change the interface of aws_acm_certificate to make more sense

scottwinkler · Mar 22, 2018 · 30bdfdb · 30bdfdb
1 parent c291b48
commit 30bdfdb
Showing 1 changed file with 73 additions and 55 deletions.
diff --git a/aws/resource_aws_acm_certificate.go b/aws/resource_aws_acm_certificate.go
@@ -38,16 +38,30 @@ func resourceAwsAcmCertificate() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
-			"validation_domain": {
-				Type:     schema.TypeString,
+			"domain_validation_options": {
+				Type:     schema.TypeList,
 				Optional: true,
 				ForceNew: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"domain_name": {
+							Type:     schema.TypeString,
+							Required: true,
+							ForceNew: true,
+						},
+						"validation_domain": {
+							Type:     schema.TypeString,
+							Required: true,
+							ForceNew: true,
+						},
+					},
+				},
 			},
 			"arn": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-			"domain_validation_options": {
+			"certificate_details": {
 				Type:     schema.TypeList,
 				Computed: true,
 				Elem: &schema.Resource{
@@ -72,14 +86,18 @@ func resourceAwsAcmCertificate() *schema.Resource {
 							Type:     schema.TypeString,
 							Computed: true,
 						},
+						"validation_method": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"validation_emails": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
 					},
 				},
 			},
-			"validation_emails": {
-				Type:     schema.TypeList,
-				Computed: true,
-				Elem:     &schema.Schema{Type: schema.TypeString},
-			},
 			"tags": tagsSchema(),
 		},
 	}
@@ -99,13 +117,20 @@ func resourceAwsAcmCertificateCreate(d *schema.ResourceData, meta interface{}) e
 		params.SubjectAlternativeNames = expandStringList(sanStrings)
 	}
 
-	validationDomain, ok := d.GetOk("validation_domain")
+	domainValidationOptionsInput, ok := d.GetOk("domain_validation_options")
+
 	if ok {
-		domainValidationOption := &acm.DomainValidationOption{
-			DomainName:       aws.String(domainName),
-			ValidationDomain: aws.String(validationDomain.(string)),
+		var domainValidationOptions []*acm.DomainValidationOption
+		for _, o := range domainValidationOptionsInput.([]interface{}) {
+			x := o.(map[string]interface{})
+			dn := x["domain_name"].(string)
+			vd := x["validation_domain"].(string)
+			domainValidationOption := &acm.DomainValidationOption{
+				DomainName:       &dn,
+				ValidationDomain: &vd,
+			}
+			domainValidationOptions = append(domainValidationOptions, domainValidationOption)
 		}
-		domainValidationOptions := []*acm.DomainValidationOption{domainValidationOption}
 		params.SetDomainValidationOptions(domainValidationOptions)
 	}
 
@@ -157,25 +182,21 @@ func resourceAwsAcmCertificateRead(d *schema.ResourceData, meta interface{}) err
 			return resource.NonRetryableError(err)
 		}
 
-		domainValidationOptions, emailValidationOptions, err := convertValidationOptions(resp.Certificate)
+		certificateDetails, err := convertCertificateDetails(resp.Certificate)
+
+		if len(certificateDetails) < 1 {
+			return resource.NonRetryableError(fmt.Errorf("Error getting certificate details"))
+		}
 
 		if err != nil {
 			return resource.RetryableError(err)
 		}
 
-		if err := d.Set("domain_validation_options", domainValidationOptions); err != nil {
-			return resource.NonRetryableError(err)
-		}
-		if err := d.Set("validation_emails", emailValidationOptions); err != nil {
+		if err := d.Set("certificate_details", certificateDetails); err != nil {
 			return resource.NonRetryableError(err)
 		}
-		if len(domainValidationOptions) > 0 {
-			d.Set("validation_domain", resp.Certificate.DomainValidationOptions[0].ValidationDomain)
-		} else {
-			d.Set("validation_domain", resp.Certificate.DomainName)
-		}
 
