Skip to content

Commit

Permalink
Add IAM support for privateca CertificateTemplate (#5904)
Browse files Browse the repository at this point in the history
  • Loading branch information
@gfxcc
gfxcc authored Apr 11, 2022
1 parent d705a40 commit 1a8e59e
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 2 deletions.
15 changes: 14 additions & 1 deletion mmv1/products/privateca/api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1570,7 +1570,20 @@ objects:
An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass":
"1.3kg", "count": "3" }.
# This resource is only used to generate IAM resources. They do not correspond to real
# GCP resources, and should not be used to generate anything other than IAM support.
- !ruby/object:Api::Resource
name: 'CertificateTemplate'
base_url: projects/{{project}}/locations/{{location}}/certificateTemplates
self_link: projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}
exclude_resource: true
description: |
Only used to generate IAM resources
properties:
- !ruby/object:Api::Type::String
name: 'name'
description: Dummy property.
required: true



15 changes: 14 additions & 1 deletion mmv1/products/privateca/terraform.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,4 +165,17 @@ overrides: !ruby/object:Overrides::ResourceOverrides
vars:
my_ca_pool: "my-ca-pool"
my_certificate: "my-certificate"

CertificateTemplate: !ruby/object:Overrides::Terraform::ResourceOverride
iam_policy: !ruby/object:Api::Resource::IamPolicy
allowed_iam_role: 'roles/privateca.templateUser'
method_name_separator: ':'
parent_resource_attribute: certificate_template
example_config_body: 'templates/terraform/iam/example_config_body/privateca_certificate_template.tf.erb'
iam_conditions_request_type: :QUERY_PARAM_NESTED
examples:
- !ruby/object:Provider::Terraform::Examples
name: "privateca_template_basic"
primary_resource_name: "fmt.Sprintf(\"tf-test-my-template%s\", context[\"random_suffix\"])"
primary_resource_id: "default"
vars:
name: "my-template"
18 changes: 18 additions & 0 deletions mmv1/templates/terraform/examples/privateca_template_basic.tf.erb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# [START privateca_create_certificate_template]
resource "google_privateca_certificate_template" "<%= ctx[:primary_resource_id] %>" {
name = "<%= ctx[:vars]["name"] %>"
location = "us-central1"

identity_constraints {
allow_subject_alt_names_passthrough = true
allow_subject_passthrough = true

cel_expression {
description = "Always true"
expression = "true"
location = "any.file.anywhere"
title = "Sample expression"
}
}
}
# [END privateca_create_certificate_template]
1 change: 1 addition & 0 deletions mmv1/templates/terraform/iam/example_config_body/privateca_certificate_template.tf.erb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
certificate_template = google_privateca_certificate_template.default.id

0 comments on commit 1a8e59e

Please sign in to comment.