Add KMS fields to google_compute_image (#13259) (#9730)

[upstream:2e4efd5ebf20bc025f5d213484773e6f61b1458c]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/13259.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+compute: added `source_disk_encryption_key`, `source_image_encryption_key` and `source_snapshot_encryption_key` to `google_compute_image`
+```
+
+```release-note:enhancement
+compute: added `source_disk_encryption_key.kms_key_self_link` and `source_disk_encryption_key.rsa_encrypted_key` to `google_compute_snapshot`
+```

google-beta/services/compute/resource_compute_image.go

@@ -35,8 +35,23 @@ fields:
   - field: 'shielded_instance_initial_state.pk.content'
   - field: 'shielded_instance_initial_state.pk.file_type'
   - field: 'source_disk'
+  - field: 'source_disk_encryption_key.kms_key_self_link'
+    api_field: 'source_disk_encryption_key.kms_key_name'
+  - field: 'source_disk_encryption_key.kms_key_service_account'
+  - field: 'source_disk_encryption_key.raw_key'
+  - field: 'source_disk_encryption_key.rsa_encrypted_key'
   - field: 'source_image'
+  - field: 'source_image_encryption_key.kms_key_self_link'
+    api_field: 'source_image_encryption_key.kms_key_name'
+  - field: 'source_image_encryption_key.kms_key_service_account'
+  - field: 'source_image_encryption_key.raw_key'
+  - field: 'source_image_encryption_key.rsa_encrypted_key'
   - field: 'source_snapshot'
+  - field: 'source_snapshot_encryption_key.kms_key_self_link'
+    api_field: 'source_snapshot_encryption_key.kms_key_name'
+  - field: 'source_snapshot_encryption_key.kms_key_service_account'
+  - field: 'source_snapshot_encryption_key.raw_key'
+  - field: 'source_snapshot_encryption_key.rsa_encrypted_key'
   - field: 'storage_locations'
   - field: 'terraform_labels'
     provider_only: true

google-beta/services/compute/resource_compute_image_generated_meta.yaml

@@ -49,7 +49,7 @@ func TestAccComputeImage_imageBasicExample(t *testing.T) {
 				ResourceName:            "google_compute_image.example",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"image_encryption_key.0.raw_key", "image_encryption_key.0.rsa_encrypted_key", "labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
+				ImportStateVerifyIgnore: []string{"image_encryption_key.0.raw_key", "image_encryption_key.0.rsa_encrypted_key", "labels", "raw_disk", "source_disk", "source_disk_encryption_key", "source_image", "source_image_encryption_key", "source_snapshot", "source_snapshot_encryption_key", "terraform_labels"},
 			},
 		},
 	})
@@ -97,7 +97,7 @@ func TestAccComputeImage_imageGuestOsExample(t *testing.T) {
 				ResourceName:            "google_compute_image.example",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"image_encryption_key.0.raw_key", "image_encryption_key.0.rsa_encrypted_key", "labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
+				ImportStateVerifyIgnore: []string{"image_encryption_key.0.raw_key", "image_encryption_key.0.rsa_encrypted_key", "labels", "raw_disk", "source_disk", "source_disk_encryption_key", "source_image", "source_image_encryption_key", "source_snapshot", "source_snapshot_encryption_key", "terraform_labels"},
 			},
 		},
 	})
@@ -165,7 +165,7 @@ func TestAccComputeImage_imageBasicStorageLocationExample(t *testing.T) {
 				ResourceName:            "google_compute_image.example",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"image_encryption_key.0.raw_key", "image_encryption_key.0.rsa_encrypted_key", "labels", "raw_disk", "source_disk", "source_image", "source_snapshot", "terraform_labels"},
+				ImportStateVerifyIgnore: []string{"image_encryption_key.0.raw_key", "image_encryption_key.0.rsa_encrypted_key", "labels", "raw_disk", "source_disk", "source_disk_encryption_key", "source_image", "source_image_encryption_key", "source_snapshot", "source_snapshot_encryption_key", "terraform_labels"},
 			},
 		},
 	})

google-beta/services/compute/resource_compute_image_generated_test.go

@@ -316,6 +316,72 @@ func TestAccComputeImage_imageEncryptionKey(t *testing.T) {
 	})
 }
 
