SSM: make ca_pool argument optional for private instances that use Google-managed trusted certificates. (#14900) (#24039)

[upstream:bf1af53e43bf453353a95b36229fb5adf1c8a0fe]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/14900.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+ssm: make `ca_pool` argument optional for private instances that use Google-managed trusted certificates.` to `secure_source_manager` resource
+```

google/services/securesourcemanager/resource_secure_source_manager_instance.go

@@ -92,18 +92,18 @@ Please refer to the field 'effective_labels' for all of the labels present on th
 				MaxItems:    1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
-						"ca_pool": {
-							Type:        schema.TypeString,
-							Required:    true,
-							ForceNew:    true,
-							Description: `CA pool resource, resource must in the format of 'projects/{project}/locations/{location}/caPools/{ca_pool}'.`,
-						},
 						"is_private": {
 							Type:        schema.TypeBool,
 							Required:    true,
 							ForceNew:    true,
 							Description: `'Indicate if it's private instance.'`,
 						},
+						"ca_pool": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							ForceNew:    true,
+							Description: `CA pool resource, resource must in the format of 'projects/{project}/locations/{location}/caPools/{ca_pool}'.`,
+						},
 						"http_service_attachment": {
 							Type:        schema.TypeString,
 							Computed:    true,

google/services/securesourcemanager/resource_secure_source_manager_instance_generated_test.go

@@ -124,6 +124,44 @@ data "google_project" "project" {}
 `, context)
 }
 
+func TestAccSecureSourceManagerInstance_secureSourceManagerInstancePrivateTrustedCertExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckSecureSourceManagerInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSecureSourceManagerInstance_secureSourceManagerInstancePrivateTrustedCertExample(context),
+			},
+			{
+				ResourceName:            "google_secure_source_manager_instance.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"instance_id", "labels", "location", "terraform_labels", "update_time"},
+			},
+		},
+	})
+}
+
+func testAccSecureSourceManagerInstance_secureSourceManagerInstancePrivateTrustedCertExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_secure_source_manager_instance" "default" {
+  instance_id = "tf-test-my-instance%{random_suffix}"
+  location    = "us-central1"
+
+  private_config {
+    is_private = true
+  }
+}
+`, context)
+}
+
 func TestAccSecureSourceManagerInstance_secureSourceManagerInstancePrivateExample(t *testing.T) {
 	t.Parallel()
 

website/docs/r/secure_source_manager_instance.html.markdown

@@ -601,7 +601,7 @@ Default is `DELETE`.  Possible values are:
   'Indicate if it's private instance.'
 
 * `ca_pool` -
-  (Required)
+  (Optional)
   CA pool resource, resource must in the format of `projects/{project}/locations/{location}/caPools/{ca_pool}`.
 
 * `http_service_attachment` -