confidentialInstanceConfig fields required/optional swap in next major version update

[deeglaze]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

The confidential_instance_config field for compute has an attribute, "enable_confidential_compute" we wish to deprecate in favor of a new more explicit enum attribute, "confidential_instance_type" that selects the confidential computing technology for the instance.

Right now, enable_confidential_compute is required, but we want to make it optional. With https://github.com/GoogleCloudPlatform/magic-modules/pull/9847, confidential_instance_type is optional, but we want to make it required.

This is a breaking change, so it would require a major version update.

New or Affected Resource(s)

This effects the compute product's instance creation logic in a single instance, instance templates, and regional instance templates.

• confidential_instance_config

  • enable_confidential_compute
  • confidential_instance_type

• google_compute_instance_template

• google_compute_instance

Potential Terraform Configuration

resource "google_compute_instance_template" "foobar" {
  confidential_instance_type = "SEV"
}

instead of either

resource "google_compute_instance_template" "foobar" {
  enable_confidential_compute = true
  confidential_instance_type = "SEV"
}

or

resource "google_compute_instance_template" "foobar" {
  enable_confidential_compute = true
}

and furthermore

resource "google_compute_instance_template" "foobar" {
  confidential_instance_type = "SEV_SNP"
}

instead of

resource "google_compute_instance_template" "foobar" {
  enable_confidential_compute = true
  confidential_instance_type = "SEV_SNP"
}

References

https://github.com/hashicorp/terraform-provider-google/issues/14768 https://github.com/GoogleCloudPlatform/magic-modules/pull/9847

b/340524527

[c2thorn]

@roaks3 this didn't seem to get forwarded, do we need to do anything extra here?

[roaks3]

Ah yea, it looks like a service label didn't get added. Our GitHub Action looks in the "New Resources" section for resources that match this file, and didn't find any here.

I updated the description to include the resources I saw described, and manually added the service label, but please update if I've done something wrong.