provider/aws: Support Import of iam_server_certificate (#13065)

* Adding import to resource_aws_iam_server_certificate. * provider/aws: Update tests for import of aws_iam_server_certificate Builds upon the work of @mrcopper in #12940 Resource: ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMServerCertificate_' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/03/25 00:08:48 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMServerCertificate_ -timeout 120m === RUN TestAccAWSIAMServerCertificate_importBasic --- PASS: TestAccAWSIAMServerCertificate_importBasic (22.81s) === RUN TestAccAWSIAMServerCertificate_basic --- PASS: TestAccAWSIAMServerCertificate_basic (19.68s) === RUN TestAccAWSIAMServerCertificate_name_prefix --- PASS: TestAccAWSIAMServerCertificate_name_prefix (19.88s) === RUN TestAccAWSIAMServerCertificate_disappears --- PASS: TestAccAWSIAMServerCertificate_disappears (13.94s) === RUN TestAccAWSIAMServerCertificate_file --- PASS: TestAccAWSIAMServerCertificate_file (32.67s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 109.062s ``` Data Source: ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDataSourceIAMServerCertificate_' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/03/25 13:07:10 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDataSourceIAMServerCertificate_ -timeout 120m === RUN TestAccAWSDataSourceIAMServerCertificate_basic --- PASS: TestAccAWSDataSourceIAMServerCertificate_basic (43.86s) === RUN TestAccAWSDataSourceIAMServerCertificate_matchNamePrefix --- PASS: TestAccAWSDataSourceIAMServerCertificate_matchNamePrefix (2.68s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 46.569s ```
2017-03-27 18:49:11 +03:00 · 2017-03-27 18:49:11 +03:00 · 43b74cfe79
parent d7243112be
commit 43b74cfe79
6 changed files with 89 additions and 23 deletions
--- a/builtin/providers/aws/data_source_aws_iam_server_certificate_test.go
+++ b/builtin/providers/aws/data_source_aws_iam_server_certificate_test.go
@ -9,6 +9,7 @@ import (

 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/iam"
+	"github.com/hashicorp/terraform/helper/acctest"
 	"github.com/hashicorp/terraform/helper/resource"
 )

@ -18,15 +19,15 @@ func timePtr(t time.Time) *time.Time {

 func TestResourceSortByExpirationDate(t *testing.T) {
 	certs := []*iam.ServerCertificateMetadata{
-		&iam.ServerCertificateMetadata{
+		{
 			ServerCertificateName: aws.String("oldest"),
 			Expiration:            timePtr(time.Now()),
 		},
-		&iam.ServerCertificateMetadata{
+		{
 			ServerCertificateName: aws.String("latest"),
 			Expiration:            timePtr(time.Now().Add(3 * time.Hour)),
 		},
-		&iam.ServerCertificateMetadata{
+		{
 			ServerCertificateName: aws.String("in between"),
 			Expiration:            timePtr(time.Now().Add(2 * time.Hour)),
 		},
@ -38,13 +39,18 @@ func TestResourceSortByExpirationDate(t *testing.T) {
 }

 func TestAccAWSDataSourceIAMServerCertificate_basic(t *testing.T) {
+	rInt := acctest.RandInt()
+
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAwsDataIAMServerCertConfig,
+				Config: testAccIAMServerCertConfig(rInt),
+			},
+			{
+				Config: testAccAwsDataIAMServerCertConfig(rInt),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet("aws_iam_server_certificate.test_cert", "arn"),
 					resource.TestCheckResourceAttrSet("data.aws_iam_server_certificate.test", "arn"),
@ -71,12 +77,16 @@ func TestAccAWSDataSourceIAMServerCertificate_matchNamePrefix(t *testing.T) {
 	})
 }

