Added domain validation, and domain name creation for all SAN's (#6)

Jamie-BitFlight · aknysh · commit 40ebc5fc6ca9 · 2018-09-10T13:29:21.000-04:00
* Added domain validation, and domain name creation for all SAN's

* removed unneeded output
diff --git a/.gitignore b/.gitignore
@@ -1,9 +1,9 @@
 # Compiled files
-*.tfstate
+**/*.tfstate
 *.tfstate.backup
 
 # Module directory
-.terraform/
+**/.terraform/
 .idea
 *.iml
 
diff --git a/main.tf b/main.tf
@@ -3,10 +3,14 @@ resource "aws_acm_certificate" "default" {
   validation_method         = "${var.validation_method}"
   subject_alternative_names = ["${var.subject_alternative_names}"]
   tags                      = "${var.tags}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 data "aws_route53_zone" "default" {
-  count        = "${var.proces_domain_validation_options == "true" && var.validation_method == "DNS" ? 1 : 0}"
+  count        = "${var.process_domain_validation_options == "true" && var.validation_method == "DNS" ? 1 : 0}"
   name         = "${var.domain_name}."
   private_zone = false
 }
@@ -15,11 +19,25 @@ locals {
   domain_validation_options = "${aws_acm_certificate.default.domain_validation_options[0]}"
 }
 
+resource "null_resource" "default" {
+  count = "${var.process_domain_validation_options == "true" && var.validation_method == "DNS" ? length(aws_acm_certificate.default.domain_validation_options) : 0}"
+
+  triggers = "${aws_acm_certificate.default.domain_validation_options[count.index]}"
+}
+
+resource "aws_acm_certificate_validation" "default" {
+  certificate_arn = "${aws_acm_certificate.default.arn}"
+
+  validation_record_fqdns = [
+    "${distinct(compact(concat(aws_route53_record.default.fqdn, var.subject_alternative_names)))}",
+  ]
+}
+
 resource "aws_route53_record" "default" {
-  count   = "${var.proces_domain_validation_options == "true" && var.validation_method == "DNS" ? 1 : 0}"
+  count   = "${length(null_resource.default.triggers)}"
   zone_id = "${data.aws_route53_zone.default.zone_id}"
-  name    = "${local.domain_validation_options["resource_record_name"]}"
-  type    = "${local.domain_validation_options["resource_record_type"]}"
+  name    = "${lookup("null_resource.default.${count.index}","resource_record_name")}"
+  type    = "${lookup("null_resource.default.${count.index}", "resource_record_type")}"
   ttl     = "${var.ttl}"
-  records = ["${local.domain_validation_options["resource_record_value"]}"]
+  records = ["${lookup("null_resource.default.${count.index}","resource_record_value")}"]
 }
diff --git a/outputs.tf b/outputs.tf
@@ -4,7 +4,7 @@ output "id" {
 }
 
 output "arn" {
-  value       = "${aws_acm_certificate.default.arn}"
+  value       = "${aws_acm_certificate_validation.default.certificate_arn}"
   description = "The ARN of the certificate"
 }
 
diff --git a/variables.tf b/variables.tf
@@ -9,7 +9,7 @@ variable "validation_method" {
   description = "Which method to use for validation, DNS or EMAIL"
 }
 
-variable "proces_domain_validation_options" {
+variable "process_domain_validation_options" {
   type        = "string"
   default     = "true"
   description = "Flag to enable/disable processing of the record to add to the DNS zone to complete certificate validation"

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ output "id" {`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`output "arn" {`
`7`		`- value = "${aws_acm_certificate.default.arn}"`
	`7`	`+ value = "${aws_acm_certificate_validation.default.certificate_arn}"`
`8`	`8`	`description = "The ARN of the certificate"`
`9`	`9`	`}`
`10`	`10`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ variable "validation_method" {`
`9`	`9`	`description = "Which method to use for validation, DNS or EMAIL"`
`10`	`10`	`}`
`11`	`11`
`12`		`-variable "proces_domain_validation_options" {`
	`12`	`+variable "process_domain_validation_options" {`
`13`	`13`	`type = "string"`
`14`	`14`	`default = "true"`
`15`	`15`	`description = "Flag to enable/disable processing of the record to add to the DNS zone to complete certificate validation"`