Open milesarmstrong opened 1 year ago
Support Case: 46330995
@milesarmstrong This particular resource ComputeInstance
is implemented based on Terraform so it may require an update in the underlying Terraform resource first. [1]
We have received the case, and we are working with Terraform team internally to see if they can prioritize the update. It will also be helpful if you can provide more context and share the importance of the feature request to GCP support.
This will help the Terraform team to prioritize the required work.
Checklist
Describe the feature or resource
The
ComputeInstance
resource supportsspec.bootDisk.diskEncryptionKeyRaw
only.The REST API for instances supports
disks[].diskEncryptionKey.rsaEncryptedKey
.Please add
ComputeInstance
support for RSA-wrapped CSEKs.Note: It looks like
ComputeDisk
supportsspec.diskEncryptionKey.rsaEncryptedKey
, but we need a boot disk that is deleted when the instance is deleted, hence needing support inComputeInstance
.Additional information
https://cloud.google.com/compute/docs/disks/customer-supplied-encryption#encrypt_a_new_persistent_disk_with_csek
https://cloud.google.com/compute/docs/disks/customer-supplied-encryption#gcloud
Importance
This is currently a blocker. I will open a Google Cloud Support case as well.