Merge a18eaa5 into 99d66e7

Author: doebrowsk

CHANGELOG.md

@@ -1,3 +1,7 @@
+3.0.1
+* Fixed a bug where memory streams closed early before submitting certificates to ACM in Management Add jobs
+* Fixed a bug where ACM tags would be "set" even if none where entered, preventing a certificate from being added without tags
+
 3.0.0
 * Upgrade to AWS SDK v4
   * All interactions with AWS now target the Region specified in `Store Path` with no "default" Region considered

aws-acm-orchestrator/Jobs/Management.cs

@@ -199,6 +199,7 @@ internal JobResult PerformAddition(AwsExtensionCredential awsCredentials, Manage
                         Logger.LogTrace($"Got certPem {certPem}");
                         //Create Memory Stream For Server Cert
                         ImportCertificateRequest icr;
+                        ImportCertificateResponse IcrResponse;
                         using (MemoryStream serverCertStream = CertStringToStream(certPem))
                         {
                             using (MemoryStream privateStream = CertStringToStream(privateKeyString))
@@ -211,17 +212,24 @@ internal JobResult PerformAddition(AwsExtensionCredential awsCredentials, Manage
                                         PrivateKey = privateStream,
                                         CertificateChain = chainStream
                                     };
+                                
+                                    icr.CertificateArn = config.JobCertificate.Alias?.Length >= 20 ? config.JobCertificate.Alias.Trim() : null; //If an arn is provided, use it, this will perform a renewal/replace
+                                    Logger.LogTrace($"Certificate arn {icr.CertificateArn}");
+                                    
+                                    if (acmTags != null && acmTags.Count > 0)
+                                    {
+                                        Logger.LogDebug($"Number of ACM tags added to certificate: {acmTags.Count}");
+                                        icr.Tags = acmTags;
+                                    }
+                                    else
+                                    {
+                                        Logger.LogDebug("No ACM tags were added to the certificate");
+                                    }
+                        
+                                    IcrResponse = AsyncHelpers.RunSync(() => AcmClient.ImportCertificateAsync(icr));
                                 }
                             }
                         }
-                        icr.CertificateArn = config.JobCertificate.Alias?.Length >= 20 ? config.JobCertificate.Alias.Trim() : null; //If an arn is provided, use it, this will perform a renewal/replace
-                        if (icr.CertificateArn == null )
-                        {
-                            icr.Tags = acmTags;
-                        }
-                        Logger.LogTrace($"Certificate arn {icr.CertificateArn}");
-                        
-                        ImportCertificateResponse IcrResponse = AsyncHelpers.RunSync(() => AcmClient.ImportCertificateAsync(icr));
                         Logger.LogTrace($"IcrResponse JSON: {JsonConvert.SerializeObject(IcrResponse)}");
                         // Ensure 200 Response
                         if (IcrResponse.HttpStatusCode == HttpStatusCode.OK)