From e846562d31a89c3ab34d3467b2354f4ac17d0cf4 Mon Sep 17 00:00:00 2001 From: Matt Burgess <549318+mattburgess@users.noreply.github.com> Date: Tue, 12 Mar 2024 22:39:40 +0000 Subject: [PATCH 01/16] acmpca: Migrate to AWS SDK v2 --- go.mod | 2 + go.sum | 2 + internal/acctest/acctest.go | 67 +++--- internal/conns/awsclient_gen.go | 6 +- internal/service/acmpca/certificate.go | 84 ++++--- .../service/acmpca/certificate_authority.go | 226 +++++++++--------- .../certificate_authority_certificate.go | 10 +- .../certificate_authority_certificate_test.go | 4 +- .../certificate_authority_data_source.go | 21 +- .../acmpca/certificate_authority_test.go | 29 +-- .../service/acmpca/certificate_data_source.go | 8 +- internal/service/acmpca/certificate_test.go | 27 ++- internal/service/acmpca/find.go | 59 ++--- internal/service/acmpca/generate.go | 2 +- internal/service/acmpca/permission.go | 52 ++-- internal/service/acmpca/permission_test.go | 14 +- internal/service/acmpca/policy.go | 25 +- internal/service/acmpca/policy_test.go | 4 +- .../service/acmpca/service_package_gen.go | 17 +- internal/service/acmpca/sweep.go | 25 +- internal/service/acmpca/tags_gen.go | 53 ++-- .../service/appmesh/virtual_gateway_test.go | 4 +- internal/service/appmesh/virtual_node_test.go | 6 +- .../ec2/vpnsite_customer_gateway_test.go | 6 +- internal/service/guardduty/filter_test.go | 14 +- internal/service/kafka/cluster_test.go | 6 +- internal/service/transfer/server_test.go | 4 +- names/data/names_data.csv | 2 +- names/names.go | 1 + 29 files changed, 408 insertions(+), 372 deletions(-) diff --git a/go.mod b/go.mod index 8387241b186..e7e7a9b2667 100644 --- a/go.mod +++ b/go.mod @@ -190,6 +190,8 @@ require ( syreclabs.com/go/faker v1.2.3 ) +require github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.2 // indirect + require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.2.1 // indirect diff --git a/go.sum b/go.sum index d654bf62615..8db8617bcb6 100644 --- a/go.sum +++ b/go.sum @@ -50,6 +50,8 @@ github.com/aws/aws-sdk-go-v2/service/account v1.16.2 h1:/IeWgghx0PyfMGm+kUhYnP8r github.com/aws/aws-sdk-go-v2/service/account v1.16.2/go.mod h1:K5SjNY9ZWEhc7xI7hixLXGYs/6pyp3XfKsxA+wz4wIo= github.com/aws/aws-sdk-go-v2/service/acm v1.25.2 h1:5oS1s5fZ4VyWj0tVSF7ihpE1lkajWZ/1u0+34auRkCY= github.com/aws/aws-sdk-go-v2/service/acm v1.25.2/go.mod h1:hGHCrWRY/be0yX4017aNZc0fpjMyBM2NNT5BgDrk4+o= +github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.2 h1:IEltq/ezFlQYefBLr8jCT4VNH153rmoOjKYuaYFfn1c= +github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.2/go.mod h1:ak0f7akTT7g1PkwSSqSzZvpLMooqtUKi39UzxiQsNA4= github.com/aws/aws-sdk-go-v2/service/amp v1.25.2 h1:XXrduSuT8w94c3dG2dvNQioa7ZunXHXC7xwKeRzy87A= github.com/aws/aws-sdk-go-v2/service/amp v1.25.2/go.mod h1:scSghJ8LpkHW0Uge1p2Qpu7zmZ10yIKs0ylLk+XkPas= github.com/aws/aws-sdk-go-v2/service/appconfig v1.29.0 h1:kFSKQPVszQU+r2++ugfrwCchdRKaFmLhc2yMTdE5lls= diff --git a/internal/acctest/acctest.go b/internal/acctest/acctest.go index 6185ce079a6..2e8f970f44f 100644 --- a/internal/acctest/acctest.go +++ b/internal/acctest/acctest.go @@ -19,6 +19,8 @@ import ( "github.com/YakDriver/regexache" accounttypes "github.com/aws/aws-sdk-go-v2/service/account/types" + "github.com/aws/aws-sdk-go-v2/service/acmpca" + acmpcatypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/aws/aws-sdk-go-v2/service/inspector2" inspector2types "github.com/aws/aws-sdk-go-v2/service/inspector2/types" @@ -27,7 +29,6 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/arn" "github.com/aws/aws-sdk-go/aws/endpoints" - "github.com/aws/aws-sdk-go/service/acmpca" "github.com/aws/aws-sdk-go/service/directoryservice" "github.com/aws/aws-sdk-go/service/ec2" "github.com/aws/aws-sdk-go/service/iam" @@ -1932,17 +1933,17 @@ func ACMCertificateRandomSubDomain(rootDomain string) string { rootDomain) } -func CheckACMPCACertificateAuthorityActivateRootCA(ctx context.Context, certificateAuthority *acmpca.CertificateAuthority) resource.TestCheckFunc { +func CheckACMPCACertificateAuthorityActivateRootCA(ctx context.Context, certificateAuthority *acmpcatypes.CertificateAuthority) resource.TestCheckFunc { return func(s *terraform.State) error { - conn := Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) - if v := aws.StringValue(certificateAuthority.Type); v != acmpca.CertificateAuthorityTypeRoot { + if v := string(certificateAuthority.Type); v != string(acmpcatypes.CertificateAuthorityTypeRoot) { return fmt.Errorf("attempting to activate ACM PCA %s Certificate Authority", v) } arn := aws.StringValue(certificateAuthority.Arn) - getCsrOutput, err := conn.GetCertificateAuthorityCsrWithContext(ctx, &acmpca.GetCertificateAuthorityCsrInput{ + getCsrOutput, err := conn.GetCertificateAuthorityCsr(ctx, &acmpca.GetCertificateAuthorityCsrInput{ CertificateAuthorityArn: aws.String(arn), }) @@ -1950,14 +1951,14 @@ func CheckACMPCACertificateAuthorityActivateRootCA(ctx context.Context, certific return fmt.Errorf("getting ACM PCA Certificate Authority (%s) CSR: %w", arn, err) } - issueCertOutput, err := conn.IssueCertificateWithContext(ctx, &acmpca.IssueCertificateInput{ + issueCertOutput, err := conn.IssueCertificate(ctx, &acmpca.IssueCertificateInput{ CertificateAuthorityArn: aws.String(arn), Csr: []byte(aws.StringValue(getCsrOutput.Csr)), IdempotencyToken: aws.String(id.UniqueId()), SigningAlgorithm: certificateAuthority.CertificateAuthorityConfiguration.SigningAlgorithm, TemplateArn: aws.String(fmt.Sprintf("arn:%s:acm-pca:::template/RootCACertificate/V1", Partition())), - Validity: &acmpca.Validity{ - Type: aws.String(acmpca.ValidityPeriodTypeYears), + Validity: &acmpcatypes.Validity{ + Type: acmpcatypes.ValidityPeriodTypeYears, Value: aws.Int64(10), }, }) @@ -1967,16 +1968,19 @@ func CheckACMPCACertificateAuthorityActivateRootCA(ctx context.Context, certific } // Wait for certificate status to become ISSUED. - err = conn.WaitUntilCertificateIssuedWithContext(ctx, &acmpca.GetCertificateInput{ + waiter := acmpca.NewCertificateIssuedWaiter(conn) + params := &acmpca.GetCertificateInput{ CertificateAuthorityArn: aws.String(arn), CertificateArn: issueCertOutput.CertificateArn, - }) + } + + err = waiter.Wait(ctx, params, time.Duration(5*time.Minute)) if err != nil { return fmt.Errorf("waiting for ACM PCA Certificate Authority (%s) Root CA certificate to become ISSUED: %w", arn, err) } - getCertOutput, err := conn.GetCertificateWithContext(ctx, &acmpca.GetCertificateInput{ + getCertOutput, err := conn.GetCertificate(ctx, &acmpca.GetCertificateInput{ CertificateAuthorityArn: aws.String(arn), CertificateArn: issueCertOutput.CertificateArn, }) @@ -1985,7 +1989,7 @@ func CheckACMPCACertificateAuthorityActivateRootCA(ctx context.Context, certific return fmt.Errorf("getting ACM PCA Certificate Authority (%s) issued Root CA certificate: %w", arn, err) } - _, err = conn.ImportCertificateAuthorityCertificateWithContext(ctx, &acmpca.ImportCertificateAuthorityCertificateInput{ + _, err = conn.ImportCertificateAuthorityCertificate(ctx, &acmpca.ImportCertificateAuthorityCertificateInput{ CertificateAuthorityArn: aws.String(arn), Certificate: []byte(aws.StringValue(getCertOutput.Certificate)), }) @@ -1998,17 +2002,17 @@ func CheckACMPCACertificateAuthorityActivateRootCA(ctx context.Context, certific } } -func CheckACMPCACertificateAuthorityActivateSubordinateCA(ctx context.Context, rootCertificateAuthority, certificateAuthority *acmpca.CertificateAuthority) resource.TestCheckFunc { +func CheckACMPCACertificateAuthorityActivateSubordinateCA(ctx context.Context, rootCertificateAuthority, certificateAuthority *acmpcatypes.CertificateAuthority) resource.TestCheckFunc { return func(s *terraform.State) error { - conn := Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) - if v := aws.StringValue(certificateAuthority.Type); v != acmpca.CertificateAuthorityTypeSubordinate { + if v := string(certificateAuthority.Type); v != string(acmpcatypes.CertificateAuthorityTypeSubordinate) { return fmt.Errorf("attempting to activate ACM PCA %s Certificate Authority", v) } arn := aws.StringValue(certificateAuthority.Arn) - getCsrOutput, err := conn.GetCertificateAuthorityCsrWithContext(ctx, &acmpca.GetCertificateAuthorityCsrInput{ + getCsrOutput, err := conn.GetCertificateAuthorityCsr(ctx, &acmpca.GetCertificateAuthorityCsrInput{ CertificateAuthorityArn: aws.String(arn), }) @@ -2018,14 +2022,14 @@ func CheckACMPCACertificateAuthorityActivateSubordinateCA(ctx context.Context, r rootCertificateAuthorityArn := aws.StringValue(rootCertificateAuthority.Arn) - issueCertOutput, err := conn.IssueCertificateWithContext(ctx, &acmpca.IssueCertificateInput{ + issueCertOutput, err := conn.IssueCertificate(ctx, &acmpca.IssueCertificateInput{ CertificateAuthorityArn: aws.String(rootCertificateAuthorityArn), Csr: []byte(aws.StringValue(getCsrOutput.Csr)), IdempotencyToken: aws.String(id.UniqueId()), SigningAlgorithm: certificateAuthority.CertificateAuthorityConfiguration.SigningAlgorithm, TemplateArn: aws.String(fmt.Sprintf("arn:%s:acm-pca:::template/SubordinateCACertificate_PathLen0/V1", Partition())), - Validity: &acmpca.Validity{ - Type: aws.String(acmpca.ValidityPeriodTypeYears), + Validity: &acmpcatypes.Validity{ + Type: acmpcatypes.ValidityPeriodTypeYears, Value: aws.Int64(3), }, }) @@ -2035,16 +2039,19 @@ func CheckACMPCACertificateAuthorityActivateSubordinateCA(ctx context.Context, r } // Wait for certificate status to become ISSUED. - err = conn.WaitUntilCertificateIssuedWithContext(ctx, &acmpca.GetCertificateInput{ - CertificateAuthorityArn: aws.String(rootCertificateAuthorityArn), + waiter := acmpca.NewCertificateIssuedWaiter(conn) + params := &acmpca.GetCertificateInput{ + CertificateAuthorityArn: aws.String(arn), CertificateArn: issueCertOutput.CertificateArn, - }) + } + + err = waiter.Wait(ctx, params, time.Duration(5*time.Minute)) if err != nil { return fmt.Errorf("waiting for ACM PCA Certificate Authority (%s) Subordinate CA certificate to become ISSUED: %w", arn, err) } - getCertOutput, err := conn.GetCertificateWithContext(ctx, &acmpca.GetCertificateInput{ + getCertOutput, err := conn.GetCertificate(ctx, &acmpca.GetCertificateInput{ CertificateAuthorityArn: aws.String(rootCertificateAuthorityArn), CertificateArn: issueCertOutput.CertificateArn, }) @@ -2053,7 +2060,7 @@ func CheckACMPCACertificateAuthorityActivateSubordinateCA(ctx context.Context, r return fmt.Errorf("getting ACM PCA Certificate Authority (%s) issued Subordinate CA certificate: %w", arn, err) } - _, err = conn.ImportCertificateAuthorityCertificateWithContext(ctx, &acmpca.ImportCertificateAuthorityCertificateInput{ + _, err = conn.ImportCertificateAuthorityCertificate(ctx, &acmpca.ImportCertificateAuthorityCertificateInput{ CertificateAuthorityArn: aws.String(arn), Certificate: []byte(aws.StringValue(getCertOutput.Certificate)), CertificateChain: []byte(aws.StringValue(getCertOutput.CertificateChain)), @@ -2067,20 +2074,20 @@ func CheckACMPCACertificateAuthorityActivateSubordinateCA(ctx context.Context, r } } -func CheckACMPCACertificateAuthorityDisableCA(ctx context.Context, certificateAuthority *acmpca.CertificateAuthority) resource.TestCheckFunc { +func CheckACMPCACertificateAuthorityDisableCA(ctx context.Context, certificateAuthority *acmpcatypes.CertificateAuthority) resource.TestCheckFunc { return func(s *terraform.State) error { - conn := Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) - _, err := conn.UpdateCertificateAuthorityWithContext(ctx, &acmpca.UpdateCertificateAuthorityInput{ + _, err := conn.UpdateCertificateAuthority(ctx, &acmpca.UpdateCertificateAuthorityInput{ CertificateAuthorityArn: certificateAuthority.Arn, - Status: aws.String(acmpca.CertificateAuthorityStatusDisabled), + Status: acmpcatypes.CertificateAuthorityStatusDisabled, }) return err } } -func CheckACMPCACertificateAuthorityExists(ctx context.Context, n string, certificateAuthority *acmpca.CertificateAuthority) resource.TestCheckFunc { +func CheckACMPCACertificateAuthorityExists(ctx context.Context, n string, certificateAuthority *acmpcatypes.CertificateAuthority) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] if !ok { @@ -2091,7 +2098,7 @@ func CheckACMPCACertificateAuthorityExists(ctx context.Context, n string, certif return fmt.Errorf("no ACM PCA Certificate Authority ID is set") } - conn := Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) output, err := tfacmpca.FindCertificateAuthorityByARN(ctx, conn, rs.Primary.ID) diff --git a/internal/conns/awsclient_gen.go b/internal/conns/awsclient_gen.go index c4e8d9ef0dc..95198169d8d 100644 --- a/internal/conns/awsclient_gen.go +++ b/internal/conns/awsclient_gen.go @@ -7,6 +7,7 @@ import ( accessanalyzer_sdkv2 "github.com/aws/aws-sdk-go-v2/service/accessanalyzer" account_sdkv2 "github.com/aws/aws-sdk-go-v2/service/account" acm_sdkv2 "github.com/aws/aws-sdk-go-v2/service/acm" + acmpca_sdkv2 "github.com/aws/aws-sdk-go-v2/service/acmpca" amp_sdkv2 "github.com/aws/aws-sdk-go-v2/service/amp" appconfig_sdkv2 "github.com/aws/aws-sdk-go-v2/service/appconfig" appfabric_sdkv2 "github.com/aws/aws-sdk-go-v2/service/appfabric" @@ -142,7 +143,6 @@ import ( wellarchitected_sdkv2 "github.com/aws/aws-sdk-go-v2/service/wellarchitected" workspaces_sdkv2 "github.com/aws/aws-sdk-go-v2/service/workspaces" xray_sdkv2 "github.com/aws/aws-sdk-go-v2/service/xray" - acmpca_sdkv1 "github.com/aws/aws-sdk-go/service/acmpca" amplify_sdkv1 "github.com/aws/aws-sdk-go/service/amplify" apigateway_sdkv1 "github.com/aws/aws-sdk-go/service/apigateway" apigatewayv2_sdkv1 "github.com/aws/aws-sdk-go/service/apigatewayv2" @@ -256,8 +256,8 @@ func (c *AWSClient) ACMClient(ctx context.Context) *acm_sdkv2.Client { return errs.Must(client[*acm_sdkv2.Client](ctx, c, names.ACM, make(map[string]any))) } -func (c *AWSClient) ACMPCAConn(ctx context.Context) *acmpca_sdkv1.ACMPCA { - return errs.Must(conn[*acmpca_sdkv1.ACMPCA](ctx, c, names.ACMPCA, make(map[string]any))) +func (c *AWSClient) ACMPCAClient(ctx context.Context) *acmpca_sdkv2.Client { + return errs.Must(client[*acmpca_sdkv2.Client](ctx, c, names.ACMPCA, make(map[string]any))) } func (c *AWSClient) AMPClient(ctx context.Context) *amp_sdkv2.Client { diff --git a/internal/service/acmpca/certificate.go b/internal/service/acmpca/certificate.go index 7cac716b03c..471980a72bf 100644 --- a/internal/service/acmpca/certificate.go +++ b/internal/service/acmpca/certificate.go @@ -16,10 +16,10 @@ import ( "time" "github.com/YakDriver/regexache" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/arn" - "github.com/aws/aws-sdk-go/service/acmpca" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/aws/arn" + "github.com/aws/aws-sdk-go-v2/service/acmpca" + awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" @@ -27,9 +27,12 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/enum" + "github.com/hashicorp/terraform-provider-aws/internal/errs" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" "github.com/hashicorp/terraform-provider-aws/internal/tfresource" "github.com/hashicorp/terraform-provider-aws/internal/verify" + "github.com/hashicorp/terraform-provider-aws/names" "golang.org/x/crypto/cryptobyte" cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1" ) @@ -82,10 +85,10 @@ func ResourceCertificate() *schema.Resource { ForceNew: true, }, "signing_algorithm": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - ValidateFunc: validation.StringInSlice(acmpca.SigningAlgorithm_Values(), false), + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateDiagFunc: enum.Validate[awstypes.SigningAlgorithm](), }, "validity": { Type: schema.TypeList, @@ -96,10 +99,10 @@ func ResourceCertificate() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "type": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - ValidateFunc: validation.StringInSlice(acmpca.ValidityPeriodType_Values(), false), + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateDiagFunc: enum.Validate[awstypes.ValidityPeriodType](), }, "value": { Type: schema.TypeString, @@ -133,14 +136,14 @@ func ResourceCertificate() *schema.Resource { func resourceCertificateCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) certificateAuthorityARN := d.Get("certificate_authority_arn").(string) input := &acmpca.IssueCertificateInput{ CertificateAuthorityArn: aws.String(certificateAuthorityARN), Csr: []byte(d.Get("certificate_signing_request").(string)), IdempotencyToken: aws.String(id.UniqueId()), - SigningAlgorithm: aws.String(d.Get("signing_algorithm").(string)), + SigningAlgorithm: awstypes.SigningAlgorithm(d.Get("signing_algorithm").(string)), } validity, err := expandValidity(d.Get("validity").([]interface{})) if err != nil { @@ -153,7 +156,7 @@ func resourceCertificateCreate(ctx context.Context, d *schema.ResourceData, meta } if v, ok := d.Get("api_passthrough").(string); ok && v != "" { - ap := &acmpca.ApiPassthrough{} + ap := &awstypes.ApiPassthrough{} if err := json.Unmarshal([]byte(v), ap); err != nil { return sdkdiag.AppendErrorf(diags, "decoding api_passthrough: %s", err) } @@ -163,8 +166,8 @@ func resourceCertificateCreate(ctx context.Context, d *schema.ResourceData, meta var output *acmpca.IssueCertificateOutput err = retry.RetryContext(ctx, certificateAuthorityActiveTimeout, func() *retry.RetryError { var err error - output, err = conn.IssueCertificateWithContext(ctx, input) - if tfawserr.ErrMessageContains(err, acmpca.ErrCodeInvalidStateException, "The certificate authority is not in a valid state for issuing certificates") { + output, err = conn.IssueCertificate(ctx, input) + if errs.IsAErrorMessageContains[*awstypes.InvalidStateException](err, "The certificate authority is not in a valid state for issuing certificates") { return retry.RetryableError(err) } if err != nil { @@ -173,21 +176,24 @@ func resourceCertificateCreate(ctx context.Context, d *schema.ResourceData, meta return nil }) if tfresource.TimedOut(err) { - output, err = conn.IssueCertificateWithContext(ctx, input) + output, err = conn.IssueCertificate(ctx, input) } if err != nil { return sdkdiag.AppendErrorf(diags, "issuing ACM PCA Certificate with Certificate Authority (%s): %s", certificateAuthorityARN, err) } - d.SetId(aws.StringValue(output.CertificateArn)) + d.SetId(aws.ToString(output.CertificateArn)) - getCertificateInput := &acmpca.GetCertificateInput{ - CertificateArn: output.CertificateArn, - CertificateAuthorityArn: aws.String(d.Get("certificate_authority_arn").(string)), + // Wait for certificate status to become ISSUED. + waiter := acmpca.NewCertificateIssuedWaiter(conn) + params := &acmpca.GetCertificateInput{ + CertificateAuthorityArn: output.CertificateArn, + CertificateArn: aws.String(d.Get("certificate_authority_arn").(string)), } - err = conn.WaitUntilCertificateIssuedWithContext(ctx, getCertificateInput) + err = waiter.Wait(ctx, params, time.Duration(5*time.Minute)) + if err != nil { return sdkdiag.AppendErrorf(diags, "waiting for ACM PCA Certificate Authority (%s) to issue Certificate (%s), error: %s", certificateAuthorityARN, d.Id(), err) } @@ -197,7 +203,7 @@ func resourceCertificateCreate(ctx context.Context, d *schema.ResourceData, meta func resourceCertificateRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) getCertificateInput := &acmpca.GetCertificateInput{ CertificateArn: aws.String(d.Id()), @@ -206,9 +212,9 @@ func resourceCertificateRead(ctx context.Context, d *schema.ResourceData, meta i log.Printf("[DEBUG] Reading ACM PCA Certificate: %s", getCertificateInput) - certificateOutput, err := conn.GetCertificateWithContext(ctx, getCertificateInput) + certificateOutput, err := conn.GetCertificate(ctx, getCertificateInput) - if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) { + if !d.IsNewResource() && errs.IsA[*awstypes.ResourceNotFoundException](err) { log.Printf("[WARN] ACM PCA Certificate (%s) not found, removing from state", d.Id()) d.SetId("") return diags @@ -231,7 +237,7 @@ func resourceCertificateRead(ctx context.Context, d *schema.ResourceData, meta i func resourceCertificateRevoke(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) block, _ := pem.Decode([]byte(d.Get("certificate").(string))) if block == nil { @@ -250,14 +256,14 @@ func resourceCertificateRevoke(ctx context.Context, d *schema.ResourceData, meta input := &acmpca.RevokeCertificateInput{ CertificateAuthorityArn: aws.String(d.Get("certificate_authority_arn").(string)), CertificateSerial: aws.String(fmt.Sprintf("%x", serial)), - RevocationReason: aws.String(acmpca.RevocationReasonUnspecified), + RevocationReason: awstypes.RevocationReasonUnspecified, } - _, err = conn.RevokeCertificateWithContext(ctx, input) + _, err = conn.RevokeCertificate(ctx, input) - if tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) || - tfawserr.ErrCodeEquals(err, acmpca.ErrCodeRequestAlreadyProcessedException) || - tfawserr.ErrCodeEquals(err, acmpca.ErrCodeRequestInProgressException) || - tfawserr.ErrMessageContains(err, acmpca.ErrCodeInvalidRequestException, "Self-signed certificate can not be revoked") { + if errs.IsA[*awstypes.ResourceNotFoundException](err) || + errs.IsA[*awstypes.RequestAlreadyProcessedException](err) || + errs.IsA[*awstypes.RequestInProgressException](err) || + errs.IsAErrorMessageContains[*awstypes.InvalidRequestException](err, "Self-signed certificate can not be revoked") { return diags } if err != nil { @@ -310,8 +316,8 @@ func ValidTemplateARN(v interface{}, k string) (ws []string, errors []error) { value := v.(string) parsedARN, _ := arn.Parse(value) - if parsedARN.Service != acmpca.ServiceName { - errors = append(errors, fmt.Errorf("%q (%s) is not a valid ACM PCA template ARN: service must be \""+acmpca.ServiceName+"\", was %q)", k, value, parsedARN.Service)) + if parsedARN.Service != names.ACMPCAEndpointID { + errors = append(errors, fmt.Errorf("%q (%s) is not a valid ACM PCA template ARN: service must be \""+names.ACMPCAEndpointID+"\", was %q)", k, value, parsedARN.Service)) } if parsedARN.Region != "" { @@ -330,7 +336,7 @@ func ValidTemplateARN(v interface{}, k string) (ws []string, errors []error) { return ws, errors } -func expandValidity(l []interface{}) (*acmpca.Validity, error) { +func expandValidity(l []interface{}) (*awstypes.Validity, error) { if len(l) == 0 { return nil, nil } @@ -338,8 +344,8 @@ func expandValidity(l []interface{}) (*acmpca.Validity, error) { m := l[0].(map[string]interface{}) valueType := m["type"].(string) - result := &acmpca.Validity{ - Type: aws.String(valueType), + result := &awstypes.Validity{ + Type: awstypes.ValidityPeriodType(valueType), } i, err := ExpandValidityValue(valueType, m["value"].(string)) @@ -352,7 +358,7 @@ func expandValidity(l []interface{}) (*acmpca.Validity, error) { } func ExpandValidityValue(valueType, v string) (int64, error) { - if valueType == acmpca.ValidityPeriodTypeEndDate { + if valueType == string(awstypes.ValidityPeriodTypeEndDate) { date, err := time.Parse(time.RFC3339, v) if err != nil { return 0, err diff --git a/internal/service/acmpca/certificate_authority.go b/internal/service/acmpca/certificate_authority.go index 3b4426b9430..a5f90a1e856 100644 --- a/internal/service/acmpca/certificate_authority.go +++ b/internal/service/acmpca/certificate_authority.go @@ -9,15 +9,17 @@ import ( "log" "time" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/acmpca" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/acmpca" + awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/enum" + "github.com/hashicorp/terraform-provider-aws/internal/errs" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" tftags "github.com/hashicorp/terraform-provider-aws/internal/tags" "github.com/hashicorp/terraform-provider-aws/internal/tfresource" @@ -77,16 +79,16 @@ func ResourceCertificateAuthority() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "key_algorithm": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - ValidateFunc: validation.StringInSlice(acmpca.KeyAlgorithm_Values(), false), + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateDiagFunc: enum.Validate[awstypes.KeyAlgorithm](), }, "signing_algorithm": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - ValidateFunc: validation.StringInSlice(acmpca.SigningAlgorithm_Values(), false), + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateDiagFunc: enum.Validate[awstypes.SigningAlgorithm](), }, // https://docs.aws.amazon.com/privateca/latest/APIReference/API_ASN1Subject.html "subject": { @@ -194,11 +196,11 @@ func ResourceCertificateAuthority() *schema.Resource { Default: true, }, "key_storage_security_standard": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ForceNew: true, - ValidateFunc: validation.StringInSlice(acmpca.KeyStorageSecurityStandard_Values(), false), + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ValidateDiagFunc: enum.Validate[awstypes.KeyStorageSecurityStandard](), }, "not_after": { Type: schema.TypeString, @@ -284,10 +286,10 @@ func ResourceCertificateAuthority() *schema.Resource { }, }, "s3_object_acl": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ValidateFunc: validation.StringInSlice(acmpca.S3ObjectAcl_Values(), false), + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateDiagFunc: enum.Validate[awstypes.S3ObjectAcl](), DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { // Ignore attributes if CRL configuration is not enabled if d.Get("revocation_configuration.0.crl_configuration.0.enabled").(bool) { @@ -334,17 +336,17 @@ func ResourceCertificateAuthority() *schema.Resource { names.AttrTags: tftags.TagsSchema(), names.AttrTagsAll: tftags.TagsSchemaComputed(), "type": { - Type: schema.TypeString, - Optional: true, - ForceNew: true, - Default: acmpca.CertificateAuthorityTypeSubordinate, - ValidateFunc: validation.StringInSlice(acmpca.CertificateAuthorityType_Values(), false), + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Default: awstypes.CertificateAuthorityTypeSubordinate, + ValidateDiagFunc: enum.Validate[awstypes.CertificateAuthorityType](), }, "usage_mode": { - Type: schema.TypeString, - Computed: true, - Optional: true, - ValidateFunc: validation.StringInSlice(acmpca.CertificateAuthorityUsageMode_Values(), false), + Type: schema.TypeString, + Computed: true, + Optional: true, + ValidateDiagFunc: enum.Validate[awstypes.CertificateAuthorityUsageMode](), }, }, @@ -354,34 +356,34 @@ func ResourceCertificateAuthority() *schema.Resource { func resourceCertificateAuthorityCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) input := &acmpca.CreateCertificateAuthorityInput{ CertificateAuthorityConfiguration: expandCertificateAuthorityConfiguration(d.Get("certificate_authority_configuration").([]interface{})), - CertificateAuthorityType: aws.String(d.Get("type").(string)), + CertificateAuthorityType: awstypes.CertificateAuthorityType(d.Get("type").(string)), IdempotencyToken: aws.String(id.UniqueId()), RevocationConfiguration: expandRevocationConfiguration(d.Get("revocation_configuration").([]interface{})), Tags: getTagsIn(ctx), } if v, ok := d.GetOk("key_storage_security_standard"); ok { - input.KeyStorageSecurityStandard = aws.String(v.(string)) + input.KeyStorageSecurityStandard = awstypes.KeyStorageSecurityStandard(v.(string)) } if v, ok := d.GetOk("usage_mode"); ok { - input.UsageMode = aws.String(v.(string)) + input.UsageMode = awstypes.CertificateAuthorityUsageMode(v.