Skip to content

Commit

Permalink
Merge pull request #24593 from rizkybiz/acm-data-source-changes
Browse files Browse the repository at this point in the history
Allow AWS Provider ACM Certificate Data Source to Return TLS Certificate Material
  • Loading branch information
anGie44 authored May 13, 2022
2 parents c29c796 + 3be774c commit 6ce26f4
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 2 deletions.
3 changes: 3 additions & 0 deletions .changelog/24593.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
data-source/aws_acm_certificate: Add `certificate` and `certificate_chain` attributes
```
29 changes: 27 additions & 2 deletions internal/service/acm/certificate_data_source.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,14 @@ func DataSourceCertificate() *schema.Resource {
Type: schema.TypeString,
Computed: true,
},
"certificate": {
Type: schema.TypeString,
Computed: true,
},
"certificate_chain": {
Type: schema.TypeString,
Computed: true,
},
"statuses": {
Type: schema.TypeList,
Optional: true,
Expand Down Expand Up @@ -169,12 +177,29 @@ func dataSourceCertificateRead(d *schema.ResourceData, meta interface{}) error {
return fmt.Errorf("No certificate for domain %q found in this region", target)
}

// Get the certificate data if the status is issued
var certOutput *acm.GetCertificateOutput
if aws.StringValue(matchedCertificate.Status) == acm.CertificateStatusIssued {
getCertInput := acm.GetCertificateInput{
CertificateArn: matchedCertificate.CertificateArn,
}
certOutput, err = conn.GetCertificate(&getCertInput)
if err != nil {
return fmt.Errorf("error getting ACM certificate (%s): %w", aws.StringValue(matchedCertificate.CertificateArn), err)
}
}
if certOutput != nil {
d.Set("certificate", certOutput.Certificate)
d.Set("certificate_chain", certOutput.CertificateChain)
} else {
d.Set("certificate", nil)
d.Set("certificate_chain", nil)
}

d.SetId(aws.StringValue(matchedCertificate.CertificateArn))
d.Set("arn", matchedCertificate.CertificateArn)
d.Set("status", matchedCertificate.Status)

tags, err := ListTags(conn, aws.StringValue(matchedCertificate.CertificateArn))

if err != nil {
return fmt.Errorf("error listing tags for ACM Certificate (%s): %w", d.Id(), err)
}
Expand Down
12 changes: 12 additions & 0 deletions internal/service/acm/certificate_data_source_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) {
//lintignore:AWSAT001
resource.TestMatchResourceAttr(resourceName, "arn", arnRe),
resource.TestCheckResourceAttr(resourceName, "status", acm.CertificateStatusIssued),
resource.TestCheckResourceAttrSet(resourceName, "certificate"),
resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"),
),
},
{
Expand All @@ -55,34 +57,44 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) {
//lintignore:AWSAT001
resource.TestMatchResourceAttr(resourceName, "arn", arnRe),
resource.TestCheckResourceAttr(resourceName, "status", acm.CertificateStatusIssued),
resource.TestCheckResourceAttrSet(resourceName, "certificate"),
resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"),
),
},
{
Config: testAccCheckCertificateWithTypesDataSourceConfig(domain, acm.CertificateTypeAmazonIssued),
Check: resource.ComposeTestCheckFunc(
//lintignore:AWSAT001
resource.TestMatchResourceAttr(resourceName, "arn", arnRe),
resource.TestCheckResourceAttrSet(resourceName, "certificate"),
resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"),
),
},
{
Config: testAccCheckCertificateWithMostRecentDataSourceConfig(domain, true),
Check: resource.ComposeTestCheckFunc(
//lintignore:AWSAT001
resource.TestMatchResourceAttr(resourceName, "arn", arnRe),
resource.TestCheckResourceAttrSet(resourceName, "certificate"),
resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"),
),
},
{
Config: testAccCheckCertificateWithMostRecentAndStatusDataSourceConfig(domain, acm.CertificateStatusIssued, true),
Check: resource.ComposeTestCheckFunc(
//lintignore:AWSAT001
resource.TestMatchResourceAttr(resourceName, "arn", arnRe),
resource.TestCheckResourceAttrSet(resourceName, "certificate"),
resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"),
),
},
{
Config: testAccCheckCertificateWithMostRecentAndTypesDataSourceConfig(domain, acm.CertificateTypeAmazonIssued, true),
Check: resource.ComposeTestCheckFunc(
//lintignore:AWSAT001
resource.TestMatchResourceAttr(resourceName, "arn", arnRe),
resource.TestCheckResourceAttrSet(resourceName, "certificate"),
resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"),
),
},
},
Expand Down
2 changes: 2 additions & 0 deletions website/docs/d/acm_certificate.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -50,4 +50,6 @@ data "aws_acm_certificate" "rsa_4096" {
* `arn` - Amazon Resource Name (ARN) of the found certificate, suitable for referencing in other resources that support ACM certificates.
* `id` - Amazon Resource Name (ARN) of the found certificate, suitable for referencing in other resources that support ACM certificates.
* `status` - Status of the found certificate.
* `certificate` - The ACM-issued certificate.
* `certificate_chain` - Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
* `tags` - A mapping of tags for the resource.

0 comments on commit 6ce26f4

Please sign in to comment.