Contributor: dataproc encryption

Signed-off-by: Modular Magician <magic-modules@google.com>

google/resource_dataproc_cluster.go

@@ -310,6 +310,19 @@ func resourceDataprocCluster() *schema.Resource {
 								},
 							},
 						},
+						"encryption_config": {
+							Type:     schema.TypeList,
+							Optional: true,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"kms_key_name": {
+										Type:     schema.TypeString,
+										Required: true,
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -502,6 +515,10 @@ func expandClusterConfig(d *schema.ResourceData, config *Config) (*dataproc.Clus
 		conf.InitializationActions = expandInitializationActions(v)
 	}
 
+	if cfg, ok := configOptions(d, "cluster_config.0.encryption_config"); ok {
+		conf.EncryptionConfig = expandEncryptionConfig(cfg)
+	}
+
 	if cfg, ok := configOptions(d, "cluster_config.0.master_config"); ok {
 		log.Println("[INFO] got master_config")
 		conf.MasterConfig = expandInstanceGroupConfig(cfg)
@@ -588,6 +605,14 @@ func expandSoftwareConfig(cfg map[string]interface{}) *dataproc.SoftwareConfig {
 	return conf
 }
 
+func expandEncryptionConfig(cfg map[string]interface{}) *dataproc.EncryptionConfig {
+	conf := &dataproc.EncryptionConfig{}
+	if v, ok := cfg["kms_key_name"]; ok {
+		conf.GcePdKmsKeyName = v.(string)
+	}
+	return conf
+}
+
 func expandInitializationActions(v interface{}) []*dataproc.NodeInitializationAction {
 	actionList := v.([]interface{})
 
@@ -796,6 +821,7 @@ func flattenClusterConfig(d *schema.ResourceData, cfg *dataproc.ClusterConfig) (
 		"master_config":             flattenInstanceGroupConfig(d, cfg.MasterConfig),
 		"worker_config":             flattenInstanceGroupConfig(d, cfg.WorkerConfig),
 		"preemptible_worker_config": flattenPreemptibleInstanceGroupConfig(d, cfg.SecondaryWorkerConfig),
+		"encryption_config":         flattenEncryptionConfig(d, cfg.EncryptionConfig),
 	}
 
 	if len(cfg.InitializationActions) > 0 {
@@ -818,6 +844,14 @@ func flattenSoftwareConfig(d *schema.ResourceData, sc *dataproc.SoftwareConfig)
 	return []map[string]interface{}{data}
 }
 
+func flattenEncryptionConfig(d *schema.ResourceData, ec *dataproc.EncryptionConfig) []map[string]interface{} {
+	data := map[string]interface{}{
+		"kms_key_name": ec.GcePdKmsKeyName,
+	}
+
+	return []map[string]interface{}{data}
+}
+
 func flattenAccelerators(accelerators []*dataproc.AcceleratorConfig) interface{} {
 	acceleratorsTypeSet := schema.NewSet(schema.HashResource(acceleratorsSchema()), []interface{}{})
 	for _, accelerator := range accelerators {

website/docs/r/dataproc_cluster.html.markdown

@@ -139,6 +139,7 @@ The `cluster_config` block supports:
 
         # You can define multiple initialization_action blocks
         initialization_action     { ... }
+        encryption_config         { ... }
     }
 ```
 
@@ -168,6 +169,8 @@ The `cluster_config` block supports:
 * `initialization_action` (Optional) Commands to execute on each node after config is completed.
    You can specify multiple versions of these. Structure defined below.
 
+* `encryption_config` (Optional) The Customer managed encryption keys settings for the cluster.
+   Structure defined below.
 - - -
 
 The `cluster_config.gce_cluster_config` block supports:
@@ -418,6 +421,22 @@ The `initialization_action` block (Optional) can be specified multiple times and
    allowed to take to execute its action. GCP will default to a predetermined
    computed value if not set (currently 300).
 
+- - -
+
+The `encryption_config` block supports:
+
+```hcl
+    cluster_config {
+        encryption_config {
+            kms_key_name = "projects/projectId/locations/region/keyRings/keyRingName/cryptoKeys/keyName"
+        }
+    }
+}
+```
+
+* `kms_key_name` - (Required) The Cloud KMS key name to use for PD disk encryption for
+   all instances in the cluster.
+
 ## Attributes Reference
 
 In addition to the arguments listed above, the following computed attributes are