r/aws_acm_certificate: Update options in place

[mattburgess]

Description

Simplifies handling of options[0].certificate_transparency_logging_preference by marking it as computed as the API returns DISABLED for imported certs.

Also adds support for updating certificate_transparency_logging_preference as the UpdateCertificateOptions API indicates it is, in fact, updatable.

Relations

Closes #29634

References

Output from Acceptance Testing

$ make testacc TESTS=TestAccACMCertificate PKG=acm

...

This is currently failing the newly added test as it doesn't seem to wait for the certificate validation to complete before it tries to update the certificate options; that API call is only permitted on ISSUED certificates

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[ewbankkit]

LGTM 🚀.

% ACM_CERTIFICATE_ROOT_DOMAIN=example.com make testacc TESTARGS='-run=TestAccACMCertificate_' PKG=acm ACCTEST_PARALLELISM=1
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 1  -run=TestAccACMCertificate_ -timeout 180m
=== RUN   TestAccACMCertificate_emailValidation
=== PAUSE TestAccACMCertificate_emailValidation
=== RUN   TestAccACMCertificate_dnsValidation
=== PAUSE TestAccACMCertificate_dnsValidation
=== RUN   TestAccACMCertificate_root
=== PAUSE TestAccACMCertificate_root
=== RUN   TestAccACMCertificate_validationOptions
=== PAUSE TestAccACMCertificate_validationOptions
=== RUN   TestAccACMCertificate_privateCertificate_renewable
=== PAUSE TestAccACMCertificate_privateCertificate_renewable
=== RUN   TestAccACMCertificate_privateCertificate_noRenewalPermission
=== PAUSE TestAccACMCertificate_privateCertificate_noRenewalPermission
=== RUN   TestAccACMCertificate_privateCertificate_pendingRenewalGoDuration
=== PAUSE TestAccACMCertificate_privateCertificate_pendingRenewalGoDuration
=== RUN   TestAccACMCertificate_privateCertificate_pendingRenewalRFC3339Duration
=== PAUSE TestAccACMCertificate_privateCertificate_pendingRenewalRFC3339Duration
=== RUN   TestAccACMCertificate_privateCertificate_addEarlyRenewalPast
=== PAUSE TestAccACMCertificate_privateCertificate_addEarlyRenewalPast
=== RUN   TestAccACMCertificate_privateCertificate_addEarlyRenewalPastIneligible
=== PAUSE TestAccACMCertificate_privateCertificate_addEarlyRenewalPastIneligible
=== RUN   TestAccACMCertificate_privateCertificate_addEarlyRenewalFuture
=== PAUSE TestAccACMCertificate_privateCertificate_addEarlyRenewalFuture
=== RUN   TestAccACMCertificate_privateCertificate_updateEarlyRenewalFuture
=== PAUSE TestAccACMCertificate_privateCertificate_updateEarlyRenewalFuture
=== RUN   TestAccACMCertificate_privateCertificate_removeEarlyRenewal
=== PAUSE TestAccACMCertificate_privateCertificate_removeEarlyRenewal
=== RUN   TestAccACMCertificate_Root_trailingPeriod
=== PAUSE TestAccACMCertificate_Root_trailingPeriod
=== RUN   TestAccACMCertificate_rootAndWildcardSan
=== PAUSE TestAccACMCertificate_rootAndWildcardSan
=== RUN   TestAccACMCertificate_SubjectAlternativeNames_emptyString
=== PAUSE TestAccACMCertificate_SubjectAlternativeNames_emptyString
=== RUN   TestAccACMCertificate_San_single
=== PAUSE TestAccACMCertificate_San_single
=== RUN   TestAccACMCertificate_San_multiple
=== PAUSE TestAccACMCertificate_San_multiple
=== RUN   TestAccACMCertificate_San_trailingPeriod
=== PAUSE TestAccACMCertificate_San_trailingPeriod
=== RUN   TestAccACMCertificate_San_matches_domain
=== PAUSE TestAccACMCertificate_San_matches_domain
=== RUN   TestAccACMCertificate_wildcard
