diff --git a/.changelog/19681.txt b/.changelog/19681.txt new file mode 100644 index 000000000000..20b49f868039 --- /dev/null +++ b/.changelog/19681.txt @@ -0,0 +1,3 @@ +```release-note:bug +data-source/aws_acmpca_certificate_authority: Fix `error setting tags` +``` \ No newline at end of file diff --git a/aws/data_source_aws_acmpca_certificate_authority.go b/aws/data_source_aws_acmpca_certificate_authority.go index aaf324a18dc5..7caf8ca0a6e8 100644 --- a/aws/data_source_aws_acmpca_certificate_authority.go +++ b/aws/data_source_aws_acmpca_certificate_authority.go @@ -71,6 +71,10 @@ func dataSourceAwsAcmpcaCertificateAuthority() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "s3_object_acl": { + Type: schema.TypeString, + Computed: true, + }, }, }, }, diff --git a/aws/data_source_aws_acmpca_certificate_authority_test.go b/aws/data_source_aws_acmpca_certificate_authority_test.go index f57803c9c891..8cf446889fc8 100644 --- a/aws/data_source_aws_acmpca_certificate_authority_test.go +++ b/aws/data_source_aws_acmpca_certificate_authority_test.go @@ -43,6 +43,45 @@ func TestAccDataSourceAwsAcmpcaCertificateAuthority_basic(t *testing.T) { }) } +func TestAccDataSourceAwsAcmpcaCertificateAuthority_S3ObjectAcl(t *testing.T) { + resourceName := "aws_acmpca_certificate_authority.test" + datasourceName := "data.aws_acmpca_certificate_authority.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ErrorCheck: testAccErrorCheck(t, acmpca.EndpointsID), + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceAwsAcmpcaCertificateAuthorityConfig_NonExistent, + ExpectError: regexp.MustCompile(`(AccessDeniedException|ResourceNotFoundException)`), + }, + { + Config: testAccDataSourceAwsAcmpcaCertificateAuthorityConfigS3ObjectAcl_ARN, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(datasourceName, "arn", resourceName, "arn"), + resource.TestCheckResourceAttrPair(datasourceName, "certificate", resourceName, "certificate"), + resource.TestCheckResourceAttrPair(datasourceName, "certificate_chain", resourceName, "certificate_chain"), + resource.TestCheckResourceAttrPair(datasourceName, "certificate_signing_request", resourceName, "certificate_signing_request"), + resource.TestCheckResourceAttrPair(datasourceName, "not_after", resourceName, "not_after"), + resource.TestCheckResourceAttrPair(datasourceName, "not_before", resourceName, "not_before"), + resource.TestCheckResourceAttrPair(datasourceName, "revocation_configuration.#", resourceName, "revocation_configuration.#"), + resource.TestCheckResourceAttrPair(datasourceName, "revocation_configuration.0.crl_configuration.#", resourceName, "revocation_configuration.0.crl_configuration.#"), + resource.TestCheckResourceAttrPair(datasourceName, "revocation_configuration.0.crl_configuration.0.enabled", resourceName, "revocation_configuration.0.crl_configuration.0.enabled"), + resource.TestCheckResourceAttrPair(datasourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname"), + resource.TestCheckResourceAttrPair(datasourceName, "revocation_configuration.0.crl_configuration.0.expiration_in_days", resourceName, "revocation_configuration.0.crl_configuration.0.expiration_in_days"), + resource.TestCheckResourceAttrPair(datasourceName, "revocation_configuration.0.crl_configuration.0.s3_bucket_name", resourceName, "revocation_configuration.0.crl_configuration.0.s3_bucket_name"), + resource.TestCheckResourceAttrPair(datasourceName, "revocation_configuration.0.crl_configuration.0.s3_object_acl", resourceName, "revocation_configuration.0.crl_configuration.0.s3_object_acl"), + resource.TestCheckResourceAttrPair(datasourceName, "serial", resourceName, "serial"), + resource.TestCheckResourceAttrPair(datasourceName, "status", resourceName, "status"), + resource.TestCheckResourceAttrPair(datasourceName, "tags.%", resourceName, "tags.%"), + resource.TestCheckResourceAttrPair(datasourceName, "type", resourceName, "type"), + ), + }, + }, + }) +} + const testAccDataSourceAwsAcmpcaCertificateAuthorityConfig_ARN = ` resource "aws_acmpca_certificate_authority" "wrong" { permanent_deletion_time_in_days = 7 @@ -75,6 +114,38 @@ data "aws_acmpca_certificate_authority" "test" { } ` +const testAccDataSourceAwsAcmpcaCertificateAuthorityConfigS3ObjectAcl_ARN = ` +resource "aws_acmpca_certificate_authority" "wrong" { + permanent_deletion_time_in_days = 7 + + certificate_authority_configuration { + key_algorithm = "RSA_4096" + signing_algorithm = "SHA512WITHRSA" + + subject { + common_name = "terraformtesting.com" + } + } +} + +resource "aws_acmpca_certificate_authority" "test" { + permanent_deletion_time_in_days = 7 + + certificate_authority_configuration { + key_algorithm = "RSA_4096" + signing_algorithm = "SHA512WITHRSA" + + subject { + common_name = "terraformtesting.com" + } + } +} + +data "aws_acmpca_certificate_authority" "test" { + arn = aws_acmpca_certificate_authority.test.arn +} +` + //lintignore:AWSAT003,AWSAT005 const testAccDataSourceAwsAcmpcaCertificateAuthorityConfig_NonExistent = ` data "aws_acmpca_certificate_authority" "test" { diff --git a/website/docs/d/acmpca_certificate_authority.html.markdown b/website/docs/d/acmpca_certificate_authority.html.markdown index 1b456f10e1ee..d65d632d7f07 100644 --- a/website/docs/d/acmpca_certificate_authority.html.markdown +++ b/website/docs/d/acmpca_certificate_authority.html.markdown @@ -40,6 +40,7 @@ In addition to all arguments above, the following attributes are exported: * `revocation_configuration.0.crl_configuration.0.enabled` - Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. * `revocation_configuration.0.crl_configuration.0.expiration_in_days` - Number of days until a certificate expires. * `revocation_configuration.0.crl_configuration.0.s3_bucket_name` - Name of the S3 bucket that contains the CRL. + * `revocation_configuration.0.crl_configuration.0.s3_object_acl` - Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket. * `serial` - Serial number of the certificate authority. Only available after the certificate authority certificate has been imported. * `status` - Status of the certificate authority. * `tags` - Specifies a key-value map of user-defined tags that are attached to the certificate authority.