-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for creating instances with CMEK #3481
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @zachberger! Sorry for the delay. Here are some comments :)
@danawillow I believe I've addressed all comments. Thanks! |
@danawillow I've been able to run and fix the tests. PTAL. Thanks for all of the guidance. |
@@ -1501,8 +1541,18 @@ func expandBootDisk(d *schema.ResourceData, config *Config, zone *compute.Zone, | |||
} | |||
|
|||
if v, ok := d.GetOk("boot_disk.0.disk_encryption_key_raw"); ok { | |||
disk.DiskEncryptionKey = &computeBeta.CustomerEncryptionKey{ | |||
RawKey: v.(string), | |||
if v != "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just curious, did you run into any cases where d.GetOk returned true, but the value was empty?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(I ask because that should be impossible, and so the code could be a tiny bit cleaner without the extra != ""
checks)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Without the check the API was complaining that I was trying to create a disk with a customer-supplied encryption key without specifying a key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm that's surprising. I don't think it's worth either of our time to really dig in though since it seems to work just fine with the checks. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tests are passing, looks good! I'll go ahead and upstream this into magic modules.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
This adds support for creating google_compute_instance with a Customer-managed encryption key.