privateca root ca example is invalid for a standard compliant root ca

[hoexter]

TL;DR

The sample in privateca/certificate_authority_basic/main.tf looks like it's a copy of the subordinate setup and not for the root.

Expected behavior

Sample should be somewhat compliant to RFC 5280 and CA/B Baseline Requirements.

Observed behavior

SAN on Root -> does not make any sense
pathLen on Root is not forbidden but according to the rfc not evaluated and not recommended by CA/B BR
extendedKeyUsage is forbidden by CA/B BR on a root

Terraform Configuration

does not apply

Terraform Version

does not apply

Additional information

No response

[iennae]

Thanks for your feedback @hoexter and the additional reference materials. They are super helpful. While I've left feedback on the PR, it seems like we may need to get the main terraform docs updated as well so that we are matching up our docs across pages. @msampathkumar do you have knowledge on these samples?

[msampathkumar]

This code samples is shown in https://cloud.google.com/certificate-authority-service/docs/creating-certificate-authorities#create-root-ca which focuses on Root CA.

Reaching out to the TW(Alida) for assitance.