diff --git a/mmv1/third_party/terraform/services/compute/data_source_google_compute_instance.go.tmpl b/mmv1/third_party/terraform/services/compute/data_source_google_compute_instance.go.tmpl
index 0416b6c8b492..6c7cd5b37862 100644
--- a/mmv1/third_party/terraform/services/compute/data_source_google_compute_instance.go.tmpl
+++ b/mmv1/third_party/terraform/services/compute/data_source_google_compute_instance.go.tmpl
@@ -202,9 +202,13 @@ func dataSourceGoogleComputeInstanceRead(d *schema.ResourceData, meta interface{
if err := d.Set("name", instance.Name); err != nil {
return fmt.Errorf("Error setting name: %s", err)
}
+ if err := d.Set("key_revocation_action_type", instance.KeyRevocationActionType); err != nil {
+ return fmt.Errorf("Error setting key_revocation_action_type: %s", err)
+ }
if err := d.Set("creation_timestamp", instance.CreationTimestamp); err != nil {
return fmt.Errorf("Error setting creation_timestamp: %s", err)
}
+
d.SetId(fmt.Sprintf("projects/%s/zones/%s/instances/%s", project, tpgresource.GetResourceNameFromSelfLink(instance.Zone), instance.Name))
return nil
}
diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_instance.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_instance.go.tmpl
index da13c94e47d4..45fc86f2f18e 100644
--- a/mmv1/third_party/terraform/services/compute/resource_compute_instance.go.tmpl
+++ b/mmv1/third_party/terraform/services/compute/resource_compute_instance.go.tmpl
@@ -1268,6 +1268,14 @@ be from 0 to 999,999,999 inclusive.`,
},
},
},
+
+ "key_revocation_action_type": {
+ Type: schema.TypeString,
+ Optional: true,
+ ForceNew: true,
+ ValidateFunc: validation.StringInSlice([]string{"STOP", "NONE", ""}, false),
+ Description: `Action to be taken when a customer's encryption key is revoked. Supports "STOP" and "NONE", with "NONE" being the default.`,
+ },
},
CustomizeDiff: customdiff.All(
tpgresource.DefaultProviderProject,
@@ -1443,6 +1451,7 @@ func expandComputeInstance(project string, d *schema.ResourceData, config *trans
DisplayDevice: expandDisplayDevice(d),
ResourcePolicies: tpgresource.ConvertStringArr(d.Get("resource_policies").([]interface{})),
ReservationAffinity: reservationAffinity,
+ KeyRevocationActionType: d.Get("key_revocation_action_type").(string),
}, nil
}
@@ -1844,6 +1853,9 @@ func resourceComputeInstanceRead(d *schema.ResourceData, meta interface{}) error
if err := d.Set("reservation_affinity", flattenReservationAffinity(instance.ReservationAffinity)); err != nil {
return fmt.Errorf("Error setting reservation_affinity: %s", err)
}
+ if err := d.Set("key_revocation_action_type", instance.KeyRevocationActionType); err != nil {
+ return fmt.Errorf("Error setting key_revocation_action_type: %s", err)
+ }
d.SetId(fmt.Sprintf("projects/%s/zones/%s/instances/%s", project, zone, instance.Name))
diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_instance_template.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_instance_template.go.tmpl
index 7d4604aa52e9..43a2063de52e 100644
--- a/mmv1/third_party/terraform/services/compute/resource_compute_instance_template.go.tmpl
+++ b/mmv1/third_party/terraform/services/compute/resource_compute_instance_template.go.tmpl
@@ -1104,6 +1104,14 @@ be from 0 to 999,999,999 inclusive.`,
},
},
},
+
+ "key_revocation_action_type": {
+ Type: schema.TypeString,
+ Optional: true,
+ ForceNew: true,
+ ValidateFunc: validation.StringInSlice([]string{"NONE", "STOP", ""}, false),
+ Description: `Action to be taken when a customer's encryption key is revoked. Supports "STOP" and "NONE", with "NONE" being the default.`,
+ },
},
UseJSONNumber: true,
}
@@ -1445,6 +1453,7 @@ func resourceComputeInstanceTemplateCreate(d *schema.ResourceData, meta interfac
{{- end }}
ResourcePolicies: resourcePolicies,
ReservationAffinity: reservationAffinity,
+ KeyRevocationActionType: d.Get("key_revocation_action_type").(string),
}
if _, ok := d.GetOk("effective_labels"); ok {
@@ -1858,6 +1867,9 @@ func resourceComputeInstanceTemplateRead(d *schema.ResourceData, meta interface{
if err = d.Set("instance_description", instanceTemplate.Properties.Description); err != nil {
return fmt.Errorf("Error setting instance_description: %s", err)
