From ddb02a8b2a63a33d3bea49fb24a499de621030e3 Mon Sep 17 00:00:00 2001
From: trung <trung.n.k@gmail.com>
Date: Tue, 14 Nov 2017 23:20:42 -0500
Subject: [PATCH] #2217: get default encryption configuration for s3 bucket
 data source

---
 aws/data_source_aws_s3_bucket.go | 67 ++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)

diff --git a/aws/data_source_aws_s3_bucket.go b/aws/data_source_aws_s3_bucket.go
index 6a62841f125..e2679e913e7 100644
--- a/aws/data_source_aws_s3_bucket.go
+++ b/aws/data_source_aws_s3_bucket.go
@@ -18,6 +18,41 @@ func dataSourceAwsS3Bucket() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 			},
+			"server_side_encryption_configuration": {
+				Type: schema.TypeSet,
+				MaxItems: 1,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema {
+						"rule" : {
+							Type: schema.TypeSet,
+							MaxItems: 1,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema {
+									"apply_server_side_encryption_by_default": {
+										Type: schema.TypeSet,
+										MaxItems: 1,
+										Computed: true,
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"kms_master_key_id": {
+													Type: schema.TypeString,
+													Computed: true,
+												},
+												"sse_algorithm": {
+													Type: schema.TypeString,
+													Computed: true,
+												},
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
 			"arn": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -70,6 +105,38 @@ func dataSourceAwsS3BucketRead(d *schema.ResourceData, meta interface{}) error {
 		return err
 	}
 
+	if err := bucketEncryption(d, bucket, conn); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func bucketEncryption(data *schema.ResourceData, bucket string, conn *s3.S3) error {
+	input := &s3.GetBucketEncryptionInput{
+		Bucket: aws.String(bucket),
+	}
+	output, err := conn.GetBucketEncryption(input)
+	if err != nil {
+		if isAWSErr(err, "ServerSideEncryptionConfigurationNotFoundError", "encryption configuration was not found") {
+			
+		} else {
+			return err
+		}
+	}
+	if ruleCount := len(output.ServerSideEncryptionConfiguration.Rules); ruleCount != 1 {
+		return fmt.Errorf("expect one rule returned but there are %d rules. Changes required in the data source to support this", ruleCount)
+	}
+	defaultRuleConfiguration := output.ServerSideEncryptionConfiguration.Rules[0].ApplyServerSideEncryptionByDefault
+	defaultRule := make([]map[string]interface{}, 1)
+	defaultRule[0]["kms_master_key_id"] = aws.StringValue(defaultRuleConfiguration.KMSMasterKeyID)
+	defaultRule[0]["sse_algorithm"] = aws.StringValue(defaultRuleConfiguration.SSEAlgorithm)
+
+	encryptionConfiguration := make([]map[string]interface{}, 1)
+	encryptionConfiguration[0]["rule"] = make([]map[string]interface{}, 1)
+	encryptionConfiguration[0]["rule"].(map[string]interface{})["apply_server_side_encryption_by_default"] = defaultRule
+
+	data.Set("server_side_encryption_configuration", encryptionConfiguration)
 	return nil
 }