Provide a support for rsaEncryptedkey in compute_disk (#7026) (#1…

…3685) * provide a support for rsaEncryptedkey in compute disk * minor changes * added test for RSA_Encrypted_Key * fixing the test failure * reverting ruby version Signed-off-by: Modular Magician <magic-modules@google.com>
hashicorp · Feb 8, 2023 · d34e24f · d34e24f
1 parent b49bf66
commit d34e24f
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 1 deletion.
diff --git a/.changelog/7026.txt b/.changelog/7026.txt
@@ -0,0 +1,4 @@
+```release-note:enhancement
+compute: added field `rsaEncryptedKey` to resource `disk` 
+
+```
diff --git a/google/resource_compute_disk.go b/google/resource_compute_disk.go
@@ -354,6 +354,15 @@ If absent, the Compute Engine Service Agent service account is used.`,
 RFC 4648 base64 to either encrypt or decrypt this resource.`,
 							Sensitive: true,
 						},
+						"rsa_encrypted_key": {
+							Type:     schema.TypeString,
+							Optional: true,
+							ForceNew: true,
+							Description: `Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit 
+customer-supplied encryption key to either encrypt or decrypt 
+this resource. You can provide either the rawKey or the rsaEncryptedKey.`,
+							Sensitive: true,
+						},
 						"sha256": {
 							Type:     schema.TypeString,
 							Computed: true,
@@ -1274,6 +1283,8 @@ func flattenComputeDiskDiskEncryptionKey(v interface{}, d *schema.ResourceData,
 	transformed := make(map[string]interface{})
 	transformed["raw_key"] =
 		flattenComputeDiskDiskEncryptionKeyRawKey(original["rawKey"], d, config)
+	transformed["rsa_encrypted_key"] =
+		flattenComputeDiskDiskEncryptionKeyRsaEncryptedKey(original["rsaEncryptedKey"], d, config)
 	transformed["sha256"] =
 		flattenComputeDiskDiskEncryptionKeySha256(original["sha256"], d, config)
 	transformed["kms_key_self_link"] =
@@ -1286,6 +1297,10 @@ func flattenComputeDiskDiskEncryptionKeyRawKey(v interface{}, d *schema.Resource
 	return v
 }
 
+func flattenComputeDiskDiskEncryptionKeyRsaEncryptedKey(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
 func flattenComputeDiskDiskEncryptionKeySha256(v interface{}, d *schema.ResourceData, config *Config) interface{} {
 	return v
 }
@@ -1475,6 +1490,13 @@ func expandComputeDiskDiskEncryptionKey(v interface{}, d TerraformResourceData,
 		transformed["rawKey"] = transformedRawKey
 	}
 
+	transformedRsaEncryptedKey, err := expandComputeDiskDiskEncryptionKeyRsaEncryptedKey(original["rsa_encrypted_key"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedRsaEncryptedKey); val.IsValid() && !isEmptyValue(val) {
+		transformed["rsaEncryptedKey"] = transformedRsaEncryptedKey
+	}
+
 	transformedSha256, err := expandComputeDiskDiskEncryptionKeySha256(original["sha256"], d, config)
 	if err != nil {
 		return nil, err
@@ -1503,6 +1525,10 @@ func expandComputeDiskDiskEncryptionKeyRawKey(v interface{}, d TerraformResource
 	return v, nil
 }
 
+func expandComputeDiskDiskEncryptionKeyRsaEncryptedKey(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeDiskDiskEncryptionKeySha256(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
@@ -1626,6 +1652,7 @@ func resourceComputeDiskDecoder(d *schema.ResourceData, meta interface{}, res ma
 		transformed := make(map[string]interface{})
 		// The raw key won't be returned, so we need to use the original.
 		transformed["rawKey"] = d.Get("disk_encryption_key.0.raw_key")
+		transformed["rsaEncryptedKey"] = d.Get("disk_encryption_key.0.rsa_encrypted_key")
 		transformed["sha256"] = original["sha256"]
 
