compute_ssl_certificate: support write-only fields certificate_wo + private_key_wo

mmv1/api/resource.go

@@ -1223,7 +1223,7 @@ func (r Resource) InIdFormat(prop Type) bool {
 // Functions used to create slices of resource properties that could not otherwise be called from within generating templates.
 func (r Resource) ReadProperties() []*Type {
 	return google.Reject(r.GettableProperties(), func(p *Type) bool {
-		return p.IgnoreRead
+		return p.IgnoreRead || p.WriteOnly
 	})
 }
 

mmv1/products/compute/SslCertificate.yaml

@@ -49,13 +49,20 @@ async:
 collection_url_key: 'items'
 custom_code:
   extra_schema_entry: 'templates/terraform/extra_schema_entry/ssl_certificate.tmpl'
+  encoder: 'templates/terraform/encoders/ssl_certificate.go.tmpl'
 examples:
   - name: 'ssl_certificate_basic'
     primary_resource_id: 'default'
     ignore_read_extra:
       - 'name_prefix'
       # Uses id.UniqueId
     skip_vcr: true
+  - name: 'ssl_certificate_basic_wo'
+    primary_resource_id: 'default'
+    ignore_read_extra:
+      - 'name_prefix'
+      # Uses id.UniqueId
+    skip_vcr: true
   - name: 'ssl_certificate_random_provider'
     primary_resource_id: 'default'
     external_providers: ["random", "time"]
@@ -80,8 +87,24 @@ properties:
       The certificate in PEM format.
       The certificate chain must be no greater than 5 certs long.
       The chain must include at least one intermediate cert.
-    required: true
+    at_least_one_of:
+      - 'certificate'
+      - 'certificateWo'
     sensitive: true
+  - name: 'certificateWo'
+    type: String
+    description: 'The write-only certificate in PEM format.'
+    required_with:
+      - 'certificateWoVersion'
+    at_least_one_of:
+      - 'certificate'
+      - 'certificateWo'
+    write_only: true
+  - name: 'certificateWoVersion'
+    type: String
+    description: 'The write-only version of the certificate.'
+    immutable: true
+    ignore_read: true
   - name: 'creationTimestamp'
     type: Time
     description: 'Creation timestamp in RFC3339 text format.'
@@ -116,10 +139,26 @@ properties:
       function: 'verify.ValidateGCEName'
   - name: 'privateKey'
     type: String
-    description: 'The write-only private key in PEM format.'
-    required: true
+    description: 'The private key in PEM format.'
+    at_least_one_of:
+      - 'privateKey'
+      - 'privateKeyWo'
     immutable: true
     ignore_read: true
     sensitive: true
     diff_suppress_func: 'sha256DiffSuppress'
     custom_flatten: 'templates/terraform/custom_flatten/sha256.tmpl'
+  - name: 'privateKeyWo'
+    type: String
+    description: 'The write-only private key in PEM format.'
+    required_with:
+      - 'privateKeyWoVersion'
+    at_least_one_of:
+      - 'privateKey'
+      - 'privateKeyWo'
+    write_only: true
+  - name: 'privateKeyWoVersion'
+    type: String
+    description: 'The write-only version of the private key.'
+    immutable: true
+    ignore_read: true

mmv1/templates/terraform/encoders/ssl_certificate.go.tmpl

@@ -0,0 +1,4 @@
+// cannot include activate prop in the body
+delete(obj, "certificate_wo_version")
+delete(obj, "private_key_wo_version")
+return obj, nil

mmv1/templates/terraform/examples/ssl_certificate_basic_wo.tf.tmpl

@@ -0,0 +1,11 @@
+resource "google_compute_ssl_certificate" "default" {
+  name_prefix = "my-certificate-"
+  description = "a description"
+  private_key_wo = file("path/to/private.key")
+  private_key_wo_version = 1
+  certificate_wo = file("path/to/certificate.crt")
+  certificate_wo_version = 1
+  lifecycle {
+    create_before_destroy = true
+  }
+}

mmv1/third_party/terraform/services/compute/resource_compute_ssl_certificate_test.go

@@ -37,6 +37,46 @@ func TestAccComputeSslCertificate_no_name(t *testing.T) {
 	})
 }
 
+func TestAccComputeSslCertificate_update_wo(t *testing.T) {
+	// Randomness
+	acctest.SkipIfVcr(t)
+	t.Parallel()
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeSslCertificateDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeSslCertificate_wo(),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeSslCertificateExists(
+						t, "google_compute_ssl_certificate.foobar"),
+				),
+			},
+			{
+				ResourceName:            "google_compute_ssl_certificate.foobar",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"private_key"},
+			},
+			{
+				Config: testAccComputeSslCertificate_update_wo(),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeSslCertificateExists(
+						t, "google_compute_ssl_certificate.foobar"),
+				),
+			},
+			{
+				ResourceName:            "google_compute_ssl_certificate.foobar",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"private_key"},
+			},
+		},
+	})
+}
+
 func TestUnitComputeManagedSslCertificate_AbsoluteDomainSuppress(t *testing.T) {
 	cases := map[string]struct {
 		Old, New           string
@@ -114,3 +154,27 @@ resource "google_compute_ssl_certificate" "foobar" {
 }
 `)
 }
+
+func testAccComputeSslCertificate_wo() string {
+	return fmt.Sprintf(`
+resource "google_compute_ssl_certificate" "foobar" {
+  description = "really descriptive"
+  private_key_wo = file("test-fixtures/test.key")
+  private_key_wo_version = 1	
+  certificate_wo = file("test-fixtures/test.crt")
+  certificate_wo_version = 1
+}
+`)
+}
+
+func testAccComputeSslCertificate_update_wo() string {
+	return fmt.Sprintf(`
+resource "google_compute_ssl_certificate" "foobar" {
+  description = "really descriptive"
+  private_key_wo = file("test-fixtures/test.key")
+  private_key_wo_version = 2	
+  certificate_wo = file("test-fixtures/test.crt")
+  certificate_wo_version = 2
+}
+`)
+}