add certificate manager public CA external account key resource (#8171) (#14983)

Signed-off-by: Modular Magician <[email protected]>
Co-authored-by: Riley Karson <[email protected]>

Author: modular-magician

.changelog/8171.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+`google_certificate_manager_public_ca_external_account_key`
+```

google/config_test_utils.go

@@ -93,6 +93,7 @@ func configureTestBasePaths(c *transport_tpg.Config, url string) {
 	c.OSConfigBasePath = url
 	c.OSLoginBasePath = url
 	c.PrivatecaBasePath = url
+	c.PublicCABasePath = url
 	c.PubsubBasePath = url
 	c.PubsubLiteBasePath = url
 	c.RedisBasePath = url

google/framework_provider.go

@@ -533,6 +533,12 @@ func (p *FrameworkProvider) Schema(_ context.Context, _ provider.SchemaRequest,
 					transport_tpg.CustomEndpointValidator(),
 				},
 			},
+			"public_ca_custom_endpoint": &schema.StringAttribute{
+				Optional: true,
+				Validators: []validator.String{
+					transport_tpg.CustomEndpointValidator(),
+				},
+			},
 			"pubsub_custom_endpoint": &schema.StringAttribute{
 				Optional: true,
 				Validators: []validator.String{

google/fwmodels/provider_model.go

@@ -94,6 +94,7 @@ type ProviderModel struct {
 	OSConfigCustomEndpoint                 types.String `tfsdk:"os_config_custom_endpoint"`
 	OSLoginCustomEndpoint                  types.String `tfsdk:"os_login_custom_endpoint"`
 	PrivatecaCustomEndpoint                types.String `tfsdk:"privateca_custom_endpoint"`
+	PublicCACustomEndpoint                 types.String `tfsdk:"public_ca_custom_endpoint"`
 	PubsubCustomEndpoint                   types.String `tfsdk:"pubsub_custom_endpoint"`
 	PubsubLiteCustomEndpoint               types.String `tfsdk:"pubsub_lite_custom_endpoint"`
 	RedisCustomEndpoint                    types.String `tfsdk:"redis_custom_endpoint"`

google/fwtransport/framework_config.go

@@ -118,6 +118,7 @@ type FrameworkProviderConfig struct {
 	OSConfigBasePath                 string
 	OSLoginBasePath                  string
 	PrivatecaBasePath                string
+	PublicCABasePath                 string
 	PubsubBasePath                   string
 	PubsubLiteBasePath               string
 	RedisBasePath                    string
@@ -249,6 +250,7 @@ func (p *FrameworkProviderConfig) LoadAndValidateFramework(ctx context.Context,
 	p.OSConfigBasePath = data.OSConfigCustomEndpoint.ValueString()
 	p.OSLoginBasePath = data.OSLoginCustomEndpoint.ValueString()
 	p.PrivatecaBasePath = data.PrivatecaCustomEndpoint.ValueString()
+	p.PublicCABasePath = data.PublicCACustomEndpoint.ValueString()
 	p.PubsubBasePath = data.PubsubCustomEndpoint.ValueString()
 	p.PubsubLiteBasePath = data.PubsubLiteCustomEndpoint.ValueString()
 	p.RedisBasePath = data.RedisCustomEndpoint.ValueString()
@@ -949,6 +951,14 @@ func (p *FrameworkProviderConfig) HandleDefaults(ctx context.Context, data *fwmo
 			data.PrivatecaCustomEndpoint = types.StringValue(customEndpoint.(string))
 		}
 	}
+	if data.PublicCACustomEndpoint.IsNull() {
+		customEndpoint := transport_tpg.MultiEnvDefault([]string{
+			"GOOGLE_PUBLIC_CA_CUSTOM_ENDPOINT",
+		}, transport_tpg.DefaultBasePaths[transport_tpg.PublicCABasePathKey])
+		if customEndpoint != nil {
+			data.PublicCACustomEndpoint = types.StringValue(customEndpoint.(string))
+		}
+	}
 	if data.PubsubCustomEndpoint.IsNull() {
 		customEndpoint := transport_tpg.MultiEnvDefault([]string{
 			"GOOGLE_PUBSUB_CUSTOM_ENDPOINT",

google/provider/provider.go

@@ -82,6 +82,7 @@ import (
 	"github.com/hashicorp/terraform-provider-google/google/services/osconfig"
 	"github.com/hashicorp/terraform-provider-google/google/services/oslogin"
 	"github.com/hashicorp/terraform-provider-google/google/services/privateca"
+	"github.com/hashicorp/terraform-provider-google/google/services/publicca"
 	"github.com/hashicorp/terraform-provider-google/google/services/pubsub"
 	"github.com/hashicorp/terraform-provider-google/google/services/pubsublite"
 	"github.com/hashicorp/terraform-provider-google/google/services/redis"
@@ -564,6 +565,11 @@ func Provider() *schema.Provider {
 				Optional:     true,
 				ValidateFunc: transport_tpg.ValidateCustomEndpoint,
 			},
+			"public_ca_custom_endpoint": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: transport_tpg.ValidateCustomEndpoint,
+			},
 			"pubsub_custom_endpoint": {
 				Type:         schema.TypeString,
 				Optional:     true,
@@ -920,9 +926,9 @@ func DatasourceMapWithErrors() (map[string]*schema.Resource, error) {
 		})
 }
 
-// Generated resources: 291
+// Generated resources: 292
 // Generated IAM resources: 195
-// Total generated resources: 486
+// Total generated resources: 487
 func ResourceMap() map[string]*schema.Resource {
 	resourceMap, _ := ResourceMapWithErrors()
 	return resourceMap
@@ -1338,6 +1344,7 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
 			"google_privateca_certificate_template_iam_binding":              tpgiamresource.ResourceIamBinding(privateca.PrivatecaCertificateTemplateIamSchema, privateca.PrivatecaCertificateTemplateIamUpdaterProducer, privateca.PrivatecaCertificateTemplateIdParseFunc),
 			"google_privateca_certificate_template_iam_member":               tpgiamresource.ResourceIamMember(privateca.PrivatecaCertificateTemplateIamSchema, privateca.PrivatecaCertificateTemplateIamUpdaterProducer, privateca.PrivatecaCertificateTemplateIdParseFunc),
 			"google_privateca_certificate_template_iam_policy":               tpgiamresource.ResourceIamPolicy(privateca.PrivatecaCertificateTemplateIamSchema, privateca.PrivatecaCertificateTemplateIamUpdaterProducer, privateca.PrivatecaCertificateTemplateIdParseFunc),
+			"google_public_ca_external_account_key":                          publicca.ResourcePublicCAExternalAccountKey(),
 			"google_pubsub_schema":                                           pubsub.ResourcePubsubSchema(),
 			"google_pubsub_subscription":                                     pubsub.ResourcePubsubSubscription(),
 			"google_pubsub_topic":                                            pubsub.ResourcePubsubTopic(),
@@ -1710,6 +1717,7 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData, p *schema.Pr
 	config.OSConfigBasePath = d.Get("os_config_custom_endpoint").(string)
 	config.OSLoginBasePath = d.Get("os_login_custom_endpoint").(string)
 	config.PrivatecaBasePath = d.Get("privateca_custom_endpoint").(string)
+	config.PublicCABasePath = d.Get("public_ca_custom_endpoint").(string)
 	config.PubsubBasePath = d.Get("pubsub_custom_endpoint").(string)
 	config.PubsubLiteBasePath = d.Get("pubsub_lite_custom_endpoint").(string)
 	config.RedisBasePath = d.Get("redis_custom_endpoint").(string)

google/resource_public_ca_external_account_key_generated_test.go

@@ -0,0 +1,54 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package google
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+)
+
+func TestAccPublicCAExternalAccountKey_publicCaExternalAccountKeyExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"project":       acctest.GetTestProjectFromEnv(),
+		"random_suffix": RandString(t, 10),
+	}
+
+	VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccPublicCAExternalAccountKey_publicCaExternalAccountKeyExample(context),
+			},
+		},
+	})
+}
+
+func testAccPublicCAExternalAccountKey_publicCaExternalAccountKeyExample(context map[string]interface{}) string {
+	return tpgresource.Nprintf(`
+resource "google_public_ca_external_account_key" "prod" {
+  project = "%{project}"
+}
+`, context)
+}

google/services/publicca/resource_public_ca_external_account_key.go

@@ -0,0 +1,165 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package publicca
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
+)
+
+func ResourcePublicCAExternalAccountKey() *schema.Resource {
+	return &schema.Resource{
+		Create: resourcePublicCAExternalAccountKeyCreate,
+		Read:   resourcePublicCAExternalAccountKeyRead,
+		Delete: resourcePublicCAExternalAccountKeyDelete,
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(20 * time.Minute),
+			Delete: schema.DefaultTimeout(20 * time.Minute),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"location": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+				Description: `Location for the externalAccountKey. Currently only 'global' is supported.`,
+				Default:     "global",
+			},
+			"b64_mac_key": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Description: `Base64-URL-encoded HS256 key. It is generated by the PublicCertificateAuthorityService
+when the ExternalAccountKey is created.`,
+				Sensitive: true,
+			},
+			"key_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: `It is generated by the PublicCertificateAuthorityService when the ExternalAccountKey is created.`,
+				Sensitive:   true,
+			},
+			"name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: `Resource name. projects/{project}/locations/{location}/externalAccountKeys/{keyId}.`,
+			},
+			"project": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+		},
+		UseJSONNumber: true,
+	}
+}
+
+func resourcePublicCAExternalAccountKeyCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	obj := make(map[string]interface{})
+
+	url, err := tpgresource.ReplaceVars(d, config, "{{PublicCABasePath}}projects/{{project}}/locations/{{location}}/externalAccountKeys")
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Creating new ExternalAccountKey: %#v", obj)
+	billingProject := ""
+
+	project, err := tpgresource.GetProject(d, config)
+	if err != nil {
+		return fmt.Errorf("Error fetching project for ExternalAccountKey: %s", err)
+	}
+	billingProject = project
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "POST",
+		Project:   billingProject,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Body:      obj,
+		Timeout:   d.Timeout(schema.TimeoutCreate),
+	})
+	if err != nil {
+		return fmt.Errorf("Error creating ExternalAccountKey: %s", err)
+	}
+	if err := d.Set("name", flattenPublicCAExternalAccountKeyName(res["name"], d, config)); err != nil {
+		return fmt.Errorf(`Error setting computed identity field "name": %s`, err)
+	}
+	if err := d.Set("key_id", flattenPublicCAExternalAccountKeyKeyId(res["keyId"], d, config)); err != nil {
+		return fmt.Errorf(`Error setting computed identity field "key_id": %s`, err)
+	}
+	if err := d.Set("b64_mac_key", flattenPublicCAExternalAccountKeyB64MacKey(res["b64MacKey"], d, config)); err != nil {
+		return fmt.Errorf(`Error setting computed identity field "b64_mac_key": %s`, err)
+	}
+
+	// Store the ID now
+	id, err := tpgresource.ReplaceVars(d, config, "{{name}}")
+	if err != nil {
+		return fmt.Errorf("Error constructing id: %s", err)
+	}
+	d.SetId(id)
+
+	log.Printf("[DEBUG] Finished creating ExternalAccountKey %q: %#v", d.Id(), res)
+
+	return resourcePublicCAExternalAccountKeyRead(d, meta)
+}
+
+func resourcePublicCAExternalAccountKeyRead(d *schema.ResourceData, meta interface{}) error {
+	// This resource could not be read from the API.
+	return nil
+}
+
+func resourcePublicCAExternalAccountKeyDelete(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[WARNING] PublicCA ExternalAccountKey resources"+
+		" cannot be deleted from Google Cloud. The resource %s will be removed from Terraform"+
+		" state, but will still be present on Google Cloud.", d.Id())
+	d.SetId("")
+
+	return nil
+}
+
+func flattenPublicCAExternalAccountKeyName(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenPublicCAExternalAccountKeyKeyId(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenPublicCAExternalAccountKeyB64MacKey(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}

google/transport/config.go

@@ -252,6 +252,7 @@ type Config struct {
 	OSConfigBasePath                 string
 	OSLoginBasePath                  string
 	PrivatecaBasePath                string
+	PublicCABasePath                 string
 	PubsubBasePath                   string
 	PubsubLiteBasePath               string
 	RedisBasePath                    string
@@ -361,6 +362,7 @@ const NotebooksBasePathKey = "Notebooks"
 const OSConfigBasePathKey = "OSConfig"
 const OSLoginBasePathKey = "OSLogin"
 const PrivatecaBasePathKey = "Privateca"
+const PublicCABasePathKey = "PublicCA"
 const PubsubBasePathKey = "Pubsub"
 const PubsubLiteBasePathKey = "PubsubLite"
 const RedisBasePathKey = "Redis"
@@ -464,6 +466,7 @@ var DefaultBasePaths = map[string]string{
 	OSConfigBasePathKey:                 "https://osconfig.googleapis.com/v1/",
 	OSLoginBasePathKey:                  "https://oslogin.googleapis.com/v1/",
 	PrivatecaBasePathKey:                "https://privateca.googleapis.com/v1/",
+	PublicCABasePathKey:                 "https://publicca.googleapis.com/v1/",
 	PubsubBasePathKey:                   "https://pubsub.googleapis.com/v1/",
 	PubsubLiteBasePathKey:               "https://{{region}}-pubsublite.googleapis.com/v1/admin/",
 	RedisBasePathKey:                    "https://redis.googleapis.com/v1/",
@@ -910,6 +913,11 @@ func HandleSDKDefaults(d *schema.ResourceData) error {
 			"GOOGLE_PRIVATECA_CUSTOM_ENDPOINT",
 		}, DefaultBasePaths[PrivatecaBasePathKey]))
 	}
+	if d.Get("public_ca_custom_endpoint") == "" {
+		d.Set("public_ca_custom_endpoint", MultiEnvDefault([]string{
+			"GOOGLE_PUBLIC_CA_CUSTOM_ENDPOINT",
+		}, DefaultBasePaths[PublicCABasePathKey]))
+	}
 	if d.Get("pubsub_custom_endpoint") == "" {
 		d.Set("pubsub_custom_endpoint", MultiEnvDefault([]string{
 			"GOOGLE_PUBSUB_CUSTOM_ENDPOINT",
@@ -1910,6 +1918,7 @@ func ConfigureBasePaths(c *Config) {
 	c.OSConfigBasePath = DefaultBasePaths[OSConfigBasePathKey]
 	c.OSLoginBasePath = DefaultBasePaths[OSLoginBasePathKey]
 	c.PrivatecaBasePath = DefaultBasePaths[PrivatecaBasePathKey]
+	c.PublicCABasePath = DefaultBasePaths[PublicCABasePathKey]
 	c.PubsubBasePath = DefaultBasePaths[PubsubBasePathKey]
 	c.PubsubLiteBasePath = DefaultBasePaths[PubsubLiteBasePathKey]
 	c.RedisBasePath = DefaultBasePaths[RedisBasePathKey]