service/acmpca: Add activation of ACMPCA CA to acceptance tests (#13684)

* r/aws_acmpca_certificate_authority: Test CA activation. Acceptance test output: $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsAcmpcaCertificateAuthority_Enabled' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws/ -v -count 1 -parallel 20 -run=TestAccAwsAcmpcaCertificateAuthority_Enabled -timeout 120m === RUN TestAccAwsAcmpcaCertificateAuthority_Enabled === PAUSE TestAccAwsAcmpcaCertificateAuthority_Enabled === CONT TestAccAwsAcmpcaCertificateAuthority_Enabled --- PASS: TestAccAwsAcmpcaCertificateAuthority_Enabled (69.95s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 69.989s Add 'TestAccAwsAcmpcaCertificateAuthority_disappears'. Acceptance test output: $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsAcmpcaCertificateAuthority_disappears' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws/ -v -count 1 -parallel 20 -run=TestAccAwsAcmpcaCertificateAuthority_disappears -timeout 120m === RUN TestAccAwsAcmpcaCertificateAuthority_disappears === PAUSE TestAccAwsAcmpcaCertificateAuthority_disappears === CONT TestAccAwsAcmpcaCertificateAuthority_disappears --- PASS: TestAccAwsAcmpcaCertificateAuthority_disappears (25.10s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 25.138s * r/aws_acmpca_certificate_authority: Remove CAs with DELETED status.
hashicorp · Aug 21, 2020 · 68dc965 · 68dc965
1 parent d944796
commit 68dc965
Show file tree

Hide file tree

Showing 5 changed files with 226 additions and 114 deletions.
diff --git a/aws/internal/service/acmpca/finder/finder.go b/aws/internal/service/acmpca/finder/finder.go
@@ -0,0 +1,25 @@
+package finder
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/acmpca"
+)
+
+// CertificateAuthorityByARN returns the certificate authority corresponding to the specified ARN.
+// Returns nil if no certificate authority is found.
+func CertificateAuthorityByARN(conn *acmpca.ACMPCA, arn string) (*acmpca.CertificateAuthority, error) {
+	input := &acmpca.DescribeCertificateAuthorityInput{
+		CertificateAuthorityArn: aws.String(arn),
+	}
+
+	output, err := conn.DescribeCertificateAuthority(input)
+	if err != nil {
+		return nil, err
+	}
+
+	if output == nil {
+		return nil, nil
+	}
+
+	return output.CertificateAuthority, nil
+}
diff --git a/aws/internal/service/acmpca/waiter/status.go b/aws/internal/service/acmpca/waiter/status.go
@@ -0,0 +1,35 @@
+package waiter
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/acmpca"
+	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/acmpca/finder"
+)
+
+const (
+	certificateAuthorityStatusNotFound = "NotFound"
+	certificateAuthorityStatusUnknown  = "Unknown"
+)
+
+// CertificateAuthorityStatus fetches the Deployment and its Status
+func CertificateAuthorityStatus(conn *acmpca.ACMPCA, arn string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		certificateAuthority, err := finder.CertificateAuthorityByARN(conn, arn)
+
+		if tfawserr.ErrCodeEquals(err, acmpca.ErrCodeResourceNotFoundException) {
+			return nil, certificateAuthorityStatusNotFound, nil
+		}
+
+		if err != nil {
+			return nil, certificateAuthorityStatusUnknown, err
+		}
+
+		if certificateAuthority == nil {
+			return nil, certificateAuthorityStatusNotFound, nil
+		}
+
+		return certificateAuthority, aws.StringValue(certificateAuthority.Status), nil
+	}
+}
diff --git a/aws/internal/service/acmpca/waiter/waiter.go b/aws/internal/service/acmpca/waiter/waiter.go
@@ -0,0 +1,26 @@
+package waiter
+
+import (
+	"time"
+
+	"github.com/aws/aws-sdk-go/service/acmpca"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// CertificateAuthorityCreated waits for a CertificateAuthority to return Active or PendingCertificate
+func CertificateAuthorityCreated(conn *acmpca.ACMPCA, arn string, timeout time.Duration) (*acmpca.CertificateAuthority, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{"", acmpca.CertificateAuthorityStatusCreating},
+		Target:  []string{acmpca.CertificateAuthorityStatusActive, acmpca.CertificateAuthorityStatusPendingCertificate},
+		Refresh: CertificateAuthorityStatus(conn, arn),
+		Timeout: timeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if v, ok := outputRaw.(*acmpca.CertificateAuthority); ok {
+		return v, err
+	}
+
+	return nil, err
+}
diff --git a/aws/resource_aws_acmpca_certificate_authority.go b/aws/resource_aws_acmpca_certificate_authority.go
@@ -11,6 +11,8 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/acmpca/finder"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/acmpca/waiter"
 )
 
 func resourceAwsAcmpcaCertificateAuthority() *schema.Resource {
@@ -306,20 +308,8 @@ func resourceAwsAcmpcaCertificateAuthorityCreate(d *schema.ResourceData, meta in
 
 	d.SetId(aws.StringValue(output.CertificateAuthorityArn))
 
