INT-7797: refactor private ca

docs/jupiterone.md

@@ -422,6 +422,7 @@ The following entities are created:
 | Organization                                             | `google_cloud_organization`                                       | `Organization`                     |
 | Private CA Certificate                                   | `google_privateca_certificate`                                    | `Certificate`                      |
 | Private CA Certificate Authority                         | `google_privateca_certificate_authority`                          | `Service`                          |
+| Private CA Pool                                          | `google_privateca_pool`                                           | `Group`                            |
 | Project                                                  | `google_cloud_project`                                            | `Account`                          |
 | PubSub Subscription                                      | `google_pubsub_subscription`                                      | `Service`                          |
 | PubSub Topic                                             | `google_pubsub_topic`                                             | `Channel`                          |
@@ -560,6 +561,7 @@ The following relationships are created:
 | `google_cloud_organization`                                      | **HAS**               | `google_cloud_project`                                            |
 | `google_privateca_certificate_authority`                         | **CREATED**           | `google_privateca_certificate`                                    |
 | `google_privateca_certificate_authority`                         | **USES**              | `google_storage_bucket`                                           |
+| `google_privateca_pool`                                          | **HAS**               | `google_privateca_certificate_authority`                          |
 | `google_pubsub_subscription`                                     | **USES**              | `google_pubsub_topic`                                             |
 | `google_pubsub_topic`                                            | **USES**              | `google_kms_crypto_key`                                           |
 | `google_redis_instance`                                          | **USES**              | `google_compute_network`                                          |
@@ -596,7 +598,7 @@ permissions can be used to provision only the required ones:
 
 <!-- {J1_PERMISSIONS_DOCUMENTATION_MARKER_START} -->
 
-| Permissions List (110)                                  |
+| Permissions List (111)                                  |
 | ------------------------------------------------------- |
 | `accesscontextmanager.accessLevels.list`                |
 | `accesscontextmanager.accessPolicies.list`              |
@@ -683,6 +685,7 @@ permissions can be used to provision only the required ones:
 | `monitoring.alertPolicies.list`                         |
 | `orgpolicy.policies.list`                               |
 | `orgpolicy.policy.get`                                  |
+| `privateca.caPools.list`                                |
 | `privateca.certificateAuthorities.getIamPolicy`         |
 | `privateca.certificateAuthorities.list`                 |
 | `privateca.certificates.list`                           |

