Skip to content

Commit

Permalink
resource/aws_acm_certificate: Trigger resource recreation on VALIDATI…
Browse files Browse the repository at this point in the history 
…ON_TIMED_OUT status

Reference: #17799

This change is not pragmatic for acceptance testing as it requires 72 hours to trigger the behavior, but acceptance testing is used for finding any regresions.

Output from acceptance testing:

```
--- PASS: TestAccAWSAcmCertificate_disableCTLogging (28.63s)
--- PASS: TestAccAWSAcmCertificate_dnsValidation (33.31s)
--- PASS: TestAccAWSAcmCertificate_emailValidation (26.54s)
--- PASS: TestAccAWSAcmCertificate_imported_DomainName (46.51s)
--- PASS: TestAccAWSAcmCertificate_imported_IpAddress (19.45s)
--- PASS: TestAccAWSAcmCertificate_privateCert (22.21s)
--- PASS: TestAccAWSAcmCertificate_PrivateKey_Tags (34.60s)
--- PASS: TestAccAWSAcmCertificate_root (33.01s)
--- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (4.08s)
--- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (26.85s)
--- PASS: TestAccAWSAcmCertificate_san_multiple (35.05s)
--- PASS: TestAccAWSAcmCertificate_san_single (28.67s)
--- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (38.97s)
--- PASS: TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString (4.00s)
--- PASS: TestAccAWSAcmCertificate_tags (60.14s)
--- PASS: TestAccAWSAcmCertificate_wildcard (25.46s)
--- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (29.57s)
```
  • Loading branch information
@bflad
bflad committed Mar 1, 2021
1 parent 1e40bc6 commit 6d92656
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 5 deletions.
3 changes: 3 additions & 0 deletions .changelog/pending.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
resource/aws_acm_certificate: Trigger resource recreation with `VALIDATION_TIMED_OUT` status
```
22 changes: 17 additions & 5 deletions aws/resource_aws_acm_certificate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -301,12 +301,24 @@ func resourceAwsAcmCertificateRead(d *schema.ResourceData, meta interface{}) err
return resource.Retry(AcmCertificateDnsValidationAssignmentTimeout, func() *resource.RetryError {
resp, err := acmconn.DescribeCertificate(params)

if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, acm.ErrCodeResourceNotFoundException) {
log.Printf("[WARN] ACM Certificate (%s) not found, removing from state", d.Id())
d.SetId("")
return nil
}

if err != nil {
if isAWSErr(err, acm.ErrCodeResourceNotFoundException, "") {
d.SetId("")
return nil
}
return resource.NonRetryableError(fmt.Errorf("Error describing certificate: %s", err))
return resource.NonRetryableError(fmt.Errorf("error reading ACM Ccertificate (%s): %w", d.Id(), err))
}

if resp == nil || resp.Certificate == nil {
return resource.NonRetryableError(fmt.Errorf("error describing ACM Certificate (%s): empty response", d.Id()))
}

if !d.IsNewResource() && aws.StringValue(resp.Certificate.Status) == acm.CertificateStatusValidationTimedOut {
log.Printf("[WARN] ACM Certificate (%s) validation timed out, removing from state", d.Id())
d.SetId("")
return nil
}

d.Set("domain_name", resp.Certificate.DomainName)
Expand Down

0 comments on commit 6d92656

Please sign in to comment.