}
+ if err = d.Set("key_revocation_action_type", instanceTemplate.Properties.KeyRevocationActionType); err != nil {
+ return fmt.Errorf("Error setting key_revocation_action_type: %s", err)
+ }
if err = d.Set("project", project); err != nil {
return fmt.Errorf("Error setting project: %s", err)
}
diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_instance_template_test.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_instance_template_test.go.tmpl
index bc6cb079cf58..19e19f9f6120 100644
--- a/mmv1/third_party/terraform/services/compute/resource_compute_instance_template_test.go.tmpl
+++ b/mmv1/third_party/terraform/services/compute/resource_compute_instance_template_test.go.tmpl
@@ -1634,6 +1634,56 @@ func TestAccComputeInstanceTemplate_resourceManagerTags(t *testing.T) {
})
}
+func TestAccComputeInstanceTemplate_keyRevocationActionType(t *testing.T) {
+ t.Parallel()
+
+ var instanceTemplate compute.InstanceTemplate
+ context_1 := map[string]interface{}{
+ "instance_name": fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)),
+ "key_revocation_action_type": `"NONE"`,
+ }
+ context_2 := map[string]interface{}{
+ "instance_name": context_1["instance_name"].(string),
+ "key_revocation_action_type": `"STOP"`,
+ }
+ context_3 := map[string]interface{}{
+ "instance_name": context_1["instance_name"].(string),
+ "key_revocation_action_type": `""`,
+ }
+
+ acctest.VcrTest(t, resource.TestCase{
+ PreCheck: func() { acctest.AccTestPreCheck(t) },
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+ CheckDestroy: testAccCheckComputeInstanceTemplateDestroyProducer(t),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccComputeInstanceTemplate_keyRevocationActionType(context_1),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckComputeInstanceTemplateExists(
+ t, "google_compute_instance_template.foobar", &instanceTemplate),
+ resource.TestCheckResourceAttr("google_compute_instance_template.foobar", "key_revocation_action_type", "NONE"),
+ ),
+ },
+ {
+ Config: testAccComputeInstanceTemplate_keyRevocationActionType(context_2),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckComputeInstanceTemplateExists(
+ t, "google_compute_instance_template.foobar", &instanceTemplate),
+ resource.TestCheckResourceAttr("google_compute_instance_template.foobar", "key_revocation_action_type", "STOP"),
+ ),
+ },
+ {
+ Config: testAccComputeInstanceTemplate_keyRevocationActionType(context_3),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckComputeInstanceTemplateExists(
+ t, "google_compute_instance_template.foobar", &instanceTemplate),
+ resource.TestCheckResourceAttr("google_compute_instance_template.foobar", "key_revocation_action_type", ""),
+ ),
+ },
+ },
+ })
+}
+
func TestUnitComputeInstanceTemplate_IpCidrRangeDiffSuppress(t *testing.T) {
cases := map[string]struct {
Old, New string
@@ -4453,3 +4503,30 @@ resource "google_compute_instance_template" "foobar" {
`, context)
}
{{- end }}
+
+func testAccComputeInstanceTemplate_keyRevocationActionType(context map[string]interface{}) string {
+ return acctest.Nprintf(`
+data "google_compute_image" "my_image" {
+ family = "debian-11"
+ project = "debian-cloud"
+}
+
+resource "google_compute_instance_template" "foobar" {
+ name = "%{instance_name}"
+ machine_type = "e2-medium"
+
+ disk {
+ source_image = data.google_compute_image.my_image.self_link
+ auto_delete = true
+ disk_size_gb = 10
+ boot = true
+ }
+
+ network_interface {
+ network = "default"
+ }
+
+ key_revocation_action_type = %{key_revocation_action_type}
+}
+`, context)
+}
diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_instance_test.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_instance_test.go.tmpl
index 5f6fdfb06472..706a022cb75e 100644
--- a/mmv1/third_party/terraform/services/compute/resource_compute_instance_test.go.tmpl
+++ b/mmv1/third_party/terraform/services/compute/resource_compute_instance_test.go.tmpl
@@ -3532,6 +3532,56 @@ func TestAccComputeInstance_proactiveAttributionLabel(t *testing.T) {
})
}
+func TestAccComputeInstance_keyRevocationActionType(t *testing.T) {
+ t.Parallel()
+
+ var instance compute.Instance
+ context_1 := map[string]interface{}{
