From ff2e4c2af04a633f53b9aaa4fe8302bbfa05c234 Mon Sep 17 00:00:00 2001 From: rizkybiz Date: Thu, 5 May 2022 12:05:45 -0400 Subject: [PATCH 1/6] upd: allow aws provider ACM cert data source to return cert material for use in other resources --- .../service/acm/certificate_data_source.go | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/internal/service/acm/certificate_data_source.go b/internal/service/acm/certificate_data_source.go index 02eed23190c..a7fd448079a 100644 --- a/internal/service/acm/certificate_data_source.go +++ b/internal/service/acm/certificate_data_source.go @@ -25,6 +25,14 @@ func DataSourceCertificate() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "tls_certificate": { + Type: schema.TypeString, + Computed: true, + }, + "tls_certificate_full_chain": { + Type: schema.TypeString, + Computed: true, + }, "statuses": { Type: schema.TypeList, Optional: true, @@ -169,10 +177,19 @@ func dataSourceCertificateRead(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("No certificate for domain %q found in this region", target) } + // get the certificate data + getCertInput := acm.GetCertificateInput{ + CertificateArn: matchedCertificate.CertificateArn, + } + output, err := conn.GetCertificate(&getCertInput) + if err != nil { + return err + } d.SetId(aws.StringValue(matchedCertificate.CertificateArn)) d.Set("arn", matchedCertificate.CertificateArn) d.Set("status", matchedCertificate.Status) - + d.Set("tls_certificate", output.Certificate) + d.Set("tls_certificate_full_chain", output.CertificateChain) tags, err := ListTags(conn, aws.StringValue(matchedCertificate.CertificateArn)) if err != nil { From d5c7cf44df55475c43f97a60190d75f12e78c0b5 Mon Sep 17 00:00:00 2001 From: rizkybiz Date: Thu, 12 May 2022 22:34:36 -0400 Subject: [PATCH 2/6] upd: added checks for certificate and certificate_chain within single issued acm certificate --- internal/service/acm/certificate_data_source_test.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/internal/service/acm/certificate_data_source_test.go b/internal/service/acm/certificate_data_source_test.go index f60aa5f8dc0..af93c64903a 100644 --- a/internal/service/acm/certificate_data_source_test.go +++ b/internal/service/acm/certificate_data_source_test.go @@ -47,6 +47,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) { //lintignore:AWSAT001 resource.TestMatchResourceAttr(resourceName, "arn", arnRe), resource.TestCheckResourceAttr(resourceName, "status", acm.CertificateStatusIssued), + resource.TestCheckResourceAttrSet(resourceName, "certificate"), + resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"), ), }, { @@ -55,6 +57,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) { //lintignore:AWSAT001 resource.TestMatchResourceAttr(resourceName, "arn", arnRe), resource.TestCheckResourceAttr(resourceName, "status", acm.CertificateStatusIssued), + resource.TestCheckResourceAttrSet(resourceName, "certificate"), + resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"), ), }, { @@ -62,6 +66,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) { Check: resource.ComposeTestCheckFunc( //lintignore:AWSAT001 resource.TestMatchResourceAttr(resourceName, "arn", arnRe), + resource.TestCheckResourceAttrSet(resourceName, "certificate"), + resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"), ), }, { @@ -69,6 +75,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) { Check: resource.ComposeTestCheckFunc( //lintignore:AWSAT001 resource.TestMatchResourceAttr(resourceName, "arn", arnRe), + resource.TestCheckResourceAttrSet(resourceName, "certificate"), + resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"), ), }, { @@ -76,6 +84,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) { Check: resource.ComposeTestCheckFunc( //lintignore:AWSAT001 resource.TestMatchResourceAttr(resourceName, "arn", arnRe), + resource.TestCheckResourceAttrSet(resourceName, "certificate"), + resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"), ), }, { @@ -83,6 +93,8 @@ func TestAccACMCertificateDataSource_singleIssued(t *testing.T) { Check: resource.ComposeTestCheckFunc( //lintignore:AWSAT001 resource.TestMatchResourceAttr(resourceName, "arn", arnRe), + resource.TestCheckResourceAttrSet(resourceName, "certificate"), + resource.TestCheckResourceAttrSet(resourceName, "certificate_chain"), ), }, }, From 82cd96be1977610d2c061a17fc6a6e5cdb471e58 Mon Sep 17 00:00:00 2001 From: rizkybiz Date: Thu, 12 May 2022 22:37:32 -0400 Subject: [PATCH 3/6] upd: modified the names of the certificate and certificate full chain attributes --- internal/service/acm/certificate_data_source.