+func TestAccComputeImage_sourceImageEncryptionKey(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix":     acctest.RandString(t, 10),
+		"kms_key_self_link": acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name,
+		"raw_key":           "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
+		"rsa_encrypted_key": "fB6BS8tJGhGVDZDjGt1pwUo2wyNbkzNxgH1avfOtiwB9X6oPG94gWgenygitnsYJyKjdOJ7DyXLmxwQOSmnCYCUBWdKCSssyLV5907HL2mb5TfqmgHk5JcArI/t6QADZWiuGtR+XVXqiLa5B9usxFT2BTmbHvSKfkpJ7McCNc/3U0PQR8euFRZ9i75o/w+pLHFMJ05IX3JB0zHbXMV173PjObiV3ItSJm2j3mp5XKabRGSA5rmfMnHIAMz6stGhcuom6+bMri2u/axmPsdxmC6MeWkCkCmPjaKsVz1+uQUNCJkAnzesluhoD+R6VjFDm4WI7yYabu4MOOAOTaQXdEg==",
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeInstanceTemplateDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeImage_sourceImageEncryptionKey(context),
+			},
+		},
+	})
+}
+
+func TestAccComputeImage_sourceSnapshotEncryptionKey(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix":     acctest.RandString(t, 10),
+		"kms_key_self_link": acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name,
+		"raw_key":           "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
+		"rsa_encrypted_key": "fB6BS8tJGhGVDZDjGt1pwUo2wyNbkzNxgH1avfOtiwB9X6oPG94gWgenygitnsYJyKjdOJ7DyXLmxwQOSmnCYCUBWdKCSssyLV5907HL2mb5TfqmgHk5JcArI/t6QADZWiuGtR+XVXqiLa5B9usxFT2BTmbHvSKfkpJ7McCNc/3U0PQR8euFRZ9i75o/w+pLHFMJ05IX3JB0zHbXMV173PjObiV3ItSJm2j3mp5XKabRGSA5rmfMnHIAMz6stGhcuom6+bMri2u/axmPsdxmC6MeWkCkCmPjaKsVz1+uQUNCJkAnzesluhoD+R6VjFDm4WI7yYabu4MOOAOTaQXdEg==",
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeInstanceTemplateDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeImage_sourceSnapshotEncryptionKey(context),
+			},
+		},
+	})
+}
+
+func TestAccComputeImage_sourceDiskEncryptionKey(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix":     acctest.RandString(t, 10),
+		"kms_key_self_link": acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name,
+		"raw_key":           "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
+		"rsa_encrypted_key": "fB6BS8tJGhGVDZDjGt1pwUo2wyNbkzNxgH1avfOtiwB9X6oPG94gWgenygitnsYJyKjdOJ7DyXLmxwQOSmnCYCUBWdKCSssyLV5907HL2mb5TfqmgHk5JcArI/t6QADZWiuGtR+XVXqiLa5B9usxFT2BTmbHvSKfkpJ7McCNc/3U0PQR8euFRZ9i75o/w+pLHFMJ05IX3JB0zHbXMV173PjObiV3ItSJm2j3mp5XKabRGSA5rmfMnHIAMz6stGhcuom6+bMri2u/axmPsdxmC6MeWkCkCmPjaKsVz1+uQUNCJkAnzesluhoD+R6VjFDm4WI7yYabu4MOOAOTaQXdEg==",
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeInstanceTemplateDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeImage_sourceDiskEncryptionKey(context),
+			},
+		},
+	})
+}
+
 func testAccCheckComputeImageResolution(t *testing.T, n string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		config := acctest.GoogleProviderConfig(t)
@@ -719,6 +785,263 @@ resource "google_compute_image" "foobar" {
 `, diskName, snapshotName, imageName)
 }
 
+func testAccComputeImage_sourceDiskEncryptionKey(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+data "google_compute_image" "debian" {
+  family  = "debian-11"
+  project = "debian-cloud"
+}
+
+resource "google_compute_disk" "src-disk-kms" {
+  name  = "tf-test-src-disk-kms-%{random_suffix}"
+  image = data.google_compute_image.debian.self_link
+  size  = 10
+  type  = "pd-ssd"
+  zone  = "us-central1-a"
+
+  disk_encryption_key {
+	kms_key_self_link = "%{kms_key_self_link}"
+  }
+}
+
+resource "google_compute_disk" "src-disk-raw" {
+  name  = "tf-test-src-disk-raw-%{random_suffix}"
+  image = data.google_compute_image.debian.self_link
+  size  = 10
+  type  = "pd-ssd"
+  zone  = "us-central1-a"
+
+  disk_encryption_key {
+	raw_key = "%{raw_key}"
+  }
+}
+
+resource "google_compute_disk" "src-disk-rsa" {
+  name  = "tf-test-src-disk-rsa-%{random_suffix}"
+  image = data.google_compute_image.debian.self_link
+  size  = 10
+  type  = "pd-ssd"
+  zone  = "us-central1-a"
+
+  disk_encryption_key {
+	rsa_encrypted_key = "%{rsa_encrypted_key}"
+  }
+}
+
+resource "google_compute_image" "foobar-kms" {
+	name         = "tf-test-image-kms-%{random_suffix}"
+	source_disk = google_compute_disk.src-disk-kms.self_link
+	source_disk_encryption_key {
+		kms_key_self_link = "%{kms_key_self_link}"
+	}
+}
+
+resource "google_compute_image" "foobar-raw" {
+	name         = "tf-test-image-raw-%{random_suffix}"
+	source_disk = google_compute_disk.src-disk-raw.self_link
+	source_disk_encryption_key {
+		raw_key = "%{raw_key}"
+	}
+}
+
+resource "google_compute_image" "foobar-rsa" {
+	name         = "tf-test-image-rsa-%{random_suffix}"
+	source_disk = google_compute_disk.src-disk-rsa.self_link
+	source_disk_encryption_key {
+		rsa_encrypted_key = "%{rsa_encrypted_key}"
+		kms_key_service_account = data.google_compute_default_service_account.default.email
+	}
+}
+
+data "google_compute_default_service_account" "default" {
+}
+`, context)
+}
+
+func testAccComputeImage_sourceImageEncryptionKey(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+data "google_compute_image" "debian" {
+  family  = "debian-11"
+  project = "debian-cloud"
+}
+
+resource "google_compute_disk" "src_disk" {
+  name  = "tf-test-src-disk-%{random_suffix}"
+  image = data.google_compute_image.debian.self_link
+  size  = 10
+  type  = "pd-ssd"
+  zone  = "us-central1-a"
+
+  disk_encryption_key {
+	kms_key_self_link = "%{kms_key_self_link}"
+  }
+}
+
+resource "google_compute_image" "src-image-kms" {
+  name         = "tf-test-src-kms-%{random_suffix}"
+  source_disk  = google_compute_disk.src_disk.self_link
+  image_encryption_key {
+	kms_key_self_link = "%{kms_key_self_link}"
+  }
+}
+
+resource "google_compute_image" "src-image-raw" {
+  name         = "tf-test-src-raw-%{random_suffix}"
+  source_disk  = google_compute_disk.src_disk.self_link
+  image_encryption_key {
+	raw_key = "%{raw_key}"
+  }
+}
+
+resource "google_compute_image" "src-image-rsa" {
+  name         = "tf-test-src-rsa-%{random_suffix}"
+  source_disk  = google_compute_disk.src_disk.self_link
+  image_encryption_key {
+	rsa_encrypted_key = "%{rsa_encrypted_key}"
+  }
+}
+
+resource "google_compute_image" "foobar-kms" {
+	name         = "tf-test-image-kms-%{random_suffix}"
+	source_image = google_compute_image.src-image-kms.self_link
+	source_image_encryption_key {
+		kms_key_self_link = "%{kms_key_self_link}"
+	}
+}
+
+resource "google_compute_image" "foobar-raw" {
+	name         = "tf-test-image-raw-%{random_suffix}"
+	source_image = google_compute_image.src-image-raw.self_link
+	source_image_encryption_key {
