Add disk encyption key to the google_compute_instance_template - Sovereign support (#2750)

* add disk encyption key to the google_compute_instance_template * add a condition to the kms_key_self_link * use dynamic variable for disk_encryption_key * remove the getpip from the repo --------- Co-authored-by: Julio Castillo <jccb@google.com> Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2024-12-09 10:30:58 +01:00
parent 3f86056c78
commit 2defaed545
1 changed files with 7 additions and 0 deletions
--- a/modules/compute-vm/main.tf
+++ b/modules/compute-vm/main.tf
@@ -376,6 +376,13 @@ resource "google_compute_instance_template" "default" {
    disk_type             = var.boot_disk.initialize_params.type
    resource_manager_tags = var.tag_bindings
    source_image          = var.boot_disk.initialize_params.image
+
+    dynamic "disk_encryption_key" {
+      for_each = var.encryption != null ? [""] : []
+      content {
+        kms_key_self_link = var.encryption.kms_key_self_link
+      }
+    }
  }

  dynamic "confidential_instance_config" {