Merge branch 'main' of https://github.com/GoogleCloudPlatform/magic-modules

actions-user · actions-user · commit b09e794e6a7d · 2026-04-16T23:34:20.000Z
diff --git a/mmv1/products/iambeta/WorkloadIdentityPool.yaml b/mmv1/products/iambeta/WorkloadIdentityPool.yaml
@@ -277,6 +277,15 @@ properties:
                       PEM certificate of the PKI used for validation. Must only contain one ca
                       certificate(either root or intermediate cert).
                     required: true
+            - name: 'trustDefaultSharedCa'
+              type: Boolean
+              description: |
+                If set to True, the trust bundle will include the private ca managed identity regional root
+                public certificates.
+
+
+                ~> **Note** `trust_default_shared_ca` is only supported for managed identity trust domain
+                resource.
   - name: 'attestationRules'
     is_missing_in_cai: true
     type: Array
diff --git a/mmv1/templates/terraform/examples/iam_workload_identity_pool_full_trust_domain_mode.tf.tmpl b/mmv1/templates/terraform/examples/iam_workload_identity_pool_full_trust_domain_mode.tf.tmpl
@@ -15,7 +15,8 @@ resource "google_iam_workload_identity_pool" "{{$.PrimaryResourceId}}" {
   }
   inline_trust_config {
     additional_trust_bundles {
-      trust_domain = "example.com"
+      trust_domain            = "example.com"
+      trust_default_shared_ca = false      
       trust_anchors {
         pem_certificate = file("test-fixtures/trust_anchor_1.pem")
       }
@@ -24,7 +25,8 @@ resource "google_iam_workload_identity_pool" "{{$.PrimaryResourceId}}" {
       }
     }
     additional_trust_bundles {
-      trust_domain = "example.net"
+      trust_domain            = "example.net"
+      trust_default_shared_ca = false
       trust_anchors {
         pem_certificate = file("test-fixtures/trust_anchor_3.pem")
       }
diff --git a/mmv1/templates/terraform/examples/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca.tf.tmpl b/mmv1/templates/terraform/examples/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca.tf.tmpl
@@ -12,7 +12,8 @@ resource "google_iam_workload_identity_pool" "{{$.PrimaryResourceId}}" {
   }
   inline_trust_config {
     additional_trust_bundles {
-      trust_domain = "example.com"
+      trust_domain            = "example.com"
+      trust_default_shared_ca = true
       trust_anchors {
         pem_certificate = file("test-fixtures/trust_anchor_1.pem")
       }
@@ -21,7 +22,8 @@ resource "google_iam_workload_identity_pool" "{{$.PrimaryResourceId}}" {
       }
     }
     additional_trust_bundles {
-      trust_domain = "example.net"
+      trust_domain            = "example.net"
+      trust_default_shared_ca = true
       trust_anchors {
         pem_certificate = file("test-fixtures/trust_anchor_3.pem")
       }
diff --git a/mmv1/third_party/terraform/services/iambeta/resource_iam_workload_identity_pool_test.go b/mmv1/third_party/terraform/services/iambeta/resource_iam_workload_identity_pool_test.go
@@ -159,7 +159,8 @@ resource "google_iam_workload_identity_pool" "my_pool" {
   }
   inline_trust_config {
     additional_trust_bundles {
-      trust_domain = "ca-pool-foo.global.project-foo.workload.id.goog"
+      trust_domain            = "ca-pool-foo.global.project-foo.workload.id.goog"
+      trust_default_shared_ca = false
       trust_anchors {
         pem_certificate = file("test-fixtures/trust_anchor_1.pem")
       }
@@ -168,7 +169,8 @@ resource "google_iam_workload_identity_pool" "my_pool" {
       }
     }
     additional_trust_bundles {
-      trust_domain = "ca-pool-bar.global.project-bar.workload.id.goog"
+      trust_domain            = "ca-pool-bar.global.project-bar.workload.id.goog"
+      trust_default_shared_ca = false
       trust_anchors {
         pem_certificate = file("test-fixtures/trust_anchor_3.pem")
       }
@@ -203,7 +205,8 @@ resource "google_iam_workload_identity_pool" "my_pool" {
   }
   inline_trust_config {
     additional_trust_bundles {
-      trust_domain = "ca-pool-baz.global.project-baz.workload.id.goog"
+      trust_domain            = "ca-pool-baz.global.project-baz.workload.id.goog"
+	  trust_default_shared_ca = false
       trust_anchors {
         pem_certificate = file("test-fixtures/trust_anchor_updated.pem")
       }
@@ -238,7 +241,8 @@ resource "google_iam_workload_identity_pool" "my_pool" {
   }
   inline_trust_config {
     additional_trust_bundles {
-      trust_domain = "ca-pool-baz.global.project-baz.workload.id.goog"
+      trust_domain            = "ca-pool-baz.global.project-baz.workload.id.goog"
+	  trust_default_shared_ca = true
       trust_anchors {
         pem_certificate = file("test-fixtures/trust_anchor_updated.pem")
       }

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,8 @@ resource "google_iam_workload_identity_pool" "{{$.PrimaryResourceId}}" {`
`15`	`15`	`}`
`16`	`16`	`inline_trust_config {`
`17`	`17`	`additional_trust_bundles {`
`18`		`- trust_domain = "example.com"`
	`18`	`+ trust_domain = "example.com"`
	`19`	`+ trust_default_shared_ca = false`
`19`	`20`	`trust_anchors {`
`20`	`21`	`pem_certificate = file("test-fixtures/trust_anchor_1.pem")`
`21`	`22`	`}`
`@@ -24,7 +25,8 @@ resource "google_iam_workload_identity_pool" "{{$.PrimaryResourceId}}" {`
`24`	`25`	`}`
`25`	`26`	`}`
`26`	`27`	`additional_trust_bundles {`
`27`		`- trust_domain = "example.net"`
	`28`	`+ trust_domain = "example.net"`
	`29`	`+ trust_default_shared_ca = false`
`28`	`30`	`trust_anchors {`
`29`	`31`	`pem_certificate = file("test-fixtures/trust_anchor_3.pem")`
`30`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,8 @@ resource "google_iam_workload_identity_pool" "{{$.PrimaryResourceId}}" {`
`12`	`12`	`}`
`13`	`13`	`inline_trust_config {`
`14`	`14`	`additional_trust_bundles {`
`15`		`- trust_domain = "example.com"`
	`15`	`+ trust_domain = "example.com"`
	`16`	`+ trust_default_shared_ca = true`
`16`	`17`	`trust_anchors {`
`17`	`18`	`pem_certificate = file("test-fixtures/trust_anchor_1.pem")`
`18`	`19`	`}`
`@@ -21,7 +22,8 @@ resource "google_iam_workload_identity_pool" "{{$.PrimaryResourceId}}" {`
`21`	`22`	`}`
`22`	`23`	`}`
`23`	`24`	`additional_trust_bundles {`
`24`		`- trust_domain = "example.net"`
	`25`	`+ trust_domain = "example.net"`
	`26`	`+ trust_default_shared_ca = true`
`25`	`27`	`trust_anchors {`
`26`	`28`	`pem_certificate = file("test-fixtures/trust_anchor_3.pem")`
`27`	`29`	`}`
Original file line number	Diff line number	Diff line change
`@@ -159,7 +159,8 @@ resource "google_iam_workload_identity_pool" "my_pool" {`
`159`	`159`	`}`
`160`	`160`	`inline_trust_config {`
`161`	`161`	`additional_trust_bundles {`
`162`		`- trust_domain = "ca-pool-foo.global.project-foo.workload.id.goog"`
	`162`	`+ trust_domain = "ca-pool-foo.global.project-foo.workload.id.goog"`
	`163`	`+ trust_default_shared_ca = false`
`163`	`164`	`trust_anchors {`
`164`	`165`	`pem_certificate = file("test-fixtures/trust_anchor_1.pem")`
`165`	`166`	`}`
`@@ -168,7 +169,8 @@ resource "google_iam_workload_identity_pool" "my_pool" {`
`168`	`169`	`}`
`169`	`170`	`}`
`170`	`171`	`additional_trust_bundles {`
`171`		`- trust_domain = "ca-pool-bar.global.project-bar.workload.id.goog"`
	`172`	`+ trust_domain = "ca-pool-bar.global.project-bar.workload.id.goog"`
	`173`	`+ trust_default_shared_ca = false`
`172`	`174`	`trust_anchors {`
`173`	`175`	`pem_certificate = file("test-fixtures/trust_anchor_3.pem")`
`174`	`176`	`}`
`@@ -203,7 +205,8 @@ resource "google_iam_workload_identity_pool" "my_pool" {`
`203`	`205`	`}`
`204`	`206`	`inline_trust_config {`
`205`	`207`	`additional_trust_bundles {`
`206`		`- trust_domain = "ca-pool-baz.global.project-baz.workload.id.goog"`
	`208`	`+ trust_domain = "ca-pool-baz.global.project-baz.workload.id.goog"`
	`209`	`+ trust_default_shared_ca = false`
`207`	`210`	`trust_anchors {`
`208`	`211`	`pem_certificate = file("test-fixtures/trust_anchor_updated.pem")`
`209`	`212`	`}`
`@@ -238,7 +241,8 @@ resource "google_iam_workload_identity_pool" "my_pool" {`
`238`	`241`	`}`
`239`	`242`	`inline_trust_config {`
`240`	`243`	`additional_trust_bundles {`
`241`		`- trust_domain = "ca-pool-baz.global.project-baz.workload.id.goog"`
	`244`	`+ trust_domain = "ca-pool-baz.global.project-baz.workload.id.goog"`
	`245`	`+ trust_default_shared_ca = true`
`242`	`246`	`trust_anchors {`
`243`	`247`	`pem_certificate = file("test-fixtures/trust_anchor_updated.pem")`
`244`	`248`	`}`