revert changes as they're a breaking change and fields will need to be added instead (#6600) (#4715)

Signed-off-by: Modular Magician <[email protected]>

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/6600.txt

@@ -0,0 +1,3 @@
+```release-note:none
+
+```

google-beta/resource_certificate_manager_certificate.go

@@ -184,21 +184,22 @@ certificates before they expire remains the user's responsibility.`,
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
-						"pem_certificate": {
+						"certificate_pem": {
 							Type:     schema.TypeString,
 							Required: true,
 							Description: `The certificate chain in PEM-encoded form.
 
 Leaf certificate comes first, followed by intermediate ones if any.`,
+							Sensitive: true,
 						},
-						"pem_private_key": {
+						"private_key_pem": {
 							Type:        schema.TypeString,
 							Required:    true,
 							Description: `The private key of the leaf certificate in PEM-encoded form.`,
+							Sensitive:   true,
 						},
 					},
 				},
-				Sensitive:    true,
 				ExactlyOneOf: []string{"self_managed", "managed"},
 			},
 			"project": {
@@ -340,6 +341,9 @@ func resourceCertificateManagerCertificateRead(d *schema.ResourceData, meta inte
 	if err := d.Set("scope", flattenCertificateManagerCertificateScope(res["scope"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Certificate: %s", err)
 	}
+	if err := d.Set("self_managed", flattenCertificateManagerCertificateSelfManaged(res["selfManaged"], d, config)); err != nil {
+		return fmt.Errorf("Error reading Certificate: %s", err)
+	}
 	if err := d.Set("managed", flattenCertificateManagerCertificateManaged(res["managed"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Certificate: %s", err)
 	}
@@ -499,6 +503,29 @@ func flattenCertificateManagerCertificateScope(v interface{}, d *schema.Resource
 	return v
 }
 
+func flattenCertificateManagerCertificateSelfManaged(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["certificate_pem"] =
+		flattenCertificateManagerCertificateSelfManagedCertificatePem(original["certificatePem"], d, config)
+	transformed["private_key_pem"] =
+		flattenCertificateManagerCertificateSelfManagedPrivateKeyPem(original["privateKeyPem"], d, config)
+	return []interface{}{transformed}
+}
+func flattenCertificateManagerCertificateSelfManagedCertificatePem(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
+func flattenCertificateManagerCertificateSelfManagedPrivateKeyPem(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
 func flattenCertificateManagerCertificateManaged(v interface{}, d *schema.ResourceData, config *Config) interface{} {
 	if v == nil {
 		return nil
@@ -620,28 +647,28 @@ func expandCertificateManagerCertificateSelfManaged(v interface{}, d TerraformRe
 	original := raw.(map[string]interface{})
 	transformed := make(map[string]interface{})
 
-	transformedPemCertificate, err := expandCertificateManagerCertificateSelfManagedPemCertificate(original["pem_certificate"], d, config)
+	transformedCertificatePem, err := expandCertificateManagerCertificateSelfManagedCertificatePem(original["certificate_pem"], d, config)
 	if err != nil {
 		return nil, err
-	} else if val := reflect.ValueOf(transformedPemCertificate); val.IsValid() && !isEmptyValue(val) {
-		transformed["pemCertificate"] = transformedPemCertificate
+	} else if val := reflect.ValueOf(transformedCertificatePem); val.IsValid() && !isEmptyValue(val) {
+		transformed["certificatePem"] = transformedCertificatePem
 	}
 
-	transformedPemPrivateKey, err := expandCertificateManagerCertificateSelfManagedPemPrivateKey(original["pem_private_key"], d, config)
+	transformedPrivateKeyPem, err := expandCertificateManagerCertificateSelfManagedPrivateKeyPem(original["private_key_pem"], d, config)
 	if err != nil {
 		return nil, err
-	} else if val := reflect.ValueOf(transformedPemPrivateKey); val.IsValid() && !isEmptyValue(val) {
-		transformed["pemPrivateKey"] = transformedPemPrivateKey
+	} else if val := reflect.ValueOf(transformedPrivateKeyPem); val.IsValid() && !isEmptyValue(val) {
+		transformed["privateKeyPem"] = transformedPrivateKeyPem
 	}
 
 	return transformed, nil
 }
 
-func expandCertificateManagerCertificateSelfManagedPemCertificate(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+func expandCertificateManagerCertificateSelfManagedCertificatePem(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
 
-func expandCertificateManagerCertificateSelfManagedPemPrivateKey(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+func expandCertificateManagerCertificateSelfManagedPrivateKeyPem(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
 

google-beta/resource_certificate_manager_certificate_generated_test.go

@@ -23,7 +23,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 )
 
