r/aws_acmpca_certificate_authority: Add key_storage_security_standard argument

[msvbhat]

Description

Adds key_storage_security_standard argument to aws_acmpca_certificate_authority resource. This allows Terraform users to create CA in regions where only non-default standard is supported.

Relations

Closes #26267

References

Until now the aws_acmpca_certificate_authority resource did not specify KeyStorageSecurityStandard (So it defaults to FIPS_140_2_LEVEL_3_OR_HIGHER). But some regions do not support this default value. So in those regions users must be able to specify a different value. This PR adds key_storage_security_standard argument which lets users to configure the value based on the region where they want to run.

https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys

Output from Acceptance Testing

$ make testacc TESTARGS='-run=TestAccACMPCACertificateAuthority_basic$$\|TestAccACMPCACertificateAuthority_keyStorageSecurityStandard$$' PKG=acmpca

==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acmpca/... -v -count 1 -parallel 20  -run=TestAccACMPCACertificateAuthority_basic$\|TestAccACMPCACertificateAuthority_keyStorageSecurityStandard$ -timeout 180m
=== RUN   TestAccACMPCACertificateAuthority_basic
=== PAUSE TestAccACMPCACertificateAuthority_basic
=== RUN   TestAccACMPCACertificateAuthority_keyStorageSecurityStandard
=== PAUSE TestAccACMPCACertificateAuthority_keyStorageSecurityStandard
=== CONT  TestAccACMPCACertificateAuthority_basic
=== CONT  TestAccACMPCACertificateAuthority_keyStorageSecurityStandard
--- PASS: TestAccACMPCACertificateAuthority_keyStorageSecurityStandard (24.05s)
--- PASS: TestAccACMPCACertificateAuthority_basic (24.38s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acmpca	27.471s

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[github-actions]

Thank you for your contribution! 🚀

Please note that the CHANGELOG.md file contents are handled by the maintainers during merge. This is to prevent pull request merge conflicts, especially for contributions which may not be merged immediately. Please see the Contributing Guide for additional pull request review items.

Remove any changes to the CHANGELOG.md file and commit them in this pull request to prevent delays with reviewing and potentially merging this pull request.

[github-actions]

Welcome @msvbhat 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTOR guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

[ewbankkit]

LGTM 🚀.

