Skip to content
This repository has been archived by the owner on Nov 27, 2024. It is now read-only.

Private CA - Create expander for X509Config #421

Merged
merged 1 commit into from
Dec 8, 2021
Merged

Private CA - Create expander for X509Config #421

merged 1 commit into from
Dec 8, 2021

Conversation

modular-magician
Copy link
Contributor

In order to handle the case of optional primitive fields, I've added virtual fields to allow the expander to distinguish between an unset primitive and a primitive set to the default value.

Fixes hashicorp/terraform-provider-google#10108

Fixes hashicorp/terraform-provider-google#10239

If this PR is for Terraform, I acknowledge that I have:

  • Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
  • Generated Terraform, and ran make test and make lint to ensure it passes unit and linter tests.
  • Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
  • Ran relevant acceptance tests (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
  • Read the Release Notes Guide before writing my release note below.

Release Note Template for Downstream PRs (will be copied)

privateca: added support for setting default values for basic constraints for `google_privateca_certificate`, `google_privateca_certificate_authority`, and `google_privateca_ca_pool` via the `non_ca` and `zero_max_issuer_path_length` fields

Derived from GoogleCloudPlatform/magic-modules#5368

@modular-magician @gfxcc
Private CA - Create expander for X509Config (#5368)
1db4529 
* Create custom expander for X509Config

In order to handle the case of optional primitive fields, I've
added virtual fields to allow the expander to distinguish
between an unset primitive and a primitive set to the default
value.

Since some Private CA resources do not support updates, I also
added support for setting ForceNew in the terraform config.

* Add error handling for expansion

This prevents incompatiable configs that set the allow* booleans
without setting basic constraints, and vice versa.

* Change virtual field names, and  other feedback

* Update examples with virtual fields

* Use url_param_only instead of virtual field.

* Handle CertificateAuthority resource which does not have field include_is_ca

* Fix format issue

* * Update description for fields `include_is_ca`
`include_max_issuer_path_path` to reflect its current functionality
* Add field `include_is_ca` to CertificateAuthority to avoding checking
the existence of this field in flattener.
* Update examples with new fields like `include_is_ca`, `include_max_issuer_path_length`.

* Update description; Add test cases for CaOption

* fix a typo

* remove include_x from template resource

* Update semantic meaning for newly added fields to avoid breaking
changes.

* User `nonCa`, `zeroMaxIssuerPathLength` instead of `includeIsCa`
`includeMaxIssuerPathLength`
* Update test cases.

* Create custom expander for X509Config

In order to handle the case of optional primitive fields, I've
added virtual fields to allow the expander to distinguish
between an unset primitive and a primitive set to the default
value.

Since some Private CA resources do not support updates, I also
added support for setting ForceNew in the terraform config.

* Add error handling for expansion

This prevents incompatiable configs that set the allow* booleans
without setting basic constraints, and vice versa.

* Change virtual field names, and  other feedback

* Update examples with virtual fields

* Use url_param_only instead of virtual field.

* Handle CertificateAuthority resource which does not have field include_is_ca

* Fix format issue

* * Update description for fields `include_is_ca`
`include_max_issuer_path_path` to reflect its current functionality
* Add field `include_is_ca` to CertificateAuthority to avoding checking
the existence of this field in flattener.
* Update examples with new fields like `include_is_ca`, `include_max_issuer_path_length`.

* Update description; Add test cases for CaOption

* fix a typo

* remove include_x from template resource

* Update semantic meaning for newly added fields to avoid breaking
changes.

* User `nonCa`, `zeroMaxIssuerPathLength` instead of `includeIsCa`
`includeMaxIssuerPathLength`
* Update test cases.

* Update doc-string for fields in CaOptions

Co-authored-by: Yong Cao <[email protected]>
Signed-off-by: Modular Magician <[email protected]>
@modular-magician modular-magician merged commit b1b5887 into GoogleCloudPlatform:main Dec 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@modular-magician