Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resource/aws_acm_certificate: Correctly handle SAN entries that match domain_name #20073

Merged
merged 20 commits into from
Apr 22, 2022
Merged

resource/aws_acm_certificate: Correctly handle SAN entries that match domain_name #20073

merged 20 commits into from
Apr 22, 2022

Conversation

mattburgess
Copy link
Collaborator

@mattburgess mattburgess commented Jul 5, 2021
edited by ewbankkit
Loading

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

AWS automatically adds a SAN entry that matches the domain_name value. This entry
was being deleted in order to avoid spurious diffs where user's config didn't include
the domain_name value in subject_alternative_names.

This change reverses the logic so as to better reflect the actual state of a certificate
in ACM; all SANs are now tracked in Terraform state, including the default SAN that AWS
adds. If a user hasn't specified the domain_name entry in subject_alternative_names
we add it for them to avoid spurious diffs.

Closes #19790.
Closes #9338.

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccAWSAcmCertificate'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAcmCertificate -timeout 180m
=== RUN   TestAccAWSAcmCertificateDataSource_noMatchReturnsError
=== PAUSE TestAccAWSAcmCertificateDataSource_noMatchReturnsError
=== RUN   TestAccAWSAcmCertificateDataSource_KeyTypes
=== PAUSE TestAccAWSAcmCertificateDataSource_KeyTypes
=== RUN   TestAccAWSAcmCertificate_emailValidation
=== PAUSE TestAccAWSAcmCertificate_emailValidation
=== RUN   TestAccAWSAcmCertificate_dnsValidation
=== PAUSE TestAccAWSAcmCertificate_dnsValidation
=== RUN   TestAccAWSAcmCertificate_root
=== PAUSE TestAccAWSAcmCertificate_root
=== RUN   TestAccAWSAcmCertificate_privateCert
=== PAUSE TestAccAWSAcmCertificate_privateCert
=== RUN   TestAccAWSAcmCertificate_root_TrailingPeriod
=== PAUSE TestAccAWSAcmCertificate_root_TrailingPeriod
=== RUN   TestAccAWSAcmCertificate_rootAndWildcardSan
=== PAUSE TestAccAWSAcmCertificate_rootAndWildcardSan
=== RUN   TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString
=== PAUSE TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString
=== RUN   TestAccAWSAcmCertificate_san_single
=== PAUSE TestAccAWSAcmCertificate_san_single
=== RUN   TestAccAWSAcmCertificate_san_multiple
=== PAUSE TestAccAWSAcmCertificate_san_multiple
=== RUN   TestAccAWSAcmCertificate_san_TrailingPeriod
=== PAUSE TestAccAWSAcmCertificate_san_TrailingPeriod
=== RUN   TestAccAWSAcmCertificate_san_matches_domain
=== PAUSE TestAccAWSAcmCertificate_san_matches_domain
=== RUN   TestAccAWSAcmCertificate_wildcard
=== PAUSE TestAccAWSAcmCertificate_wildcard
=== RUN   TestAccAWSAcmCertificate_wildcardAndRootSan
=== PAUSE TestAccAWSAcmCertificate_wildcardAndRootSan
=== RUN   TestAccAWSAcmCertificate_disableCTLogging
=== PAUSE TestAccAWSAcmCertificate_disableCTLogging
=== RUN   TestAccAWSAcmCertificate_tags
=== PAUSE TestAccAWSAcmCertificate_tags
=== RUN   TestAccAWSAcmCertificate_imported_DomainName
=== PAUSE TestAccAWSAcmCertificate_imported_DomainName
=== RUN   TestAccAWSAcmCertificate_imported_IpAddress
=== PAUSE TestAccAWSAcmCertificate_imported_IpAddress
=== RUN   TestAccAWSAcmCertificate_PrivateKey_Tags
=== PAUSE TestAccAWSAcmCertificate_PrivateKey_Tags
=== RUN   TestAccAWSAcmCertificateValidation_basic
=== PAUSE TestAccAWSAcmCertificateValidation_basic
=== RUN   TestAccAWSAcmCertificateValidation_timeout
=== PAUSE TestAccAWSAcmCertificateValidation_timeout
=== RUN   TestAccAWSAcmCertificateValidation_validationRecordFqdns
=== PAUSE TestAccAWSAcmCertificateValidation_validationRecordFqdns
=== RUN   TestAccAWSAcmCertificateValidation_validationRecordFqdnsEmail
=== PAUSE TestAccAWSAcmCertificateValidation_validationRecordFqdnsEmail
=== RUN   TestAccAWSAcmCertificateValidation_validationRecordFqdnsRoot
=== PAUSE TestAccAWSAcmCertificateValidation_validationRecordFqdnsRoot
=== RUN   TestAccAWSAcmCertificateValidation_validationRecordFqdnsRootAndWildcard
=== PAUSE TestAccAWSAcmCertificateValidation_validationRecordFqdnsRootAndWildcard
=== RUN   TestAccAWSAcmCertificateValidation_validationRecordFqdnsSan
=== PAUSE TestAccAWSAcmCertificateValidation_validationRecordFqdnsSan