(string)) } // ValidationException: The ACM Private CA service account 'acm-pca-prod-pdx' requires getBucketAcl permissions for your S3 bucket 'tf-acc-test-5224996536060125340'. Check your S3 bucket permissions and try again. outputRaw, err := tfresource.RetryWhenAWSErrMessageContains(ctx, 1*time.Minute, func() (interface{}, error) { - return conn.CreateCertificateAuthorityWithContext(ctx, input) + return conn.CreateCertificateAuthority(ctx, input) }, "ValidationException", "Check your S3 bucket permissions and try again") if err != nil { return sdkdiag.AppendErrorf(diags, "creating ACM PCA Certificate Authority: %s", err) } - d.SetId(aws.StringValue(outputRaw.(*acmpca.CreateCertificateAuthorityOutput).CertificateAuthorityArn)) + d.SetId(aws.ToString(outputRaw.(*acmpca.CreateCertificateAuthorityOutput).CertificateAuthorityArn)) if _, err := waitCertificateAuthorityCreated(ctx, conn, d.Id(), d.Timeout(schema.TimeoutCreate)); err != nil { return sdkdiag.AppendErrorf(diags, "waiting for ACM PCA Certificate Authority (%s) create: %s", d.Id(), err) @@ -392,7 +394,7 @@ func resourceCertificateAuthorityCreate(ctx context.Context, d *schema.ResourceD func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) certificateAuthority, err := FindCertificateAuthorityByARN(ctx, conn, d.Id()) @@ -410,10 +412,10 @@ func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceDat if err := d.Set("certificate_authority_configuration", flattenCertificateAuthorityConfiguration(certificateAuthority.CertificateAuthorityConfiguration)); err != nil { return sdkdiag.AppendErrorf(diags, "setting certificate_authority_configuration: %s", err) } - d.Set("enabled", (aws.StringValue(certificateAuthority.Status) != acmpca.CertificateAuthorityStatusDisabled)) + d.Set("enabled", (certificateAuthority.Status != awstypes.CertificateAuthorityStatusDisabled)) d.Set("key_storage_security_standard", certificateAuthority.KeyStorageSecurityStandard) - d.Set("not_after", aws.TimeValue(certificateAuthority.NotAfter).Format(time.RFC3339)) - d.Set("not_before", aws.TimeValue(certificateAuthority.NotBefore).Format(time.RFC3339)) + d.Set("not_after", aws.ToTime(certificateAuthority.NotAfter).Format(time.RFC3339)) + d.Set("not_before", aws.ToTime(certificateAuthority.NotBefore).Format(time.RFC3339)) if err := d.Set("revocation_configuration", flattenRevocationConfiguration(certificateAuthority.RevocationConfiguration)); err != nil { return sdkdiag.AppendErrorf(diags, "setting revocation_configuration: %s", err) } @@ -425,9 +427,9 @@ func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceDat CertificateAuthorityArn: aws.String(d.Id()), } - getCertificateAuthorityCertificateOutput, err := conn.GetCertificateAuthorityCertificateWithContext(ctx, getCertificateAuthorityCertificateInput) + getCertificateAuthorityCertificateOutput, err := conn.GetCertificateAuthorityCertificate(ctx, getCertificateAuthorityCertificateInput) - if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) { + if !d.IsNewResource() && errs.IsA[*awstypes.ResourceNotFoundException](err) { log.Printf("[WARN] ACM PCA Certificate Authority (%s) not found, removing from state", d.Id()) d.SetId("") return diags @@ -435,7 +437,7 @@ func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceDat // Returned when in PENDING_CERTIFICATE status // InvalidStateException: The certificate authority XXXXX is not in the correct state to have a certificate signing request. - if err != nil && !tfawserr.ErrCodeEquals(err, acmpca.ErrCodeInvalidStateException) { + if err != nil && !errs.IsA[*awstypes.InvalidStateException](err) { return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority (%s) Certificate: %s", d.Id(), err) } @@ -452,9 +454,9 @@ func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceDat log.Printf("[DEBUG] Reading ACM PCA Certificate Authority Certificate Signing Request: %s", getCertificateAuthorityCsrInput) - getCertificateAuthorityCsrOutput, err := conn.GetCertificateAuthorityCsrWithContext(ctx, getCertificateAuthorityCsrInput) + getCertificateAuthorityCsrOutput, err := conn.GetCertificateAuthorityCsr(ctx, getCertificateAuthorityCsrInput) - if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) { + if !d.IsNewResource() && errs.IsA[*awstypes.ResourceNotFoundException](err) { log.Printf("[WARN] ACM PCA Certificate Authority (%s) not found, removing from state", d.Id()) d.SetId("") return diags @@ -462,7 +464,7 @@ func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceDat // Returned when in PENDING_CERTIFICATE status // InvalidStateException: The certificate authority XXXXX is not in the correct state to have a certificate signing request. - if err != nil && !tfawserr.ErrCodeEquals(err, acmpca.ErrCodeInvalidStateException) { + if err != nil && !errs.IsA[*awstypes.InvalidStateException](err) { return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority (%s) Certificate Signing Request: %s", d.Id(), err) } @@ -476,7 +478,7 @@ func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceDat func resourceCertificateAuthorityUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) if d.HasChangesExcept("tags", "tags_all") { input := &acmpca.UpdateCertificateAuthorityInput{ @@ -484,9 +486,9 @@ func resourceCertificateAuthorityUpdate(ctx context.Context, d *schema.ResourceD } if d.HasChange("enabled") { - input.Status = aws.String(acmpca.CertificateAuthorityStatusActive) + input.Status = awstypes.CertificateAuthorityStatusActive if !d.Get("enabled").(bool) { - input.Status = aws.String(acmpca.CertificateAuthorityStatusDisabled) + input.Status = awstypes.CertificateAuthorityStatusDisabled } } @@ -494,7 +496,7 @@ func resourceCertificateAuthorityUpdate(ctx context.Context, d *schema.ResourceD input.RevocationConfiguration = expandRevocationConfiguration(d.Get("revocation_configuration").([]interface{})) } - _, err := conn.UpdateCertificateAuthorityWithContext(ctx, input) + _, err := conn.UpdateCertificateAuthority(ctx, input) if err != nil { return sdkdiag.AppendErrorf(diags, "updating ACM PCA Certificate Authority (%s): %s", d.Id(), err) @@ -506,18 +508,18 @@ func resourceCertificateAuthorityUpdate(ctx context.Context, d *schema.ResourceD func resourceCertificateAuthorityDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) // The Certificate Authority must be in PENDING_CERTIFICATE or DISABLED state before deleting. updateInput := &acmpca.UpdateCertificateAuthorityInput{ CertificateAuthorityArn: aws.String(d.Id()), - Status: aws.String(acmpca.CertificateAuthorityStatusDisabled), + Status: awstypes.CertificateAuthorityStatusDisabled, } - _, err := conn.UpdateCertificateAuthorityWithContext(ctx, updateInput) - if tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) { + _, err := conn.UpdateCertificateAuthority(ctx, updateInput) + if errs.IsA[*awstypes.ResourceNotFoundException](err) { return diags } - if err != nil && !tfawserr.ErrMessageContains(err, acmpca.ErrCodeInvalidStateException, "The certificate authority must be in the ACTIVE or DISABLED state to be updated") { + if err != nil && !errs.IsAErrorMessageContains[*awstypes.InvalidStateException](err, "The certificate authority must be in the ACTIVE or DISABLED state to be updated") { return sdkdiag.AppendErrorf(diags, "setting ACM PCA Certificate Authority (%s) to DISABLED status before deleting: %s", d.Id(), err) } @@ -526,12 +528,12 @@ func resourceCertificateAuthorityDelete(ctx context.Context, d *schema.ResourceD } if v, exists := d.GetOk("permanent_deletion_time_in_days"); exists { - deleteInput.PermanentDeletionTimeInDays = aws.Int64(int64(v.(int))) + deleteInput.PermanentDeletionTimeInDays = aws.Int32(int32(v.(int))) } log.Printf("[INFO] Deleting ACM PCA Certificate Authority: %s", d.Id()) - _, err = conn.DeleteCertificateAuthorityWithContext(ctx, deleteInput) - if tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) { + _, err = conn.DeleteCertificateAuthority(ctx, deleteInput) + if errs.IsA[*awstypes.ResourceNotFoundException](err) { return diags } if err != nil { @@ -541,14 +543,14 @@ func resourceCertificateAuthorityDelete(ctx context.Context, d *schema.ResourceD return diags } -func FindCertificateAuthorityByARN(ctx context.Context, conn *acmpca.ACMPCA, arn string) (*acmpca.CertificateAuthority, error) { +func FindCertificateAuthorityByARN(ctx context.Context, conn *acmpca.Client, arn string) (*awstypes.CertificateAuthority, error) { input := &acmpca.DescribeCertificateAuthorityInput{ CertificateAuthorityArn: aws.String(arn), } - output, err := conn.DescribeCertificateAuthorityWithContext(ctx, input) + output, err := conn.DescribeCertificateAuthority(ctx, input) - if tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) { + if errs.IsA[*awstypes.ResourceNotFoundException](err) { return nil, &retry.NotFoundError{ LastError: err, LastRequest: input, @@ -563,15 +565,15 @@ func FindCertificateAuthorityByARN(ctx context.Context, conn *acmpca.ACMPCA, arn return nil, tfresource.NewEmptyResultError(input) } - if status := aws.StringValue(output.CertificateAuthority.Status); status == acmpca.CertificateAuthorityStatusDeleted { + if output.CertificateAuthority.Status == awstypes.CertificateAuthorityStatusDeleted { return nil, &retry.NotFoundError{ - Message: status, + Message: string(output.CertificateAuthority.Status), LastRequest: input, } } // Eventual consistency check. - if aws.StringValue(output.CertificateAuthority.Arn) != arn { + if aws.ToString(output.CertificateAuthority.Arn) != arn { return nil, &retry.NotFoundError{ LastRequest: input, } @@ -580,7 +582,7 @@ func FindCertificateAuthorityByARN(ctx context.Context, conn *acmpca.ACMPCA, arn return output.CertificateAuthority, nil } -func statusCertificateAuthority(ctx context.Context, conn *acmpca.ACMPCA, arn string) retry.StateRefreshFunc { +func statusCertificateAuthority(ctx context.Context, conn *acmpca.Client, arn string) retry.StateRefreshFunc { return func() (interface{}, string, error) { output, err := FindCertificateAuthorityByARN(ctx, conn, arn) @@ -592,23 +594,23 @@ func statusCertificateAuthority(ctx context.Context, conn *acmpca.ACMPCA, arn st return nil, "", err } - return output, aws.StringValue(output.Status), nil + return output, string(output.Status), nil } } -func waitCertificateAuthorityCreated(ctx context.Context, conn *acmpca.ACMPCA, arn string, timeout time.Duration) (*acmpca.CertificateAuthority, error) { +func waitCertificateAuthorityCreated(ctx context.Context, conn *acmpca.Client, arn string, timeout time.Duration) (*awstypes.CertificateAuthority, error) { stateConf := &retry.StateChangeConf{ - Pending: []string{acmpca.CertificateAuthorityStatusCreating}, - Target: []string{acmpca.CertificateAuthorityStatusActive, acmpca.CertificateAuthorityStatusPendingCertificate}, + Pending: []string{string(awstypes.CertificateAuthorityStatusCreating)}, + Target: []string{string(awstypes.CertificateAuthorityStatusActive), string(awstypes.CertificateAuthorityStatusPendingCertificate)}, Refresh: statusCertificateAuthority(ctx, conn, arn), Timeout: timeout, } outputRaw, err := stateConf.WaitForStateContext(ctx) - if output, ok := outputRaw.(*acmpca.CertificateAuthority); ok { - if status := aws.StringValue(output.Status); status == acmpca.CertificateAuthorityStatusFailed { - tfresource.SetLastError(err, errors.New(aws.StringValue(output.FailureReason))) + if output, ok := outputRaw.(*awstypes.CertificateAuthority); ok { + if output.Status == awstypes.CertificateAuthorityStatusFailed { + tfresource.SetLastError(err, errors.New(string(output.FailureReason))) } return output, err @@ -621,14 +623,14 @@ const ( certificateAuthorityActiveTimeout = 1 * time.Minute ) -func expandASN1Subject(l []interface{}) *acmpca.ASN1Subject { +func expandASN1Subject(l []interface{}) *awstypes.ASN1Subject { if len(l) == 0 { return nil } m := l[0].(map[string]interface{}) - subject := &acmpca.ASN1Subject{} + subject := &awstypes.ASN1Subject{} if v, ok := m["common_name"]; ok && v.(string) != "" { subject.CommonName = aws.String(v.(string)) } @@ -672,23 +674,23 @@ func expandASN1Subject(l []interface{}) *acmpca.ASN1Subject { return subject } -func expandCertificateAuthorityConfiguration(l []interface{}) *acmpca.CertificateAuthorityConfiguration { +func expandCertificateAuthorityConfiguration(l []interface{}) *awstypes.CertificateAuthorityConfiguration { if len(l) == 0 { return nil } m := l[0].(map[string]interface{}) - config := &acmpca.CertificateAuthorityConfiguration{ - KeyAlgorithm: aws.String(m["key_algorithm"].(string)), - SigningAlgorithm: aws.String(m["signing_algorithm"].(string)), + config := &awstypes.CertificateAuthorityConfiguration{ + KeyAlgorithm: awstypes.KeyAlgorithm(m["key_algorithm"].(string)), + SigningAlgorithm: awstypes.SigningAlgorithm(m["signing_algorithm"].(string)), Subject: expandASN1Subject(m["subject"].([]interface{})), } return config } -func expandCrlConfiguration(l []interface{}) *acmpca.CrlConfiguration { +func expandCrlConfiguration(l []interface{}) *awstypes.CrlConfiguration { if len(l) == 0 { return nil } @@ -697,7 +699,7 @@ func expandCrlConfiguration(l []interface{}) *acmpca.CrlConfiguration { crlEnabled := m["enabled"].(bool) - config := &acmpca.CrlConfiguration{ + config := &awstypes.CrlConfiguration{ Enabled: aws.Bool(crlEnabled), } @@ -706,27 +708,27 @@ func expandCrlConfiguration(l []interface{}) *acmpca.CrlConfiguration { config.CustomCname = aws.String(v.(string)) } if v, ok := m["expiration_in_days"]; ok && v.(int) > 0 { - config.ExpirationInDays = aws.Int64(int64(v.(int))) + config.ExpirationInDays = aws.Int32(int32(v.(int))) } if v, ok := m["s3_bucket_name"]; ok && v.(string) != "" { config.S3BucketName = aws.String(v.(string)) } if v, ok := m["s3_object_acl"]; ok && v.(string) != "" { - config.S3ObjectAcl = aws.String(v.(string)) + config.S3ObjectAcl = awstypes.S3ObjectAcl(v.(string)) } } return config } -func expandOcspConfiguration(l []interface{}) *acmpca.OcspConfiguration { +func expandOcspConfiguration(l []interface{}) *awstypes.OcspConfiguration { if len(l) == 0 { return nil } m := l[0].(map[string]interface{}) - config := &acmpca.OcspConfiguration{ + config := &awstypes.OcspConfiguration{ Enabled: aws.Bool(m["enabled"].(bool)), } @@ -737,14 +739,14 @@ func expandOcspConfiguration(l []interface{}) *acmpca.OcspConfiguration { return config } -func expandRevocationConfiguration(l []interface{}) *acmpca.RevocationConfiguration { +func expandRevocationConfiguration(l []interface{}) *awstypes.RevocationConfiguration { if len(l) == 0 || l[0] == nil { return nil } m := l[0].(map[string]interface{}) - config := &acmpca.RevocationConfiguration{ + config := &awstypes.RevocationConfiguration{ CrlConfiguration: expandCrlConfiguration(m["crl_configuration"].([]interface{})), OcspConfiguration: expandOcspConfiguration(m["ocsp_configuration"].([]interface{})), } @@ -752,74 +754,74 @@ func expandRevocationConfiguration(l []interface{}) *acmpca.RevocationConfigurat return config } -func flattenASN1Subject(subject *acmpca.ASN1Subject) []interface{} { +func flattenASN1Subject(subject *awstypes.ASN1Subject) []interface{} { if subject == nil { return []interface{}{} } m := map[string]interface{}{ - "common_name": aws.StringValue(subject.CommonName), - "country": aws.StringValue(subject.Country), - "distinguished_name_qualifier": aws.StringValue(subject.DistinguishedNameQualifier), - "generation_qualifier": aws.StringValue(subject.GenerationQualifier), - "given_name": aws.StringValue(subject.GivenName), - "initials": aws.StringValue(subject.Initials), - "locality": aws.StringValue(subject.Locality), - "organization": aws.StringValue(subject.Organization), - "organizational_unit": aws.StringValue(subject.OrganizationalUnit), - "pseudonym": aws.StringValue(subject.Pseudonym), - "state": aws.StringValue(subject.State), - "surname": aws.StringValue(subject.Surname), - "title": aws.StringValue(subject.Title), + "common_name": aws.ToString(subject.CommonName), + "country": aws.ToString(subject.Country), + "distinguished_name_qualifier": aws.ToString(subject.DistinguishedNameQualifier), + "generation_qualifier": aws.ToString(subject.GenerationQualifier), + "given_name": aws.ToString(subject.GivenName), + "initials": aws.ToString(subject.Initials), + "locality": aws.ToString(subject.Locality), + "organization": aws.ToString(subject.Organization), + "organizational_unit": aws.ToString(subject.OrganizationalUnit), + "pseudonym": aws.ToString(subject.Pseudonym), + "state": aws.ToString(subject.State), + "surname": aws.ToString(subject.Surname), + "title": aws.ToString(subject.Title), } return []interface{}{m} } -func flattenCertificateAuthorityConfiguration(config *acmpca.CertificateAuthorityConfiguration) []interface{} { +func flattenCertificateAuthorityConfiguration(config *awstypes.CertificateAuthorityConfiguration) []interface{} { if config == nil { return []interface{}{} } m := map[string]interface{}{ - "key_algorithm": aws.StringValue(config.KeyAlgorithm), - "signing_algorithm": aws.StringValue(config.SigningAlgorithm), + "key_algorithm": string(config.KeyAlgorithm), + "signing_algorithm": string(config.SigningAlgorithm), "subject": flattenASN1Subject(config.Subject), } return []interface{}{m} } -func flattenCrlConfiguration(config *acmpca.CrlConfiguration) []interface{} { +func flattenCrlConfiguration(config *awstypes.CrlConfiguration) []interface{} { if config == nil { return []interface{}{} } m := map[string]interface{}{ - "custom_cname": aws.StringValue(config.CustomCname), - "enabled": aws.BoolValue(config.Enabled), - "expiration_in_days": int(aws.Int64Value(config.ExpirationInDays)), - "s3_bucket_name": aws.StringValue(config.S3BucketName), - "s3_object_acl": aws.StringValue(config.S3ObjectAcl), + "custom_cname": aws.ToString(config.CustomCname), + "enabled": aws.ToBool(config.Enabled), + "expiration_in_days": int(aws.ToInt32(config.ExpirationInDays)), + "s3_bucket_name": aws.ToString(config.S3BucketName), + "s3_object_acl": string(config.S3ObjectAcl), } return []interface{}{m} } -func flattenOcspConfiguration(config *acmpca.OcspConfiguration) []interface{} { +func flattenOcspConfiguration(config *awstypes.OcspConfiguration) []interface{} { if config == nil { return []interface{}{} } m := map[string]interface{}{ - "enabled": aws.BoolValue(config.Enabled), - "ocsp_custom_cname": aws.StringValue(config.OcspCustomCname), + "enabled": aws.ToBool(config.Enabled), + "ocsp_custom_cname": aws.ToString(config.OcspCustomCname), } return []interface{}{m} } -func flattenRevocationConfiguration(config *acmpca.RevocationConfiguration) []interface{} { +func flattenRevocationConfiguration(config *awstypes.RevocationConfiguration) []interface{} { if config == nil { return []interface{}{} } diff --git a/internal/service/acmpca/certificate_authority_certificate.go b/internal/service/acmpca/certificate_authority_certificate.go index f72a06b04cd..2c0a10eca1e 100644 --- a/internal/service/acmpca/certificate_authority_certificate.go +++ b/internal/service/acmpca/certificate_authority_certificate.go @@ -7,8 +7,8 @@ import ( "context" "log" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/acmpca" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/acmpca" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" @@ -54,7 +54,7 @@ func ResourceCertificateAuthorityCertificate() *schema.Resource { func resourceCertificateAuthorityCertificateCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) certificateAuthorityARN := d.Get("certificate_authority_arn").(string) @@ -66,7 +66,7 @@ func resourceCertificateAuthorityCertificateCreate(ctx context.Context, d *schem input.CertificateChain = []byte(v) } - _, err := conn.ImportCertificateAuthorityCertificateWithContext(ctx, input) + _, err := conn.ImportCertificateAuthorityCertificate(ctx, input) if err != nil { return sdkdiag.AppendErrorf(diags, "associating ACM PCA Certificate with Certificate Authority (%s): %s", certificateAuthorityARN, err) } @@ -78,7 +78,7 @@ func resourceCertificateAuthorityCertificateCreate(ctx context.Context, d *schem func resourceCertificateAuthorityCertificateRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) output, err := FindCertificateAuthorityCertificateByARN(ctx, conn, d.Id()) if !d.IsNewResource() && tfresource.NotFound(err) { diff --git a/internal/service/acmpca/certificate_authority_certificate_test.go b/internal/service/acmpca/certificate_authority_certificate_test.go index 404c9515119..7f44025c3ee 100644 --- a/internal/service/acmpca/certificate_authority_certificate_test.go +++ b/internal/service/acmpca/certificate_authority_certificate_test.go @@ -8,7 +8,7 @@ import ( "fmt" "testing" - "github.com/aws/aws-sdk-go/service/acmpca" + "github.com/aws/aws-sdk-go-v2/service/acmpca" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-aws/internal/acctest" @@ -123,7 +123,7 @@ func testAccCheckCertificateAuthorityCertificateExists(ctx context.Context, reso return fmt.Errorf("not found: %s", resourceName) } - conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) output, err := tfacmpca.FindCertificateAuthorityCertificateByARN(ctx, conn, rs.Primary.ID) if err != nil { diff --git a/internal/service/acmpca/certificate_authority_data_source.go b/internal/service/acmpca/certificate_authority_data_source.go index 243e939d4c5..2f2381ec704 100644 --- a/internal/service/acmpca/certificate_authority_data_source.go +++ b/internal/service/acmpca/certificate_authority_data_source.go @@ -8,12 +8,13 @@ import ( "log" "time" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/acmpca" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/acmpca" + awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/errs" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" tftags "github.com/hashicorp/terraform-provider-aws/internal/tags" ) @@ -130,7 +131,7 @@ func DataSourceCertificateAuthority() *schema.Resource { func dataSourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) ignoreTagsConfig := meta.(*conns.AWSClient).IgnoreTagsConfig certificateAuthorityARN := d.Get("arn").(string) @@ -140,7 +141,7 @@ func dataSourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceD log.Printf("[DEBUG] Reading ACM PCA Certificate Authority: %s", describeCertificateAuthorityInput) - describeCertificateAuthorityOutput, err := conn.DescribeCertificateAuthorityWithContext(ctx, describeCertificateAuthorityInput) + describeCertificateAuthorityOutput, err := conn.DescribeCertificateAuthority(ctx, describeCertificateAuthorityInput) if err != nil { return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority (%s): %s", certificateAuthorityARN, err) } @@ -152,8 +153,8 @@ func dataSourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceD d.Set("arn", certificateAuthority.Arn) d.Set("key_storage_security_standard", certificateAuthority.KeyStorageSecurityStandard) - d.Set("not_after", aws.TimeValue(certificateAuthority.NotAfter).Format(time.RFC3339)) - d.Set("not_before", aws.TimeValue(certificateAuthority.NotBefore).Format(time.RFC3339)) + d.Set("not_after", aws.ToTime(certificateAuthority.NotAfter).Format(time.RFC3339)) + d.Set("not_before", aws.ToTime(certificateAuthority.NotBefore).Format(time.RFC3339)) if err := d.Set("revocation_configuration", flattenRevocationConfiguration(certificateAuthority.RevocationConfiguration)); err != nil { return sdkdiag.AppendErrorf(diags, "setting revocation_configuration: %s", err) } @@ -168,11 +169,11 @@ func dataSourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceD log.Printf("[DEBUG] Reading ACM PCA Certificate Authority Certificate: %s", getCertificateAuthorityCertificateInput) - getCertificateAuthorityCertificateOutput, err := conn.GetCertificateAuthorityCertificateWithContext(ctx, getCertificateAuthorityCertificateInput) + getCertificateAuthorityCertificateOutput, err := conn.GetCertificateAuthorityCertificate(ctx, getCertificateAuthorityCertificateInput) if err != nil { // Returned when in PENDING_CERTIFICATE status // InvalidStateException: The certificate authority XXXXX is not in the correct state to have a certificate signing request. - if !tfawserr.ErrCodeEquals(err, acmpca.ErrCodeInvalidStateException) { + if errs.IsA[*awstypes.InvalidStateException](err) { return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority Certificate: %s", err) } } @@ -190,7 +191,7 @@ func dataSourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceD log.Printf("[DEBUG] Reading ACM PCA Certificate Authority Certificate Signing Request: %s", getCertificateAuthorityCsrInput) - getCertificateAuthorityCsrOutput, err := conn.GetCertificateAuthorityCsrWithContext(ctx, getCertificateAuthorityCsrInput) + getCertificateAuthorityCsrOutput, err := conn.GetCertificateAuthorityCsr(ctx, getCertificateAuthorityCsrInput) if err != nil { return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority Certificate Signing Request: %s", err) } diff --git a/internal/service/acmpca/certificate_authority_test.go b/internal/service/acmpca/certificate_authority_test.go index 057a23cd7f3..bd10d9df54a 100644 --- a/internal/service/acmpca/certificate_authority_test.go +++ b/internal/service/acmpca/certificate_authority_test.go @@ -9,6 +9,7 @@ import ( "testing" "github.com/YakDriver/regexache" + awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/service/acmpca" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" @@ -25,7 +26,7 @@ var testAccCheckCertificateAuthorityExists = acctest.CheckACMPCACertificateAutho func TestAccACMPCACertificateAuthority_basic(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -73,7 +74,7 @@ func TestAccACMPCACertificateAuthority_basic(t *testing.T) { func TestAccACMPCACertificateAuthority_disappears(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -97,7 +98,7 @@ func TestAccACMPCACertificateAuthority_disappears(t *testing.T) { func TestAccACMPCACertificateAuthority_enabledDeprecated(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -145,7 +146,7 @@ func TestAccACMPCACertificateAuthority_enabledDeprecated(t *testing.T) { func TestAccACMPCACertificateAuthority_usageMode(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -176,7 +177,7 @@ func TestAccACMPCACertificateAuthority_usageMode(t *testing.T) { func TestAccACMPCACertificateAuthority_keyStorageSecurityStandard(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -211,7 +212,7 @@ func TestAccACMPCACertificateAuthority_keyStorageSecurityStandard(t *testing.T) func TestAccACMPCACertificateAuthority_deleteFromActiveState(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -235,7 +236,7 @@ func TestAccACMPCACertificateAuthority_deleteFromActiveState(t *testing.T) { func TestAccACMPCACertificateAuthority_RevocationConfiguration_empty(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -283,7 +284,7 @@ func TestAccACMPCACertificateAuthority_RevocationConfiguration_empty(t *testing. func TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_acmpca_certificate_authority.test" domain := acctest.RandomDomain() @@ -374,7 +375,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME(t *testing.T) { func TestAccACMPCACertificateAuthority_RevocationCrl_enabled(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -446,7 +447,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_enabled(t *testing.T) { func TestAccACMPCACertificateAuthority_RevocationCrl_expirationInDays(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -508,7 +509,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_expirationInDays(t *testing func TestAccACMPCACertificateAuthority_RevocationCrl_s3ObjectACL(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -560,7 +561,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_s3ObjectACL(t *testing.T) { func TestAccACMPCACertificateAuthority_RevocationOcsp_enabled(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -627,7 +628,7 @@ func TestAccACMPCACertificateAuthority_RevocationOcsp_enabled(t *testing.T) { func TestAccACMPCACertificateAuthority_RevocationOcsp_customCNAME(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority acmpca.CertificateAuthority + var certificateAuthority awstypes.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" domain := acctest.RandomDomain() commonName := domain.String() @@ -709,7 +710,7 @@ func TestAccACMPCACertificateAuthority_RevocationOcsp_customCNAME(t *testing.T) func testAccCheckCertificateAuthorityDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { - conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) for _, rs := range s.RootModule().Resources { if rs.Type != "aws_acmpca_certificate_authority" { diff --git a/internal/service/acmpca/certificate_data_source.go b/internal/service/acmpca/certificate_data_source.go index 578f06a27a0..60cdc85a2e9 100644 --- a/internal/service/acmpca/certificate_data_source.go +++ b/internal/service/acmpca/certificate_data_source.go @@ -7,8 +7,8 @@ import ( "context" "log" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/acmpca" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/acmpca" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" @@ -46,7 +46,7 @@ func DataSourceCertificate() *schema.Resource { func dataSourceCertificateRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) certificateARN := d.Get("arn").(string) getCertificateInput := &acmpca.GetCertificateInput{ @@ -56,7 +56,7 @@ func dataSourceCertificateRead(ctx context.Context, d *schema.ResourceData, meta log.Printf("[DEBUG] Reading ACM PCA Certificate: %s", getCertificateInput) - certificateOutput, err := conn.GetCertificateWithContext(ctx, getCertificateInput) + certificateOutput, err := conn.GetCertificate(ctx, getCertificateInput) if err != nil { return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate (%s): %s", certificateARN, err) } diff --git a/internal/service/acmpca/certificate_test.go b/internal/service/acmpca/certificate_test.go index af8f935414e..530f10faf23 100644 --- a/internal/service/acmpca/certificate_test.go +++ b/internal/service/acmpca/certificate_test.go @@ -13,13 +13,14 @@ import ( "time" "github.com/YakDriver/regexache" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/acmpca" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/acmpca" + awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-aws/internal/acctest" "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/errs" tfacmpca "github.com/hashicorp/terraform-provider-aws/internal/service/acmpca" "github.com/hashicorp/terraform-provider-aws/names" ) @@ -295,7 +296,7 @@ func TestAccACMPCACertificate_Validity_absolute(t *testing.T) { func testAccCheckCertificateDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { - conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) for _, rs := range s.RootModule().Resources { if rs.Type != "aws_acmpca_certificate" { @@ -307,11 +308,11 @@ func testAccCheckCertificateDestroy(ctx context.Context) resource.TestCheckFunc CertificateAuthorityArn: aws.String(rs.Primary.Attributes["certificate_authority_arn"]), } - output, err := conn.GetCertificateWithContext(ctx, input) - if tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) { + output, err := conn.GetCertificate(ctx, input) + if errs.IsA[*awstypes.ResourceNotFoundException](err) { return nil } - if tfawserr.ErrMessageContains(err, acmpca.ErrCodeInvalidStateException, "not in the correct state to have issued certificates") { + if errs.IsAErrorMessageContains[*awstypes.InvalidStateException](err, "not in the correct state to have issued certificates") { // This is returned when checking root certificates and the certificate has not been associated with the certificate authority return nil } @@ -335,13 +336,13 @@ func testAccCheckCertificateExists(ctx context.Context, resourceName string) res return fmt.Errorf("Not found: %s", resourceName) } - conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) input := &acmpca.GetCertificateInput{ CertificateArn: aws.String(rs.Primary.ID), CertificateAuthorityArn: aws.String(rs.Primary.Attributes["certificate_authority_arn"]), } - output, err := conn.GetCertificateWithContext(ctx, input) + output, err := conn.GetCertificate(ctx, input) if err != nil { return err @@ -629,22 +630,22 @@ func TestExpandValidityValue(t *testing.T) { Expected int64 }{ { - Type: acmpca.ValidityPeriodTypeEndDate, + Type: string(awstypes.ValidityPeriodTypeEndDate), Value: "2021-02-26T16:04:00Z", Expected: 20210226160400, }, { - Type: acmpca.ValidityPeriodTypeEndDate, + Type: string(awstypes.ValidityPeriodTypeEndDate), Value: "2021-02-26T16:04:00-08:00", Expected: 20210227000400, }, { - Type: acmpca.ValidityPeriodTypeAbsolute, + Type: string(awstypes.ValidityPeriodTypeAbsolute), Value: "1614385420", Expected: 1614385420, }, { - Type: acmpca.ValidityPeriodTypeYears, + Type: string(awstypes.ValidityPeriodTypeYears), Value: "2", Expected: 2, }, diff --git a/internal/service/acmpca/find.go b/internal/service/acmpca/find.go index 125eec74adb..69ef4b00394 100644 --- a/internal/service/acmpca/find.go +++ b/internal/service/acmpca/find.go @@ -6,22 +6,23 @@ package acmpca import ( "context" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/acmpca" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/acmpca" + awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" + "github.com/hashicorp/terraform-provider-aws/internal/errs" "github.com/hashicorp/terraform-provider-aws/internal/tfresource" ) // FindCertificateAuthorityCertificateByARN returns the certificate for the certificate authority corresponding to the specified ARN. // Returns a retry.NotFoundError if no certificate authority is found or the certificate authority does not have a certificate assigned. -func FindCertificateAuthorityCertificateByARN(ctx context.Context, conn *acmpca.ACMPCA, arn string) (*acmpca.GetCertificateAuthorityCertificateOutput, error) { +func FindCertificateAuthorityCertificateByARN(ctx context.Context, conn *acmpca.Client, arn string) (*acmpca.GetCertificateAuthorityCertificateOutput, error) { input := &acmpca.GetCertificateAuthorityCertificateInput{ CertificateAuthorityArn: aws.String(arn), } - output, err := conn.GetCertificateAuthorityCertificateWithContext(ctx, input) - if tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) { + output, err := conn.GetCertificateAuthorityCertificate(ctx, input) + if errs.IsA[*awstypes.ResourceNotFoundException](err) { return nil, &retry.NotFoundError{ LastError: err, LastRequest: input, @@ -41,14 +42,14 @@ func FindCertificateAuthorityCertificateByARN(ctx context.Context, conn *acmpca. return output, nil } -func FindPolicyByARN(ctx context.Context, conn *acmpca.ACMPCA, arn string) (string, error) { +func FindPolicyByARN(ctx context.Context, conn *acmpca.Client, arn string) (string, error) { input := &acmpca.GetPolicyInput{ ResourceArn: aws.String(arn), } - output, err := conn.GetPolicyWithContext(ctx, input) + output, err := conn.GetPolicy(ctx, input) - if tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) { + if errs.IsA[*awstypes.ResourceNotFoundException](err) { return "", &retry.NotFoundError{ LastError: err, LastRequest: input, @@ -63,46 +64,32 @@ func FindPolicyByARN(ctx context.Context, conn *acmpca.ACMPCA, arn string) (stri return "", tfresource.NewEmptyResultError(input) } - return aws.StringValue(output.Policy), nil + return aws.ToString(output.Policy), nil } -func FindPermission(ctx context.Context, conn *acmpca.ACMPCA, certificateAuthorityARN, principal, sourceAccount string) (*acmpca.Permission, error) { +func FindPermission(ctx context.Context, conn *acmpca.Client, certificateAuthorityARN, principal, sourceAccount string) (*awstypes.Permission, error) { input := &acmpca.ListPermissionsInput{ CertificateAuthorityArn: aws.String(certificateAuthorityARN), } - var output []*acmpca.Permission - err := conn.ListPermissionsPagesWithContext(ctx, input, func(page *acmpca.ListPermissionsOutput, lastPage bool) bool { - if page == nil { - return !lastPage + var results []awstypes.Permission + paginator := acmpca.NewListPermissionsPaginator(conn, input) + for paginator.HasMorePages() { + page, err := paginator.NextPage(ctx) + if err != nil { + return nil, err } - for _, v := range page.Permissions { - if v != nil { - output = append(output, v) + for _, permission := range page.Permissions { + if aws.ToString(permission.Principal) == principal && (sourceAccount == "" || aws.ToString(permission.SourceAccount) == sourceAccount) { + results = append(results, permission) } } - - return !lastPage - }) - - if tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) || - tfawserr.ErrMessageContains(err, acmpca.ErrCodeInvalidStateException, "The certificate authority is in the DELETED state") { - return nil, &retry.NotFoundError{ - LastError: err, - LastRequest: input, - } } + permission, err := tfresource.AssertSingleValueResult(results) if err != nil { return nil, err } - - for _, v := range output { - if aws.StringValue(v.Principal) == principal && (sourceAccount == "" || aws.StringValue(v.SourceAccount) == sourceAccount) { - return v, nil - } - } - - return nil, &retry.NotFoundError{LastRequest: input} + return permission, nil } diff --git a/internal/service/acmpca/generate.go b/internal/service/acmpca/generate.go index af8edc3eb6f..b5ce8b4941a 100644 --- a/internal/service/acmpca/generate.go +++ b/internal/service/acmpca/generate.go @@ -1,7 +1,7 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -//go:generate go run ../../generate/tags/main.go -ListTags -ListTagsOp=ListTags -ListTagsOpPaginated -ListTagsInIDElem=CertificateAuthorityArn -ServiceTagsSlice -TagOp=TagCertificateAuthority -TagInIDElem=CertificateAuthorityArn -UntagOp=UntagCertificateAuthority -UntagInNeedTagType -UntagInTagsElem=Tags -UpdateTags +//go:generate go run ../../generate/tags/main.go -ListTags -ListTagsOp=ListTags -ListTagsOpPaginated -ListTagsInIDElem=CertificateAuthorityArn -ServiceTagsSlice -TagOp=TagCertificateAuthority -TagInIDElem=CertificateAuthorityArn -UntagOp=UntagCertificateAuthority -UntagInNeedTagType -UntagInTagsElem=Tags -UpdateTags -AWSSDKVersion=2 //go:generate go run ../../generate/servicepackage/main.go //go:generate go run ../../generate/tagstests/main.go // ONLY generate directives and package declaration! Do not add anything else to this file. diff --git a/internal/service/acmpca/permission.go b/internal/service/acmpca/permission.go index b1dbb20f4fe..137608648a6 100644 --- a/internal/service/acmpca/permission.go +++ b/internal/service/acmpca/permission.go @@ -9,15 +9,16 @@ import ( "log" "strings" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/acmpca" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/acmpca" + awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/enum" + "github.com/hashicorp/terraform-provider-aws/internal/errs" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" - "github.com/hashicorp/terraform-provider-aws/internal/flex" "github.com/hashicorp/terraform-provider-aws/internal/tfresource" "github.com/hashicorp/terraform-provider-aws/internal/verify" ) @@ -35,8 +36,8 @@ func ResourcePermission() *schema.Resource { Required: true, ForceNew: true, Elem: &schema.Schema{ - Type: schema.TypeString, - ValidateFunc: validation.StringInSlice(acmpca.ActionType_Values(), false), + Type: schema.TypeString, + ValidateDiagFunc: enum.Validate[awstypes.ActionType](), }, }, "certificate_authority_arn": { @@ -69,14 +70,14 @@ func ResourcePermission() *schema.Resource { func resourcePermissionCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) caARN := d.Get("certificate_authority_arn").(string) principal := d.Get("principal").(string) sourceAccount := d.Get("source_account").(string) id := PermissionCreateResourceID(caARN, principal, sourceAccount) input := &acmpca.CreatePermissionInput{ - Actions: flex.ExpandStringSet(d.Get("actions").(*schema.Set)), + Actions: expandPermissionActions(d.Get("actions").(*schema.Set)), CertificateAuthorityArn: aws.String(caARN), Principal: aws.String(principal), } @@ -86,7 +87,7 @@ func resourcePermissionCreate(ctx context.Context, d *schema.ResourceData, meta } log.Printf("[DEBUG] Creating ACM PCA Permission: %s", input) - _, err := conn.CreatePermissionWithContext(ctx, input) + _, err := conn.CreatePermission(ctx, input) if err != nil { return sdkdiag.AppendErrorf(diags, "creating ACM PCA Permission (%s): %s", id, err) @@ -99,7 +100,7 @@ func resourcePermissionCreate(ctx context.Context, d *schema.ResourceData, meta func resourcePermissionRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) caARN, principal, sourceAccount, err := PermissionParseResourceID(d.Id()) @@ -119,7 +120,7 @@ func resourcePermissionRead(ctx context.Context, d *schema.ResourceData, meta in return sdkdiag.AppendErrorf(diags, "reading ACM PCA Permission (%s): %s", d.Id(), err) } - d.Set("actions", aws.StringValueSlice(permission.Actions)) + d.Set("actions", flattenPermissionActions(permission.Actions)) d.Set("certificate_authority_arn", permission.CertificateAuthorityArn) d.Set("policy", permission.Policy) d.Set("principal", permission.Principal) @@ -130,7 +131,7 @@ func resourcePermissionRead(ctx context.Context, d *schema.ResourceData, meta in func resourcePermissionDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) caARN, principal, sourceAccount, err := PermissionParseResourceID(d.Id()) @@ -148,9 +149,9 @@ func resourcePermissionDelete(ctx context.Context, d *schema.ResourceData, meta } log.Printf("[DEBUG] Deleting ACM PCA Permission: %s", d.Id()) - _, err = conn.DeletePermissionWithContext(ctx, input) + _, err = conn.DeletePermission(ctx, input) - if tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) { + if errs.IsA[*awstypes.ResourceNotFoundException](err) { return diags } @@ -179,3 +180,26 @@ func PermissionParseResourceID(id string) (string, string, string, error) { return "", "", "", fmt.Errorf("unexpected format for ID (%[1]s), expected CertificateAuthorityARN%[2]sPrincipal%[2]sSourceAccount", id, permissionIDSeparator) } + +func expandPermissionActions(s *schema.Set) []awstypes.ActionType { + actions := make([]awstypes.ActionType, 0) + + for _, a := range s.List() { + action := awstypes.ActionType(a.(string)) + actions = append(actions, action) + } + return actions +} + +func flattenPermissionActions(list []awstypes.ActionType) []string { + if len(list) == 0 { + return nil + } + + result := make([]string, 0, len(list)) + for _, a := range list { + action := string(a) + result = append(result, action) + } + return result +} diff --git a/internal/service/acmpca/permission_test.go b/internal/service/acmpca/permission_test.go index 4ab625fa791..59feeced918 100644 --- a/internal/service/acmpca/permission_test.go +++ b/internal/service/acmpca/permission_test.go @@ -8,7 +8,7 @@ import ( "fmt" "testing" - "github.com/aws/aws-sdk-go/service/acmpca" + awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-aws/internal/acctest" @@ -20,7 +20,7 @@ import ( func TestAccACMPCAPermission_basic(t *testing.T) { ctx := acctest.Context(t) - var permission acmpca.Permission + var permission awstypes.Permission resourceName := "aws_acmpca_permission.test" commonName := acctest.RandomDomainName() @@ -49,7 +49,7 @@ func TestAccACMPCAPermission_basic(t *testing.T) { func TestAccACMPCAPermission_disappears(t *testing.T) { ctx := acctest.Context(t) - var permission acmpca.Permission + var permission awstypes.Permission resourceName := "aws_acmpca_permission.test" commonName := acctest.RandomDomainName() @@ -73,7 +73,7 @@ func TestAccACMPCAPermission_disappears(t *testing.T) { func TestAccACMPCAPermission_sourceAccount(t *testing.T) { ctx := acctest.Context(t) - var permission acmpca.Permission + var permission awstypes.Permission resourceName := "aws_acmpca_permission.test" commonName := acctest.RandomDomainName() @@ -96,7 +96,7 @@ func TestAccACMPCAPermission_sourceAccount(t *testing.T) { func testAccCheckPermissionDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { - conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) for _, rs := range s.RootModule().Resources { if rs.Type != "aws_acmpca_permission" { @@ -126,7 +126,7 @@ func testAccCheckPermissionDestroy(ctx context.Context) resource.TestCheckFunc { } } -func testAccCheckPermissionExists(ctx context.Context, n string, v *acmpca.Permission) resource.TestCheckFunc { +func testAccCheckPermissionExists(ctx context.Context, n string, v *awstypes.Permission) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] if !ok { @@ -143,7 +143,7 @@ func testAccCheckPermissionExists(ctx context.Context, n string, v *acmpca.Permi return err } - conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) output, err := tfacmpca.FindPermission(ctx, conn, caARN, principal, sourceAccount) diff --git a/internal/service/acmpca/policy.go b/internal/service/acmpca/policy.go index 2633fc3ae09..206ac420c12 100644 --- a/internal/service/acmpca/policy.go +++ b/internal/service/acmpca/policy.go @@ -7,14 +7,15 @@ import ( "context" "log" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/acmpca" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/acmpca" + awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/errs" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" "github.com/hashicorp/terraform-provider-aws/internal/tfresource" "github.com/hashicorp/terraform-provider-aws/internal/verify" @@ -55,7 +56,7 @@ func ResourcePolicy() *schema.Resource { func resourcePolicyPut(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) policy, err := structure.NormalizeJsonString(d.Get("policy").(string)) @@ -70,7 +71,7 @@ func resourcePolicyPut(ctx context.Context, d *schema.ResourceData, meta interfa } log.Printf("[DEBUG] Putting ACM PCA Policy: %s", input) - _, err = conn.PutPolicyWithContext(ctx, input) + _, err = conn.PutPolicy(ctx, input) if err != nil { return sdkdiag.AppendErrorf(diags, "putting ACM PCA Policy (%s): %s", resourceARN, err) @@ -83,7 +84,7 @@ func resourcePolicyPut(ctx context.Context, d *schema.ResourceData, meta interfa func resourcePolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) policy, err := FindPolicyByARN(ctx, conn, d.Id()) @@ -105,17 +106,17 @@ func resourcePolicyRead(ctx context.Context, d *schema.ResourceData, meta interf func resourcePolicyDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).ACMPCAConn(ctx) + conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) log.Printf("[DEBUG] Deleting ACM PCA Policy: %s", d.Id()) - _, err := conn.DeletePolicyWithContext(ctx, &acmpca.DeletePolicyInput{ + _, err := conn.DeletePolicy(ctx, &acmpca.DeletePolicyInput{ ResourceArn: aws.String(d.Id()), }) - if tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) || - tfawserr.ErrCodeEquals(err, acmpca.ErrCodeRequestAlreadyProcessedException) || - tfawserr.ErrCodeEquals(err, acmpca.ErrCodeRequestInProgressException) || - tfawserr.ErrMessageContains(err, acmpca.ErrCodeInvalidRequestException, "Self-signed policy can not be revoked") { + if errs.IsA[*awstypes.ResourceNotFoundException](err) || + errs.IsA[*awstypes.RequestAlreadyProcessedException](err) || + errs.IsA[*awstypes.RequestInProgressException](err) || + errs.IsAErrorMessageContains[*awstypes.InvalidRequestException](err, "Self-signed policy can not be revoked") { return diags } diff --git a/internal/service/acmpca/policy_test.go b/internal/service/acmpca/policy_test.go index 26d34d914fa..e590d5d33f2 100644 --- a/internal/service/acmpca/policy_test.go +++ b/internal/service/acmpca/policy_test.go @@ -45,7 +45,7 @@ func TestAccACMPCAPolicy_basic(t *testing.T) { func testAccCheckPolicyDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { - conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) for _, rs := range s.RootModule().Resources { if rs.Type != "aws_acmpca_policy" { @@ -80,7 +80,7 @@ func testAccCheckPolicyExists(ctx context.Context, n string) resource.TestCheckF return fmt.Errorf("No ACM PCA Policy ID is set") } - conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) _, err := tfacmpca.FindPolicyByARN(ctx, conn, rs.Primary.ID) diff --git a/internal/service/acmpca/service_package_gen.go b/internal/service/acmpca/service_package_gen.go index 04a2de126a2..3fdd941ff68 100644 --- a/internal/service/acmpca/service_package_gen.go +++ b/internal/service/acmpca/service_package_gen.go @@ -5,9 +5,8 @@ package acmpca import ( "context" - aws_sdkv1 "github.com/aws/aws-sdk-go/aws" - session_sdkv1 "github.com/aws/aws-sdk-go/aws/session" - acmpca_sdkv1 "github.com/aws/aws-sdk-go/service/acmpca" + aws_sdkv2 "github.com/aws/aws-sdk-go-v2/aws" + acmpca_sdkv2 "github.com/aws/aws-sdk-go-v2/service/acmpca" "github.com/hashicorp/terraform-provider-aws/internal/conns" "github.com/hashicorp/terraform-provider-aws/internal/types" "github.com/hashicorp/terraform-provider-aws/names" @@ -69,11 +68,15 @@ func (p *servicePackage) ServicePackageName() string { return names.ACMPCA } -// NewConn returns a new AWS SDK for Go v1 client for this service package's AWS API. -func (p *servicePackage) NewConn(ctx context.Context, config map[string]any) (*acmpca_sdkv1.ACMPCA, error) { - sess := config["session"].(*session_sdkv1.Session) +// NewClient returns a new AWS SDK for Go v2 client for this service package's AWS API. +func (p *servicePackage) NewClient(ctx context.Context, config map[string]any) (*acmpca_sdkv2.Client, error) { + cfg := *(config["aws_sdkv2_config"].(*aws_sdkv2.Config)) - return acmpca_sdkv1.New(sess.Copy(&aws_sdkv1.Config{Endpoint: aws_sdkv1.String(config["endpoint"].(string))})), nil + return acmpca_sdkv2.NewFromConfig(cfg, func(o *acmpca_sdkv2.Options) { + if endpoint := config["endpoint"].(string); endpoint != "" { + o.BaseEndpoint = aws_sdkv2.String(endpoint) + } + }), nil } func ServicePackage(ctx context.Context) conns.ServicePackage { diff --git a/internal/service/acmpca/sweep.go b/internal/service/acmpca/sweep.go index d5deb97e471..ff514ce47bc 100644 --- a/internal/service/acmpca/sweep.go +++ b/internal/service/acmpca/sweep.go @@ -7,8 +7,9 @@ import ( "fmt" "log" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/acmpca" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/acmpca" + awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-aws/internal/sweep" "github.com/hashicorp/terraform-provider-aws/internal/sweep/awsv1" @@ -28,19 +29,21 @@ func sweepCertificateAuthorities(region string) error { return fmt.Errorf("error getting client: %w", err) } input := &acmpca.ListCertificateAuthoritiesInput{} - conn := client.ACMPCAConn(ctx) + conn := client.ACMPCAClient(ctx) sweepResources := make([]sweep.Sweepable, 0) - err = conn.ListCertificateAuthoritiesPagesWithContext(ctx, input, func(page *acmpca.ListCertificateAuthoritiesOutput, lastPage bool) bool { - if page == nil { - return !lastPage + paginator := acmpca.NewListCertificateAuthoritiesPaginator(conn, input) + for paginator.HasMorePages() { + page, err := paginator.NextPage(ctx) + if err != nil { + return err } for _, v := range page.CertificateAuthorities { - arn := aws.StringValue(v.Arn) + arn := aws.ToString(v.Arn) - if status := aws.StringValue(v.Status); status == acmpca.CertificateAuthorityStatusDeleted { - log.Printf("[INFO] Skipping ACM PCA Certificate Authority %s: Status=%s", arn, status) + if v.Status == awstypes.CertificateAuthorityStatusDeleted { + log.Printf("[INFO] Skipping ACM PCA Certificate Authority %s: Status=%s", arn, string(v.Status)) continue } @@ -51,9 +54,7 @@ func sweepCertificateAuthorities(region string) error { sweepResources = append(sweepResources, sweep.NewSweepResource(r, d, client)) } - - return !lastPage - }) + } if awsv1.SkipSweepError(err) { log.Printf("[WARN] Skipping ACM PCA Certificate Authority sweep for %s: %s", region, err) diff --git a/internal/service/acmpca/tags_gen.go b/internal/service/acmpca/tags_gen.go index 04f3ca619f3..56b5aae344a 100644 --- a/internal/service/acmpca/tags_gen.go +++ b/internal/service/acmpca/tags_gen.go @@ -5,9 +5,9 @@ import ( "context" "fmt" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/acmpca" - "github.com/aws/aws-sdk-go/service/acmpca/acmpcaiface" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/acmpca" + awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-log/tflog" "github.com/hashicorp/terraform-provider-aws/internal/conns" "github.com/hashicorp/terraform-provider-aws/internal/logging" @@ -19,28 +19,23 @@ import ( // listTags lists acmpca service tags. // The identifier is typically the Amazon Resource Name (ARN), although // it may also be a different identifier depending on the service. -func listTags(ctx context.Context, conn acmpcaiface.ACMPCAAPI, identifier string) (tftags.KeyValueTags, error) { +func listTags(ctx context.Context, conn *acmpca.Client, identifier string, optFns ...func(*acmpca.Options)) (tftags.KeyValueTags, error) { input := &acmpca.ListTagsInput{ CertificateAuthorityArn: aws.String(identifier), } - var output []*acmpca.Tag + var output []awstypes.Tag - err := conn.ListTagsPagesWithContext(ctx, input, func(page *acmpca.ListTagsOutput, lastPage bool) bool { - if page == nil { - return !lastPage + pages := acmpca.NewListTagsPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) + + if err != nil { + return tftags.New(ctx, nil), err } for _, v := range page.Tags { - if v != nil { - output = append(output, v) - } + output = append(output, v) } - - return !lastPage - }) - - if err != nil { - return tftags.New(ctx, nil), err } return KeyValueTags(ctx, output), nil @@ -49,7 +44,7 @@ func listTags(ctx context.Context, conn acmpcaiface.ACMPCAAPI, identifier string // ListTags lists acmpca service tags and set them in Context. // It is called from outside this package. func (p *servicePackage) ListTags(ctx context.Context, meta any, identifier string) error { - tags, err := listTags(ctx, meta.(*conns.AWSClient).ACMPCAConn(ctx), identifier) + tags, err := listTags(ctx, meta.