Add location to cert-manager issuance config and fix issuance config reference (#2720)

modules/certificate-manager/README.md

@@ -246,11 +246,11 @@ module "certificate-manager" {
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L102) | Project id. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L103) | Project id. | <code>string</code> | ✓ |  |
 | [certificates](variables.tf#L17) | Certificates. | <code title="map&#40;object&#40;&#123;&#10;  description &#61; optional&#40;string&#41;&#10;  labels      &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  location    &#61; optional&#40;string&#41;&#10;  scope       &#61; optional&#40;string&#41;&#10;  self_managed &#61; optional&#40;object&#40;&#123;&#10;    pem_certificate &#61; string&#10;    pem_private_key &#61; string&#10;  &#125;&#41;&#41;&#10;  managed &#61; optional&#40;object&#40;&#123;&#10;    domains            &#61; list&#40;string&#41;&#10;    dns_authorizations &#61; optional&#40;list&#40;string&#41;&#41;&#10;    issuance_config    &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [dns_authorizations](variables.tf#L53) | DNS authorizations. | <code title="map&#40;object&#40;&#123;&#10;  domain      &#61; string&#10;  description &#61; optional&#40;string&#41;&#10;  location    &#61; optional&#40;string&#41;&#10;  type        &#61; optional&#40;string&#41;&#10;  labels      &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [issuance_configs](variables.tf#L66) | Issuance configs. | <code title="map&#40;object&#40;&#123;&#10;  ca_pool                    &#61; string&#10;  description                &#61; optional&#40;string&#41;&#10;  key_algorithm              &#61; string&#10;  labels                     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  lifetime                   &#61; string&#10;  rotation_window_percentage &#61; number&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [map](variables.tf#L80) | Map attributes. | <code title="object&#40;&#123;&#10;  name        &#61; string&#10;  description &#61; optional&#40;string&#41;&#10;  labels      &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  entries &#61; optional&#40;map&#40;object&#40;&#123;&#10;    description  &#61; optional&#40;string&#41;&#10;    hostname     &#61; optional&#40;string&#41;&#10;    labels       &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;    matcher      &#61; optional&#40;string&#41;&#10;    certificates &#61; list&#40;string&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [issuance_configs](variables.tf#L66) | Issuance configs. | <code title="map&#40;object&#40;&#123;&#10;  ca_pool                    &#61; string&#10;  description                &#61; optional&#40;string&#41;&#10;  key_algorithm              &#61; string&#10;  labels                     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  lifetime                   &#61; string&#10;  location                   &#61; optional&#40;string&#41;&#10;  rotation_window_percentage &#61; number&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [map](variables.tf#L81) | Map attributes. | <code title="object&#40;&#123;&#10;  name        &#61; string&#10;  description &#61; optional&#40;string&#41;&#10;  labels      &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  entries &#61; optional&#40;map&#40;object&#40;&#123;&#10;    description  &#61; optional&#40;string&#41;&#10;    hostname     &#61; optional&#40;string&#41;&#10;    labels       &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;    matcher      &#61; optional&#40;string&#41;&#10;    certificates &#61; list&#40;string&#41;&#10;  &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
 
 ## Outputs
 

modules/certificate-manager/main.tf

@@ -47,7 +47,7 @@ resource "google_certificate_manager_certificate" "certificates" {
     content {
       domains            = each.value.managed.domains
       dns_authorizations = each.value.managed.dns_authorizations
-      issuance_config    = each.value.managed.issuance_config
+      issuance_config    = try(google_certificate_manager_certificate_issuance_config.default[each.value.managed.issuance_config].id, null)
     }
   }
   dynamic "self_managed" {
@@ -80,6 +80,7 @@ resource "google_certificate_manager_certificate_issuance_config" "default" {
     }
   }
   lifetime                   = each.value.lifetime
+  location                   = each.value.location
   rotation_window_percentage = each.value.rotation_window_percentage
   key_algorithm              = each.value.key_algorithm
   labels                     = each.value.labels

modules/certificate-manager/variables.tf

@@ -71,6 +71,7 @@ variable "issuance_configs" {
     key_algorithm              = string
     labels                     = optional(map(string), {})
     lifetime                   = string
+    location                   = optional(string)
     rotation_window_percentage = number
   }))
   default  = {}

tests/modules/certificate_manager/examples/map-with-managed-cert-ca-service.yaml

@@ -96,7 +96,6 @@ values:
     - dns_authorizations: null
       domains:
       - mydomain.mycompany.org
-      issuance_config: my-issuance-config
     name: my-certificate-1
     project: project-id
     scope: null