The provider should ignore the error and remove the aws_acmpca_certificate from state
Actual Behavior
On update, if an ACM PCA CA with previously issued aws_acmpca_certificate and aws_acmpca_certificate_authority_certificate is now in an invalid state, e.g. DELETED, reading the aws_acmpca_certificate will fail with the error:
Error: error reading ACM PCA Certificate (arn:aws:acm-pca:us-west-2:123456789012:certificate-authority//certificate/): InvalidStateException: The certificate authority arn:aws:acm-pca:us-west-2: 123456789012:certificate-authority/**** is not in the correct state to have issued certificates.
Reading the aws_acmpca_certificate_authority_certificate will fail with the error:
Error: error reading ACM PCA Certificate Authority Certificate (arn:aws:acm-pca:us-west-2: 123456789012:certificate-authority/): InvalidStateException: The certificate authority arn:aws:acm-pca:us-west-2: 123456789012:certificate-authority/ is not in the correct state to have a certificate signing request
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
resource "aws_acmpca_certificate_authority" "test" {
permanent_deletion_time_in_days = 7
type = "ROOT"
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Terraform Core Version
1.2.9
AWS Provider Version
4.32.0,4.29.0
Affected Resource(s)
Expected Behavior
The provider should ignore the error and remove the
aws_acmpca_certificate
from stateActual Behavior
On update, if an ACM PCA CA with previously issued
aws_acmpca_certificate
andaws_acmpca_certificate_authority_certificate
is now in an invalid state, e.g.DELETED
, reading theaws_acmpca_certificate
will fail with the error:Reading the
aws_acmpca_certificate_authority_certificate
will fail with the error:Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
resource "aws_acmpca_certificate_authority" "test" { permanent_deletion_time_in_days = 7 type = "ROOT"
certificate_authority_configuration { key_algorithm = "RSA_4096" signing_algorithm = "SHA512WITHRSA"
} }
resource "aws_acmpca_certificate" "test" { certificate_authority_arn = aws_acmpca_certificate_authority.test.arn certificate_signing_request = aws_acmpca_certificate_authority.test.certificate_signing_request signing_algorithm = "SHA512WITHRSA"
template_arn = "arn:${data.aws_partition.current.partition}:acm-pca:::template/RootCACertificate/V1"
validity { type = "YEARS" value = 2 } }
resource "aws_acmpca_certificate_authority_certificate" "test" { certificate_authority_arn = aws_acmpca_certificate_authority.test.arn
certificate = aws_acmpca_certificate.test.certificate certificate_chain = aws_acmpca_certificate.test.certificate_chain }
data "aws_partition" "current" {}
Steps to Reproduce
apply
the configurationplan
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
No response