(*conns.AWSClient).ACMPCAClient(ctx), identifier) if err != nil { return err @@ -65,11 +60,11 @@ func (p *servicePackage) ListTags(ctx context.Context, meta any, identifier stri // []*SERVICE.Tag handling // Tags returns acmpca service tags. -func Tags(tags tftags.KeyValueTags) []*acmpca.Tag { - result := make([]*acmpca.Tag, 0, len(tags)) +func Tags(tags tftags.KeyValueTags) []awstypes.Tag { + result := make([]awstypes.Tag, 0, len(tags)) for k, v := range tags.Map() { - tag := &acmpca.Tag{ + tag := awstypes.Tag{ Key: aws.String(k), Value: aws.String(v), } @@ -81,11 +76,11 @@ func Tags(tags tftags.KeyValueTags) []*acmpca.Tag { } // KeyValueTags creates tftags.KeyValueTags from acmpca service tags. -func KeyValueTags(ctx context.Context, tags []*acmpca.Tag) tftags.KeyValueTags { +func KeyValueTags(ctx context.Context, tags []awstypes.Tag) tftags.KeyValueTags { m := make(map[string]*string, len(tags)) for _, tag := range tags { - m[aws.StringValue(tag.Key)] = tag.Value + m[aws.ToString(tag.Key)] = tag.Value } return tftags.New(ctx, m) @@ -93,7 +88,7 @@ func KeyValueTags(ctx context.Context, tags []*acmpca.Tag) tftags.KeyValueTags { // getTagsIn returns acmpca service tags from Context. // nil is returned if there are no input tags. -func getTagsIn(ctx context.Context) []*acmpca.Tag { +func getTagsIn(ctx context.Context) []awstypes.Tag { if inContext, ok := tftags.FromContext(ctx); ok { if tags := Tags(inContext.TagsIn.UnwrapOrDefault()); len(tags) > 0 { return tags @@ -104,7 +99,7 @@ func getTagsIn(ctx context.Context) []*acmpca.Tag { } // setTagsOut sets acmpca service tags in Context. -func setTagsOut(ctx context.Context, tags []*acmpca.Tag) { +func setTagsOut(ctx context.Context, tags []awstypes.Tag) { if inContext, ok := tftags.FromContext(ctx); ok { inContext.TagsOut = option.Some(KeyValueTags(ctx, tags)) } @@ -113,7 +108,7 @@ func setTagsOut(ctx context.Context, tags []*acmpca.Tag) { // updateTags updates acmpca service tags. // The identifier is typically the Amazon Resource Name (ARN), although // it may also be a different identifier depending on the service. -func updateTags(ctx context.Context, conn acmpcaiface.ACMPCAAPI, identifier string, oldTagsMap, newTagsMap any) error { +func updateTags(ctx context.Context, conn *acmpca.Client, identifier string, oldTagsMap, newTagsMap any, optFns ...func(*acmpca.Options)) error { oldTags := tftags.New(ctx, oldTagsMap) newTags := tftags.New(ctx, newTagsMap) @@ -127,7 +122,7 @@ func updateTags(ctx context.Context, conn acmpcaiface.ACMPCAAPI, identifier stri Tags: Tags(removedTags), } - _, err := conn.UntagCertificateAuthorityWithContext(ctx, input) + _, err := conn.UntagCertificateAuthority(ctx, input, optFns...) if err != nil { return fmt.Errorf("untagging resource (%s): %w", identifier, err) @@ -142,7 +137,7 @@ func updateTags(ctx context.Context, conn acmpcaiface.ACMPCAAPI, identifier stri Tags: Tags(updatedTags), } - _, err := conn.TagCertificateAuthorityWithContext(ctx, input) + _, err := conn.TagCertificateAuthority(ctx, input, optFns...) if err != nil { return fmt.Errorf("tagging resource (%s): %w", identifier, err) @@ -155,5 +150,5 @@ func updateTags(ctx context.Context, conn acmpcaiface.ACMPCAAPI, identifier stri // UpdateTags updates acmpca service tags. // It is called from outside this package. func (p *servicePackage) UpdateTags(ctx context.Context, meta any, identifier string, oldTags, newTags any) error { - return updateTags(ctx, meta.(*conns.AWSClient).ACMPCAConn(ctx), identifier, oldTags, newTags) + return updateTags(ctx, meta.(*conns.AWSClient).ACMPCAClient(ctx), identifier, oldTags, newTags) } diff --git a/internal/service/appmesh/virtual_gateway_test.go b/internal/service/appmesh/virtual_gateway_test.go index da31755e0cb..49216e6c4ee 100644 --- a/internal/service/appmesh/virtual_gateway_test.go +++ b/internal/service/appmesh/virtual_gateway_test.go @@ -8,7 +8,7 @@ import ( "fmt" "testing" - "github.com/aws/aws-sdk-go/service/acmpca" + acmpca_types "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/aws/aws-sdk-go/service/appmesh" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" @@ -414,7 +414,7 @@ func testAccVirtualGateway_ListenerHealthChecks(t *testing.T) { func testAccVirtualGateway_ListenerTLS(t *testing.T) { ctx := acctest.Context(t) var v appmesh.VirtualGatewayData - var ca acmpca.CertificateAuthority + var ca acmpca_types.CertificateAuthority resourceName := "aws_appmesh_virtual_gateway.test" acmCAResourceName := "aws_acmpca_certificate_authority.test" acmCertificateResourceName := "aws_acm_certificate.test" diff --git a/internal/service/appmesh/virtual_node_test.go b/internal/service/appmesh/virtual_node_test.go index aebfa0fe436..ad2bbc0e286 100644 --- a/internal/service/appmesh/virtual_node_test.go +++ b/internal/service/appmesh/virtual_node_test.go @@ -8,7 +8,7 @@ import ( "fmt" "testing" - "github.com/aws/aws-sdk-go/service/acmpca" + acmpca_types "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/aws/aws-sdk-go/service/appmesh" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" @@ -91,7 +91,7 @@ func testAccVirtualNode_disappears(t *testing.T) { func testAccVirtualNode_backendClientPolicyACM(t *testing.T) { ctx := acctest.Context(t) var vn appmesh.VirtualNodeData - var ca acmpca.CertificateAuthority + var ca acmpca_types.CertificateAuthority resourceName := "aws_appmesh_virtual_node.test" acmCAResourceName := "aws_acmpca_certificate_authority.test" @@ -908,7 +908,7 @@ func testAccVirtualNode_listenerTimeout(t *testing.T) { func testAccVirtualNode_listenerTLS(t *testing.T) { ctx := acctest.Context(t) var vn appmesh.VirtualNodeData - var ca acmpca.CertificateAuthority + var ca acmpca_types.CertificateAuthority resourceName := "aws_appmesh_virtual_node.test" acmCAResourceName := "aws_acmpca_certificate_authority.test" acmCertificateResourceName := "aws_acm_certificate.test" diff --git a/internal/service/ec2/vpnsite_customer_gateway_test.go b/internal/service/ec2/vpnsite_customer_gateway_test.go index a43588e1d69..f56781e6cf4 100644 --- a/internal/service/ec2/vpnsite_customer_gateway_test.go +++ b/internal/service/ec2/vpnsite_customer_gateway_test.go @@ -10,7 +10,7 @@ import ( "testing" "github.com/YakDriver/regexache" - "github.com/aws/aws-sdk-go/service/acmpca" + acmpca_types "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/aws/aws-sdk-go/service/ec2" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" @@ -184,8 +184,8 @@ func TestAccSiteVPNCustomerGateway_4ByteASN(t *testing.T) { func TestAccSiteVPNCustomerGateway_certificate(t *testing.T) { ctx := acctest.Context(t) var gateway ec2.CustomerGateway - var caRoot acmpca.CertificateAuthority - var caSubordinate acmpca.CertificateAuthority + var caRoot acmpca_types.CertificateAuthority + var caSubordinate acmpca_types.CertificateAuthority rBgpAsn := sdkacctest.RandIntRange(64512, 65534) rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_customer_gateway.test" diff --git a/internal/service/guardduty/filter_test.go b/internal/service/guardduty/filter_test.go index 5ca41e303a3..53c5bf035df 100644 --- a/internal/service/guardduty/filter_test.go +++ b/internal/service/guardduty/filter_test.go @@ -9,14 +9,16 @@ import ( "testing" "github.com/YakDriver/regexache" + "github.com/aws/aws-sdk-go-v2/service/acmpca" + acmpca_types "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/acmpca" "github.com/aws/aws-sdk-go/service/guardduty" "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-aws/internal/acctest" "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/errs" tfguardduty "github.com/hashicorp/terraform-provider-aws/internal/service/guardduty" "github.com/hashicorp/terraform-provider-aws/names" ) @@ -434,7 +436,7 @@ resource "aws_guardduty_detector" "test" { func testAccCheckACMPCACertificateAuthorityDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { - conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAConn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) for _, rs := range s.RootModule().Resources { if rs.Type != "aws_acmpca_certificate_authority" { @@ -445,17 +447,17 @@ func testAccCheckACMPCACertificateAuthorityDestroy(ctx context.Context) resource CertificateAuthorityArn: aws.String(rs.Primary.ID), } - output, err := conn.DescribeCertificateAuthorityWithContext(ctx, input) + output, err := conn.DescribeCertificateAuthority(ctx, input) if err != nil { - if tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) { + if errs.IsA[*acmpca_types.ResourceNotFoundException](err) { return nil } return err } - if output != nil && output.CertificateAuthority != nil && aws.StringValue(output.CertificateAuthority.Arn) == rs.Primary.ID && aws.StringValue(output.CertificateAuthority.Status) != acmpca.CertificateAuthorityStatusDeleted { - return fmt.Errorf("ACM PCA Certificate Authority %q still exists in non-DELETED state: %s", rs.Primary.ID, aws.StringValue(output.CertificateAuthority.Status)) + if output != nil && output.CertificateAuthority != nil && aws.StringValue(output.CertificateAuthority.Arn) == rs.Primary.ID && output.CertificateAuthority.Status != acmpca_types.CertificateAuthorityStatusDeleted { + return fmt.Errorf("ACM PCA Certificate Authority %q still exists in non-DELETED state: %s", rs.Primary.ID, string(output.CertificateAuthority.Status)) } } diff --git a/internal/service/kafka/cluster_test.go b/internal/service/kafka/cluster_test.go index 65ad8ad5aaf..526e8ebf542 100644 --- a/internal/service/kafka/cluster_test.go +++ b/internal/service/kafka/cluster_test.go @@ -13,9 +13,9 @@ import ( "github.com/YakDriver/regexache" "github.com/aws/aws-sdk-go-v2/aws" + acmpca_types "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/aws/aws-sdk-go-v2/service/kafka" "github.com/aws/aws-sdk-go-v2/service/kafka/types" - "github.com/aws/aws-sdk-go/service/acmpca" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" @@ -556,7 +556,7 @@ func TestAccKafkaCluster_ClientAuthenticationSASL_iam(t *testing.T) { func TestAccKafkaCluster_ClientAuthenticationTLS_certificateAuthorityARNs(t *testing.T) { ctx := acctest.Context(t) var cluster1 types.ClusterInfo - var ca acmpca.CertificateAuthority + var ca acmpca_types.CertificateAuthority rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_msk_cluster.test" acmCAResourceName := "aws_acmpca_certificate_authority.test" @@ -617,7 +617,7 @@ func TestAccKafkaCluster_ClientAuthenticationTLS_certificateAuthorityARNs(t *tes func TestAccKafkaCluster_ClientAuthenticationTLS_initiallyNoAuthentication(t *testing.T) { ctx := acctest.Context(t) var cluster1, cluster2 types.ClusterInfo - var ca acmpca.CertificateAuthority + var ca acmpca_types.CertificateAuthority rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_msk_cluster.test" acmCAResourceName := "aws_acmpca_certificate_authority.test" diff --git a/internal/service/transfer/server_test.go b/internal/service/transfer/server_test.go index 71c4df394e1..3b048440523 100644 --- a/internal/service/transfer/server_test.go +++ b/internal/service/transfer/server_test.go @@ -10,8 +10,8 @@ import ( "testing" "github.com/YakDriver/regexache" + acmpca_types "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/aws/aws-sdk-go/aws/endpoints" - "github.com/aws/aws-sdk-go/service/acmpca" "github.com/aws/aws-sdk-go/service/transfer" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" @@ -836,7 +836,7 @@ func testAccServer_structuredLogDestinations(t *testing.T) { func testAccServer_protocols(t *testing.T) { ctx := acctest.Context(t) var s transfer.DescribedServer - var ca acmpca.CertificateAuthority + var ca acmpca_types.CertificateAuthority resourceName := "aws_transfer_server.test" acmCAResourceName := "aws_acmpca_certificate_authority.test" acmCertificateResourceName := "aws_acm_certificate.test" diff --git a/names/data/names_data.csv b/names/data/names_data.csv index 8d40ed8201c..923fbe65cf3 100644 --- a/names/data/names_data.csv +++ b/names/data/names_data.csv @@ -2,7 +2,7 @@ AWSCLIV2Command,AWSCLIV2CommandNoDashes,GoV1Package,GoV2Package,ProviderPackageA accessanalyzer,accessanalyzer,accessanalyzer,accessanalyzer,,accessanalyzer,,,AccessAnalyzer,AccessAnalyzer,,,2,,aws_accessanalyzer_,,accessanalyzer_,IAM Access Analyzer,AWS,,,,,,,AccessAnalyzer,ListAnalyzers,, account,account,account,account,,account,,,Account,Account,,,2,,aws_account_,,account_,Account Management,AWS,,,,,,,Account,ListRegions,, acm,acm,acm,acm,,acm,,,ACM,ACM,,,2,,aws_acm_,,acm_,ACM (Certificate Manager),AWS,,,,,,,ACM,ListCertificates,, -acm-pca,acmpca,acmpca,acmpca,,acmpca,,,ACMPCA,ACMPCA,,1,,,aws_acmpca_,,acmpca_,ACM PCA (Certificate Manager Private Certificate Authority),AWS,,,,,,,ACM PCA,ListCertificateAuthorities,, +acm-pca,acmpca,acmpca,acmpca,,acmpca,,,ACMPCA,ACMPCA,,,2,,aws_acmpca_,,acmpca_,ACM PCA (Certificate Manager Private Certificate Authority),AWS,,,,,,,ACM PCA,ListCertificateAuthorities,, alexaforbusiness,alexaforbusiness,alexaforbusiness,alexaforbusiness,,alexaforbusiness,,,AlexaForBusiness,AlexaForBusiness,,1,,,aws_alexaforbusiness_,,alexaforbusiness_,Alexa for Business,,,x,,,,,Alexa For Business,,, amp,amp,prometheusservice,amp,,amp,,prometheus;prometheusservice,AMP,PrometheusService,,,2,aws_prometheus_,aws_amp_,,prometheus_,AMP (Managed Prometheus),Amazon,,,,,,,amp,ListScrapers,, amplify,amplify,amplify,amplify,,amplify,,,Amplify,Amplify,,1,,,aws_amplify_,,amplify_,Amplify,AWS,,,,,,,Amplify,ListApps,, diff --git a/names/names.go b/names/names.go index 79ff75317cf..9d2690731bf 100644 --- a/names/names.go +++ b/names/names.go @@ -26,6 +26,7 @@ import ( // Endpoint constants defined by the AWS SDK v1 but not defined in the AWS SDK v2. const ( AccessAnalyzerEndpointID = "access-analyzer" + ACMPCAEndpointID = "acm-pca" AMPEndpointID = "aps" AthenaEndpointID = "athena" AuditManagerEndpointID = "auditmanager" From 8f7789d8761ec750c0d5159c55d469525c909289 Mon Sep 17 00:00:00 2001 From: Matt Burgess <549318+mattburgess@users.noreply.github.com> Date: Tue, 12 Mar 2024 23:11:46 +0000 Subject: [PATCH 02/16] Fix semgrep issue --- internal/service/acmpca/certificate_authority.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/service/acmpca/certificate_authority.go b/internal/service/acmpca/certificate_authority.go index a5f90a1e856..d3e8ecb0dd7 100644 --- a/internal/service/acmpca/certificate_authority.go +++ b/internal/service/acmpca/certificate_authority.go @@ -600,8 +600,8 @@ func statusCertificateAuthority(ctx context.Context, conn *acmpca.Client, arn st func waitCertificateAuthorityCreated(ctx context.Context, conn *acmpca.Client, arn string, timeout time.Duration) (*awstypes.CertificateAuthority, error) { stateConf := &retry.StateChangeConf{ - Pending: []string{string(awstypes.CertificateAuthorityStatusCreating)}, - Target: []string{string(awstypes.CertificateAuthorityStatusActive), string(awstypes.CertificateAuthorityStatusPendingCertificate)}, + Pending: enum.Slice(awstypes.CertificateAuthorityStatusCreating), + Target: enum.Slice(awstypes.CertificateAuthorityStatusActive, awstypes.CertificateAuthorityStatusPendingCertificate), Refresh: statusCertificateAuthority(ctx, conn, arn), Timeout: timeout, } From dc98c7c7c94f073449b13351d82001dc14afbd78 Mon Sep 17 00:00:00 2001 From: Matt Burgess <549318+mattburgess@users.noreply.github.com> Date: Wed, 13 Mar 2024 22:09:50 +0000 Subject: [PATCH 03/16] make gen --- .../service/acmpca/certificate_authority.go | 2 +- .../certificate_authority_tags_gen_test.go | 30 +++++++------- .../acmpca/service_endpoints_gen_test.go | 40 ++++++++++++------- 3 files changed, 41 insertions(+), 31 deletions(-) diff --git a/internal/service/acmpca/certificate_authority.go b/internal/service/acmpca/certificate_authority.go index d3e8ecb0dd7..313ad10a07c 100644 --- a/internal/service/acmpca/certificate_authority.go +++ b/internal/service/acmpca/certificate_authority.go @@ -35,7 +35,7 @@ const ( // @SDKResource("aws_acmpca_certificate_authority", name="Certificate Authority") // @Tags(identifierAttribute="id") -// @Testing(existsType="github.com/aws/aws-sdk-go/service/acmpca.CertificateAuthority", generator="acctest.RandomDomainName()", importIgnore="permanent_deletion_time_in_days") +// @Testing(existsType="github.com/aws/aws-sdk-go-v2/service/acmpca/types.CertificateAuthority", generator="acctest.RandomDomainName()", importIgnore="permanent_deletion_time_in_days") func ResourceCertificateAuthority() *schema.Resource { //lintignore:R011 return &schema.Resource{ diff --git a/internal/service/acmpca/certificate_authority_tags_gen_test.go b/internal/service/acmpca/certificate_authority_tags_gen_test.go index b41b3967dd4..2481eadf4f9 100644 --- a/internal/service/acmpca/certificate_authority_tags_gen_test.go +++ b/internal/service/acmpca/certificate_authority_tags_gen_test.go @@ -5,7 +5,7 @@ package acmpca_test import ( "testing" - "github.com/aws/aws-sdk-go/service/acmpca" + "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-aws/internal/acctest" "github.com/hashicorp/terraform-provider-aws/names" @@ -13,7 +13,7 @@ import ( func TestAccACMPCACertificateAuthority_tags(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -93,7 +93,7 @@ func TestAccACMPCACertificateAuthority_tags(t *testing.T) { func TestAccACMPCACertificateAuthority_tags_null(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -129,7 +129,7 @@ func TestAccACMPCACertificateAuthority_tags_null(t *testing.T) { func TestAccACMPCACertificateAuthority_tags_AddOnUpdate(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -168,7 +168,7 @@ func TestAccACMPCACertificateAuthority_tags_AddOnUpdate(t *testing.T) { func TestAccACMPCACertificateAuthority_tags_EmptyTag_OnCreate(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -215,7 +215,7 @@ func TestAccACMPCACertificateAuthority_tags_EmptyTag_OnCreate(t *testing.T) { func TestAccACMPCACertificateAuthority_tags_EmptyTag_OnUpdate_Add(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -272,7 +272,7 @@ func TestAccACMPCACertificateAuthority_tags_EmptyTag_OnUpdate_Add(t *testing.T) func TestAccACMPCACertificateAuthority_tags_EmptyTag_OnUpdate_Replace(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -312,7 +312,7 @@ func TestAccACMPCACertificateAuthority_tags_EmptyTag_OnUpdate_Replace(t *testing func TestAccACMPCACertificateAuthority_tags_DefaultTags_providerOnly(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -408,7 +408,7 @@ func TestAccACMPCACertificateAuthority_tags_DefaultTags_providerOnly(t *testing. func TestAccACMPCACertificateAuthority_tags_DefaultTags_nonOverlapping(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -489,7 +489,7 @@ func TestAccACMPCACertificateAuthority_tags_DefaultTags_nonOverlapping(t *testin func TestAccACMPCACertificateAuthority_tags_DefaultTags_overlapping(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -570,7 +570,7 @@ func TestAccACMPCACertificateAuthority_tags_DefaultTags_overlapping(t *testing.T func TestAccACMPCACertificateAuthority_tags_DefaultTags_updateToProviderOnly(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -616,7 +616,7 @@ func TestAccACMPCACertificateAuthority_tags_DefaultTags_updateToProviderOnly(t * func TestAccACMPCACertificateAuthority_tags_DefaultTags_updateToResourceOnly(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -662,7 +662,7 @@ func TestAccACMPCACertificateAuthority_tags_DefaultTags_updateToResourceOnly(t * func TestAccACMPCACertificateAuthority_tags_DefaultTags_emptyResourceTag(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -699,7 +699,7 @@ func TestAccACMPCACertificateAuthority_tags_DefaultTags_emptyResourceTag(t *test func TestAccACMPCACertificateAuthority_tags_DefaultTags_nullOverlappingResourceTag(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() @@ -735,7 +735,7 @@ func TestAccACMPCACertificateAuthority_tags_DefaultTags_nullOverlappingResourceT func TestAccACMPCACertificateAuthority_tags_DefaultTags_nullNonOverlappingResourceTag(t *testing.T) { ctx := acctest.Context(t) - var v acmpca.CertificateAuthority + var v types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" rName := acctest.RandomDomainName() diff --git a/internal/service/acmpca/service_endpoints_gen_test.go b/internal/service/acmpca/service_endpoints_gen_test.go index 639dfece1b6..80976b29c9b 100644 --- a/internal/service/acmpca/service_endpoints_gen_test.go +++ b/internal/service/acmpca/service_endpoints_gen_test.go @@ -4,17 +4,17 @@ package acmpca_test import ( "context" + "errors" "fmt" "maps" - "net/url" "os" "path/filepath" "reflect" "strings" "testing" - "github.com/aws/aws-sdk-go/aws/endpoints" - acmpca_sdkv1 "github.com/aws/aws-sdk-go/service/acmpca" + aws_sdkv2 "github.com/aws/aws-sdk-go-v2/aws" + acmpca_sdkv2 "github.com/aws/aws-sdk-go-v2/service/acmpca" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" "github.com/google/go-cmp/cmp" @@ -212,32 +212,42 @@ func TestEndpointConfiguration(t *testing.T) { //nolint:paralleltest // uses t.S } func defaultEndpoint(region string) string { - r := endpoints.DefaultResolver() + r := acmpca_sdkv2.NewDefaultEndpointResolverV2() - ep, err := r.EndpointFor(acmpca_sdkv1.EndpointsID, region) + ep, err := r.ResolveEndpoint(context.Background(), acmpca_sdkv2.EndpointParameters{ + Region: aws_sdkv2.String(region), + }) if err != nil { return err.Error() } - url, _ := url.Parse(ep.URL) - - if url.Path == "" { - url.Path = "/" + if ep.URI.Path == "" { + ep.URI.Path = "/" } - return url.String() + return ep.URI.String() } func callService(ctx context.Context, t *testing.T, meta *conns.AWSClient) string { t.Helper() - client := meta.ACMPCAConn(ctx) - - req, _ := client.ListCertificateAuthoritiesRequest(&acmpca_sdkv1.ListCertificateAuthoritiesInput{}) + var endpoint string - req.HTTPRequest.URL.Path = "/" + client := meta.ACMPCAClient(ctx) - endpoint := req.HTTPRequest.URL.String() + _, err := client.ListCertificateAuthorities(ctx, &acmpca_sdkv2.ListCertificateAuthoritiesInput{}, + func(opts *acmpca_sdkv2.Options) { + opts.APIOptions = append(opts.APIOptions, + addRetrieveEndpointURLMiddleware(t, &endpoint), + addCancelRequestMiddleware(), + ) + }, + ) + if err == nil { + t.Fatal("Expected an error, got none") + } else if !errors.Is(err, errCancelOperation) { + t.Fatalf("Unexpected error: %s", err) + } return endpoint } From 9a28644a318400e31b5e0df95f82ab28c7f67272 Mon Sep 17 00:00:00 2001 From: Matt Burgess <549318+mattburgess@users.noreply.github.com> Date: Wed, 13 Mar 2024 22:37:42 +0000 Subject: [PATCH 04/16] go mod tidy --- go.mod | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/go.mod b/go.mod index e7e7a9b2667..2c74d1c8730 100644 --- a/go.mod +++ b/go.mod @@ -14,6 +14,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/accessanalyzer v1.28.3 github.com/aws/aws-sdk-go-v2/service/account v1.16.2 github.com/aws/aws-sdk-go-v2/service/acm v1.25.2 + github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.2 github.com/aws/aws-sdk-go-v2/service/amp v1.25.2 github.com/aws/aws-sdk-go-v2/service/appconfig v1.29.0 github.com/aws/aws-sdk-go-v2/service/appfabric v1.7.2 @@ -190,8 +191,6 @@ require ( syreclabs.com/go/faker v1.2.3 ) -require github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.2 // indirect - require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.2.1 // indirect From d4bc7a301aba13487ad0139f8e8968c722d23f01 Mon Sep 17 00:00:00 2001 From: Matt Burgess <549318+mattburgess@users.noreply.github.com> Date: Wed, 13 Mar 2024 23:19:06 +0000 Subject: [PATCH 05/16] Fix lint issues --- internal/acctest/acctest.go | 6 ++++-- internal/service/acmpca/certificate.go | 5 +++-- internal/service/acmpca/certificate_authority.go | 2 +- .../service/acmpca/certificate_authority_data_source.go | 6 +++--- internal/service/acmpca/certificate_data_source.go | 2 +- internal/service/acmpca/permission.go | 2 +- internal/service/acmpca/policy.go | 2 +- 7 files changed, 14 insertions(+), 11 deletions(-) diff --git a/internal/acctest/acctest.go b/internal/acctest/acctest.go index 2e8f970f44f..c5c5f8b4881 100644 --- a/internal/acctest/acctest.go +++ b/internal/acctest/acctest.go @@ -82,6 +82,8 @@ const ( ProviderNameThird = "awsthird" ResourcePrefix = "tf-acc-test" + + CertificateIssueTimeout = 5 * time.Minute ) const RFC3339RegexPattern = `^[0-9]{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\.[0-9]+)?([Zz]|([+-]([01][0-9]|2[0-3]):[0-5][0-9]))$` @@ -1974,7 +1976,7 @@ func CheckACMPCACertificateAuthorityActivateRootCA(ctx context.Context, certific CertificateArn: issueCertOutput.CertificateArn, } - err = waiter.Wait(ctx, params, time.Duration(5*time.Minute)) + err = waiter.Wait(ctx, params, CertificateIssueTimeout) if err != nil { return fmt.Errorf("waiting for ACM PCA Certificate Authority (%s) Root CA certificate to become ISSUED: %w", arn, err) @@ -2045,7 +2047,7 @@ func CheckACMPCACertificateAuthorityActivateSubordinateCA(ctx context.Context, r CertificateArn: issueCertOutput.CertificateArn, } - err = waiter.Wait(ctx, params, time.Duration(5*time.Minute)) + err = waiter.Wait(ctx, params, CertificateIssueTimeout) if err != nil { return fmt.Errorf("waiting for ACM PCA Certificate Authority (%s) Subordinate CA certificate to become ISSUED: %w", arn, err) diff --git a/internal/service/acmpca/certificate.go b/internal/service/acmpca/certificate.go index 471980a72bf..43614c9b1d4 100644 --- a/internal/service/acmpca/certificate.go +++ b/internal/service/acmpca/certificate.go @@ -135,6 +135,7 @@ func ResourceCertificate() *schema.Resource { } func resourceCertificateCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + const certificateIssueTimeout = 5 * time.Minute var diags diag.Diagnostics conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) @@ -192,7 +193,7 @@ func resourceCertificateCreate(ctx context.Context, d *schema.ResourceData, meta CertificateArn: aws.String(d.Get("certificate_authority_arn").(string)), } - err = waiter.Wait(ctx, params, time.Duration(5*time.Minute)) + err = waiter.Wait(ctx, params, certificateIssueTimeout) if err != nil { return sdkdiag.AppendErrorf(diags, "waiting for ACM PCA Certificate Authority (%s) to issue Certificate (%s), error: %s", certificateAuthorityARN, d.Id(), err) @@ -210,7 +211,7 @@ func resourceCertificateRead(ctx context.Context, d *schema.ResourceData, meta i CertificateAuthorityArn: aws.String(d.Get("certificate_authority_arn").(string)), } - log.Printf("[DEBUG] Reading ACM PCA Certificate: %s", getCertificateInput) + log.Printf("[DEBUG] Reading ACM PCA Certificate: %+v", getCertificateInput) certificateOutput, err := conn.GetCertificate(ctx, getCertificateInput) diff --git a/internal/service/acmpca/certificate_authority.go b/internal/service/acmpca/certificate_authority.go index 313ad10a07c..216672c1485 100644 --- a/internal/service/acmpca/certificate_authority.go +++ b/internal/service/acmpca/certificate_authority.go @@ -452,7 +452,7 @@ func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceDat CertificateAuthorityArn: aws.String(d.Id()), } - log.Printf("[DEBUG] Reading ACM PCA Certificate Authority Certificate Signing Request: %s", getCertificateAuthorityCsrInput) + log.Printf("[DEBUG] Reading ACM PCA Certificate Authority Certificate Signing Request: %+v", getCertificateAuthorityCsrInput) getCertificateAuthorityCsrOutput, err := conn.GetCertificateAuthorityCsr(ctx, getCertificateAuthorityCsrInput) diff --git a/internal/service/acmpca/certificate_authority_data_source.go b/internal/service/acmpca/certificate_authority_data_source.go index 2f2381ec704..ece413e4f87 100644 --- a/internal/service/acmpca/certificate_authority_data_source.go +++ b/internal/service/acmpca/certificate_authority_data_source.go @@ -139,7 +139,7 @@ func dataSourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceD CertificateAuthorityArn: aws.String(certificateAuthorityARN), } - log.Printf("[DEBUG] Reading ACM PCA Certificate Authority: %s", describeCertificateAuthorityInput) + log.Printf("[DEBUG] Reading ACM PCA Certificate Authority: %+v", describeCertificateAuthorityInput) describeCertificateAuthorityOutput, err := conn.DescribeCertificateAuthority(ctx, describeCertificateAuthorityInput) if err != nil { @@ -167,7 +167,7 @@ func dataSourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceD CertificateAuthorityArn: aws.String(certificateAuthorityARN), } - log.Printf("[DEBUG] Reading ACM PCA Certificate Authority Certificate: %s", getCertificateAuthorityCertificateInput) + log.Printf("[DEBUG] Reading ACM PCA Certificate Authority Certificate: %+v", getCertificateAuthorityCertificateInput) getCertificateAuthorityCertificateOutput, err := conn.GetCertificateAuthorityCertificate(ctx, getCertificateAuthorityCertificateInput) if err != nil { @@ -189,7 +189,7 @@ func dataSourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceD CertificateAuthorityArn: aws.String(certificateAuthorityARN), } - log.Printf("[DEBUG] Reading ACM PCA Certificate Authority Certificate Signing Request: %s", getCertificateAuthorityCsrInput) + log.Printf("[DEBUG] Reading ACM PCA Certificate Authority Certificate Signing Request: %+v", getCertificateAuthorityCsrInput) getCertificateAuthorityCsrOutput, err := conn.GetCertificateAuthorityCsr(ctx, getCertificateAuthorityCsrInput) if err != nil { diff --git a/internal/service/acmpca/certificate_data_source.go b/internal/service/acmpca/certificate_data_source.go index 60cdc85a2e9..ba67c6a8430 100644 --- a/internal/service/acmpca/certificate_data_source.go +++ b/internal/service/acmpca/certificate_data_source.go @@ -54,7 +54,7 @@ func dataSourceCertificateRead(ctx context.Context, d *schema.ResourceData, meta CertificateAuthorityArn: aws.String(d.Get("certificate_authority_arn").