src/getStepStartStates.ts

@@ -158,11 +158,7 @@ import {
 import { monitoringSteps } from './steps/monitoring';
 import { STEP_MONITORING_ALERT_POLICIES } from './steps/monitoring/constants';
 import { privateCaSteps } from './steps/privateca';
-import {
-  STEP_CREATE_PRIVATE_CA_CERTIFICATE_AUTHORITY_BUCKET_RELATIONSHIPS,
-  STEP_PRIVATE_CA_CERTIFICATES,
-  STEP_PRIVATE_CA_CERTIFICATE_AUTHORITIES,
-} from './steps/privateca/constants';
+import { PrivatecaSteps } from './steps/privateca/constants';
 import { pubSubSteps } from './steps/pub-sub';
 import {
   STEP_CREATE_PUBSUB_TOPIC_KMS_RELATIONSHIPS,
@@ -413,11 +409,15 @@ function getDefaultStepStartStates(params: {
     [STEP_API_GATEWAY_APIS]: { disabled: false },
     [STEP_API_GATEWAY_API_CONFIGS]: { disabled: false },
     [STEP_API_GATEWAY_GATEWAYS]: { disabled: false },
-    [STEP_PRIVATE_CA_CERTIFICATE_AUTHORITIES]: { disabled: false },
-    [STEP_CREATE_PRIVATE_CA_CERTIFICATE_AUTHORITY_BUCKET_RELATIONSHIPS]: {
+    [PrivatecaSteps.STEP_PRIVATE_CA_POOLS.id]: { disabled: false },
+    [PrivatecaSteps.STEP_PRIVATE_CA_CERTIFICATE_AUTHORITIES.id]: {
+      disabled: false,
+    },
+    [PrivatecaSteps
+      .STEP_CREATE_PRIVATE_CA_CERTIFICATE_AUTHORITY_BUCKET_RELATIONSHIPS.id]: {
       disabled: false,
     },
-    [STEP_PRIVATE_CA_CERTIFICATES]: { disabled: false },
+    [PrivatecaSteps.STEP_PRIVATE_CA_CERTIFICATES.id]: { disabled: false },
     [STEP_DATAPROC_CLUSTERS]: { disabled: false },
     [STEP_DATAPROC_CLUSTER_KMS_RELATIONSHIPS]: { disabled: false },
     [STEP_CREATE_CLUSTER_STORAGE_RELATIONSHIPS]: { disabled: false },
@@ -806,12 +806,15 @@ async function getStepStartStatesUsingServiceEnablements(params: {
     [STEP_API_GATEWAY_GATEWAYS]: createStepStartState(
       ServiceUsageName.API_GATEWAY,
     ),
-    [STEP_PRIVATE_CA_CERTIFICATE_AUTHORITIES]: createStepStartState(
+    [PrivatecaSteps.STEP_PRIVATE_CA_POOLS.id]: createStepStartState(
       ServiceUsageName.PRIVATE_CA,
     ),
-    [STEP_CREATE_PRIVATE_CA_CERTIFICATE_AUTHORITY_BUCKET_RELATIONSHIPS]:
+    [PrivatecaSteps.STEP_PRIVATE_CA_CERTIFICATE_AUTHORITIES.id]:
+      createStepStartState(ServiceUsageName.PRIVATE_CA),
+    [PrivatecaSteps
+      .STEP_CREATE_PRIVATE_CA_CERTIFICATE_AUTHORITY_BUCKET_RELATIONSHIPS.id]:
       createStepStartState(ServiceUsageName.PRIVATE_CA),
-    [STEP_PRIVATE_CA_CERTIFICATES]: createStepStartState(
+    [PrivatecaSteps.STEP_PRIVATE_CA_CERTIFICATES.id]: createStepStartState(
       ServiceUsageName.PRIVATE_CA,
     ),
     [STEP_DATAPROC_CLUSTERS]: createStepStartState(

src/index.test.ts

@@ -134,11 +134,7 @@ import {
   STEP_MEMCACHE_INSTANCES,
 } from './steps/memcache/constants';
 import { STEP_MONITORING_ALERT_POLICIES } from './steps/monitoring/constants';
-import {
-  STEP_CREATE_PRIVATE_CA_CERTIFICATE_AUTHORITY_BUCKET_RELATIONSHIPS,
-  STEP_PRIVATE_CA_CERTIFICATES,
-  STEP_PRIVATE_CA_CERTIFICATE_AUTHORITIES,
-} from './steps/privateca/constants';
+import { PrivatecaSteps } from './steps/privateca/constants';
 import {
   STEP_CREATE_PUBSUB_TOPIC_KMS_RELATIONSHIPS,
   STEP_PUBSUB_SUBSCRIPTIONS,
@@ -477,15 +473,16 @@ describe('#getStepStartStates success', () => {
         [STEP_API_GATEWAY_GATEWAYS]: {
           disabled: false,
         },
-        [STEP_PRIVATE_CA_CERTIFICATE_AUTHORITIES]: {
-          disabled: false,
-        },
-        [STEP_CREATE_PRIVATE_CA_CERTIFICATE_AUTHORITY_BUCKET_RELATIONSHIPS]: {
+        [PrivatecaSteps.STEP_PRIVATE_CA_POOLS.id]: { disabled: false },
+        [PrivatecaSteps.STEP_PRIVATE_CA_CERTIFICATE_AUTHORITIES.id]: {
           disabled: false,
         },
-        [STEP_PRIVATE_CA_CERTIFICATES]: {
+        [PrivatecaSteps
+          .STEP_CREATE_PRIVATE_CA_CERTIFICATE_AUTHORITY_BUCKET_RELATIONSHIPS
+          .id]: {
           disabled: false,
         },
+        [PrivatecaSteps.STEP_PRIVATE_CA_CERTIFICATES.id]: { disabled: false },
         [STEP_IAM_BINDINGS]: {
           disabled: false,
         },