diff --git a/ibm/service/vpc/data_source_ibm_is_bare_metal_server.go b/ibm/service/vpc/data_source_ibm_is_bare_metal_server.go index 5829883706..52ebee951c 100644 --- a/ibm/service/vpc/data_source_ibm_is_bare_metal_server.go +++ b/ibm/service/vpc/data_source_ibm_is_bare_metal_server.go @@ -44,6 +44,38 @@ func DataSourceIBMIsBareMetalServer() *schema.Resource { Computed: true, Description: "The total bandwidth (in megabits per second)", }, + isBareMetalServerEnableSecureBoot: { + Type: schema.TypeBool, + Computed: true, + Description: "Indicates whether secure boot is enabled. If enabled, the image must support secure boot or the server will fail to boot.", + }, + + isBareMetalServerTrustedPlatformModule: { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + isBareMetalServerTrustedPlatformModuleMode: { + Type: schema.TypeString, + Computed: true, + Description: "The trusted platform module mode to use. The specified value must be listed in the bare metal server profile's supported_trusted_platform_module_modes", + }, + isBareMetalServerTrustedPlatformModuleEnabled: { + Type: schema.TypeBool, + Computed: true, + Description: "Indicates whether the trusted platform module is enabled.", + }, + isBareMetalServerTrustedPlatformModuleSupportedModes: { + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: flex.ResourceIBMVPCHash, + Computed: true, + Description: "The trusted platform module (TPM) mode:: disabled: No TPM functionality, tpm_2: TPM 2.0. The enumerated values for this property are expected to expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the resource on which the unexpected property value was encountered. Enum: [ disabled, tpm_2 ]", + }, + }, + }, + }, + isBareMetalServerBootTarget: { Type: schema.TypeString, Computed: true, @@ -505,6 +537,23 @@ func dataSourceIBMISBareMetalServerRead(context context.Context, d *schema.Resou if err = d.Set("identifier", *bms.ID); err != nil { return diag.FromErr(fmt.Errorf("[ERROR] Error setting identifier: %s", err)) } + + //enable secure boot + if err = d.Set(isBareMetalServerEnableSecureBoot, bms.EnableSecureBoot); err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] Error setting enable_secure_boot: %s", err)) + } + + // tpm + if bms.TrustedPlatformModule != nil { + trustedPlatformModuleMap, err := resourceIBMIsBareMetalServerBareMetalServerTrustedPlatformModulePrototypeToMap(bms.TrustedPlatformModule) + if err != nil { + return diag.FromErr(err) + } + if err = d.Set(isBareMetalServerTrustedPlatformModule, []map[string]interface{}{trustedPlatformModuleMap}); err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] Error setting trusted_platform_module: %s", err)) + } + } + //pni if bms.PrimaryNetworkInterface != nil { diff --git a/ibm/service/vpc/data_source_ibm_is_bare_metal_servers.go b/ibm/service/vpc/data_source_ibm_is_bare_metal_servers.go index 3b741b0515..b659a318b2 100644 --- a/ibm/service/vpc/data_source_ibm_is_bare_metal_servers.go +++ b/ibm/service/vpc/data_source_ibm_is_bare_metal_servers.go @@ -88,6 +88,37 @@ func DataSourceIBMIsBareMetalServers() *schema.Resource { Computed: true, Description: "The total bandwidth (in megabits per second)", }, + isBareMetalServerEnableSecureBoot: { + Type: schema.TypeBool, + Computed: true, + Description: "Indicates whether secure boot is enabled. If enabled, the image must support secure boot or the server will fail to boot.", + }, + + isBareMetalServerTrustedPlatformModule: { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + isBareMetalServerTrustedPlatformModuleMode: { + Type: schema.TypeString, + Computed: true, + Description: "The trusted platform module mode to use. The specified value must be listed in the bare metal server profile's supported_trusted_platform_module_modes", + }, + isBareMetalServerTrustedPlatformModuleEnabled: { + Type: schema.TypeBool, + Computed: true, + Description: "Indicates whether the trusted platform module is enabled.", + }, + isBareMetalServerTrustedPlatformModuleSupportedModes: { + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: flex.ResourceIBMVPCHash, + Computed: true, + Description: "The trusted platform module (TPM) mode:: disabled: No TPM functionality, tpm_2: TPM 2.0. The enumerated values for this property are expected to expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the resource on which the unexpected property value was encountered. Enum: [ disabled, tpm_2 ]", + }, + }, + }, + }, isBareMetalServerBootTarget: { Type: schema.TypeString, Computed: true, @@ -527,6 +558,21 @@ func dataSourceIBMISBareMetalServersRead(context context.Context, d *schema.Reso l[isBareMetalServerHref] = *bms.Href l[isBareMetalServerMemory] = *bms.Memory l[isBareMetalServerProfile] = *bms.Profile.Name + + //enable secure boot + if bms.EnableSecureBoot != nil { + l[isBareMetalServerEnableSecureBoot] = bms.EnableSecureBoot + } + + // tpm + if bms.TrustedPlatformModule != nil { + trustedPlatformModuleMap, err := resourceIBMIsBareMetalServerBareMetalServerTrustedPlatformModulePrototypeToMap(bms.TrustedPlatformModule) + if err != nil { + return diag.FromErr(err) + } + l[isBareMetalServerTrustedPlatformModule] = []map[string]interface{}{trustedPlatformModuleMap} + } + //pni if bms.PrimaryNetworkInterface != nil && bms.PrimaryNetworkInterface.ID != nil { diff --git a/ibm/service/vpc/resource_ibm_is_bare_metal_server.go b/ibm/service/vpc/resource_ibm_is_bare_metal_server.go index 4dc6112b7f..f8b109f42c 100644 --- a/ibm/service/vpc/resource_ibm_is_bare_metal_server.go +++ b/ibm/service/vpc/resource_ibm_is_bare_metal_server.go @@ -17,6 +17,7 @@ import ( "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/validate" + "github.com/IBM/go-sdk-core/v5/core" "github.com/IBM/vpc-go-sdk/vpcv1" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" @@ -25,59 +26,64 @@ import ( ) const ( - isBareMetalServerAction = "action" - isBareMetalServerBandwidth = "bandwidth" - isBareMetalServerBootTarget = "boot_target" - isBareMetalServerCreatedAt = "created_at" - isBareMetalServerCPU = "cpu" - isBareMetalServerCPUArchitecture = "architecture" - isBareMetalServerCPUCoreCount = "core_count" - isBareMetalServerCpuSocketCount = "socket_count" - isBareMetalServerCpuThreadPerCore = "threads_per_core" - isBareMetalServerCRN = "crn" - isBareMetalServerDisks = "disks" - isBareMetalServerDiskID = "id" - isBareMetalServerDiskSize = "size" - isBareMetalServerDiskName = "name" - isBareMetalServerDiskInterfaceType = "interface_type" - isBareMetalServerHref = "href" - isBareMetalServerMemory = "memory" - isBareMetalServerTags = "tags" - isBareMetalServerName = "name" - isBareMetalServerNetworkInterfaces = "network_interfaces" - isBareMetalServerPrimaryNetworkInterface = "primary_network_interface" - isBareMetalServerProfile = "profile" - isBareMetalServerResourceGroup = "resource_group" - isBareMetalServerResourceType = "resource_type" - isBareMetalServerStatus = "status" - isBareMetalServerStatusReasons = "status_reasons" - isBareMetalServerVPC = "vpc" - isBareMetalServerZone = "zone" - isBareMetalServerStatusReasonsCode = "code" - isBareMetalServerStatusReasonsMessage = "message" - isBareMetalServerStatusReasonsMoreInfo = "more_info" - isBareMetalServerDeleteType = "delete_type" - isBareMetalServerImage = "image" - isBareMetalServerKeys = "keys" - isBareMetalServerUserData = "user_data" - isBareMetalServerNicName = "name" - isBareMetalServerNicPortSpeed = "port_speed" - isBareMetalServerNicAllowIPSpoofing = "allow_ip_spoofing" - isBareMetalServerNicSecurityGroups = "security_groups" - isBareMetalServerNicSubnet = "subnet" - isBareMetalServerUserAccounts = "user_accounts" - isBareMetalServerActionDeleting = "deleting" - isBareMetalServerActionDeleted = "deleted" - isBareMetalServerActionStatusStopping = "stopping" - isBareMetalServerActionStatusStopped = "stopped" - isBareMetalServerActionStatusStarting = "starting" - isBareMetalServerStatusRunning = "running" - isBareMetalServerStatusPending = "pending" - isBareMetalServerStatusRestarting = "restarting" - isBareMetalServerStatusFailed = "failed" - isBareMetalServerAccessTags = "access_tags" - isBareMetalServerUserTagType = "user" - isBareMetalServerAccessTagType = "access" + isBareMetalServerAction = "action" + isBareMetalServerEnableSecureBoot = "enable_secure_boot" + isBareMetalServerTrustedPlatformModule = "trusted_platform_module" + isBareMetalServerTrustedPlatformModuleMode = "mode" + isBareMetalServerTrustedPlatformModuleEnabled = "enabled" + isBareMetalServerTrustedPlatformModuleSupportedModes = "supported_modes" + isBareMetalServerBandwidth = "bandwidth" + isBareMetalServerBootTarget = "boot_target" + isBareMetalServerCreatedAt = "created_at" + isBareMetalServerCPU = "cpu" + isBareMetalServerCPUArchitecture = "architecture" + isBareMetalServerCPUCoreCount = "core_count" + isBareMetalServerCpuSocketCount = "socket_count" + isBareMetalServerCpuThreadPerCore = "threads_per_core" + isBareMetalServerCRN = "crn" + isBareMetalServerDisks = "disks" + isBareMetalServerDiskID = "id" + isBareMetalServerDiskSize = "size" + isBareMetalServerDiskName = "name" + isBareMetalServerDiskInterfaceType = "interface_type" + isBareMetalServerHref = "href" + isBareMetalServerMemory = "memory" + isBareMetalServerTags = "tags" + isBareMetalServerName = "name" + isBareMetalServerNetworkInterfaces = "network_interfaces" + isBareMetalServerPrimaryNetworkInterface = "primary_network_interface" + isBareMetalServerProfile = "profile" + isBareMetalServerResourceGroup = "resource_group" + isBareMetalServerResourceType = "resource_type" + isBareMetalServerStatus = "status" + isBareMetalServerStatusReasons = "status_reasons" + isBareMetalServerVPC = "vpc" + isBareMetalServerZone = "zone" + isBareMetalServerStatusReasonsCode = "code" + isBareMetalServerStatusReasonsMessage = "message" + isBareMetalServerStatusReasonsMoreInfo = "more_info" + isBareMetalServerDeleteType = "delete_type" + isBareMetalServerImage = "image" + isBareMetalServerKeys = "keys" + isBareMetalServerUserData = "user_data" + isBareMetalServerNicName = "name" + isBareMetalServerNicPortSpeed = "port_speed" + isBareMetalServerNicAllowIPSpoofing = "allow_ip_spoofing" + isBareMetalServerNicSecurityGroups = "security_groups" + isBareMetalServerNicSubnet = "subnet" + isBareMetalServerUserAccounts = "user_accounts" + isBareMetalServerActionDeleting = "deleting" + isBareMetalServerActionDeleted = "deleted" + isBareMetalServerActionStatusStopping = "stopping" + isBareMetalServerActionStatusStopped = "stopped" + isBareMetalServerActionStatusStarting = "starting" + isBareMetalServerStatusRunning = "running" + isBareMetalServerStatusPending = "pending" + isBareMetalServerStatusRestarting = "restarting" + isBareMetalServerStatusFailed = "failed" + isBareMetalServerAccessTags = "access_tags" + isBareMetalServerUserTagType = "user" + isBareMetalServerAccessTagType = "access" ) func ResourceIBMIsBareMetalServer() *schema.Resource { @@ -122,6 +128,43 @@ func ResourceIBMIsBareMetalServer() *schema.Resource { Description: "Bare metal server name", }, + isBareMetalServerEnableSecureBoot: { + Type: schema.TypeBool, + Optional: true, + Computed: true, + Description: "Indicates whether secure boot is enabled. If enabled, the image must support secure boot or the server will fail to boot.", + }, + + isBareMetalServerTrustedPlatformModule: { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + isBareMetalServerTrustedPlatformModuleMode: { + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validate.InvokeValidator("ibm_is_bare_metal_server", isBareMetalServerTrustedPlatformModuleMode), + Description: "The trusted platform module mode to use. The specified value must be listed in the bare metal server profile's supported_trusted_platform_module_modes", + }, + isBareMetalServerTrustedPlatformModuleEnabled: { + Type: schema.TypeBool, + Computed: true, + Description: "Indicates whether the trusted platform module is enabled.", + }, + isBareMetalServerTrustedPlatformModuleSupportedModes: { + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: flex.ResourceIBMVPCHash, + Computed: true, + Description: "The trusted platform module (TPM) mode:: disabled: No TPM functionality, tpm_2: TPM 2.0. The enumerated values for this property are expected to expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the resource on which the unexpected property value was encountered. Enum: [ disabled, tpm_2 ]", + }, + }, + }, + }, + isBareMetalServerAction: { Type: schema.TypeString, Optional: true, @@ -587,6 +630,7 @@ func ResourceIBMIsBareMetalServer() *schema.Resource { func ResourceIBMIsBareMetalServerValidator() *validate.ResourceValidator { bareMetalServerActions := "start, restart, stop" + tpmModes := "disabled, tpm_2" interface_types := "pci, hipersocket" validateSchema := make([]validate.ValidateSchema, 1) @@ -625,6 +669,13 @@ func ResourceIBMIsBareMetalServerValidator() *validate.ResourceValidator { Type: validate.TypeString, Required: true, AllowedValues: bareMetalServerActions}) + validateSchema = append(validateSchema, + validate.ValidateSchema{ + Identifier: isBareMetalServerTrustedPlatformModuleMode, + ValidateFunctionIdentifier: validate.ValidateAllowedStringValue, + Type: validate.TypeString, + Required: true, + AllowedValues: tpmModes}) validateSchema = append(validateSchema, validate.ValidateSchema{ @@ -650,6 +701,23 @@ func resourceIBMISBareMetalServerCreate(context context.Context, d *schema.Resou if image, ok := d.GetOk(isBareMetalServerImage); ok { imageStr = image.