From 90c1c226a20bbdf6f7d72b23ebde6144a02e3510 Mon Sep 17 00:00:00 2001 From: trung Date: Wed, 20 Sep 2017 14:54:36 -0500 Subject: [PATCH 1/7] test case to cover gp2 with iops --- aws/resource_aws_instance_test.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/aws/resource_aws_instance_test.go b/aws/resource_aws_instance_test.go index 242f60a7f61..e0f4c01e1cc 100644 --- a/aws/resource_aws_instance_test.go +++ b/aws/resource_aws_instance_test.go @@ -189,6 +189,11 @@ func TestAccAWSInstance_GP2IopsDevice(t *testing.T) { testCheck(), ), }, + { + Config: testAccInstanceGP2IopsDeviceExplicit, + PlanOnly: true, + ExpectNonEmptyPlan: false, + }, }, }) } @@ -1513,6 +1518,25 @@ resource "aws_instance" "foo" { } ` +const testAccInstanceGP2IopsDeviceExplicit = ` +resource "aws_instance" "foo" { + # us-west-2 + ami = "ami-55a7ea65" + + # In order to attach an encrypted volume to an instance you need to have an + # m3.medium or larger. See "Supported Instance Types" in: + # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html + instance_type = "m3.medium" + + root_block_device { + volume_type = "gp2" + volume_size = 11 + # demo a test scenario + iops = 10 + } +} +` + const testAccInstanceConfigBlockDevices = ` resource "aws_instance" "foo" { # us-west-2 From 68ed0d73810d160952338e5f7163b195c5ebb6a4 Mon Sep 17 00:00:00 2001 From: trung Date: Wed, 20 Sep 2017 14:54:36 -0500 Subject: [PATCH 2/7] test case to cover gp2 with iops --- aws/resource_aws_instance_test.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/aws/resource_aws_instance_test.go b/aws/resource_aws_instance_test.go index 85d7cc2b4a5..792c0fd41f8 100644 --- a/aws/resource_aws_instance_test.go +++ b/aws/resource_aws_instance_test.go @@ -189,6 +189,11 @@ func TestAccAWSInstance_GP2IopsDevice(t *testing.T) { testCheck(), ), }, + { + Config: testAccInstanceGP2IopsDeviceExplicit, + PlanOnly: true, + ExpectNonEmptyPlan: false, + }, }, }) } @@ -1555,6 +1560,25 @@ resource "aws_instance" "foo" { } ` +const testAccInstanceGP2IopsDeviceExplicit = ` +resource "aws_instance" "foo" { + # us-west-2 + ami = "ami-55a7ea65" + + # In order to attach an encrypted volume to an instance you need to have an + # m3.medium or larger. See "Supported Instance Types" in: + # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html + instance_type = "m3.medium" + + root_block_device { + volume_type = "gp2" + volume_size = 11 + # demo a test scenario + iops = 10 + } +} +` + const testAccInstanceConfigBlockDevices = ` resource "aws_instance" "foo" { # us-west-2 From a87fbe896a18b91bed29df8ba1b29c4ffca01c2a Mon Sep 17 00:00:00 2001 From: trung Date: Wed, 20 Sep 2017 14:54:36 -0500 Subject: [PATCH 3/7] test case to cover gp2 with iops --- aws/resource_aws_instance_test.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/aws/resource_aws_instance_test.go b/aws/resource_aws_instance_test.go index 85d7cc2b4a5..792c0fd41f8 100644 --- a/aws/resource_aws_instance_test.go +++ b/aws/resource_aws_instance_test.go @@ -189,6 +189,11 @@ func TestAccAWSInstance_GP2IopsDevice(t *testing.T) { testCheck(), ), }, + { + Config: testAccInstanceGP2IopsDeviceExplicit, + PlanOnly: true, + ExpectNonEmptyPlan: false, + }, }, }) } @@ -1555,6 +1560,25 @@ resource "aws_instance" "foo" { } ` +const testAccInstanceGP2IopsDeviceExplicit = ` +resource "aws_instance" "foo" { + # us-west-2 + ami = "ami-55a7ea65" + + # In order to attach an encrypted volume to an instance you need to have an + # m3.medium or larger. See "Supported Instance Types" in: + # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html + instance_type = "m3.medium" + + root_block_device { + volume_type = "gp2" + volume_size = 11 + # demo a test scenario + iops = 10 + } +} +` + const testAccInstanceConfigBlockDevices = ` resource "aws_instance" "foo" { # us-west-2 From d3ac253af9ea0e2643bb2037b9af35c4dae200f0 Mon Sep 17 00:00:00 2001 From: trung Date: Wed, 20 Sep 2017 14:54:36 -0500 Subject: [PATCH 4/7] test case to cover gp2 with iops --- aws/resource_aws_instance_test.