Support for confidential compute profiles in instance and instance te…

…mplate

ibm/service/vpc/data_source_ibm_is_instance.go

@@ -62,7 +62,16 @@ func DataSourceIBMISInstance() *schema.Resource {
 				Required:    true,
 				Description: "Instance name",
 			},
-
+			"confidential_compute_mode": &schema.Schema{
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The confidential compute mode to use for this virtual server instance.If unspecified, the default confidential compute mode from the profile will be used.",
+			},
+			"enable_secure_boot": &schema.Schema{
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Indicates whether secure boot is enabled for this virtual server instance.If unspecified, the default secure boot mode from the profile will be used.",
+			},
 			isInstanceMetadataServiceEnabled: {
 				Type:        schema.TypeBool,
 				Computed:    true,
@@ -1298,6 +1307,9 @@ func instanceGetByName(d *schema.ResourceData, meta interface{}, name string) er
 		primaryNicList = append(primaryNicList, currentPrimNic)
 		d.Set(isInstancePrimaryNetworkInterface, primaryNicList)
 	}
+	if err = d.Set("confidential_compute_mode", instance.ConfidentialComputeMode); err != nil {
+		return fmt.Errorf("Error setting confidential_compute_mode: %s", err)
+	}
 	primaryNetworkAttachment := []map[string]interface{}{}
 	if instance.PrimaryNetworkAttachment != nil {
 		modelMap, err := dataSourceIBMIsInstanceInstanceNetworkAttachmentReferenceToMap(instance.PrimaryNetworkAttachment)
@@ -1310,6 +1322,9 @@ func instanceGetByName(d *schema.ResourceData, meta interface{}, name string) er
 		return fmt.Errorf("Error setting primary_network_attachment %s", err)
 	}
 
+	if err = d.Set("enable_secure_boot", instance.EnableSecureBoot); err != nil {
+		return fmt.Errorf("Error setting enable_secure_boot: %s", err)
+	}
 	if instance.NetworkInterfaces != nil {
 		interfacesList := make([]map[string]interface{}, 0)
 		for _, intfc := range instance.NetworkInterfaces {

ibm/service/vpc/data_source_ibm_is_instance_profile.go

@@ -4,6 +4,8 @@
 package vpc
 
 import (
+	"fmt"
+
 	"github.com/IBM/vpc-go-sdk/vpcv1"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
@@ -27,6 +29,60 @@ func DataSourceIBMISInstanceProfile() *schema.Resource {
 				Required: true,
 			},
 
+			"confidential_compute_modes": &schema.Schema{
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"default": &schema.Schema{
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The default confidential compute mode for this profile.",
+						},
+						"type": &schema.Schema{
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The type for this profile field.",
+						},
+						"values": &schema.Schema{
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "The supported confidential compute modes.",
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+					},
+				},
+			},
+
+			"secure_boot_modes": &schema.Schema{
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"default": &schema.Schema{
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "The default secure boot mode for this profile.",
+						},
+						"type": &schema.Schema{
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The type for this profile field.",
+						},
+						"values": &schema.Schema{
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "The supported `enable_secure_boot` values for an instance using this profile.",
+							Elem: &schema.Schema{
+								Type: schema.TypeBool,
+							},
+						},
+					},
+				},
+			},
+
 			isInstanceProfileFamily: {
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -709,6 +765,31 @@ func instanceProfileGet(d *schema.ResourceData, meta interface{}, name string) e
 	if profile.Status != nil {
 		d.Set("status", profile.Status)
 	}
+
+	confidentialComputeModes := []map[string]interface{}{}
+	if profile.ConfidentialComputeModes != nil {
+		modelMap, err := dataSourceIBMIsInstanceProfileInstanceProfileSupportedConfidentialComputeModesToMap(profile.ConfidentialComputeModes)
+		if err != nil {
+			return (err)
+		}
+		confidentialComputeModes = append(confidentialComputeModes, modelMap)
+	}
+	if err = d.Set("confidential_compute_modes", confidentialComputeModes); err != nil {
+		return fmt.Errorf("Error setting confidential_compute_modes %s", err)
+	}
+
+	secureBootModes := []map[string]interface{}{}
+	if profile.SecureBootModes != nil {
+		modelMap, err := dataSourceIBMIsInstanceProfileInstanceProfileSupportedSecureBootModesToMap(profile.SecureBootModes)
+		if err != nil {
+			return err
+		}
+		secureBootModes = append(secureBootModes, modelMap)
+	}
+	if err = d.Set("secure_boot_modes", secureBootModes); err != nil {
+		return fmt.Errorf("Error setting secure_boot_modes %s", err)
+	}
+
 	if profile.Bandwidth != nil {
 		err = d.Set("bandwidth", dataSourceInstanceProfileFlattenBandwidth(*profile.Bandwidth.(*vpcv1.InstanceProfileBandwidth)))
 		if err != nil {
@@ -1335,3 +1416,19 @@ func dataSourceInstanceProfileNumaCountToMap(numaItem vpcv1.InstanceProfileNumaC
 