+ "instance_name": fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)),
+ "key_revocation_action_type": `"NONE"`,
+ }
+ context_2 := map[string]interface{}{
+ "instance_name": context_1["instance_name"].(string),
+ "key_revocation_action_type": `"STOP"`,
+ }
+ context_3 := map[string]interface{}{
+ "instance_name": context_1["instance_name"].(string),
+ "key_revocation_action_type": `""`,
+ }
+
+ acctest.VcrTest(t, resource.TestCase{
+ PreCheck: func() { acctest.AccTestPreCheck(t) },
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+ CheckDestroy: testAccCheckComputeInstanceDestroyProducer(t),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccComputeInstance_keyRevocationActionType(context_1),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckComputeInstanceExists(
+ t, "google_compute_instance.foobar", &instance),
+ resource.TestCheckResourceAttr("google_compute_instance.foobar", "key_revocation_action_type", "NONE"),
+ ),
+ },
+ {
+ Config: testAccComputeInstance_keyRevocationActionType(context_2),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckComputeInstanceExists(
+ t, "google_compute_instance.foobar", &instance),
+ resource.TestCheckResourceAttr("google_compute_instance.foobar", "key_revocation_action_type", "STOP"),
+ ),
+ },
+ {
+ Config: testAccComputeInstance_keyRevocationActionType(context_3),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckComputeInstanceExists(
+ t, "google_compute_instance.foobar", &instance),
+ resource.TestCheckResourceAttr("google_compute_instance.foobar", "key_revocation_action_type", ""),
+ ),
+ },
+ },
+ })
+}
+
{{ if ne $.TargetVersionName `ga` -}}
const errorDeleteAccessConfigWithSecPolicy = "Cannot delete an access config with a security policy set. Please remove the security policy first"
@@ -10838,3 +10888,30 @@ resource "google_compute_instance" "foobar" {
}
`, diskName, instanceName, machineType, zone, bootDiskInterface, allowStoppingForUpdate)
}
+
+func testAccComputeInstance_keyRevocationActionType(context map[string]interface{}) string {
+ return acctest.Nprintf(`
+data "google_compute_image" "my_image" {
+ family = "debian-11"
+ project = "debian-cloud"
+}
+
+resource "google_compute_instance" "foobar" {
+ name = "%{instance_name}"
+ machine_type = "e2-medium"
+ zone = "us-central1-a"
+
+ boot_disk {
+ initialize_params {
+ image = data.google_compute_image.my_image.self_link
+ }
+ }
+
+ network_interface {
+ network = "default"
+ }
+
+ key_revocation_action_type = %{key_revocation_action_type}
+}
+`, context)
+}
diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_region_instance_template.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_region_instance_template.go.tmpl
index 1637a8353789..b59f4c5f2a80 100644
--- a/mmv1/third_party/terraform/services/compute/resource_compute_region_instance_template.go.tmpl
+++ b/mmv1/third_party/terraform/services/compute/resource_compute_region_instance_template.go.tmpl
@@ -1056,6 +1056,14 @@ be from 0 to 999,999,999 inclusive.`,
},
},
},
+
+ "key_revocation_action_type": {
+ Type: schema.TypeString,
+ Optional: true,
+ ForceNew: true,
+ ValidateFunc: validation.StringInSlice([]string{"NONE", "STOP", ""}, false),
+ Description: `Action to be taken when a customer's encryption key is revoked. Supports "STOP" and "NONE", with "NONE" being the default.`,
+ },
},
UseJSONNumber: true,
}
@@ -1138,6 +1146,7 @@ func resourceComputeRegionInstanceTemplateCreate(d *schema.ResourceData, meta in
{{- end }}
ResourcePolicies: resourcePolicies,
ReservationAffinity: reservationAffinity,
+ KeyRevocationActionType: d.Get("key_revocation_action_type").(string),
}
if _, ok := d.GetOk("effective_labels"); ok {
@@ -1345,6 +1354,9 @@ func resourceComputeRegionInstanceTemplateRead(d *schema.ResourceData, meta inte
if err = d.Set("instance_description", instanceProperties.Description); err != nil {
return fmt.Errorf("Error setting instance_description: %s", err)
}
+ if err = d.Set("key_revocation_action_type", instanceProperties.KeyRevocationActionType); err != nil {
+ return fmt.Errorf("Error setting key_revocation_action_type: %s", err)
+ }
if err = d.Set("project", project); err != nil {
return fmt.Errorf("Error setting project: %s", err)
