Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Resource and Data Source: aws_acmpca_certificate_authority #4458

Merged
merged 2 commits into from
May 9, 2018
Merged

New Resource and Data Source: aws_acmpca_certificate_authority #4458

merged 2 commits into from
May 9, 2018

Conversation

bflad
Copy link
Contributor

@bflad bflad commented May 4, 2018

Closes #4059

make testacc TEST=./aws TESTARGS='-run=TestAccAwsAcmpcaCertificateAuthority'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAwsAcmpcaCertificateAuthority -timeout 120m
=== RUN   TestAccAwsAcmpcaCertificateAuthority_Basic
--- PASS: TestAccAwsAcmpcaCertificateAuthority_Basic (18.96s)
=== RUN   TestAccAwsAcmpcaCertificateAuthority_Enabled
--- SKIP: TestAccAwsAcmpcaCertificateAuthority_Enabled (0.00s)
	resource_aws_acmpca_certificate_authority_test.go:106: We need to fully sign the certificate authority CSR from another CA in order to test this functionality, which requires another resource
=== RUN   TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_CustomCname
--- PASS: TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_CustomCname (112.38s)
=== RUN   TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_Enabled
--- PASS: TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_Enabled (89.18s)
=== RUN   TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_ExpirationInDays
--- PASS: TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_ExpirationInDays (67.04s)
=== RUN   TestAccAwsAcmpcaCertificateAuthority_Tags
--- PASS: TestAccAwsAcmpcaCertificateAuthority_Tags (51.20s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	338.792s

make testacc TEST=./aws TESTARGS='-run=TestAccDataSourceAwsAcmpcaCertificateAuthority_Basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccDataSourceAwsAcmpcaCertificateAuthority_Basic -timeout 120m
=== RUN   TestAccDataSourceAwsAcmpcaCertificateAuthority_Basic
--- PASS: TestAccDataSourceAwsAcmpcaCertificateAuthority_Basic (19.96s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	19.997s

@bflad bflad added new-resource Introduces a new resource. new-data-source Introduces a new data source. service/acmpca Issues and PRs that pertain to the acmpca service. labels May 4, 2018
@bflad bflad added this to the v1.18.0 milestone May 4, 2018
@bflad bflad requested review from jen20 and a team May 4, 2018 21:15
@ghost ghost added the size/XXL Managed by automation to categorize the size of a PR. label May 4, 2018
@bflad bflad mentioned this pull request May 4, 2018
Closed
@bflad bflad changed the title New Resource and Data Source: aws_acmpca_certficate_authority New Resource and Data Source: aws_acmpca_certificate_authority May 4, 2018
mbfrahry
mbfrahry approved these changes May 9, 2018
View reviewed changes
Copy link
Member

@mbfrahry mbfrahry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! I'm just curious about a couple of things but you can merge it!

aws/resource_aws_acmpca_certificate_authority.go
}

d.Set("certificate", "")
d.Set("certificate_chain", "")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above

aws/resource_aws_acmpca_certificate_authority.go
}
}

d.Set("certificate", "")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't seen this before. What's the reasoning behind resetting this value?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yes! This allows folks to reference the potentially missing attribute until a certificate is imported into the certificate authority, which is a manual step for now. Mainly thinking about the case of an output for a module that is also creating the certificate authority. Without doing this, Terraform will return a attribute 'certificate' does not exist error until the CA certificate is imported, which means creating a module wouldn't necessarily be possible if I'm thinking about this correctly.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense to me!

website/docs/r/acmpca_certificate_authority.html.markdown Outdated

* `key_algorithm` - (Required) Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthorityConfiguration.html).
* `signing_algorithm` - (Required) Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthorityConfiguration.html).
* `subject` - (Required) Nested argument that contains X.500 distinguished name information
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The attributes for subject are all optional but subject itself is required. Are one of these attributes required when you create this resource?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ha yup, I missed adding that bit to the documentation. Great catch!

		* aws_acmpca_certificate_authority.test: error creating ACMPCA Certificate Authority: ValidationException: 1 validation error detected: The subject must have at least one attribute set.
			status code: 400, request id: afff1cd3-5b85-4d7e-abc3-06a14aecc2c7

@bflad
resource/aws_acmpca_certificate_authority: Set Required: true on cert…
1c68376 
…ificate_authority_configuration and subject, clarify subject requirement in documentation
@ghost ghost added the size/XXL Managed by automation to categorize the size of a PR. label May 9, 2018
@bflad
Copy link
Contributor Author

bflad commented May 9, 2018

Update passes TravisCI and acceptance testing, merging!

make testacc TEST=./aws TESTARGS='-run=TestAccAwsAcmpcaCertificateAuthority'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAwsAcmpcaCertificateAuthority -timeout 120m
=== RUN   TestAccAwsAcmpcaCertificateAuthority_Basic
--- PASS: TestAccAwsAcmpcaCertificateAuthority_Basic (19.15s)
=== RUN   TestAccAwsAcmpcaCertificateAuthority_Enabled
--- SKIP: TestAccAwsAcmpcaCertificateAuthority_Enabled (0.00s)
	resource_aws_acmpca_certificate_authority_test.go:106: We need to fully sign the certificate authority CSR from another CA in order to test this functionality, which requires another resource
=== RUN   TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_CustomCname
--- PASS: TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_CustomCname (113.12s)
=== RUN   TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_Enabled
--- PASS: TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_Enabled (88.83s)
=== RUN   TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_ExpirationInDays
--- PASS: TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_ExpirationInDays (78.24s)
=== RUN   TestAccAwsAcmpcaCertificateAuthority_Tags
--- PASS: TestAccAwsAcmpcaCertificateAuthority_Tags (53.03s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	352.410s

@bflad bflad merged commit a153dc2 into master May 9, 2018
@bflad bflad deleted the f-aws_acmpca_certificate_authority branch May 9, 2018 19:27
bflad added a commit that referenced this pull request May 9, 2018
@bflad
Update CHANGELOG for #4458
1712f92
@bflad
Copy link
Contributor Author

bflad commented May 10, 2018

This has been released in version 1.18.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@ghost
Copy link

ghost commented Apr 6, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 6, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mbfrahry mbfrahry mbfrahry approved these changes

@jen20 jen20 Awaiting requested review from jen20

Assignees
No one assigned
Labels
new-data-source Introduces a new data source. new-resource Introduces a new resource. service/acmpca Issues and PRs that pertain to the acmpca service. size/XXL Managed by automation to categorize the size of a PR.
Projects
None yet
Milestone
v1.18.0
Development

Successfully merging this pull request may close these issues.

Feature Request: Support AWS Certificate Manager Private Certificate Authorities
2 participants
@bflad @mbfrahry