kasm-terraform/gcp/modules/compute_instance/compute.tf

data "google_compute_image" "kasm_image" {
  project = var.source_image[0].project
  family  = var.source_image[0].family
  name    = var.source_image[0].source_image
}

data "google_compute_zones" "available" {
  region = var.kasm_region
}

resource "google_compute_instance" "kasm_instance" {
  count                     = var.number_of_instances
  name                      = var.instance_details.name == "" ? substr("${var.kasm_region}-${var.instance_details.name_prefix}-0${count.index + 1}", 0, 63) : var.instance_details.name
  description               = var.instance_details.description
  machine_type              = var.instance_details.machine_type
  deletion_protection       = var.instance_details.instance_role == "agent" ? false : var.instance_delete_protection
  tags                      = var.security_tags
  labels                    = var.resource_labels
  allow_stopping_for_update = var.allow_stopping_for_update
  metadata_startup_script   = var.cloud_init_script[count.index]
  zone                      = data.google_compute_zones.available.names[count.index]

  boot_disk {
    auto_delete = var.instance_details.disk_auto_delete
    initialize_params {
      size   = var.instance_details.disk_size_gb
      type   = var.instance_details.disk_type
      image  = data.google_compute_image.kasm_image.self_link
      labels = var.resource_labels
    }
  }

  network_interface {
    network    = var.instance_network
    subnetwork = var.instance_subnetwork
    nic_type   = var.instance_nic_type
    stack_type = var.instance_nic_stack_type

    dynamic "access_config" {
      for_each = var.public_access_config
      content {
        nat_ip                 = lookup(access_config.value, "nat_ip", null)
        public_ptr_domain_name = lookup(access_config.value, "public_ptr_domain_name", null)
        network_tier           = lookup(access_config.value, "network_tier", null)
      }
    }
  }

  shielded_instance_config {
    enable_secure_boot          = var.enable_secure_boot
    enable_vtpm                 = var.enable_instance_vtpm
    enable_integrity_monitoring = var.enable_integrity_monitoring
  }

  dynamic "service_account" {
    for_each = var.service_account
    content {
      email  = lookup(service_account.value, "email", null)
      scopes = lookup(service_account.value, "scopes", null)
    }
  }

  lifecycle {
    ignore_changes = [
      metadata["ssh-keys"]
    ]
  }
}