From af43950cc4d66f22fe9c09649b629b5e2ce02091 Mon Sep 17 00:00:00 2001
From: Riley Karson <rileykarson@google.com>
Date: Wed, 9 Oct 2019 08:45:46 -0700
Subject: [PATCH] Add validation for scratch disks in Instance Template (#2282)

* Add validation for scratch disks

* Remove source from scratch disk

* Use hardcoded image

* Add reverse logic
---
 .../resource_compute_instance_template.go     | 27 +++++++++-
 ...resource_compute_instance_template_test.go | 53 +++++++++++++++++++
 2 files changed, 78 insertions(+), 2 deletions(-)

diff --git a/third_party/terraform/resources/resource_compute_instance_template.go b/third_party/terraform/resources/resource_compute_instance_template.go
index aa332f2d9c31..a882251209e7 100644
--- a/third_party/terraform/resources/resource_compute_instance_template.go
+++ b/third_party/terraform/resources/resource_compute_instance_template.go
@@ -5,9 +5,11 @@ import (
 	"reflect"
 
 	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/customdiff"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+
 	computeBeta "google.golang.org/api/compute/v0.beta"
 )
 
@@ -20,8 +22,11 @@ func resourceComputeInstanceTemplate() *schema.Resource {
 			State: schema.ImportStatePassthrough,
 		},
 		SchemaVersion: 1,
-		CustomizeDiff: resourceComputeInstanceTemplateSourceImageCustomizeDiff,
-		MigrateState:  resourceComputeInstanceTemplateMigrateState,
+		CustomizeDiff: customdiff.All(
+			resourceComputeInstanceTemplateSourceImageCustomizeDiff,
+			resourceComputeInstanceTemplateScratchDiskCustomizeDiff,
+		),
+		MigrateState: resourceComputeInstanceTemplateMigrateState,
 
 		// A compute instance template is more or less a subset of a compute
 		// instance. Please attempt to maintain consistency with the
@@ -515,6 +520,24 @@ func resourceComputeInstanceTemplateSourceImageCustomizeDiff(diff *schema.Resour
 	return nil
 }
 
+func resourceComputeInstanceTemplateScratchDiskCustomizeDiff(diff *schema.ResourceDiff, meta interface{}) error {
+	numDisks := diff.Get("disk.#").(int)
+	for i := 0; i < numDisks; i++ {
+		// misspelled on purpose, type is a special symbol
+		typee := diff.Get(fmt.Sprintf("disk.%d.type", i)).(string)
+		diskType := diff.Get(fmt.Sprintf("disk.%d.disk_type", i)).(string)
+		if typee == "SCRATCH" && diskType != "local-ssd" {
+			return fmt.Errorf("SCRATCH disks must have a disk_type of local-ssd. disk %d has disk_type %s", i, diskType)
+		}
+
+		if diskType == "local-ssd" && typee != "SCRATCH" {
+			return fmt.Errorf("disks with a disk_type of local-ssd must be SCRATCH disks. disk %d is a %s disk", i, typee)
+		}
+	}
+
+	return nil
+}
+
 func buildDisks(d *schema.ResourceData, config *Config) ([]*computeBeta.AttachedDisk, error) {
 	project, err := getProject(d, config)
 	if err != nil {
diff --git a/third_party/terraform/tests/resource_compute_instance_template_test.go b/third_party/terraform/tests/resource_compute_instance_template_test.go
index 0e3dae6e0756..5b5fd2f58153 100644
--- a/third_party/terraform/tests/resource_compute_instance_template_test.go
+++ b/third_party/terraform/tests/resource_compute_instance_template_test.go
@@ -736,6 +736,21 @@ func TestAccComputeInstanceTemplate_shieldedVmConfig2(t *testing.T) {
 	})
 }
 
+func TestAccComputeInstanceTemplate_invalidDiskType(t *testing.T) {
+	t.Parallel()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config:      testAccComputeInstanceTemplate_invalidDiskType(),
+				ExpectError: regexp.MustCompile("SCRATCH disks must have a disk_type of local-ssd"),
+			},
+		},
+	})
+}
+
 func testAccCheckComputeInstanceTemplateDestroy(s *terraform.State) error {
 	config := testAccProvider.Meta().(*Config)
 
@@ -1868,3 +1883,41 @@ resource "google_compute_instance_template" "foobar" {
 	}
 }`, acctest.RandString(10), enableSecureBoot, enableVtpm, enableIntegrityMonitoring)
 }
+
+func testAccComputeInstanceTemplate_invalidDiskType() string {
+	return fmt.Sprintf(`
+# Use this datasource insead of hardcoded values when https://github.com/hashicorp/terraform/issues/22679
+# is resolved.
+# data "google_compute_image" "my_image" {
+# 	family  = "centos-7"
+# 	project = "gce-uefi-images"
+# }
+
+resource "google_compute_instance_template" "foobar" {
+	name = "instancet-test-%s"
+	machine_type = "n1-standard-1"
+	can_ip_forward = false
+
+	disk {
+		source_image = "https://www.googleapis.com/compute/v1/projects/gce-uefi-images/global/images/centos-7-v20190729"
+		auto_delete = true
+		boot = true
+	}
+
+	disk {
+		auto_delete = true
+		type = "SCRATCH"
+		disk_type = "local-ssd"
+	}
+
+	disk {
+		source_image = "https://www.googleapis.com/compute/v1/projects/gce-uefi-images/global/images/centos-7-v20190729"
+		auto_delete = true
+		type = "SCRATCH"
+	}
+
+	network_interface {
+		network = "default"
+	}
+}`, acctest.RandString(10))
+}