-func TestAccCertificateManagerCertificate_certificateManagerSelfManagedCertificateExample(t *testing.T) {
+func TestAccCertificateManagerCertificate_certificateManagerCertificateBasicExample(t *testing.T) {
 	t.Parallel()
 
 	context := map[string]interface{}{
@@ -36,29 +36,48 @@ func TestAccCertificateManagerCertificate_certificateManagerSelfManagedCertifica
 		CheckDestroy: testAccCheckCertificateManagerCertificateDestroyProducer(t),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccCertificateManagerCertificate_certificateManagerSelfManagedCertificateExample(context),
+				Config: testAccCertificateManagerCertificate_certificateManagerCertificateBasicExample(context),
 			},
 			{
 				ResourceName:            "google_certificate_manager_certificate.default",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"self_managed", "name"},
+				ImportStateVerifyIgnore: []string{"name", "managed.0.dns_authorizations"},
 			},
 		},
 	})
 }
 
-func testAccCertificateManagerCertificate_certificateManagerSelfManagedCertificateExample(context map[string]interface{}) string {
+func testAccCertificateManagerCertificate_certificateManagerCertificateBasicExample(context map[string]interface{}) string {
 	return Nprintf(`
 resource "google_certificate_manager_certificate" "default" {
-  name        = "tf-test-self-managed-cert%{random_suffix}"
+  name        = "tf-test-dns-cert%{random_suffix}"
   description = "The default cert"
   scope       = "EDGE_CACHE"
-  self_managed {
-    pem_certificate = file("test-fixtures/certificatemanager/cert.pem")
-    pem_private_key = file("test-fixtures/certificatemanager/private-key.pem")
+  managed {
+    domains = [
+      google_certificate_manager_dns_authorization.instance.domain,
+      google_certificate_manager_dns_authorization.instance2.domain,
+      ]
+    dns_authorizations = [
+      google_certificate_manager_dns_authorization.instance.id,
+      google_certificate_manager_dns_authorization.instance2.id,
+      ]
   }
 }
+
+
+resource "google_certificate_manager_dns_authorization" "instance" {
+  name        = "tf-test-dns-auth%{random_suffix}"
+  description = "The default dnss"
+  domain      = "subdomain%{random_suffix}.hashicorptest.com"
+}
+
+resource "google_certificate_manager_dns_authorization" "instance2" {
+  name        = "tf-test-dns-auth2%{random_suffix}"
+  description = "The default dnss"
+  domain      = "subdomain2%{random_suffix}.hashicorptest.com"
+}
 `, context)
 }
 

google-beta/test-fixtures/certificatemanager/cert.pem

@@ -24,27 +24,46 @@ Certificate represents a HTTP-reachable backend for a Certificate.
 
 
 
-~> **Warning:** All arguments including `self_managed` will be stored in the raw
+~> **Warning:** All arguments including `self_managed.certificate_pem` and `self_managed.private_key_pem` will be stored in the raw
 state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data).
 
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
-  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=certificate_manager_self_managed_certificate&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=certificate_manager_certificate_basic&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
-## Example Usage - Certificate Manager Self Managed Certificate
+## Example Usage - Certificate Manager Certificate Basic
 
 
 ```hcl
 resource "google_certificate_manager_certificate" "default" {
-  name        = "self-managed-cert"
+  name        = "dns-cert"
   description = "The default cert"
   scope       = "EDGE_CACHE"
-  self_managed {
-    pem_certificate = file("test-fixtures/certificatemanager/cert.pem")
-    pem_private_key = file("test-fixtures/certificatemanager/private-key.pem")
+  managed {
+    domains = [
+      google_certificate_manager_dns_authorization.instance.domain,
+      google_certificate_manager_dns_authorization.instance2.domain,
+      ]
+    dns_authorizations = [
+      google_certificate_manager_dns_authorization.instance.id,
+      google_certificate_manager_dns_authorization.instance2.id,
+      ]
   }
 }
+
+
+resource "google_certificate_manager_dns_authorization" "instance" {
+  name        = "dns-auth"
+  description = "The default dnss"
+  domain      = "subdomain.hashicorptest.com"
+}
+
+resource "google_certificate_manager_dns_authorization" "instance2" {
+  name        = "dns-auth2"
+  description = "The default dnss"
+  domain      = "subdomain2.hashicorptest.com"
+}
 ```
 
 ## Argument Reference
@@ -84,7 +103,6 @@ The following arguments are supported:
   Certificate data for a SelfManaged Certificate.
   SelfManaged Certificates are uploaded by the user. Updating such
   certificates before they expire remains the user's responsibility.
-  **Note**: This property is sensitive and will not be displayed in the plan.
   Structure is [documented below](#nested_self_managed).
 
 * `managed` -
@@ -100,14 +118,16 @@ The following arguments are supported:
 
 <a name="nested_self_managed"></a>The `self_managed` block supports:
 
-* `pem_certificate` -
+* `certificate_pem` -
   (Required)
   The certificate chain in PEM-encoded form.
   Leaf certificate comes first, followed by intermediate ones if any.
+  **Note**: This property is sensitive and will not be displayed in the plan.
 
-* `pem_private_key` -
+* `private_key_pem` -
   (Required)
   The private key of the leaf certificate in PEM-encoded form.
+  **Note**: This property is sensitive and will not be displayed in the plan.
 
 <a name="nested_managed"></a>The `managed` block supports: