resource_aws_s3_bucket: add skip_encryption_config option

Signed-off-by: Jérôme Jutteau <[email protected]>
outscale · Apr 1, 2021 · 27ffe8f · 27ffe8f
1 parent 27bfc2f
commit 27ffe8f
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 18 deletions.
diff --git a/.changelog/TODO1.txt b/.changelog/TODO1.txt
@@ -1,3 +1,3 @@
 ```release-notes:enhancement
-resource/aws_s3_bucket: Add `skip_logging_config` and `skip_tag_config` attributes
+resource/aws_s3_bucket: Add `skip_logging_config`, `skip_tag_config` and `skip_encryption_config` attributes
 ```
diff --git a/aws/resource_aws_s3_bucket.go b/aws/resource_aws_s3_bucket.go
@@ -648,6 +648,11 @@ func resourceAwsS3Bucket() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
+			"skip_encryption_config": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
 		},
 	}
 }
@@ -820,9 +825,12 @@ func resourceAwsS3BucketUpdate(d *schema.ResourceData, meta interface{}) error {
 		}
 	}
 
-	if d.HasChange("server_side_encryption_configuration") {
-		if err := resourceAwsS3BucketServerSideEncryptionConfigurationUpdate(s3conn, d); err != nil {
-			return err
+	skipEncryptionConfig, skipEncryptionConfigOk := d.GetOk("skip_encryption_config")
+	if !skipEncryptionConfigOk || !skipEncryptionConfig.(bool) {
+		if d.HasChange("server_side_encryption_configuration") {
+			if err := resourceAwsS3BucketServerSideEncryptionConfigurationUpdate(s3conn, d); err != nil {
+				return err
+			}
 		}
 	}
 
@@ -1285,21 +1293,24 @@ func resourceAwsS3BucketRead(d *schema.ResourceData, meta interface{}) error {
 
 	// Read the bucket server side encryption configuration
 
-	encryptionResponse, err := retryOnAwsCode(s3.ErrCodeNoSuchBucket, func() (interface{}, error) {
-		return s3conn.GetBucketEncryption(&s3.GetBucketEncryptionInput{
-			Bucket: aws.String(d.Id()),
+	skipEncryptionConfig, skipEncryptionConfigOk := d.GetOk("skip_encryption_config")
+	if !skipEncryptionConfigOk || !skipEncryptionConfig.(bool) {
+		encryptionResponse, err := retryOnAwsCode(s3.ErrCodeNoSuchBucket, func() (interface{}, error) {
+			return s3conn.GetBucketEncryption(&s3.GetBucketEncryptionInput{
+				Bucket: aws.String(d.Id()),
+			})
 		})
-	})
-	if err != nil && !isAWSErr(err, "ServerSideEncryptionConfigurationNotFoundError", "encryption configuration was not found") {
-		return fmt.Errorf("error getting S3 Bucket encryption: %s", err)
-	}
+		if err != nil && !isAWSErr(err, "ServerSideEncryptionConfigurationNotFoundError", "encryption configuration was not found") {
+			return fmt.Errorf("error getting S3 Bucket encryption: %s", err)
+		}
 
-	serverSideEncryptionConfiguration := make([]map[string]interface{}, 0)
-	if encryption, ok := encryptionResponse.(*s3.GetBucketEncryptionOutput); ok && encryption.ServerSideEncryptionConfiguration != nil {
-		serverSideEncryptionConfiguration = flattenAwsS3ServerSideEncryptionConfiguration(encryption.ServerSideEncryptionConfiguration)
-	}
-	if err := d.Set("server_side_encryption_configuration", serverSideEncryptionConfiguration); err != nil {
-		return fmt.Errorf("error setting server_side_encryption_configuration: %s", err)
+		serverSideEncryptionConfiguration := make([]map[string]interface{}, 0)
+		if encryption, ok := encryptionResponse.(*s3.GetBucketEncryptionOutput); ok && encryption.ServerSideEncryptionConfiguration != nil {
+			serverSideEncryptionConfiguration = flattenAwsS3ServerSideEncryptionConfiguration(encryption.ServerSideEncryptionConfiguration)
+		}
+		if err := d.Set("server_side_encryption_configuration", serverSideEncryptionConfiguration); err != nil {
+			return fmt.Errorf("error setting server_side_encryption_configuration: %s", err)
+		}
 	}
 
 	// Object Lock configuration.

diff --git a/aws/resource_aws_s3_bucket_test.go b/aws/resource_aws_s3_bucket_test.go
@@ -228,7 +228,7 @@ func TestAccAWSS3Bucket_SkipConfig(t *testing.T) {
 				ImportStateVerify: true,
 				ImportStateVerifyIgnore: []string{
 					"force_destroy", "acl",
-					"skip_acceleration_config", "skip_payer_config", "skip_lock_config", "skip_logging_config", "skip_tag_config",
+					"skip_acceleration_config", "skip_payer_config", "skip_lock_config", "skip_logging_config", "skip_tag_config", "skip_encryption_config",
 				},
 			},
 		},
@@ -4733,6 +4733,7 @@ resource "aws_s3_bucket" "bucket" {
   skip_lock_config         = true
   skip_logging_config      = true
   skip_lock_config         = true
+  skip_encryption_config   = true
 }
 `, bucketName)
 }

diff --git a/website/docs/r/s3_bucket.html.markdown b/website/docs/r/s3_bucket.html.markdown
@@ -343,6 +343,7 @@ resource "aws_s3_bucket" "bucket" {
   skip_lock_config         = true
   skip_logging_config      = true
   skip_tag_config          = true
+  skip_encryption_config   = true
 }
 ```
 
@@ -376,6 +377,7 @@ developer guide for more information.
 * `skip_lock_config` - (Optional, Default:`false`) A boolean that indicates lock configuration should not be performed; useful with different S3 implementations that do not support lock configuration
 * `skip_logging_config` - (Optional, Default:`false`) A boolean that indicates logging configuration should not be performed; useful with different S3 implementations that do not support logging configuration
 * `skip_tag_config` - (Optional, Default:`false`) A boolean that indicates tag configuration should not be performed; useful with different S3 implementations that do not support tag configuration
+* `skip_encryption_config` - (Optional, Default:`false`) A boolean that indicates encryption configuration should not be performed; useful with different S3 implementations that do not support encryption configuration
 
 ~> **NOTE:** You cannot use `acceleration_status` in `cn-north-1` or `us-gov-west-1`