From ea6e01c4dd4ad94308e851e96fe7aeaf35e2d8bb Mon Sep 17 00:00:00 2001
From: Modular Magician <magic-modules@google.com>
Date: Tue, 6 Dec 2022 18:08:59 +0000
Subject: [PATCH] Disable CA deletion related protection in tests (#6907)

fixes https://github.com/hashicorp/terraform-provider-google/issues/9999

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 privateca_certificate_authority_subordinate/main.tf | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/privateca_certificate_authority_subordinate/main.tf b/privateca_certificate_authority_subordinate/main.tf
index 17d2f551..581e0e11 100644
--- a/privateca_certificate_authority_subordinate/main.tf
+++ b/privateca_certificate_authority_subordinate/main.tf
@@ -2,8 +2,6 @@ resource "google_privateca_certificate_authority" "root-ca" {
   pool = "ca-pool-${local.name_suffix}"
   certificate_authority_id = "my-certificate-authority-${local.name_suffix}-root"
   location = "us-central1"
-  deletion_protection = false
-  ignore_active_certificates_on_deletion = true
   config {
     subject_config {
       subject {
@@ -34,6 +32,11 @@ resource "google_privateca_certificate_authority" "root-ca" {
   key_spec {
     algorithm = "RSA_PKCS1_4096_SHA256"
   }
+
+  // Disable CA deletion related safe checks for easier cleanup.
+  deletion_protection                    = false
+  skip_grace_period                      = true
+  ignore_active_certificates_on_deletion = true
 }
 
 resource "google_privateca_certificate_authority" "default" {