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/aws/resource_aws_instance_test.go b/aws/resource_aws_instance_test.go index 792c0fd41f8..98ff5ed8890 100644 --- a/aws/resource_aws_instance_test.go +++ b/aws/resource_aws_instance_test.go @@ -307,6 +307,11 @@ func TestAccAWSInstance_blockDevices(t *testing.T) { testCheck(), ), }, + { + Config: testAccInstanceGP2IopsDeviceExplicit, + PlanOnly: true, + ExpectNonEmptyPlan: false, + }, }, }) } @@ -1579,6 +1584,25 @@ resource "aws_instance" "foo" { } ` +const testAccInstanceGP2IopsDeviceExplicit = ` +resource "aws_instance" "foo" { + # us-west-2 + ami = "ami-55a7ea65" + + # In order to attach an encrypted volume to an instance you need to have an + # m3.medium or larger. See "Supported Instance Types" in: + # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html + instance_type = "m3.medium" + + root_block_device { + volume_type = "gp2" + volume_size = 11 + # demo a test scenario + iops = 10 + } +} +` + const testAccInstanceConfigBlockDevices = ` resource "aws_instance" "foo" { # us-west-2 From ddb02a8b2a63a33d3bea49fb24a499de621030e3 Mon Sep 17 00:00:00 2001 From: trung Date: Tue, 14 Nov 2017 23:20:42 -0500 Subject: [PATCH 5/7] #2217: get default encryption configuration for s3 bucket data source --- aws/data_source_aws_s3_bucket.go | 67 ++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/aws/data_source_aws_s3_bucket.go b/aws/data_source_aws_s3_bucket.go index 6a62841f125..e2679e913e7 100644 --- a/aws/data_source_aws_s3_bucket.go +++ b/aws/data_source_aws_s3_bucket.go @@ -18,6 +18,41 @@ func dataSourceAwsS3Bucket() *schema.Resource { Type: schema.TypeString, Required: true, }, + "server_side_encryption_configuration": { + Type: schema.TypeSet, + MaxItems: 1, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema { + "rule" : { + Type: schema.TypeSet, + MaxItems: 1, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema { + "apply_server_side_encryption_by_default": { + Type: schema.TypeSet, + MaxItems: 1, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "kms_master_key_id": { + Type: schema.TypeString, + Computed: true, + }, + "sse_algorithm": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, "arn": { Type: schema.TypeString, Computed: true, @@ -70,6 +105,38 @@ func dataSourceAwsS3BucketRead(d *schema.ResourceData, meta interface{}) error { return err } + if err := bucketEncryption(d, bucket, conn); err != nil { + return err + } + + return nil +} + +func bucketEncryption(data *schema.ResourceData, bucket string, conn *s3.S3) error { + input := &s3.GetBucketEncryptionInput{ + Bucket: aws.String(bucket), + } + output, err := conn.GetBucketEncryption(input) + if err != nil { + if isAWSErr(err, "ServerSideEncryptionConfigurationNotFoundError", "encryption configuration was not found") { + + } else { + return err + } + } + if ruleCount := len(output.ServerSideEncryptionConfiguration.Rules); ruleCount != 1 { + return fmt.Errorf("expect one rule returned but there are %d rules. Changes required in the data source to support this", ruleCount) + } + defaultRuleConfiguration := output.ServerSideEncryptionConfiguration.Rules[0].ApplyServerSideEncryptionByDefault + defaultRule := make([]map[string]interface{}, 1) + defaultRule[0]["kms_master_key_id"] = aws.StringValue(defaultRuleConfiguration.KMSMasterKeyID) + defaultRule[0]["sse_algorithm"] = aws.StringValue(defaultRuleConfiguration.SSEAlgorithm) + + encryptionConfiguration := make([]map[string]interface{}, 1) + encryptionConfiguration[0]["rule"] = make([]map[string]interface{}, 1) + encryptionConfiguration[0]["rule"].