 	return numaMap
 }
+
+func dataSourceIBMIsInstanceProfileInstanceProfileSupportedSecureBootModesToMap(model *vpcv1.InstanceProfileSupportedSecureBootModes) (map[string]interface{}, error) {
+	modelMap := make(map[string]interface{})
+	modelMap["default"] = model.Default
+	modelMap["type"] = model.Type
+	modelMap["values"] = model.Values
+	return modelMap, nil
+}
+
+func dataSourceIBMIsInstanceProfileInstanceProfileSupportedConfidentialComputeModesToMap(model *vpcv1.InstanceProfileSupportedConfidentialComputeModes) (map[string]interface{}, error) {
+	modelMap := make(map[string]interface{})
+	modelMap["default"] = model.Default
+	modelMap["type"] = model.Type
+	modelMap["values"] = model.Values
+	return modelMap, nil
+}

ibm/service/vpc/data_source_ibm_is_instance_profile_test.go

@@ -46,6 +46,43 @@ func TestAccIBMISInstanceProfileDataSource_basic(t *testing.T) {
 		},
 	})
 }
+func TestAccIBMISInstanceProfileDataSource_concom(t *testing.T) {
+	resName := "data.ibm_is_instance_profile.test1"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheck(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMISInstanceProfileDataSourceConfig(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resName, "name", acc.InstanceProfileName),
+					resource.TestCheckResourceAttrSet(resName, "family"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "bandwidth.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "family"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "href"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "memory.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "architecture"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "port_speed.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "vcpu_architecture.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "vcpu_count.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "vcpu_manufacturer.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "vcpu_manufacturer.0.type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "vcpu_manufacturer.0.value"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "network_interface_count.0.type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "network_attachment_count.0.type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "network_attachment_count.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "confidential_compute_modes.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "confidential_compute_modes.0.type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "confidential_compute_modes.0.values.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "secure_boot_modes.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "secure_boot_modes.0.type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profile.test1", "secure_boot_modes.0.values.#"),
+				),
+			},
+		},
+	})
+}
 
 func testAccCheckIBMISInstanceProfileDataSourceConfig() string {
 	return fmt.Sprintf(`

ibm/service/vpc/data_source_ibm_is_instance_profiles.go

@@ -36,6 +36,59 @@ func DataSourceIBMISInstanceProfiles() *schema.Resource {
 							Computed:    true,
 							Description: "The product family this virtual server instance profile belongs to.",
 						},
+						"confidential_compute_modes": &schema.Schema{
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"default": &schema.Schema{
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The default confidential compute mode for this profile.",
+									},
+									"type": &schema.Schema{
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The type for this profile field.",
+									},
+									"values": &schema.Schema{
+										Type:        schema.TypeList,
+										Computed:    true,
+										Description: "The supported confidential compute modes.",
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+										},
+									},
+								},
+							},
+						},
+
+						"secure_boot_modes": &schema.Schema{
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"default": &schema.Schema{
+										Type:        schema.TypeBool,
+										Computed:    true,
+										Description: "The default secure boot mode for this profile.",
+									},
+									"type": &schema.Schema{
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The type for this profile field.",
+									},
+									"values": &schema.Schema{
+										Type:        schema.TypeList,
+										Computed:    true,
+										Description: "The supported `enable_secure_boot` values for an instance using this profile.",
+										Elem: &schema.Schema{
+											Type: schema.TypeBool,
+										},
+									},
+								},
+							},
+						},
 						"architecture": {
 							Type:        schema.TypeString,
 							Computed:    true,
@@ -752,6 +805,26 @@ func instanceProfilesList(d *schema.ResourceData, meta interface{}) error {
 		if profile.Href != nil {
 			l["href"] = profile.Href
 		}
+		confidentialComputeModes := []map[string]interface{}{}
+		if profile.ConfidentialComputeModes != nil {
+			modelMap, err := dataSourceIBMIsInstanceProfileInstanceProfileSupportedConfidentialComputeModesToMap(profile.ConfidentialComputeModes)
+			if err != nil {
+				return (err)
+			}
+			confidentialComputeModes = append(confidentialComputeModes, modelMap)
+		}
+		l["confidential_compute_modes"] = confidentialComputeModes
+
+		secureBootModes := []map[string]interface{}{}
+		if profile.SecureBootModes != nil {
+			modelMap, err := dataSourceIBMIsInstanceProfileInstanceProfileSupportedSecureBootModesToMap(profile.SecureBootModes)
+			if err != nil {
+				return err
+			}
+			secureBootModes = append(secureBootModes, modelMap)
+		}
+		l["secure_boot_modes"] = secureBootModes
+
 		if profile.Memory != nil {
 			memoryList := []map[string]interface{}{}
 			memoryMap := dataSourceInstanceProfileMemoryToMap(*profile.Memory.(*vpcv1.InstanceProfileMemory))