(string) } + + // enable secure boot + + if _, ok := d.GetOkExists(isBareMetalServerEnableSecureBoot); ok { + options.SetEnableSecureBoot(d.Get(isBareMetalServerEnableSecureBoot).(bool)) + } + + // trusted_platform_module + + if _, ok := d.GetOk(isBareMetalServerTrustedPlatformModule); ok { + trustedPlatformModuleModel, err := resourceIBMIsBareMetalServerMapToBareMetalServerTrustedPlatformModulePrototype(d.Get("trusted_platform_module.0").(map[string]interface{})) + if err != nil { + return diag.FromErr(err) + } + options.SetTrustedPlatformModule(trustedPlatformModuleModel) + } + keySet := d.Get(isBareMetalServerKeys).(*schema.Set) if keySet.Len() != 0 { keyobjs := make([]vpcv1.KeyIdentityIntf, keySet.Len()) @@ -1307,6 +1375,22 @@ func bareMetalServerGet(context context.Context, d *schema.ResourceData, meta in d.Set(isBareMetalServerCPU, cpuList) d.Set(isBareMetalServerCRN, *bms.CRN) + //enable secure boot + if err = d.Set(isBareMetalServerEnableSecureBoot, bms.EnableSecureBoot); err != nil { + return fmt.Errorf("[ERROR] Error setting enable_secure_boot: %s", err) + } + + // tpm + if bms.TrustedPlatformModule != nil { + trustedPlatformModuleMap, err := resourceIBMIsBareMetalServerBareMetalServerTrustedPlatformModulePrototypeToMap(bms.TrustedPlatformModule) + if err != nil { + return (err) + } + if err = d.Set(isBareMetalServerTrustedPlatformModule, []map[string]interface{}{trustedPlatformModuleMap}); err != nil { + return fmt.Errorf("[ERROR] Error setting trusted_platform_module: %s", err) + } + } + diskList := make([]map[string]interface{}, 0) if bms.Disks != nil { for _, disk := range bms.Disks { @@ -1646,7 +1730,7 @@ func bareMetalServerUpdate(context context.Context, d *schema.ResourceData, meta if err != nil { return err } - + isServerStopped := false if d.HasChange(isBareMetalServerTags) || d.HasChange(isBareMetalServerAccessTags) { bmscrn := d.Get(isBareMetalServerCRN).(string) if bmscrn == "" { @@ -1762,7 +1846,7 @@ func bareMetalServerUpdate(context context.Context, d *schema.ResourceData, meta } } if flag { - err = resourceStopServerIfRunning(id, "hard", d, context, sess) + isServerStopped, err = resourceStopServerIfRunning(id, "hard", d, context, sess, isServerStopped) if err != nil { return err } @@ -1780,12 +1864,6 @@ func bareMetalServerUpdate(context context.Context, d *schema.ResourceData, meta } } - if flag { - err = resourceStartServerIfStopped(id, "hard", d, context, sess) - if err != nil { - return err - } - } } add := ns.Difference(os).List() if len(add) > 0 { @@ -1799,7 +1877,7 @@ func bareMetalServerUpdate(context context.Context, d *schema.ResourceData, meta } } if flag { - err = resourceStopServerIfRunning(id, "hard", d, context, sess) + isServerStopped, err = resourceStopServerIfRunning(id, "hard", d, context, sess, isServerStopped) if err != nil { return err } @@ -2147,12 +2225,6 @@ func bareMetalServerUpdate(context context.Context, d *schema.ResourceData, meta return err } } - if flag { - err = resourceStartServerIfStopped(id, "hard", d, context, sess) - if err != nil { - return err - } - } } @@ -2242,6 +2314,29 @@ func bareMetalServerUpdate(context context.Context, d *schema.ResourceData, meta bmsPatchModel := &vpcv1.BareMetalServerPatch{} flag := false + if d.HasChange(isBareMetalServerEnableSecureBoot) { + newEnableSecureBoot := d.Get(isBareMetalServerEnableSecureBoot).(bool) + bmsPatchModel.EnableSecureBoot = &newEnableSecureBoot + flag = true + isServerStopped, err = resourceStopServerIfRunning(id, "hard", d, context, sess, isServerStopped) + if err != nil { + return err + } + } + + // tpm + if d.HasChange("trusted_platform_module") && d.HasChange("trusted_platform_module.0.mode") { + bareMetalServerTrustedPlatformModulePatch := &vpcv1.BareMetalServerTrustedPlatformModulePatch{} + newModeTPM := d.Get("trusted_platform_module.0.mode").