[Enhancement]: Add validation_options attribute to aws_acm_certificate data source

[alicek106]

Description

Currently data soruce aws_acm_certificate doesn't provide validation_options attributes which include validation record type and name. Only aws_acm_certificate resource provides validation_options (ref) for now. In my case certificate validation record and aws_acm_certificate resource should be created at different terraform codes, so I hope aws_acm_certificate data source can provide validation_options.

To solve this problem I tried to use external data source with shell script, but it was very easy to add validation_options attribute to aws_acm_certificate data source. I'm using custom patched provider by myself.

diff --git a/internal/service/acm/certificate_data_source.go b/internal/service/acm/certificate_data_source.go
index 1d781d1226..45ca26cbd6 100644
--- a/internal/service/acm/certificate_data_source.go
+++ b/internal/service/acm/certificate_data_source.go
@@ -33,6 +33,13 @@ func dataSourceCertificate() *schema.Resource {
                                Type:     schema.TypeString,
                                Computed: true,
                        },
+                       "validation_options": {
+                               Type:     schema.TypeList,
+                               Computed: true,
+                               Elem: &schema.Schema{
+                                       Type: schema.TypeMap,
+                               },
+                       },
                        "domain": {
                                Type:     schema.TypeString,
                                Required: true,
@@ -211,6 +218,17 @@ func dataSourceCertificateRead(ctx context.Context, d *schema.ResourceData, meta
        d.Set("arn", matchedCertificate.CertificateArn)
        d.Set("status", matchedCertificate.Status)

+       var list []map[string]string
+       for _, v := range matchedCertificate.DomainValidationOptions {
+               option := make(map[string]string)
+               option["name"] = aws.ToString(v.ResourceRecord.Name)
+               option["type"] = string(v.ResourceRecord.Type)
+               option["value"] = aws.ToString(v.ResourceRecord.Value)
+               list = append(list, option)
+       }
+
+       d.Set("validation_options", list)
+
        tags, err := ListTags(ctx, conn, aws.ToString(matchedCertificate.CertificateArn))

        if err != nil {

Affected Resource(s) and/or Data Source(s)

aws_acm_certificate (data source)

Potential Terraform Configuration

data "aws_acm_certificate" "my_cert" {
  domain   = "*.my.domain.com"
  statuses = ["PENDING_VALIDATION"]
}

resource "aws_route53_record" "my_cert_validation_record" {
  name            = data.aws_acm_certificate.my_cert.validation_options[0].name
  type            = data.aws_acm_certificate.my_cert.validation_options[0].type
  records         = [data.aws_acm_certificate.my_cert.validation_options[0].value]
  zone_id         = <zone ID>
  ttl             = 60
  allow_overwrite = true
}

References

https://stackoverflow.com/questions/74577924/cant-access-domain-validation-options-for-acm-cert-in-terraform https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/acm_certificate

Would you like to implement a fix?

Yes

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @alicek106 👋 Thank you for taking the time to raise this! I see that you mentioned that you've got a working patch -- are you interested in opening a pull request to this repository for consideration to be merged in?

[alicek106]

sure, I'll open PR for it.

[mtavaresmedeiros]

@alicek106 Any update about it? can I help you with it?

[alicek106]

Hi mtavaresmedeiros, as I was busy because of works, I completely forgot this issue. I'll create a PR in this week.

[alicek106]

opened PR : https://github.com/hashicorp/terraform-provider-aws/pull/35935