feat: support a new field server_ca_pool of Cloud SQL instances (GoogleCloudPlatform#12623)

Author: feng-zhe

mmv1/third_party/terraform/services/sql/resource_sql_database_instance.go.tmpl

@@ -81,6 +81,7 @@ var (
 		"settings.0.ip_configuration.0.psc_config",
 		"settings.0.ip_configuration.0.ssl_mode",
 		"settings.0.ip_configuration.0.server_ca_mode",
+		"settings.0.ip_configuration.0.server_ca_pool",
 	}
 
 	maintenanceWindowKeys = []string{
@@ -519,12 +520,18 @@ is set to true. Defaults to ZONAL.`,
 										Description:  `Specify how SSL connection should be enforced in DB connections.`,
 										AtLeastOneOf: ipConfigurationKeys,
 									},
-                                                                        "server_ca_mode": {
-                                                                                Type:         schema.TypeString,
-                                                                                Optional:     true,
-                                                                                Computed:     true,
-                                                                                ValidateFunc: validation.StringInSlice([]string{"CA_MODE_UNSPECIFIED", "GOOGLE_MANAGED_INTERNAL_CA", "GOOGLE_MANAGED_CAS_CA"}, false),
-                                                                                Description:  `Specify how the server certificate's Certificate Authority is hosted.`,
+									"server_ca_mode": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										Computed:     true,
+										ValidateFunc: validation.StringInSlice([]string{"CA_MODE_UNSPECIFIED", "GOOGLE_MANAGED_INTERNAL_CA", "GOOGLE_MANAGED_CAS_CA", "CUSTOMER_MANAGED_CAS_CA"}, false),
+										Description:  `Specify how the server certificate's Certificate Authority is hosted.`,
+										AtLeastOneOf: ipConfigurationKeys,
+									},
+									"server_ca_pool": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										Description:  `The resource name of the server CA pool for an instance with "CUSTOMER_MANAGED_CAS_CA" as the "server_ca_mode".`,
 										AtLeastOneOf: ipConfigurationKeys,
 									},
 								},
@@ -1453,6 +1460,7 @@ func expandIpConfiguration(configured []interface{}, databaseVersion string) *sq
 		PscConfig:                               expandPscConfig(_ipConfiguration["psc_config"].(*schema.Set).List()),
 		SslMode:                                 _ipConfiguration["ssl_mode"].(string),
 		ServerCaMode:                            _ipConfiguration["server_ca_mode"].(string),
+		ServerCaPool:                            _ipConfiguration["server_ca_pool"].(string),
 	}
 }
 
@@ -2377,6 +2385,7 @@ func flattenIpConfiguration(ipConfiguration *sqladmin.IpConfiguration, d *schema
 		"enable_private_path_for_google_cloud_services": ipConfiguration.EnablePrivatePathForGoogleCloudServices,
 		"ssl_mode":                                      ipConfiguration.SslMode,
 		"server_ca_mode":                                ipConfiguration.ServerCaMode,
+		"server_ca_pool":                                ipConfiguration.ServerCaPool,
 	}
 
 	if ipConfiguration.AuthorizedNetworks != nil {

mmv1/third_party/terraform/services/sql/resource_sql_database_instance_test.go

@@ -2663,7 +2663,10 @@ func TestAccSqlDatabaseInstance_useInternalCaByDefault(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: fmt.Sprintf(testGoogleSqlDatabaseInstance_basic3, databaseName),
-				Check:  resource.ComposeTestCheckFunc(resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_mode", "GOOGLE_MANAGED_INTERNAL_CA")),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_mode", "GOOGLE_MANAGED_INTERNAL_CA"),
+					resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_pool", ""),
+				),
 			},
 			{
 				ResourceName:            resourceName,
@@ -2689,7 +2692,10 @@ func TestAccSqlDatabaseInstance_useCasBasedServerCa(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testGoogleSqlDatabaseInstance_setCasServerCa(databaseName, "GOOGLE_MANAGED_CAS_CA"),
-				Check:  resource.ComposeTestCheckFunc(resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_mode", "GOOGLE_MANAGED_CAS_CA")),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_mode", "GOOGLE_MANAGED_CAS_CA"),
+					resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_pool", ""),
+				),
 			},
 			{
 				ResourceName:            resourceName,

mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown

@@ -411,6 +411,8 @@ This setting can be updated, but it cannot be removed after it is set.
 
 * `server_ca_mode` - (Optional) Specify how the server certificate's Certificate Authority is hosted. Supported values are `GOOGLE_MANAGED_INTERNAL_CA` and `GOOGLE_MANAGED_CAS_CA`.
 
+* `server_ca_pool` - (Optional) The resource name of the server CA pool for an instance with `CUSTOMER_MANAGED_CAS_CA` as the `server_ca_mode`.
+
 * `allocated_ip_range` - (Optional) The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.
 
 * `enable_private_path_for_google_cloud_services` - (Optional) Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported.