From 1625d0632039912f7de79c1eecde24574b07540d Mon Sep 17 00:00:00 2001
From: The Magician <magic-modules@google.com>
Date: Fri, 7 May 2021 12:48:34 -0700
Subject: [PATCH] Add support for setting kms_key_name on machine image (#4771)
 (#9107)

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 .changelog/4771.txt                           |  3 +
 .../r/compute_machine_image.html.markdown     | 59 +++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 .changelog/4771.txt

diff --git a/.changelog/4771.txt b/.changelog/4771.txt
new file mode 100644
index 00000000000..9e18b5ac12f
--- /dev/null
+++ b/.changelog/4771.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added support for setting `kms_key_name` on `google_compute_machine_image`
+```
diff --git a/website/docs/r/compute_machine_image.html.markdown b/website/docs/r/compute_machine_image.html.markdown
index 0961621988d..51b540d8830 100644
--- a/website/docs/r/compute_machine_image.html.markdown
+++ b/website/docs/r/compute_machine_image.html.markdown
@@ -66,6 +66,64 @@ resource "google_compute_machine_image" "image" {
   source_instance = google_compute_instance.vm.self_link
 }
 ```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=compute_machine_image_kms&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Compute Machine Image Kms
+
+
+```hcl
+resource "google_compute_instance" "vm" {
+  provider     = google-beta
+  name         = "vm"
+  machine_type = "e2-medium"
+
+  boot_disk {
+    initialize_params {
+      image = "debian-cloud/debian-9"
+    }
+  }
+
+  network_interface {
+    network = "default"
+  }
+}
+
+resource "google_compute_machine_image" "image" {
+  provider        = google-beta
+  name            = "image"
+  source_instance = google_compute_instance.vm.self_link
+  machine_image_encryption_key {
+    kms_key_name = google_kms_crypto_key.crypto_key.id
+  }
+  depends_on = [google_project_iam_member.kms-project-binding]
+}
+
+resource "google_kms_crypto_key" "crypto_key" {
+  provider = google-beta
+  name     = "key"
+  key_ring = google_kms_key_ring.key_ring.id
+}
+
+resource "google_kms_key_ring" "key_ring" {
+  provider = google-beta
+  name     = "keyring"
+  location = "us"
+}
+
+data "google_project" "project" {
+  provider = google-beta
+}
+
+resource "google_project_iam_member" "kms-project-binding" {
+  provider = google-beta
+  project  = data.google_project.project.project_id
+  role     = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member   = "serviceAccount:service-${data.google_project.project.number}@compute-system.iam.gserviceaccount.com"
+}
+```
 
 ## Argument Reference
 
@@ -117,6 +175,7 @@ The `machine_image_encryption_key` block supports:
   customer-supplied encryption key that protects this resource.
 
 * `kms_key_name` -
+  (Optional)
   The name of the encryption key that is stored in Google Cloud KMS.
 
 * `kms_key_service_account` -