-var testAccAwsDataIAMServerCertConfig = fmt.Sprintf(`%s
+func testAccAwsDataIAMServerCertConfig(rInt int) string {
+	return fmt.Sprintf(`
+%s
+
 data "aws_iam_server_certificate" "test" {
  name = "${aws_iam_server_certificate.test_cert.name}"
  latest = true
 }
-`, testAccIAMServerCertConfig)
+`, testAccIAMServerCertConfig(rInt))
+}

 var testAccAwsDataIAMServerCertConfigMatchNamePrefix = `
 data "aws_iam_server_certificate" "test" {
--- a/builtin/providers/aws/import_aws_iam_server_certificate_test.go
+++ b/builtin/providers/aws/import_aws_iam_server_certificate_test.go
@ -0,0 +1,34 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccAWSIAMServerCertificate_importBasic(t *testing.T) {
+	resourceName := "aws_iam_server_certificate.test_cert"
+	rInt := acctest.RandInt()
+	resourceId := fmt.Sprintf("terraform-test-cert-%d", rInt)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccIAMServerCertConfig(rInt),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateId:     resourceId,
+				ImportStateVerifyIgnore: []string{
+					"private_key"},
+			},
+		},
+	})
+}
--- a/builtin/providers/aws/resource_aws_iam_server_certificate.go
+++ b/builtin/providers/aws/resource_aws_iam_server_certificate.go
@ -20,37 +20,41 @@ func resourceAwsIAMServerCertificate() *schema.Resource {
 		Create: resourceAwsIAMServerCertificateCreate,
 		Read:   resourceAwsIAMServerCertificateRead,
 		Delete: resourceAwsIAMServerCertificateDelete,
+		Importer: &schema.ResourceImporter{
+			State: resourceAwsIAMServerCertificateImport,
+		},

 		Schema: map[string]*schema.Schema{
-			"certificate_body": &schema.Schema{
+			"certificate_body": {
 				Type:      schema.TypeString,
 				Required:  true,
 				ForceNew:  true,
 				StateFunc: normalizeCert,
 			},

-			"certificate_chain": &schema.Schema{
+			"certificate_chain": {
 				Type:      schema.TypeString,
 				Optional:  true,
 				ForceNew:  true,
 				StateFunc: normalizeCert,
 			},

-			"path": &schema.Schema{
+			"path": {
 				Type:     schema.TypeString,
 				Optional: true,
 				Default:  "/",
 				ForceNew: true,
 			},

-			"private_key": &schema.Schema{
+			"private_key": {
 				Type:      schema.TypeString,
 				Required:  true,
 				ForceNew:  true,
 				StateFunc: normalizeCert,
+				Sensitive: true,
 			},

-			"name": &schema.Schema{
+			"name": {
 				Type:          schema.TypeString,
 				Optional:      true,
 				Computed:      true,
@ -66,7 +70,7 @@ func resourceAwsIAMServerCertificate() *schema.Resource {
 				},
 			},

-			"name_prefix": &schema.Schema{
+			"name_prefix": {
 				Type:     schema.TypeString,
 				Optional: true,
 				ForceNew: true,
@ -80,7 +84,7 @@ func resourceAwsIAMServerCertificate() *schema.Resource {
 				},
 			},

-			"arn": &schema.Schema{
+			"arn": {
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
@ -148,6 +152,8 @@ func resourceAwsIAMServerCertificateRead(d *schema.ResourceData, meta interface{
 		return fmt.Errorf("[WARN] Error reading IAM Server Certificate: %s", err)
 	}

+	d.SetId(*resp.ServerCertificate.ServerCertificateMetadata.ServerCertificateId)
+
 	// these values should always be present, and have a default if not set in
 	// configuration, and so safe to reference with nil checks
 	d.Set("certificate_body", normalizeCert(resp.ServerCertificate.CertificateBody))
@ -196,6 +202,13 @@ func resourceAwsIAMServerCertificateDelete(d *schema.ResourceData, meta interfac
 	return nil
 }

