* 1.1.0 -- 2024-05-16

- acmpca - new outputs - certificate_details - certificate_subject - certificate_issuer_details - certificate_issuer_subject
terraform-modules · May 17, 2024 · e105e52 · e105e52
1 parent f584cb4
commit e105e52
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,3 +16,11 @@
 
 * 1.0.3 -- 2024-04-23
   - add output directory for certificates
+
+* 1.1.0 -- 2024-05-16
+  - acmpca
+    - new outputs
+      - certificate_details
+      - certificate_subject
+      - certificate_issuer_details
+      - certificate_issuer_subject
diff --git a/acmpca/README.md b/acmpca/README.md
@@ -73,6 +73,8 @@ No modules.
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_ssm_parameter.ca_longterm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
 | [aws_ssm_parameter.ca_shortterm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
+| [tls_certificate.certificate](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/data-sources/certificate) | data source |
+| [tls_certificate.issuer](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/data-sources/certificate) | data source |
 
 ## Inputs
 
@@ -107,6 +109,10 @@ No modules.
 | <a name="output_certificate"></a> [certificate](#output\_certificate) | PEM format for signed certificate |
 | <a name="output_certificate_chain"></a> [certificate\_chain](#output\_certificate\_chain) | PEM format for certificate chain (issuer through root) |
 | <a name="output_certificate_csr"></a> [certificate\_csr](#output\_certificate\_csr) | PEM format Certificate Signing Request |
+| <a name="output_certificate_details"></a> [certificate\_details](#output\_certificate\_details) | Certificate details |
 | <a name="output_certificate_filenames"></a> [certificate\_filenames](#output\_certificate\_filenames) | Map of certificate file names |
+| <a name="output_certificate_issuer_details"></a> [certificate\_issuer\_details](#output\_certificate\_issuer\_details) | Certificate Issuer details |
+| <a name="output_certificate_issuer_subject"></a> [certificate\_issuer\_subject](#output\_certificate\_issuer\_subject) | Certificate Issuer Subject field map |
 | <a name="output_certificate_key"></a> [certificate\_key](#output\_certificate\_key) | PEM format RSA Key |
+| <a name="output_certificate_subject"></a> [certificate\_subject](#output\_certificate\_subject) | Certificate Subject field map |
 <!-- END_TF_DOCS -->
diff --git a/acmpca/certificate.tf b/acmpca/certificate.tf
@@ -127,3 +127,35 @@ resource "local_sensitive_file" "certificate_cert_chain" {
   content              = local.certificate_chain
 }
 
+
+#---
+# so we can pull out fields
+#---
+data "tls_certificate" "issuer" {
+  content = local.certificate_chain
+}
+
+data "tls_certificate" "certificate" {
+  content = local.certificate_cert
+}
+
+locals {
+  subject_fields = {
+    "CN" = "common_name"
+    "O"  = "organization"
+    "OU" = "organizational_unit"
+    "C"  = "country"
+    "ST" = "province"
+    "L"  = "locality"
+  }
+
+  c_issuer             = try(data.tls_certificate.issuer.certificates[0], null)
+  c_issuer_fields      = local.cert_issuer != null ? { for k, v in local.cert_issuer : k => v if k != "cert_pem" } : {}
+  c_issuer_subject     = try(local.cert_issuer_fields.subject != "") ? { for x in split(",", local.cert_issuer_fields.subject) : (split("=", x)[0]) => split("=", x)[1] } : {}
+  c_issuer_subject_map = { for k, v in local.cert_issuer_subject : lookup(local.subject_fields, k, k) => v }
+
+  c_cert             = try(data.tls_certificate.certificate.certificates[0], null)
+  c_cert_fields      = local.cert_cert != null ? { for k, v in local.cert_cert : k => v if k != "cert_pem" } : {}
+  c_cert_subject     = try(local.cert_cert_fields.subject != "") ? { for x in split(",", local.cert_cert_fields.subject) : (split("=", x)[0]) => split("=", x)[1] } : {}
+  c_cert_subject_map = { for k, v in local.cert_cert_subject : lookup(local.subject_fields, k, k) => v }
+}
diff --git a/acmpca/output.tf b/acmpca/output.tf
@@ -33,3 +33,27 @@ output "certificate_filenames" {
     chain       = local.filename_chain
   }
 }
+
+output "certificate_details" {
+  description = "Certificate details"
+  sensitive   = false
+  value       = local.c_cert_fields
+}
+
+output "certificate_subject" {
+  description = "Certificate Subject field map"
+  sensitive   = false
+  value       = local.c_cert_subject_map
+}
+
+output "certificate_issuer_details" {
+  description = "Certificate Issuer details"
+  sensitive   = false
+  value       = local.c_issuer_fields
+}
+
+output "certificate_issuer_subject" {
+  description = "Certificate Issuer Subject field map"
+  sensitive   = false
+  value       = local.c_issuer_subject_map
+}
diff --git a/common/version.tf b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.0.3"
+  _module_version = "1.1.0"
 }