From 43e6daca8fefb6beb11079b38181592369fa59af Mon Sep 17 00:00:00 2001
From: frits-v <4488681+frits-v@users.noreply.github.com>
Date: Wed, 22 Jan 2025 13:49:12 -0800
Subject: [PATCH] fix(certificate-manager): reference dns_authz by fully
 qualified id (#2833)

---
 modules/certificate-manager/main.tf                    | 10 +++++++---
 .../examples/map-with-managed-cert-dns-authz.yaml      |  6 ++----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/modules/certificate-manager/main.tf b/modules/certificate-manager/main.tf
index 9b1e7a7b9..e82248f9a 100644
--- a/modules/certificate-manager/main.tf
+++ b/modules/certificate-manager/main.tf
@@ -45,9 +45,13 @@ resource "google_certificate_manager_certificate" "certificates" {
   dynamic "managed" {
     for_each = each.value.managed == null ? [] : [""]
     content {
-      domains            = each.value.managed.domains
-      dns_authorizations = each.value.managed.dns_authorizations
-      issuance_config    = try(google_certificate_manager_certificate_issuance_config.default[each.value.managed.issuance_config].id, null)
+      domains = each.value.managed.domains
+      dns_authorizations = each.value.managed.dns_authorizations != null ? [
+        for v in each.value.managed.dns_authorizations : (
+          google_certificate_manager_dns_authorization.dns_authorizations[v].id
+        )
+      ] : null
+      issuance_config = try(google_certificate_manager_certificate_issuance_config.default[each.value.managed.issuance_config].id, null)
     }
   }
   dynamic "self_managed" {
diff --git a/tests/modules/certificate_manager/examples/map-with-managed-cert-dns-authz.yaml b/tests/modules/certificate_manager/examples/map-with-managed-cert-dns-authz.yaml
index 5864dd7f2..efcdeb7cc 100644
--- a/tests/modules/certificate_manager/examples/map-with-managed-cert-dns-authz.yaml
+++ b/tests/modules/certificate_manager/examples/map-with-managed-cert-dns-authz.yaml
@@ -18,9 +18,7 @@ values:
     labels: null
     location: global
     managed:
-    - dns_authorizations:
-      - mydomain-mycompany-org
-      domains:
+    - domains:
       - mydomain.mycompany.org
       issuance_config: null
     name: my-certificate-1
@@ -59,4 +57,4 @@ counts:
   google_certificate_manager_certificate_map_entry: 1
   google_certificate_manager_dns_authorization: 1
   modules: 1
-  resources: 4
\ No newline at end of file
+  resources: 4