(string)), } - log.Printf("[DEBUG] Reading ACM PCA Certificate: %s", getCertificateInput) + log.Printf("[DEBUG] Reading ACM PCA Certificate: %+v", getCertificateInput) certificateOutput, err := conn.GetCertificate(ctx, getCertificateInput) if err != nil { diff --git a/internal/service/acmpca/permission.go b/internal/service/acmpca/permission.go index 137608648a6..e42d5363f38 100644 --- a/internal/service/acmpca/permission.go +++ b/internal/service/acmpca/permission.go @@ -86,7 +86,7 @@ func resourcePermissionCreate(ctx context.Context, d *schema.ResourceData, meta input.SourceAccount = aws.String(sourceAccount) } - log.Printf("[DEBUG] Creating ACM PCA Permission: %s", input) + log.Printf("[DEBUG] Creating ACM PCA Permission: %+v", input) _, err := conn.CreatePermission(ctx, input) if err != nil { diff --git a/internal/service/acmpca/policy.go b/internal/service/acmpca/policy.go index 206ac420c12..f4b370bd94b 100644 --- a/internal/service/acmpca/policy.go +++ b/internal/service/acmpca/policy.go @@ -70,7 +70,7 @@ func resourcePolicyPut(ctx context.Context, d *schema.ResourceData, meta interfa ResourceArn: aws.String(resourceARN), } - log.Printf("[DEBUG] Putting ACM PCA Policy: %s", input) + log.Printf("[DEBUG] Putting ACM PCA Policy: %+v", input) _, err = conn.PutPolicy(ctx, input) if err != nil { From 69fb69335a61408eb2df444685a579cffcba41b7 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 27 Mar 2024 15:38:43 -0400 Subject: [PATCH 06/16] generate/tags: Add 'optFns' to paginated tag lister. --- internal/generate/tags/templates/v2/list_tags_body.tmpl | 2 +- internal/service/acmpca/tags_gen.go | 2 +- internal/service/cloudhsmv2/tags_gen.go | 2 +- internal/service/cloudtrail/tags_gen.go | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/generate/tags/templates/v2/list_tags_body.tmpl b/internal/generate/tags/templates/v2/list_tags_body.tmpl index 49441230fc4..496a19d9b31 100644 --- a/internal/generate/tags/templates/v2/list_tags_body.tmpl +++ b/internal/generate/tags/templates/v2/list_tags_body.tmpl @@ -28,7 +28,7 @@ func {{ .ListTagsFunc }}(ctx context.Context, conn {{ .ClientType }}, identifier pages := {{ .TagPackage }}.New{{ .ListTagsOp }}Paginator(conn, input) for pages.HasMorePages() { - page, err := pages.NextPage(ctx) + page, err := pages.NextPage(ctx, optFns...) {{ if and ( .ParentNotFoundErrCode ) ( .ParentNotFoundErrMsg ) }} if tfawserr.ErrMessageContains(err, "{{ .ParentNotFoundErrCode }}", "{{ .ParentNotFoundErrMsg }}") { diff --git a/internal/service/acmpca/tags_gen.go b/internal/service/acmpca/tags_gen.go index 56b5aae344a..9fd349d0f9f 100644 --- a/internal/service/acmpca/tags_gen.go +++ b/internal/service/acmpca/tags_gen.go @@ -27,7 +27,7 @@ func listTags(ctx context.Context, conn *acmpca.Client, identifier string, optFn pages := acmpca.NewListTagsPaginator(conn, input) for pages.HasMorePages() { - page, err := pages.NextPage(ctx) + page, err := pages.NextPage(ctx, optFns...) if err != nil { return tftags.New(ctx, nil), err diff --git a/internal/service/cloudhsmv2/tags_gen.go b/internal/service/cloudhsmv2/tags_gen.go index 96ef3b686cf..7ab40287af9 100644 --- a/internal/service/cloudhsmv2/tags_gen.go +++ b/internal/service/cloudhsmv2/tags_gen.go @@ -27,7 +27,7 @@ func listTags(ctx context.Context, conn *cloudhsmv2.Client, identifier string, o pages := cloudhsmv2.NewListTagsPaginator(conn, input) for pages.HasMorePages() { - page, err := pages.NextPage(ctx) + page, err := pages.NextPage(ctx, optFns...) if err != nil { return tftags.New(ctx, nil), err diff --git a/internal/service/cloudtrail/tags_gen.go b/internal/service/cloudtrail/tags_gen.go index 4dd78360e0b..35a2bceec7e 100644 --- a/internal/service/cloudtrail/tags_gen.go +++ b/internal/service/cloudtrail/tags_gen.go @@ -27,7 +27,7 @@ func listTags(ctx context.Context, conn *cloudtrail.Client, identifier string, o pages := cloudtrail.NewListTagsPaginator(conn, input) for pages.HasMorePages() { - page, err := pages.NextPage(ctx) + page, err := pages.NextPage(ctx, optFns...) if err != nil { return tftags.New(ctx, nil), err From 3f2b926a3e03955df24a17ffa08771b16e1360e5 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 27 Mar 2024 15:45:39 -0400 Subject: [PATCH 07/16] r/aws_acmpca_certificate_authority_certificate: Reduce visibility. --- .../certificate_authority_certificate.go | 38 +++++++++++++++++-- .../certificate_authority_certificate_test.go | 22 ++++------- internal/service/acmpca/find.go | 28 -------------- .../service/acmpca/service_package_gen.go | 3 +- 4 files changed, 44 insertions(+), 47 deletions(-) diff --git a/internal/service/acmpca/certificate_authority_certificate.go b/internal/service/acmpca/certificate_authority_certificate.go index 2c0a10eca1e..d23e83a85ee 100644 --- a/internal/service/acmpca/certificate_authority_certificate.go +++ b/internal/service/acmpca/certificate_authority_certificate.go @@ -9,17 +9,20 @@ import ( "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/acmpca" + "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/errs" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" "github.com/hashicorp/terraform-provider-aws/internal/tfresource" "github.com/hashicorp/terraform-provider-aws/internal/verify" ) -// @SDKResource("aws_acmpca_certificate_authority_certificate") -func ResourceCertificateAuthorityCertificate() *schema.Resource { +// @SDKResource("aws_acmpca_certificate_authority_certificate", name="Certificate Authority Certificate") +func resourceCertificateAuthorityCertificate() *schema.Resource { return &schema.Resource{ CreateWithoutTimeout: resourceCertificateAuthorityCertificateCreate, ReadWithoutTimeout: resourceCertificateAuthorityCertificateRead, @@ -57,16 +60,17 @@ func resourceCertificateAuthorityCertificateCreate(ctx context.Context, d *schem conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) certificateAuthorityARN := d.Get("certificate_authority_arn").(string) - input := &acmpca.ImportCertificateAuthorityCertificateInput{ Certificate: []byte(d.Get("certificate").(string)), CertificateAuthorityArn: aws.String(certificateAuthorityARN), } + if v, ok := d.Get("certificate_chain").(string); ok && v != "" { input.CertificateChain = []byte(v) } _, err := conn.ImportCertificateAuthorityCertificate(ctx, input) + if err != nil { return sdkdiag.AppendErrorf(diags, "associating ACM PCA Certificate with Certificate Authority (%s): %s", certificateAuthorityARN, err) } @@ -80,7 +84,8 @@ func resourceCertificateAuthorityCertificateRead(ctx context.Context, d *schema. var diags diag.Diagnostics conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) - output, err := FindCertificateAuthorityCertificateByARN(ctx, conn, d.Id()) + output, err := findCertificateAuthorityCertificateByARN(ctx, conn, d.Id()) + if !d.IsNewResource() && tfresource.NotFound(err) { log.Printf("[WARN] ACM PCA Certificate Authority Certificate (%s) not found, removing from state", d.Id()) d.SetId("") @@ -96,3 +101,28 @@ func resourceCertificateAuthorityCertificateRead(ctx context.Context, d *schema. return diags } + +func findCertificateAuthorityCertificateByARN(ctx context.Context, conn *acmpca.Client, arn string) (*acmpca.GetCertificateAuthorityCertificateOutput, error) { + input := &acmpca.GetCertificateAuthorityCertificateInput{ + CertificateAuthorityArn: aws.String(arn), + } + + output, err := conn.GetCertificateAuthorityCertificate(ctx, input) + + if errs.IsA[*types.ResourceNotFoundException](err) { + return nil, &retry.NotFoundError{ + LastError: err, + LastRequest: input, + } + } + + if err != nil { + return nil, err + } + + if output == nil { + return nil, tfresource.NewEmptyResultError(input) + } + + return output, nil +} diff --git a/internal/service/acmpca/certificate_authority_certificate_test.go b/internal/service/acmpca/certificate_authority_certificate_test.go index 7f44025c3ee..be9ccb0b9a1 100644 --- a/internal/service/acmpca/certificate_authority_certificate_test.go +++ b/internal/service/acmpca/certificate_authority_certificate_test.go @@ -14,7 +14,6 @@ import ( "github.com/hashicorp/terraform-provider-aws/internal/acctest" "github.com/hashicorp/terraform-provider-aws/internal/conns" tfacmpca "github.com/hashicorp/terraform-provider-aws/internal/service/acmpca" - "github.com/hashicorp/terraform-provider-aws/internal/tfresource" "github.com/hashicorp/terraform-provider-aws/names" ) @@ -22,14 +21,13 @@ func TestAccACMPCACertificateAuthorityCertificate_rootCA(t *testing.T) { ctx := acctest.Context(t) var v acmpca.GetCertificateAuthorityCertificateOutput resourceName := "aws_acmpca_certificate_authority_certificate.test" - commonName := acctest.RandomDomainName() resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.ACMPCAServiceID), ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, - CheckDestroy: nil, // Certificate authority certificates cannot be deleted + CheckDestroy: acctest.CheckDestroyNoop, Steps: []resource.TestStep{ { Config: testAccCertificateAuthorityCertificateConfig_rootCA(commonName), @@ -54,14 +52,13 @@ func TestAccACMPCACertificateAuthorityCertificate_updateRootCA(t *testing.T) { var v acmpca.GetCertificateAuthorityCertificateOutput resourceName := "aws_acmpca_certificate_authority_certificate.test" updatedResourceName := "aws_acmpca_certificate_authority_certificate.updated" - commonName := acctest.RandomDomainName() resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.ACMPCAServiceID), ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, - CheckDestroy: nil, // Certificate authority certificates cannot be deleted + CheckDestroy: acctest.CheckDestroyNoop, Steps: []resource.TestStep{ { Config: testAccCertificateAuthorityCertificateConfig_rootCA(commonName), @@ -89,14 +86,13 @@ func TestAccACMPCACertificateAuthorityCertificate_subordinateCA(t *testing.T) { ctx := acctest.Context(t) var v acmpca.GetCertificateAuthorityCertificateOutput resourceName := "aws_acmpca_certificate_authority_certificate.test" - commonName := acctest.RandomDomainName() resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, names.ACMPCAServiceID), ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, - CheckDestroy: nil, // Certificate authority certificates cannot be deleted + CheckDestroy: acctest.CheckDestroyNoop, Steps: []resource.TestStep{ { Config: testAccCertificateAuthorityCertificateConfig_subordinateCA(commonName), @@ -116,24 +112,22 @@ func TestAccACMPCACertificateAuthorityCertificate_subordinateCA(t *testing.T) { }) } -func testAccCheckCertificateAuthorityCertificateExists(ctx context.Context, resourceName string, certificate *acmpca.GetCertificateAuthorityCertificateOutput) resource.TestCheckFunc { +func testAccCheckCertificateAuthorityCertificateExists(ctx context.Context, n string, v *acmpca.GetCertificateAuthorityCertificateOutput) resource.TestCheckFunc { return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[resourceName] + rs, ok := s.RootModule().Resources[n] if !ok { - return fmt.Errorf("not found: %s", resourceName) + return fmt.Errorf("Not found: %s", n) } conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) output, err := tfacmpca.FindCertificateAuthorityCertificateByARN(ctx, conn, rs.Primary.ID) + if err != nil { return err } - if tfresource.NotFound(err) { - return fmt.Errorf("ACM PCA Certificate (%s) does not exist", rs.Primary.ID) - } - *certificate = *output + *v = *output return nil } diff --git a/internal/service/acmpca/find.go b/internal/service/acmpca/find.go index 69ef4b00394..ea3da3f54f3 100644 --- a/internal/service/acmpca/find.go +++ b/internal/service/acmpca/find.go @@ -14,34 +14,6 @@ import ( "github.com/hashicorp/terraform-provider-aws/internal/tfresource" ) -// FindCertificateAuthorityCertificateByARN returns the certificate for the certificate authority corresponding to the specified ARN. -// Returns a retry.NotFoundError if no certificate authority is found or the certificate authority does not have a certificate assigned. -func FindCertificateAuthorityCertificateByARN(ctx context.Context, conn *acmpca.Client, arn string) (*acmpca.GetCertificateAuthorityCertificateOutput, error) { - input := &acmpca.GetCertificateAuthorityCertificateInput{ - CertificateAuthorityArn: aws.String(arn), - } - - output, err := conn.GetCertificateAuthorityCertificate(ctx, input) - if errs.IsA[*awstypes.ResourceNotFoundException](err) { - return nil, &retry.NotFoundError{ - LastError: err, - LastRequest: input, - } - } - if err != nil { - return nil, err - } - - if output == nil { - return nil, &retry.NotFoundError{ - Message: "empty result", - LastRequest: input, - } - } - - return output, nil -} - func FindPolicyByARN(ctx context.Context, conn *acmpca.Client, arn string) (string, error) { input := &acmpca.GetPolicyInput{ ResourceArn: aws.String(arn), diff --git a/internal/service/acmpca/service_package_gen.go b/internal/service/acmpca/service_package_gen.go index 3fdd941ff68..7da0bea074d 100644 --- a/internal/service/acmpca/service_package_gen.go +++ b/internal/service/acmpca/service_package_gen.go @@ -50,8 +50,9 @@ func (p *servicePackage) SDKResources(ctx context.Context) []*types.ServicePacka }, }, { - Factory: ResourceCertificateAuthorityCertificate, + Factory: resourceCertificateAuthorityCertificate, TypeName: "aws_acmpca_certificate_authority_certificate", + Name: "Certificate Authority Certificate", }, { Factory: ResourcePermission, From c6f4f9b2195a080e1806b99b7529a862430386c1 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 27 Mar 2024 16:08:19 -0400 Subject: [PATCH 08/16] r/aws_acmpca_certificate_authority: Reduce visibility. --- .../service/acmpca/certificate_authority.go | 219 +++++++++--------- .../acmpca/certificate_authority_test.go | 92 ++++---- internal/service/acmpca/exports_test.go | 13 ++ .../service/acmpca/service_package_gen.go | 2 +- 4 files changed, 165 insertions(+), 161 deletions(-) create mode 100644 internal/service/acmpca/exports_test.go diff --git a/internal/service/acmpca/certificate_authority.go b/internal/service/acmpca/certificate_authority.go index 216672c1485..c9a5b00aaab 100644 --- a/internal/service/acmpca/certificate_authority.go +++ b/internal/service/acmpca/certificate_authority.go @@ -11,7 +11,7 @@ import ( "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/acmpca" - awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" + "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" @@ -36,7 +36,7 @@ const ( // @SDKResource("aws_acmpca_certificate_authority", name="Certificate Authority") // @Tags(identifierAttribute="id") // @Testing(existsType="github.com/aws/aws-sdk-go-v2/service/acmpca/types.CertificateAuthority", generator="acctest.RandomDomainName()", importIgnore="permanent_deletion_time_in_days") -func ResourceCertificateAuthority() *schema.Resource { +func resourceCertificateAuthority() *schema.Resource { //lintignore:R011 return &schema.Resource{ CreateWithoutTimeout: resourceCertificateAuthorityCreate, @@ -46,10 +46,7 @@ func ResourceCertificateAuthority() *schema.Resource { Importer: &schema.ResourceImporter{ StateContext: func(ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { - d.Set( - "permanent_deletion_time_in_days", - certificateAuthorityPermanentDeletionTimeInDaysDefault, - ) + d.Set("permanent_deletion_time_in_days", certificateAuthorityPermanentDeletionTimeInDaysDefault) return []*schema.ResourceData{d}, nil }, @@ -82,13 +79,13 @@ func ResourceCertificateAuthority() *schema.Resource { Type: schema.TypeString, Required: true, ForceNew: true, - ValidateDiagFunc: enum.Validate[awstypes.KeyAlgorithm](), + ValidateDiagFunc: enum.Validate[types.KeyAlgorithm](), }, "signing_algorithm": { Type: schema.TypeString, Required: true, ForceNew: true, - ValidateDiagFunc: enum.Validate[awstypes.SigningAlgorithm](), + ValidateDiagFunc: enum.Validate[types.SigningAlgorithm](), }, // https://docs.aws.amazon.com/privateca/latest/APIReference/API_ASN1Subject.html "subject": { @@ -200,7 +197,7 @@ func ResourceCertificateAuthority() *schema.Resource { Optional: true, Computed: true, ForceNew: true, - ValidateDiagFunc: enum.Validate[awstypes.KeyStorageSecurityStandard](), + ValidateDiagFunc: enum.Validate[types.KeyStorageSecurityStandard](), }, "not_after": { Type: schema.TypeString, @@ -221,28 +218,18 @@ func ResourceCertificateAuthority() *schema.Resource { }, // https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevocationConfiguration.html "revocation_configuration": { - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { - if old == "1" && new == "0" { - return true - } - return false - }, + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + DiffSuppressFunc: verify.SuppressMissingOptionalConfigurationBlock, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ // https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html "crl_configuration": { - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { - if old == "1" && new == "0" { - return true - } - return false - }, + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + DiffSuppressFunc: verify.SuppressMissingOptionalConfigurationBlock, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "custom_cname": { @@ -289,7 +276,7 @@ func ResourceCertificateAuthority() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, - ValidateDiagFunc: enum.Validate[awstypes.S3ObjectAcl](), + ValidateDiagFunc: enum.Validate[types.S3ObjectAcl](), DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { // Ignore attributes if CRL configuration is not enabled if d.Get("revocation_configuration.0.crl_configuration.0.enabled").(bool) { @@ -303,15 +290,10 @@ func ResourceCertificateAuthority() *schema.Resource { }, // https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html "ocsp_configuration": { - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { - if old == "1" && new == "0" { - return true - } - return false - }, + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + DiffSuppressFunc: verify.SuppressMissingOptionalConfigurationBlock, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "enabled": { @@ -339,14 +321,14 @@ func ResourceCertificateAuthority() *schema.Resource { Type: schema.TypeString, Optional: true, ForceNew: true, - Default: awstypes.CertificateAuthorityTypeSubordinate, - ValidateDiagFunc: enum.Validate[awstypes.CertificateAuthorityType](), + Default: types.CertificateAuthorityTypeSubordinate, + ValidateDiagFunc: enum.Validate[types.CertificateAuthorityType](), }, "usage_mode": { Type: schema.TypeString, Computed: true, Optional: true, - ValidateDiagFunc: enum.Validate[awstypes.CertificateAuthorityUsageMode](), + ValidateDiagFunc: enum.Validate[types.CertificateAuthorityUsageMode](), }, }, @@ -360,18 +342,18 @@ func resourceCertificateAuthorityCreate(ctx context.Context, d *schema.ResourceD input := &acmpca.CreateCertificateAuthorityInput{ CertificateAuthorityConfiguration: expandCertificateAuthorityConfiguration(d.Get("certificate_authority_configuration").([]interface{})), - CertificateAuthorityType: awstypes.CertificateAuthorityType(d.Get("type").(string)), + CertificateAuthorityType: types.CertificateAuthorityType(d.Get("type").(string)), IdempotencyToken: aws.String(id.UniqueId()), RevocationConfiguration: expandRevocationConfiguration(d.Get("revocation_configuration").([]interface{})), Tags: getTagsIn(ctx), } if v, ok := d.GetOk("key_storage_security_standard"); ok { - input.KeyStorageSecurityStandard = awstypes.KeyStorageSecurityStandard(v.(string)) + input.KeyStorageSecurityStandard = types.KeyStorageSecurityStandard(v.(string)) } if v, ok := d.GetOk("usage_mode"); ok { - input.UsageMode = awstypes.CertificateAuthorityUsageMode(v.(string)) + input.UsageMode = types.CertificateAuthorityUsageMode(v.(string)) } // ValidationException: The ACM Private CA service account 'acm-pca-prod-pdx' requires getBucketAcl permissions for your S3 bucket 'tf-acc-test-5224996536060125340'. Check your S3 bucket permissions and try again. @@ -396,7 +378,7 @@ func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceDat var diags diag.Diagnostics conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) - certificateAuthority, err := FindCertificateAuthorityByARN(ctx, conn, d.Id()) + certificateAuthority, err := findCertificateAuthorityByARN(ctx, conn, d.Id()) if !d.IsNewResource() && tfresource.NotFound(err) { log.Printf("[WARN] ACM PCA Certificate Authority (%s) not found, removing from state", d.Id()) @@ -412,7 +394,7 @@ func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceDat if err := d.Set("certificate_authority_configuration", flattenCertificateAuthorityConfiguration(certificateAuthority.CertificateAuthorityConfiguration)); err != nil { return sdkdiag.AppendErrorf(diags, "setting certificate_authority_configuration: %s", err) } - d.Set("enabled", (certificateAuthority.Status != awstypes.CertificateAuthorityStatusDisabled)) + d.Set("enabled", (certificateAuthority.Status != types.CertificateAuthorityStatusDisabled)) d.Set("key_storage_security_standard", certificateAuthority.KeyStorageSecurityStandard) d.Set("not_after", aws.ToTime(certificateAuthority.NotAfter).Format(time.RFC3339)) d.Set("not_before", aws.ToTime(certificateAuthority.NotBefore).Format(time.RFC3339)) @@ -423,13 +405,11 @@ func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceDat d.Set("type", certificateAuthority.Type) d.Set("usage_mode", certificateAuthority.UsageMode) - getCertificateAuthorityCertificateInput := &acmpca.GetCertificateAuthorityCertificateInput{ + outputGCACert, err := conn.GetCertificateAuthorityCertificate(ctx, &acmpca.GetCertificateAuthorityCertificateInput{ CertificateAuthorityArn: aws.String(d.Id()), - } + }) - getCertificateAuthorityCertificateOutput, err := conn.GetCertificateAuthorityCertificate(ctx, getCertificateAuthorityCertificateInput) - - if !d.IsNewResource() && errs.IsA[*awstypes.ResourceNotFoundException](err) { + if !d.IsNewResource() && errs.IsA[*types.ResourceNotFoundException](err) { log.Printf("[WARN] ACM PCA Certificate Authority (%s) not found, removing from state", d.Id()) d.SetId("") return diags @@ -437,26 +417,22 @@ func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceDat // Returned when in PENDING_CERTIFICATE status // InvalidStateException: The certificate authority XXXXX is not in the correct state to have a certificate signing request. - if err != nil && !errs.IsA[*awstypes.InvalidStateException](err) { + if err != nil && !errs.IsA[*types.InvalidStateException](err) { return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority (%s) Certificate: %s", d.Id(), err) } d.Set("certificate", "") d.Set("certificate_chain", "") - if getCertificateAuthorityCertificateOutput != nil { - d.Set("certificate", getCertificateAuthorityCertificateOutput.Certificate) - d.Set("certificate_chain", getCertificateAuthorityCertificateOutput.CertificateChain) + if outputGCACert != nil { + d.Set("certificate", outputGCACert.Certificate) + d.Set("certificate_chain", outputGCACert.CertificateChain) } - getCertificateAuthorityCsrInput := &acmpca.GetCertificateAuthorityCsrInput{ + outputGCACsr, err := conn.GetCertificateAuthorityCsr(ctx, &acmpca.GetCertificateAuthorityCsrInput{ CertificateAuthorityArn: aws.String(d.Id()), - } - - log.Printf("[DEBUG] Reading ACM PCA Certificate Authority Certificate Signing Request: %+v", getCertificateAuthorityCsrInput) + }) - getCertificateAuthorityCsrOutput, err := conn.GetCertificateAuthorityCsr(ctx, getCertificateAuthorityCsrInput) - - if !d.IsNewResource() && errs.IsA[*awstypes.ResourceNotFoundException](err) { + if !d.IsNewResource() && errs.IsA[*types.ResourceNotFoundException](err) { log.Printf("[WARN] ACM PCA Certificate Authority (%s) not found, removing from state", d.Id()) d.SetId("") return diags @@ -464,13 +440,13 @@ func resourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceDat // Returned when in PENDING_CERTIFICATE status // InvalidStateException: The certificate authority XXXXX is not in the correct state to have a certificate signing request. - if err != nil && !errs.IsA[*awstypes.InvalidStateException](err) { + if err != nil && !errs.IsA[*types.InvalidStateException](err) { return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority (%s) Certificate Signing Request: %s", d.Id(), err) } d.Set("certificate_signing_request", "") - if getCertificateAuthorityCsrOutput != nil { - d.Set("certificate_signing_request", getCertificateAuthorityCsrOutput.Csr) + if outputGCACsr != nil { + d.Set("certificate_signing_request", outputGCACsr.Csr) } return diags @@ -486,9 +462,9 @@ func resourceCertificateAuthorityUpdate(ctx context.Context, d *schema.ResourceD } if d.HasChange("enabled") { - input.Status = awstypes.CertificateAuthorityStatusActive + input.Status = types.CertificateAuthorityStatusActive if !d.Get("enabled").(bool) { - input.Status = awstypes.CertificateAuthorityStatusDisabled + input.Status = types.CertificateAuthorityStatusDisabled } } @@ -511,31 +487,36 @@ func resourceCertificateAuthorityDelete(ctx context.Context, d *schema.ResourceD conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) // The Certificate Authority must be in PENDING_CERTIFICATE or DISABLED state before deleting. - updateInput := &acmpca.UpdateCertificateAuthorityInput{ + inputU := &acmpca.UpdateCertificateAuthorityInput{ CertificateAuthorityArn: aws.String(d.Id()), - Status: awstypes.CertificateAuthorityStatusDisabled, + Status: types.CertificateAuthorityStatusDisabled, } - _, err := conn.UpdateCertificateAuthority(ctx, updateInput) - if errs.IsA[*awstypes.ResourceNotFoundException](err) { + + _, err := conn.UpdateCertificateAuthority(ctx, inputU) + + if errs.IsA[*types.ResourceNotFoundException](err) { return diags } - if err != nil && !errs.IsAErrorMessageContains[*awstypes.InvalidStateException](err, "The certificate authority must be in the ACTIVE or DISABLED state to be updated") { + + if err != nil && !errs.IsAErrorMessageContains[*types.InvalidStateException](err, "The certificate authority must be in the ACTIVE or DISABLED state to be updated") { return sdkdiag.AppendErrorf(diags, "setting ACM PCA Certificate Authority (%s) to DISABLED status before deleting: %s", d.Id(), err) } - deleteInput := &acmpca.DeleteCertificateAuthorityInput{ + inputD := &acmpca.DeleteCertificateAuthorityInput{ CertificateAuthorityArn: aws.String(d.Id()), } if v, exists := d.GetOk("permanent_deletion_time_in_days"); exists { - deleteInput.PermanentDeletionTimeInDays = aws.Int32(int32(v.(int))) + inputD.PermanentDeletionTimeInDays = aws.Int32(int32(v.(int))) } log.Printf("[INFO] Deleting ACM PCA Certificate Authority: %s", d.Id()) - _, err = conn.DeleteCertificateAuthority(ctx, deleteInput) - if errs.IsA[*awstypes.ResourceNotFoundException](err) { + _, err = conn.DeleteCertificateAuthority(ctx, inputD) + + if errs.IsA[*types.ResourceNotFoundException](err) { return diags } + if err != nil { return sdkdiag.AppendErrorf(diags, "deleting ACM PCA Certificate Authority (%s): %s", d.Id(), err) } @@ -543,48 +524,58 @@ func resourceCertificateAuthorityDelete(ctx context.Context, d *schema.ResourceD return diags } -func FindCertificateAuthorityByARN(ctx context.Context, conn *acmpca.Client, arn string) (*awstypes.CertificateAuthority, error) { +func findCertificateAuthorityByARN(ctx context.Context, conn *acmpca.Client, arn string) (*types.CertificateAuthority, error) { input := &acmpca.DescribeCertificateAuthorityInput{ CertificateAuthorityArn: aws.String(arn), } - output, err := conn.DescribeCertificateAuthority(ctx, input) - - if errs.IsA[*awstypes.ResourceNotFoundException](err) { - return nil, &retry.NotFoundError{ - LastError: err, - LastRequest: input, - } - } + output, err := findCertificateAuthority(ctx, conn, input) if err != nil { return nil, err } - if output == nil || output.CertificateAuthority == nil { - return nil, tfresource.NewEmptyResultError(input) + if status := output.Status; status == types.CertificateAuthorityStatusDeleted { + return nil, &retry.NotFoundError{ + Message: string(status), + LastRequest: input, + } } - if output.CertificateAuthority.Status == awstypes.CertificateAuthorityStatusDeleted { + // Eventual consistency check. + if aws.ToString(output.Arn) != arn { return nil, &retry.NotFoundError{ - Message: string(output.CertificateAuthority.Status), LastRequest: input, } } - // Eventual consistency check. - if aws.ToString(output.CertificateAuthority.Arn) != arn { + return output, nil +} + +func findCertificateAuthority(ctx context.Context, conn *acmpca.Client, input *acmpca.DescribeCertificateAuthorityInput) (*types.CertificateAuthority, error) { + output, err := conn.DescribeCertificateAuthority(ctx, input) + + if errs.IsA[*types.ResourceNotFoundException](err) { return nil, &retry.NotFoundError{ + LastError: err, LastRequest: input, } } + if err != nil { + return nil, err + } + + if output == nil || output.CertificateAuthority == nil { + return nil, tfresource.NewEmptyResultError(input) + } + return output.CertificateAuthority, nil } func statusCertificateAuthority(ctx context.Context, conn *acmpca.Client, arn string) retry.StateRefreshFunc { return func() (interface{}, string, error) { - output, err := FindCertificateAuthorityByARN(ctx, conn, arn) + output, err := findCertificateAuthorityByARN(ctx, conn, arn) if tfresource.NotFound(err) { return nil, "", nil @@ -598,18 +589,18 @@ func statusCertificateAuthority(ctx context.Context, conn *acmpca.Client, arn st } } -func waitCertificateAuthorityCreated(ctx context.Context, conn *acmpca.Client, arn string, timeout time.Duration) (*awstypes.CertificateAuthority, error) { +func waitCertificateAuthorityCreated(ctx context.Context, conn *acmpca.Client, arn string, timeout time.Duration) (*types.CertificateAuthority, error) { stateConf := &retry.StateChangeConf{ - Pending: enum.Slice(awstypes.CertificateAuthorityStatusCreating), - Target: enum.Slice(awstypes.CertificateAuthorityStatusActive, awstypes.CertificateAuthorityStatusPendingCertificate), + Pending: enum.Slice(types.CertificateAuthorityStatusCreating), + Target: enum.Slice(types.CertificateAuthorityStatusActive, types.CertificateAuthorityStatusPendingCertificate), Refresh: statusCertificateAuthority(ctx, conn, arn), Timeout: timeout, } outputRaw, err := stateConf.WaitForStateContext(ctx) - if output, ok := outputRaw.(*awstypes.CertificateAuthority); ok { - if output.Status == awstypes.CertificateAuthorityStatusFailed { + if output, ok := outputRaw.(*types.CertificateAuthority); ok { + if output.Status == types.CertificateAuthorityStatusFailed { tfresource.SetLastError(err, errors.New(string(output.FailureReason))) } @@ -623,14 +614,14 @@ const ( certificateAuthorityActiveTimeout = 1 * time.Minute ) -func expandASN1Subject(l []interface{}) *awstypes.ASN1Subject { +func expandASN1Subject(l []interface{}) *types.ASN1Subject { if len(l) == 0 { return nil } m := l[0].(map[string]interface{}) - subject := &awstypes.ASN1Subject{} + subject := &types.ASN1Subject{} if v, ok := m["common_name"]; ok && v.(string) != "" { subject.CommonName = aws.String(v.(string)) } @@ -674,23 +665,23 @@ func expandASN1Subject(l []interface{}) *awstypes.ASN1Subject { return subject } -func expandCertificateAuthorityConfiguration(l []interface{}) *awstypes.CertificateAuthorityConfiguration { +func expandCertificateAuthorityConfiguration(l []interface{}) *types.CertificateAuthorityConfiguration { if len(l) == 0 { return nil } m := l[0].(map[string]interface{}) - config := &awstypes.CertificateAuthorityConfiguration{ - KeyAlgorithm: awstypes.KeyAlgorithm(m["key_algorithm"].(string)), - SigningAlgorithm: awstypes.SigningAlgorithm(m["signing_algorithm"].(string)), + config := &types.CertificateAuthorityConfiguration{ + KeyAlgorithm: types.KeyAlgorithm(m["key_algorithm"].(string)), + SigningAlgorithm: types.SigningAlgorithm(m["signing_algorithm"].(string)), Subject: expandASN1Subject(m["subject"].([]interface{})), } return config } -func expandCrlConfiguration(l []interface{}) *awstypes.CrlConfiguration { +func expandCrlConfiguration(l []interface{}) *types.CrlConfiguration { if len(l) == 0 { return nil } @@ -699,7 +690,7 @@ func expandCrlConfiguration(l []interface{}) *awstypes.CrlConfiguration { crlEnabled := m["enabled"].(bool) - config := &awstypes.CrlConfiguration{ + config := &types.CrlConfiguration{ Enabled: aws.Bool(crlEnabled), } @@ -714,21 +705,21 @@ func expandCrlConfiguration(l []interface{}) *awstypes.CrlConfiguration { config.S3BucketName = aws.String(v.(string)) } if v, ok := m["s3_object_acl"]; ok && v.(string) != "" { - config.S3ObjectAcl = awstypes.S3ObjectAcl(v.(string)) + config.S3ObjectAcl = types.S3ObjectAcl(v.(string)) } } return config } -func expandOcspConfiguration(l []interface{}) *awstypes.OcspConfiguration { +func expandOcspConfiguration(l []interface{}) *types.OcspConfiguration { if len(l) == 0 { return nil } m := l[0].(map[string]interface{}) - config := &awstypes.OcspConfiguration{ + config := &types.OcspConfiguration{ Enabled: aws.Bool(m["enabled"].(bool)), } @@ -739,14 +730,14 @@ func expandOcspConfiguration(l []interface{}) *awstypes.OcspConfiguration { return config } -func expandRevocationConfiguration(l []interface{}) *awstypes.RevocationConfiguration { +func expandRevocationConfiguration(l []interface{}) *types.RevocationConfiguration { if len(l) == 0 || l[0] == nil { return nil } m := l[0].(map[string]interface{}) - config := &awstypes.RevocationConfiguration{ + config := &types.RevocationConfiguration{ CrlConfiguration: expandCrlConfiguration(m["crl_configuration"].([]interface{})), OcspConfiguration: expandOcspConfiguration(m["ocsp_configuration"].([]interface{})), } @@ -754,7 +745,7 @@ func expandRevocationConfiguration(l []interface{}) *awstypes.RevocationConfigur return config } -func flattenASN1Subject(subject *awstypes.ASN1Subject) []interface{} { +func flattenASN1Subject(subject *types.ASN1Subject) []interface{} { if subject == nil { return []interface{}{} } @@ -778,7 +769,7 @@ func flattenASN1Subject(subject *awstypes.ASN1Subject) []interface{} { return []interface{}{m} } -func flattenCertificateAuthorityConfiguration(config *awstypes.CertificateAuthorityConfiguration) []interface{} { +func flattenCertificateAuthorityConfiguration(config *types.CertificateAuthorityConfiguration) []interface{} { if config == nil { return []interface{}{} } @@ -792,7 +783,7 @@ func flattenCertificateAuthorityConfiguration(config *awstypes.CertificateAuthor return []interface{}{m} } -func flattenCrlConfiguration(config *awstypes.CrlConfiguration) []interface{} { +func flattenCrlConfiguration(config *types.CrlConfiguration) []interface{} { if config == nil { return []interface{}{} } @@ -808,7 +799,7 @@ func flattenCrlConfiguration(config *awstypes.CrlConfiguration) []interface{} { return []interface{}{m} } -func flattenOcspConfiguration(config *awstypes.OcspConfiguration) []interface{} { +func flattenOcspConfiguration(config *types.OcspConfiguration) []interface{} { if config == nil { return []interface{}{} } @@ -821,7 +812,7 @@ func flattenOcspConfiguration(config *awstypes.OcspConfiguration) []interface{} return []interface{}{m} } -func flattenRevocationConfiguration(config *awstypes.RevocationConfiguration) []interface{} { +func flattenRevocationConfiguration(config *types.RevocationConfiguration) []interface{} { if config == nil { return []interface{}{} } diff --git a/internal/service/acmpca/certificate_authority_test.go b/internal/service/acmpca/certificate_authority_test.go index bd10d9df54a..b1b55db9c8c 100644 --- a/internal/service/acmpca/certificate_authority_test.go +++ b/internal/service/acmpca/certificate_authority_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/YakDriver/regexache" - awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" + "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/service/acmpca" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" @@ -26,7 +26,7 @@ var testAccCheckCertificateAuthorityExists = acctest.CheckACMPCACertificateAutho func TestAccACMPCACertificateAuthority_basic(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -39,7 +39,7 @@ func TestAccACMPCACertificateAuthority_basic(t *testing.T) { { Config: testAccCertificateAuthorityConfig_required(commonName), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), acctest.MatchResourceAttrRegionalARN(resourceName, "arn", "acm-pca", regexache.MustCompile(`certificate-authority/.+`)), resource.TestCheckResourceAttr(resourceName, "certificate_authority_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "certificate_authority_configuration.0.key_algorithm", "RSA_4096"), @@ -74,7 +74,7 @@ func TestAccACMPCACertificateAuthority_basic(t *testing.T) { func TestAccACMPCACertificateAuthority_disappears(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -87,7 +87,7 @@ func TestAccACMPCACertificateAuthority_disappears(t *testing.T) { { Config: testAccCertificateAuthorityConfig_required(commonName), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), acctest.CheckResourceDisappears(ctx, acctest.Provider, tfacmpca.ResourceCertificateAuthority(), resourceName), ), ExpectNonEmptyPlan: true, @@ -98,7 +98,7 @@ func TestAccACMPCACertificateAuthority_disappears(t *testing.T) { func TestAccACMPCACertificateAuthority_enabledDeprecated(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -111,7 +111,7 @@ func TestAccACMPCACertificateAuthority_enabledDeprecated(t *testing.T) { { Config: testAccCertificateAuthorityConfig_enabled(commonName, acmpca.CertificateAuthorityTypeRoot, true), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "type", acmpca.CertificateAuthorityTypeRoot), resource.TestCheckResourceAttr(resourceName, "enabled", "true"), acctest.CheckACMPCACertificateAuthorityActivateRootCA(ctx, &certificateAuthority), @@ -120,7 +120,7 @@ func TestAccACMPCACertificateAuthority_enabledDeprecated(t *testing.T) { { Config: testAccCertificateAuthorityConfig_enabled(commonName, acmpca.CertificateAuthorityTypeRoot, true), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "type", acmpca.CertificateAuthorityTypeRoot), resource.TestCheckResourceAttr(resourceName, "enabled", "true"), ), @@ -128,7 +128,7 @@ func TestAccACMPCACertificateAuthority_enabledDeprecated(t *testing.T) { { Config: testAccCertificateAuthorityConfig_enabled(commonName, acmpca.CertificateAuthorityTypeRoot, false), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "enabled", "false"), ), }, @@ -146,7 +146,7 @@ func TestAccACMPCACertificateAuthority_enabledDeprecated(t *testing.T) { func TestAccACMPCACertificateAuthority_usageMode(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -159,7 +159,7 @@ func TestAccACMPCACertificateAuthority_usageMode(t *testing.T) { { Config: testAccCertificateAuthorityConfig_usageMode(commonName, acmpca.CertificateAuthorityTypeRoot, "SHORT_LIVED_CERTIFICATE"), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "usage_mode", "SHORT_LIVED_CERTIFICATE"), ), }, @@ -177,7 +177,7 @@ func TestAccACMPCACertificateAuthority_usageMode(t *testing.T) { func TestAccACMPCACertificateAuthority_keyStorageSecurityStandard(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -194,7 +194,7 @@ func TestAccACMPCACertificateAuthority_keyStorageSecurityStandard(t *testing.T) { Config: testAccCertificateAuthorityConfig_keyStorageSecurityStandard(commonName, acmpca.CertificateAuthorityTypeRoot, "FIPS_140_2_LEVEL_2_OR_HIGHER"), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "key_storage_security_standard", "FIPS_140_2_LEVEL_2_OR_HIGHER"), ), }, @@ -212,7 +212,7 @@ func TestAccACMPCACertificateAuthority_keyStorageSecurityStandard(t *testing.T) func TestAccACMPCACertificateAuthority_deleteFromActiveState(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -225,7 +225,7 @@ func TestAccACMPCACertificateAuthority_deleteFromActiveState(t *testing.T) { { Config: testAccCertificateAuthorityConfig_root(commonName), Check: resource.ComposeAggregateTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "type", acmpca.CertificateAuthorityTypeRoot), resource.TestCheckResourceAttr(resourceName, "enabled", "true"), ), @@ -236,7 +236,7 @@ func TestAccACMPCACertificateAuthority_deleteFromActiveState(t *testing.T) { func TestAccACMPCACertificateAuthority_RevocationConfiguration_empty(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -249,7 +249,7 @@ func TestAccACMPCACertificateAuthority_RevocationConfiguration_empty(t *testing. { Config: testAccCertificateAuthorityConfig_revocationConfigurationEmpty(commonName), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), acctest.MatchResourceAttrRegionalARN(resourceName, "arn", "acm-pca", regexache.MustCompile(`certificate-authority/.+`)), resource.TestCheckResourceAttr(resourceName, "certificate_authority_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "certificate_authority_configuration.0.key_algorithm", "RSA_4096"), @@ -284,7 +284,7 @@ func TestAccACMPCACertificateAuthority_RevocationConfiguration_empty(t *testing. func TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_acmpca_certificate_authority.test" domain := acctest.RandomDomain() @@ -302,7 +302,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME(t *testing.T) { { Config: testAccCertificateAuthorityConfig_revocationConfigurationCrlConfigurationCustomCNAME(rName, commonName, customCName), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", customCName), @@ -324,7 +324,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME(t *testing.T) { { Config: testAccCertificateAuthorityConfig_revocationConfigurationCrlConfigurationCustomCNAME(rName, commonName, customCName2), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", customCName2), @@ -337,7 +337,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME(t *testing.T) { { Config: testAccCertificateAuthorityConfig_revocationConfigurationCrlConfigurationEnabled(rName, commonName, true), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", ""), @@ -350,7 +350,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME(t *testing.T) { { Config: testAccCertificateAuthorityConfig_revocationConfigurationCrlConfigurationCustomCNAME(rName, commonName, customCName), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", customCName), @@ -363,7 +363,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME(t *testing.T) { { Config: testAccCertificateAuthorityConfig_required(commonName), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "false"), @@ -375,7 +375,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_customCNAME(t *testing.T) { func TestAccACMPCACertificateAuthority_RevocationCrl_enabled(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -390,7 +390,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_enabled(t *testing.T) { { Config: testAccCertificateAuthorityConfig_revocationConfigurationCrlConfigurationEnabled(rName, commonName, true), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", ""), @@ -412,7 +412,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_enabled(t *testing.T) { { Config: testAccCertificateAuthorityConfig_revocationConfigurationCrlConfigurationEnabled(rName, commonName, false), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "false"), @@ -422,7 +422,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_enabled(t *testing.T) { { Config: testAccCertificateAuthorityConfig_revocationConfigurationCrlConfigurationEnabled(rName, commonName, true), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", ""), @@ -435,7 +435,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_enabled(t *testing.T) { { Config: testAccCertificateAuthorityConfig_required(commonName), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "false"), @@ -447,7 +447,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_enabled(t *testing.T) { func TestAccACMPCACertificateAuthority_RevocationCrl_expirationInDays(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -462,7 +462,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_expirationInDays(t *testing { Config: testAccCertificateAuthorityConfig_revocationConfigurationCrlConfigurationExpirationInDays(rName, commonName, 1), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.custom_cname", ""), @@ -485,7 +485,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_expirationInDays(t *testing { Config: testAccCertificateAuthorityConfig_revocationConfigurationCrlConfigurationExpirationInDays(rName, commonName, 2), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "true"), @@ -497,7 +497,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_expirationInDays(t *testing { Config: testAccCertificateAuthorityConfig_required(commonName), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "false"), @@ -509,7 +509,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_expirationInDays(t *testing func TestAccACMPCACertificateAuthority_RevocationCrl_s3ObjectACL(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -524,7 +524,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_s3ObjectACL(t *testing.T) { { Config: testAccCertificateAuthorityConfig_revocationConfigurationCrlConfigurationS3ObjectACL(rName, commonName, "BUCKET_OWNER_FULL_CONTROL"), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "true"), @@ -546,7 +546,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_s3ObjectACL(t *testing.T) { { Config: testAccCertificateAuthorityConfig_revocationConfigurationCrlConfigurationS3ObjectACL(rName, commonName, "PUBLIC_READ"), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.crl_configuration.0.enabled", "true"), @@ -561,7 +561,7 @@ func TestAccACMPCACertificateAuthority_RevocationCrl_s3ObjectACL(t *testing.T) { func TestAccACMPCACertificateAuthority_RevocationOcsp_enabled(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" commonName := acctest.RandomDomainName() @@ -575,7 +575,7 @@ func TestAccACMPCACertificateAuthority_RevocationOcsp_enabled(t *testing.T) { { Config: testAccCertificateAuthorityConfig_revocationConfigurationOcspConfigurationEnabled(commonName, true), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.0.enabled", "true"), @@ -595,7 +595,7 @@ func TestAccACMPCACertificateAuthority_RevocationOcsp_enabled(t *testing.T) { { Config: testAccCertificateAuthorityConfig_revocationConfigurationOcspConfigurationEnabled(commonName, false), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.0.enabled", "false"), @@ -605,7 +605,7 @@ func TestAccACMPCACertificateAuthority_RevocationOcsp_enabled(t *testing.T) { { Config: testAccCertificateAuthorityConfig_revocationConfigurationOcspConfigurationEnabled(commonName, true), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.0.enabled", "true"), @@ -616,7 +616,7 @@ func TestAccACMPCACertificateAuthority_RevocationOcsp_enabled(t *testing.T) { { Config: testAccCertificateAuthorityConfig_required(commonName), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.0.enabled", "false"), @@ -628,7 +628,7 @@ func TestAccACMPCACertificateAuthority_RevocationOcsp_enabled(t *testing.T) { func TestAccACMPCACertificateAuthority_RevocationOcsp_customCNAME(t *testing.T) { ctx := acctest.Context(t) - var certificateAuthority awstypes.CertificateAuthority + var certificateAuthority types.CertificateAuthority resourceName := "aws_acmpca_certificate_authority.test" domain := acctest.RandomDomain() commonName := domain.String() @@ -645,7 +645,7 @@ func TestAccACMPCACertificateAuthority_RevocationOcsp_customCNAME(t *testing.T) { Config: testAccCertificateAuthorityConfig_revocationConfigurationOcspConfigurationCustomCNAME(commonName, customCName), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.0.enabled", "true"), @@ -665,7 +665,7 @@ func TestAccACMPCACertificateAuthority_RevocationOcsp_customCNAME(t *testing.T) { Config: testAccCertificateAuthorityConfig_revocationConfigurationOcspConfigurationCustomCNAME(commonName, customCName2), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.0.enabled", "true"), @@ -676,7 +676,7 @@ func TestAccACMPCACertificateAuthority_RevocationOcsp_customCNAME(t *testing.T) { Config: testAccCertificateAuthorityConfig_revocationConfigurationOcspConfigurationEnabled(commonName, true), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.0.enabled", "true"), @@ -687,7 +687,7 @@ func TestAccACMPCACertificateAuthority_RevocationOcsp_customCNAME(t *testing.T) { Config: testAccCertificateAuthorityConfig_revocationConfigurationOcspConfigurationCustomCNAME(commonName, customCName), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.0.enabled", "true"), @@ -698,7 +698,7 @@ func TestAccACMPCACertificateAuthority_RevocationOcsp_customCNAME(t *testing.T) { Config: testAccCertificateAuthorityConfig_required(commonName), Check: resource.ComposeTestCheckFunc( - acctest.CheckACMPCACertificateAuthorityExists(ctx, resourceName, &certificateAuthority), + testAccCheckCertificateAuthorityExists(ctx, resourceName, &certificateAuthority), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "revocation_configuration.0.ocsp_configuration.0.enabled", "false"), diff --git a/internal/service/acmpca/exports_test.go b/internal/service/acmpca/exports_test.go new file mode 100644 index 00000000000..b9242fa54f6 --- /dev/null +++ b/internal/service/acmpca/exports_test.go @@ -0,0 +1,13 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package acmpca + +// Exports for use in tests only. +var ( + ResourceCertificateAuthority = resourceCertificateAuthority + ResourceCertificateAuthorityCertificate = resourceCertificateAuthorityCertificate + + FindCertificateAuthorityByARN = findCertificateAuthorityByARN + FindCertificateAuthorityCertificateByARN = findCertificateAuthorityCertificateByARN +) diff --git a/internal/service/acmpca/service_package_gen.go b/internal/service/acmpca/service_package_gen.go index 7da0bea074d..075a697f428 100644 --- a/internal/service/acmpca/service_package_gen.go +++ b/internal/service/acmpca/service_package_gen.go @@ -42,7 +42,7 @@ func (p *servicePackage) SDKResources(ctx context.Context) []*types.ServicePacka TypeName: "aws_acmpca_certificate", }, { - Factory: ResourceCertificateAuthority, + Factory: resourceCertificateAuthority, TypeName: "aws_acmpca_certificate_authority", Name: "Certificate Authority", Tags: &types.ServicePackageResourceTags{ From 5bd011b83b5ac01d5ee3e75ec25b84a141750a62 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 27 Mar 2024 16:27:21 -0400 Subject: [PATCH 09/16] d/aws_acmpca_certificate_authority: Reduce visibility. --- .../certificate_authority_data_source.go | 75 +++++++------------ .../service/acmpca/service_package_gen.go | 6 +- 2 files changed, 31 insertions(+), 50 deletions(-) diff --git a/internal/service/acmpca/certificate_authority_data_source.go b/internal/service/acmpca/certificate_authority_data_source.go index ece413e4f87..e9d314324be 100644 --- a/internal/service/acmpca/certificate_authority_data_source.go +++ b/internal/service/acmpca/certificate_authority_data_source.go @@ -5,12 +5,11 @@ package acmpca import ( "context" - "log" "time" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/acmpca" - awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" + "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" @@ -19,8 +18,10 @@ import ( tftags "github.com/hashicorp/terraform-provider-aws/internal/tags" ) -// @SDKDataSource("aws_acmpca_certificate_authority") -func DataSourceCertificateAuthority() *schema.Resource { +// @SDKDataSource("aws_acmpca_certificate_authority", name="Certificate Authority") +// @Tags(identifierAttribute="arn") +// @Testing(tagsTest=false) +func dataSourceCertificateAuthority() *schema.Resource { return &schema.Resource{ ReadWithoutTimeout: dataSourceCertificateAuthorityRead, @@ -132,25 +133,19 @@ func DataSourceCertificateAuthority() *schema.Resource { func dataSourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) - ignoreTagsConfig := meta.(*conns.AWSClient).IgnoreTagsConfig - certificateAuthorityARN := d.Get("arn").(string) - describeCertificateAuthorityInput := &acmpca.DescribeCertificateAuthorityInput{ + certificateAuthorityARN := d.Get("arn").