From 189ee7ae1add0854afbab4051923eceb44cbd341 Mon Sep 17 00:00:00 2001
From: Aleksandr Averbukh <averbukh@google.com>
Date: Sat, 23 Apr 2022 08:45:04 +0200
Subject: [PATCH] Add shielded_instance_config support for compute instance
 template

---
 CHANGELOG.md               |  1 +
 modules/compute-vm/main.tf | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ede4313f..aa82c559 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ All notable changes to this project will be documented in this file.
 - add support for [Private Service Connect](https://cloud.google.com/vpc/docs/private-service-connect#psc-subnets) and [Proxy-only](https://cloud.google.com/load-balancing/docs/proxy-only-subnets) subnets to `net-vpc` module
 - bump Google provider versions to `>= 4.17.0`
 - bump Terraform version to `>= 1.1.0`
+- add `shielded_instance_config` support for instance template on `compute-vm` module
 
 **FAST**
 
diff --git a/modules/compute-vm/main.tf b/modules/compute-vm/main.tf
index 50c1fea4..55581fee 100644
--- a/modules/compute-vm/main.tf
+++ b/modules/compute-vm/main.tf
@@ -348,6 +348,16 @@ resource "google_compute_instance_template" "default" {
     scopes = local.service_account_scopes
   }
 
+  dynamic "shielded_instance_config" {
+    for_each = var.shielded_config != null ? [var.shielded_config] : []
+    iterator = config
+    content {
+      enable_secure_boot          = config.value.enable_secure_boot
+      enable_vtpm                 = config.value.enable_vtpm
+      enable_integrity_monitoring = config.value.enable_integrity_monitoring
+    }
+  }
+
   lifecycle {
     create_before_destroy = true
   }