Merge pull request #8359 from hashicorp/f-aws-acm-datasource

provider/aws: New Data Source: aws_acm_certificate
2016-11-04 07:49:58 -04:00 · 2016-11-04 07:49:58 -04:00 · c75369d65d
parent 24e5ea8952 3361047e38
commit c75369d65d
8 changed files with 1757 additions and 1 deletions
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@ -14,6 +14,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/acm"
 	"github.com/aws/aws-sdk-go/service/apigateway"
 	"github.com/aws/aws-sdk-go/service/applicationautoscaling"
 	"github.com/aws/aws-sdk-go/service/autoscaling"
@ -110,6 +111,7 @@ type AWSClient struct {
 	elbv2conn             *elbv2.ELBV2
 	emrconn               *emr.EMR
 	esconn                *elasticsearch.ElasticsearchService
+	acmconn               *acm.ACM
 	apigateway            *apigateway.APIGateway
 	appautoscalingconn    *applicationautoscaling.ApplicationAutoScaling
 	autoscalingconn       *autoscaling.AutoScaling
@ -246,6 +248,7 @@ func (c *Config) Client() (interface{}, error) {
 		return nil, authErr
 	}

+	client.acmconn = acm.New(sess)
 	client.apigateway = apigateway.New(sess)
 	client.appautoscalingconn = applicationautoscaling.New(sess)
 	client.autoscalingconn = autoscaling.New(sess)
--- a/builtin/providers/aws/data_source_aws_acm_certificate.go
+++ b/builtin/providers/aws/data_source_aws_acm_certificate.go
@ -0,0 +1,80 @@
+package aws
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/acm"
+	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func dataSourceAwsAcmCertificate() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsAcmCertificateRead,
+		Schema: map[string]*schema.Schema{
+			"domain": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"arn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"statuses": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+		},
+	}
+}
+
+func dataSourceAwsAcmCertificateRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).acmconn
+	params := &acm.ListCertificatesInput{}
+
+	target := d.Get("domain")
+
+	statuses, ok := d.GetOk("statuses")
+	if ok {
+		statusStrings := statuses.([]string)
+		statusList := make([]*string, len(statusStrings))
+		for i, status := range statusStrings {
+			statusList[i] = aws.String(strings.ToUpper(status))
+		}
+		params.CertificateStatuses = statusList
+	} else {
+		params.CertificateStatuses = []*string{aws.String("ISSUED")}
+	}
+
+	var arns []string
+	err := conn.ListCertificatesPages(params, func(page *acm.ListCertificatesOutput, lastPage bool) bool {
+		for _, cert := range page.CertificateSummaryList {
+			if *cert.DomainName == target {
+				arns = append(arns, *cert.CertificateArn)
+			}
+		}
+
+		return true
+	})
+	if err != nil {
+		return errwrap.Wrapf("Error describing certificates: {{err}}", err)
+	}
+
+	if len(arns) == 0 {
+		return fmt.Errorf("No certificate with statuses [%s] for domain %q found in this region.",
+			strings.Join(statuses.([]string), ", "), target)
+	}
+	if len(arns) > 1 {
+		return fmt.Errorf("Multiple certificates with statuses [%s] for domain %s found in this region.",
+			strings.Join(statuses.([]string), ","), target)
+	}
+
+	d.SetId(time.Now().UTC().String())
+	d.Set("arn", arns[0])
+
+	return nil
+}
--- a/builtin/providers/aws/data_source_aws_acm_certificate_test.go
+++ b/builtin/providers/aws/data_source_aws_acm_certificate_test.go
@ -0,0 +1,63 @@
+package aws
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAwsAcmCertificateDataSource_basic(t *testing.T) {
+	region := os.Getenv("AWS_ACM_TEST_REGION")
+	domain := os.Getenv("AWS_ACM_TEST_DOMAIN")
+	certArn := os.Getenv("AWS_ACM_TEST_CERT_ARN")
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			if region == "" {
+				t.Skip("AWS_ACM_TEST_REGION must be set to a region an ACM certificate pre-created for this test.")
+			}
+			if domain == "" {
+				t.Skip("AWS_ACM_TEST_DOMAIN must be set to a domain with an ACM certificate pre-created for this test.")
+			}
+			if certArn == "" {
+				t.Skip("AWS_ACM_TEST_CERT_ARN must be set to the ARN of an ACM cert pre-created for this test.")
+			}
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckAwsAcmCertificateDataSourceConfig(region, domain),
+				Check:  testAccCheckAcmArnMatches("data.aws_acm_certificate.test", certArn),
+			},
+		},
+	})
+}
+
+func testAccCheckAcmArnMatches(name, expectArn string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		ms := s.RootModule()
+		rs, ok := ms.Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %s", name)
+		}
+		gotArn := rs.Primary.Attributes["arn"]
+		if gotArn != expectArn {
+			return fmt.Errorf("Expected cert to have arn: %s, got: %s", expectArn, gotArn)
+		}
+		return nil
+	}
+}
+
+func testAccCheckAwsAcmCertificateDataSourceConfig(region, domain string) string {
+	return fmt.Sprintf(`
+provider "aws" {
+	region = "%s"
+}
+data "aws_acm_certificate" "test" {
+	domain = "%s"
+}
+	`, region, domain)
+}
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@ -143,6 +143,7 @@ func Provider() terraform.ResourceProvider {
 		},

