From f503112ba15131c0eb2653b25a6a77f56a71f5fe Mon Sep 17 00:00:00 2001
From: Modular Magician <magic-modules@google.com>
Date: Thu, 25 Sep 2025 22:09:41 +0000
Subject: [PATCH] Add CMEK to vertexai IndexEndpoint (#15214)

[upstream:464f2796fb780a74235c6904d20f16c08316dd2d]

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 vertex_ai_index_endpoint_test/main.tf | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/vertex_ai_index_endpoint_test/main.tf b/vertex_ai_index_endpoint_test/main.tf
index e29365ef..10e9ca1a 100644
--- a/vertex_ai_index_endpoint_test/main.tf
+++ b/vertex_ai_index_endpoint_test/main.tf
@@ -1,3 +1,13 @@
+resource "google_project_service_identity" "vertexai_sa" {
+  service = "aiplatform.googleapis.com"
+}
+
+resource "google_kms_crypto_key_iam_member" "vertexai_encrypterdecrypter" {
+  crypto_key_id = "kms-name-${local.name_suffix}"
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member        =  google_project_service_identity.vertexai_sa.member
+}
+
 resource "google_vertex_ai_index_endpoint" "index_endpoint" {
   display_name = "sample-endpoint"
   description  = "A sample vertex endpoint"
@@ -6,6 +16,14 @@ resource "google_vertex_ai_index_endpoint" "index_endpoint" {
     label-one = "value-one"
   }
   network      = "projects/${data.google_project.project.number}/global/networks/${data.google_compute_network.vertex_network.name}"
+
+  encryption_spec {
+    kms_key_name = "kms-name-${local.name_suffix}"
+  }
+
+  depends_on = [
+    google_kms_crypto_key_iam_member.vertexai_encrypterdecrypter,
+  ]
 }
 
 data "google_compute_network" "vertex_network" {