diff --git a/builtin/providers/aws/data_source_aws_acm_certificate.go b/builtin/providers/aws/data_source_aws_acm_certificate.go index e44137d99cd1..2ff410ea1e89 100644 --- a/builtin/providers/aws/data_source_aws_acm_certificate.go +++ b/builtin/providers/aws/data_source_aws_acm_certificate.go @@ -2,8 +2,10 @@ package aws import ( "fmt" + "strings" "time" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/acm" "github.com/hashicorp/errwrap" "github.com/hashicorp/terraform/helper/schema" @@ -13,14 +15,19 @@ func dataSourceAwsAcmCertificate() *schema.Resource { return &schema.Resource{ Read: dataSourceAwsAcmCertificateRead, Schema: map[string]*schema.Schema{ - "domain": &schema.Schema{ + "domain": { Type: schema.TypeString, Required: true, }, - "arn": &schema.Schema{ + "arn": { Type: schema.TypeString, Computed: true, }, + "statuses": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, }, } } @@ -28,19 +35,46 @@ func dataSourceAwsAcmCertificate() *schema.Resource { func dataSourceAwsAcmCertificateRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).acmconn params := &acm.ListCertificatesInput{} - resp, err := conn.ListCertificates(params) + + target := d.Get("domain") + + statuses, ok := d.GetOk("statuses") + if ok { + statusStrings := statuses.([]string) + statusList := make([]*string, len(statusStrings)) + for i, status := range statusStrings { + statusList[i] = aws.String(strings.ToUpper(status)) + } + params.CertificateStatuses = statusList + } else { + params.CertificateStatuses = []*string{aws.String("ISSUED")} + } + + var arns []string + err := conn.ListCertificatesPages(params, func(page *acm.ListCertificatesOutput, lastPage bool) bool { + for _, cert := range page.CertificateSummaryList { + if *cert.DomainName == target { + arns = append(arns, *cert.CertificateArn) + } + } + + return true + }) if err != nil { return errwrap.Wrapf("Error describing certificates: {{err}}", err) } - target := d.Get("domain") - for _, cert := range resp.CertificateSummaryList { - if *cert.DomainName == target { - // Need to call SetId with a value or state won't be written. - d.SetId(time.Now().UTC().String()) - return d.Set("arn", cert.CertificateArn) - } + if len(arns) == 0 { + return fmt.Errorf("No certificate with statuses [%s] for domain %q found in this region.", + strings.Join(statuses.([]string), ", "), target) + } + if len(arns) > 1 { + return fmt.Errorf("Multiple certificates with statuses [%s] for domain %s found in this region.", + strings.Join(statuses.([]string), ","), target) } - return fmt.Errorf("No certificate with domain %s found in this region", target) + d.SetId(time.Now().UTC().String()) + d.Set("arn", arns[0]) + + return nil } diff --git a/builtin/providers/aws/data_source_aws_acm_certificate_test.go b/builtin/providers/aws/data_source_aws_acm_certificate_test.go index 8130306cb83c..382911eede01 100644 --- a/builtin/providers/aws/data_source_aws_acm_certificate_test.go +++ b/builtin/providers/aws/data_source_aws_acm_certificate_test.go @@ -28,7 +28,7 @@ func TestAccAwsAcmCertificateDataSource_basic(t *testing.T) { }, Providers: testAccProviders, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: testAccCheckAwsAcmCertificateDataSourceConfig(region, domain), Check: testAccCheckAcmArnMatches("data.aws_acm_certificate.test", certArn), }, diff --git a/website/source/docs/providers/aws/d/acm_certificate.html.markdown b/website/source/docs/providers/aws/d/acm_certificate.html.markdown index a05ae97f46e1..b505f0097cb9 100644 --- a/website/source/docs/providers/aws/d/acm_certificate.html.markdown +++ b/website/source/docs/providers/aws/d/acm_certificate.html.markdown @@ -19,12 +19,16 @@ them by domain without having to hard code the ARNs as input. ``` data "aws_acm_certificate" "example" { domain = "tf.example.com" + statuses = ["ISSUED"] } ``` ## Argument Reference * `domain` - (Required) The domain of the certificate to look up. If no certificate is found with this name, an error will be returned. + * `statuses` - (Optional) A list of statuses on which to filter the returned list. Valid values are `PENDING_VALIDATION`, `ISSUED`, + `INACTIVE`, `EXPIRED`, `VALIDATION_TIMED_OUT`, `REVOKED` and `FAILED`. If no value is specified, only certificates in the `ISSUED` state + are returned. ## Attributes Reference