}
diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_region_instance_template_test.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_region_instance_template_test.go.tmpl
index 81711c98831a..a057bf6a1c35 100644
--- a/mmv1/third_party/terraform/services/compute/resource_compute_region_instance_template_test.go.tmpl
+++ b/mmv1/third_party/terraform/services/compute/resource_compute_region_instance_template_test.go.tmpl
@@ -1282,6 +1282,56 @@ func TestAccComputeRegionInstanceTemplate_resourceManagerTags(t *testing.T) {
})
}
+func TestAccComputeRegionInstanceTemplate_keyRevocationActionType(t *testing.T) {
+ t.Parallel()
+
+ var instanceTemplate compute.InstanceTemplate
+ context_1 := map[string]interface{}{
+ "instance_name": fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)),
+ "key_revocation_action_type": `"NONE"`,
+ }
+ context_2 := map[string]interface{}{
+ "instance_name": context_1["instance_name"].(string),
+ "key_revocation_action_type": `"STOP"`,
+ }
+ context_3 := map[string]interface{}{
+ "instance_name": context_1["instance_name"].(string),
+ "key_revocation_action_type": `""`,
+ }
+
+ acctest.VcrTest(t, resource.TestCase{
+ PreCheck: func() { acctest.AccTestPreCheck(t) },
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+ CheckDestroy: testAccCheckComputeRegionInstanceTemplateDestroyProducer(t),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccComputeRegionInstanceTemplate_keyRevocationActionType(context_1),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckComputeRegionInstanceTemplateExists(
+ t, "google_compute_region_instance_template.foobar", &instanceTemplate),
+ resource.TestCheckResourceAttr("google_compute_region_instance_template.foobar", "key_revocation_action_type", "NONE"),
+ ),
+ },
+ {
+ Config: testAccComputeRegionInstanceTemplate_keyRevocationActionType(context_2),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckComputeRegionInstanceTemplateExists(
+ t, "google_compute_region_instance_template.foobar", &instanceTemplate),
+ resource.TestCheckResourceAttr("google_compute_region_instance_template.foobar", "key_revocation_action_type", "STOP"),
+ ),
+ },
+ {
+ Config: testAccComputeRegionInstanceTemplate_keyRevocationActionType(context_3),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckComputeRegionInstanceTemplateExists(
+ t, "google_compute_region_instance_template.foobar", &instanceTemplate),
+ resource.TestCheckResourceAttr("google_compute_region_instance_template.foobar", "key_revocation_action_type", ""),
+ ),
+ },
+ },
+ })
+}
+
func testAccCheckComputeRegionInstanceTemplateDestroyProducer(t *testing.T) func(s *terraform.State) error {
return func(s *terraform.State) error {
config := acctest.GoogleProviderConfig(t)
@@ -3818,3 +3868,31 @@ resource "google_compute_region_instance_template" "foobar" {
}
`, context)
}
+
+func testAccComputeRegionInstanceTemplate_keyRevocationActionType(context map[string]interface{}) string {
+ return acctest.Nprintf(`
+data "google_compute_image" "my_image" {
+ family = "debian-11"
+ project = "debian-cloud"
+}
+
+resource "google_compute_region_instance_template" "foobar" {
+ name = "%{instance_name}"
+ machine_type = "e2-medium"
+ region = "us-central1"
+
+ disk {
+ source_image = data.google_compute_image.my_image.self_link
+ auto_delete = true
+ disk_size_gb = 10
+ boot = true
+ }
+
+ network_interface {
+ network = "default"
+ }
+
+ key_revocation_action_type = %{key_revocation_action_type}
+}
+`, context)
+}
diff --git a/mmv1/third_party/terraform/website/docs/d/compute_instance.html.markdown b/mmv1/third_party/terraform/website/docs/d/compute_instance.html.markdown
index 51e910b79fd5..b2a64d881f19 100644
--- a/mmv1/third_party/terraform/website/docs/d/compute_instance.html.markdown
+++ b/mmv1/third_party/terraform/website/docs/d/compute_instance.html.markdown
@@ -109,6 +109,8 @@ The following arguments are supported:
encoded SHA-256 hash of the [customer-supplied encryption key]
(https://cloud.google.com/compute/docs/disks/customer-supplied-encryption) that protects this resource.
+* `key_revocation_action_type` - Action to be taken when a customer's encryption key is revoked.