(string) + bareMetalServerTrustedPlatformModulePatch.Mode = &newModeTPM + bmsPatchModel.TrustedPlatformModule = bareMetalServerTrustedPlatformModulePatch + flag = true + isServerStopped, err = resourceStopServerIfRunning(id, "hard", d, context, sess, isServerStopped) + if err != nil { + return err + } + } + if d.HasChange(isBareMetalServerPrimaryNetworkInterface) { nicId := d.Get("primary_network_interface.0.id").(string) @@ -2354,6 +2449,14 @@ func bareMetalServerUpdate(context context.Context, d *schema.ResourceData, meta isBareMetalServerRestart(sess, d.Id(), d, 10) } } + + if flag || isServerStopped { + isServerStopped, err = resourceStartServerIfStopped(id, "hard", d, context, sess, isServerStopped) + if err != nil { + return err + } + } + return nil } @@ -2642,16 +2745,16 @@ func resourceIBMBMSNicSet(v interface{}) int { return conns.String(buf.String()) } -func resourceStopServerIfRunning(id, stoppingType string, d *schema.ResourceData, context context.Context, sess *vpcv1.VpcV1) error { +func resourceStopServerIfRunning(id, stoppingType string, d *schema.ResourceData, context context.Context, sess *vpcv1.VpcV1, isServerStopped bool) (bool, error) { getBmsOptions := &vpcv1.GetBareMetalServerOptions{ ID: &id, } bms, response, err := sess.GetBareMetalServerWithContext(context, getBmsOptions) if err != nil { if response != nil && response.StatusCode == 404 { - return nil + return isServerStopped, nil } - return fmt.Errorf("[ERROR] Error Getting Bare Metal Server (%s): %s\n%s", id, err, response) + return isServerStopped, fmt.Errorf("[ERROR] Error Getting Bare Metal Server (%s): %s\n%s", id, err, response) } if *bms.Status == "running" { @@ -2662,24 +2765,24 @@ func resourceStopServerIfRunning(id, stoppingType string, d *schema.ResourceData response, err := sess.StopBareMetalServerWithContext(context, options) if err != nil && response != nil && response.StatusCode != 204 { - return fmt.Errorf("[ERROR] Error stopping Bare Metal Server (%s): %s\n%s", id, err, response) + return isServerStopped, fmt.Errorf("[ERROR] Error stopping Bare Metal Server (%s): %s\n%s", id, err, response) } + isServerStopped = true isWaitForBareMetalServerActionStop(sess, d.Timeout(schema.TimeoutDelete), id, d) - } - return nil + return isServerStopped, nil } -func resourceStartServerIfStopped(id, stoppingType string, d *schema.ResourceData, context context.Context, sess *vpcv1.VpcV1) error { +func resourceStartServerIfStopped(id, stoppingType string, d *schema.ResourceData, context context.Context, sess *vpcv1.VpcV1, isServerStopped bool) (bool, error) { getBmsOptions := &vpcv1.GetBareMetalServerOptions{ ID: &id, } bms, response, err := sess.GetBareMetalServerWithContext(context, getBmsOptions) if err != nil { if response != nil && response.StatusCode == 404 { - return nil + return isServerStopped, nil } - return fmt.Errorf("[ERROR] Error Getting Bare Metal Server (%s): %s\n%s", id, err, response) + return isServerStopped, fmt.Errorf("[ERROR] Error Getting Bare Metal Server (%s): %s\n%s", id, err, response) } if *bms.Status == "stopped" { @@ -2689,14 +2792,40 @@ func resourceStartServerIfStopped(id, stoppingType string, d *schema.ResourceDat response, err := sess.StartBareMetalServer(createbmsactoptions) if err != nil { if response != nil && response.StatusCode == 404 { - return nil + return isServerStopped, nil } - return fmt.Errorf("[ERROR] Error creating Bare Metal Server action start : %s\n%s", err, response) + return isServerStopped, fmt.Errorf("[ERROR] Error creating Bare Metal Server action start : %s\n%s", err, response) } + isServerStopped = true _, err = isWaitForBareMetalServerAvailable(sess, d.Id(), d.Timeout(schema.TimeoutUpdate), d) if err != nil { - return err + return isServerStopped, err } } - return nil + return isServerStopped, nil +} + +func resourceIBMIsBareMetalServerMapToBareMetalServerTrustedPlatformModulePrototype(modelMap map[string]interface{}) (*vpcv1.BareMetalServerTrustedPlatformModulePrototype, error) { + model := &vpcv1.BareMetalServerTrustedPlatformModulePrototype{} + // if modelMap[isBareMetalServerTrustedPlatformModuleEnabled] != nil { + // model.Enabled = core.BoolPtr(modelMap[isBareMetalServerTrustedPlatformModuleEnabled].(bool)) + // } + if modelMap[isBareMetalServerTrustedPlatformModuleMode] != nil && modelMap[isBareMetalServerTrustedPlatformModuleMode].