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/service/acm/certificate_data_source.go b/internal/service/acm/certificate_data_source.go index a7fd448079a..742eaf8850e 100644 --- a/internal/service/acm/certificate_data_source.go +++ b/internal/service/acm/certificate_data_source.go @@ -25,11 +25,11 @@ func DataSourceCertificate() *schema.Resource { Type: schema.TypeString, Computed: true, }, - "tls_certificate": { + "certificate": { Type: schema.TypeString, Computed: true, }, - "tls_certificate_full_chain": { + "certificate_chain": { Type: schema.TypeString, Computed: true, }, @@ -188,8 +188,8 @@ func dataSourceCertificateRead(d *schema.ResourceData, meta interface{}) error { d.SetId(aws.StringValue(matchedCertificate.CertificateArn)) d.Set("arn", matchedCertificate.CertificateArn) d.Set("status", matchedCertificate.Status) - d.Set("tls_certificate", output.Certificate) - d.Set("tls_certificate_full_chain", output.CertificateChain) + d.Set("certificate", output.Certificate) + d.Set("certificate_chain", output.CertificateChain) tags, err := ListTags(conn, aws.StringValue(matchedCertificate.CertificateArn)) if err != nil { From b91b2be890167319a38fb9fb8cf677958914b113 Mon Sep 17 00:00:00 2001 From: rizkybiz Date: Thu, 12 May 2022 22:54:12 -0400 Subject: [PATCH 4/6] upd: introduced a check for issued certificate status in order to avoid a requestInProgressException for a non fully issued certificate --- .../service/acm/certificate_data_source.go | 26 ++++++++++++------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/internal/service/acm/certificate_data_source.go b/internal/service/acm/certificate_data_source.go index 742eaf8850e..3499b759ad4 100644 --- a/internal/service/acm/certificate_data_source.go +++ b/internal/service/acm/certificate_data_source.go @@ -177,21 +177,29 @@ func dataSourceCertificateRead(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("No certificate for domain %q found in this region", target) } - // get the certificate data - getCertInput := acm.GetCertificateInput{ - CertificateArn: matchedCertificate.CertificateArn, + // Get the certificate data if the status is issued + var certOutput *acm.GetCertificateOutput + if aws.StringValue(matchedCertificate.Status) == acm.CertificateStatusIssued { + getCertInput := acm.GetCertificateInput{ + CertificateArn: matchedCertificate.CertificateArn, + } + certOutput, err = conn.GetCertificate(&getCertInput) + if err != nil { + return fmt.Errorf("error getting ACM certificate (%s): %w", aws.StringValue(matchedCertificate.CertificateArn), err) + } } - output, err := conn.GetCertificate(&getCertInput) - if err != nil { - return err + if certOutput != nil { + d.Set("certificate", certOutput.Certificate) + d.Set("certificate_chain", certOutput.CertificateChain) + } else { + d.Set("certificate", nil) + d.Set("certificate_chain", nil) } + d.SetId(aws.StringValue(matchedCertificate.CertificateArn)) d.Set("arn", matchedCertificate.CertificateArn) d.Set("status", matchedCertificate.Status) - d.Set("certificate", output.Certificate) - d.Set("certificate_chain", output.CertificateChain) tags, err := ListTags(conn, aws.StringValue(matchedCertificate.CertificateArn)) - if err != nil { return fmt.Errorf("error listing tags for ACM Certificate (%s): %w", d.Id(), err) } From 7701f574aecd786db2492b30bfe86487b1441bfb Mon Sep 17 00:00:00 2001 From: rizkybiz Date: Thu, 12 May 2022 23:02:38 -0400 Subject: [PATCH 5/6] upd: added certificate and certificate_chain attribute definitions to the acm_certificate dat source docs. --- website/docs/d/acm_certificate.html.markdown | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/docs/d/acm_certificate.html.markdown b/website/docs/d/acm_certificate.html.markdown index 59e1baf994c..8980a61c8d7 100644 --- a/website/docs/d/acm_certificate.html.markdown +++ b/website/docs/d/acm_certificate.html.markdown @@ -50,4 +50,6 @@ data "aws_acm_certificate" "rsa_4096" { * `arn` - Amazon Resource Name (ARN) of the found certificate, suitable for referencing in other resources that support ACM certificates. * `id` - Amazon Resource Name (ARN) of the found certificate, suitable for referencing in other resources that support ACM certificates. * `status` - Status of the found certificate. +* `certificate` - The ACM-issued certificate. +* `certificate_chain` - Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs. * `tags` - A mapping of tags for the resource. From 3be774ca06c21fbe45ff0b338a9e04dd539c576d Mon Sep 17 00:00:00 2001 From: Angie Pinilla Date: Fri, 13 May 2022 08:44:30 -0400 Subject: [PATCH 6/6] Update CHANGELOG for #24593 --- .changelog/24593.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/24593.txt diff --git a/.changelog/24593.txt b/.changelog/24593.txt new file mode 100644 index 00000000000..2367eb44f71 --- /dev/null +++ b/.changelog/24593.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +data-source/aws_acm_certificate: Add `certificate` and `certificate_chain` attributes +``` \ No newline at end of file