(string) + input := &acmpca.DescribeCertificateAuthorityInput{ CertificateAuthorityArn: aws.String(certificateAuthorityARN), } - log.Printf("[DEBUG] Reading ACM PCA Certificate Authority: %+v", describeCertificateAuthorityInput) + certificateAuthority, err := findCertificateAuthority(ctx, conn, input) - describeCertificateAuthorityOutput, err := conn.DescribeCertificateAuthority(ctx, describeCertificateAuthorityInput) if err != nil { return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority (%s): %s", certificateAuthorityARN, err) } - if describeCertificateAuthorityOutput.CertificateAuthority == nil { - return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority: not found") - } - certificateAuthority := describeCertificateAuthorityOutput.CertificateAuthority - + d.SetId(certificateAuthorityARN) d.Set("arn", certificateAuthority.Arn) d.Set("key_storage_security_standard", certificateAuthority.KeyStorageSecurityStandard) d.Set("not_after", aws.ToTime(certificateAuthority.NotAfter).Format(time.RFC3339)) @@ -163,55 +158,37 @@ func dataSourceCertificateAuthorityRead(ctx context.Context, d *schema.ResourceD d.Set("type", certificateAuthority.Type) d.Set("usage_mode", certificateAuthority.UsageMode) - getCertificateAuthorityCertificateInput := &acmpca.GetCertificateAuthorityCertificateInput{ + outputGCACert, err := conn.GetCertificateAuthorityCertificate(ctx, &acmpca.GetCertificateAuthorityCertificateInput{ CertificateAuthorityArn: aws.String(certificateAuthorityARN), - } - - log.Printf("[DEBUG] Reading ACM PCA Certificate Authority Certificate: %+v", getCertificateAuthorityCertificateInput) + }) - getCertificateAuthorityCertificateOutput, err := conn.GetCertificateAuthorityCertificate(ctx, getCertificateAuthorityCertificateInput) - if err != nil { - // Returned when in PENDING_CERTIFICATE status - // InvalidStateException: The certificate authority XXXXX is not in the correct state to have a certificate signing request. - if errs.IsA[*awstypes.InvalidStateException](err) { - return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority Certificate: %s", err) - } + // Returned when in PENDING_CERTIFICATE status + // InvalidStateException: The certificate authority XXXXX is not in the correct state to have a certificate signing request. + if err != nil && !errs.IsA[*types.InvalidStateException](err) { + return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority (%s) Certificate: %s", d.Id(), err) } d.Set("certificate", "") d.Set("certificate_chain", "") - if getCertificateAuthorityCertificateOutput != nil { - d.Set("certificate", getCertificateAuthorityCertificateOutput.Certificate) - d.Set("certificate_chain", getCertificateAuthorityCertificateOutput.CertificateChain) + if outputGCACert != nil { + d.Set("certificate", outputGCACert.Certificate) + d.Set("certificate_chain", outputGCACert.CertificateChain) } - getCertificateAuthorityCsrInput := &acmpca.GetCertificateAuthorityCsrInput{ + outputGCACsr, err := conn.GetCertificateAuthorityCsr(ctx, &acmpca.GetCertificateAuthorityCsrInput{ CertificateAuthorityArn: aws.String(certificateAuthorityARN), - } - - log.Printf("[DEBUG] Reading ACM PCA Certificate Authority Certificate Signing Request: %+v", getCertificateAuthorityCsrInput) + }) - getCertificateAuthorityCsrOutput, err := conn.GetCertificateAuthorityCsr(ctx, getCertificateAuthorityCsrInput) - if err != nil { - return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority Certificate Signing Request: %s", err) + // Returned when in PENDING_CERTIFICATE status + // InvalidStateException: The certificate authority XXXXX is not in the correct state to have a certificate signing request. + if err != nil && !errs.IsA[*types.InvalidStateException](err) { + return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate Authority (%s) Certificate Signing Request: %s", d.Id(), err) } d.Set("certificate_signing_request", "") - if getCertificateAuthorityCsrOutput != nil { - d.Set("certificate_signing_request", getCertificateAuthorityCsrOutput.Csr) - } - - tags, err := listTags(ctx, conn, certificateAuthorityARN) - - if err != nil { - return sdkdiag.AppendErrorf(diags, "listing tags for ACM PCA Certificate Authority (%s): %s", certificateAuthorityARN, err) + if outputGCACsr != nil { + d.Set("certificate_signing_request", outputGCACsr.Csr) } - if err := d.Set("tags", tags.IgnoreAWS().IgnoreConfig(ignoreTagsConfig).Map()); err != nil { - return sdkdiag.AppendErrorf(diags, "setting tags: %s", err) - } - - d.SetId(certificateAuthorityARN) - return diags } diff --git a/internal/service/acmpca/service_package_gen.go b/internal/service/acmpca/service_package_gen.go index 075a697f428..274d4dfea2a 100644 --- a/internal/service/acmpca/service_package_gen.go +++ b/internal/service/acmpca/service_package_gen.go @@ -29,8 +29,12 @@ func (p *servicePackage) SDKDataSources(ctx context.Context) []*types.ServicePac TypeName: "aws_acmpca_certificate", }, { - Factory: DataSourceCertificateAuthority, + Factory: dataSourceCertificateAuthority, TypeName: "aws_acmpca_certificate_authority", + Name: "Certificate Authority", + Tags: &types.ServicePackageResourceTags{ + IdentifierAttribute: "arn", + }, }, } } From 4cf535c0790a3d668358aa1b0151c514ce53a7f2 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 27 Mar 2024 16:30:15 -0400 Subject: [PATCH 10/16] acmpca: Corrections. --- internal/service/acmpca/exports.go | 9 +++++++++ internal/service/acmpca/exports_test.go | 1 - internal/service/acmpca/sweep.go | 21 +++++++++------------ 3 files changed, 18 insertions(+), 13 deletions(-) create mode 100644 internal/service/acmpca/exports.go diff --git a/internal/service/acmpca/exports.go b/internal/service/acmpca/exports.go new file mode 100644 index 00000000000..e7ce64a37f7 --- /dev/null +++ b/internal/service/acmpca/exports.go @@ -0,0 +1,9 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package acmpca + +// Exports for use in other modules. +var ( + FindCertificateAuthorityByARN = findCertificateAuthorityByARN +) diff --git a/internal/service/acmpca/exports_test.go b/internal/service/acmpca/exports_test.go index b9242fa54f6..76d08840363 100644 --- a/internal/service/acmpca/exports_test.go +++ b/internal/service/acmpca/exports_test.go @@ -8,6 +8,5 @@ var ( ResourceCertificateAuthority = resourceCertificateAuthority ResourceCertificateAuthorityCertificate = resourceCertificateAuthorityCertificate - FindCertificateAuthorityByARN = findCertificateAuthorityByARN FindCertificateAuthorityCertificateByARN = findCertificateAuthorityCertificateByARN ) diff --git a/internal/service/acmpca/sweep.go b/internal/service/acmpca/sweep.go index ff514ce47bc..478ebb8c0bd 100644 --- a/internal/service/acmpca/sweep.go +++ b/internal/service/acmpca/sweep.go @@ -12,7 +12,7 @@ import ( awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-aws/internal/sweep" - "github.com/hashicorp/terraform-provider-aws/internal/sweep/awsv1" + "github.com/hashicorp/terraform-provider-aws/internal/sweep/awsv2" ) func RegisterSweepers() { @@ -35,8 +35,14 @@ func sweepCertificateAuthorities(region string) error { paginator := acmpca.NewListCertificateAuthoritiesPaginator(conn, input) for paginator.HasMorePages() { page, err := paginator.NextPage(ctx) + + if awsv2.SkipSweepError(err) { + log.Printf("[WARN] Skipping ACM PCA Certificate Authority sweep for %s: %s", region, err) + return nil + } + if err != nil { - return err + return fmt.Errorf("error listing ACM PCA Certificate Authorities (%s): %w", region, err) } for _, v := range page.CertificateAuthorities { @@ -47,7 +53,7 @@ func sweepCertificateAuthorities(region string) error { continue } - r := ResourceCertificateAuthority() + r := resourceCertificateAuthority() d := r.Data(nil) d.SetId(arn) d.Set("permanent_deletion_time_in_days", 7) //nolint:gomnd @@ -56,15 +62,6 @@ func sweepCertificateAuthorities(region string) error { } } - if awsv1.SkipSweepError(err) { - log.Printf("[WARN] Skipping ACM PCA Certificate Authority sweep for %s: %s", region, err) - return nil - } - - if err != nil { - return fmt.Errorf("error listing ACM PCA Certificate Authorities (%s): %w", region, err) - } - err = sweep.SweepOrchestrator(ctx, sweepResources) if err != nil { From 62ef3e54581f05175201d5f9f7f183856719e8f1 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 27 Mar 2024 17:06:54 -0400 Subject: [PATCH 11/16] r/aws_acmpca_certificate: Reduce visibility. --- internal/service/acmpca/certificate.go | 185 +++++++++--------- internal/service/acmpca/certificate_test.go | 61 ++---- internal/service/acmpca/exports_test.go | 3 + .../service/acmpca/service_package_gen.go | 3 +- 4 files changed, 120 insertions(+), 132 deletions(-) diff --git a/internal/service/acmpca/certificate.go b/internal/service/acmpca/certificate.go index 43614c9b1d4..d62227fb12e 100644 --- a/internal/service/acmpca/certificate.go +++ b/internal/service/acmpca/certificate.go @@ -19,7 +19,7 @@ import ( "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/aws/arn" "github.com/aws/aws-sdk-go-v2/service/acmpca" - awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" + "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" @@ -37,8 +37,8 @@ import ( cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1" ) -// @SDKResource("aws_acmpca_certificate") -func ResourceCertificate() *schema.Resource { +// @SDKResource("aws_acmpca_certificate", name="Certificate") +func resourceCertificate() *schema.Resource { return &schema.Resource{ CreateWithoutTimeout: resourceCertificateCreate, ReadWithoutTimeout: resourceCertificateRead, @@ -61,6 +61,17 @@ func ResourceCertificate() *schema.Resource { }, Schema: map[string]*schema.Schema{ + "api_passthrough": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + ValidateFunc: validation.StringIsJSON, + DiffSuppressFunc: verify.SuppressEquivalentJSONDiffs, + StateFunc: func(v interface{}) string { + json, _ := structure.NormalizeJsonString(v) + return json + }, + }, "arn": { Type: schema.TypeString, Computed: true, @@ -69,16 +80,16 @@ func ResourceCertificate() *schema.Resource { Type: schema.TypeString, Computed: true, }, - "certificate_chain": { - Type: schema.TypeString, - Computed: true, - }, "certificate_authority_arn": { Type: schema.TypeString, Required: true, ForceNew: true, ValidateFunc: verify.ValidARN, }, + "certificate_chain": { + Type: schema.TypeString, + Computed: true, + }, "certificate_signing_request": { Type: schema.TypeString, Required: true, @@ -88,7 +99,13 @@ func ResourceCertificate() *schema.Resource { Type: schema.TypeString, Required: true, ForceNew: true, - ValidateDiagFunc: enum.Validate[awstypes.SigningAlgorithm](), + ValidateDiagFunc: enum.Validate[types.SigningAlgorithm](), + }, + "template_arn": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + ValidateFunc: validTemplateARN, }, "validity": { Type: schema.TypeList, @@ -102,7 +119,7 @@ func ResourceCertificate() *schema.Resource { Type: schema.TypeString, Required: true, ForceNew: true, - ValidateDiagFunc: enum.Validate[awstypes.ValidityPeriodType](), + ValidateDiagFunc: enum.Validate[types.ValidityPeriodType](), }, "value": { Type: schema.TypeString, @@ -113,23 +130,6 @@ func ResourceCertificate() *schema.Resource { }, }, }, - "template_arn": { - Type: schema.TypeString, - Optional: true, - ForceNew: true, - ValidateFunc: ValidTemplateARN, - }, - "api_passthrough": { - Type: schema.TypeString, - Optional: true, - ForceNew: true, - ValidateFunc: validation.StringIsJSON, - DiffSuppressFunc: verify.SuppressEquivalentJSONDiffs, - StateFunc: func(v interface{}) string { - json, _ := structure.NormalizeJsonString(v) - return json - }, - }, }, } } @@ -144,56 +144,42 @@ func resourceCertificateCreate(ctx context.Context, d *schema.ResourceData, meta CertificateAuthorityArn: aws.String(certificateAuthorityARN), Csr: []byte(d.Get("certificate_signing_request").(string)), IdempotencyToken: aws.String(id.UniqueId()), - SigningAlgorithm: awstypes.SigningAlgorithm(d.Get("signing_algorithm").(string)), - } - validity, err := expandValidity(d.Get("validity").([]interface{})) - if err != nil { - return sdkdiag.AppendErrorf(diags, "issuing ACM PCA Certificate with Certificate Authority (%s): %s", certificateAuthorityARN, err) - } - input.Validity = validity - - if v, ok := d.Get("template_arn").(string); ok && v != "" { - input.TemplateArn = aws.String(v) + SigningAlgorithm: types.SigningAlgorithm(d.Get("signing_algorithm").(string)), } if v, ok := d.Get("api_passthrough").(string); ok && v != "" { - ap := &awstypes.ApiPassthrough{} + ap := &types.ApiPassthrough{} if err := json.Unmarshal([]byte(v), ap); err != nil { - return sdkdiag.AppendErrorf(diags, "decoding api_passthrough: %s", err) + return sdkdiag.AppendFromErr(diags, err) } input.ApiPassthrough = ap } - var output *acmpca.IssueCertificateOutput - err = retry.RetryContext(ctx, certificateAuthorityActiveTimeout, func() *retry.RetryError { - var err error - output, err = conn.IssueCertificate(ctx, input) - if errs.IsAErrorMessageContains[*awstypes.InvalidStateException](err, "The certificate authority is not in a valid state for issuing certificates") { - return retry.RetryableError(err) - } - if err != nil { - return retry.NonRetryableError(err) - } - return nil - }) - if tfresource.TimedOut(err) { - output, err = conn.IssueCertificate(ctx, input) + if v, ok := d.Get("template_arn").(string); ok && v != "" { + input.TemplateArn = aws.String(v) + } + + if validity, err := expandValidity(d.Get("validity").([]interface{})); err != nil { + return sdkdiag.AppendFromErr(diags, err) + } else { + input.Validity = validity } + outputRaw, err := tfresource.RetryWhenIsAErrorMessageContains[*types.InvalidStateException](ctx, certificateAuthorityActiveTimeout, func() (interface{}, error) { + return conn.IssueCertificate(ctx, input) + }, "The certificate authority is not in a valid state for issuing certificates") + if err != nil { return sdkdiag.AppendErrorf(diags, "issuing ACM PCA Certificate with Certificate Authority (%s): %s", certificateAuthorityARN, err) } - d.SetId(aws.ToString(output.CertificateArn)) + d.SetId(aws.ToString(outputRaw.(*acmpca.IssueCertificateOutput).CertificateArn)) // Wait for certificate status to become ISSUED. - waiter := acmpca.NewCertificateIssuedWaiter(conn) - params := &acmpca.GetCertificateInput{ - CertificateAuthorityArn: output.CertificateArn, - CertificateArn: aws.String(d.Get("certificate_authority_arn").(string)), - } - - err = waiter.Wait(ctx, params, certificateIssueTimeout) + err = acmpca.NewCertificateIssuedWaiter(conn).Wait(ctx, &acmpca.GetCertificateInput{ + CertificateArn: aws.String(d.Id()), + CertificateAuthorityArn: aws.String(d.Get("certificate_authority_arn").(string)), + }, certificateIssueTimeout) if err != nil { return sdkdiag.AppendErrorf(diags, "waiting for ACM PCA Certificate Authority (%s) to issue Certificate (%s), error: %s", certificateAuthorityARN, d.Id(), err) @@ -206,16 +192,9 @@ func resourceCertificateRead(ctx context.Context, d *schema.ResourceData, meta i var diags diag.Diagnostics conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) - getCertificateInput := &acmpca.GetCertificateInput{ - CertificateArn: aws.String(d.Id()), - CertificateAuthorityArn: aws.String(d.Get("certificate_authority_arn").(string)), - } - - log.Printf("[DEBUG] Reading ACM PCA Certificate: %+v", getCertificateInput) - - certificateOutput, err := conn.GetCertificate(ctx, getCertificateInput) + output, err := findCertificateByTwoPartKey(ctx, conn, d.Id(), d.Get("certificate_authority_arn").(string)) - if !d.IsNewResource() && errs.IsA[*awstypes.ResourceNotFoundException](err) { + if !d.IsNewResource() && tfresource.NotFound(err) { log.Printf("[WARN] ACM PCA Certificate (%s) not found, removing from state", d.Id()) d.SetId("") return diags @@ -225,13 +204,10 @@ func resourceCertificateRead(ctx context.Context, d *schema.ResourceData, meta i return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate (%s): %s", d.Id(), err) } - if certificateOutput == nil { - return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate (%s): empty response", d.Id()) - } - d.Set("arn", d.Id()) - d.Set("certificate", certificateOutput.Certificate) - d.Set("certificate_chain", certificateOutput.CertificateChain) + d.Set("certificate", output.Certificate) + d.Set("certificate_authority_arn", d.Get("certificate_authority_arn").(string)) + d.Set("certificate_chain", output.CertificateChain) return diags } @@ -251,22 +227,23 @@ func resourceCertificateRevoke(ctx context.Context, d *schema.ResourceData, meta serial, err := getCertificateSerial(block.Bytes) if err != nil { - return sdkdiag.AppendErrorf(diags, "getting ACM PCA Certificate (%s) serial number: %s", d.Id(), err) + return sdkdiag.AppendFromErr(diags, err) } - input := &acmpca.RevokeCertificateInput{ + log.Printf("[INFO] Revoking ACM PCA Certificate: %s", d.Id()) + _, err = conn.RevokeCertificate(ctx, &acmpca.RevokeCertificateInput{ CertificateAuthorityArn: aws.String(d.Get("certificate_authority_arn").(string)), CertificateSerial: aws.String(fmt.Sprintf("%x", serial)), - RevocationReason: awstypes.RevocationReasonUnspecified, - } - _, err = conn.RevokeCertificate(ctx, input) + RevocationReason: types.RevocationReasonUnspecified, + }) - if errs.IsA[*awstypes.ResourceNotFoundException](err) || - errs.IsA[*awstypes.RequestAlreadyProcessedException](err) || - errs.IsA[*awstypes.RequestInProgressException](err) || - errs.IsAErrorMessageContains[*awstypes.InvalidRequestException](err, "Self-signed certificate can not be revoked") { + if errs.IsA[*types.ResourceNotFoundException](err) || + errs.IsA[*types.RequestAlreadyProcessedException](err) || + errs.IsA[*types.RequestInProgressException](err) || + errs.IsAErrorMessageContains[*types.InvalidRequestException](err, "Self-signed certificate can not be revoked") { return diags } + if err != nil { return sdkdiag.AppendErrorf(diags, "revoking ACM PCA Certificate (%s): %s", d.Id(), err) } @@ -274,6 +251,36 @@ func resourceCertificateRevoke(ctx context.Context, d *schema.ResourceData, meta return diags } +func findCertificateByTwoPartKey(ctx context.Context, conn *acmpca.Client, certificateARN, certificateAuthorityARN string) (*acmpca.GetCertificateOutput, error) { + input := &acmpca.GetCertificateInput{ + CertificateArn: aws.String(certificateARN), + CertificateAuthorityArn: aws.String(certificateAuthorityARN), + } + + return findCertificate(ctx, conn, input) +} + +func findCertificate(ctx context.Context, conn *acmpca.Client, input *acmpca.GetCertificateInput) (*acmpca.GetCertificateOutput, error) { + output, err := conn.GetCertificate(ctx, input) + + if errs.IsA[*types.ResourceNotFoundException](err) { + return nil, &retry.NotFoundError{ + LastError: err, + LastRequest: input, + } + } + + if err != nil { + return nil, err + } + + if output == nil { + return nil, tfresource.NewEmptyResultError(input) + } + + return output, nil +} + // We parse certificate until we get serial number if possible. // This is partial copy of crypto/x509 package private function parseCertificate // https://github.com/golang/go/blob/6a70292d1cb3464e5b2c2c03341e5148730a1889/src/crypto/x509/parser.go#L800-L842 @@ -308,7 +315,7 @@ func getCertificateSerial(der []byte) (*big.Int, error) { return serial, nil } -func ValidTemplateARN(v interface{}, k string) (ws []string, errors []error) { +func validTemplateARN(v interface{}, k string) (ws []string, errors []error) { wsARN, errorsARN := verify.ValidARN(v, k) ws = append(ws, wsARN...) errors = append(errors, errorsARN...) @@ -337,7 +344,7 @@ func ValidTemplateARN(v interface{}, k string) (ws []string, errors []error) { return ws, errors } -func expandValidity(l []interface{}) (*awstypes.Validity, error) { +func expandValidity(l []interface{}) (*types.Validity, error) { if len(l) == 0 { return nil, nil } @@ -345,8 +352,8 @@ func expandValidity(l []interface{}) (*awstypes.Validity, error) { m := l[0].(map[string]interface{}) valueType := m["type"].(string) - result := &awstypes.Validity{ - Type: awstypes.ValidityPeriodType(valueType), + result := &types.Validity{ + Type: types.ValidityPeriodType(valueType), } i, err := ExpandValidityValue(valueType, m["value"].(string)) @@ -359,7 +366,7 @@ func expandValidity(l []interface{}) (*awstypes.Validity, error) { } func ExpandValidityValue(valueType, v string) (int64, error) { - if valueType == string(awstypes.ValidityPeriodTypeEndDate) { + if valueType == string(types.ValidityPeriodTypeEndDate) { date, err := time.Parse(time.RFC3339, v) if err != nil { return 0, err diff --git a/internal/service/acmpca/certificate_test.go b/internal/service/acmpca/certificate_test.go index 530f10faf23..028a571675f 100644 --- a/internal/service/acmpca/certificate_test.go +++ b/internal/service/acmpca/certificate_test.go @@ -13,15 +13,14 @@ import ( "time" "github.com/YakDriver/regexache" - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/acmpca" - awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" + "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-aws/internal/acctest" "github.com/hashicorp/terraform-provider-aws/internal/conns" "github.com/hashicorp/terraform-provider-aws/internal/errs" tfacmpca "github.com/hashicorp/terraform-provider-aws/internal/service/acmpca" + "github.com/hashicorp/terraform-provider-aws/internal/tfresource" "github.com/hashicorp/terraform-provider-aws/names" ) @@ -29,7 +28,6 @@ func TestAccACMPCACertificate_rootCertificate(t *testing.T) { ctx := acctest.Context(t) resourceName := "aws_acmpca_certificate.test" certificateAuthorityResourceName := "aws_acmpca_certificate_authority.test" - domain := acctest.RandomDomainName() resource.ParallelTest(t, resource.TestCase{ @@ -74,7 +72,6 @@ func TestAccACMPCACertificate_rootCertificateWithAPIPassthrough(t *testing.T) { ctx := acctest.Context(t) resourceName := "aws_acmpca_certificate.test" certificateAuthorityResourceName := "aws_acmpca_certificate_authority.test" - domain := acctest.RandomDomainName() resource.ParallelTest(t, resource.TestCase{ @@ -120,7 +117,6 @@ func TestAccACMPCACertificate_subordinateCertificate(t *testing.T) { resourceName := "aws_acmpca_certificate.test" rootCertificateAuthorityResourceName := "aws_acmpca_certificate_authority.root" subordinateCertificateAuthorityResourceName := "aws_acmpca_certificate_authority.test" - domain := acctest.RandomDomainName() resource.ParallelTest(t, resource.TestCase{ @@ -163,7 +159,6 @@ func TestAccACMPCACertificate_subordinateCertificate(t *testing.T) { func TestAccACMPCACertificate_endEntityCertificate(t *testing.T) { ctx := acctest.Context(t) resourceName := "aws_acmpca_certificate.test" - csrDomain := acctest.RandomDomainName() csr, _ := acctest.TLSRSAX509CertificateRequestPEM(t, 4096, csrDomain) domain := acctest.RandomDomainName() @@ -207,7 +202,6 @@ func TestAccACMPCACertificate_endEntityCertificate(t *testing.T) { func TestAccACMPCACertificate_Validity_endDate(t *testing.T) { ctx := acctest.Context(t) resourceName := "aws_acmpca_certificate.test" - csrDomain := acctest.RandomDomainName() csr, _ := acctest.TLSRSAX509CertificateRequestPEM(t, 4096, csrDomain) domain := acctest.RandomDomainName() @@ -252,7 +246,6 @@ func TestAccACMPCACertificate_Validity_endDate(t *testing.T) { func TestAccACMPCACertificate_Validity_absolute(t *testing.T) { ctx := acctest.Context(t) resourceName := "aws_acmpca_certificate.test" - csrDomain := acctest.RandomDomainName() csr, _ := acctest.TLSRSAX509CertificateRequestPEM(t, 4096, csrDomain) domain := acctest.RandomDomainName() @@ -303,56 +296,40 @@ func testAccCheckCertificateDestroy(ctx context.Context) resource.TestCheckFunc continue } - input := &acmpca.GetCertificateInput{ - CertificateArn: aws.String(rs.Primary.ID), - CertificateAuthorityArn: aws.String(rs.Primary.Attributes["certificate_authority_arn"]), - } + _, err := tfacmpca.FindCertificateByTwoPartKey(ctx, conn, rs.Primary.ID, rs.Primary.Attributes["certificate_authority_arn"]) - output, err := conn.GetCertificate(ctx, input) - if errs.IsA[*awstypes.ResourceNotFoundException](err) { - return nil + if tfresource.NotFound(err) { + continue } - if errs.IsAErrorMessageContains[*awstypes.InvalidStateException](err, "not in the correct state to have issued certificates") { + + if errs.IsAErrorMessageContains[*types.InvalidStateException](err, "not in the correct state to have issued certificates") { // This is returned when checking root certificates and the certificate has not been associated with the certificate authority - return nil + continue } + if err != nil { return err } - if output != nil { - return fmt.Errorf("ACM PCA Certificate (%s) still exists", rs.Primary.ID) - } + return fmt.Errorf("ACM PCA Certificate %s still exists", rs.Primary.ID) } return nil } } -func testAccCheckCertificateExists(ctx context.Context, resourceName string) resource.TestCheckFunc { +func testAccCheckCertificateExists(ctx context.Context, n string) resource.TestCheckFunc { return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[resourceName] + rs, ok := s.RootModule().Resources[n] if !ok { - return fmt.Errorf("Not found: %s", resourceName) + return fmt.Errorf("Not found: %s", n) } conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) - input := &acmpca.GetCertificateInput{ - CertificateArn: aws.String(rs.Primary.ID), - CertificateAuthorityArn: aws.String(rs.Primary.Attributes["certificate_authority_arn"]), - } - - output, err := conn.GetCertificate(ctx, input) - if err != nil { - return err - } + _, err := tfacmpca.FindCertificateByTwoPartKey(ctx, conn, rs.Primary.ID, rs.Primary.Attributes["certificate_authority_arn"]) - if output == nil || output.Certificate == nil { - return fmt.Errorf("ACM PCA Certificate %q does not exist", rs.Primary.ID) - } - - return nil + return err } } @@ -630,22 +607,22 @@ func TestExpandValidityValue(t *testing.T) { Expected int64 }{ { - Type: string(awstypes.ValidityPeriodTypeEndDate), + Type: string(types.ValidityPeriodTypeEndDate), Value: "2021-02-26T16:04:00Z", Expected: 20210226160400, }, { - Type: string(awstypes.ValidityPeriodTypeEndDate), + Type: string(types.ValidityPeriodTypeEndDate), Value: "2021-02-26T16:04:00-08:00", Expected: 20210227000400, }, { - Type: string(awstypes.ValidityPeriodTypeAbsolute), + Type: string(types.ValidityPeriodTypeAbsolute), Value: "1614385420", Expected: 1614385420, }, { - Type: string(awstypes.ValidityPeriodTypeYears), + Type: string(types.ValidityPeriodTypeYears), Value: "2", Expected: 2, }, diff --git a/internal/service/acmpca/exports_test.go b/internal/service/acmpca/exports_test.go index 76d08840363..c29966c3ed3 100644 --- a/internal/service/acmpca/exports_test.go +++ b/internal/service/acmpca/exports_test.go @@ -5,8 +5,11 @@ package acmpca // Exports for use in tests only. var ( + ResourceCertificate = resourceCertificate ResourceCertificateAuthority = resourceCertificateAuthority ResourceCertificateAuthorityCertificate = resourceCertificateAuthorityCertificate FindCertificateAuthorityCertificateByARN = findCertificateAuthorityCertificateByARN + FindCertificateByTwoPartKey = findCertificateByTwoPartKey + ValidTemplateARN = validTemplateARN ) diff --git a/internal/service/acmpca/service_package_gen.go b/internal/service/acmpca/service_package_gen.go index 274d4dfea2a..3117f4c08a8 100644 --- a/internal/service/acmpca/service_package_gen.go +++ b/internal/service/acmpca/service_package_gen.go @@ -42,8 +42,9 @@ func (p *servicePackage) SDKDataSources(ctx context.Context) []*types.ServicePac func (p *servicePackage) SDKResources(ctx context.Context) []*types.ServicePackageSDKResource { return []*types.ServicePackageSDKResource{ { - Factory: ResourceCertificate, + Factory: resourceCertificate, TypeName: "aws_acmpca_certificate", + Name: "Certificate", }, { Factory: resourceCertificateAuthority, From 4ca9313ea8d5573ca6fb9444bbb7b90655711582 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 27 Mar 2024 17:10:17 -0400 Subject: [PATCH 12/16] d/aws_acmpca_certificate: Reduce visibility. --- internal/service/acmpca/certificate.go | 15 +++++----- .../service/acmpca/certificate_data_source.go | 29 +++++++------------ .../service/acmpca/service_package_gen.go | 3 +- 3 files changed, 20 insertions(+), 27 deletions(-) diff --git a/internal/service/acmpca/certificate.go b/internal/service/acmpca/certificate.go index d62227fb12e..0a7e69040c5 100644 --- a/internal/service/acmpca/certificate.go +++ b/internal/service/acmpca/certificate.go @@ -140,7 +140,7 @@ func resourceCertificateCreate(ctx context.Context, d *schema.ResourceData, meta conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) certificateAuthorityARN := d.Get("certificate_authority_arn").(string) - input := &acmpca.IssueCertificateInput{ + inputI := &acmpca.IssueCertificateInput{ CertificateAuthorityArn: aws.String(certificateAuthorityARN), Csr: []byte(d.Get("certificate_signing_request").(string)), IdempotencyToken: aws.String(id.UniqueId()), @@ -152,21 +152,21 @@ func resourceCertificateCreate(ctx context.Context, d *schema.ResourceData, meta if err := json.Unmarshal([]byte(v), ap); err != nil { return sdkdiag.AppendFromErr(diags, err) } - input.ApiPassthrough = ap + inputI.ApiPassthrough = ap } if v, ok := d.Get("template_arn").(string); ok && v != "" { - input.TemplateArn = aws.String(v) + inputI.TemplateArn = aws.String(v) } if validity, err := expandValidity(d.Get("validity").