+
---
The `boot_disk` block supports:
diff --git a/mmv1/third_party/terraform/website/docs/d/compute_instance_template.html.markdown b/mmv1/third_party/terraform/website/docs/d/compute_instance_template.html.markdown
index c2fec4317626..7d6ced023906 100644
--- a/mmv1/third_party/terraform/website/docs/d/compute_instance_template.html.markdown
+++ b/mmv1/third_party/terraform/website/docs/d/compute_instance_template.html.markdown
@@ -125,6 +125,8 @@ The following arguments are supported:
* `confidential_instance_config` - Enable [Confidential Mode](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) on this VM. Structure is [documented below](#nested_confidential_instance_config)
+* `key_revocation_action_type` - Action to be taken when a customer's encryption key is revoked.
+
The `disk` block supports:
* `auto_delete` - Whether or not the disk should be auto-deleted.
diff --git a/mmv1/third_party/terraform/website/docs/d/compute_region_instance_template.html.markdown b/mmv1/third_party/terraform/website/docs/d/compute_region_instance_template.html.markdown
index 88b464f3ab1e..38ba97359625 100644
--- a/mmv1/third_party/terraform/website/docs/d/compute_region_instance_template.html.markdown
+++ b/mmv1/third_party/terraform/website/docs/d/compute_region_instance_template.html.markdown
@@ -111,6 +111,8 @@ The following arguments are supported:
* `confidential_instance_config` - Enable [Confidential Mode](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) on this VM. Structure is [documented below](#nested_confidential_instance_config)
+* `key_revocation_action_type` - Action to be taken when a customer's encryption key is revoked.
+
The `disk` block supports:
* `auto_delete` - Whether or not the disk should be auto-deleted.
diff --git a/mmv1/third_party/terraform/website/docs/r/compute_instance.html.markdown b/mmv1/third_party/terraform/website/docs/r/compute_instance.html.markdown
index 28588ad77402..369f11e5b04a 100644
--- a/mmv1/third_party/terraform/website/docs/r/compute_instance.html.markdown
+++ b/mmv1/third_party/terraform/website/docs/r/compute_instance.html.markdown
@@ -251,6 +251,8 @@ is desired, you will need to modify your state file manually using
* `partner_metadata` - (optional) [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) key/value pair represents partner metadata assigned to instance where key represent a defined namespace and value is a json string represent the entries associted with the namespace.
+* `key_revocation_action_type` - (optional) Action to be taken when a customer's encryption key is revoked. Supports `STOP` and `NONE`, with `NONE` being the default.
+
---
The `boot_disk` block supports:
diff --git a/mmv1/third_party/terraform/website/docs/r/compute_instance_template.html.markdown b/mmv1/third_party/terraform/website/docs/r/compute_instance_template.html.markdown
index 31497237c037..1d65214ae30a 100644
--- a/mmv1/third_party/terraform/website/docs/r/compute_instance_template.html.markdown
+++ b/mmv1/third_party/terraform/website/docs/r/compute_instance_template.html.markdown
@@ -425,6 +425,8 @@ The following arguments are supported:
* `partner_metadata` - (optional) [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) key/value pair represents partner metadata assigned to instance template where key represent a defined namespace and value is a json string represent the entries associted with the namespace.
+* `key_revocation_action_type` - (optional) Action to be taken when a customer's encryption key is revoked. Supports `STOP` and `NONE`, with `NONE` being the default.
+
The `disk` block supports:
* `auto_delete` - (Optional) Whether or not the disk should be auto-deleted.
diff --git a/mmv1/third_party/terraform/website/docs/r/compute_region_instance_template.html.markdown b/mmv1/third_party/terraform/website/docs/r/compute_region_instance_template.html.markdown
index be8dcbfbe0bf..a80285494177 100644
--- a/mmv1/third_party/terraform/website/docs/r/compute_region_instance_template.html.markdown
+++ b/mmv1/third_party/terraform/website/docs/r/compute_region_instance_template.html.markdown
@@ -393,6 +393,8 @@ The following arguments are supported:
* `partner_metadata` - (optional) [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) key/value pair represents partner metadata assigned to instance template where key represent a defined namespace and value is a json string represent the entries associted with the namespace.
+* `key_revocation_action_type` - (optional) Action to be taken when a customer's encryption key is revoked. Supports `STOP` and `NONE`, with `NONE` being the default.
+
The `disk` block supports:
* `auto_delete` - (Optional) Whether or not the disk should be auto-deleted.