From 677a418e78fd270c01cd6762b1a2448ca7bfc361 Mon Sep 17 00:00:00 2001
From: Vasily Tarasov <vasily@atlas.co>
Date: Tue, 6 Jun 2017 13:08:53 -0700
Subject: [PATCH] provider/aws: Filter acm certificates by type (#15064)

* Filter ACM certificates by type

* Add schema tests for certificate types
---
 .../aws/data_source_aws_acm_certificate.go    | 30 +++++++++++++++++++
 .../data_source_aws_acm_certificate_test.go   | 13 ++++++++
 2 files changed, 43 insertions(+)

diff --git a/builtin/providers/aws/data_source_aws_acm_certificate.go b/builtin/providers/aws/data_source_aws_acm_certificate.go
index 68b22184a..5b69ed93d 100644
--- a/builtin/providers/aws/data_source_aws_acm_certificate.go
+++ b/builtin/providers/aws/data_source_aws_acm_certificate.go
@@ -27,6 +27,11 @@ func dataSourceAwsAcmCertificate() *schema.Resource {
 				Optional: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
+			"types": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
 		},
 	}
 }
@@ -59,6 +64,31 @@ func dataSourceAwsAcmCertificateRead(d *schema.ResourceData, meta interface{}) e
 		return errwrap.Wrapf("Error describing certificates: {{err}}", err)
 	}
 
+	// filter based on certificate type (imported or aws-issued)
+	types, ok := d.GetOk("types")
+	if ok {
+		typesStrings := expandStringList(types.([]interface{}))
+		var matchedArns []string
+		for _, arn := range arns {
+			params := &acm.DescribeCertificateInput{}
+			params.CertificateArn = &arn
+
+			description, err := conn.DescribeCertificate(params)
+			if err != nil {
+				return errwrap.Wrapf("Error describing certificates: {{err}}", err)
+			}
+
+			for _, certType := range typesStrings {
+				if *description.Certificate.Type == *certType {
+					matchedArns = append(matchedArns, arn)
+					break
+				}
+			}
+		}
+
+		arns = matchedArns
+	}
+
 	if len(arns) == 0 {
 		return fmt.Errorf("No certificate for domain %q found in this region.", target)
 	}
diff --git a/builtin/providers/aws/data_source_aws_acm_certificate_test.go b/builtin/providers/aws/data_source_aws_acm_certificate_test.go
index a5b7140bf..a862b12e7 100644
--- a/builtin/providers/aws/data_source_aws_acm_certificate_test.go
+++ b/builtin/providers/aws/data_source_aws_acm_certificate_test.go
@@ -24,6 +24,10 @@ func TestAccAwsAcmCertificateDataSource_noMatchReturnsError(t *testing.T) {
 				Config:      testAccCheckAwsAcmCertificateDataSourceConfigWithStatus(domain),
 				ExpectError: regexp.MustCompile(`No certificate for domain`),
 			},
+			{
+				Config:      testAccCheckAwsAcmCertificateDataSourceConfigWithTypes(domain),
+				ExpectError: regexp.MustCompile(`No certificate for domain`),
+			},
 		},
 	})
 }
@@ -44,3 +48,12 @@ data "aws_acm_certificate" "test" {
 }
 `, domain)
 }
+
+func testAccCheckAwsAcmCertificateDataSourceConfigWithTypes(domain string) string {
+	return fmt.Sprintf(`
+data "aws_acm_certificate" "test" {
+	domain = "%s"
+	types = ["IMPORTED"]
+}
+`, domain)
+}