Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

final retries creating and checking validation for ACM certificates #9661

Merged
merged 2 commits into from
Aug 12, 2019
Merged

final retries creating and checking validation for ACM certificates #9661

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
26cc9c4
final retries creating and checking validation for ACM certificates
ryndaniels Aug 7, 2019
f159269
Updates after code review
ryndaniels Aug 9, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 31 additions & 9 deletions aws/resource_aws_acm_certificate_validation.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ func resourceAwsAcmCertificateValidationCreate(d *schema.ResourceData, meta inte
}

if *resp.Certificate.Type != "AMAZON_ISSUED" {
return fmt.Errorf("Certificate %s has type %s, no validation necessary", *resp.Certificate.CertificateArn, *resp.Certificate.Type)
return fmt.Errorf("Certificate %s has type %s, no validation necessary", aws.StringValue(resp.Certificate.CertificateArn), aws.StringValue(resp.Certificate.Status))
}

if validation_record_fqdns, ok := d.GetOk("validation_record_fqdns"); ok {
Expand All @@ -66,20 +66,30 @@ func resourceAwsAcmCertificateValidationCreate(d *schema.ResourceData, meta inte
log.Printf("[INFO] No validation_record_fqdns set, skipping check")
}

return resource.Retry(d.Timeout(schema.TimeoutCreate), func() *resource.RetryError {
err = resource.Retry(d.Timeout(schema.TimeoutCreate), func() *resource.RetryError {
resp, err := acmconn.DescribeCertificate(params)

if err != nil {
return resource.NonRetryableError(fmt.Errorf("Error describing certificate: %s", err))
}

if *resp.Certificate.Status != "ISSUED" {
return resource.RetryableError(fmt.Errorf("Expected certificate to be issued but was in state %s", *resp.Certificate.Status))
if aws.StringValue(resp.Certificate.Status) != acm.CertificateStatusIssued {
return resource.RetryableError(fmt.Errorf("Expected certificate to be issued but was in state %s", aws.StringValue(resp.Certificate.Status)))
}

log.Printf("[INFO] ACM Certificate validation for %s done, certificate was issued", certificate_arn)
return resource.NonRetryableError(resourceAwsAcmCertificateValidationRead(d, meta))
})
if isResourceTimeoutError(err) {
resp, err = acmconn.DescribeCertificate(params)
if aws.StringValue(resp.Certificate.Status) != acm.CertificateStatusIssued {
return fmt.Errorf("Expected certificate to be issued but was in state %s", aws.StringValue(resp.Certificate.Status))
}
}
if err != nil {
return fmt.Errorf("Error describing created certificate: %s", err)
}
return nil
}

func resourceAwsAcmCertificateCheckValidationRecords(validationRecordFqdns []interface{}, cert *acm.CertificateDetail, conn *acm.ACM) error {
Expand All @@ -89,9 +99,11 @@ func resourceAwsAcmCertificateCheckValidationRecords(validationRecordFqdns []int
input := &acm.DescribeCertificateInput{
CertificateArn: cert.CertificateArn,
}
err := resource.Retry(1*time.Minute, func() *resource.RetryError {
var err error
var output *acm.DescribeCertificateOutput
err = resource.Retry(1*time.Minute, func() *resource.RetryError {
log.Printf("[DEBUG] Certificate domain validation options empty for %q, retrying", *cert.CertificateArn)
output, err := conn.DescribeCertificate(input)
output, err = conn.DescribeCertificate(input)
if err != nil {
return resource.NonRetryableError(err)
}
Expand All @@ -101,9 +113,19 @@ func resourceAwsAcmCertificateCheckValidationRecords(validationRecordFqdns []int
cert = output.Certificate
return nil
})
if isResourceTimeoutError(err) {
output, err = conn.DescribeCertificate(input)
if err != nil {
return fmt.Errorf("Error describing ACM certificate: %s", err)
}
if len(output.Certificate.DomainValidationOptions) == 0 {
bflad marked this conversation as resolved.
Show resolved Hide resolved
return fmt.Errorf("Certificate domain validation options empty for %s", *cert.CertificateArn)
}
}
if err != nil {
return err
return fmt.Errorf("Error checking certificate domain validation options: %s", err)
}
cert = output.Certificate
}
for _, v := range cert.DomainValidationOptions {
if v.ValidationMethod != nil {
Expand Down Expand Up @@ -149,8 +171,8 @@ func resourceAwsAcmCertificateValidationRead(d *schema.ResourceData, meta interf
return fmt.Errorf("Error describing certificate: %s", err)
}

if *resp.Certificate.Status != "ISSUED" {
log.Printf("[INFO] Certificate status not issued, was %s, tainting validation", *resp.Certificate.Status)
if aws.StringValue(resp.Certificate.Status) != acm.CertificateStatusIssued {
log.Printf("[INFO] Certificate status not issued, was %s, tainting validation", aws.StringValue(resp.Certificate.Status))
d.SetId("")
} else {
d.SetId((*resp.Certificate.IssuedAt).String())
Expand Down