code review fixes

terraform-google-modules · Aug 28, 2024 · 103fb77 · 103fb77
1 parent ffa0033
commit 103fb77
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 8 deletions.
diff --git a/examples/confidential_computing/README.md b/examples/confidential_computing/README.md
@@ -0,0 +1,28 @@
+# confidential computing vm
+
+This is an example of a vm creation with confidential computing, encrypted disk
+using a Cloud HSM key and a custom service account with cloud-platform scope.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| key | Key name. | `string` | n/a | yes |
+| keyring | Keyring name. | `string` | n/a | yes |
+| location | Location for the resources (keyring, key, network, etc.). | `string` | `"us"` | no |
+| project\_id | The Google Cloud project ID. | `string` | n/a | yes |
+| region | The GCP region to create and test resources in. | `string` | `"us-central1"` | no |
+| subnetwork | The subnetwork selflink to host the compute instances in. | `string` | n/a | yes |
+| suffix | A suffix to be used as an identifier for resources. (e.g., suffix for KMS Key, Keyring). | `string` | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| instance\_self\_link | Self-link for compute instance. |
+| name | Name of the instance templates. |
+| self\_link | Self-link to the instance template. |
+| suffix | Suffix used as an identifier for resources. |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/confidential_computing/main.tf b/examples/confidential_computing/main.tf
@@ -15,7 +15,7 @@
  */
 
 locals {
-  default_suffix = var.suffix == "" ? random_string.suffix.result : var.suffix
+  default_suffix = var.suffix == "" ? random_string.suffix.result : "${random_string.suffix.result}-${var.suffix}"
   key_name       = "${var.key}-${local.default_suffix}"
 }
 
@@ -40,7 +40,7 @@ module "kms" {
 
 resource "google_service_account" "default" {
   project      = var.project_id
-  account_id   = "confidential-compute-sa-${local.default_suffix}"
+  account_id   = "confidential-compute-sa"
   display_name = "Custom SA for confidential VM Instance"
 }
 

diff --git a/examples/confidential_computing/outputs.tf b/examples/confidential_computing/outputs.tf
@@ -26,7 +26,7 @@ output "name" {
 }
 
 output "instance_self_link" {
-  description = "Self-link for compute instance"
+  description = "Self-link for compute instance."
   value       = module.compute_instance.instances_self_links[0]
 }
 

diff --git a/examples/confidential_computing/variables.tf b/examples/confidential_computing/variables.tf
@@ -33,11 +33,11 @@ variable "subnetwork" {
 variable "location" {
   description = "Location for the resources (keyring, key, network, etc.)."
   type        = string
-  default     = "global"
+  default     = "us"
 }
 
 variable "suffix" {
-  description = "A suffix to be used as an identifier for resources. (e.g., suffix for KMS Key, Keyring, SAs, etc.)."
+  description = "A suffix to be used as an identifier for resources. (e.g., suffix for KMS Key, Keyring)."
   type        = string
   default     = ""
 }

diff --git a/test/integration/confidential_compute_instance/confidential_compute_instance_test.go b/test/integration/confidential_compute_instance/confidential_compute_instance_test.go
@@ -41,11 +41,11 @@ func TestConfidentialInstanceTemplate(t *testing.T) {
 		assert.Equal("MIGRATE", computeInstance.Get("scheduling").Get("onHostMaintenance").String())
 		serviceAccounts := computeInstance.Get("serviceAccounts").Array()
 		assert.Len(serviceAccounts, 1)
-		defaultSuffix := confCompInst.GetStringOutput("suffix")
-		assert.Equal(fmt.Sprintf("confidential-compute-sa-%s@%s.iam.gserviceaccount.com", defaultSuffix, projectId), serviceAccounts[0].Get("email").String())
+		assert.Equal(fmt.Sprintf("confidential-compute-sa@%s.iam.gserviceaccount.com", projectId), serviceAccounts[0].Get("email").String())
 		disks := computeInstance.Get("disks").Array()
 		assert.Len(disks, 1)
-		assert.Equal(fmt.Sprintf("projects/%s/locations/global/keyRings/key-ring-test-%s/cryptoKeys/key-test-%s/cryptoKeyVersions/1", projectId, defaultSuffix, defaultSuffix), disks[0].Get("diskEncryptionKey").Get("kmsKeyName").String())
+		defaultSuffix := confCompInst.GetStringOutput("suffix")
+		assert.Equal(fmt.Sprintf("projects/%s/locations/us/keyRings/key-ring-test-%s/cryptoKeys/key-test-%s/cryptoKeyVersions/1", projectId, defaultSuffix, defaultSuffix), disks[0].Get("diskEncryptionKey").Get("kmsKeyName").String())
 	})
 	confCompInst.Test()
 }