From b8e88bb20c799411b7b94fc453d5fe505a126044 Mon Sep 17 00:00:00 2001 From: Hamza Hassan Date: Fri, 23 Feb 2024 08:32:49 +0000 Subject: [PATCH 1/6] Add type field to DNS authorization reosurce --- .../certificatemanager/DnsAuthorization.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/mmv1/products/certificatemanager/DnsAuthorization.yaml b/mmv1/products/certificatemanager/DnsAuthorization.yaml index 33cd7604ed80..6476e29226c5 100644 --- a/mmv1/products/certificatemanager/DnsAuthorization.yaml +++ b/mmv1/products/certificatemanager/DnsAuthorization.yaml @@ -84,6 +84,22 @@ properties: A domain which is being authorized. A DnsAuthorization resource covers a single domain and its wildcard, e.g. authorization for "example.com" can be used to issue certificates for "example.com" and "*.example.com". + - !ruby/object:Api::Type::Enum + name: type + description: | + type of DNS authorization. If unset during the resource creation, FIXED_RECORD will + be used for global resources, and PER_PROJECT_RECORD will be used for other locations. + + FIXED_RECORD DNS authorization uses DNS-01 validation method + + PER_PROJECT_RECORD DNS authorization allows for independent management + of Google-managed certificates with DNS authorization across multiple + projects. + immutable: true + values: + - :FIXED_RECORD + - :PER_RPOJECT_REOCRD + default_from_api: true - !ruby/object:Api::Type::NestedObject name: 'dnsResourceRecord' output: true From 59accc49fdc0c5344ca022d8e440ea4412676dd1 Mon Sep 17 00:00:00 2001 From: Hamza Hassan Date: Fri, 23 Feb 2024 08:58:01 +0000 Subject: [PATCH 2/6] Add an example for regional DNS authorization --- mmv1/products/certificatemanager/DnsAuthorization.yaml | 7 +++++++ .../certificate_manager_dns_authorization_regional.tf.erb | 6 ++++++ 2 files changed, 13 insertions(+) create mode 100644 mmv1/templates/terraform/examples/certificate_manager_dns_authorization_regional.tf.erb diff --git a/mmv1/products/certificatemanager/DnsAuthorization.yaml b/mmv1/products/certificatemanager/DnsAuthorization.yaml index 6476e29226c5..495726a18082 100644 --- a/mmv1/products/certificatemanager/DnsAuthorization.yaml +++ b/mmv1/products/certificatemanager/DnsAuthorization.yaml @@ -50,6 +50,13 @@ examples: dns_auth_name: 'dns-auth' zone_name: 'my-zone' subdomain: 'subdomain' + - !ruby/object:Provider::Terraform::Examples + name: 'certificate_manager_dns_authorization_regional' + primary_resource_id: 'default' + vars: + dns_auth_name: 'dns-auth' + zone_name: 'my-zone' + subdomain: 'subdomain' parameters: - !ruby/object:Api::Type::String name: 'name' diff --git a/mmv1/templates/terraform/examples/certificate_manager_dns_authorization_regional.tf.erb b/mmv1/templates/terraform/examples/certificate_manager_dns_authorization_regional.tf.erb new file mode 100644 index 000000000000..10d91869c76d --- /dev/null +++ b/mmv1/templates/terraform/examples/certificate_manager_dns_authorization_regional.tf.erb @@ -0,0 +1,6 @@ +resource "google_certificate_manager_dns_authorization" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['dns_auth_name'] %>" + location = "us-central1" + description = "reginal dns" + domain = "<%= ctx[:vars]['subdomain'] %>.hashicorptest.com" +} \ No newline at end of file From dfc1a685d6eff26dc4ae8abbfaff2df61ab46ec0 Mon Sep 17 00:00:00 2001 From: Hamza Hassan Date: Fri, 23 Feb 2024 09:13:14 +0000 Subject: [PATCH 3/6] Add an example for regional certs using regional DNS auth --- .../certificatemanager/Certificate.yaml | 7 +++++++ ...naged_regional_certificate_dns_auth.tf.erb | 19 +++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 mmv1/templates/terraform/examples/certificate_manager_google_managed_regional_certificate_dns_auth.tf.erb diff --git a/mmv1/products/certificatemanager/Certificate.yaml b/mmv1/products/certificatemanager/Certificate.yaml index d6cc703156cb..119379747fd0 100644 --- a/mmv1/products/certificatemanager/Certificate.yaml +++ b/mmv1/products/certificatemanager/Certificate.yaml @@ -88,6 +88,13 @@ examples: dns_auth_name2: 'dns-auth2' dns_auth_subdomain2: 'subdomain2' cert_name: 'dns-cert' + - !ruby/object:Provider::Terraform::Examples + name: 'certificate_manager_google_managed_regional_certificate_dns_auth' + primary_resource_id: 'default' + vars: + dns_auth_name: 'dns-auth' + dns_auth_subdomain: 'subdomain' + cert_name: 'dns-cert' custom_code: !ruby/object:Provider::Terraform::CustomCode constants: templates/terraform/constants/cert_manager.erb parameters: diff --git