 		DataSourcesMap: map[string]*schema.Resource{
+			"aws_acm_certificate":          dataSourceAwsAcmCertificate(),
 			"aws_ami":                      dataSourceAwsAmi(),
 			"aws_availability_zone":        dataSourceAwsAvailabilityZone(),
 			"aws_availability_zones":       dataSourceAwsAvailabilityZones(),
--- a/vendor/github.com/aws/aws-sdk-go/service/acm/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/acm/api.go
--- a/vendor/github.com/aws/aws-sdk-go/service/acm/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/acm/service.go
@ -0,0 +1,95 @@
+// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+
+package acm
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/aws/signer/v4"
+	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
+)
+
+// Welcome to the AWS Certificate Manager (ACM) Command Reference. This guide
+// provides descriptions, syntax, and usage examples for each ACM command. You
+// can use AWS Certificate Manager to request ACM Certificates for your AWS-based
+// websites and applications. For general information about using ACM and for
+// more information about using the console, see the AWS Certificate Manager
+// User Guide (http://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html).
+// For more information about using the ACM API, see the AWS Certificate Manager
+// API Reference (http://docs.aws.amazon.com/acm/latest/APIReference/Welcome.html).
+//The service client's operations are safe to be used concurrently.
+// It is not safe to mutate any of the client's properties though.
+type ACM struct {
+	*client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// A ServiceName is the name of the service the client will make API calls to.
+const ServiceName = "acm"
+
+// New creates a new instance of the ACM client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//     // Create a ACM client from just a session.
+//     svc := acm.New(mySession)
+//
+//     // Create a ACM client with additional configuration
+//     svc := acm.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *ACM {
+	c := p.ClientConfig(ServiceName, cfgs...)
+	return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion string) *ACM {
+	svc := &ACM{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName:   ServiceName,
+				SigningRegion: signingRegion,
+				Endpoint:      endpoint,
+				APIVersion:    "2015-12-08",
+				JSONVersion:   "1.1",
+				TargetPrefix:  "CertificateManager",
+			},
+			handlers,
+		),
+	}
+
+	// Handlers
+	svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+	svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler)
+	svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler)
+	svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler)
+
+	// Run custom client initialization if present
+	if initClient != nil {
+		initClient(svc.Client)
+	}
+
+	return svc
+}
+
+// newRequest creates a new request for a ACM operation and runs any
+// custom request initialization.
+func (c *ACM) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+	req := c.NewRequest(op, params, data)
+
+	// Run custom request initialization if present
+	if initRequest != nil {
+		initRequest(req)
+	}
+
+	return req
+}
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@ -545,7 +545,15 @@
 			"revisionTime": "2016-10-17T19:35:59Z"
 		},
 		{
-			"checksumSHA1": "1GRM9c7nKCaKe8Mx/tTcemGKq/4=",
+			"checksumSHA1": "3lzFHxiUPnQtRo0UIKHRymmFSvk=",
+			"path": "github.com/aws/aws-sdk-go/service/acm",
+			"revision": "35c21ff262580265c1d77095d6f712605fd0c3f4",
+			"revisionTime": "2016-08-16T21:54:33Z",
+			"version": "v1.4.2",
+			"versionExact": "v1.4.2"
+		},
+		{
+			"checksumSHA1": "DXwm+kmVCiuvvGCcUTeZD/L31Kk=",
 			"path": "github.com/aws/aws-sdk-go/service/apigateway",
 			"revision": "09f8dd1eb5e719dc370b432d3d6d8f86e5bf6dbe",
 			"revisionTime": "2016-10-17T19:35:59Z"
--- a/website/source/docs/providers/aws/d/acm_certificate.html.markdown
+++ b/website/source/docs/providers/aws/d/acm_certificate.html.markdown
@ -0,0 +1,35 @@
+---
+layout: "aws"
+page_title: "AWS: aws_acm_certificate"
+sidebar_current: "docs-aws-datasource-acm-certificate"
+description: |-
+  Get information on a Amazon Certificate Manager (ACM) Certificate
+---
+
+# aws\_acm\_certificate
+
+Use this data source to get the ARN of a certificate in AWS Certificate
+Manager (ACM). The process of requesting and verifying a certificate in ACM
+requires some manual steps, which means that Terraform cannot automate the
+creation of ACM certificates. But using this data source, you can reference
+them by domain without having to hard code the ARNs as input.
+
+## Example Usage
+
+```
+data "aws_acm_certificate" "example" {
+  domain = "tf.example.com"
+  statuses = ["ISSUED"]
+}
+```
+
+## Argument Reference
+
+ * `domain` - (Required) The domain of the certificate to look up. If no certificate is found with this name, an error will be returned.
+ * `statuses` - (Optional) A list of statuses on which to filter the returned list. Valid values are `PENDING_VALIDATION`, `ISSUED`,
+   `INACTIVE`, `EXPIRED`, `VALIDATION_TIMED_OUT`, `REVOKED` and `FAILED`. If no value is specified, only certificates in the `ISSUED` state
+   are returned.
+
+## Attributes Reference
+
+ * `arn` - Set to the ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.