=== PAUSE TestAccACMCertificate_wildcard
=== RUN   TestAccACMCertificate_wildcardAndRootSan
=== PAUSE TestAccACMCertificate_wildcardAndRootSan
=== RUN   TestAccACMCertificate_keyAlgorithm
=== PAUSE TestAccACMCertificate_keyAlgorithm
=== RUN   TestAccACMCertificate_disableCTLogging
=== PAUSE TestAccACMCertificate_disableCTLogging
=== RUN   TestAccACMCertificate_disableReenableCTLogging
=== PAUSE TestAccACMCertificate_disableReenableCTLogging
=== RUN   TestAccACMCertificate_Imported_domainName
=== PAUSE TestAccACMCertificate_Imported_domainName
=== RUN   TestAccACMCertificate_Imported_validityDates
=== PAUSE TestAccACMCertificate_Imported_validityDates
=== RUN   TestAccACMCertificate_Imported_ipAddress
=== PAUSE TestAccACMCertificate_Imported_ipAddress
=== RUN   TestAccACMCertificate_PrivateKey_tags
=== PAUSE TestAccACMCertificate_PrivateKey_tags
=== CONT  TestAccACMCertificate_emailValidation
--- PASS: TestAccACMCertificate_emailValidation (25.17s)
=== CONT  TestAccACMCertificate_SubjectAlternativeNames_emptyString
--- PASS: TestAccACMCertificate_SubjectAlternativeNames_emptyString (1.45s)
=== CONT  TestAccACMCertificate_PrivateKey_tags
--- PASS: TestAccACMCertificate_PrivateKey_tags (46.06s)
=== CONT  TestAccACMCertificate_Imported_ipAddress
--- PASS: TestAccACMCertificate_Imported_ipAddress (15.80s)
=== CONT  TestAccACMCertificate_Imported_validityDates
--- PASS: TestAccACMCertificate_Imported_validityDates (15.41s)
=== CONT  TestAccACMCertificate_Imported_domainName
--- PASS: TestAccACMCertificate_Imported_domainName (37.04s)
--- PASS: TestAccACMCertificate_disableReenableCTLogging (149.16s)
=== CONT  TestAccACMCertificate_disableCTLogging
--- PASS: TestAccACMCertificate_disableCTLogging (20.89s)
=== CONT  TestAccACMCertificate_keyAlgorithm
--- PASS: TestAccACMCertificate_keyAlgorithm (20.50s)
=== CONT  TestAccACMCertificate_wildcardAndRootSan
--- PASS: TestAccACMCertificate_wildcardAndRootSan (23.57s)
=== CONT  TestAccACMCertificate_wildcard
--- PASS: TestAccACMCertificate_wildcard (20.75s)
=== CONT  TestAccACMCertificate_San_matches_domain
--- PASS: TestAccACMCertificate_San_matches_domain (21.48s)
=== CONT  TestAccACMCertificate_San_trailingPeriod
--- PASS: TestAccACMCertificate_San_trailingPeriod (24.42s)
=== CONT  TestAccACMCertificate_San_multiple
--- PASS: TestAccACMCertificate_San_multiple (22.29s)
=== CONT  TestAccACMCertificate_San_single
--- PASS: TestAccACMCertificate_San_single (25.02s)
=== CONT  TestAccACMCertificate_privateCertificate_addEarlyRenewalPast
    certificate_test.go:594: Step 5/5 error: Check failed: 6 errors occurred:
        	* Check 2/11 error: ACM Certificate not renewed: i.NotAfter="2024-04-07 19:28:03 +0000 UTC", j.NotAfter="2024-04-07 19:28:03 +0000 UTC"
        	* Check 5/11 error: aws_acm_certificate.test: Attribute 'renewal_eligibility' expected "INELIGIBLE", got "ELIGIBLE"
        	* Check 6/11 error: aws_acm_certificate.test: Attribute 'renewal_summary.#' expected "1", got "0"
        	* Check 7/11 error: aws_acm_certificate.test: Attribute 'renewal_summary.0.renewal_status' not found
        	* Check 8/11 error: aws_acm_certificate.test: Attribute 'renewal_summary.0.renewal_status_reason' not found
        	* Check 9/11 error: aws_acm_certificate.test: Attribute 'renewal_summary.0.updated_at' didn't match "^[0-9]{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\\.[0-9]+)?([Zz]|([+-]([01][0-9]|2[0-3]):[0-5][0-9]))$", got ""
        