(map[string]interface{})["apply_server_side_encryption_by_default"] = defaultRule + + data.Set("server_side_encryption_configuration", encryptionConfiguration) return nil } From 6824b73f15a7b0ec338a3a7585d83a1e4013c5ce Mon Sep 17 00:00:00 2001 From: trung Date: Tue, 14 Nov 2017 23:23:43 -0500 Subject: [PATCH 6/7] #2217: get default encryption configuration for s3 bucket data source --- aws/data_source_aws_s3_bucket.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/aws/data_source_aws_s3_bucket.go b/aws/data_source_aws_s3_bucket.go index e2679e913e7..bd30098cbb6 100644 --- a/aws/data_source_aws_s3_bucket.go +++ b/aws/data_source_aws_s3_bucket.go @@ -19,29 +19,29 @@ func dataSourceAwsS3Bucket() *schema.Resource { Required: true, }, "server_side_encryption_configuration": { - Type: schema.TypeSet, + Type: schema.TypeSet, MaxItems: 1, Computed: true, Elem: &schema.Resource{ - Schema: map[string]*schema.Schema { - "rule" : { - Type: schema.TypeSet, + Schema: map[string]*schema.Schema{ + "rule": { + Type: schema.TypeSet, MaxItems: 1, Computed: true, Elem: &schema.Resource{ - Schema: map[string]*schema.Schema { + Schema: map[string]*schema.Schema{ "apply_server_side_encryption_by_default": { - Type: schema.TypeSet, + Type: schema.TypeSet, MaxItems: 1, Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "kms_master_key_id": { - Type: schema.TypeString, + Type: schema.TypeString, Computed: true, }, "sse_algorithm": { - Type: schema.TypeString, + Type: schema.TypeString, Computed: true, }, }, @@ -119,7 +119,7 @@ func bucketEncryption(data *schema.ResourceData, bucket string, conn *s3.S3) err output, err := conn.GetBucketEncryption(input) if err != nil { if isAWSErr(err, "ServerSideEncryptionConfigurationNotFoundError", "encryption configuration was not found") { - + } else { return err } From d4f08f71e003de307eccb4006278b96c347d5dcd Mon Sep 17 00:00:00 2001 From: trung Date: Tue, 14 Nov 2017 23:32:56 -0500 Subject: [PATCH 7/7] #2217: get default encryption configuration for s3 bucket data source --- aws/resource_aws_instance_test.go | 48 ------------------------------- 1 file changed, 48 deletions(-) diff --git a/aws/resource_aws_instance_test.go b/aws/resource_aws_instance_test.go index 98ff5ed8890..85d7cc2b4a5 100644 --- a/aws/resource_aws_instance_test.go +++ b/aws/resource_aws_instance_test.go @@ -189,11 +189,6 @@ func TestAccAWSInstance_GP2IopsDevice(t *testing.T) { testCheck(), ), }, - { - Config: testAccInstanceGP2IopsDeviceExplicit, - PlanOnly: true, - ExpectNonEmptyPlan: false, - }, }, }) } @@ -307,11 +302,6 @@ func TestAccAWSInstance_blockDevices(t *testing.T) { testCheck(), ), }, - { - Config: testAccInstanceGP2IopsDeviceExplicit, - PlanOnly: true, - ExpectNonEmptyPlan: false, - }, }, }) } @@ -1565,44 +1555,6 @@ resource "aws_instance" "foo" { } ` -const testAccInstanceGP2IopsDeviceExplicit = ` -resource "aws_instance" "foo" { - # us-west-2 - ami = "ami-55a7ea65" - - # In order to attach an encrypted volume to an instance you need to have an - # m3.medium or larger. See "Supported Instance Types" in: - # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html - instance_type = "m3.medium" - - root_block_device { - volume_type = "gp2" - volume_size = 11 - # demo a test scenario - iops = 10 - } -} -` - -const testAccInstanceGP2IopsDeviceExplicit = ` -resource "aws_instance" "foo" { - # us-west-2 - ami = "ami-55a7ea65" - - # In order to attach an encrypted volume to an instance you need to have an - # m3.medium or larger. See "Supported Instance Types" in: - # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html - instance_type = "m3.medium" - - root_block_device { - volume_type = "gp2" - volume_size = 11 - # demo a test scenario - iops = 10 - } -} -` - const testAccInstanceConfigBlockDevices = ` resource "aws_instance" "foo" { # us-west-2