([]interface{})); err != nil { return sdkdiag.AppendFromErr(diags, err) } else { - input.Validity = validity + inputI.Validity = validity } outputRaw, err := tfresource.RetryWhenIsAErrorMessageContains[*types.InvalidStateException](ctx, certificateAuthorityActiveTimeout, func() (interface{}, error) { - return conn.IssueCertificate(ctx, input) + return conn.IssueCertificate(ctx, inputI) }, "The certificate authority is not in a valid state for issuing certificates") if err != nil { @@ -176,10 +176,11 @@ func resourceCertificateCreate(ctx context.Context, d *schema.ResourceData, meta d.SetId(aws.ToString(outputRaw.(*acmpca.IssueCertificateOutput).CertificateArn)) // Wait for certificate status to become ISSUED. - err = acmpca.NewCertificateIssuedWaiter(conn).Wait(ctx, &acmpca.GetCertificateInput{ + inputG := &acmpca.GetCertificateInput{ CertificateArn: aws.String(d.Id()), CertificateAuthorityArn: aws.String(d.Get("certificate_authority_arn").(string)), - }, certificateIssueTimeout) + } + err = acmpca.NewCertificateIssuedWaiter(conn).Wait(ctx, inputG, certificateIssueTimeout) if err != nil { return sdkdiag.AppendErrorf(diags, "waiting for ACM PCA Certificate Authority (%s) to issue Certificate (%s), error: %s", certificateAuthorityARN, d.Id(), err) diff --git a/internal/service/acmpca/certificate_data_source.go b/internal/service/acmpca/certificate_data_source.go index ba67c6a8430..c6faab0c1ee 100644 --- a/internal/service/acmpca/certificate_data_source.go +++ b/internal/service/acmpca/certificate_data_source.go @@ -5,10 +5,7 @@ package acmpca import ( "context" - "log" - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/acmpca" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" @@ -16,8 +13,8 @@ import ( "github.com/hashicorp/terraform-provider-aws/internal/verify" ) -// @SDKDataSource("aws_acmpca_certificate") -func DataSourceCertificate() *schema.Resource { +// @SDKDataSource("aws_acmpca_certificate", name="Certificate") +func dataSourceCertificate() *schema.Resource { return &schema.Resource{ ReadWithoutTimeout: dataSourceCertificateRead, @@ -27,15 +24,15 @@ func DataSourceCertificate() *schema.Resource { Required: true, ValidateFunc: verify.ValidARN, }, + "certificate": { + Type: schema.TypeString, + Computed: true, + }, "certificate_authority_arn": { Type: schema.TypeString, Required: true, ValidateFunc: verify.ValidARN, }, - "certificate": { - Type: schema.TypeString, - Computed: true, - }, "certificate_chain": { Type: schema.TypeString, Computed: true, @@ -47,23 +44,17 @@ func DataSourceCertificate() *schema.Resource { func dataSourceCertificateRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) - certificateARN := d.Get("arn").(string) - getCertificateInput := &acmpca.GetCertificateInput{ - CertificateArn: aws.String(certificateARN), - CertificateAuthorityArn: aws.String(d.Get("certificate_authority_arn").(string)), - } - - log.Printf("[DEBUG] Reading ACM PCA Certificate: %+v", getCertificateInput) + certificateARN := d.Get("arn").(string) + output, err := findCertificateByTwoPartKey(ctx, conn, certificateARN, d.Get("certificate_authority_arn").(string)) - certificateOutput, err := conn.GetCertificate(ctx, getCertificateInput) if err != nil { return sdkdiag.AppendErrorf(diags, "reading ACM PCA Certificate (%s): %s", certificateARN, err) } d.SetId(certificateARN) - d.Set("certificate", certificateOutput.Certificate) - d.Set("certificate_chain", certificateOutput.CertificateChain) + d.Set("certificate", output.Certificate) + d.Set("certificate_chain", output.CertificateChain) return diags } diff --git a/internal/service/acmpca/service_package_gen.go b/internal/service/acmpca/service_package_gen.go index 3117f4c08a8..d24c2ac120a 100644 --- a/internal/service/acmpca/service_package_gen.go +++ b/internal/service/acmpca/service_package_gen.go @@ -25,8 +25,9 @@ func (p *servicePackage) FrameworkResources(ctx context.Context) []*types.Servic func (p *servicePackage) SDKDataSources(ctx context.Context) []*types.ServicePackageSDKDataSource { return []*types.ServicePackageSDKDataSource{ { - Factory: DataSourceCertificate, + Factory: dataSourceCertificate, TypeName: "aws_acmpca_certificate", + Name: "Certificate", }, { Factory: dataSourceCertificateAuthority, From d1e0a2b35184d5671344e9aa1071f90d60216567 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 27 Mar 2024 17:40:27 -0400 Subject: [PATCH 13/16] Fix 'TestAccACMPCACertificateDataSource_basic'. --- internal/service/acmpca/certificate_data_source_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/acmpca/certificate_data_source_test.go b/internal/service/acmpca/certificate_data_source_test.go index b628e9c1b53..f1c5cb89645 100644 --- a/internal/service/acmpca/certificate_data_source_test.go +++ b/internal/service/acmpca/certificate_data_source_test.go @@ -27,7 +27,7 @@ func TestAccACMPCACertificateDataSource_basic(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccCertificateDataSourceConfig_nonExistent, - ExpectError: regexache.MustCompile(`ResourceNotFoundException`), + ExpectError: regexache.MustCompile(`couldn't find resource`), }, { Config: testAccCertificateDataSourceConfig_arn(domain), From a3821de1d72a34dd0c80b8fba7077401f4263fef Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 28 Mar 2024 08:01:13 -0400 Subject: [PATCH 14/16] r/aws_acmpca_permission: Reduce visibility. --- internal/service/acmpca/exports_test.go | 2 + internal/service/acmpca/find.go | 27 ------ internal/service/acmpca/permission.go | 85 ++++++++++++------- internal/service/acmpca/permission_test.go | 30 ++----- .../service/acmpca/service_package_gen.go | 3 +- 5 files changed, 66 insertions(+), 81 deletions(-) diff --git a/internal/service/acmpca/exports_test.go b/internal/service/acmpca/exports_test.go index c29966c3ed3..23727301558 100644 --- a/internal/service/acmpca/exports_test.go +++ b/internal/service/acmpca/exports_test.go @@ -8,8 +8,10 @@ var ( ResourceCertificate = resourceCertificate ResourceCertificateAuthority = resourceCertificateAuthority ResourceCertificateAuthorityCertificate = resourceCertificateAuthorityCertificate + ResourcePermission = resourcePermission FindCertificateAuthorityCertificateByARN = findCertificateAuthorityCertificateByARN FindCertificateByTwoPartKey = findCertificateByTwoPartKey + FindPermissionByThreePartKey = findPermissionByThreePartKey ValidTemplateARN = validTemplateARN ) diff --git a/internal/service/acmpca/find.go b/internal/service/acmpca/find.go index ea3da3f54f3..7b3493df66b 100644 --- a/internal/service/acmpca/find.go +++ b/internal/service/acmpca/find.go @@ -38,30 +38,3 @@ func FindPolicyByARN(ctx context.Context, conn *acmpca.Client, arn string) (stri return aws.ToString(output.Policy), nil } - -func FindPermission(ctx context.Context, conn *acmpca.Client, certificateAuthorityARN, principal, sourceAccount string) (*awstypes.Permission, error) { - input := &acmpca.ListPermissionsInput{ - CertificateAuthorityArn: aws.String(certificateAuthorityARN), - } - - var results []awstypes.Permission - paginator := acmpca.NewListPermissionsPaginator(conn, input) - for paginator.HasMorePages() { - page, err := paginator.NextPage(ctx) - if err != nil { - return nil, err - } - - for _, permission := range page.Permissions { - if aws.ToString(permission.Principal) == principal && (sourceAccount == "" || aws.ToString(permission.SourceAccount) == sourceAccount) { - results = append(results, permission) - } - } - } - - permission, err := tfresource.AssertSingleValueResult(results) - if err != nil { - return nil, err - } - return permission, nil -} diff --git a/internal/service/acmpca/permission.go b/internal/service/acmpca/permission.go index e42d5363f38..26dba9b8312 100644 --- a/internal/service/acmpca/permission.go +++ b/internal/service/acmpca/permission.go @@ -5,13 +5,11 @@ package acmpca import ( "context" - "fmt" "log" - "strings" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/acmpca" - awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" + "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" @@ -19,12 +17,18 @@ import ( "github.com/hashicorp/terraform-provider-aws/internal/enum" "github.com/hashicorp/terraform-provider-aws/internal/errs" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" + "github.com/hashicorp/terraform-provider-aws/internal/flex" + tfslices "github.com/hashicorp/terraform-provider-aws/internal/slices" "github.com/hashicorp/terraform-provider-aws/internal/tfresource" "github.com/hashicorp/terraform-provider-aws/internal/verify" ) -// @SDKResource("aws_acmpca_permission") -func ResourcePermission() *schema.Resource { +const ( + permissionResourceIDPartCount = 3 +) + +// @SDKResource("aws_acmpca_permission", name="Permission") +func resourcePermission() *schema.Resource { return &schema.Resource{ CreateWithoutTimeout: resourcePermissionCreate, ReadWithoutTimeout: resourcePermissionRead, @@ -37,7 +41,7 @@ func ResourcePermission() *schema.Resource { ForceNew: true, Elem: &schema.Schema{ Type: schema.TypeString, - ValidateDiagFunc: enum.Validate[awstypes.ActionType](), + ValidateDiagFunc: enum.Validate[types.ActionType](), }, }, "certificate_authority_arn": { @@ -75,7 +79,7 @@ func resourcePermissionCreate(ctx context.Context, d *schema.ResourceData, meta caARN := d.Get("certificate_authority_arn").(string) principal := d.Get("principal").(string) sourceAccount := d.Get("source_account").(string) - id := PermissionCreateResourceID(caARN, principal, sourceAccount) + id := errs.Must(flex.FlattenResourceId([]string{caARN, principal, sourceAccount}, permissionResourceIDPartCount, false)) input := &acmpca.CreatePermissionInput{ Actions: expandPermissionActions(d.Get("actions").(*schema.Set)), CertificateAuthorityArn: aws.String(caARN), @@ -86,7 +90,6 @@ func resourcePermissionCreate(ctx context.Context, d *schema.ResourceData, meta input.SourceAccount = aws.String(sourceAccount) } - log.Printf("[DEBUG] Creating ACM PCA Permission: %+v", input) _, err := conn.CreatePermission(ctx, input) if err != nil { @@ -102,13 +105,13 @@ func resourcePermissionRead(ctx context.Context, d *schema.ResourceData, meta in var diags diag.Diagnostics conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) - caARN, principal, sourceAccount, err := PermissionParseResourceID(d.Id()) - + parts, err := flex.ExpandResourceId(d.Id(), permissionResourceIDPartCount, false) if err != nil { - return sdkdiag.AppendErrorf(diags, "reading ACM PCA Permission (%s): %s", d.Id(), err) + return sdkdiag.AppendFromErr(diags, err) } - permission, err := FindPermission(ctx, conn, caARN, principal, sourceAccount) + caARN, principal, sourceAccount := parts[0], parts[1], parts[2] + permission, err := findPermissionByThreePartKey(ctx, conn, caARN, principal, sourceAccount) if !d.IsNewResource() && tfresource.NotFound(err) { log.Printf("[WARN] ACM PCA Permission (%s) not found, removing from state", d.Id()) @@ -133,12 +136,12 @@ func resourcePermissionDelete(ctx context.Context, d *schema.ResourceData, meta var diags diag.Diagnostics conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) - caARN, principal, sourceAccount, err := PermissionParseResourceID(d.Id()) - + parts, err := flex.ExpandResourceId(d.Id(), permissionResourceIDPartCount, false) if err != nil { - return sdkdiag.AppendErrorf(diags, "deleting ACM PCA Permission (%s): %s", d.Id(), err) + return sdkdiag.AppendFromErr(diags, err) } + caARN, principal, sourceAccount := parts[0], parts[1], parts[2] input := &acmpca.DeletePermissionInput{ CertificateAuthorityArn: aws.String(caARN), Principal: aws.String(principal), @@ -151,7 +154,7 @@ func resourcePermissionDelete(ctx context.Context, d *schema.ResourceData, meta log.Printf("[DEBUG] Deleting ACM PCA Permission: %s", d.Id()) _, err = conn.DeletePermission(ctx, input) - if errs.IsA[*awstypes.ResourceNotFoundException](err) { + if errs.IsA[*types.ResourceNotFoundException](err) { return diags } @@ -162,36 +165,58 @@ func resourcePermissionDelete(ctx context.Context, d *schema.ResourceData, meta return diags } -const permissionIDSeparator = "," +func findPermissionByThreePartKey(ctx context.Context, conn *acmpca.Client, certificateAuthorityARN, principal, sourceAccount string) (*types.Permission, error) { + input := &acmpca.ListPermissionsInput{ + CertificateAuthorityArn: aws.String(certificateAuthorityARN), + } + + return findPermission(ctx, conn, input, func(v *types.Permission) bool { + return aws.ToString(v.Principal) == principal && (sourceAccount == "" || aws.ToString(v.SourceAccount) == sourceAccount) + }) +} + +func findPermission(ctx context.Context, conn *acmpca.Client, input *acmpca.ListPermissionsInput, filter tfslices.Predicate[*types.Permission]) (*types.Permission, error) { + output, err := findPermissions(ctx, conn, input, filter) -func PermissionCreateResourceID(caARN, principal, sourceAccount string) string { - parts := []string{caARN, principal, sourceAccount} - id := strings.Join(parts, permissionIDSeparator) + if err != nil { + return nil, err + } - return id + return tfresource.AssertSingleValueResult(output) } -func PermissionParseResourceID(id string) (string, string, string, error) { - parts := strings.Split(id, permissionIDSeparator) +func findPermissions(ctx context.Context, conn *acmpca.Client, input *acmpca.ListPermissionsInput, filter tfslices.Predicate[*types.Permission]) ([]types.Permission, error) { + var output []types.Permission + + pages := acmpca.NewListPermissionsPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) + + if err != nil { + return nil, err + } - if len(parts) == 3 && parts[0] != "" && parts[1] != "" { - return parts[0], parts[1], parts[2], nil + for _, v := range page.Permissions { + if filter(&v) { + output = append(output, v) + } + } } - return "", "", "", fmt.Errorf("unexpected format for ID (%[1]s), expected CertificateAuthorityARN%[2]sPrincipal%[2]sSourceAccount", id, permissionIDSeparator) + return output, nil } -func expandPermissionActions(s *schema.Set) []awstypes.ActionType { - actions := make([]awstypes.ActionType, 0) +func expandPermissionActions(s *schema.Set) []types.ActionType { + actions := make([]types.ActionType, 0) for _, a := range s.List() { - action := awstypes.ActionType(a.(string)) + action := types.ActionType(a.(string)) actions = append(actions, action) } return actions } -func flattenPermissionActions(list []awstypes.ActionType) []string { +func flattenPermissionActions(list []types.ActionType) []string { if len(list) == 0 { return nil } diff --git a/internal/service/acmpca/permission_test.go b/internal/service/acmpca/permission_test.go index 59feeced918..bd00efb87a5 100644 --- a/internal/service/acmpca/permission_test.go +++ b/internal/service/acmpca/permission_test.go @@ -8,7 +8,7 @@ import ( "fmt" "testing" - awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" + "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-aws/internal/acctest" @@ -20,7 +20,7 @@ import ( func TestAccACMPCAPermission_basic(t *testing.T) { ctx := acctest.Context(t) - var permission awstypes.Permission + var permission types.Permission resourceName := "aws_acmpca_permission.test" commonName := acctest.RandomDomainName() @@ -49,7 +49,7 @@ func TestAccACMPCAPermission_basic(t *testing.T) { func TestAccACMPCAPermission_disappears(t *testing.T) { ctx := acctest.Context(t) - var permission awstypes.Permission + var permission types.Permission resourceName := "aws_acmpca_permission.test" commonName := acctest.RandomDomainName() @@ -73,7 +73,7 @@ func TestAccACMPCAPermission_disappears(t *testing.T) { func TestAccACMPCAPermission_sourceAccount(t *testing.T) { ctx := acctest.Context(t) - var permission awstypes.Permission + var permission types.Permission resourceName := "aws_acmpca_permission.test" commonName := acctest.RandomDomainName() @@ -103,13 +103,7 @@ func testAccCheckPermissionDestroy(ctx context.Context) resource.TestCheckFunc { continue } - caARN, principal, sourceAccount, err := tfacmpca.PermissionParseResourceID(rs.Primary.ID) - - if err != nil { - return err - } - - _, err = tfacmpca.FindPermission(ctx, conn, caARN, principal, sourceAccount) + _, err := tfacmpca.FindPermissionByThreePartKey(ctx, conn, rs.Primary.Attributes["certificate_authority_arn"], rs.Primary.Attributes["principal"], rs.Primary.Attributes["source_account"]) if tfresource.NotFound(err) { continue @@ -126,26 +120,16 @@ func testAccCheckPermissionDestroy(ctx context.Context) resource.TestCheckFunc { } } -func testAccCheckPermissionExists(ctx context.Context, n string, v *awstypes.Permission) resource.TestCheckFunc { +func testAccCheckPermissionExists(ctx context.Context, n string, v *types.Permission) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] if !ok { return fmt.Errorf("Not found: %s", n) } - if rs.Primary.ID == "" { - return fmt.Errorf("No ACM PCA Permission ID is set") - } - - caARN, principal, sourceAccount, err := tfacmpca.PermissionParseResourceID(rs.Primary.ID) - - if err != nil { - return err - } - conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) - output, err := tfacmpca.FindPermission(ctx, conn, caARN, principal, sourceAccount) + output, err := tfacmpca.FindPermissionByThreePartKey(ctx, conn, rs.Primary.Attributes["certificate_authority_arn"], rs.Primary.Attributes["principal"], rs.Primary.Attributes["source_account"]) if err != nil { return err diff --git a/internal/service/acmpca/service_package_gen.go b/internal/service/acmpca/service_package_gen.go index d24c2ac120a..0793a9012bd 100644 --- a/internal/service/acmpca/service_package_gen.go +++ b/internal/service/acmpca/service_package_gen.go @@ -61,8 +61,9 @@ func (p *servicePackage) SDKResources(ctx context.Context) []*types.ServicePacka Name: "Certificate Authority Certificate", }, { - Factory: ResourcePermission, + Factory: resourcePermission, TypeName: "aws_acmpca_permission", + Name: "Permission", }, { Factory: ResourcePolicy, From 0e9ad67cf8a83f7bf0dd5429c5acaaaf33e6dbfe Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 28 Mar 2024 08:06:08 -0400 Subject: [PATCH 15/16] r/aws_acmpca_policy: Reduce visibility. --- internal/service/acmpca/exports_test.go | 2 + internal/service/acmpca/find.go | 40 --------------- internal/service/acmpca/policy.go | 50 ++++++++++++++----- internal/service/acmpca/policy_test.go | 4 -- .../service/acmpca/service_package_gen.go | 3 +- 5 files changed, 42 insertions(+), 57 deletions(-) delete mode 100644 internal/service/acmpca/find.go diff --git a/internal/service/acmpca/exports_test.go b/internal/service/acmpca/exports_test.go index 23727301558..467bbe075f8 100644 --- a/internal/service/acmpca/exports_test.go +++ b/internal/service/acmpca/exports_test.go @@ -9,9 +9,11 @@ var ( ResourceCertificateAuthority = resourceCertificateAuthority ResourceCertificateAuthorityCertificate = resourceCertificateAuthorityCertificate ResourcePermission = resourcePermission + ResourcePolicy = resourcePolicy FindCertificateAuthorityCertificateByARN = findCertificateAuthorityCertificateByARN FindCertificateByTwoPartKey = findCertificateByTwoPartKey FindPermissionByThreePartKey = findPermissionByThreePartKey + FindPolicyByARN = findPolicyByARN ValidTemplateARN = validTemplateARN ) diff --git a/internal/service/acmpca/find.go b/internal/service/acmpca/find.go deleted file mode 100644 index 7b3493df66b..00000000000 --- a/internal/service/acmpca/find.go +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package acmpca - -import ( - "context" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/acmpca" - awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" - "github.com/hashicorp/terraform-provider-aws/internal/errs" - "github.com/hashicorp/terraform-provider-aws/internal/tfresource" -) - -func FindPolicyByARN(ctx context.Context, conn *acmpca.Client, arn string) (string, error) { - input := &acmpca.GetPolicyInput{ - ResourceArn: aws.String(arn), - } - - output, err := conn.GetPolicy(ctx, input) - - if errs.IsA[*awstypes.ResourceNotFoundException](err) { - return "", &retry.NotFoundError{ - LastError: err, - LastRequest: input, - } - } - - if err != nil { - return "", err - } - - if output == nil || output.Policy == nil { - return "", tfresource.NewEmptyResultError(input) - } - - return aws.ToString(output.Policy), nil -} diff --git a/internal/service/acmpca/policy.go b/internal/service/acmpca/policy.go index f4b370bd94b..23e3fb281f7 100644 --- a/internal/service/acmpca/policy.go +++ b/internal/service/acmpca/policy.go @@ -9,8 +9,9 @@ import ( "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/acmpca" - awstypes "github.com/aws/aws-sdk-go-v2/service/acmpca/types" + "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" @@ -21,8 +22,8 @@ import ( "github.com/hashicorp/terraform-provider-aws/internal/verify" ) -// @SDKResource("aws_acmpca_policy") -func ResourcePolicy() *schema.Resource { +// @SDKResource("aws_acmpca_policy", name="Policy") +func resourcePolicy() *schema.Resource { return &schema.Resource{ CreateWithoutTimeout: resourcePolicyPut, ReadWithoutTimeout: resourcePolicyRead, @@ -59,9 +60,8 @@ func resourcePolicyPut(ctx context.Context, d *schema.ResourceData, meta interfa conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) policy, err := structure.NormalizeJsonString(d.Get("policy").(string)) - if err != nil { - return sdkdiag.AppendErrorf(diags, "policy (%s) is invalid JSON: %s", d.Get("policy").(string), err) + return sdkdiag.AppendFromErr(diags, err) } resourceARN := d.Get("resource_arn").(string) @@ -70,14 +70,15 @@ func resourcePolicyPut(ctx context.Context, d *schema.ResourceData, meta interfa ResourceArn: aws.String(resourceARN), } - log.Printf("[DEBUG] Putting ACM PCA Policy: %+v", input) _, err = conn.PutPolicy(ctx, input) if err != nil { return sdkdiag.AppendErrorf(diags, "putting ACM PCA Policy (%s): %s", resourceARN, err) } - d.SetId(resourceARN) + if d.IsNewResource() { + d.SetId(resourceARN) + } return append(diags, resourcePolicyRead(ctx, d, meta)...) } @@ -86,7 +87,7 @@ func resourcePolicyRead(ctx context.Context, d *schema.ResourceData, meta interf var diags diag.Diagnostics conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) - policy, err := FindPolicyByARN(ctx, conn, d.Id()) + policy, err := findPolicyByARN(ctx, conn, d.Id()) if !d.IsNewResource() && tfresource.NotFound(err) { log.Printf("[WARN] ACM PCA Policy (%s) not found, removing from state", d.Id()) @@ -113,10 +114,10 @@ func resourcePolicyDelete(ctx context.Context, d *schema.ResourceData, meta inte ResourceArn: aws.String(d.Id()), }) - if errs.IsA[*awstypes.ResourceNotFoundException](err) || - errs.IsA[*awstypes.RequestAlreadyProcessedException](err) || - errs.IsA[*awstypes.RequestInProgressException](err) || - errs.IsAErrorMessageContains[*awstypes.InvalidRequestException](err, "Self-signed policy can not be revoked") { + if errs.IsA[*types.ResourceNotFoundException](err) || + errs.IsA[*types.RequestAlreadyProcessedException](err) || + errs.IsA[*types.RequestInProgressException](err) || + errs.IsAErrorMessageContains[*types.InvalidRequestException](err, "Self-signed policy can not be revoked") { return diags } @@ -126,3 +127,28 @@ func resourcePolicyDelete(ctx context.Context, d *schema.ResourceData, meta inte return diags } + +func findPolicyByARN(ctx context.Context, conn *acmpca.Client, arn string) (*string, error) { + input := &acmpca.GetPolicyInput{ + ResourceArn: aws.String(arn), + } + + output, err := conn.GetPolicy(ctx, input) + + if errs.IsA[*types.ResourceNotFoundException](err) { + return nil, &retry.NotFoundError{ + LastError: err, + LastRequest: input, + } + } + + if err != nil { + return nil, err + } + + if output == nil || output.Policy == nil { + return nil, tfresource.NewEmptyResultError(input) + } + + return output.Policy, nil +} diff --git a/internal/service/acmpca/policy_test.go b/internal/service/acmpca/policy_test.go index e590d5d33f2..285191fc861 100644 --- a/internal/service/acmpca/policy_test.go +++ b/internal/service/acmpca/policy_test.go @@ -76,10 +76,6 @@ func testAccCheckPolicyExists(ctx context.Context, n string) resource.TestCheckF return fmt.Errorf("Not found: %s", n) } - if rs.Primary.ID == "" { - return fmt.Errorf("No ACM PCA Policy ID is set") - } - conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx) _, err := tfacmpca.FindPolicyByARN(ctx, conn, rs.Primary.ID) diff --git a/internal/service/acmpca/service_package_gen.go b/internal/service/acmpca/service_package_gen.go index 0793a9012bd..2d28a5e8c3c 100644 --- a/internal/service/acmpca/service_package_gen.go +++ b/internal/service/acmpca/service_package_gen.go @@ -66,8 +66,9 @@ func (p *servicePackage) SDKResources(ctx context.Context) []*types.ServicePacka Name: "Permission", }, { - Factory: ResourcePolicy, + Factory: resourcePolicy, TypeName: "aws_acmpca_policy", + Name: "Policy", }, } } From 9b8d173626f9bae08b458e9aa67c5ed9b3a44281 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 28 Mar 2024 08:29:34 -0400 Subject: [PATCH 16/16] r/aws_acmpca_permission: Corrections. --- internal/service/acmpca/permission.go | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/internal/service/acmpca/permission.go b/internal/service/acmpca/permission.go index 26dba9b8312..0c6f1ade6e3 100644 --- a/internal/service/acmpca/permission.go +++ b/internal/service/acmpca/permission.go @@ -11,6 +11,7 @@ import ( "github.com/aws/aws-sdk-go-v2/service/acmpca" "github.com/aws/aws-sdk-go-v2/service/acmpca/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/hashicorp/terraform-provider-aws/internal/conns" @@ -79,7 +80,7 @@ func resourcePermissionCreate(ctx context.Context, d *schema.ResourceData, meta caARN := d.Get("certificate_authority_arn").(string) principal := d.Get("principal").(string) sourceAccount := d.Get("source_account").(string) - id := errs.Must(flex.FlattenResourceId([]string{caARN, principal, sourceAccount}, permissionResourceIDPartCount, false)) + id := errs.Must(flex.FlattenResourceId([]string{caARN, principal, sourceAccount}, permissionResourceIDPartCount, true)) input := &acmpca.CreatePermissionInput{ Actions: expandPermissionActions(d.Get("actions").(*schema.Set)), CertificateAuthorityArn: aws.String(caARN), @@ -105,7 +106,7 @@ func resourcePermissionRead(ctx context.Context, d *schema.ResourceData, meta in var diags diag.Diagnostics conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) - parts, err := flex.ExpandResourceId(d.Id(), permissionResourceIDPartCount, false) + parts, err := flex.ExpandResourceId(d.Id(), permissionResourceIDPartCount, true) if err != nil { return sdkdiag.AppendFromErr(diags, err) } @@ -136,7 +137,7 @@ func resourcePermissionDelete(ctx context.Context, d *schema.ResourceData, meta var diags diag.Diagnostics conn := meta.(*conns.AWSClient).ACMPCAClient(ctx) - parts, err := flex.ExpandResourceId(d.Id(), permissionResourceIDPartCount, false) + parts, err := flex.ExpandResourceId(d.Id(), permissionResourceIDPartCount, true) if err != nil { return sdkdiag.AppendFromErr(diags, err) } @@ -192,6 +193,13 @@ func findPermissions(ctx context.Context, conn *acmpca.Client, input *acmpca.Lis for pages.HasMorePages() { page, err := pages.NextPage(ctx) + if errs.IsAErrorMessageContains[*types.InvalidStateException](err, "The certificate authority is in the DELETED state") { + return nil, &retry.NotFoundError{ + LastError: err, + LastRequest: input, + } + } + if err != nil { return nil, err }