Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ACM PCA: add resource to issue certificates from private CA and import CA certificates #17850

Merged
merged 44 commits into from
Mar 11, 2021

Conversation

gdavison
Copy link
Contributor

This PR extends the contribution by @dvdliao in #10213.

In addition to issuing certificates using aws_acmpca_certificate, it also allows importing a certificate into a private CA using aws_acmpca_certificate_authority_certificate. This is required to enable a CA to issue certificates.

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #10183
Closes #5552

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAcc.*AwsAcmpca'

--- PASS: TestAccAwsAcmpcaCertificateAuthority_disappears (188.72s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_DeleteFromActiveState (212.85s)
--- PASS: TestAccDataSourceAwsAcmpcaCertificate_Basic (229.87s)
--- PASS: TestAccDataSourceAwsAcmpcaCertificateAuthority_basic (230.76s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_basic (244.67s)
--- PASS: TestAccAwsAcmpcaCertificate_RootCertificate (251.85s)
--- PASS: TestAccAwsAcmpcaCertificateAuthorityCertificate_RootCA (258.49s)
--- PASS: TestAccAwsAcmpcaCertificate_SubordinateCertificate (261.86s)
--- PASS: TestAccAwsAcmpcaCertificateAuthorityCertificate_SubordinateCA (264.34s)
--- PASS: TestAccAwsAcmpcaCertificate_Validity_Absolute (266.55s)
--- PASS: TestAccAwsAcmpcaCertificate_Validity_EndDate (271.35s)
--- PASS: TestAccAwsAcmpcaCertificate_EndEntityCertificate (268.24s)
--- PASS: TestAccAwsAcmpcaCertificateAuthorityCertificate_UpdateRootCA (85.20s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_Enabled (353.68s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_ExpirationInDays (368.14s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_Tags (385.77s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_Enabled (430.11s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_CustomCname (474.40s)

@ghost ghost added provider Pertains to the provider itself, rather than any interaction with AWS. service/acm Issues and PRs that pertain to the acm service. service/acmpca Issues and PRs that pertain to the acmpca service. service/guardduty Issues and PRs that pertain to the guardduty service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Feb 27, 2021
@gdavison gdavison added new-data-source Introduces a new data source. new-resource Introduces a new resource. and removed service/acm Issues and PRs that pertain to the acm service. service/guardduty Issues and PRs that pertain to the guardduty service. labels Feb 27, 2021
@ghost ghost added service/acm Issues and PRs that pertain to the acm service. service/guardduty Issues and PRs that pertain to the guardduty service. labels Feb 27, 2021
@gdavison gdavison removed service/acm Issues and PRs that pertain to the acm service. service/guardduty Issues and PRs that pertain to the guardduty service. labels Feb 27, 2021
@dvdliao
Copy link
Contributor

dvdliao commented Feb 27, 2021

thank you!

@breathingdust breathingdust changed the title AMC PCA: add resource to issue certificates from private CA and import CA certificates ACM PCA: add resource to issue certificates from private CA and import CA certificates Mar 1, 2021
Copy link
Contributor

@bill-rich bill-rich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Just a couple of questions and comments.

@ghost ghost added service/acm Issues and PRs that pertain to the acm service. service/guardduty Issues and PRs that pertain to the guardduty service. labels Mar 10, 2021
Copy link
Contributor

@bill-rich bill-rich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsAcmpca -timeout 120m
=== RUN   TestAccAwsAcmpcaCertificateAuthorityCertificate_RootCA
=== PAUSE TestAccAwsAcmpcaCertificateAuthorityCertificate_RootCA
=== RUN   TestAccAwsAcmpcaCertificateAuthorityCertificate_UpdateRootCA
=== PAUSE TestAccAwsAcmpcaCertificateAuthorityCertificate_UpdateRootCA
=== RUN   TestAccAwsAcmpcaCertificateAuthorityCertificate_SubordinateCA
=== PAUSE TestAccAwsAcmpcaCertificateAuthorityCertificate_SubordinateCA
=== RUN   TestAccAwsAcmpcaCertificateAuthority_basic
=== PAUSE TestAccAwsAcmpcaCertificateAuthority_basic
=== RUN   TestAccAwsAcmpcaCertificateAuthority_disappears
=== PAUSE TestAccAwsAcmpcaCertificateAuthority_disappears
=== RUN   TestAccAwsAcmpcaCertificateAuthority_Enabled
=== PAUSE TestAccAwsAcmpcaCertificateAuthority_Enabled
=== RUN   TestAccAwsAcmpcaCertificateAuthority_DeleteFromActiveState
=== PAUSE TestAccAwsAcmpcaCertificateAuthority_DeleteFromActiveState
=== RUN   TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_CustomCname
=== PAUSE TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_CustomCname
=== RUN   TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_Enabled
=== PAUSE TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_Enabled
=== RUN   TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_ExpirationInDays
=== PAUSE TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_ExpirationInDays
=== RUN   TestAccAwsAcmpcaCertificateAuthority_Tags
=== PAUSE TestAccAwsAcmpcaCertificateAuthority_Tags
=== RUN   TestAccAwsAcmpcaCertificate_RootCertificate
=== PAUSE TestAccAwsAcmpcaCertificate_RootCertificate
=== RUN   TestAccAwsAcmpcaCertificate_SubordinateCertificate
=== PAUSE TestAccAwsAcmpcaCertificate_SubordinateCertificate
=== RUN   TestAccAwsAcmpcaCertificate_EndEntityCertificate
=== PAUSE TestAccAwsAcmpcaCertificate_EndEntityCertificate
=== RUN   TestAccAwsAcmpcaCertificate_Validity_EndDate
=== PAUSE TestAccAwsAcmpcaCertificate_Validity_EndDate
=== RUN   TestAccAwsAcmpcaCertificate_Validity_Absolute
=== PAUSE TestAccAwsAcmpcaCertificate_Validity_Absolute
=== CONT  TestAccAwsAcmpcaCertificateAuthorityCertificate_RootCA
=== CONT  TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_ExpirationInDays
=== CONT  TestAccAwsAcmpcaCertificate_Validity_Absolute
=== CONT  TestAccAwsAcmpcaCertificate_Validity_EndDate
=== CONT  TestAccAwsAcmpcaCertificate_EndEntityCertificate
=== CONT  TestAccAwsAcmpcaCertificate_SubordinateCertificate
=== CONT  TestAccAwsAcmpcaCertificate_RootCertificate
=== CONT  TestAccAwsAcmpcaCertificateAuthority_Tags
=== CONT  TestAccAwsAcmpcaCertificateAuthority_Enabled
=== CONT  TestAccAwsAcmpcaCertificateAuthorityCertificate_UpdateRootCA
=== CONT  TestAccAwsAcmpcaCertificateAuthority_DeleteFromActiveState
=== CONT  TestAccAwsAcmpcaCertificateAuthorityCertificate_SubordinateCA
=== CONT  TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_CustomCname
=== CONT  TestAccAwsAcmpcaCertificateAuthority_disappears
=== CONT  TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_Enabled
=== CONT  TestAccAwsAcmpcaCertificateAuthority_basic
--- PASS: TestAccAwsAcmpcaCertificateAuthority_disappears (15.31s)
--- PASS: TestAccAwsAcmpcaCertificate_RootCertificate (22.02s)
--- PASS: TestAccAwsAcmpcaCertificate_Validity_Absolute (25.52s)
--- PASS: TestAccAwsAcmpcaCertificate_SubordinateCertificate (26.06s)
--- PASS: TestAccAwsAcmpcaCertificate_Validity_EndDate (27.92s)
--- PASS: TestAccAwsAcmpcaCertificateAuthorityCertificate_SubordinateCA (29.04s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_DeleteFromActiveState (30.66s)
--- PASS: TestAccAwsAcmpcaCertificateAuthorityCertificate_RootCA (34.78s)
--- PASS: TestAccAwsAcmpcaCertificateAuthorityCertificate_UpdateRootCA (35.05s)
--- PASS: TestAccAwsAcmpcaCertificate_EndEntityCertificate (39.07s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_basic (39.72s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_Enabled (42.82s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_Tags (49.94s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_ExpirationInDays (52.08s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_Enabled (64.80s)
--- PASS: TestAccAwsAcmpcaCertificateAuthority_RevocationConfiguration_CrlConfiguration_CustomCname (82.29s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	85.299s

@gdavison gdavison merged commit a374549 into main Mar 11, 2021
@gdavison gdavison deleted the acmpca-private-cert branch March 11, 2021 17:52
@github-actions github-actions bot added this to the v3.32.0 milestone Mar 11, 2021
github-actions bot pushed a commit that referenced this pull request Mar 11, 2021
@ghost
Copy link

ghost commented Mar 12, 2021

This has been released in version 3.32.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Apr 11, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Apr 11, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Introduces or discusses updates to documentation. new-data-source Introduces a new data source. new-resource Introduces a new resource. provider Pertains to the provider itself, rather than any interaction with AWS. service/acm Issues and PRs that pertain to the acm service. service/acmpca Issues and PRs that pertain to the acmpca service. service/guardduty Issues and PRs that pertain to the guardduty service. size/XXL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
3 participants