-	stateConf := &resource.StateChangeConf{
-		Pending: []string{
-			"",
-			acmpca.CertificateAuthorityStatusCreating,
-		},
-		Target: []string{
-			acmpca.CertificateAuthorityStatusActive,
-			acmpca.CertificateAuthorityStatusPendingCertificate,
-		},
-		Refresh: acmpcaCertificateAuthorityRefreshFunc(conn, d.Id()),
-		Timeout: d.Timeout(schema.TimeoutCreate),
-	}
+	_, err = waiter.CertificateAuthorityCreated(conn, d.Id(), d.Timeout(schema.TimeoutCreate))
 
-	_, err = stateConf.WaitForState()
 	if err != nil {
 		return fmt.Errorf("error waiting for ACMPCA Certificate Authority %q to be active or pending certificate: %s", d.Id(), err)
 	}
@@ -331,28 +321,23 @@ func resourceAwsAcmpcaCertificateAuthorityRead(d *schema.ResourceData, meta inte
 	conn := meta.(*AWSClient).acmpcaconn
 	ignoreTagsConfig := meta.(*AWSClient).IgnoreTagsConfig
 
-	describeCertificateAuthorityInput := &acmpca.DescribeCertificateAuthorityInput{
-		CertificateAuthorityArn: aws.String(d.Id()),
-	}
+	certificateAuthority, err := finder.CertificateAuthorityByARN(conn, d.Id())
 
-	log.Printf("[DEBUG] Reading ACMPCA Certificate Authority: %s", describeCertificateAuthorityInput)
+	if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
+		log.Printf("[WARN] ACMPCA Certificate Authority %q not found - removing from state", d.Id())
+		d.SetId("")
+		return nil
+	}
 
-	describeCertificateAuthorityOutput, err := conn.DescribeCertificateAuthority(describeCertificateAuthorityInput)
 	if err != nil {
-		if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
-			log.Printf("[WARN] ACMPCA Certificate Authority %q not found - removing from state", d.Id())
-			d.SetId("")
-			return nil
-		}
 		return fmt.Errorf("error reading ACMPCA Certificate Authority: %s", err)
 	}
 
-	if describeCertificateAuthorityOutput.CertificateAuthority == nil {
+	if certificateAuthority == nil || aws.StringValue(certificateAuthority.Status) == acmpca.CertificateAuthorityStatusDeleted {
 		log.Printf("[WARN] ACMPCA Certificate Authority %q not found - removing from state", d.Id())
 		d.SetId("")
 		return nil
 	}
-	certificateAuthority := describeCertificateAuthorityOutput.CertificateAuthority
 
 	d.Set("arn", certificateAuthority.Arn)
 
@@ -498,29 +483,6 @@ func resourceAwsAcmpcaCertificateAuthorityDelete(d *schema.ResourceData, meta in
 	return nil
 }
 
-func acmpcaCertificateAuthorityRefreshFunc(conn *acmpca.ACMPCA, certificateAuthorityArn string) resource.StateRefreshFunc {
-	return func() (interface{}, string, error) {
-		input := &acmpca.DescribeCertificateAuthorityInput{
-			CertificateAuthorityArn: aws.String(certificateAuthorityArn),
-		}
-
-		log.Printf("[DEBUG] Reading ACMPCA Certificate Authority: %s", input)
-		output, err := conn.DescribeCertificateAuthority(input)
-		if err != nil {
-			if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
-				return nil, "", nil
-			}
-			return nil, "", err
-		}
-
-		if output == nil || output.CertificateAuthority == nil {
-			return nil, "", nil
-		}
-
-		return output.CertificateAuthority, aws.StringValue(output.CertificateAuthority.Status), nil
-	}
-}
-
 func expandAcmpcaASN1Subject(l []interface{}) *acmpca.ASN1Subject {
 	if len(l) == 0 {
 		return nil