Add skip_grace_period to resource CertificateAuthority (#6686) (#12784)

Signed-off-by: Modular Magician <magic-modules@google.com> Signed-off-by: Modular Magician <magic-modules@google.com>
hashicorp · Oct 13, 2022 · 056aac1 · 056aac1
1 parent 4127ef2
commit 056aac1
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 6 deletions.
diff --git a/.changelog/6686.txt b/.changelog/6686.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+privateca: add a new field `skip_grace_period` to skip the grace period when deleting a CertificateAuthority.
+```
diff --git a/google/resource_privateca_certificate_authority.go b/google/resource_privateca_certificate_authority.go
@@ -555,6 +555,15 @@ fractional digits, terminated by 's'. Example: "3.5s".`,
 				Optional:    true,
 				Description: `The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.`,
 			},
+			"skip_grace_period": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Description: `If this flag is set, the Certificate Authority will be deleted as soon as
+possible without a 30-day grace period where undeletion would have been
+allowed. If you proceed, there will be no way to recover this CA.
+Use with care. Defaults to 'false'.`,
+				Default: false,
+			},
 			"subordinate_config": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -1063,7 +1072,7 @@ func resourcePrivatecaCertificateAuthorityDelete(d *schema.ResourceData, meta in
 	}
 	billingProject = project
 
-	url, err := replaceVars(d, config, "{{PrivatecaBasePath}}projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}?ignoreActiveCertificates={{ignore_active_certificates_on_deletion}}")
+	url, err := replaceVars(d, config, "{{PrivatecaBasePath}}projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}?ignoreActiveCertificates={{ignore_active_certificates_on_deletion}}&skipGracePeriod={{skip_grace_period}}")
 	if err != nil {
 		return err
 	}

diff --git a/google/resource_privateca_certificate_authority_generated_test.go b/google/resource_privateca_certificate_authority_generated_test.go
@@ -45,7 +45,7 @@ func TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityBasicExam
 				ResourceName:            "google_privateca_certificate_authority.default",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"pem_ca_certificate", "ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection"},
+				ImportStateVerifyIgnore: []string{"pem_ca_certificate", "ignore_active_certificates_on_deletion", "skip_grace_period", "location", "certificate_authority_id", "pool", "deletion_protection"},
 			},
 		},
 	})
@@ -127,7 +127,7 @@ func TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordina
 				ResourceName:            "google_privateca_certificate_authority.default",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"pem_ca_certificate", "ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection"},
+				ImportStateVerifyIgnore: []string{"pem_ca_certificate", "ignore_active_certificates_on_deletion", "skip_grace_period", "location", "certificate_authority_id", "pool", "deletion_protection"},
 			},
 		},
 	})

diff --git a/google/resource_privateca_certificate_authority_test.go b/google/resource_privateca_certificate_authority_test.go
@@ -33,7 +33,7 @@ func TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityUpdate(t
 				ResourceName:            "google_privateca_certificate_authority.default",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection"},
+				ImportStateVerifyIgnore: []string{"ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection", "skip_grace_period"},
 			},
 			{
 				Config: testAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityEnd(context),
@@ -42,7 +42,7 @@ func TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityUpdate(t
 				ResourceName:            "google_privateca_certificate_authority.default",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection"},
+				ImportStateVerifyIgnore: []string{"ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection", "skip_grace_period"},
 			},
 			{
 				Config: testAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityBasicRoot(context),
@@ -51,7 +51,7 @@ func TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityUpdate(t
 				ResourceName:            "google_privateca_certificate_authority.default",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection"},
+				ImportStateVerifyIgnore: []string{"ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection", "skip_grace_period"},
 			},
 		},
 	})
@@ -128,6 +128,7 @@ resource "google_privateca_certificate_authority" "default" {
 	certificate_authority_id = "tf-test-my-certificate-authority-%{random_suffix}"
 	location = "%{pool_location}"
 	deletion_protection = false
+	skip_grace_period = true
 	config {
 		subject_config {
 		subject {
@@ -181,6 +182,7 @@ resource "google_privateca_certificate_authority" "default" {
 	certificate_authority_id = "tf-test-my-certificate-authority-%{random_suffix}"
 	location = "%{pool_location}"
 	deletion_protection = false
+	skip_grace_period = true
 	config {
 		subject_config {
 		subject {
@@ -238,6 +240,7 @@ resource "google_privateca_certificate_authority" "default" {
 	location = "%{pool_location}"
 	desired_state = "%{desired_state}"
 	deletion_protection = false
+	skip_grace_period = true
 	config {
 		subject_config {
 		subject {

diff --git a/google/resource_privateca_certificate_test.go b/google/resource_privateca_certificate_test.go
@@ -61,6 +61,7 @@ resource "google_privateca_certificate_authority" "default" {
 	certificate_authority_id = "tf-test-my-certificate-authority-%{random_suffix}"
 	location = "%{pool_location}"
 	deletion_protection = false
+	skip_grace_period = true
 	config {
 		subject_config {
 			subject {
@@ -139,6 +140,7 @@ resource "google_privateca_certificate_authority" "default" {
 	certificate_authority_id = "tf-test-my-certificate-authority-%{random_suffix}"
 	location = "%{pool_location}"
 	deletion_protection = false
+	skip_grace_period = true
 	config {
 		subject_config {
 			subject {

diff --git a/website/docs/r/privateca_certificate_authority.html.markdown b/website/docs/r/privateca_certificate_authority.html.markdown
@@ -563,6 +563,13 @@ The following arguments are supported:
   This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.
   Use with care. Defaults to `false`.
 
+* `skip_grace_period` -
+  (Optional)
+  If this flag is set, the Certificate Authority will be deleted as soon as
+  possible without a 30-day grace period where undeletion would have been
+  allowed. If you proceed, there will be no way to recover this CA.
+  Use with care. Defaults to `false`.
+
 * `type` -
   (Optional)
   The Type of this CertificateAuthority.