From 27ffe8f5bf1680c1a5e26ae8e05f2bfb66efdf55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Jutteau?= Date: Thu, 1 Apr 2021 11:09:57 +0200 Subject: [PATCH] resource_aws_s3_bucket: add skip_encryption_config option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jérôme Jutteau --- .changelog/TODO1.txt | 2 +- aws/resource_aws_s3_bucket.go | 43 ++++++++++++++++---------- aws/resource_aws_s3_bucket_test.go | 3 +- website/docs/r/s3_bucket.html.markdown | 2 ++ 4 files changed, 32 insertions(+), 18 deletions(-) diff --git a/.changelog/TODO1.txt b/.changelog/TODO1.txt index 4cd0e7b66b..51e132f596 100644 --- a/.changelog/TODO1.txt +++ b/.changelog/TODO1.txt @@ -1,3 +1,3 @@ ```release-notes:enhancement -resource/aws_s3_bucket: Add `skip_logging_config` and `skip_tag_config` attributes +resource/aws_s3_bucket: Add `skip_logging_config`, `skip_tag_config` and `skip_encryption_config` attributes ``` diff --git a/aws/resource_aws_s3_bucket.go b/aws/resource_aws_s3_bucket.go index 883e04c2b5..edfd1c7479 100644 --- a/aws/resource_aws_s3_bucket.go +++ b/aws/resource_aws_s3_bucket.go @@ -648,6 +648,11 @@ func resourceAwsS3Bucket() *schema.Resource { Optional: true, Default: false, }, + "skip_encryption_config": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, }, } } @@ -820,9 +825,12 @@ func resourceAwsS3BucketUpdate(d *schema.ResourceData, meta interface{}) error { } } - if d.HasChange("server_side_encryption_configuration") { - if err := resourceAwsS3BucketServerSideEncryptionConfigurationUpdate(s3conn, d); err != nil { - return err + skipEncryptionConfig, skipEncryptionConfigOk := d.GetOk("skip_encryption_config") + if !skipEncryptionConfigOk || !skipEncryptionConfig.(bool) { + if d.HasChange("server_side_encryption_configuration") { + if err := resourceAwsS3BucketServerSideEncryptionConfigurationUpdate(s3conn, d); err != nil { + return err + } } } @@ -1285,21 +1293,24 @@ func resourceAwsS3BucketRead(d *schema.ResourceData, meta interface{}) error { // Read the bucket server side encryption configuration - encryptionResponse, err := retryOnAwsCode(s3.ErrCodeNoSuchBucket, func() (interface{}, error) { - return s3conn.GetBucketEncryption(&s3.GetBucketEncryptionInput{ - Bucket: aws.String(d.Id()), + skipEncryptionConfig, skipEncryptionConfigOk := d.GetOk("skip_encryption_config") + if !skipEncryptionConfigOk || !skipEncryptionConfig.(bool) { + encryptionResponse, err := retryOnAwsCode(s3.ErrCodeNoSuchBucket, func() (interface{}, error) { + return s3conn.GetBucketEncryption(&s3.GetBucketEncryptionInput{ + Bucket: aws.String(d.Id()), + }) }) - }) - if err != nil && !isAWSErr(err, "ServerSideEncryptionConfigurationNotFoundError", "encryption configuration was not found") { - return fmt.Errorf("error getting S3 Bucket encryption: %s", err) - } + if err != nil && !isAWSErr(err, "ServerSideEncryptionConfigurationNotFoundError", "encryption configuration was not found") { + return fmt.Errorf("error getting S3 Bucket encryption: %s", err) + } - serverSideEncryptionConfiguration := make([]map[string]interface{}, 0) - if encryption, ok := encryptionResponse.(*s3.GetBucketEncryptionOutput); ok && encryption.ServerSideEncryptionConfiguration != nil { - serverSideEncryptionConfiguration = flattenAwsS3ServerSideEncryptionConfiguration(encryption.ServerSideEncryptionConfiguration) - } - if err := d.Set("server_side_encryption_configuration", serverSideEncryptionConfiguration); err != nil { - return fmt.Errorf("error setting server_side_encryption_configuration: %s", err) + serverSideEncryptionConfiguration := make([]map[string]interface{}, 0) + if encryption, ok := encryptionResponse.(*s3.GetBucketEncryptionOutput); ok && encryption.ServerSideEncryptionConfiguration != nil { + serverSideEncryptionConfiguration = flattenAwsS3ServerSideEncryptionConfiguration(encryption.ServerSideEncryptionConfiguration) + } + if err := d.Set("server_side_encryption_configuration", serverSideEncryptionConfiguration); err != nil { + return fmt.Errorf("error setting server_side_encryption_configuration: %s", err) + } } // Object Lock configuration. diff --git a/aws/resource_aws_s3_bucket_test.go b/aws/resource_aws_s3_bucket_test.go index 6dc70ec6df..bb8e06cb6a 100644 --- a/aws/resource_aws_s3_bucket_test.go +++ b/aws/resource_aws_s3_bucket_test.go @@ -228,7 +228,7 @@ func TestAccAWSS3Bucket_SkipConfig(t *testing.T) { ImportStateVerify: true, ImportStateVerifyIgnore: []string{ "force_destroy", "acl", - "skip_acceleration_config", "skip_payer_config", "skip_lock_config", "skip_logging_config", "skip_tag_config", + "skip_acceleration_config", "skip_payer_config", "skip_lock_config", "skip_logging_config", "skip_tag_config", "skip_encryption_config", }, }, }, @@ -4733,6 +4733,7 @@ resource "aws_s3_bucket" "bucket" { skip_lock_config = true skip_logging_config = true skip_lock_config = true + skip_encryption_config = true } `, bucketName) } diff --git a/website/docs/r/s3_bucket.html.markdown b/website/docs/r/s3_bucket.html.markdown index 2e54ec8e52..5ec0fd00ec 100644 --- a/website/docs/r/s3_bucket.html.markdown +++ b/website/docs/r/s3_bucket.html.markdown @@ -343,6 +343,7 @@ resource "aws_s3_bucket" "bucket" { skip_lock_config = true skip_logging_config = true skip_tag_config = true + skip_encryption_config = true } ``` @@ -376,6 +377,7 @@ developer guide for more information. * `skip_lock_config` - (Optional, Default:`false`) A boolean that indicates lock configuration should not be performed; useful with different S3 implementations that do not support lock configuration * `skip_logging_config` - (Optional, Default:`false`) A boolean that indicates logging configuration should not be performed; useful with different S3 implementations that do not support logging configuration * `skip_tag_config` - (Optional, Default:`false`) A boolean that indicates tag configuration should not be performed; useful with different S3 implementations that do not support tag configuration +* `skip_encryption_config` - (Optional, Default:`false`) A boolean that indicates encryption configuration should not be performed; useful with different S3 implementations that do not support encryption configuration ~> **NOTE:** You cannot use `acceleration_status` in `cn-north-1` or `us-gov-west-1`