a/mmv1/templates/terraform/examples/certificate_manager_google_managed_regional_certificate_dns_auth.tf.erb b/mmv1/templates/terraform/examples/certificate_manager_google_managed_regional_certificate_dns_auth.tf.erb new file mode 100644 index 000000000000..83dac4efb938 --- /dev/null +++ b/mmv1/templates/terraform/examples/certificate_manager_google_managed_regional_certificate_dns_auth.tf.erb @@ -0,0 +1,19 @@ +resource "google_certificate_manager_certificate" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['cert_name'] %>" + description = "regional managed certs" + location = "us-central1" + managed { + domains = [ + google_certificate_manager_dns_authorization.instance.domain, + ] + dns_authorizations = [ + google_certificate_manager_dns_authorization.instance.id, + ] + } +} +resource "google_certificate_manager_dns_authorization" "instance" { + name = "<%= ctx[:vars]['dns_auth_name'] %>" + location = "us-central1" + description = "The default dnss" + domain = "<%= ctx[:vars]['dns_auth_subdomain'] %>.hashicorptest.com" +} \ No newline at end of file From a9320ac817dc7df4b4a33ce6d0e62d48e740b1cc Mon Sep 17 00:00:00 2001 From: Hamza Hassan Date: Mon, 26 Feb 2024 07:56:50 +0000 Subject: [PATCH 4/6] Fix lint errors --- mmv1/products/certificatemanager/DnsAuthorization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mmv1/products/certificatemanager/DnsAuthorization.yaml b/mmv1/products/certificatemanager/DnsAuthorization.yaml index 495726a18082..f2c96bf43c36 100644 --- a/mmv1/products/certificatemanager/DnsAuthorization.yaml +++ b/mmv1/products/certificatemanager/DnsAuthorization.yaml @@ -104,8 +104,8 @@ properties: projects. immutable: true values: - - :FIXED_RECORD - - :PER_RPOJECT_REOCRD + - :FIXED_RECORD + - :PER_RPOJECT_REOCRD default_from_api: true - !ruby/object:Api::Type::NestedObject name: 'dnsResourceRecord' From f5e6cd9bcaeb28ffced6569e061121793eca459a Mon Sep 17 00:00:00 2001 From: Hamza Hassan Date: Tue, 27 Feb 2024 19:23:51 +0000 Subject: [PATCH 5/6] Fix typo in the enum values --- mmv1/products/certificatemanager/DnsAuthorization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/products/certificatemanager/DnsAuthorization.yaml b/mmv1/products/certificatemanager/DnsAuthorization.yaml index f2c96bf43c36..92e1acdd3494 100644 --- a/mmv1/products/certificatemanager/DnsAuthorization.yaml +++ b/mmv1/products/certificatemanager/DnsAuthorization.yaml @@ -105,7 +105,7 @@ properties: immutable: true values: - :FIXED_RECORD - - :PER_RPOJECT_REOCRD + - :PER_PROJECT_RECORD default_from_api: true - !ruby/object:Api::Type::NestedObject name: 'dnsResourceRecord' From 3a538e3b655be99a74411f03daa07ab5bd2802a6 Mon Sep 17 00:00:00 2001 From: Hamza Hassan Date: Tue, 27 Feb 2024 19:28:34 +0000 Subject: [PATCH 6/6] Add type field in regional dns auth example --- .../certificate_manager_dns_authorization_regional.tf.erb | 1 + ..._manager_google_managed_regional_certificate_dns_auth.tf.erb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/mmv1/templates/terraform/examples/certificate_manager_dns_authorization_regional.tf.erb b/mmv1/templates/terraform/examples/certificate_manager_dns_authorization_regional.tf.erb index 10d91869c76d..21df9b21c914 100644 --- a/mmv1/templates/terraform/examples/certificate_manager_dns_authorization_regional.tf.erb +++ b/mmv1/templates/terraform/examples/certificate_manager_dns_authorization_regional.tf.erb @@ -2,5 +2,6 @@ resource "google_certificate_manager_dns_authorization" "<%= ctx[:primary_resour name = "<%= ctx[:vars]['dns_auth_name'] %>" location = "us-central1" description = "reginal dns" + type = "PER_PROJECT_RECORD" domain = "<%= ctx[:vars]['subdomain'] %>.hashicorptest.com" } \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/certificate_manager_google_managed_regional_certificate_dns_auth.tf.erb b/mmv1/templates/terraform/examples/certificate_manager_google_managed_regional_certificate_dns_auth.tf.erb index 83dac4efb938..f49a6cf70d8f 100644 --- a/mmv1/templates/terraform/examples/certificate_manager_google_managed_regional_certificate_dns_auth.tf.erb +++ b/mmv1/templates/terraform/examples/certificate_manager_google_managed_regional_certificate_dns_auth.tf.erb @@ -13,7 +13,7 @@ resource "google_certificate_manager_certificate" "<%= ctx[:primary_resource_id] } resource "google_certificate_manager_dns_authorization" "instance" { name = "<%= ctx[:vars]['dns_auth_name'] %>" - location = "us-central1" + location = "us-central1" description = "The default dnss" domain = "<%= ctx[:vars]['dns_auth_subdomain'] %>.hashicorptest.com" } \ No newline at end of file