=== RUN   TestAccAWSAcmCertificateValidation_validationRecordFqdnsWildcard
=== PAUSE TestAccAWSAcmCertificateValidation_validationRecordFqdnsWildcard
=== RUN   TestAccAWSAcmCertificateValidation_validationRecordFqdnsWildcardAndRoot
=== PAUSE TestAccAWSAcmCertificateValidation_validationRecordFqdnsWildcardAndRoot
=== CONT  TestAccAWSAcmCertificate_wildcardAndRootSan
=== CONT  TestAccAWSAcmCertificateValidation_validationRecordFqdnsWildcardAndRoot
=== CONT  TestAccAWSAcmCertificateValidation_validationRecordFqdnsWildcard
=== CONT  TestAccAWSAcmCertificateValidation_validationRecordFqdnsSan
=== CONT  TestAccAWSAcmCertificateValidation_validationRecordFqdnsRootAndWildcard
=== CONT  TestAccAWSAcmCertificateValidation_validationRecordFqdnsRoot
=== CONT  TestAccAWSAcmCertificateValidation_validationRecordFqdnsEmail
=== CONT  TestAccAWSAcmCertificate_imported_IpAddress
=== CONT  TestAccAWSAcmCertificate_root_TrailingPeriod
=== CONT  TestAccAWSAcmCertificateValidation_basic
=== CONT  TestAccAWSAcmCertificateDataSource_KeyTypes
=== CONT  TestAccAWSAcmCertificate_imported_DomainName
=== CONT  TestAccAWSAcmCertificate_emailValidation
=== CONT  TestAccAWSAcmCertificate_tags
=== CONT  TestAccAWSAcmCertificate_PrivateKey_Tags
=== CONT  TestAccAWSAcmCertificateValidation_validationRecordFqdns
=== CONT  TestAccAWSAcmCertificateValidation_timeout
=== CONT  TestAccAWSAcmCertificate_disableCTLogging
=== CONT  TestAccAWSAcmCertificateDataSource_noMatchReturnsError
--- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (5.68s)
=== CONT  TestAccAWSAcmCertificate_wildcard
=== CONT  TestAccAWSAcmCertificate_san_matches_domain
--- PASS: TestAccAWSAcmCertificateDataSource_noMatchReturnsError (23.81s)
=== CONT  TestAccAWSAcmCertificate_san_TrailingPeriod
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdnsEmail (25.57s)
=== CONT  TestAccAWSAcmCertificate_san_multiple
--- PASS: TestAccAWSAcmCertificateValidation_timeout (28.62s)
=== CONT  TestAccAWSAcmCertificate_san_single
--- PASS: TestAccAWSAcmCertificateDataSource_KeyTypes (31.55s)
=== CONT  TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString
--- PASS: TestAccAWSAcmCertificate_imported_IpAddress (32.29s)
=== CONT  TestAccAWSAcmCertificate_rootAndWildcardSan
--- PASS: TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString (1.94s)
=== CONT  TestAccAWSAcmCertificate_root
--- PASS: TestAccAWSAcmCertificate_disableCTLogging (36.91s)
=== CONT  TestAccAWSAcmCertificate_privateCert
--- PASS: TestAccAWSAcmCertificate_emailValidation (37.05s)
=== CONT  TestAccAWSAcmCertificate_dnsValidation
--- PASS: TestAccAWSAcmCertificate_wildcard (31.57s)
--- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (39.67s)
--- PASS: TestAccAWSAcmCertificate_san_matches_domain (32.78s)
--- PASS: TestAccAWSAcmCertificate_PrivateKey_Tags (48.60s)
--- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (27.79s)
--- PASS: TestAccAWSAcmCertificate_san_multiple (26.77s)
--- PASS: TestAccAWSAcmCertificate_san_single (25.88s)
--- PASS: TestAccAWSAcmCertificate_root (25.04s)
--- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (26.17s)
--- PASS: TestAccAWSAcmCertificate_dnsValidation (22.75s)
--- PASS: TestAccAWSAcmCertificate_privateCert (24.19s)
--- PASS: TestAccAWSAcmCertificate_imported_DomainName (64.36s)
--- PASS: TestAccAWSAcmCertificate_tags (71.86s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdns (122.27s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdnsSan (122.63s)
--- PASS: TestAccAWSAcmCertificateValidation_basic (124.80s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdnsRoot (351.82s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdnsRootAndWildcard (352.29s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdnsWildcardAndRoot (352.99s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdnsWildcard (393.83s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. size/M Managed by automation to categorize the size of a PR. service/acm Issues and PRs that pertain to the acm service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Jul 5, 2021
@breathingdust breathingdust added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Aug 31, 2021
@zhelding
Copy link
Contributor

Pull request #21306 has significantly refactored the AWS Provider codebase. As a result, most PRs opened prior to the refactor now have merge conflicts that must be resolved before proceeding.

Specifically, PR #21306 relocated the code for all AWS resources and data sources from a single aws directory to a large number of separate directories in internal/service, each corresponding to a particular AWS service. This separation of code has also allowed for us to simplify the names of underlying functions -- while still avoiding namespace collisions.

We recognize that many pull requests have been open for some time without yet being addressed by our maintainers. Therefore, we want to make it clear that resolving these conflicts in no way affects the prioritization of a particular pull request. Once a pull request has been prioritized for review, the necessary changes will be made by a maintainer -- either directly or in collaboration with the pull request author.

For a more complete description of this refactor, including examples of how old filepaths and function names correspond to their new counterparts: please refer to issue #20000.

For a quick guide on how to amend your pull request to resolve the merge conflicts resulting from this refactor and bring it in line with our new code patterns: please refer to our Service Package Refactor Pull Request Guide.

@mattburgess mattburgess force-pushed the fix-acm-sans branch 2 times, most recently from 9257fa3 to 17f0695 Compare October 26, 2021 20:50
@mattburgess @ewbankkit
resource/aws_acm_certificate: Correctly handle SAN entries that match…
bb8bea6 
… domain_name

AWS automatically adds a SAN entry that matches the `domain_name` value. This entry
was being deleted in order to avoid spurious diffs where user's config didn't include
the `domain_name` value in `subject_alternative_names`.

This change reverses the logic so as to better reflect the actual state of a certificate
in ACM; all SANs are now tracked in Terraform state, including the default SAN that AWS
adds. If a user hasn't specified the `domain_name` entry in `subject_alternative_names`
we add it for them to avoid spurious diffs.
@ewbankkit ewbankkit changed the title resource/aws_acm_certificate: Correctly handle SAN entries that match… resource/aws_acm_certificate: Correctly handle SAN entries that match domain_name Apr 20, 2022
ewbankkit added 14 commits April 20, 2022 11:43
@ewbankkit
r/aws_acm_certificate: Alphabetize attributes.
4e3118c
@ewbankkit
r/aws_acm_certificate: Use '_Values' function (hashicorp#14601).
4a4958c
@ewbankkit
Add CHANGELOG entry.
628e362
@ewbankkit
r/aws_acm_certificate: Tidy up 'TestAccACMCertificate_San_matches_dom…
ee15907 
…ain'.