--- FAIL: TestAccACMCertificate_privateCertificate_addEarlyRenewalPast (60.24s)
=== CONT  TestAccACMCertificate_rootAndWildcardSan
--- PASS: TestAccACMCertificate_rootAndWildcardSan (23.10s)
=== CONT  TestAccACMCertificate_Root_trailingPeriod
--- PASS: TestAccACMCertificate_Root_trailingPeriod (1.34s)
=== CONT  TestAccACMCertificate_privateCertificate_removeEarlyRenewal
--- PASS: TestAccACMCertificate_privateCertificate_removeEarlyRenewal (57.39s)
=== CONT  TestAccACMCertificate_privateCertificate_updateEarlyRenewalFuture
--- PASS: TestAccACMCertificate_privateCertificate_updateEarlyRenewalFuture (56.35s)
=== CONT  TestAccACMCertificate_privateCertificate_addEarlyRenewalFuture
--- PASS: TestAccACMCertificate_privateCertificate_addEarlyRenewalFuture (64.99s)
=== CONT  TestAccACMCertificate_privateCertificate_addEarlyRenewalPastIneligible
--- PASS: TestAccACMCertificate_privateCertificate_addEarlyRenewalPastIneligible (51.30s)
=== CONT  TestAccACMCertificate_privateCertificate_pendingRenewalGoDuration
    certificate_test.go:446: Step 3/4 error: Check failed: 6 errors occurred:
        	* Check 2/11 error: ACM Certificate not renewed: i.NotAfter="2024-04-07 19:33:18 +0000 UTC", j.NotAfter="2024-04-07 19:33:18 +0000 UTC"
        	* Check 5/11 error: aws_acm_certificate.test: Attribute 'renewal_eligibility' expected "INELIGIBLE", got "ELIGIBLE"
        	* Check 6/11 error: aws_acm_certificate.test: Attribute 'renewal_summary.#' expected "1", got "0"
        	* Check 7/11 error: aws_acm_certificate.test: Attribute 'renewal_summary.0.renewal_status' not found
        	* Check 8/11 error: aws_acm_certificate.test: Attribute 'renewal_summary.0.renewal_status_reason' not found
        	* Check 9/11 error: aws_acm_certificate.test: Attribute 'renewal_summary.0.updated_at' didn't match "^[0-9]{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\\.[0-9]+)?([Zz]|([+-]([01][0-9]|2[0-3]):[0-5][0-9]))$", got ""
        
--- FAIL: TestAccACMCertificate_privateCertificate_pendingRenewalGoDuration (44.88s)
=== CONT  TestAccACMCertificate_privateCertificate_pendingRenewalRFC3339Duration
    certificate_test.go:520: Step 3/4 error: Check failed: 6 errors occurred:
        	* Check 2/11 error: ACM Certificate not renewed: i.NotAfter="2024-04-07 19:34:03 +0000 UTC", j.NotAfter="2024-04-07 19:34:03 +0000 UTC"
        	* Check 5/11 error: aws_acm_certificate.test: Attribute 'renewal_eligibility' expected "INELIGIBLE", got "ELIGIBLE"
        	* Check 6/11 error: aws_acm_certificate.test: Attribute 'renewal_summary.#' expected "1", got "0"
        	* Check 7/11 error: aws_acm_certificate.test: Attribute 'renewal_summary.0.renewal_status' not found
        	* Check 8/11 error: aws_acm_certificate.test: Attribute 'renewal_summary.0.renewal_status_reason' not found
        	* Check 9/11 error: aws_acm_certificate.test: Attribute 'renewal_summary.0.updated_at' didn't match "^[0-9]{4}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\\.[0-9]+)?([Zz]|([+-]([01][0-9]|2[0-3]):[0-5][0-9]))$", got ""
        
--- FAIL: TestAccACMCertificate_privateCertificate_pendingRenewalRFC3339Duration (44.87s)
=== CONT  TestAccACMCertificate_root
--- PASS: TestAccACMCertificate_root (20.39s)
=== CONT  TestAccACMCertificate_validationOptions
--- PASS: TestAccACMCertificate_validationOptions (21.13s)
=== CONT  TestAccACMCertificate_dnsValidation
--- PASS: TestAccACMCertificate_dnsValidation (25.25s)
=== CONT  TestAccACMCertificate_privateCertificate_noRenewalPermission
--- PASS: TestAccACMCertificate_privateCertificate_noRenewalPermission (141.16s)
=== CONT  TestAccACMCertificate_privateCertificate_renewable
--- PASS: TestAccACMCertificate_privateCertificate_renewable (92.74s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/acm	1140.837s

Failures are unrelated to this change and have been occurring in CI: #29846.

[ewbankkit]

@mattburgess Thanks for the contribution 🎉 👏.

[github-actions]

This functionality has been released in v4.58.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.