ibm/service/vpc/data_source_ibm_is_instance_profiles_test.go

@@ -47,6 +47,44 @@ func TestAccIBMISInstanceProfilesDataSource_basic(t *testing.T) {
 		},
 	})
 }
+func TestAccIBMISInstanceProfilesDataSource_concom(t *testing.T) {
+	resName := "data.ibm_is_instance_profiles.test1"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheck(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMISInstanceProfilesDataSourceConfig(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(resName, "profiles.0.name"),
+					resource.TestCheckResourceAttrSet(resName, "profiles.0.family"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.bandwidth.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.family"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.href"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.memory.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.architecture"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.port_speed.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.vcpu_architecture.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.vcpu_count.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.network_interface_count.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.network_interface_count.0.type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.network_attachment_count.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.network_attachment_count.0.type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.vcpu_manufacturer.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.vcpu_manufacturer.0.type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.vcpu_manufacturer.0.value"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.confidential_compute_modes.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.confidential_compute_modes.0.type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.confidential_compute_modes.0.values.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.secure_boot_modes.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.secure_boot_modes.0.type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_instance_profiles.test1", "profiles.0.secure_boot_modes.0.values.#"),
+				),
+			},
+		},
+	})
+}
 
 func testAccCheckIBMISInstanceProfilesDataSourceConfig() string {
 	// status filter defaults to empty

ibm/service/vpc/data_source_ibm_is_instance_template.go

@@ -75,6 +75,16 @@ func DataSourceIBMISInstanceTemplate() *schema.Resource {
 				Computed:     true,
 				ExactlyOneOf: []string{"identifier", isInstanceTemplateName},
 			},
+			"confidential_compute_mode": &schema.Schema{
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The confidential compute mode to use for this virtual server instance.If unspecified, the default confidential compute mode from the profile will be used.",
+			},
+			"enable_secure_boot": &schema.Schema{
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Indicates whether secure boot is enabled for this virtual server instance.If unspecified, the default secure boot mode from the profile will be used.",
+			},
 			isInstanceTemplateHref: {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -831,6 +841,9 @@ func dataSourceIBMISInstanceTemplateRead(context context.Context, d *schema.Reso
 		d.Set(isInstanceTemplateCrn, instance.CRN)
 		d.Set(isInstanceTemplateName, instance.Name)
 		d.Set(isInstanceTemplateUserData, instance.UserData)
+		if err = d.Set("confidential_compute_mode", instance.ConfidentialComputeMode); err != nil {
+			return diag.FromErr(fmt.Errorf("[ERROR] Error setting confidential_compute_mode: %s", err))
+		}
 		// vni
 
 		networkAttachments := []map[string]interface{}{}
@@ -859,6 +872,9 @@ func dataSourceIBMISInstanceTemplateRead(context context.Context, d *schema.Reso
 			return diag.FromErr(fmt.Errorf("[ERROR] Error setting primary_network_attachment %s", err))
 		}
 
+		if err = d.Set("enable_secure_boot", instance.EnableSecureBoot); err != nil {
+			return diag.FromErr(fmt.Errorf("[ERROR] Error setting enable_secure_boot: %s", err))
+		}
 		if instance.DefaultTrustedProfile != nil {
 			if instance.DefaultTrustedProfile.AutoLink != nil {
 				d.Set(isInstanceDefaultTrustedProfileAutoLink, instance.DefaultTrustedProfile.AutoLink)
@@ -1183,7 +1199,12 @@ func dataSourceIBMISInstanceTemplateRead(context context.Context, d *schema.Reso
 				d.Set(isInstanceTemplateCrn, instance.CRN)
 				d.Set(isInstanceTemplateName, instance.Name)
 				d.Set(isInstanceTemplateUserData, instance.UserData)
-
+				if err = d.Set("confidential_compute_mode", instance.ConfidentialComputeMode); err != nil {
+					return diag.FromErr(fmt.Errorf("[ERROR] Error setting confidential_compute_mode: %s", err))
+				}
+				if err = d.Set("enable_secure_boot", instance.EnableSecureBoot); err != nil {
+					return diag.FromErr(fmt.Errorf("[ERROR] Error setting enable_secure_boot: %s", err))
+				}
 				// catalog offering if any
 				if instance.CatalogOffering != nil {
 					catOfferingList := make([]map[string]interface{}, 0)