Added certificate-manager module (#2387)

tests/modules/certificate_manager/examples/map-with-managed-cert-ca-service.yaml

@@ -0,0 +1,142 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_privateca_ca_pool.pool:
+    issuance_policy: []
+    labels: null
+    location: us-central1
+    name: ca-pool
+    project: project-id
+    publishing_options: []
+    tier: ENTERPRISE
+    timeouts: null
+  google_privateca_certificate_authority.ca_authority:
+    certificate_authority_id: ca-authority
+    config:
+    - subject_config:
+      - subject:
+        - common_name: my-company-authority
+          country_code: null
+          locality: null
+          organization: My Company
+          organizational_unit: null
+          postal_code: null
+          province: null
+          street_address: null
+        subject_alt_name:
+        - dns_names:
+          - mycompany.org
+          email_addresses: null
+          ip_addresses: null
+          uris: null
+      subject_key_id: []
+      x509_config:
+      - additional_extensions: []
+        aia_ocsp_servers: null
+        ca_options:
+        - is_ca: true
+          max_issuer_path_length: null
+          non_ca: null
+          zero_max_issuer_path_length: null
+        key_usage:
+        - base_key_usage:
+          - cert_sign: true
+            content_commitment: null
+            crl_sign: true
+            data_encipherment: null
+            decipher_only: null
+            digital_signature: null
+            encipher_only: null
+            key_agreement: null
+            key_encipherment: null
+          extended_key_usage:
+          - client_auth: null
+            code_signing: null
+            email_protection: null
+            ocsp_signing: null
+            server_auth: true
+            time_stamping: null
+          unknown_extended_key_usages: []
+        name_constraints: []
+        policy_ids: []
+    deletion_protection: false
+    desired_state: null
+    gcs_bucket: null
+    ignore_active_certificates_on_deletion: true
+    key_spec:
+    - algorithm: RSA_PKCS1_4096_SHA256
+      cloud_kms_key_version: null
+    labels: null
+    lifetime: 315360000s
+    location: us-central1
+    pem_ca_certificate: null
+    pool: ca-pool
+    project: project-id
+    skip_grace_period: true
+    subordinate_config: []
+    timeouts: null
+    type: SELF_SIGNED
+  module.certificate-manager.google_certificate_manager_certificate.certificates["my-certificate-1"]:
+    description: null
+    labels: null
+    location: global
+    managed:
+    - dns_authorizations: null
+      domains:
+      - mydomain.mycompany.org
+      issuance_config: my-issuance-config
+    name: my-certificate-1
+    project: project-id
+    scope: null
+    self_managed: []
+    timeouts: null
+  module.certificate-manager.google_certificate_manager_certificate_issuance_config.default["my-issuance-config"]:
+    certificate_authority_config:
+    - certificate_authority_service_config:
+      - {}
+    description: null
+    key_algorithm: ECDSA_P256
+    labels: null
+    lifetime: 1814400s
+    location: global
+    name: my-issuance-config
+    project: project-id
+    rotation_window_percentage: 34
+    timeouts: null
+  module.certificate-manager.google_certificate_manager_certificate_map.map[0]:
+    description: My certificate map
+    labels: null
+    name: my-certificate-map
+    project: project-id
+    timeouts: null
+  module.certificate-manager.google_certificate_manager_certificate_map_entry.entries["mydomain-mycompany-org"]:
+    description: null
+    hostname: null
+    labels: null
+    map: my-certificate-map
+    matcher: PRIMARY
+    name: mydomain-mycompany-org
+    project: project-id
+    timeouts: null
+
+counts:
+  google_certificate_manager_certificate: 1
+  google_certificate_manager_certificate_issuance_config: 1
+  google_certificate_manager_certificate_map: 1
+  google_certificate_manager_certificate_map_entry: 1
+  google_privateca_ca_pool: 1
+  google_privateca_certificate_authority: 1
+  modules: 1
+  resources: 6

tests/modules/certificate_manager/examples/map-with-managed-cert-dns-authz.yaml

@@ -0,0 +1,62 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.certificate-manager.google_certificate_manager_certificate.certificates["my-certificate-1"]:
+    description: null
+    labels: null
+    location: global
+    managed:
+    - dns_authorizations:
+      - mydomain-mycompany-org
+      domains:
+      - mydomain.mycompany.org
+      issuance_config: null
+    name: my-certificate-1
+    project: project-id
+    scope: null
+    self_managed: []
+    timeouts: null
+  module.certificate-manager.google_certificate_manager_certificate_map.map[0]:
+    description: My certificate map
+    labels: null
+    name: my-certificate-map
+    project: project-id
+    timeouts: null
+  module.certificate-manager.google_certificate_manager_certificate_map_entry.entries["mydomain-mycompany-org"]:
+    description: null
+    hostname: null
+    labels: null
+    map: my-certificate-map
+    matcher: PRIMARY
+    name: mydomain-mycompany-org
+    project: project-id
+    timeouts: null
+  module.certificate-manager.google_certificate_manager_dns_authorization.dns_authorizations["mydomain-mycompany-org"]:
+    description: null
+    domain: mydomain.mycompany.org
+    labels: null
+    location: global
+    name: mydomain-mycompany-org
+    project: project-id
+    timeouts: null
+    type: PER_PROJECT_RECORD
+
+counts:
+  google_certificate_manager_certificate: 1
+  google_certificate_manager_certificate_map: 1
+  google_certificate_manager_certificate_map_entry: 1
+  google_certificate_manager_dns_authorization: 1
+  modules: 1
+  resources: 4

