diff --git a/.changelog/24593.txt b/.changelog/24593.txt new file mode 100644 index 00000000000..2367eb44f71 --- /dev/null +++ b/.changelog/24593.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +data-source/aws_acm_certificate: Add `certificate` and `certificate_chain` attributes +``` \ No newline at end of file diff --git a/internal/service/acm/certificate_data_source.go b/internal/service/acm/certificate_data_source.go index 02eed23190c..3499b759ad4 100644 --- a/internal/service/acm/certificate_data_source.go +++ b/internal/service/acm/certificate_data_source.go @@ -25,6 +25,14 @@ func DataSourceCertificate() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "certificate": { + Type: schema.TypeString, + Computed: true, + }, + "certificate_chain": { + Type: schema.TypeString, + Computed: true, + }, "statuses": { Type: schema.TypeList, Optional: true, @@ -169,12 +177,29 @@ func dataSourceCertificateRead(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("No certificate for domain %q found in this region", target) } + // Get the certificate data if the status is issued + var certOutput *acm.GetCertificateOutput + if aws.StringValue(matchedCertificate.Status) == acm.CertificateStatusIssued { + getCertInput := acm.GetCertificateInput{ + CertificateArn: matchedCertificate.CertificateArn, + } + certOutput, err = conn.GetCertificate(&getCertInput) + if err != nil { + return fmt.Errorf("error getting ACM certificate (%s): %w", aws.StringValue(matchedCertificate.CertificateArn), err) + } + } + if certOutput != nil { + d.Set("certificate", certOutput.Certificate) + d.Set("certificate_chain", certOutput.CertificateChain) + } else { + d.Set("certificate", nil) + d.Set("certificate_chain", nil) + } + d.SetId(aws.StringValue(matchedCertificate.CertificateArn)) d.Set("arn", matchedCertificate.CertificateArn) d.Set("status", matchedCertificate.Status) - tags, err := ListTags(conn, aws.StringValue(matchedCertificate.CertificateArn)) - if err != nil { return fmt.Errorf("error listing tags for ACM Certificate (%s): %w", d.Id(), err) } diff --git a/internal/service/acm/certificate_data_source_test.go b/internal/service/acm/certificate_data_source_test.go index 8c0946ece47..e844189638e 100644 --- a/internal/service/acm/certificate_data_source_test.go +++ b/internal/service/acm/certificate_data_source_test.go @@ -47,6 +47,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) { //lintignore:AWSAT001 resource.TestMatchResourceAttr(resourceName, "arn", arnRe), resource.TestCheckResourceAttr(resourceName, "status", acm.CertificateStatusIssued), + resource.TestCheckResourceAttrSet(resourceName, "certificate"), + resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"), ), }, { @@ -55,6 +57,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) { //lintignore:AWSAT001 resource.TestMatchResourceAttr(resourceName, "arn", arnRe), resource.TestCheckResourceAttr(resourceName, "status", acm.CertificateStatusIssued), + resource.TestCheckResourceAttrSet(resourceName, "certificate"), + resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"), ), }, { @@ -62,6 +66,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) { Check: resource.ComposeTestCheckFunc( //lintignore:AWSAT001 resource.TestMatchResourceAttr(resourceName, "arn", arnRe), + resource.TestCheckResourceAttrSet(resourceName, "certificate"), + resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"), ), }, { @@ -69,6 +75,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) { Check: resource.ComposeTestCheckFunc( //lintignore:AWSAT001 resource.TestMatchResourceAttr(resourceName, "arn", arnRe), + resource.TestCheckResourceAttrSet(resourceName, "certificate"), + resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"), ), }, { @@ -76,6 +84,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) { Check: resource.ComposeTestCheckFunc( //lintignore:AWSAT001 resource.TestMatchResourceAttr(resourceName, "arn", arnRe), + resource.TestCheckResourceAttrSet(resourceName, "certificate"), + resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"), ), }, { @@ -83,6 +93,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) { Check: resource.ComposeTestCheckFunc( //lintignore:AWSAT001 resource.TestMatchResourceAttr(resourceName, "arn", arnRe), + resource.TestCheckResourceAttrSet(resourceName, "certificate"), + resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"), ), }, }, diff --git a/website/docs/d/acm_certificate.html.markdown b/website/docs/d/acm_certificate.html.markdown index 59e1baf994c..8980a61c8d7 100644 --- a/website/docs/d/acm_certificate.html.markdown +++ b/website/docs/d/acm_certificate.html.markdown @@ -50,4 +50,6 @@ data "aws_acm_certificate" "rsa_4096" { * `arn` - Amazon Resource Name (ARN) of the found certificate, suitable for referencing in other resources that support ACM certificates. * `id` - Amazon Resource Name (ARN) of the found certificate, suitable for referencing in other resources that support ACM certificates. * `status` - Status of the found certificate. +* `certificate` - The ACM-issued certificate. +* `certificate_chain` - Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs. * `tags` - A mapping of tags for the resource.