diff --git a/mmv1/third_party/terraform/services/sql/resource_sql_database_instance.go.tmpl b/mmv1/third_party/terraform/services/sql/resource_sql_database_instance.go.tmpl index ab9136fcd550..1ce97cf50157 100644 --- a/mmv1/third_party/terraform/services/sql/resource_sql_database_instance.go.tmpl +++ b/mmv1/third_party/terraform/services/sql/resource_sql_database_instance.go.tmpl @@ -81,6 +81,7 @@ var ( "settings.0.ip_configuration.0.psc_config", "settings.0.ip_configuration.0.ssl_mode", "settings.0.ip_configuration.0.server_ca_mode", + "settings.0.ip_configuration.0.server_ca_pool", } maintenanceWindowKeys = []string{ @@ -519,12 +520,18 @@ is set to true. Defaults to ZONAL.`, Description: `Specify how SSL connection should be enforced in DB connections.`, AtLeastOneOf: ipConfigurationKeys, }, - "server_ca_mode": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ValidateFunc: validation.StringInSlice([]string{"CA_MODE_UNSPECIFIED", "GOOGLE_MANAGED_INTERNAL_CA", "GOOGLE_MANAGED_CAS_CA"}, false), - Description: `Specify how the server certificate's Certificate Authority is hosted.`, + "server_ca_mode": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.StringInSlice([]string{"CA_MODE_UNSPECIFIED", "GOOGLE_MANAGED_INTERNAL_CA", "GOOGLE_MANAGED_CAS_CA", "CUSTOMER_MANAGED_CAS_CA"}, false), + Description: `Specify how the server certificate's Certificate Authority is hosted.`, + AtLeastOneOf: ipConfigurationKeys, + }, + "server_ca_pool": { + Type: schema.TypeString, + Optional: true, + Description: `The resource name of the server CA pool for an instance with "CUSTOMER_MANAGED_CAS_CA" as the "server_ca_mode".`, AtLeastOneOf: ipConfigurationKeys, }, }, @@ -1453,6 +1460,7 @@ func expandIpConfiguration(configured []interface{}, databaseVersion string) *sq PscConfig: expandPscConfig(_ipConfiguration["psc_config"].(*schema.Set).List()), SslMode: _ipConfiguration["ssl_mode"].(string), ServerCaMode: _ipConfiguration["server_ca_mode"].(string), + ServerCaPool: _ipConfiguration["server_ca_pool"].(string), } } @@ -2377,6 +2385,7 @@ func flattenIpConfiguration(ipConfiguration *sqladmin.IpConfiguration, d *schema "enable_private_path_for_google_cloud_services": ipConfiguration.EnablePrivatePathForGoogleCloudServices, "ssl_mode": ipConfiguration.SslMode, "server_ca_mode": ipConfiguration.ServerCaMode, + "server_ca_pool": ipConfiguration.ServerCaPool, } if ipConfiguration.AuthorizedNetworks != nil { diff --git a/mmv1/third_party/terraform/services/sql/resource_sql_database_instance_test.go b/mmv1/third_party/terraform/services/sql/resource_sql_database_instance_test.go index b7c0bdc93657..52e84b781316 100644 --- a/mmv1/third_party/terraform/services/sql/resource_sql_database_instance_test.go +++ b/mmv1/third_party/terraform/services/sql/resource_sql_database_instance_test.go @@ -2663,7 +2663,10 @@ func TestAccSqlDatabaseInstance_useInternalCaByDefault(t *testing.T) { Steps: []resource.TestStep{ { Config: fmt.Sprintf(testGoogleSqlDatabaseInstance_basic3, databaseName), - Check: resource.ComposeTestCheckFunc(resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_mode", "GOOGLE_MANAGED_INTERNAL_CA")), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_mode", "GOOGLE_MANAGED_INTERNAL_CA"), + resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_pool", ""), + ), }, { ResourceName: resourceName, @@ -2689,7 +2692,10 @@ func TestAccSqlDatabaseInstance_useCasBasedServerCa(t *testing.T) { Steps: []resource.TestStep{ { Config: testGoogleSqlDatabaseInstance_setCasServerCa(databaseName, "GOOGLE_MANAGED_CAS_CA"), - Check: resource.ComposeTestCheckFunc(resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_mode", "GOOGLE_MANAGED_CAS_CA")), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_mode", "GOOGLE_MANAGED_CAS_CA"), + resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_pool", ""), + ), }, { ResourceName: resourceName, diff --git a/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown b/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown index f8612cf5ef24..6f6e2e668bd3 100644 --- a/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown +++ b/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown @@ -411,6 +411,8 @@ This setting can be updated, but it cannot be removed after it is set. * `server_ca_mode` - (Optional) Specify how the server certificate's Certificate Authority is hosted. Supported values are `GOOGLE_MANAGED_INTERNAL_CA` and `GOOGLE_MANAGED_CAS_CA`. +* `server_ca_pool` - (Optional) The resource name of the server CA pool for an instance with `CUSTOMER_MANAGED_CAS_CA` as the `server_ca_mode`. + * `allocated_ip_range` - (Optional) The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. * `enable_private_path_for_google_cloud_services` - (Optional) Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported.