From 056aac182c2f9d48cc30cc1df41d69c0a044e59a Mon Sep 17 00:00:00 2001 From: The Magician Date: Thu, 13 Oct 2022 09:34:33 -0700 Subject: [PATCH] Add skip_grace_period to resource CertificateAuthority (#6686) (#12784) Signed-off-by: Modular Magician Signed-off-by: Modular Magician --- .changelog/6686.txt | 3 +++ google/resource_privateca_certificate_authority.go | 11 ++++++++++- ..._privateca_certificate_authority_generated_test.go | 4 ++-- .../resource_privateca_certificate_authority_test.go | 9 ++++++--- google/resource_privateca_certificate_test.go | 2 ++ .../r/privateca_certificate_authority.html.markdown | 7 +++++++ 6 files changed, 30 insertions(+), 6 deletions(-) create mode 100644 .changelog/6686.txt diff --git a/.changelog/6686.txt b/.changelog/6686.txt new file mode 100644 index 0000000000..483f8f7126 --- /dev/null +++ b/.changelog/6686.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +privateca: add a new field `skip_grace_period` to skip the grace period when deleting a CertificateAuthority. +``` diff --git a/google/resource_privateca_certificate_authority.go b/google/resource_privateca_certificate_authority.go index 855162fbf0..af175630c4 100644 --- a/google/resource_privateca_certificate_authority.go +++ b/google/resource_privateca_certificate_authority.go @@ -555,6 +555,15 @@ fractional digits, terminated by 's'. Example: "3.5s".`, Optional: true, Description: `The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.`, }, + "skip_grace_period": { + Type: schema.TypeBool, + Optional: true, + Description: `If this flag is set, the Certificate Authority will be deleted as soon as +possible without a 30-day grace period where undeletion would have been +allowed. If you proceed, there will be no way to recover this CA. +Use with care. Defaults to 'false'.`, + Default: false, + }, "subordinate_config": { Type: schema.TypeList, Optional: true, @@ -1063,7 +1072,7 @@ func resourcePrivatecaCertificateAuthorityDelete(d *schema.ResourceData, meta in } billingProject = project - url, err := replaceVars(d, config, "{{PrivatecaBasePath}}projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}?ignoreActiveCertificates={{ignore_active_certificates_on_deletion}}") + url, err := replaceVars(d, config, "{{PrivatecaBasePath}}projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}?ignoreActiveCertificates={{ignore_active_certificates_on_deletion}}&skipGracePeriod={{skip_grace_period}}") if err != nil { return err } diff --git a/google/resource_privateca_certificate_authority_generated_test.go b/google/resource_privateca_certificate_authority_generated_test.go index 1570760fc4..6a1ab82dfd 100644 --- a/google/resource_privateca_certificate_authority_generated_test.go +++ b/google/resource_privateca_certificate_authority_generated_test.go @@ -45,7 +45,7 @@ func TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityBasicExam ResourceName: "google_privateca_certificate_authority.default", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"pem_ca_certificate", "ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection"}, + ImportStateVerifyIgnore: []string{"pem_ca_certificate", "ignore_active_certificates_on_deletion", "skip_grace_period", "location", "certificate_authority_id", "pool", "deletion_protection"}, }, }, }) @@ -127,7 +127,7 @@ func TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordina ResourceName: "google_privateca_certificate_authority.default", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"pem_ca_certificate", "ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection"}, + ImportStateVerifyIgnore: []string{"pem_ca_certificate", "ignore_active_certificates_on_deletion", "skip_grace_period", "location", "certificate_authority_id", "pool", "deletion_protection"}, }, }, }) diff --git a/google/resource_privateca_certificate_authority_test.go b/google/resource_privateca_certificate_authority_test.go index 24c5f8fbdb..71bd3c0bb5 100644 --- a/google/resource_privateca_certificate_authority_test.go +++ b/google/resource_privateca_certificate_authority_test.go @@ -33,7 +33,7 @@ func TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityUpdate(t ResourceName: "google_privateca_certificate_authority.default", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection"}, + ImportStateVerifyIgnore: []string{"ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection", "skip_grace_period"}, }, { Config: testAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityEnd(context), @@ -42,7 +42,7 @@ func TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityUpdate(t ResourceName: "google_privateca_certificate_authority.default", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection"}, + ImportStateVerifyIgnore: []string{"ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection", "skip_grace_period"}, }, { Config: testAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityBasicRoot(context), @@ -51,7 +51,7 @@ func TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityUpdate(t ResourceName: "google_privateca_certificate_authority.default", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection"}, + ImportStateVerifyIgnore: []string{"ignore_active_certificates_on_deletion", "location", "certificate_authority_id", "pool", "deletion_protection", "skip_grace_period"}, }, }, }) @@ -128,6 +128,7 @@ resource "google_privateca_certificate_authority" "default" { certificate_authority_id = "tf-test-my-certificate-authority-%{random_suffix}" location = "%{pool_location}" deletion_protection = false + skip_grace_period = true config { subject_config { subject { @@ -181,6 +182,7 @@ resource "google_privateca_certificate_authority" "default" { certificate_authority_id = "tf-test-my-certificate-authority-%{random_suffix}" location = "%{pool_location}" deletion_protection = false + skip_grace_period = true config { subject_config { subject { @@ -238,6 +240,7 @@ resource "google_privateca_certificate_authority" "default" { location = "%{pool_location}" desired_state = "%{desired_state}" deletion_protection = false + skip_grace_period = true config { subject_config { subject { diff --git a/google/resource_privateca_certificate_test.go b/google/resource_privateca_certificate_test.go index 262dbab9b3..1712ee9220 100644 --- a/google/resource_privateca_certificate_test.go +++ b/google/resource_privateca_certificate_test.go @@ -61,6 +61,7 @@ resource "google_privateca_certificate_authority" "default" { certificate_authority_id = "tf-test-my-certificate-authority-%{random_suffix}" location = "%{pool_location}" deletion_protection = false + skip_grace_period = true config { subject_config { subject { @@ -139,6 +140,7 @@ resource "google_privateca_certificate_authority" "default" { certificate_authority_id = "tf-test-my-certificate-authority-%{random_suffix}" location = "%{pool_location}" deletion_protection = false + skip_grace_period = true config { subject_config { subject { diff --git a/website/docs/r/privateca_certificate_authority.html.markdown b/website/docs/r/privateca_certificate_authority.html.markdown index fbbba3169d..b83a0b7452 100644 --- a/website/docs/r/privateca_certificate_authority.html.markdown +++ b/website/docs/r/privateca_certificate_authority.html.markdown @@ -563,6 +563,13 @@ The following arguments are supported: This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs. Use with care. Defaults to `false`. +* `skip_grace_period` - + (Optional) + If this flag is set, the Certificate Authority will be deleted as soon as + possible without a 30-day grace period where undeletion would have been + allowed. If you proceed, there will be no way to recover this CA. + Use with care. Defaults to `false`. + * `type` - (Optional) The Type of this CertificateAuthority.