Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for creating instances with CMEK #3481

Merged
merged 8 commits into from
May 13, 2019

Conversation

zachberger
Copy link
Contributor

@zachberger zachberger commented Apr 23, 2019

This adds support for creating google_compute_instance with a Customer-managed encryption key.

@ghost ghost added the size/s label Apr 23, 2019
@ghost ghost added the documentation label Apr 23, 2019
@danawillow danawillow self-requested a review May 3, 2019 20:07
Copy link
Contributor

@danawillow danawillow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @zachberger! Sorry for the delay. Here are some comments :)

google/resource_compute_instance_test.go Show resolved Hide resolved
google/resource_compute_instance_test.go Show resolved Hide resolved
google/resource_compute_instance.go Outdated Show resolved Hide resolved
google/resource_compute_instance.go Outdated Show resolved Hide resolved
google/resource_compute_instance.go Show resolved Hide resolved
@ghost ghost added size/l and removed size/m labels May 3, 2019
@zachberger
Copy link
Contributor Author

@danawillow I believe I've addressed all comments. Thanks!

@zachberger
Copy link
Contributor Author

@danawillow I've been able to run and fix the tests. PTAL. Thanks for all of the guidance.

@@ -1501,8 +1541,18 @@ func expandBootDisk(d *schema.ResourceData, config *Config, zone *compute.Zone,
}

if v, ok := d.GetOk("boot_disk.0.disk_encryption_key_raw"); ok {
disk.DiskEncryptionKey = &computeBeta.CustomerEncryptionKey{
RawKey: v.(string),
if v != "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious, did you run into any cases where d.GetOk returned true, but the value was empty?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I ask because that should be impossible, and so the code could be a tiny bit cleaner without the extra != "" checks)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without the check the API was complaining that I was trying to create a disk with a customer-supplied encryption key without specifying a key.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm that's surprising. I don't think it's worth either of our time to really dig in though since it seems to work just fine with the checks. Thanks!

Copy link
Contributor

@danawillow danawillow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests are passing, looks good! I'll go ahead and upstream this into magic modules.

@ghost
Copy link

ghost commented Jun 13, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked and limited conversation to collaborators Jun 13, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants