update certificate example to use generated key (#8451) (#15332)

modular-magician · web-flow · commit c356ff799487 · 2023-07-28T11:14:16.000-07:00
Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/8451.txt b/.changelog/8451.txt
@@ -0,0 +1,3 @@
+```release-note: none
+
+```
diff --git a/google/resource_privateca_certificate_generated_test.go b/google/resource_privateca_certificate_generated_test.go
@@ -59,6 +59,7 @@ func TestAccPrivatecaCertificate_privatecaCertificateConfigExample(t *testing.T)
 
 func testAccPrivatecaCertificate_privatecaCertificateConfigExample(context map[string]interface{}) string {
 	return acctest.Nprintf(`
+
 resource "google_privateca_ca_pool" "default" {
   location = "us-central1"
   name = "tf-test-my-pool%{random_suffix}"
diff --git a/website/docs/r/privateca_certificate.html.markdown b/website/docs/r/privateca_certificate.html.markdown
@@ -27,13 +27,13 @@ A Certificate corresponds to a signed X.509 certificate issued by a Certificate.
 
 
 
-## Example Usage - Privateca Certificate Config
+## Example Usage - Privateca Certificate Generated Key
 
 
 ```hcl
 resource "google_privateca_ca_pool" "default" {
   location = "us-central1"
-  name = "my-pool"
+  name = "default"
   tier = "ENTERPRISE"
 }
 
@@ -76,12 +76,16 @@ resource "google_privateca_certificate_authority" "default" {
   ignore_active_certificates_on_deletion = true
 }
 
+resource "tls_private_key" "cert_key" {
+  algorithm = "RSA"
+}
+
 resource "google_privateca_certificate" "default" {
   location = "us-central1"
   pool = google_privateca_ca_pool.default.name
   certificate_authority = google_privateca_certificate_authority.default.certificate_authority_id
   lifetime = "86000s"
-  name = "my-certificate"
+  name = "cert-1"
   config {
     subject_config  {
       subject {
@@ -105,8 +109,8 @@ resource "google_privateca_certificate" "default" {
       }
       key_usage {
         base_key_usage {
-          crl_sign = false
-          decipher_only = false
+          cert_sign = true
+          crl_sign = true
         }
         extended_key_usage {
           server_auth = false
@@ -126,7 +130,7 @@ resource "google_privateca_certificate" "default" {
     }
     public_key {
       format = "PEM"
-      key = filebase64("test-fixtures/rsa_public.pem")
+      key = base64encode(tls_private_key.cert_key.public_key_pem)
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -27,13 +27,13 @@ A Certificate corresponds to a signed X.509 certificate issued by a Certificate.`
`27`	`27`
`28`	`28`
`29`	`29`
`30`		`-## Example Usage - Privateca Certificate Config`
	`30`	`+## Example Usage - Privateca Certificate Generated Key`
`31`	`31`
`32`	`32`
`33`	`33`	```hcl
`34`	`34`	`resource "google_privateca_ca_pool" "default" {`
`35`	`35`	`location = "us-central1"`
`36`		`- name = "my-pool"`
	`36`	`+ name = "default"`
`37`	`37`	`tier = "ENTERPRISE"`
`38`	`38`	`}`
`39`	`39`
`@@ -76,12 +76,16 @@ resource "google_privateca_certificate_authority" "default" {`
`76`	`76`	`ignore_active_certificates_on_deletion = true`
`77`	`77`	`}`
`78`	`78`
	`79`	`+resource "tls_private_key" "cert_key" {`
	`80`	`+ algorithm = "RSA"`
	`81`	`+}`
	`82`	`+`
`79`	`83`	`resource "google_privateca_certificate" "default" {`
`80`	`84`	`location = "us-central1"`
`81`	`85`	`pool = google_privateca_ca_pool.default.name`
`82`	`86`	`certificate_authority = google_privateca_certificate_authority.default.certificate_authority_id`
`83`	`87`	`lifetime = "86000s"`
`84`		`- name = "my-certificate"`
	`88`	`+ name = "cert-1"`
`85`	`89`	`config {`
`86`	`90`	`subject_config {`
`87`	`91`	`subject {`
`@@ -105,8 +109,8 @@ resource "google_privateca_certificate" "default" {`
`105`	`109`	`}`
`106`	`110`	`key_usage {`
`107`	`111`	`base_key_usage {`
`108`		`- crl_sign = false`
`109`		`- decipher_only = false`
	`112`	`+ cert_sign = true`
	`113`	`+ crl_sign = true`
`110`	`114`	`}`
`111`	`115`	`extended_key_usage {`
`112`	`116`	`server_auth = false`
`@@ -126,7 +130,7 @@ resource "google_privateca_certificate" "default" {`
`126`	`130`	`}`
`127`	`131`	`public_key {`
`128`	`132`	`format = "PEM"`
`129`		`- key = filebase64("test-fixtures/rsa_public.pem")`
	`133`	`+ key = base64encode(tls_private_key.cert_key.public_key_pem)`
`130`	`134`	`}`
`131`	`135`	`}`
`132`	`136`	`}`