 		if kmsKeyName, ok := original["kmsKeyName"]; ok {

diff --git a/google/resource_compute_disk_test.go b/google/resource_compute_disk_test.go
@@ -922,3 +922,47 @@ func testAccComputeDisk_diskClone(diskName, refSelector string) string {
 	}
 `, diskName, diskName+"-clone", refSelector)
 }
+
+func TestAccComputeDisk_encryptionWithRSAEncryptedKey(t *testing.T) {
+	t.Parallel()
+
+	diskName := fmt.Sprintf("tf-test-%s", randString(t, 10))
+	var disk compute.Disk
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeDiskDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeDisk_encryptionWithRSAEncryptedKey(diskName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeDiskExists(
+						t, "google_compute_disk.foobar-1", getTestProjectFromEnv(), &disk),
+					testAccCheckEncryptionKey(
+						t, "google_compute_disk.foobar-1", &disk),
+				),
+			},
+		},
+	})
+}
+
+func testAccComputeDisk_encryptionWithRSAEncryptedKey(diskName string) string {
+	return fmt.Sprintf(`
+data "google_compute_image" "my_image" {
+  family  = "debian-11"
+  project = "debian-cloud"
+}
+
+resource "google_compute_disk" "foobar-1" {
+  name  = "%s"
+  image = data.google_compute_image.my_image.self_link
+  size  = 50
+  type  = "pd-ssd"
+  zone  = "us-central1-a"
+  disk_encryption_key {
+	rsa_encrypted_key = "fB6BS8tJGhGVDZDjGt1pwUo2wyNbkzNxgH1avfOtiwB9X6oPG94gWgenygitnsYJyKjdOJ7DyXLmxwQOSmnCYCUBWdKCSssyLV5907HL2mb5TfqmgHk5JcArI/t6QADZWiuGtR+XVXqiLa5B9usxFT2BTmbHvSKfkpJ7McCNc/3U0PQR8euFRZ9i75o/w+pLHFMJ05IX3JB0zHbXMV173PjObiV3ItSJm2j3mp5XKabRGSA5rmfMnHIAMz6stGhcuom6+bMri2u/axmPsdxmC6MeWkCkCmPjaKsVz1+uQUNCJkAnzesluhoD+R6VjFDm4WI7yYabu4MOOAOTaQXdEg=="
+  }
+}
+`, diskName)
+}
diff --git a/google/resource_compute_region_disk.go b/google/resource_compute_region_disk.go
@@ -1112,6 +1112,7 @@ func resourceComputeRegionDiskDecoder(d *schema.ResourceData, meta interface{},
 		transformed := make(map[string]interface{})
 		// The raw key won't be returned, so we need to use the original.
 		transformed["rawKey"] = d.Get("disk_encryption_key.0.raw_key")
+		transformed["rsaEncryptedKey"] = d.Get("disk_encryption_key.0.rsa_encrypted_key")
 		transformed["sha256"] = original["sha256"]
 
 		if kmsKeyName, ok := original["kmsKeyName"]; ok {

diff --git a/website/docs/r/compute_disk.html.markdown b/website/docs/r/compute_disk.html.markdown
@@ -43,7 +43,7 @@ To get more information about Disk, see:
 * How-to Guides
     * [Adding a persistent disk](https://cloud.google.com/compute/docs/disks/add-persistent-disk)
 
-~> **Warning:** All arguments including `disk_encryption_key.raw_key` will be stored in the raw
+~> **Warning:** All arguments including `disk_encryption_key.raw_key` and `disk_encryption_key.rsa_encrypted_key` will be stored in the raw
 state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data).
 
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
@@ -243,6 +243,13 @@ The following arguments are supported:
   RFC 4648 base64 to either encrypt or decrypt this resource.
   **Note**: This property is sensitive and will not be displayed in the plan.
 
+* `rsa_encrypted_key` -
+  (Optional)
+  Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit 
+  customer-supplied encryption key to either encrypt or decrypt 
+  this resource. You can provide either the rawKey or the rsaEncryptedKey.
+  **Note**: This property is sensitive and will not be displayed in the plan.
+
 * `sha256` -
   The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
   encryption key that protects this resource.