-		d.Set("validation_method", resourceAwsAcmCertificateGuessValidationMethod(domainValidationOptions, emailValidationOptions))
+		d.Set("validation_method", certificateDetails[0]["validation_method"])
 
 		params := &acm.ListTagsForCertificateInput{
 			CertificateArn: aws.String(d.Id()),
@@ -189,17 +210,6 @@ func resourceAwsAcmCertificateRead(d *schema.ResourceData, meta interface{}) err
 		return nil
 	})
 }
-func resourceAwsAcmCertificateGuessValidationMethod(domainValidationOptions []map[string]interface{}, emailValidationOptions []string) string {
-	// The DescribeCertificate Response doesn't have information on what validation method was used
-	// so we need to guess from the validation options we see...
-	if len(domainValidationOptions) > 0 {
-		return acm.ValidationMethodDns
-	} else if len(emailValidationOptions) > 0 {
-		return acm.ValidationMethodEmail
-	} else {
-		return "NONE"
-	}
-}
 
 func resourceAwsAcmCertificateUpdate(d *schema.ResourceData, meta interface{}) error {
 	if d.HasChange("tags") {
@@ -224,33 +234,41 @@ func cleanUpSubjectAlternativeNames(cert *acm.CertificateDetail) []string {
 
 }
 
-func convertValidationOptions(certificate *acm.CertificateDetail) ([]map[string]interface{}, []string, error) {
-	var domainValidationResult []map[string]interface{}
-	var emailValidationResult []string
+func convertCertificateDetails(certificate *acm.CertificateDetail) ([]map[string]interface{}, error) {
+	var certificateDetails []map[string]interface{}
 
 	if *certificate.Type == acm.CertificateTypeAmazonIssued {
 		for _, o := range certificate.DomainValidationOptions {
+			var resourceRecordName interface{}
+			var resourceRecordType interface{}
+			var resourceRecordValue interface{}
+			var validationMethod interface{}
 			if o.ResourceRecord != nil {
-				validationOption := map[string]interface{}{
-					"domain_name":           *o.DomainName,
-					"validation_domain":     *o.ValidationDomain,
-					"resource_record_name":  *o.ResourceRecord.Name,
-					"resource_record_type":  *o.ResourceRecord.Type,
-					"resource_record_value": *o.ResourceRecord.Value,
-				}
-				domainValidationResult = append(domainValidationResult, validationOption)
-			} else if o.ValidationEmails != nil && len(o.ValidationEmails) > 0 {
-				for _, validationEmail := range o.ValidationEmails {
-					emailValidationResult = append(emailValidationResult, *validationEmail)
-				}
-			} else {
-				log.Printf("[DEBUG] No validation options need to retry: %#v", o)
-				return nil, nil, fmt.Errorf("No validation options need to retry: %#v", o)
+				resourceRecordName = *o.ResourceRecord.Name
+				resourceRecordType = *o.ResourceRecord.Type
+				resourceRecordValue = *o.ResourceRecord.Value
+			}
+			if o.ValidationMethod != nil {
+				validationMethod = *o.ValidationMethod
 			}
+
+			var validationEmails []string
+			for _, email := range o.ValidationEmails {
+				validationEmails = append(validationEmails, *email)
+			}
+			validationOption := map[string]interface{}{
+				"domain_name":           *o.DomainName,
+				"validation_domain":     *o.ValidationDomain,
+				"resource_record_name":  resourceRecordName,
+				"resource_record_type":  resourceRecordType,
+				"resource_record_value": resourceRecordValue,
+				"validation_emails":     validationEmails,
+				"validation_method":     validationMethod,
+			}
+			certificateDetails = append(certificateDetails, validationOption)
 		}
 	}
-
-	return domainValidationResult, emailValidationResult, nil
+	return certificateDetails, nil
 }
 
 func resourceAwsAcmCertificateDelete(d *schema.ResourceData, meta interface{}) error {