feat: add/remove TPM module when editing and cloning r/virtual_machine (#2542)

spacegospod · web-flow · commit db21a080528b · 2025-05-30T09:42:52.000-04:00
Signed-off-by: Stoyan Zhelyazkov &lt;stoyan.zhelyazkov@broadcom.com&gt;
diff --git a/vsphere/internal/virtualdevice/virtual_machine_device_subresource.go b/vsphere/internal/virtualdevice/virtual_machine_device_subresource.go
@@ -1151,3 +1151,54 @@ func PciPassthroughPostCloneOperation(d *schema.ResourceData, c *govmomi.Client,
 	}
 	return applyConfig.VirtualDevice, applyConfig.Spec, nil
 }
+
+func VtpmApplyOperation(d *schema.ResourceData, l object.VirtualDeviceList) (object.VirtualDeviceList, []types.BaseVirtualDeviceConfigSpec, error) {
+	vtpmConfigRaw := d.Get("vtpm")
+	vtpmConfig := vtpmConfigRaw.([]interface{})
+
+	// There can only be one TPM module per virtual machine
+	// so we only expect 1 element in this slice at the most
+	vtpmDevices := l.Select(func(device types.BaseVirtualDevice) bool {
+		if _, ok := device.(*types.VirtualTPM); ok {
+			return true
+		}
+		return false
+	})
+
+	var specs []types.BaseVirtualDeviceConfigSpec
+
+	if len(vtpmDevices) > len(vtpmConfig) {
+		// delete device
+		spec := &types.VirtualDeviceConfigSpec{
+			Operation: types.VirtualDeviceConfigSpecOperationRemove,
+			Device: &types.VirtualTPM{
+				VirtualDevice: types.VirtualDevice{
+					Key: vtpmDevices[0].GetVirtualDevice().Key,
+				},
+			},
+		}
+
+		specs = append(specs, spec)
+	}
+
+	if len(vtpmConfig) > len(vtpmDevices) {
+		// create device
+		spec := &types.VirtualDeviceConfigSpec{
+			Operation: types.VirtualDeviceConfigSpecOperationAdd,
+			Device: &types.VirtualTPM{
+				VirtualDevice: types.VirtualDevice{
+					Key: -1,
+				},
+			},
+		}
+
+		specs = append(specs, spec)
+	}
+
+	if len(specs) > 0 {
+		_ = d.Set("reboot_required", true)
+	}
+
+	l = applyDeviceChange(l, specs)
+	return l, specs, nil
+}
diff --git a/vsphere/resource_vsphere_virtual_machine.go b/vsphere/resource_vsphere_virtual_machine.go
@@ -753,18 +753,6 @@ func resourceVSphereVirtualMachineUpdate(d *schema.ResourceData, meta interface{
 		return err
 	}
 
-	if d.HasChange("vtpm") {
-
-		spec.DeviceChange = append(spec.DeviceChange, &types.VirtualDeviceConfigSpec{
-			Operation: types.VirtualDeviceConfigSpecOperationAdd,
-			Device: &types.VirtualTPM{
-				VirtualDevice: types.VirtualDevice{
-					Key: -1,
-				},
-			},
-		})
-	}
-
 	// Only carry out the reconfigure if we actually have a change to process.
 	cv := virtualmachine.GetHardwareVersionNumber(vprops.Config.Version)
 	tv := d.Get("hardware_version").(int)
@@ -1403,17 +1391,6 @@ func resourceVSphereVirtualMachineCreateBareStandard(
 		VmPathName: fmt.Sprintf("[%s]", ds.Name()),
 	}
 
-	if vtpms, ok := d.GetOk("vtpm"); ok && len(vtpms.([]interface{})) > 0 {
-		spec.DeviceChange = append(spec.DeviceChange, &types.VirtualDeviceConfigSpec{
-			Operation: types.VirtualDeviceConfigSpecOperationAdd,
-			Device: &types.VirtualTPM{
-				VirtualDevice: types.VirtualDevice{
-					Key: -1,
-				},
-			},
-		})
-	}
-
 	timeout := meta.(*Client).timeout
 	vm, err := virtualmachine.Create(client, fo, spec, pool, hs, timeout)
 	if err != nil {
@@ -1739,6 +1716,18 @@ func resourceVSphereVirtualMachinePostDeployChanges(d *schema.ResourceData, meta
 		)
 	}
 	cfgSpec.DeviceChange = virtualdevice.AppendDeviceChangeSpec(cfgSpec.DeviceChange, delta...)
+
+	// VTPM
+	devices, delta, err = virtualdevice.VtpmApplyOperation(d, devices)
+	if err != nil {
+		return resourceVSphereVirtualMachineRollbackCreate(
+			d,
+			meta,
+			vm,
+			fmt.Errorf("error processing VTPM device changes post-clone: %s", err),
+		)
+	}
+	cfgSpec.DeviceChange = virtualdevice.AppendDeviceChangeSpec(cfgSpec.DeviceChange, delta...)
 	log.Printf("[DEBUG] %s: Final device list: %s", resourceVSphereVirtualMachineIDString(d), virtualdevice.DeviceListString(devices))
 	log.Printf("[DEBUG] %s: Final device change cfgSpec: %s", resourceVSphereVirtualMachineIDString(d), virtualdevice.DeviceChangeString(cfgSpec.DeviceChange))
 
@@ -2043,6 +2032,13 @@ func applyVirtualDevices(d *schema.ResourceData, c *govmomi.Client, l object.Vir
 		return nil, err
 	}
 	spec = virtualdevice.AppendDeviceChangeSpec(spec, delta...)
+
+	// VTPM
+	l, delta, err = virtualdevice.VtpmApplyOperation(d, l)
+	if err != nil {
+		return nil, err
+	}
+	spec = virtualdevice.AppendDeviceChangeSpec(spec, delta...)
 	log.Printf("[DEBUG] %s: Final device list: %s", resourceVSphereVirtualMachineIDString(d), virtualdevice.DeviceListString(l))
 	log.Printf("[DEBUG] %s: Final device change spec: %s", resourceVSphereVirtualMachineIDString(d), virtualdevice.DeviceChangeString(spec))
 	return spec, nil
diff --git a/vsphere/resource_vsphere_virtual_machine_test.go b/vsphere/resource_vsphere_virtual_machine_test.go
