From 6f4f8c591658b58ddbdd237308ddecca20066d50 Mon Sep 17 00:00:00 2001
From: Tobias Wolf <wolf@b1-systems.de>
Date: Tue, 19 Nov 2024 08:28:10 +0100
Subject: [PATCH] Add support for `shieldedInstanceInitialState` to `Image`
 resources

This commit provides support to use UEFI secure boot with `terraform-provider-google`.

Signed-off-by: Tobias Wolf <wolf@b1-systems.de>
---
 mmv1/products/compute/Image.yaml | 66 ++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/mmv1/products/compute/Image.yaml b/mmv1/products/compute/Image.yaml
index b78abce38088..d0c3a28b30aa 100644
--- a/mmv1/products/compute/Image.yaml
+++ b/mmv1/products/compute/Image.yaml
@@ -277,3 +277,69 @@ properties:
     custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.tmpl'
     resource: 'Snapshot'
     imports: 'selfLink'
+  - name: 'shieldedInstanceInitialState'
+    type: NestedObject
+    description: Set the secure boot keys of shielded instance.
+    properties:
+      - name: 'pk'
+        type: NestedObject
+        description: The Platform Key (PK).
+        properties:
+          - name: 'content'
+            type: String
+            description: |
+              The raw content in the secure keys file.
+
+              A base64-encoded string.
+            required: true
+          - name: 'fileType'
+            type: String
+            description: The file type of source file.
+      - name: 'keks'
+        type: Array
+        description: The Key Exchange Key (KEK).
+        item_type:
+          type: NestedObject
+          properties:
+            - name: 'content'
+              type: String
+              description: |
+                The raw content in the secure keys file.
+
+                A base64-encoded string.
+              required: true
+            - name: 'fileType'
+              type: String
+              description: The file type of source file.
+      - name: 'dbs'
+        type: Array
+        description: The Key Database (db).
+        item_type:
+          type: NestedObject
+          properties:
+            - name: 'content'
+              type: String
+              description: |
+                The raw content in the secure keys file.
+
+                A base64-encoded string.
+              required: true
+            - name: 'fileType'
+              type: String
+              description: The file type of source file.
+      - name: 'dbxs'
+        type: Array
+        description: The forbidden key database (dbx).
+        item_type:
+          type: NestedObject
+          properties:
+            - name: 'content'
+              type: String
+              description: |
+                The raw content in the secure keys file.
+
+                A base64-encoded string.
+              required: true
+            - name: 'fileType'
+              type: String
+              description: The file type of source file.