Acceptance test output:

% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_San_matches_domain PKG=acm ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 2 -run='TestAccACMCertificate_San_matches_domain'  -timeout 180m
=== RUN   TestAccACMCertificate_San_matches_domain
=== PAUSE TestAccACMCertificate_San_matches_domain
=== CONT  TestAccACMCertificate_San_matches_domain
--- PASS: TestAccACMCertificate_San_matches_domain (31.30s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	36.890s
@ewbankkit
r/aws_acm_certificate: Tidy up 'TestAccACMCertificate_PrivateKey_tags'.
7b4c8fd 
Acceptance test output:

% make testacc TESTS=TestAccACMCertificate_PrivateKey_tags PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_PrivateKey_tags'  -timeout 180m
=== RUN   TestAccACMCertificate_PrivateKey_tags
=== PAUSE TestAccACMCertificate_PrivateKey_tags
=== CONT  TestAccACMCertificate_PrivateKey_tags
--- PASS: TestAccACMCertificate_PrivateKey_tags (49.51s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	53.487s
@ewbankkit
r/aws_acm_certificate: Add and use 'testAccCheckAcmCertificateExists'.
8475003
@ewbankkit
r/aws_acm_certificate: Tidy up resource Delete.
668f8a9
@ewbankkit
r/aws_acm_certificate: Start to tidy up resource Create.
75b43e0
@ewbankkit
r/aws_acm_certificate: Simplify resource Create.
fb99745 
Acceptance test output:

% make testacc TESTS=TestAccACMCertificate_PrivateKey_tags PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_PrivateKey_tags'  -timeout 180m
=== RUN   TestAccACMCertificate_PrivateKey_tags
=== PAUSE TestAccACMCertificate_PrivateKey_tags
=== CONT  TestAccACMCertificate_PrivateKey_tags
--- PASS: TestAccACMCertificate_PrivateKey_tags (54.97s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	58.642s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_San_matches_domain PKG=acm ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 2 -run='TestAccACMCertificate_San_matches_domain'  -timeout 180m
=== RUN   TestAccACMCertificate_San_matches_domain
=== PAUSE TestAccACMCertificate_San_matches_domain
=== CONT  TestAccACMCertificate_San_matches_domain
--- PASS: TestAccACMCertificate_San_matches_domain (60.08s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	67.823s
@ewbankkit
r/aws_acm_certificate: Tidy up resource Read.
2fd5fc0
@ewbankkit
r/aws_acm_certificate: 'waitCertificateIssued' -> 'waitCertificateDom…
24fb9f7 
…ainValidationsAvailable'.
@ewbankkit
r/aws_acm_certificate: Rename acceptance test configurations.
14b76cd
@ewbankkit
r/aws_acm_certificate: All acceptance tests passing.
ce25692
@ewbankkit
d/aws_acm_certificate: Fix 'TestAccACMCertificateDataSource_keyTypes'.
224aa04 
Acceptance test output:

% make testacc TESTS=TestAccACMCertificateDataSource_keyTypes PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificateDataSource_keyTypes'  -timeout 180m
=== RUN   TestAccACMCertificateDataSource_keyTypes
=== PAUSE TestAccACMCertificateDataSource_keyTypes
=== CONT  TestAccACMCertificateDataSource_keyTypes
--- PASS: TestAccACMCertificateDataSource_keyTypes (18.07s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	21.792s
@github-actions github-actions bot added size/XL Managed by automation to categorize the size of a PR. and removed size/M Managed by automation to categorize the size of a PR. labels Apr 21, 2022
@ewbankkit
r/aws_acm_certificate_validation: Increase default reasource Create (…
dc21842 
…certificate issuance) timeout to 75 minutes.
@github-actions github-actions bot added the documentation Introduces or discusses updates to documentation. label Apr 21, 2022
ewbankkit
ewbankkit approved these changes Apr 21, 2022
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_emailValidation PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_emailValidation'  -timeout 180m
=== RUN   TestAccACMCertificate_emailValidation
=== PAUSE TestAccACMCertificate_emailValidation
=== CONT  TestAccACMCertificate_emailValidation
--- PASS: TestAccACMCertificate_emailValidation (27.60s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	31.510s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_dnsValidation PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_dnsValidation'  -timeout 180m
=== RUN   TestAccACMCertificate_dnsValidation
=== PAUSE TestAccACMCertificate_dnsValidation
=== CONT  TestAccACMCertificate_dnsValidation
--- PASS: TestAccACMCertificate_dnsValidation (23.43s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	27.536s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_root PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_root'  -timeout 180m
=== RUN   TestAccACMCertificate_root
=== PAUSE TestAccACMCertificate_root
=== RUN   TestAccACMCertificate_rootAndWildcardSan
=== PAUSE TestAccACMCertificate_rootAndWildcardSan
=== CONT  TestAccACMCertificate_root
=== CONT  TestAccACMCertificate_rootAndWildcardSan
--- PASS: TestAccACMCertificate_root (23.25s)
--- PASS: TestAccACMCertificate_rootAndWildcardSan (23.33s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	27.230s
% make testacc TESTS=TestAccACMCertificate_privateCert PKG=acm 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_privateCert'  -timeout 180m
=== RUN   TestAccACMCertificate_privateCert
=== PAUSE TestAccACMCertificate_privateCert
=== CONT  TestAccACMCertificate_privateCert
--- PASS: TestAccACMCertificate_privateCert (23.97s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	28.163s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_Root_trailingPeriod PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_Root_trailingPeriod'  -timeout 180m
=== RUN   TestAccACMCertificate_Root_trailingPeriod
=== PAUSE TestAccACMCertificate_Root_trailingPeriod
=== CONT  TestAccACMCertificate_Root_trailingPeriod
--- PASS: TestAccACMCertificate_Root_trailingPeriod (2.26s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	6.037s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_SubjectAlternativeNames_emptyString PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_SubjectAlternativeNames_emptyString'  -timeout 180m
=== RUN   TestAccACMCertificate_SubjectAlternativeNames_emptyString
=== PAUSE TestAccACMCertificate_SubjectAlternativeNames_emptyString
=== CONT  TestAccACMCertificate_SubjectAlternativeNames_emptyString
--- PASS: TestAccACMCertificate_SubjectAlternativeNames_emptyString (2.23s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	6.017s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_San_single PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_San_single'  -timeout 180m
=== RUN   TestAccACMCertificate_San_single
=== PAUSE TestAccACMCertificate_San_single
=== CONT  TestAccACMCertificate_San_single
--- PASS: TestAccACMCertificate_San_single (28.04s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	31.838s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_San_multiple PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_San_multiple'  -timeout 180m
=== RUN   TestAccACMCertificate_San_multiple
=== PAUSE TestAccACMCertificate_San_multiple
=== CONT  TestAccACMCertificate_San_multiple
--- PASS: TestAccACMCertificate_San_multiple (29.31s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	33.116s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_San_trailingPeriod PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_San_trailingPeriod'  -timeout 180m
=== RUN   TestAccACMCertificate_San_trailingPeriod
=== PAUSE TestAccACMCertificate_San_trailingPeriod
=== CONT  TestAccACMCertificate_San_trailingPeriod
--- PASS: TestAccACMCertificate_San_trailingPeriod (26.47s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	29.980s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_San_matches_domain PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_San_matches_domain'  -timeout 180m
=== RUN   TestAccACMCertificate_San_matches_domain
=== PAUSE TestAccACMCertificate_San_matches_domain
=== CONT  TestAccACMCertificate_San_matches_domain
--- PASS: TestAccACMCertificate_San_matches_domain (22.58s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	26.163s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_wildcard PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_wildcard'  -timeout 180m
=== RUN   TestAccACMCertificate_wildcard
=== PAUSE TestAccACMCertificate_wildcard
=== RUN   TestAccACMCertificate_wildcardAndRootSan
=== PAUSE TestAccACMCertificate_wildcardAndRootSan
=== CONT  TestAccACMCertificate_wildcard
=== CONT  TestAccACMCertificate_wildcardAndRootSan
--- PASS: TestAccACMCertificate_wildcard (22.67s)
--- PASS: TestAccACMCertificate_wildcardAndRootSan (23.36s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	26.954s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificate_disableCTLogging PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_disableCTLogging'  -timeout 180m
=== RUN   TestAccACMCertificate_disableCTLogging
=== PAUSE TestAccACMCertificate_disableCTLogging
=== CONT  TestAccACMCertificate_disableCTLogging
--- PASS: TestAccACMCertificate_disableCTLogging (22.77s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	26.379s
% make testacc TESTS=TestAccACMCertificate_Imported_ PKG=acm 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_Imported_'  -timeout 180m
=== RUN   TestAccACMCertificate_Imported_domainName
=== PAUSE TestAccACMCertificate_Imported_domainName
=== RUN   TestAccACMCertificate_Imported_ipAddress
=== PAUSE TestAccACMCertificate_Imported_ipAddress
=== CONT  TestAccACMCertificate_Imported_domainName
=== CONT  TestAccACMCertificate_Imported_ipAddress
--- PASS: TestAccACMCertificate_Imported_ipAddress (17.77s)
--- PASS: TestAccACMCertificate_Imported_domainName (41.56s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	45.295s
% make testacc TESTS=TestAccACMCertificate_PrivateKey_tags PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_PrivateKey_tags'  -timeout 180m
=== RUN   TestAccACMCertificate_PrivateKey_tags
=== PAUSE TestAccACMCertificate_PrivateKey_tags
=== CONT  TestAccACMCertificate_PrivateKey_tags
--- PASS: TestAccACMCertificate_PrivateKey_tags (51.04s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	54.563s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificateValidation_basic PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificateValidation_basic'  -timeout 180m
=== RUN   TestAccACMCertificateValidation_basic
=== PAUSE TestAccACMCertificateValidation_basic
=== CONT  TestAccACMCertificateValidation_basic
--- PASS: TestAccACMCertificateValidation_basic (79.49s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	83.020s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificateValidation_timeout PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificateValidation_timeout'  -timeout 180m
=== RUN   TestAccACMCertificateValidation_timeout
=== PAUSE TestAccACMCertificateValidation_timeout
=== CONT  TestAccACMCertificateValidation_timeout
--- PASS: TestAccACMCertificateValidation_timeout (20.03s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	23.672s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificateValidation_validationRecordFQDNS PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificateValidation_validationRecordFQDNS'  -timeout 180m
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNS
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNS
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNSEmail
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNSEmail
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNSRoot
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNSRoot
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNSRootAndWildcard
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNSRootAndWildcard
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNSSan
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNSSan
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNSWildcard
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNSWildcard
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNSWildcardAndRoot
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNSWildcardAndRoot
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNS
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNSSan
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNSRootAndWildcard
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNSRoot
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNSWildcardAndRoot
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNSEmail
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNSWildcard
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNSEmail (20.01s)
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNSSan (103.16s)
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNS (109.37s)
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNSWildcard (367.54s)
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNSRoot (367.55s)
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNSWildcardAndRoot (367.67s)
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNSRootAndWildcard (402.21s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	405.757s

@ewbankkit
Copy link
Contributor

@mattburgess Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit 9511236 into hashicorp:main Apr 22, 2022
@github-actions github-actions bot added this to the v4.12.0 milestone Apr 22, 2022
@github-actions
Copy link

This functionality has been released in v4.12.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@jufemaiz
Copy link
Contributor

jufemaiz commented Apr 29, 2022
edited
Loading

This is a major breaking change to how ACM Certificate Validations are managed in state as it breaks the use of id in v4.11.0 and prior.

#24452 (comment)

https://github.com/hashicorp/terraform-provider-aws/pull/20073/files?diff=unified&w=0#diff-da27748319004d756e8526be1691fbfad4b2e7a5c2ffccf691e6447ea945a42dR93

This now sets the id based on the ARN of the certificate, not the timestamp of the creation.

	d.SetId(aws.TimeValue(resp.Certificate.IssuedAt).String())

versus

	d.SetId(arn)

@jufemaiz jufemaiz mentioned this pull request Apr 29, 2022
Merged
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 30, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. documentation Introduces or discusses updates to documentation. service/acm Issues and PRs that pertain to the acm service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v4.12.0
5 participants
@mattburgess @zhelding @ewbankkit @jufemaiz @breathingdust