(string) != "" { + model.Mode = core.StringPtr(modelMap[isBareMetalServerTrustedPlatformModuleMode].(string)) + } + return model, nil +} + +func resourceIBMIsBareMetalServerBareMetalServerTrustedPlatformModulePrototypeToMap(model *vpcv1.BareMetalServerTrustedPlatformModule) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.Enabled != nil { + modelMap[isBareMetalServerTrustedPlatformModuleEnabled] = model.Enabled + } + if model.Mode != nil { + modelMap[isBareMetalServerTrustedPlatformModuleMode] = model.Mode + } + if model.SupportedModes != nil { + modelMap[isBareMetalServerTrustedPlatformModuleSupportedModes] = model.SupportedModes + } + return modelMap, nil } diff --git a/ibm/service/vpc/resource_ibm_is_bare_metal_server_test.go b/ibm/service/vpc/resource_ibm_is_bare_metal_server_test.go index c6c625cf9e..70e47c6719 100644 --- a/ibm/service/vpc/resource_ibm_is_bare_metal_server_test.go +++ b/ibm/service/vpc/resource_ibm_is_bare_metal_server_test.go @@ -46,6 +46,57 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCKVmnMOlHKcZK8tpt3MP1lqOLAcqcJzhsvJcjscgVE }, }) } +func TestAccIBMISBareMetalServer_SecureBoot_tpm(t *testing.T) { + var server string + vpcname := fmt.Sprintf("tf-vpc-%d", acctest.RandIntRange(10, 100)) + name := fmt.Sprintf("tf-server-%d", acctest.RandIntRange(10, 100)) + subnetname := fmt.Sprintf("tfip-subnet-%d", acctest.RandIntRange(10, 100)) + publicKey := strings.TrimSpace(` +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCKVmnMOlHKcZK8tpt3MP1lqOLAcqcJzhsvJcjscgVERRN7/9484SOBJ3HSKxxNG5JN8owAjy5f9yYwcUg+JaUVuytn5Pv3aeYROHGGg+5G346xaq3DAwX6Y5ykr2fvjObgncQBnuU5KHWCECO/4h8uWuwh/kfniXPVjFToc+gnkqA+3RKpAecZhFXwfalQ9mMuYGFxn+fwn8cYEApsJbsEmb0iJwPiZ5hjFC8wREuiTlhPHDgkBLOiycd20op2nXzDbHfCHInquEe/gYxEitALONxm0swBOwJZwlTDOB7C6y2dzlrtxr1L59m7pCkWI4EtTRLvleehBoj3u7jB4usR +`) + tpm1 := "disabled" + tpm2 := "tpm_2" + secureBootTrue := true + secureBootFalse := false + + sshname := fmt.Sprintf("tf-sshname-%d", acctest.RandIntRange(10, 100)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMISBareMetalServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMISBareMetalServerSecureBootTpmConfig(vpcname, subnetname, sshname, publicKey, tpm2, name, secureBootFalse), + Check: resource.ComposeTestCheckFunc( + testAccCheckIBMISBareMetalServerExists("ibm_is_bare_metal_server.testacc_bms", server), + resource.TestCheckResourceAttr( + "ibm_is_bare_metal_server.testacc_bms", "name", name), + resource.TestCheckResourceAttr( + "ibm_is_bare_metal_server.testacc_bms", "zone", acc.ISZoneName), + resource.TestCheckResourceAttr( + "ibm_is_bare_metal_server.testacc_bms", "enable_secure_boot", fmt.Sprintf("%t", secureBootFalse)), + resource.TestCheckResourceAttr( + "ibm_is_bare_metal_server.testacc_bms", "trusted_platform_module.0.mode", tpm2), + ), + }, + { + Config: testAccCheckIBMISBareMetalServerSecureBootTpmConfig(vpcname, subnetname, sshname, publicKey, tpm1, name, secureBootTrue), + Check: resource.ComposeTestCheckFunc( + testAccCheckIBMISBareMetalServerExists("ibm_is_bare_metal_server.testacc_bms", server), + resource.TestCheckResourceAttr( + "ibm_is_bare_metal_server.testacc_bms", "name", name), + resource.TestCheckResourceAttr( + "ibm_is_bare_metal_server.testacc_bms", "zone", acc.ISZoneName), + resource.TestCheckResourceAttr( + "ibm_is_bare_metal_server.testacc_bms", "enable_secure_boot", fmt.Sprintf("%t", secureBootTrue)), + resource.TestCheckResourceAttr( + "ibm_is_bare_metal_server.testacc_bms", "trusted_platform_module.0.mode", tpm1), + ), + }, + }, + }) +} func TestAccIBMISBareMetalServer_testZ(t *testing.T) { var server string vpcname := fmt.Sprintf("tf-vpc-%d", acctest.RandIntRange(10, 100)) @@ -306,6 +357,42 @@ func testAccCheckIBMISBareMetalServerConfig(vpcname, subnetname, sshname, public } `, vpcname, subnetname, acc.ISZoneName, sshname, publicKey, acc.IsBareMetalServerProfileName, name, acc.IsBareMetalServerImage, acc.ISZoneName) } +func testAccCheckIBMISBareMetalServerSecureBootTpmConfig(vpcname, subnetname, sshname, publicKey, tpm, name string, secureBoot bool) string { + return fmt.Sprintf(` + resource "ibm_is_vpc" "testacc_vpc" { + name = "%s" + } + + resource "ibm_is_subnet" "testacc_subnet" { + name = "%s" + vpc = ibm_is_vpc.testacc_vpc.id + zone = "%s" + total_ipv4_address_count = 16 + } + + resource "ibm_is_ssh_key" "testacc_sshkey" { + name = "%s" + public_key = "%s" + } + + resource "ibm_is_bare_metal_server" "testacc_bms" { + profile = "%s" + name = "%s" + image = "%s" + zone = "%s" + enable_secure_boot = %t + trusted_platform_module { + mode = "%s" + } + keys = [ibm_is_ssh_key.testacc_sshkey.id] + primary_network_interface { + subnet = ibm_is_subnet.testacc_subnet.id + allowed_vlans = [101,102,103] + } + vpc = ibm_is_vpc.testacc_vpc.id + } +`, vpcname, subnetname, acc.ISZoneName, sshname, publicKey, acc.IsBareMetalServerProfileName, name, acc.IsBareMetalServerImage, acc.ISZoneName, secureBoot, tpm) +} func testAccCheckIBMISBareMetalServerZConfig(vpcname, subnetname, sshname, publicKey, name, profileName string) string { return fmt.Sprintf(` resource "ibm_is_vpc" "testacc_vpc" { diff --git a/website/docs/d/is_bare_metal_server.markdown b/website/docs/d/is_bare_metal_server.markdown index 2ae74afca9..6d38b1e24d 100644 --- a/website/docs/d/is_bare_metal_server.markdown +++ b/website/docs/d/is_bare_metal_server.markdown @@ -69,6 +69,7 @@ In addition to all argument reference list, you can access the following attribu - `name` - (String) The user-defined name for this disk - `resource_type` - (String) The resource type - `size` - (Integer) The size of the disk in GB (gigabytes) +- `enable_secure_boot` - (Boolean) Indicates whether secure boot is enabled. If enabled, the image must support secure boot or the server will fail to boot. - `href` - (String) The URL for this bare metal server - `id` - (String) The unique identifier for this bare metal server - `image` - (String) Image used in the bare metal server. @@ -118,5 +119,16 @@ In addition to all argument reference list, you can access the following attribu - `message` - (String) An explanation of the status reason - `more_info` - (String) Link to documentation about this status reason - `tags` - (Array) Tags associated with the instance. +- `trusted_platform_module` - (List) trusted platform module (TPM) configuration for this bare metal server + + Nested scheme for **trusted_platform_module**: + + - `enabled` - (Boolean) Indicates whether the trusted platform module is enabled. + - `mode` - (String) The trusted platform module mode to use. The specified value must be listed in the bare metal server profile's supported_trusted_platform_module_modes. Updating trusted_platform_module mode would require the server to be stopped then started again. + - Constraints: Allowable values are: `disabled`, `tpm_2`. + - `supported_modes` - (Array) The trusted platform module (TPM) mode: + - **disabled: No TPM functionality** + - **tpm_2: TPM 2.0** + - The enumerated values for this property are expected to expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the resource on which the unexpected property value was encountered. - `vpc` - (String) The VPC this bare metal server resides in. - `zone` - (String) The zone this bare metal server resides in. diff --git a/website/docs/d/is_bare_metal_servers.markdown b/website/docs/d/is_bare_metal_servers.markdown index cbe2d7a807..7109f1bed4 100644 --- a/website/docs/d/is_bare_metal_servers.markdown +++ b/website/docs/d/is_bare_metal_servers.markdown @@ -64,6 +64,7 @@ Review the attribute references that you can access after you retrieve your data - `name` - (String) The user-defined name for this disk - `resource_type` - (String) The resource type - `size` - (Integer) The size of the disk in GB (gigabytes) + - `enable_secure_boot` - (Boolean) Indicates whether secure boot is enabled. If enabled, the image must support secure boot or the server will fail to boot. - `href` - (String) The URL for this bare metal server - `id` - (String) The unique identifier for this bare metal server - `image` - (String) Image used in the bare metal server. @@ -112,5 +113,16 @@ Review the attribute references that you can access after you retrieve your data - `message` - (String) An explanation of the status reason - `more_info` - (String) Link to documentation about this status reason - `tags` - (Array) Tags associated with the instance. + - `trusted_platform_module` - (List) trusted platform module (TPM) configuration for this bare metal server + + Nested scheme for **trusted_platform_module**: + + - `enabled` - (Boolean) Indicates whether the trusted platform module is enabled. + - `mode` - (String) The