Add support for Shielded VMs

[danisla]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Shielded VMs give users the ability to create instances with verifiable integrity to prevent against malware and rootkits.

Sample from compute engine REST API:

POST https://www.googleapis.com/compute/v1/projects/my-project/zones/us-west1-a/instances
{
...
  "shieldedVmConfig": {
    "enableSecureBoot": true,
    "enableVtpm": true,
    "enableIntegrityMonitoring": true
  }
}

New or Affected Resource(s)

• google_compute_instance
• google_compute_instance_template

Potential Terraform Configuration

resource "google_compute_instance" "default" {
  shielded_vm_config = {
    enable_secure_boot = true
    enable_vtpm = true
    enable_integrity_monitoring = true
  }
}

References

• Shielded VM documentation
• Modifying Shielded VMS

[mlauter]

hi! I'd like to work on this if no one else is.

[rileykarson]

Go ahead! I've marked the issue assigned to HashiBot to indicate that you're working on it. (We can only assign users with merge access to issues / PRs, so we mark community members with HashiBot)

[mlauter]

hi @rileykarson after i submitted this PR i saw the stuff about magic modules and that most of the activity for these resources is coming from there. just wanted to confirm whether that's how these changes ought to be made instead?

[rileykarson]

Either is fine! The code in this repository is managed by Magic Modules so that this and the beta repo stay in sync. To keep the contribution process similar to other providers, Google provider maintainers upstream PRs submitted against this repo / the beta repo to MM.

[rileykarson]

Closed with #3531

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!