certs (#2791)

[Feat.] APIGW: Add new resource `opentelekomcloud_apigw_certificate_v2`

Summary of the Pull Request
Add new APIGW resource:

opentelekomcloud_apigw_certificate_v2

PR Checklist

 Refers to: #2730
 Tests added/passed.
 Documentation updated.
 Schema updated.
 Release notes added.

Acceptance Steps Performed
=== RUN   TestAccCertificate_instance
=== PAUSE TestAccCertificate_instance
=== CONT  TestAccCertificate_instance
--- PASS: TestAccCertificate_instance (507.95s)
PASS

Process finished with the exit code 0


=== RUN   TestAccCertificate_basic
=== PAUSE TestAccCertificate_basic
=== CONT  TestAccCertificate_basic
--- PASS: TestAccCertificate_basic (50.13s)
PASS

Process finished with the exit code 0

=== RUN   TestAccCertificate_instanceWithRootCA
=== PAUSE TestAccCertificate_instanceWithRootCA
=== CONT  TestAccCertificate_instanceWithRootCA
--- PASS: TestAccCertificate_instanceWithRootCA (508.33s)
PASS

Process finished with the exit code 0

Reviewed-by: Anton Sidelnikov

docs/resources/apigw_certificate_v2.md

@@ -0,0 +1,152 @@
+---
+subcategory: "APIGW"
+layout: "opentelekomcloud"
+page_title: "OpenTelekomCloud: opentelekomcloud_apigw_certificate_v2"
+sidebar_current: "docs-opentelekomcloud-resource-apigw-certificate-v2"
+description: |-
+  Manages a APIGW Certificate resource within OpenTelekomCloud.
+---
+
+# opentelekomcloud_apigw_certificate_v2
+
+Manages an APIGW SSL certificate resource within OpenTelekomCloud.
+
+## Example Usage
+
+### Manages a global SSL certificate
+
+```hcl
+variable "certificate_name" {}
+variable "certificate_content" {
+  type    = string
+  default = "'-----BEGIN CERTIFICATE-----THIS IS YOUR CERT CONTENT-----END CERTIFICATE-----'"
+}
+variable "certificate_private_key" {
+  type    = string
+  default = "'-----BEGIN PRIVATE KEY-----THIS IS YOUR PRIVATE KEY-----END PRIVATE KEY-----'"
+}
+
+resource "opentelekomcloud_apigw_certificate_v2" "test" {
+  name        = var.certificate_name
+  content     = var.certificate_content
+  private_key = var.certificate_private_key
+}
+```
+
+### Manages a local SSL certificate in a specified dedicated APIGW instance
+
+```hcl
+variable "certificate_name" {}
+variable "certificate_content" {
+  type    = string
+  default = "'-----BEGIN CERTIFICATE-----THIS IS YOUR CERT CONTENT-----END CERTIFICATE-----'"
+}
+variable "certificate_private_key" {
+  type    = string
+  default = "'-----BEGIN PRIVATE KEY-----THIS IS YOUR PRIVATE KEY-----END PRIVATE KEY-----'"
+}
+variable "dedicated_instance_id" {}
+
+resource "opentelekomcloud_apigw_certificate_v2" "test" {
+  name        = var.certificate_name
+  content     = var.certificate_content
+  private_key = var.certificate_private_key
+  type        = "instance"
+  instance_id = var.dedicated_instance_id
+}
+```
+
+### Manages a local SSL certificate (with the ROOT CA certificate)
+
+```hcl
+variable "certificate_name" {}
+variable "certificate_content" {
+  type    = string
+  default = "'-----BEGIN CERTIFICATE-----THIS IS YOUR CERT CONTENT-----END CERTIFICATE-----'"
+}
+variable "certificate_private_key" {
+  type    = string
+  default = "'-----BEGIN PRIVATE KEY-----THIS IS YOUR PRIVATE KEY-----END PRIVATE KEY-----'"
+}
+variable "root_ca_certificate_content" {
+  type    = string
+  default = "'-----BEGIN CERTIFICATE-----THIS IS YOUR CERT CONTENT-----END CERTIFICATE-----'"
+}
+variable "dedicated_instance_id" {}
+
+resource "opentelekomcloud_apigw_certificate_v2" "test" {
+  name            = var.certificate_name
+  content         = var.certificate_content
+  private_key     = var.certificate_private_key
