From 2defaed545caa31144703f06462c22cae6a5e054 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kov=C3=A1cs=20D=C3=A1vid?= <david-kovacs@t-systems.com>
Date: Mon, 9 Dec 2024 10:30:58 +0100
Subject: [PATCH] Add disk encyption key to the
 google_compute_instance_template - Sovereign support (#2750)

* add disk encyption key to the google_compute_instance_template

* add a condition to the kms_key_self_link

* use dynamic variable for disk_encryption_key

* remove the getpip from the repo

---------

Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
---
 modules/compute-vm/main.tf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/compute-vm/main.tf b/modules/compute-vm/main.tf
index 56adefae3e..1a1c97e2b0 100644
--- a/modules/compute-vm/main.tf
+++ b/modules/compute-vm/main.tf
@@ -376,6 +376,13 @@ resource "google_compute_instance_template" "default" {
     disk_type             = var.boot_disk.initialize_params.type
     resource_manager_tags = var.tag_bindings
     source_image          = var.boot_disk.initialize_params.image
+
+    dynamic "disk_encryption_key" {
+      for_each = var.encryption != null ? [""] : []
+      content {
+        kms_key_self_link = var.encryption.kms_key_self_link
+      }
+    }
   }
 
   dynamic "confidential_instance_config" {