Skip to content

Commit

Permalink
data-source/aws_acm_certificate: Switch to new key_types argument for…
Browse files Browse the repository at this point in the history
… algorithm handling

Reference: #8553 (comment)

Output from acceptance testing:

```
--- PASS: TestAccAWSAcmCertificateDataSource_KeyTypes (17.32s)
```
  • Loading branch information
bflad committed Jun 28, 2019
1 parent 953d242 commit c160a98
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 21 deletions.
37 changes: 23 additions & 14 deletions aws/data_source_aws_acm_certificate.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/acm"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
)

func dataSourceAwsAcmCertificate() *schema.Resource {
Expand All @@ -27,6 +28,21 @@ func dataSourceAwsAcmCertificate() *schema.Resource {
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"key_types": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validation.StringInSlice([]string{
acm.KeyAlgorithmEcPrime256v1,
acm.KeyAlgorithmEcSecp384r1,
acm.KeyAlgorithmEcSecp521r1,
acm.KeyAlgorithmRsa1024,
acm.KeyAlgorithmRsa2048,
acm.KeyAlgorithmRsa4096,
}, false),
},
},
"types": {
Type: schema.TypeList,
Optional: true,
Expand All @@ -44,21 +60,14 @@ func dataSourceAwsAcmCertificate() *schema.Resource {
func dataSourceAwsAcmCertificateRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).acmconn

// Explicitly define algorithms, by default, the API does not return all types
// More information about the values present: https://docs.aws.amazon.com/acm/latest/APIReference/API_Filters.html#ACM-Type-Filters-keyTypes
keyAlgorithms := []string{
acm.KeyAlgorithmEcPrime256v1,
acm.KeyAlgorithmEcSecp384r1,
acm.KeyAlgorithmEcSecp521r1,
acm.KeyAlgorithmRsa1024,
acm.KeyAlgorithmRsa2048,
acm.KeyAlgorithmRsa4096,
}
params := &acm.ListCertificatesInput{
Includes: &acm.Filters{
KeyTypes: aws.StringSlice(keyAlgorithms),
},
params := &acm.ListCertificatesInput{}

if v := d.Get("key_types").(*schema.Set); v.Len() > 0 {
params.Includes = &acm.Filters{
KeyTypes: expandStringSet(v),
}
}

target := d.Get("domain")
statuses, ok := d.GetOk("statuses")
if ok {
Expand Down
14 changes: 7 additions & 7 deletions aws/data_source_aws_acm_certificate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -177,17 +177,16 @@ func TestAccAWSAcmCertificateDataSource_noMatchReturnsError(t *testing.T) {
})
}

func TestAccAWSAcmCertificateDataSource_Rsa4096(t *testing.T) {
func TestAccAWSAcmCertificateDataSource_KeyTypes(t *testing.T) {
resourceName := "aws_acm_certificate.test"
dataSourceName := "data.aws_acm_certificate.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProvidersWithTLS,
CheckDestroy: testAccCheckAcmCertificateDestroy,
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProvidersWithTLS,
Steps: []resource.TestStep{
{
Config: testAccAwsAcmCertificateDataSourceConfigRsa4096(),
Config: testAccAwsAcmCertificateDataSourceConfigKeyTypes(),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttrPair(resourceName, "arn", dataSourceName, "arn"),
),
Expand Down Expand Up @@ -251,7 +250,7 @@ data "aws_acm_certificate" "test" {
`, domain, certType, mostRecent)
}

func testAccAwsAcmCertificateDataSourceConfigRsa4096() string {
func testAccAwsAcmCertificateDataSourceConfigKeyTypes() string {
return fmt.Sprintf(`
resource "tls_private_key" "test" {
algorithm = "RSA"
Expand Down Expand Up @@ -281,7 +280,8 @@ resource "aws_acm_certificate" "test" {
}
data "aws_acm_certificate" "test" {
domain = "${aws_acm_certificate.test.domain_name}"
domain = "${aws_acm_certificate.test.domain_name}"
key_types = ["RSA_4096"]
}
`)
}
9 changes: 9 additions & 0 deletions website/docs/d/acm_certificate.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -15,21 +15,30 @@ it by domain without having to hard code the ARNs as input.
## Example Usage

```hcl
# Find a certificate that is issued
data "aws_acm_certificate" "example" {
domain = "tf.example.com"
statuses = ["ISSUED"]
}
# Find a certificate issued by (not imported into) ACM
data "aws_acm_certificate" "example" {
domain = "tf.example.com"
types = ["AMAZON_ISSUED"]
most_recent = true
}
# Find a RSA 4096 bit certificate
data "aws_acm_certificate" "example" {
domain = "tf.example.com"
key_types = ["RSA_4096"]
}
```

## Argument Reference

* `domain` - (Required) The domain of the certificate to look up. If no certificate is found with this name, an error will be returned.
* `key_types` - (Optional) A list of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. Valid values are `RSA_1024`, `RSA_2048`, `RSA_4096`, `EC_prime256v1`, `EC_secp384r1`, and `EC_secp521r1`.
* `statuses` - (Optional) A list of statuses on which to filter the returned list. Valid values are `PENDING_VALIDATION`, `ISSUED`,
`INACTIVE`, `EXPIRED`, `VALIDATION_TIMED_OUT`, `REVOKED` and `FAILED`. If no value is specified, only certificates in the `ISSUED` state
are returned.
Expand Down

0 comments on commit c160a98

Please sign in to comment.