* providers/google: add support for encrypting a disk
* providers/google: Add docs for encrypting disks
* providers/google: CSEK small fixes: sensitive params and mismatched state files
A new create_timeout attribute was added that had some backwards
incompatibilities, and as per discussion in #10823, it was determined we
could make upgrading to 0.8.x easier by fixing them, without really
losing any functionality.
Because create_timeout is not something stored or transmitted to the
API, it's not something we need a ForceNew on. Also, because an update
wouldn't result in an API call, we can add a state migration to avoid a
false positive diff that requires people to plan and apply but doesn't
actually make an API call.
Update our instance template to include metadata_startup_script, to
match our instance resource. Also, we've resolved the diff errors around
metadata.startup-script, and people want to use that to create startup
scripts that don't force a restart when they're changed, so let's stop
disallowing it.
Also, we had a bunch of calls to `schema.ResourceData.Set` that ignored
the errors, so I added error handling for those calls. It's mostly
bundled with this code because I couldn't be sure whether it was the
root of bugs or not, so I took care of it while addressing the startup
script issue.
When configuring an instance's attached disk, if the attached disk has
both the disk and type attributes set, it would previously cause
terraform to crash with a nil pointer exception. The root cause was that
we only instantiate the InitializeParams property of the disk if its
disk attribute isn't set, and we try to write to the InitializeParams
property when the type attribute is set. So setting both caused the
InitializeParams property to not be initialized, then written to.
Now we throw an error explaining that the configuration can't have both
the disk and the type set.
Fixes#6495.
Some google resources required network be refernced by resource URL (aka self_link), while others required network name.
This change allows either to be supplied.
DRY it out, and add a fix for #5552.
* provider/google: Support static private IP addresses
The private address of an instance's network interface may now be specified.
If no value is provided, an address will be chosen by Google Compute Engine
and that value will be read into Terraform state.
* docs: GCE private static IP address information
This commit allows an operator to specify the e-mail address of a service
account to use with a Google Compute Engine instance. If no service account
e-mail is provided, the default service account is used.
Closes#7985
Creating most google cloud resources uses the compute_operation to
wait for the creation to complete. However, the computeOperationWait*
functions always uses the global `config.Project`, instead of the resource-
specific one.
This means that creating resource in a project other than the main one
fails with a 404 on the operation resource.
This patch uses the project from google_compute_instance instead of the
global one.
This is the first step in removing the config dependency on "project".
This change is backwards-compatible because the value for this new
attribute defaults to the value from the provider.
In #3501 @lwander got us almost all the way there, but we still had
tests failing. This seemed to be because GCE sets
`metadata.startup-script` to a blank string on instance creation, and if
a user specifies any `metadata` in their config this is seen as the
desired full contents of metadata, so we get a diff trying to remove
`startup-script`.
Here, to address this, we just proactively remove the "startup-script"
key from `Read`, and then we enforce that "metadata_startup_script"
is the only way to configure startup scripts on instances.
It doesn't need to be a List of Maps, it can just be a Map.
We're also safe to remove a previous workaround I stuck in there.
The config parsing is equivalent between a list of maps and a plain map,
so we just need a state migration to make this backwards compatible.
Dana Hoffman