diff --git a/mmv1/products/certificatemanager/Certificate.yaml b/mmv1/products/certificatemanager/Certificate.yaml index d6cc703156c..119379747fd 100644 --- a/mmv1/products/certificatemanager/Certificate.yaml +++ b/mmv1/products/certificatemanager/Certificate.yaml @@ -88,6 +88,13 @@ examples: dns_auth_name2: 'dns-auth2' dns_auth_subdomain2: 'subdomain2' cert_name: 'dns-cert' + - !ruby/object:Provider::Terraform::Examples + name: 'certificate_manager_google_managed_regional_certificate_dns_auth' + primary_resource_id: 'default' + vars: + dns_auth_name: 'dns-auth' + dns_auth_subdomain: 'subdomain' + cert_name: 'dns-cert' custom_code: !ruby/object:Provider::Terraform::CustomCode constants: templates/terraform/constants/cert_manager.erb parameters: diff --git a/mmv1/products/certificatemanager/DnsAuthorization.yaml b/mmv1/products/certificatemanager/DnsAuthorization.yaml index 33cd7604ed8..92e1acdd349 100644 --- a/mmv1/products/certificatemanager/DnsAuthorization.yaml +++ b/mmv1/products/certificatemanager/DnsAuthorization.yaml @@ -50,6 +50,13 @@ examples: dns_auth_name: 'dns-auth' zone_name: 'my-zone' subdomain: 'subdomain' + - !ruby/object:Provider::Terraform::Examples + name: 'certificate_manager_dns_authorization_regional' + primary_resource_id: 'default' + vars: + dns_auth_name: 'dns-auth' + zone_name: 'my-zone' + subdomain: 'subdomain' parameters: - !ruby/object:Api::Type::String name: 'name' @@ -84,6 +91,22 @@ properties: A domain which is being authorized. A DnsAuthorization resource covers a single domain and its wildcard, e.g. authorization for "example.com" can be used to issue certificates for "example.com" and "*.example.com". + - !ruby/object:Api::Type::Enum + name: type + description: | + type of DNS authorization. If unset during the resource creation, FIXED_RECORD will + be used for global resources, and PER_PROJECT_RECORD will be used for other locations. + + FIXED_RECORD DNS authorization uses DNS-01 validation method + + PER_PROJECT_RECORD DNS authorization allows for independent management + of Google-managed certificates with DNS authorization across multiple + projects. + immutable: true + values: + - :FIXED_RECORD + - :PER_PROJECT_RECORD + default_from_api: true - !ruby/object:Api::Type::NestedObject name: 'dnsResourceRecord' output: true diff --git a/mmv1/templates/terraform/examples/certificate_manager_dns_authorization_regional.tf.erb b/mmv1/templates/terraform/examples/certificate_manager_dns_authorization_regional.tf.erb new file mode 100644 index 00000000000..21df9b21c91 --- /dev/null +++ b/mmv1/templates/terraform/examples/certificate_manager_dns_authorization_regional.tf.erb @@ -0,0 +1,7 @@ +resource "google_certificate_manager_dns_authorization" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['dns_auth_name'] %>" + location = "us-central1" + description = "reginal dns" + type = "PER_PROJECT_RECORD" + domain = "<%= ctx[:vars]['subdomain'] %>.hashicorptest.com" +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/certificate_manager_google_managed_regional_certificate_dns_auth.tf.erb b/mmv1/templates/terraform/examples/certificate_manager_google_managed_regional_certificate_dns_auth.tf.erb new file mode 100644 index 00000000000..f49a6cf70d8 --- /dev/null +++ b/mmv1/templates/terraform/examples/certificate_manager_google_managed_regional_certificate_dns_auth.tf.erb @@ -0,0 +1,19 @@ +resource "google_certificate_manager_certificate" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['cert_name'] %>" + description = "regional managed certs" + location = "us-central1" + managed { + domains = [ + google_certificate_manager_dns_authorization.instance.domain, + ] + dns_authorizations = [ + google_certificate_manager_dns_authorization.instance.id, + ] + } +} +resource "google_certificate_manager_dns_authorization" "instance" { + name = "<%= ctx[:vars]['dns_auth_name'] %>" + location = "us-central1" + description = "The default dnss" + domain = "<%= ctx[:vars]['dns_auth_subdomain'] %>.hashicorptest.com" +} \ No newline at end of file