Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Shielded VMs to compute_instance and compute_instance_template (#3209) #3531

Merged
merged 1 commit into from
May 16, 2019
Merged

Add support for Shielded VMs to compute_instance and compute_instance_template (#3209) #3531

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions google/compute_instance_helpers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,3 +303,29 @@ func resourceInstanceTags(d TerraformResourceData) *computeBeta.Tags {

return tags
}

func expandShieldedVmConfigs(d *schema.ResourceData) *computeBeta.ShieldedVmConfig {
if _, ok := d.GetOk("shielded_instance_config"); !ok {
return nil
}

prefix := "shielded_instance_config.0"
return &computeBeta.ShieldedVmConfig{
EnableSecureBoot: d.Get(prefix + ".enable_secure_boot").(bool),
EnableVtpm: d.Get(prefix + ".enable_vtpm").(bool),
EnableIntegrityMonitoring: d.Get(prefix + ".enable_integrity_monitoring").(bool),
ForceSendFields: []string{"EnableSecureBoot", "EnableVtpm", "EnableIntegrityMonitoring"},
rileykarson marked this conversation as resolved.
Show resolved Hide resolved
}
}

func flattenShieldedVmConfig(shieldedVmConfig *computeBeta.ShieldedVmConfig) []map[string]bool {
if shieldedVmConfig == nil {
return nil
}

return []map[string]bool{{
"enable_secure_boot": shieldedVmConfig.EnableSecureBoot,
"enable_vtpm": shieldedVmConfig.EnableVtpm,
"enable_integrity_monitoring": shieldedVmConfig.EnableIntegrityMonitoring,
}}
}
5 changes: 5 additions & 0 deletions google/data_source_google_compute_instance.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,11 @@ func dataSourceGoogleComputeInstanceRead(d *schema.ResourceData, meta interface{
return err
}

err = d.Set("shielded_instance_config", flattenShieldedVmConfig(instance.ShieldedVmConfig))
if err != nil {
return err
}

d.Set("attached_disk", ads)
d.Set("cpu_platform", instance.CpuPlatform)
d.Set("min_cpu_platform", instance.MinCpuPlatform)
Expand Down
49 changes: 49 additions & 0 deletions google/resource_compute_instance.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -510,6 +510,37 @@ func resourceComputeInstance() *schema.Resource {
},
},

"shielded_instance_config": {
Type: schema.TypeList,
mlauter marked this conversation as resolved.
Show resolved Hide resolved
MaxItems: 1,
Optional: true,
rileykarson marked this conversation as resolved.
Show resolved Hide resolved
// Since this block is used by the API based on which
// image being used, the field needs to be marked as Computed.
Computed: true,
DiffSuppressFunc: emptyOrDefaultStringSuppress(""),
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"enable_secure_boot": {
Type: schema.TypeBool,
Optional: true,
Default: false,
rileykarson marked this conversation as resolved.
Show resolved Hide resolved
},

"enable_vtpm": {
Type: schema.TypeBool,
Optional: true,
Default: true,
},

"enable_integrity_monitoring": {
Type: schema.TypeBool,
Optional: true,
Default: true,
},
},
},
},

"tags": {
Type: schema.TypeSet,
Optional: true,
Expand Down Expand Up @@ -685,6 +716,7 @@ func expandComputeInstance(project string, zone *compute.Zone, d *schema.Resourc
DeletionProtection: d.Get("deletion_protection").(bool),
Hostname: d.Get("hostname").(string),
ForceSendFields: []string{"CanIpForward", "DeletionProtection"},
ShieldedVmConfig: expandShieldedVmConfigs(d),
}, nil
}

Expand Down Expand Up @@ -904,6 +936,7 @@ func resourceComputeInstanceRead(d *schema.ResourceData, meta interface{}) error
d.Set("scratch_disk", scratchDisks)
d.Set("scheduling", flattenScheduling(instance.Scheduling))
d.Set("guest_accelerator", flattenGuestAccelerators(instance.GuestAccelerators))
d.Set("shielded_instance_config", flattenShieldedVmConfig(instance.ShieldedVmConfig))
d.Set("cpu_platform", instance.CpuPlatform)
d.Set("min_cpu_platform", instance.MinCpuPlatform)
d.Set("deletion_protection", instance.DeletionProtection)
Expand Down Expand Up @@ -1366,6 +1399,22 @@ func resourceComputeInstanceUpdate(d *schema.ResourceData, meta interface{}) err
}
}

if d.HasChange("shielded_instance_config") {
shieldedVmConfig := expandShieldedVmConfigs(d)

op, err := config.clientComputeBeta.Instances.UpdateShieldedVmConfig(project, zone, d.Id(), shieldedVmConfig).Do()
if err != nil {
return fmt.Errorf("Error updating shielded vm config: %s", err)
}

opErr := computeSharedOperationWaitTime(config.clientCompute, op, project, int(d.Timeout(schema.TimeoutUpdate).Minutes()), "shielded vm config update")
if opErr != nil {
return opErr
}

d.SetPartial("shielded_instance_config")
}

// We made it, disable partial mode
d.Partial(false)

Expand Down
41 changes: 41 additions & 0 deletions google/resource_compute_instance_template.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -389,6 +389,41 @@ func resourceComputeInstanceTemplate() *schema.Resource {
},
},

"shielded_instance_config": {
Type: schema.TypeList,
MaxItems: 1,
Optional: true,
ForceNew: true,
// Since this block is used by the API based on which
// image being used, the field needs to be marked as Computed.
Computed: true,
DiffSuppressFunc: emptyOrDefaultStringSuppress(""),
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"enable_secure_boot": {
Type: schema.TypeBool,
Optional: true,
Default: false,
ForceNew: true,
},

"enable_vtpm": {
Type: schema.TypeBool,
Optional: true,
Default: true,
ForceNew: true,
},

"enable_integrity_monitoring": {
Type: schema.TypeBool,
Optional: true,
Default: true,
ForceNew: true,
},
},
},
},

"guest_accelerator": {
Type: schema.TypeList,
Optional: true,
Expand Down Expand Up @@ -644,6 +679,7 @@ func resourceComputeInstanceTemplateCreate(d *schema.ResourceData, meta interfac
Scheduling: scheduling,
ServiceAccounts: expandServiceAccounts(d.Get("service_account").([]interface{})),
Tags: resourceInstanceTags(d),
ShieldedVmConfig: expandShieldedVmConfigs(d),
}

if _, ok := d.GetOk("labels"); ok {
Expand Down Expand Up @@ -841,6 +877,11 @@ func resourceComputeInstanceTemplateRead(d *schema.ResourceData, meta interface{
return fmt.Errorf("Error setting guest_accelerator: %s", err)
}
}
if instanceTemplate.Properties.ShieldedVmConfig != nil {
if err = d.Set("shielded_instance_config", flattenShieldedVmConfig(instanceTemplate.Properties.ShieldedVmConfig)); err != nil {
return fmt.Errorf("Error setting shielded_instance_config: %s", err)
}
}
return nil
}

Expand Down
Loading