google_certificate_manager_trust_config: Allow listed function is missing in resource block

[deepi-1234]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

In https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/certificate_manager_trust_config in the google_certificate_manager_trust_config resource block allow listed functionality is missing in resource block but in gcloud cli we do have the code for allow listed functionality. In order for us to consume the resource block the allow listed functionality is missing.

The reference documentation for allow listed certificate is also here: https://cloud.google.com/certificate-manager/docs/how-it-works#allowlisted-certs

Please provide a workaround for this. Also the resource block and gcloud command is added below.

New or Affected Resource(s)

• google_XXXXX
  resource "google_certificate_manager_trust_config" "default" {
  name = "trust-config"
  description = "sample description for the trust config"
  location = "us-central1"

  trust_stores {
  trust_anchors {
  pem_certificate = file("test-fixtures/cert.pem")
  }
  intermediate_cas {
  pem_certificate = file("test-fixtures/cert.pem")
  }
  }

  labels = {
  foo = "bar"
  }
  }

whereas in gcloud we have the allow listed functionality but not in above resource block.

Create a trust config YAML file that specifies the trust config parameters. The file has the following format:
trustStores:
‑ trustAnchors:
‑ pemCertificate: "CERTIFICATE_PEM_PAYLOAD"
intermediateCas:
‑ pemCertificate: "INTER_CERT_PEM_PAYLOAD"
allowlistedCertificates:
‑ pemCertificate: "ALLOWLISTED_CERT1"
‑ pemCertificate: "ALLOWLISTED_CERT2"

Import the trust config file into Certificate Manager:
gcloud certificate-manager trust-configs import TRUST_CONFIG_ID
--project=PROJECT_ID
--source=TRUST_CONFIG_FILE
--location=LOCATION

Please provide a solution for the above in order for us to consume the allow listed functionality in resource block.

Potential Terraform Configuration

References

The reference documentation for allow listed certificate is also here: https://cloud.google.com/certificate-manager/docs/how-it-works#allowlisted-certs

b/341735446

[melinath]

Note from triage: API docs: https://cloud.google.com/certificate-manager/docs/reference/certificate-manager/rest/v1/projects.locations.trustConfigs

[deepi-1234]

The provided link was for API Documentation and it has the JSON files, I wanted to have a terraform resource block for allowlisted certificates functionality.

Please provide a workaround for us to consume the terraform resource block for allowlisted certificates functionality.

[melinath]

@deepi-1234 sorry for the confusion - that note is not intended as a workaround for you. It is proof that this functionality exists in the API (so should be added in Terraform) and a reference in case the person who eventually works on this ticket is unsure what part of the API this ticket is referring to.

[deepi-1234]

As mentioned in above comment can you please provide a terraform code for allowlisted or kindly provide us a turn around time of when the terraform resource block for allow listed functionality will be available?

[melinath]

This ticket has been forwarded to the engineering team for resolution. There is no guaranteed turnaround time. If you are working with a Google Technical Account Manager or Customer Engineer, you can ask them to reach out internally to expedite investigation and resolution of this issue.