+  trusted_root_ca = var.root_ca_certificate_content
+  type            = "instance"
+  instance_id     = var.dedicated_instance_id
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required, String) Specifies the certificate name.
+  The valid length is limited from `4` to `50`, only Chinese and English letters, digits and underscores (_) are
+  allowed. The name must start with an English letter.
+
+* `content` - (Required, String) Specifies the certificate content.
+
+* `private_key` - (Required, String) Specifies the private key of the certificate.
+
+* `type` - (Optional, String, ForceNew) Specifies the certificate type. The valid values are as follows:
+  + **instance**
+  + **global**
+
+  Defaults to **global**. Changing this will create a new resource.
+
+* `instance_id` - (Optional, String, ForceNew) Specifies the dedicated instance ID to which the certificate belongs.
+  Required if `type` is **instance**.
+  Changing this will create a new resource.
+
+* `trusted_root_ca` - (Optional, String) Specifies the trusted **ROOT CA** certificate.
+
+-> Currently, the ROOT CA parameter only certificates of type `instance` are support.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The certificate ID.
+
+* `region` - The region where the certificate is located.
+
+* `effected_at` - The effective time of the certificate, in RFC3339 format (YYYY-MM-DDThh:mm:ssZ).
+
+* `expires_at` - The expiration time of the certificate, in RFC3339 format (YYYY-MM-DDThh:mm:ssZ).
+
+* `signature_algorithm` - What signature algorithm the certificate uses.
+
+* `sans` - The SAN (Subject Alternative Names) of the certificate.
+
+## Import
+
+Certificates can be imported using their `id`, e.g.
+
+```bash
+$ terraform import opentelekomcloud_apigw_certificate_v2.test <id>
+```
+
+Note that the imported state may not be identical to your resource definition, due to some attributes missing from the
+API response. The missing attributes include: `content`, `private_key` and `trusted_root_ca`.
+It is generally recommended running `terraform plan` after importing a certificate.
+You can then decide if changes should be applied to the certificate, or the resource definition should be updated to
+align with the certificate. Also, you can ignore changes as below.
+
+```hcl
+resource "opentelekomcloud_apigw_certificate_v2" "test" {
+
+  lifecycle {
+    ignore_changes = [
+      content, private_key, trusted_root_ca,
+    ]
+  }
+}
+```

go.mod

@@ -17,7 +17,7 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0
 	github.com/keybase/go-crypto v0.0.0-20200123153347-de78d2cb44f4
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20250115114430-7a5bd79761bd
+	github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20250115161007-a7fae3c659fc
 	github.com/unknwon/com v1.0.1
 	golang.org/x/crypto v0.31.0
 	golang.org/x/sync v0.10.0

go.sum

@@ -156,8 +156,8 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA
 github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758=
 github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20250115114430-7a5bd79761bd h1:ODSt/BKKotvfJLv/PcIjYOtD5EbPUTgJdwMDVEyu9UQ=
-github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20250115114430-7a5bd79761bd/go.mod h1:la8cQVYopRoEbNe2L7HlGTdLxUQOwIqHp1VHtjE/5qA=
+github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20250115161007-a7fae3c659fc h1:JDr/sgKTh98agnyd5aEZp7EiYKTjwHAG5FW+bGFboig=
+github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20250115161007-a7fae3c659fc/go.mod h1:la8cQVYopRoEbNe2L7HlGTdLxUQOwIqHp1VHtjE/5qA=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=