+func resourceAwsIAMServerCertificateImport(
+	d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	d.Set("name", d.Id())
+	// private_key can't be fetched from any API call
+	return []*schema.ResourceData{d}, nil
+}
+
 func normalizeCert(cert interface{}) string {
 	if cert == nil || cert == (*string)(nil) {
 		return ""
--- a/builtin/providers/aws/resource_aws_iam_server_certificate_test.go
+++ b/builtin/providers/aws/resource_aws_iam_server_certificate_test.go
@ -2,10 +2,8 @@ package aws

 import (
 	"fmt"
-	"math/rand"
 	"strings"
 	"testing"
-	"time"

 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/iam"
@ -16,14 +14,15 @@ import (

 func TestAccAWSIAMServerCertificate_basic(t *testing.T) {
 	var cert iam.ServerCertificate
+	rInt := acctest.RandInt()

 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
-				Config: testAccIAMServerCertConfig,
+			{
+				Config: testAccIAMServerCertConfig(rInt),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCertExists("aws_iam_server_certificate.test_cert", &cert),
 					testAccCheckAWSServerCertAttributes(&cert),
@ -41,7 +40,7 @@ func TestAccAWSIAMServerCertificate_name_prefix(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccIAMServerCertConfig_random,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCertExists("aws_iam_server_certificate.test_cert", &cert),
@ -74,7 +73,7 @@ func TestAccAWSIAMServerCertificate_disappears(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccIAMServerCertConfig_random,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCertExists("aws_iam_server_certificate.test_cert", &cert),
@ -97,7 +96,7 @@ func TestAccAWSIAMServerCertificate_file(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccIAMServerCertConfig_file(rInt, "iam-ssl-unix-line-endings"),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCertExists("aws_iam_server_certificate.test_cert", &cert),
@ -105,7 +104,7 @@ func TestAccAWSIAMServerCertificate_file(t *testing.T) {
 				),
 			},

-			resource.TestStep{
+			{
 				Config: testAccIAMServerCertConfig_file(rInt, "iam-ssl-windows-line-endings"),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCertExists("aws_iam_server_certificate.test_cert", &cert),
@ -202,7 +201,8 @@ CqDUFjhydXxYRsxXBBrEiLOE5BdtJR1sH/QHxIJe23C9iHI2nS1NbLziNEApLwC4
 GnSud83VUo9G9w==
 -----END CERTIFICATE-----`)

-var testAccIAMServerCertConfig = fmt.Sprintf(`
+func testAccIAMServerCertConfig(rInt int) string {
+	return fmt.Sprintf(`
 resource "aws_iam_server_certificate" "test_cert" {
  name = "terraform-test-cert-%d"
  certificate_body = <<EOF
@ -257,7 +257,8 @@ dg+Sd4Wjm89UQoUUoiIcstY7FPbqfBtYKfh4RYHAHV2BwDFqzZCM
 -----END RSA PRIVATE KEY-----
 EOF
 }
-`, rand.New(rand.NewSource(time.Now().UnixNano())).Int())
+`, rInt)
+}

 var testAccIAMServerCertConfig_random = `
 resource "aws_iam_server_certificate" "test_cert" {
--- a/website/source/docs/import/importability.html.md
+++ b/website/source/docs/import/importability.html.md
@ -65,6 +65,7 @@ To make a resource importable, please see the
 * aws_iam_instance_profile
 * aws_iam_role
 * aws_iam_saml_provider
+* aws_iam_server_certificate
 * aws_iam_user
 * aws_instance
 * aws_internet_gateway
--- a/website/source/docs/providers/aws/d/iam_server_certificate.html.markdown
+++ b/website/source/docs/providers/aws/d/iam_server_certificate.html.markdown
@ -42,3 +42,10 @@ resource "aws_elb" "elb" {
 `arn` is set to the ARN of the IAM Server Certificate
 `path` is set to the path of the IAM Server Certificate
 `expiration_date` is set to the expiration date of the IAM Server Certificate
+
+## Import 
+
+The terraform import function will read in certificate body, certificate chain (if it exists), id, name, path, and arn. 
+It will not retrieve the private key which is not available through the AWS API.   
+
+