trusted platform module mode to use. The specified value must be listed in the bare metal server profile's supported_trusted_platform_module_modes. Updating trusted_platform_module mode would require the server to be stopped then started again. + - Constraints: Allowable values are: `disabled`, `tpm_2`. + - `supported_modes` - (Array) The trusted platform module (TPM) mode: + - **disabled: No TPM functionality** + - **tpm_2: TPM 2.0** + - The enumerated values for this property are expected to expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the resource on which the unexpected property value was encountered. - `vpc` - (String) The VPC this bare metal server resides in. - `zone` - (String) The zone this bare metal server resides in. diff --git a/website/docs/r/is_bare_metal_server.markdown b/website/docs/r/is_bare_metal_server.markdown index ff4fff2f2e..891e92e8ec 100644 --- a/website/docs/r/is_bare_metal_server.markdown +++ b/website/docs/r/is_bare_metal_server.markdown @@ -99,6 +99,7 @@ Review the argument references that you can specify for your resource. **•** You must have the access listed in the [Granting users access to tag resources](https://cloud.ibm.com/docs/account?topic=account-access) for `access_tags`
**•** `access_tags` must be in the format `key:value`. - `delete_type` - (Optional, String) Type of deletion on destroy. **soft** signals running operating system to quiesce and shutdown cleanly, **hard** immediately stop the server. By default its `hard`. +- `enable_secure_boot` - (Optional, Boolean) Indicates whether secure boot is enabled. If enabled, the image must support secure boot or the server will fail to boot. Updating `enable_secure_boot` requires the server to be stopped and then it would be started. - `image` - (Required, String) ID of the image. - `keys` - (Required, List) Comma separated IDs of ssh keys. - `name` - (Optional, String) The bare metal server name. @@ -155,6 +156,12 @@ Review the argument references that you can specify for your resource. - `profile` - (Required, Forces new resource, String) The name the profile to use for this bare metal server. - `resource_group` - (Optional, Forces new resource, String) The resource group ID for this bare metal server. +- `trusted_platform_module` - (Optional, List) trusted platform module (TPM) configuration for the bare metals server + + Nested scheme for **trusted_platform_module**: + + - `mode` - (Optional, String) The trusted platform module mode to use. The specified value must be listed in the bare metal server profile's supported_trusted_platform_module_modes. Updating trusted_platform_module mode would require the server to be stopped then started again. + - Constraints: Allowable values are: `disabled`, `tpm_2`. - `user_data` - (Optional, String) User data to transfer to the server bare metal server. - `vpc` - (Required, Forces new resource, String) The VPC ID of the bare metal server is to be a part of. It must match the VPC tied to the subnets of the server's network interfaces. - `zone` - (Required, Forces new resource, String) Name of the zone in which this bare metal server will reside in. @@ -203,7 +210,17 @@ In addition to all argument reference list, you can access the following attribu - `code` - (String) The status reason code - `message` - (String) An explanation of the status reason - `more_info` - (String) Link to documentation about this status reason +- `trusted_platform_module` - (List) trusted platform module (TPM) configuration for this bare metal server + + Nested scheme for **trusted_platform_module**: + - `enabled` - (Boolean) Indicates whether the trusted platform module is enabled. + - `mode` - (String) The trusted platform module mode to use. The specified value must be listed in the bare metal server profile's supported_trusted_platform_module_modes. Updating trusted_platform_module mode would require the server to be stopped then started again. + - Constraints: Allowable values are: `disabled`, `tpm_2`. + - `supported_modes` - (Array) The trusted platform module (TPM) mode: + - **disabled: No TPM functionality** + - **tpm_2: TPM 2.0** + - The enumerated values for this property are expected to expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the resource on which the unexpected property value was encountered. ## Import