Skip to content

Commit

Permalink
hashicorp#2217: get default encryption configuration for s3 bucket da…
Browse files Browse the repository at this point in the history
…ta source
  • Loading branch information
trung committed Nov 15, 2017
1 parent b4b50c9 commit ddb02a8
Showing 1 changed file with 67 additions and 0 deletions.
67 changes: 67 additions & 0 deletions aws/data_source_aws_s3_bucket.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,41 @@ func dataSourceAwsS3Bucket() *schema.Resource {
Type: schema.TypeString,
Required: true,
},
"server_side_encryption_configuration": {
Type: schema.TypeSet,
MaxItems: 1,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema {
"rule" : {
Type: schema.TypeSet,
MaxItems: 1,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema {
"apply_server_side_encryption_by_default": {
Type: schema.TypeSet,
MaxItems: 1,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"kms_master_key_id": {
Type: schema.TypeString,
Computed: true,
},
"sse_algorithm": {
Type: schema.TypeString,
Computed: true,
},
},
},
},
},
},
},
},
},
},
"arn": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -70,6 +105,38 @@ func dataSourceAwsS3BucketRead(d *schema.ResourceData, meta interface{}) error {
return err
}

if err := bucketEncryption(d, bucket, conn); err != nil {
return err
}

return nil
}

func bucketEncryption(data *schema.ResourceData, bucket string, conn *s3.S3) error {
input := &s3.GetBucketEncryptionInput{
Bucket: aws.String(bucket),
}
output, err := conn.GetBucketEncryption(input)
if err != nil {
if isAWSErr(err, "ServerSideEncryptionConfigurationNotFoundError", "encryption configuration was not found") {

} else {
return err
}
}
if ruleCount := len(output.ServerSideEncryptionConfiguration.Rules); ruleCount != 1 {
return fmt.Errorf("expect one rule returned but there are %d rules. Changes required in the data source to support this", ruleCount)
}
defaultRuleConfiguration := output.ServerSideEncryptionConfiguration.Rules[0].ApplyServerSideEncryptionByDefault
defaultRule := make([]map[string]interface{}, 1)
defaultRule[0]["kms_master_key_id"] = aws.StringValue(defaultRuleConfiguration.KMSMasterKeyID)
defaultRule[0]["sse_algorithm"] = aws.StringValue(defaultRuleConfiguration.SSEAlgorithm)

encryptionConfiguration := make([]map[string]interface{}, 1)
encryptionConfiguration[0]["rule"] = make([]map[string]interface{}, 1)
encryptionConfiguration[0]["rule"].(map[string]interface{})["apply_server_side_encryption_by_default"] = defaultRule

data.Set("server_side_encryption_configuration", encryptionConfiguration)
return nil
}

Expand Down

0 comments on commit ddb02a8

Please sign in to comment.