Feat add cas custom cdp aia support (GoogleCloudPlatform#12452)

Author: sophyawu09

mmv1/products/privateca/CertificateAuthority.yaml

@@ -105,7 +105,7 @@ examples:
     # Skip test because it depends on a beta resource, but PrivateCA does
     # not have a beta endpoint
     exclude_test: true
-      # Multiple IAM bindings on the same key cause non-determinism
+    # Multiple IAM bindings on the same key cause non-determinism
     skip_vcr: true
   - name: 'privateca_certificate_authority_custom_ski'
     primary_resource_id: 'default'
@@ -126,6 +126,19 @@ examples:
     exclude_test: true
     # Multiple IAM bindings on the same key cause non-determinism
     skip_vcr: true
+  - name: 'privateca_certificate_authority_basic_with_custom_cdp_aia_urls'
+    primary_resource_id: 'default'
+    vars:
+      certificate_authority_id: 'my-certificate-authority'
+      pool_name: 'ca-pool'
+      pool_location: 'us-central1'
+      deletion_protection: 'true'
+    test_vars_overrides:
+      'pool_name': 'acctest.BootstrapSharedCaPoolInLocation(t, "us-central1")'
+      'pool_location': '"us-central1"'
+      'deletion_protection': 'false'
+    ignore_read_extra:
+      - 'deletion_protection'
 virtual_fields:
   - name: 'deletion_protection'
     description: |
@@ -638,7 +651,7 @@ properties:
       "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine
       fractional digits, terminated by 's'. Example: "3.5s".
     immutable: true
- # 10 years
+    # 10 years
     default_value: "315360000s"
   - name: 'keySpec'
     type: NestedObject
@@ -785,3 +798,21 @@ properties:
 
       An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass":
       "1.3kg", "count": "3" }.
+  - name: 'userDefinedAccessUrls'
+    type: NestedObject
+    description: |
+      Custom URLs for accessing content published by this CA, such as the CA certificate and CRLs,
+      that can be specified by users.
+    properties:
+      - name: 'aiaIssuingCertificateUrls'
+        type: Array
+        description: |
+          A list of URLs where this CertificateAuthority's CA certificate is published that is specified by users.
+        item_type:
+          type: String
+      - name: 'crlAccessUrls'
+        type: Array
+        description: |
+          A list of URLs where this CertificateAuthority's CRLs are published that is specified by users.
+        item_type:
+          type: String

mmv1/templates/terraform/examples/privateca_certificate_authority_basic_with_custom_cdp_aia_urls.tf.tmpl

@@ -0,0 +1,40 @@
+resource "google_privateca_certificate_authority" "{{$.PrimaryResourceId}}" {
+  // This example assumes this pool already exists.
+  // Pools cannot be deleted in normal test circumstances, so we depend on static pools
+  pool = "{{index $.Vars "pool_name"}}"
+  certificate_authority_id = "{{index $.Vars "certificate_authority_id"}}"
+  location = "{{index $.Vars "pool_location"}}"
+  deletion_protection = {{index $.Vars "deletion_protection"}}
+  config {
+    subject_config {
+      subject {
+        organization = "ACME"
+        common_name = "my-certificate-authority"
+      }
+    }
+    x509_config {
+      ca_options {
+        # is_ca *MUST* be true for certificate authorities
+        is_ca = true
+      }
+      key_usage {
+        base_key_usage {
+          # cert_sign and crl_sign *MUST* be true for certificate authorities
+          cert_sign = true
+          crl_sign = true
+        }
+        extended_key_usage {
+        }
+      }
+    }
+  }
+  # valid for 10 years
+  lifetime = "${10 * 365 * 24 * 3600}s"
+  key_spec {
+    algorithm = "RSA_PKCS1_4096_SHA256"
+  }
+  user_defined_access_urls {
+    aia_issuing_certificate_urls = ["http://example.com/ca.crt", "http://example.com/anotherca.crt"]
+    crl_access_urls = ["http://example.com/crl1.crt", "http://example.com/crl2.crt"]
+  }
+}