% AWS_DEFAULT_REGION=eu-central-2 make testacc TESTARGS='-run=TestAccACMPCACertificateAuthority_keyStorageSecurityStandard' PKG=acmpca ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acmpca/... -v -count 1 -parallel 2  -run=TestAccACMPCACertificateAuthority_keyStorageSecurityStandard -timeout 180m
=== RUN   TestAccACMPCACertificateAuthority_keyStorageSecurityStandard
=== PAUSE TestAccACMPCACertificateAuthority_keyStorageSecurityStandard
=== CONT  TestAccACMPCACertificateAuthority_keyStorageSecurityStandard
--- PASS: TestAccACMPCACertificateAuthority_keyStorageSecurityStandard (21.53s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acmpca	26.624s
% make testacc TESTARGS='-run=TestAccACMPCACertificateAuthority_' PKG=acmpca ACCTEST_PARALLELISM=2 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acmpca/... -v -count 1 -parallel 2  -run=TestAccACMPCACertificateAuthority_ -timeout 180m
=== RUN   TestAccACMPCACertificateAuthority_basic
=== PAUSE TestAccACMPCACertificateAuthority_basic
=== RUN   TestAccACMPCACertificateAuthority_disappears
=== PAUSE TestAccACMPCACertificateAuthority_disappears
=== RUN   TestAccACMPCACertificateAuthority_enabledDeprecated
=== PAUSE TestAccACMPCACertificateAuthority_enabledDeprecated
=== RUN   TestAccACMPCACertificateAuthority_usageMode
=== PAUSE TestAccACMPCACertificateAuthority_usageMode
=== RUN   TestAccACMPCACertificateAuthority_keyStorageSecurityStandard
=== PAUSE TestAccACMPCACertificateAuthority_keyStorageSecurityStandard
=== RUN   TestAccACMPCACertificateAuthority_deleteFromActiveState
=== PAUSE TestAccACMPCACertificateAuthority_deleteFromActiveState
=== RUN   TestAccACMPCACertificateAuthority_RevocationConfiguration_empty
=== PAUSE TestAccACMPCACertificateAuthority_RevocationConfiguration_empty
=== RUN   TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME
=== PAUSE TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME
=== RUN   TestAccACMPCACertificateAuthority_RevocationCrl_enabled
=== PAUSE TestAccACMPCACertificateAuthority_RevocationCrl_enabled
=== RUN   TestAccACMPCACertificateAuthority_RevocationCrl_expirationInDays
=== PAUSE TestAccACMPCACertificateAuthority_RevocationCrl_expirationInDays
=== RUN   TestAccACMPCACertificateAuthority_RevocationCrl_s3ObjectACL
=== PAUSE TestAccACMPCACertificateAuthority_RevocationCrl_s3ObjectACL
=== RUN   TestAccACMPCACertificateAuthority_RevocationOcsp_enabled
=== PAUSE TestAccACMPCACertificateAuthority_RevocationOcsp_enabled
=== RUN   TestAccACMPCACertificateAuthority_RevocationOcsp_customCNAME
=== PAUSE TestAccACMPCACertificateAuthority_RevocationOcsp_customCNAME
=== RUN   TestAccACMPCACertificateAuthority_tags
=== PAUSE TestAccACMPCACertificateAuthority_tags
=== CONT  TestAccACMPCACertificateAuthority_basic
=== CONT  TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME
--- PASS: TestAccACMPCACertificateAuthority_basic (19.03s)
=== CONT  TestAccACMPCACertificateAuthority_keyStorageSecurityStandard
    acctest.go:846: skipping tests; AWS_DEFAULT_REGION (us-west-2) not supported. Supported: [ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-2, me-central-1]
--- SKIP: TestAccACMPCACertificateAuthority_keyStorageSecurityStandard (0.00s)
=== CONT  TestAccACMPCACertificateAuthority_RevocationConfiguration_empty
--- PASS: TestAccACMPCACertificateAuthority_RevocationConfiguration_empty (19.35s)
=== CONT  TestAccACMPCACertificateAuthority_deleteFromActiveState
--- PASS: TestAccACMPCACertificateAuthority_deleteFromActiveState (20.39s)
=== CONT  TestAccACMPCACertificateAuthority_RevocationOcsp_enabled
--- PASS: TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME (89.89s)
=== CONT  TestAccACMPCACertificateAuthority_enabledDeprecated
--- PASS: TestAccACMPCACertificateAuthority_RevocationOcsp_enabled (54.83s)
=== CONT  TestAccACMPCACertificateAuthority_tags
--- PASS: TestAccACMPCACertificateAuthority_enabledDeprecated (45.13s)
=== CONT  TestAccACMPCACertificateAuthority_usageMode
--- PASS: TestAccACMPCACertificateAuthority_usageMode (17.89s)
=== CONT  TestAccACMPCACertificateAuthority_disappears
--- PASS: TestAccACMPCACertificateAuthority_tags (41.63s)
=== CONT  TestAccACMPCACertificateAuthority_RevocationCrl_expirationInDays
--- PASS: TestAccACMPCACertificateAuthority_disappears (13.19s)
=== CONT  TestAccACMPCACertificateAuthority_RevocationOcsp_customCNAME
--- PASS: TestAccACMPCACertificateAuthority_RevocationCrl_expirationInDays (59.16s)
=== CONT  TestAccACMPCACertificateAuthority_RevocationCrl_enabled
--- PASS: TestAccACMPCACertificateAuthority_RevocationOcsp_customCNAME (68.47s)
=== CONT  TestAccACMPCACertificateAuthority_RevocationCrl_s3ObjectACL
--- PASS: TestAccACMPCACertificateAuthority_RevocationCrl_s3ObjectACL (44.05s)
--- PASS: TestAccACMPCACertificateAuthority_RevocationCrl_enabled (72.53s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acmpca	292.091s
% make testacc TESTARGS='-run=TestAccACMPCACertificateAuthorityDataSource_' PKG=acmpca ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acmpca/... -v -count 1 -parallel 2  -run=TestAccACMPCACertificateAuthorityDataSource_ -timeout 180m
=== RUN   TestAccACMPCACertificateAuthorityDataSource_basic
=== PAUSE TestAccACMPCACertificateAuthorityDataSource_basic
=== RUN   TestAccACMPCACertificateAuthorityDataSource_s3ObjectACL
=== PAUSE TestAccACMPCACertificateAuthorityDataSource_s3ObjectACL
=== CONT  TestAccACMPCACertificateAuthorityDataSource_basic
=== CONT  TestAccACMPCACertificateAuthorityDataSource_s3ObjectACL
--- PASS: TestAccACMPCACertificateAuthorityDataSource_basic (20.43s)
--- PASS: TestAccACMPCACertificateAuthorityDataSource_s3ObjectACL (20.44s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acmpca	25.895s

[ewbankkit]

@msvbhat Thanks for the contribution 🎉 👏.

[github-actions]

This functionality has been released in v4.67.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.