66 "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
77)
88
9- func TestAccPrivatecaCertificateAuthority_rootCaIsEnabledByDefault (t * testing.T ) {
9+ func TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityUpdate (t * testing.T ) {
1010 t .Parallel ()
1111
1212 context := map [string ]interface {}{
@@ -16,119 +16,19 @@ func TestAccPrivatecaCertificateAuthority_rootCaIsEnabledByDefault(t *testing.T)
1616 "random_suffix" : randString (t , 10 ),
1717 }
1818
19- resourceName := "google_privateca_certificate_authority.default"
2019 vcrTest (t , resource.TestCase {
2120 PreCheck : func () { testAccPreCheck (t ) },
2221 Providers : testAccProviders ,
2322 CheckDestroy : testAccCheckPrivatecaCertificateAuthorityDestroyProducer (t ),
2423 Steps : []resource.TestStep {
2524 {
2625 Config : testAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityBasicRoot (context ),
26+ // we added a `desired_state` field in https://github.com/GoogleCloudPlatform/magic-modules/pull/5934, this ensures
27+ // we don't regress and that CAs are enabled by default
2728 Check : resource .ComposeTestCheckFunc (
28- resource .TestCheckResourceAttr (resourceName , "state" , "ENABLED" ),
29- ),
30- },
31- },
32- })
33- }
34-
35- func TestAccPrivatecaCertificateAuthority_rootCaCreatedInStaged (t * testing.T ) {
36- t .Parallel ()
37-
38- context := map [string ]interface {}{
39- "pool_name" : BootstrapSharedCaPoolInLocation (t , "us-central1" ),
40- "pool_location" : "us-central1" ,
41- "deletion_protection" : false ,
42- "random_suffix" : randString (t , 10 ),
43- "desired_state" : "STAGED" ,
44- }
45-
46- resourceName := "google_privateca_certificate_authority.default"
47- vcrTest (t , resource.TestCase {
48- PreCheck : func () { testAccPreCheck (t ) },
49- Providers : testAccProviders ,
50- CheckDestroy : testAccCheckPrivatecaCertificateAuthorityDestroyProducer (t ),
51- Steps : []resource.TestStep {
52- {
53- Config : testAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityWithDesiredState (context ),
54- Check : resource .ComposeTestCheckFunc (
55- resource .TestCheckResourceAttr (resourceName , "state" , "STAGED" ),
56- ),
57- },
58- },
59- })
60- }
61-
62- func TestAccPrivatecaCertificateAuthority_subordinateCaCreatedInAwaitingUserActivation (t * testing.T ) {
63- t .Parallel ()
64-
65- context := map [string ]interface {}{
66- "pool_name" : BootstrapSharedCaPoolInLocation (t , "us-central1" ),
67- "pool_location" : "us-central1" ,
68- "deletion_protection" : false ,
69- "random_suffix" : randString (t , 10 ),
70- }
71-
72- resourceName := "google_privateca_certificate_authority.default"
73- vcrTest (t , resource.TestCase {
74- PreCheck : func () { testAccPreCheck (t ) },
75- Providers : testAccProviders ,
76- CheckDestroy : testAccCheckPrivatecaCertificateAuthorityDestroyProducer (t ),
77- Steps : []resource.TestStep {
78- {
79- Config : testAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityBasicSubordinate (context ),
80- Check : resource .ComposeTestCheckFunc (
81- resource .TestCheckResourceAttr (resourceName , "state" , "AWAITING_USER_ACTIVATION" ),
82- ),
83- },
84- },
85- })
86- }
87-
88- func TestAccPrivatecaCertificateAuthority_subordinateCaActivatedByFirstPartyIssuerOnCreation (t * testing.T ) {
89- t .Parallel ()
90-
91- context := map [string ]interface {}{
92- "pool_name" : BootstrapSharedCaPoolInLocation (t , "us-central1" ),
93- "pool_location" : "us-central1" ,
94- "deletion_protection" : false ,
95- "random_suffix" : randString (t , 10 ),
96- }
97-
98- resourceName := "google_privateca_certificate_authority.default"
99- vcrTest (t , resource.TestCase {
100- PreCheck : func () { testAccPreCheck (t ) },
101- Providers : testAccProviders ,
102- CheckDestroy : testAccCheckPrivatecaCertificateAuthorityDestroyProducer (t ),
103- Steps : []resource.TestStep {
104- {
105- Config : testAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateWithFirstPartyIssuer (context ),
106- Check : resource .ComposeTestCheckFunc (
107- resource .TestCheckResourceAttr (resourceName , "state" , "ENABLED" ),
29+ resource .TestCheckResourceAttr ("google_privateca_certificate_authority.default" , "state" , "ENABLED" ),
10830 ),
10931 },
110- },
111- })
112- }
113-
114- func TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityUpdate (t * testing.T ) {
115- t .Parallel ()
116-
117- context := map [string ]interface {}{
118- "pool_name" : BootstrapSharedCaPoolInLocation (t , "us-central1" ),
119- "pool_location" : "us-central1" ,
120- "deletion_protection" : false ,
121- "random_suffix" : randString (t , 10 ),
122- }
123-
124- vcrTest (t , resource.TestCase {
125- PreCheck : func () { testAccPreCheck (t ) },
126- Providers : testAccProviders ,
127- CheckDestroy : testAccCheckPrivatecaCertificateAuthorityDestroyProducer (t ),
128- Steps : []resource.TestStep {
129- {
130- Config : testAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityBasicRoot (context ),
131- },
13232 {
13333 ResourceName : "google_privateca_certificate_authority.default" ,
13434 ImportState : true ,
@@ -381,168 +281,3 @@ resource "google_privateca_certificate_authority" "default" {
381281}
382282` , context )
383283}
384-
385- func testAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityBasicSubordinate (context map [string ]interface {}) string {
386- return Nprintf (`
387- resource "google_privateca_certificate_authority" "default" {
388- // This example assumes this pool already exists.
389- // Pools cannot be deleted in normal test circumstances, so we depend on static pools
390- pool = "%{pool_name}"
391- certificate_authority_id = "tf-test-my-certificate-authority-%{random_suffix}"
392- location = "%{pool_location}"
393- deletion_protection = false
394- config {
395- subject_config {
396- subject {
397- organization = "HashiCorp"
398- common_name = "my-certificate-authority"
399- }
400- subject_alt_name {
401- dns_names = ["hashicorp.com"]
402- }
403- }
404- x509_config {
405- ca_options {
406- is_ca = true
407- max_issuer_path_length = 10
408- }
409- key_usage {
410- base_key_usage {
411- digital_signature = true
412- content_commitment = true
413- key_encipherment = false
414- data_encipherment = true
415- key_agreement = true
416- cert_sign = true
417- crl_sign = true
418- decipher_only = true
419- }
420- extended_key_usage {
421- server_auth = true
422- client_auth = false
423- email_protection = true
424- code_signing = true
425- time_stamping = true
426- }
427- }
428- }
429- }
430- lifetime = "86400s"
431- key_spec {
432- algorithm = "RSA_PKCS1_4096_SHA256"
433- }
434- type = "SUBORDINATE"
435- }
436- ` , context )
437- }
438-
439- // testAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateWithFirstPartyIssuer provides a config
440- // which contains
441- // * A root CA
442- // * A subordinate CA which should be activated by the above root CA
443- func testAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateWithFirstPartyIssuer (context map [string ]interface {}) string {
444- return Nprintf (`
445- resource "google_privateca_certificate_authority" "root-1" {
446- // This example assumes this pool already exists.
447- // Pools cannot be deleted in normal test circumstances, so we depend on static pools
448- pool = "%{pool_name}"
449- certificate_authority_id = "tf-test-my-certificate-authority-root-%{random_suffix}"
450- location = "%{pool_location}"
451- deletion_protection = false
452- ignore_active_certificates_on_deletion = true
453- config {
454- subject_config {
455- subject {
456- organization = "HashiCorp"
457- common_name = "my-certificate-authority"
458- }
459- subject_alt_name {
460- dns_names = ["hashicorp.com"]
461- }
462- }
463- x509_config {
464- ca_options {
465- is_ca = true
466- max_issuer_path_length = 10
467- }
468- key_usage {
469- base_key_usage {
470- digital_signature = true
471- content_commitment = true
472- key_encipherment = false
473- data_encipherment = true
474- key_agreement = true
475- cert_sign = true
476- crl_sign = true
477- decipher_only = true
478- }
479- extended_key_usage {
480- server_auth = true
481- client_auth = false
482- email_protection = true
483- code_signing = true
484- time_stamping = true
485- }
486- }
487- }
488- }
489- lifetime = "86400s"
490- key_spec {
491- algorithm = "RSA_PKCS1_4096_SHA256"
492- }
493- }
494-
495- resource "google_privateca_certificate_authority" "default" {
496- // This example assumes this pool already exists.
497- // Pools cannot be deleted in normal test circumstances, so we depend on static pools
498- pool = "%{pool_name}"
499- certificate_authority_id = "tf-test-my-certificate-authority-sub-%{random_suffix}"
500- location = "%{pool_location}"
501- deletion_protection = false
502- subordinate_config {
503- certificate_authority = google_privateca_certificate_authority.root-1.name
504- }
505- config {
506- subject_config {
507- subject {
508- organization = "HashiCorp"
509- common_name = "my-certificate-authority"
510- }
511- subject_alt_name {
512- dns_names = ["hashicorp.com"]
513- }
514- }
515- x509_config {
516- ca_options {
517- is_ca = true
518- max_issuer_path_length = 10
519- }
520- key_usage {
521- base_key_usage {
522- digital_signature = true
523- content_commitment = true
524- key_encipherment = false
525- data_encipherment = true
526- key_agreement = true
527- cert_sign = true
528- crl_sign = true
529- decipher_only = true
530- }
531- extended_key_usage {
532- server_auth = true
533- client_auth = false
534- email_protection = true
535- code_signing = true
536- time_stamping = true
537- }
538- }
539- }
540- }
541- lifetime = "86400s"
542- key_spec {
543- algorithm = "RSA_PKCS1_4096_SHA256"
544- }
545- type = "SUBORDINATE"
546- }
547- ` , context )
548- }
0 commit comments