Fix update of imported ACM certificates #9685
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
added
size/M
julienduchesne
commented
Aug 8, 2019
ghost
added
size/S
…ted-certificates-update
jocgir
force-pushed
the
fix-imported-certificates-update
branch
from
f65576f
to
21dd050
Compare
added 3 commits
October 22, 2019 12:44
…o fix-imported-certificates-update
…' into fix-imported-certificates-update
ghost
added
size/M
Remove an extra empty line
…ted-certificates-update
…ted-certificates-update
…ted-certificates-update
bflad
reviewed
Jul 14, 2020
There was a problem hiding this comment.
Pulling this in as part of our 3.0.0 work, thanks @julienduchesne 🚀 Please note that the major version will not include the DiffSuppressFunc (and some logic to not call the API on hash removal only updates) to encourage updating the state immediately. 👍
Output from acceptance testing (failure related to other upcoming 3.0.0 work):
--- FAIL: TestAccAWSAcmCertificate_san_multiple (23.72s)
--- PASS: TestAccAWSAcmCertificate_disableCTLogging (14.97s)
--- PASS: TestAccAWSAcmCertificate_dnsValidation (16.95s)
--- PASS: TestAccAWSAcmCertificate_emailValidation (18.91s)
--- PASS: TestAccAWSAcmCertificate_imported_DomainName (28.06s)
--- PASS: TestAccAWSAcmCertificate_imported_IpAddress (11.75s)
--- PASS: TestAccAWSAcmCertificate_privateCert (20.73s)
--- PASS: TestAccAWSAcmCertificate_root (14.59s)
--- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (15.02s)
--- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (15.84s)
--- PASS: TestAccAWSAcmCertificate_san_single (19.04s)
--- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (19.81s)
--- PASS: TestAccAWSAcmCertificate_tags (39.78s)
--- PASS: TestAccAWSAcmCertificate_wildcard (20.89s)
--- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (19.73s)
bflad
added a commit
that referenced
this pull request
Jul 14, 2020
…cate_body, certificate_chain, and private_key arguments Reference: #9685 Reference: #13053 Reference: #13406 Output from acceptance testing (failure related to other upcoming 3.0.0 work): ``` --- FAIL: TestAccAWSAcmCertificate_san_multiple (23.72s) --- PASS: TestAccAWSAcmCertificate_disableCTLogging (14.97s) --- PASS: TestAccAWSAcmCertificate_dnsValidation (16.95s) --- PASS: TestAccAWSAcmCertificate_emailValidation (18.91s) --- PASS: TestAccAWSAcmCertificate_imported_DomainName (28.06s) --- PASS: TestAccAWSAcmCertificate_imported_IpAddress (11.75s) --- PASS: TestAccAWSAcmCertificate_privateCert (20.73s) --- PASS: TestAccAWSAcmCertificate_root (14.59s) --- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (15.02s) --- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (15.84s) --- PASS: TestAccAWSAcmCertificate_san_single (19.04s) --- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (19.81s) --- PASS: TestAccAWSAcmCertificate_tags (39.78s) --- PASS: TestAccAWSAcmCertificate_wildcard (20.89s) --- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (19.73s) ```
bflad
added a commit
that referenced
this pull request
Jul 14, 2020
|
This has been released in version 3.0.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The update for the ACM certificates did not work for imported (external) certificates. The reason for that is that only the hash of the certificates was stored in the state. The API call requires all three parts (chain, body and private key) of a certificate when updating.
Therefore, an update would only work if you changed all three parts, otherwise, it would try to send the hash instead of the actual certificate.
I tried to hack something together with
CustomizeDiffbut I couldn't manage to force Terraform to go re-read the source of the unchanged parts instead of getting them from the state when one of the three parts has changed.The way I made it work was by putting the certificate in the state
Output from acceptance testing: