d/aws_iam_server_certificate: add support for retrieving public key (#…

…2749) * #2742: add support for retrieving public key * #2742: re-organized imports and added additional assertions * #2742: re-organized imports and added additional assertions * #2742: certificate_chain assertion
hashicorp · Jan 3, 2018 · 1e04bfc · 1e04bfc
1 parent c715720
commit 1e04bfc
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 4 deletions.
diff --git a/aws/data_source_aws_iam_server_certificate.go b/aws/data_source_aws_iam_server_certificate.go
@@ -5,6 +5,7 @@ import (
 	"log"
 	"sort"
 	"strings"
+	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/iam"
@@ -68,6 +69,21 @@ func dataSourceAwsIAMServerCertificate() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+
+			"upload_date": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"certificate_body": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"certificate_chain": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -129,8 +145,19 @@ func dataSourceAwsIAMServerCertificateRead(d *schema.ResourceData, meta interfac
 	d.Set("path", *metadata.Path)
 	d.Set("name", *metadata.ServerCertificateName)
 	if metadata.Expiration != nil {
-		d.Set("expiration_date", metadata.Expiration.Format("2006-01-02T15:04:05"))
+		d.Set("expiration_date", metadata.Expiration.Format(time.RFC3339))
+	}
+
+	log.Printf("[DEBUG] Get Public Key Certificate for %s", *metadata.ServerCertificateName)
+	serverCertificateResp, err := iamconn.GetServerCertificate(&iam.GetServerCertificateInput{
+		ServerCertificateName: metadata.ServerCertificateName,
+	})
+	if err != nil {
+		return err
 	}
+	d.Set("upload_date", serverCertificateResp.ServerCertificate.ServerCertificateMetadata.UploadDate.Format(time.RFC3339))
+	d.Set("certificate_body", aws.StringValue(serverCertificateResp.ServerCertificate.CertificateBody))
+	d.Set("certificate_chain", aws.StringValue(serverCertificateResp.ServerCertificate.CertificateChain))
 
 	return nil
 }
diff --git a/aws/data_source_aws_iam_server_certificate_test.go b/aws/data_source_aws_iam_server_certificate_test.go
@@ -57,6 +57,9 @@ func TestAccAWSDataSourceIAMServerCertificate_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet("data.aws_iam_server_certificate.test", "id"),
 					resource.TestCheckResourceAttrSet("data.aws_iam_server_certificate.test", "name"),
 					resource.TestCheckResourceAttrSet("data.aws_iam_server_certificate.test", "path"),
+					resource.TestCheckResourceAttrSet("data.aws_iam_server_certificate.test", "upload_date"),
+					resource.TestCheckResourceAttr("data.aws_iam_server_certificate.test", "certificate_chain", ""),
+					resource.TestMatchResourceAttr("data.aws_iam_server_certificate.test", "certificate_body", regexp.MustCompile("^-----BEGIN CERTIFICATE-----")),
 				),
 			},
 		},

diff --git a/website/docs/d/iam_server_certificate.html.markdown b/website/docs/d/iam_server_certificate.html.markdown
@@ -39,9 +39,12 @@ resource "aws_elb" "elb" {
 
 ## Attributes Reference
 
-`arn` is set to the ARN of the IAM Server Certificate
-`path` is set to the path of the IAM Server Certificate
-`expiration_date` is set to the expiration date of the IAM Server Certificate
+* `arn` is set to the ARN of the IAM Server Certificate
+* `path` is set to the path of the IAM Server Certificate
+* `expiration_date` is set to the expiration date of the IAM Server Certificate
+* `upload_date` is the date when the server certificate was uploaded
+* `certificate_body` is the public key certificate (PEM-encoded). This is useful when [configuring back-end instance authentication](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html) policy for load balancer
+* `certificate_chain` is the public key certificate chain (PEM-encoded) if exists, empty otherwise
 
 ## Import