From 723c1a4189eb1a9ed0d359a372cb4bc2b034c9ec Mon Sep 17 00:00:00 2001
From: Philippe Boneff <phb@google.com>
Date: Wed, 18 Mar 2026 18:45:32 +0000
Subject: [PATCH] suffix SSL cert names with a random ID

---
 .../modules/gcp/loadbalancer/external/main.tf | 23 +++++++++++++++----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/deployment/modules/gcp/loadbalancer/external/main.tf b/deployment/modules/gcp/loadbalancer/external/main.tf
index 9b6397ad..b440fad6 100644
--- a/deployment/modules/gcp/loadbalancer/external/main.tf
+++ b/deployment/modules/gcp/loadbalancer/external/main.tf
@@ -4,6 +4,10 @@ terraform {
       source  = "hashicorp/google"
       version = "6.50.0"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.0" # Or a version compatible with your project
+    }
   }
 
   backend "gcs" {}
@@ -136,10 +140,23 @@ module "cloud_armor" {
   layer_7_ddos_defense_rule_visibility = "STANDARD"
 }
 
+resource "random_id" "suffix" {
+  for_each = var.logs
+  byte_length = 4
+
+  keepers = {
+    logs = jsonencode(each.value)
+  }
+}
+
 resource "google_compute_managed_ssl_certificate" "log_certs" {
   for_each = var.logs
 
-  name = each.key
+  name = "${each.key}-cert-${random_id.suffix[each.key].hex}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
 
   managed {
     domains = [
@@ -147,8 +164,4 @@ resource "google_compute_managed_ssl_certificate" "log_certs" {
       "${each.key}.${each.value.submission_host_suffix}"
     ]
   }
-
-  lifecycle {
-    create_before_destroy = true
-  }
 }