diff --git a/aws/resource_aws_acmpca_certificate_authority.go b/aws/resource_aws_acmpca_certificate_authority.go index c140b2c01933..755475daae42 100644 --- a/aws/resource_aws_acmpca_certificate_authority.go +++ b/aws/resource_aws_acmpca_certificate_authority.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" + "github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags" ) func resourceAwsAcmpcaCertificateAuthority() *schema.Resource { @@ -268,6 +269,7 @@ func resourceAwsAcmpcaCertificateAuthority() *schema.Resource { func resourceAwsAcmpcaCertificateAuthorityCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).acmpcaconn + tags := keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().AcmpcaTags() input := &acmpca.CreateCertificateAuthorityInput{ CertificateAuthorityConfiguration: expandAcmpcaCertificateAuthorityConfiguration(d.Get("certificate_authority_configuration").([]interface{})), @@ -276,6 +278,10 @@ func resourceAwsAcmpcaCertificateAuthorityCreate(d *schema.ResourceData, meta in RevocationConfiguration: expandAcmpcaRevocationConfiguration(d.Get("revocation_configuration").([]interface{})), } + if len(tags) > 0 { + input.Tags = tags + } + log.Printf("[DEBUG] Creating ACMPCA Certificate Authority: %s", input) var output *acmpca.CreateCertificateAuthorityOutput err := resource.Retry(1*time.Minute, func() *resource.RetryError { @@ -299,19 +305,6 @@ func resourceAwsAcmpcaCertificateAuthorityCreate(d *schema.ResourceData, meta in d.SetId(aws.StringValue(output.CertificateAuthorityArn)) - if v, ok := d.GetOk("tags"); ok { - input := &acmpca.TagCertificateAuthorityInput{ - CertificateAuthorityArn: aws.String(d.Id()), - Tags: tagsFromMapACMPCA(v.(map[string]interface{})), - } - - log.Printf("[DEBUG] Tagging ACMPCA Certificate Authority: %s", input) - _, err := conn.TagCertificateAuthority(input) - if err != nil { - return fmt.Errorf("error tagging ACMPCA Certificate Authority %q: %s", d.Id(), input) - } - } - stateConf := &resource.StateChangeConf{ Pending: []string{ "", @@ -427,12 +420,13 @@ func resourceAwsAcmpcaCertificateAuthorityRead(d *schema.ResourceData, meta inte d.Set("certificate_signing_request", getCertificateAuthorityCsrOutput.Csr) } - tags, err := listAcmpcaTags(conn, d.Id()) + tags, err := keyvaluetags.AcmpcaListTags(conn, d.Id()) + if err != nil { - return fmt.Errorf("error reading ACMPCA Certificate Authority %q tags: %s", d.Id(), err) + return fmt.Errorf("error listing tags for ACMPCA Certificate Authority (%s): %s", d.Id(), err) } - if err := d.Set("tags", tagsToMapACMPCA(tags)); err != nil { + if err := d.Set("tags", tags.IgnoreAws().Map()); err != nil { return fmt.Errorf("error setting tags: %s", err) } @@ -469,30 +463,10 @@ func resourceAwsAcmpcaCertificateAuthorityUpdate(d *schema.ResourceData, meta in } if d.HasChange("tags") { - oraw, nraw := d.GetChange("tags") - o := oraw.(map[string]interface{}) - n := nraw.(map[string]interface{}) - create, remove := diffTagsACMPCA(tagsFromMapACMPCA(o), tagsFromMapACMPCA(n)) - - if len(remove) > 0 { - log.Printf("[DEBUG] Removing ACMPCA Certificate Authority %q tags: %#v", d.Id(), remove) - _, err := conn.UntagCertificateAuthority(&acmpca.UntagCertificateAuthorityInput{ - CertificateAuthorityArn: aws.String(d.Id()), - Tags: remove, - }) - if err != nil { - return fmt.Errorf("error updating ACMPCA Certificate Authority %q tags: %s", d.Id(), err) - } - } - if len(create) > 0 { - log.Printf("[DEBUG] Creating ACMPCA Certificate Authority %q tags: %#v", d.Id(), create) - _, err := conn.TagCertificateAuthority(&acmpca.TagCertificateAuthorityInput{ - CertificateAuthorityArn: aws.String(d.Id()), - Tags: create, - }) - if err != nil { - return fmt.Errorf("error updating ACMPCA Certificate Authority %q tags: %s", d.Id(), err) - } + o, n := d.GetChange("tags") + + if err := keyvaluetags.AcmpcaUpdateTags(conn, d.Id(), o, n); err != nil { + return fmt.Errorf("error updating ACMPCA Certificate Authority (%s) tags: %s", d.Id(), err) } } @@ -714,24 +688,3 @@ func flattenAcmpcaRevocationConfiguration(config *acmpca.RevocationConfiguration return []interface{}{m} } - -func listAcmpcaTags(conn *acmpca.ACMPCA, certificateAuthorityArn string) ([]*acmpca.Tag, error) { - tags := []*acmpca.Tag{} - input := &acmpca.ListTagsInput{ - CertificateAuthorityArn: aws.String(certificateAuthorityArn), - } - - for { - output, err := conn.ListTags(input) - if err != nil { - return tags, err - } - tags = append(tags, output.Tags...) - if output.NextToken == nil { - break - } - input.NextToken = output.NextToken - } - - return tags, nil -} diff --git a/aws/resource_aws_acmpca_certificate_authority_test.go b/aws/resource_aws_acmpca_certificate_authority_test.go index 4aa153c14d34..147401208869 100644 --- a/aws/resource_aws_acmpca_certificate_authority_test.go +++ b/aws/resource_aws_acmpca_certificate_authority_test.go @@ -73,7 +73,7 @@ func TestAccAwsAcmpcaCertificateAuthority_Basic(t *testing.T) { Config: testAccAwsAcmpcaCertificateAuthorityConfig_Required, Check: resource.ComposeTestCheckFunc( testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority), - resource.TestMatchResourceAttr(resourceName, "arn", regexp.MustCompile(`^arn:[^:]+:acm-pca:[^:]+:[^:]+:certificate-authority/.+$`)), + testAccMatchResourceAttrRegionalARN(resourceName, "arn", "acm-pca", regexp.MustCompile(`certificate-authority/.+`)), resource.TestCheckResourceAttr(resourceName, "certificate_authority_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "certificate_authority_configuration.0.key_algorithm", "RSA_4096"), resource.TestCheckResourceAttr(resourceName, "certificate_authority_configuration.0.signing_algorithm", "SHA512WITHRSA"), diff --git a/aws/tagsACMPCA.go b/aws/tagsACMPCA.go deleted file mode 100644 index f497f3aee5bf..000000000000 --- a/aws/tagsACMPCA.go +++ /dev/null @@ -1,50 +0,0 @@ -package aws - -import ( - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/acmpca" -) - -// diffTags takes our tags locally and the ones remotely and returns -// the set of tags that must be created, and the set of tags that must -// be destroyed. -func diffTagsACMPCA(oldTags, newTags []*acmpca.Tag) ([]*acmpca.Tag, []*acmpca.Tag) { - // First, we're creating everything we have - create := make(map[string]interface{}) - for _, t := range newTags { - create[aws.StringValue(t.Key)] = aws.StringValue(t.Value) - } - - // Build the list of what to remove - var remove []*acmpca.Tag - for _, t := range oldTags { - old, ok := create[aws.StringValue(t.Key)] - if !ok || old != aws.StringValue(t.Value) { - // Delete it! - remove = append(remove, t) - } - } - - return tagsFromMapACMPCA(create), remove -} - -func tagsFromMapACMPCA(m map[string]interface{}) []*acmpca.Tag { - result := []*acmpca.Tag{} - for k, v := range m { - result = append(result, &acmpca.Tag{ - Key: aws.String(k), - Value: aws.String(v.(string)), - }) - } - - return result -} - -func tagsToMapACMPCA(ts []*acmpca.Tag) map[string]string { - result := map[string]string{} - for _, t := range ts { - result[aws.StringValue(t.Key)] = aws.StringValue(t.Value) - } - - return result -} diff --git a/aws/tagsACMPCA_test.go b/aws/tagsACMPCA_test.go deleted file mode 100644 index 9c3183be494a..000000000000 --- a/aws/tagsACMPCA_test.go +++ /dev/null @@ -1,57 +0,0 @@ -package aws - -import ( - "reflect" - "testing" -) - -func TestDiffTagsACMPCA(t *testing.T) { - cases := []struct { - Old, New map[string]interface{} - Create, Remove map[string]string - }{ - // Basic add/remove - { - Old: map[string]interface{}{ - "foo": "bar", - }, - New: map[string]interface{}{ - "bar": "baz", - }, - Create: map[string]string{ - "bar": "baz", - }, - Remove: map[string]string{ - "foo": "bar", - }, - }, - - // Modify - { - Old: map[string]interface{}{ - "foo": "bar", - }, - New: map[string]interface{}{ - "foo": "baz", - }, - Create: map[string]string{ - "foo": "baz", - }, - Remove: map[string]string{ - "foo": "bar", - }, - }, - } - - for i, tc := range cases { - c, r := diffTagsACMPCA(tagsFromMapACMPCA(tc.Old), tagsFromMapACMPCA(tc.New)) - cm := tagsToMapACMPCA(c) - rm := tagsToMapACMPCA(r) - if !reflect.DeepEqual(cm, tc.Create) { - t.Fatalf("%d: bad create: %#v", i, cm) - } - if !reflect.DeepEqual(rm, tc.Remove) { - t.Fatalf("%d: bad remove: %#v", i, rm) - } - } -}