+		raw_key = "%{raw_key}"
+	}
+}
+
+resource "google_compute_image" "foobar-rsa" {
+	name         = "tf-test-image-rsa-%{random_suffix}"
+	source_image = google_compute_image.src-image-rsa.self_link
+	source_image_encryption_key {
+		rsa_encrypted_key = "%{rsa_encrypted_key}"
+		kms_key_service_account = data.google_compute_default_service_account.default.email
+	}
+}
+
+data "google_compute_default_service_account" "default" {
+}
+`, context)
+}
+
+func testAccComputeImage_sourceSnapshotEncryptionKey(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+data "google_compute_image" "debian" {
+  family  = "debian-11"
+  project = "debian-cloud"
+}
+
+resource "google_compute_disk" "src_disk-kms" {
+  name  = "tf-test-src-disk-kms-%{random_suffix}"
+  image = data.google_compute_image.debian.self_link
+  size  = 10
+  type  = "pd-ssd"
+  zone  = "us-central1-a"
+
+  disk_encryption_key {
+	kms_key_self_link = "%{kms_key_self_link}"
+  }
+}
+
+resource "google_compute_disk" "src_disk-raw" {
+  name  = "tf-test-src-disk-raw-%{random_suffix}"
+  image = data.google_compute_image.debian.self_link
+  size  = 10
+  type  = "pd-ssd"
+  zone  = "us-central1-a"
+
+  disk_encryption_key {
+	raw_key = "%{raw_key}"
+  }
+}
+
+resource "google_compute_disk" "src_disk-rsa" {
+  name  = "tf-test-src-disk-rsa-%{random_suffix}"
+  image = data.google_compute_image.debian.self_link
+  size  = 10
+  type  = "pd-ssd"
+  zone  = "us-central1-a"
+
+  disk_encryption_key {
+	rsa_encrypted_key = "%{rsa_encrypted_key}"
+  }
+}
+
+resource "google_compute_snapshot" "src-snapshot-kms" {
+  name  = "tf-test-src-snapshot-kms-%{random_suffix}"
+  source_disk  = google_compute_disk.src_disk-kms.self_link
+  zone  = "us-central1-a"
+
+  snapshot_encryption_key {
+	kms_key_self_link = "%{kms_key_self_link}"
+  }
+}
+
+resource "google_compute_snapshot" "src-snapshot-raw" {
+  name  = "tf-test-src-snapshot-raw-%{random_suffix}"
+  source_disk  = google_compute_disk.src_disk-raw.self_link
+  zone  = "us-central1-a"
+
+  snapshot_encryption_key {
+	raw_key = "%{raw_key}"
+  }
+
+  source_disk_encryption_key {
+	raw_key = "%{raw_key}"
+  }
+}
+
+resource "google_compute_snapshot" "src-snapshot-rsa" {
+  name  = "tf-test-src-snapshot-rsa-%{random_suffix}"
+  source_disk  = google_compute_disk.src_disk-rsa.self_link
+  zone  = "us-central1-a"
+
+  snapshot_encryption_key {
+	rsa_encrypted_key = "%{rsa_encrypted_key}"
+  }
+
+  source_disk_encryption_key {
+	rsa_encrypted_key = "%{rsa_encrypted_key}"
+  }
+}
+
+resource "google_compute_image" "foobar-kms" {
+	name         = "tf-test-image-kms-%{random_suffix}"
+	source_snapshot = google_compute_snapshot.src-snapshot-kms.self_link
+	source_snapshot_encryption_key {
+		kms_key_self_link = "%{kms_key_self_link}"
+	}
+}
+
+resource "google_compute_image" "foobar-raw" {
+	name         = "tf-test-image-raw-%{random_suffix}"
+	source_snapshot = google_compute_snapshot.src-snapshot-raw.self_link
+	source_snapshot_encryption_key {
+		raw_key = "%{raw_key}"
+	}
+}
+
+resource "google_compute_image" "foobar-rsa" {
+	name         = "tf-test-image-rsa-%{random_suffix}"
+	source_snapshot = google_compute_snapshot.src-snapshot-rsa.self_link
+	source_snapshot_encryption_key {
+		rsa_encrypted_key = "%{rsa_encrypted_key}"
+		kms_key_service_account = data.google_compute_default_service_account.default.email
+	}
+}
+
+data "google_compute_default_service_account" "default" {
+}
+`, context)
+}
+
 func testAccComputeImage_imageEncryptionKey(kmsRingName, kmsKeyName, suffix string) string {
 	return fmt.Sprintf(`
 data "google_kms_key_ring" "ring" {