tests/modules/certificate_manager/examples/map-with-managed-cert-lb-authz.yaml

@@ -0,0 +1,51 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.certificate-manager.google_certificate_manager_certificate.certificates["my-certificate-1"]:
+    description: null
+    labels: null
+    location: global
+    managed:
+    - dns_authorizations: null
+      domains:
+      - mydomain.mycompany.org
+      issuance_config: null
+    name: my-certificate-1
+    project: project-id
+    scope: null
+    self_managed: []
+    timeouts: null
+  module.certificate-manager.google_certificate_manager_certificate_map.map[0]:
+    description: My certificate map
+    labels: null
+    name: my-certificate-map
+    project: project-id
+    timeouts: null
+  module.certificate-manager.google_certificate_manager_certificate_map_entry.entries["mydomain-mycompany-org"]:
+    description: null
+    hostname: null
+    labels: null
+    map: my-certificate-map
+    matcher: PRIMARY
+    name: mydomain-mycompany-org
+    project: project-id
+    timeouts: null
+
+counts:
+  google_certificate_manager_certificate: 1
+  google_certificate_manager_certificate_map: 1
+  google_certificate_manager_certificate_map_entry: 1
+  modules: 1
+  resources: 3

tests/modules/certificate_manager/examples/map-with-self-managed-cert.yaml

@@ -0,0 +1,79 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.certificate-manager.google_certificate_manager_certificate.certificates["my-certificate-1"]:
+    description: null
+    labels: null
+    location: global
+    managed: []
+    name: my-certificate-1
+    project: project-id
+    scope: null
+    self_managed:
+    - certificate_pem: null
+      private_key_pem: null
+    timeouts: null
+  module.certificate-manager.google_certificate_manager_certificate_map.map[0]:
+    description: My certificate map
+    labels: null
+    name: my-certificate-map
+    project: project-id
+    timeouts: null
+  module.certificate-manager.google_certificate_manager_certificate_map_entry.entries["mydomain-mycompany-org"]:
+    description: null
+    hostname: mydomain.mycompany.org
+    labels: null
+    map: my-certificate-map
+    matcher: null
+    name: mydomain-mycompany-org
+    project: project-id
+    timeouts: null
+  tls_private_key.private_key:
+    algorithm: RSA
+    ecdsa_curve: P224
+    rsa_bits: 2048
+  tls_self_signed_cert.cert:
+    allowed_uses:
+    - key_encipherment
+    - digital_signature
+    - server_auth
+    dns_names: null
+    early_renewal_hours: 0
+    ip_addresses: null
+    is_ca_certificate: false
+    ready_for_renewal: false
+    set_authority_key_id: false
+    set_subject_key_id: false
+    subject:
+    - common_name: example.com
+      country: null
+      locality: null
+      organization: ACME Examples, Inc
+      organizational_unit: null
+      postal_code: null
+      province: null
+      serial_number: null
+      street_address: null
+    uris: null
+    validity_period_hours: 720
+
+counts:
+  google_certificate_manager_certificate: 1
+  google_certificate_manager_certificate_map: 1
+  google_certificate_manager_certificate_map_entry: 1
+  modules: 1
+  resources: 5
+  tls_private_key: 1
+  tls_self_signed_cert: 1

tests/modules/certificate_manager/examples/self-managed-cert.yaml

@@ -0,0 +1,62 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.certificate-manager.google_certificate_manager_certificate.certificates["my-certificate-1"]:
+    description: null
+    labels: null
+    location: global
+    managed: []
+    name: my-certificate-1
+    project: project-id
+    scope: null
+    self_managed:
+    - certificate_pem: null
+      private_key_pem: null
+    timeouts: null
+  tls_private_key.private_key:
+    algorithm: RSA
+    ecdsa_curve: P224
+    rsa_bits: 2048
+  tls_self_signed_cert.cert:
+    allowed_uses:
+    - key_encipherment
+    - digital_signature
+    - server_auth
+    dns_names: null
+    early_renewal_hours: 0
+    ip_addresses: null
+    is_ca_certificate: false
+    ready_for_renewal: false
+    set_authority_key_id: false
+    set_subject_key_id: false
+    subject:
+    - common_name: example.com
+      country: null
+      locality: null
+      organization: ACME Examples, Inc
+      organizational_unit: null
+      postal_code: null
+      province: null
+      serial_number: null
+      street_address: null
+    uris: null
+    validity_period_hours: 720
+
+counts:
+  google_certificate_manager_certificate: 1
+  modules: 1
+  resources: 3
+  tls_private_key: 1
+  tls_self_signed_cert: 1