4FixAttachedDiskFromSource(t *testing.T
 		"attached_disk.#":                               "1",
 		"attached_disk.0.source":                        "https://www.googleapis.com/compute/v1/projects/" + config.Project + "/zones/" + zone + "/disks/" + diskName,
 		"attached_disk.0.device_name":                   "persistent-disk-1",
-		"attached_disk.0.disk_encryption_key_raw":    "encrypt-key",
-		"attached_disk.0.disk_encryption_key_sha256": "encrypt-key-sha",
+		"attached_disk.0.disk_encryption_key.0.raw_key": "encrypt-key",
+		"attached_disk.0.disk_encryption_key.0.sha256":  "encrypt-key-sha",
 		"zone": zone,
 	}
 
@@ -450,8 +450,8 @@ func TestAccComputeInstanceMigrateState_attachedDiskFromEncryptionKey(t *testing
 		"boot_disk.#":                          "1",
 		"disk.#":                               "1",
 		"disk.0.image":                         "projects/debian-cloud/global/images/family/debian-9",
-		"disk.0.disk_encryption_key_raw":    "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
-		"disk.0.disk_encryption_key_sha256": "esTuF7d4eatX4cnc4JsiEiaI+Rff78JgPhA/v1zxX9E=",
+		"disk.0.disk_encryption_key.0.raw_key": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
+		"disk.0.disk_encryption_key.0.sha256":  "esTuF7d4eatX4cnc4JsiEiaI+Rff78JgPhA/v1zxX9E=",
 		"zone":                                 zone,
 	}
 	expected := map[string]string{
@@ -459,8 +459,8 @@ func TestAccComputeInstanceMigrateState_attachedDiskFromEncryptionKey(t *testing
 		"attached_disk.#":                               "1",
 		"attached_disk.0.source":                        "https://www.googleapis.com/compute/v1/projects/" + config.Project + "/zones/" + zone + "/disks/" + instanceName + "-1",
 		"attached_disk.0.device_name":                   "persistent-disk-1",
-		"attached_disk.0.disk_encryption_key_raw":    "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
-		"attached_disk.0.disk_encryption_key_sha256": "esTuF7d4eatX4cnc4JsiEiaI+Rff78JgPhA/v1zxX9E=",
+		"attached_disk.0.disk_encryption_key.0.raw_key": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
+		"attached_disk.0.disk_encryption_key.0.sha256":  "esTuF7d4eatX4cnc4JsiEiaI+Rff78JgPhA/v1zxX9E=",
 		"zone":           zone,
 		"create_timeout": "4",
 	}
@@ -518,8 +518,8 @@ func TestAccComputeInstanceMigrateState_v4FixAttachedDiskFromEncryptionKey(t *te
 		"boot_disk.#":                          "1",
 		"disk.#":                               "1",
 		"disk.0.image":                         "projects/debian-cloud/global/images/family/debian-9",
-		"disk.0.disk_encryption_key_raw":    "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
-		"disk.0.disk_encryption_key_sha256": "esTuF7d4eatX4cnc4JsiEiaI+Rff78JgPhA/v1zxX9E=",
+		"disk.0.disk_encryption_key.0.raw_key": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
+		"disk.0.disk_encryption_key.0.sha256":  "esTuF7d4eatX4cnc4JsiEiaI+Rff78JgPhA/v1zxX9E=",
 		"zone":                                 zone,
 	}
 	expected := map[string]string{
@@ -527,8 +527,8 @@ func TestAccComputeInstanceMigrateState_v4FixAttachedDiskFromEncryptionKey(t *te
 		"attached_disk.#":                               "1",
 		"attached_disk.0.source":                        "https://www.googleapis.com/compute/v1/projects/" + config.Project + "/zones/" + zone + "/disks/" + instanceName + "-1",
 		"attached_disk.0.device_name":                   "persistent-disk-1",
-		"attached_disk.0.disk_encryption_key_raw":    "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
-		"attached_disk.0.disk_encryption_key_sha256": "esTuF7d4eatX4cnc4JsiEiaI+Rff78JgPhA/v1zxX9E=",
+		"attached_disk.0.disk_encryption_key.0.raw_key": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
+		"attached_disk.0.disk_encryption_key.0.sha256":  "esTuF7d4eatX4cnc4JsiEiaI+Rff78JgPhA/v1zxX9E=",
 		"zone": zone,
 	}
 

google/resource_compute_instance_test.go

@@ -1928,7 +1928,9 @@ resource "google_compute_disk" "foobar" {
 	type = "pd-ssd"
 	zone = "us-central1-a"
 
-	disk_encryption_key_raw = "%s"
+	disk_encryption_key {
+		raw_key = "%s"
+	}
 }
 
 resource "google_compute_disk" "foobar2" {
@@ -1937,7 +1939,9 @@ resource "google_compute_disk" "foobar2" {
 	type = "pd-ssd"
 	zone = "us-central1-a"
 
-	disk_encryption_key_raw = "%s"
+	disk_encryption_key {
+		raw_key = "%s"
+	}
 }
 
 resource "google_compute_disk" "foobar3" {
@@ -1946,7 +1950,9 @@ resource "google_compute_disk" "foobar3" {
 	type = "pd-ssd"
 	zone = "us-central1-a"
 
-	disk_encryption_key_raw = "%s"
+	disk_encryption_key {
+		raw_key = "%s"
+	}
 }
 
 resource "google_compute_disk" "foobar4" {
@@ -2214,7 +2220,9 @@ resource "google_compute_disk" "foobar" {
 	size = 10
 	type = "pd-ssd"
 	zone = "us-central1-a"
-	disk_encryption_key_raw = "c2Vjb25kNzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI"
+	disk_encryption_key {
+		raw_key = "c2Vjb25kNzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI"
+	}
 }
 
 resource "google_compute_instance" "foobar" {

google/resource_compute_snapshot_test.go

@@ -246,13 +246,19 @@ resource "google_compute_disk" "foobar" {
 	size = 10
 	type = "pd-ssd"
 	zone = "us-central1-a"
-	disk_encryption_key_raw = "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
+	disk_encryption_key {
+		raw_key = "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
+	}
 }
 resource "google_compute_snapshot" "foobar" {
 	name = "%s"
 	source_disk = "${google_compute_disk.foobar.name}"
 	zone = "us-central1-a"
-	source_disk_encryption_key_raw = "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-	snapshot_encryption_key_raw = "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
+	source_disk_encryption_key {
+		raw_key = "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
+	}
+	snapshot_encryption_key {
+		raw_key = "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
+	}
 }`, diskName, snapshotName)
 }

website/docs/r/compute_disk.html.markdown

@@ -191,11 +191,6 @@ The `source_snapshot_encryption_key` block supports:
   The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
   encryption key that protects this resource.
 
-* (Deprecated) `disk_encryption_key_raw`:  This is an alias for
-  `disk_encryption_key.raw_key`.  It is deprecated to enhance
-  consistency with `source_image_encryption_key` and
-  `source_snapshot_encryption_key`.
-
 ## Attributes Reference
 
 In addition to the arguments listed above, the following computed attributes are exported:
@@ -235,11 +230,6 @@ In addition to the arguments listed above, the following computed attributes are
 * `self_link` - The URI of the created resource.
 
 
-* (Deprecated) `disk_encryption_key_sha256`: This is an alias for
-  `disk_encryption_key.sha256`.  It is deprecated to enhance
-  consistency with `source_image_encryption_key` and
-  `source_snapshot_encryption_key`.
-
 ## Timeouts
 
 This resource provides the following