Skip to content

Commit 9c59971

Browse files
saumitra-devsaumitra-dev
committed
fix: create single route53 validation record for acm certificate
Update root module outputs with ACM outputs. Fix tests.
1 parent 114d94e commit 9c59971

File tree

4 files changed

+45
-36
lines changed

4 files changed

+45
-36
lines changed

modules/acm/main.tf

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,12 @@
1+
locals {
2+
acm_certificate_domain_validation_option = tolist(aws_acm_certificate.this.domain_validation_options)[0]
3+
acm_certificate_validation_record = {
4+
name = local.acm_certificate_domain_validation_option.resource_record_name
5+
type = local.acm_certificate_domain_validation_option.resource_record_type
6+
value = local.acm_certificate_domain_validation_option.resource_record_value
7+
}
8+
}
9+
110
################################################################################
211
# ACM Certificate
312
################################################################################
@@ -29,23 +38,15 @@ resource "aws_acm_certificate" "this" {
2938
################################################################################
3039

3140
resource "aws_route53_record" "this" {
32-
for_each = {
33-
for record in aws_acm_certificate.this.domain_validation_options : record.domain_name => {
34-
name = record.resource_record_name
35-
type = record.resource_record_type
36-
value = record.resource_record_value
37-
}
38-
}
39-
4041
zone_id = var.record_zone_id
41-
name = each.value.name
42-
type = each.value.type
43-
records = [each.value.value]
42+
name = local.acm_certificate_validation_record.name
43+
type = local.acm_certificate_validation_record.type
44+
records = [local.acm_certificate_validation_record.value]
4445
ttl = 60
4546
allow_overwrite = var.record_allow_overwrite
4647
}
4748

4849
resource "aws_acm_certificate_validation" "this" {
4950
certificate_arn = aws_acm_certificate.this.arn
50-
validation_record_fqdns = [for route53_record in aws_route53_record.this : route53_record.fqdn]
51+
validation_record_fqdns = [aws_route53_record.this.fqdn]
5152
}

modules/acm/outputs.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ output "acm_certificate_arn" {
1616
# Route53 Record
1717
################################################################################
1818

19-
output "route53_records_ids" {
20-
description = "Identifiers of the Validation Records of the ACM certificate."
21-
value = [for record in aws_route53_record.this : record.id]
19+
output "route53_record_id" {
20+
description = "Identifier of the Route53 Record for validation of the ACM certificate."
21+
value = aws_route53_record.this.id
2222
}
2323

2424
################################################################################

outputs.tf

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,16 @@ output "acm_certificates_arns" {
3030
value = try({ for k, v in module.acm : k => v.acm_certificate_arn }, null)
3131
}
3232

33+
output "acm_route53_records_ids" {
34+
description = "Identifiers of the Route53 Records for validation of the ACM certificates."
35+
value = try({ for k, v in module.acm : k => v.route53_record_id }, null)
36+
}
37+
38+
output "acm_certificate_validation_id" {
39+
description = "Identifiers of the ACM certificates validation resources."
40+
value = try({ for k, v in module.acm : k => v.acm_certificate_validation_id }, null)
41+
}
42+
3343
################################################################################
3444
# Application Load Balancer
3545
################################################################################

tests/acm_unit_tests.tftest.hcl

Lines changed: 19 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -6,60 +6,58 @@ provider "aws" {
66
# ACM
77
################################################################################
88

9-
run "amazon_issued_certificates_attributes_match" {
9+
run "acm_certificate_attributes_match" {
1010
command = plan
1111

1212
module {
1313
source = "./modules/acm"
1414
}
1515

1616
variables {
17-
amazon_issued_certificates = {
18-
example = {
19-
domain_name = "example.domain"
20-
subject_alternative_names = ["example_optional_name"]
21-
validation_method = "EMAIL"
22-
key_algorithm = "RSA_4096"
17+
certificate_domain_name = "example.domain"
18+
certificate_subject_alternative_names = ["example_optional_name"]
19+
certificate_validation_method = "EMAIL"
20+
certificate_key_algorithm = "RSA_4096"
21+
22+
certificate_validation_option = {
23+
domain_name = "example.domain"
24+
validation_domain = "me@example.domain"
25+
}
2326

24-
validation_option = {
25-
domain_name = "example.domain"
26-
validation_domain = "me@example.domain"
27-
}
27+
record_zone_id = "example_zone_id"
2828

29-
tags = {
30-
Example = "Tag"
31-
}
32-
}
29+
tags = {
30+
Example = "Tag"
3331
}
3432
}
3533

3634
assert {
37-
condition = aws_acm_certificate.amazon_issued["example"].domain_name == var.amazon_issued_certificates.example.domain_name
35+
condition = aws_acm_certificate.this.domain_name == var.certificate_domain_name
3836
error_message = "Domain name mismatch"
3937
}
4038

4139
assert {
42-
condition = aws_acm_certificate.amazon_issued["example"].validation_method == var.amazon_issued_certificates.example.validation_method
40+
condition = aws_acm_certificate.this.validation_method == var.certificate_validation_method
4341
error_message = "Validation method mismatch"
4442
}
4543

4644
assert {
47-
condition = aws_acm_certificate.amazon_issued["example"].key_algorithm == var.amazon_issued_certificates.example.key_algorithm
45+
condition = aws_acm_certificate.this.key_algorithm == var.certificate_key_algorithm
4846
error_message = "Key algorithm mismatch"
4947
}
5048

5149
assert {
52-
condition = tolist(aws_acm_certificate.amazon_issued["example"].validation_option)[0].domain_name == var.amazon_issued_certificates.example.validation_option.domain_name
50+
condition = tolist(aws_acm_certificate.this.validation_option)[0].domain_name == var.certificate_validation_option.domain_name
5351
error_message = "Validation option domain name mismatch"
5452
}
5553

5654
assert {
57-
condition = tolist(aws_acm_certificate.amazon_issued["example"].validation_option)[0].validation_domain == var.amazon_issued_certificates.example.validation_option.validation_domain
55+
condition = tolist(aws_acm_certificate.this.validation_option)[0].validation_domain == var.certificate_validation_option.validation_domain
5856
error_message = "Validation option validation domain mismatch"
5957
}
6058

6159
assert {
62-
condition = aws_acm_certificate.amazon_issued["example"].tags == var.amazon_issued_certificates.example.tags
60+
condition = aws_acm_certificate.this.tags == var.tags
6361
error_message = "Tags mismatch"
6462
}
6563
}

0 commit comments

Comments
 (0)