diff --git a/mmv1/products/compute/Disk.yaml b/mmv1/products/compute/Disk.yaml index cddc35f86ecc..09d85230e9ab 100644 --- a/mmv1/products/compute/Disk.yaml +++ b/mmv1/products/compute/Disk.yaml @@ -84,6 +84,32 @@ examples: primary_resource_name: 'fmt.Sprintf("tf-test-test-disk%s", context["random_suffix"])' vars: disk_name: 'test-disk-features' + - name: 'disk_user_licenses' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-test-disk%s", context["random_suffix"])' + vars: + disk_name: 'test-disk-user-licenses' + - name: 'disk_erase_windows_vss' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-test-disk%s", context["random_suffix"])' + vars: + disk_name: 'test-disk-vss' + source_disk_name: 'test-disk-vss-source' + snapshot_name: 'test-snapshot-vss' + - name: 'disk_source_snapshot_encryption' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-test-disk%s", context["random_suffix"])' + vars: + disk_name: 'test-disk-from-enc-snap' + source_disk_name: 'test-disk-enc-source' + snapshot_name: 'test-encrypted-snapshot' + - name: 'disk_source_image_encryption' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-test-disk%s", context["random_suffix"])' + vars: + disk_name: 'test-disk-from-enc-img' + source_disk_name: 'test-disk-img-source' + image_name: 'test-encrypted-image' parameters: - name: 'zone' type: ResourceRef @@ -123,6 +149,12 @@ properties: description: | Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. + - name: 'rsaEncryptedKey' + type: String + description: | + Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit + customer-supplied encryption key to either encrypt or decrypt + this resource. You can provide either the rawKey or the rsaEncryptedKey. - name: 'sha256' type: String description: | @@ -239,6 +271,12 @@ properties: description: | Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. + - name: 'rsaEncryptedKey' + type: String + description: | + Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit + customer-supplied encryption key to either encrypt or decrypt + this resource. You can provide either the rawKey or the rsaEncryptedKey. # TODO Change to ResourceRef once KMS is in Magic Modules - name: 'kmsKeySelfLink' type: String @@ -399,6 +437,12 @@ properties: be used to determine whether the image was taken from the current or a previous instance of a given disk name. output: true + - name: 'eraseWindowsVssSignature' + type: Boolean + description: | + Specifies whether the disk restored from a source snapshot should erase + Windows specific VSS signature. + immutable: true - name: 'DiskId' type: String description: | @@ -539,6 +583,15 @@ properties: description: 'An applicable license URI' resource: 'License' imports: 'selfLink' + - name: 'userLicenses' + type: Array + description: | + A list of publicly visible user-licenses. Unlike regular licenses, user + provided licenses can be modified after the disk is created. This includes + a list of URLs to the license resource. For example, to provide a debian license: + https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-9-stretch + item_type: + type: String - name: 'storagePool' type: String description: | diff --git a/mmv1/templates/terraform/examples/disk_erase_windows_vss.tf.tmpl b/mmv1/templates/terraform/examples/disk_erase_windows_vss.tf.tmpl new file mode 100644 index 000000000000..0d769afb0870 --- /dev/null +++ b/mmv1/templates/terraform/examples/disk_erase_windows_vss.tf.tmpl @@ -0,0 +1,29 @@ +data "google_compute_image" "my_image" { + family = "windows-2022" + project = "windows-cloud" +} + +resource "google_compute_disk" "source" { + name = "{{index $.Vars "source_disk_name"}}" + type = "pd-ssd" + zone = "us-central1-a" + image = data.google_compute_image.my_image.self_link + physical_block_size_bytes = 4096 +} + +resource "google_compute_snapshot" "snapshot" { + name = "{{index $.Vars "snapshot_name"}}" + source_disk = google_compute_disk.source.id + zone = "us-central1-a" +} + +resource "google_compute_disk" "default" { + name = "{{index $.Vars "disk_name"}}" + type = "pd-ssd" + zone = "us-central1-a" + snapshot = google_compute_snapshot.snapshot.id + + erase_windows_vss_signature = true + + physical_block_size_bytes = 4096 +} diff --git a/mmv1/templates/terraform/examples/disk_source_image_encryption.tf.tmpl b/mmv1/templates/terraform/examples/disk_source_image_encryption.tf.tmpl new file mode 100644 index 000000000000..115ab86b222a --- /dev/null +++ b/mmv1/templates/terraform/examples/disk_source_image_encryption.tf.tmpl @@ -0,0 +1,38 @@ +data "google_compute_image" "my_image" { + family = "debian-11" + project = "debian-cloud" +} + +resource "google_compute_disk" "source" { + name = "{{index $.Vars "source_disk_name"}}" + image = data.google_compute_image.my_image.self_link + size = 10 + type = "pd-ssd" + zone = "us-central1-a" + + disk_encryption_key { + raw_key = "SGVsbG9Xb3JsZEhlbGxvV29ybGRIZWxsb1dvcmxkMTI=" + } +} + +resource "google_compute_image" "encrypted_image" { + name = "{{index $.Vars "image_name"}}" + source_disk = google_compute_disk.source.self_link + image_encryption_key { + raw_key = "SGVsbG9Xb3JsZEhlbGxvV29ybGRIZWxsb1dvcmxkMTI=" + } + source_disk_encryption_key { + raw_key = "SGVsbG9Xb3JsZEhlbGxvV29ybGRIZWxsb1dvcmxkMTI=" + } +} + +resource "google_compute_disk" "default" { + name = "{{index $.Vars "disk_name"}}" + type = "pd-ssd" + zone = "us-central1-a" + image = google_compute_image.encrypted_image.self_link + + source_image_encryption_key { + raw_key = "SGVsbG9Xb3JsZEhlbGxvV29ybGRIZWxsb1dvcmxkMTI=" + } +} diff --git a/mmv1/templates/terraform/examples/disk_source_snapshot_encryption.tf.tmpl b/mmv1/templates/terraform/examples/disk_source_snapshot_encryption.tf.tmpl new file mode 100644 index 000000000000..e6bc2eaf0845 --- /dev/null +++ b/mmv1/templates/terraform/examples/disk_source_snapshot_encryption.tf.tmpl @@ -0,0 +1,39 @@ +data "google_compute_image" "my_image" { + family = "debian-11" + project = "debian-cloud" +} + +resource "google_compute_disk" "source" { + name = "{{index $.Vars "source_disk_name"}}" + image = data.google_compute_image.my_image.self_link + size = 10 + type = "pd-ssd" + zone = "us-central1-a" + + disk_encryption_key { + raw_key = "SGVsbG9Xb3JsZEhlbGxvV29ybGRIZWxsb1dvcmxkMTI=" + } +} + +resource "google_compute_snapshot" "encrypted_snapshot" { + name = "{{index $.Vars "snapshot_name"}}" + source_disk = google_compute_disk.source.self_link + zone = "us-central1-a" + snapshot_encryption_key { + raw_key = "SGVsbG9Xb3JsZEhlbGxvV29ybGRIZWxsb1dvcmxkMTI=" + } + source_disk_encryption_key { + raw_key = "SGVsbG9Xb3JsZEhlbGxvV29ybGRIZWxsb1dvcmxkMTI=" + } +} + +resource "google_compute_disk" "default" { + name = "{{index $.Vars "disk_name"}}" + type = "pd-ssd" + zone = "us-central1-a" + snapshot = google_compute_snapshot.encrypted_snapshot.self_link + + source_snapshot_encryption_key { + raw_key = "SGVsbG9Xb3JsZEhlbGxvV29ybGRIZWxsb1dvcmxkMTI=" + } +} diff --git a/mmv1/templates/terraform/examples/disk_user_licenses.tf.tmpl b/mmv1/templates/terraform/examples/disk_user_licenses.tf.tmpl new file mode 100644 index 000000000000..f6db77417d29 --- /dev/null +++ b/mmv1/templates/terraform/examples/disk_user_licenses.tf.tmpl @@ -0,0 +1,13 @@ +resource "google_compute_disk" "default" { + name = "{{index $.Vars "disk_name"}}" + type = "pd-ssd" + zone = "us-central1-a" + size = 10 + + user_licenses = [ + "https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-9-stretch" + ] + + physical_block_size_bytes = 4096 +} +