From bb199bf003055a368c764aa471d8e53fdfdb4ac0 Mon Sep 17 00:00:00 2001 From: Artem Lifshits Date: Thu, 19 Dec 2024 11:26:46 +0100 Subject: [PATCH 1/2] fix encryption --- ...source_opentelekomcloud_obs_bucket_test.go | 67 ++----------------- .../resource_opentelekomcloud_obs_bucket.go | 6 +- .../notes/obs_kms_fix-85ca84ef660a3b07.yaml | 4 ++ 3 files changed, 15 insertions(+), 62 deletions(-) create mode 100644 releasenotes/notes/obs_kms_fix-85ca84ef660a3b07.yaml diff --git a/opentelekomcloud/acceptance/obs/resource_opentelekomcloud_obs_bucket_test.go b/opentelekomcloud/acceptance/obs/resource_opentelekomcloud_obs_bucket_test.go index 413e565c0..8edef70b4 100644 --- a/opentelekomcloud/acceptance/obs/resource_opentelekomcloud_obs_bucket_test.go +++ b/opentelekomcloud/acceptance/obs/resource_opentelekomcloud_obs_bucket_test.go @@ -8,8 +8,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/opentelekomcloud/gophertelekomcloud/acceptance/tools" - "github.com/opentelekomcloud/gophertelekomcloud/openstack/obs" "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/common" "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/env" "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/cfg" @@ -38,7 +36,6 @@ func TestAccObsBucket_basic(t *testing.T) { { Config: testAccObsBucketUpdate(rInt), Check: resource.ComposeTestCheckFunc(testAccCheckObsBucketExists(resourceName), - testUploadObjectToObsBucket(rInt), resource.TestCheckResourceAttr(resourceName, "acl", "public-read"), resource.TestCheckResourceAttr(resourceName, "storage_class", "WARM"), ), @@ -46,11 +43,16 @@ func TestAccObsBucket_basic(t *testing.T) { { Config: testAccObsBucketSSE(rInt), Check: resource.ComposeTestCheckFunc(testAccCheckObsBucketExists(resourceName), - testUploadDeleteObjectObsBucket(rInt), resource.TestCheckResourceAttr(resourceName, "server_side_encryption.0.kms_key_id", env.OS_KMS_ID), resource.TestCheckResourceAttr(resourceName, "server_side_encryption.0.algorithm", "kms"), ), }, + { + Config: testAccObsBucketUpdate(rInt), + Check: resource.ComposeTestCheckFunc(testAccCheckObsBucketExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "server_side_encryption.#", "0"), + ), + }, }, }) } @@ -351,63 +353,6 @@ func testAccCheckObsBucketExists(n string) resource.TestCheckFunc { } } -func testUploadObjectToObsBucket(obsNumber int) resource.TestCheckFunc { - return func(s *terraform.State) error { - config := common.TestAccProvider.Meta().(*cfg.Config) - client, err := config.NewObjectStorageClient(env.OS_REGION_NAME) - if err != nil { - return fmt.Errorf("error creating OpenTelekomCloud OBS client: %s", err) - } - - objectName := tools.RandomString("test-obs-", 5) - - _, err = client.PutObject(&obs.PutObjectInput{ - PutObjectBasicInput: obs.PutObjectBasicInput{ - ObjectOperationInput: obs.ObjectOperationInput{ - Bucket: fmt.Sprintf("tf-test-bucket-%d", obsNumber), - Key: objectName, - }, - }, - }) - if err != nil { - return fmt.Errorf("error uploading object to OBS bucket: %s", err) - } - return nil - } -} - -func testUploadDeleteObjectObsBucket(obsNumber int) resource.TestCheckFunc { - return func(s *terraform.State) error { - config := common.TestAccProvider.Meta().(*cfg.Config) - client, err := config.NewObjectStorageClient(env.OS_REGION_NAME) - if err != nil { - return fmt.Errorf("error creating OpenTelekomCloud OBS client: %s", err) - } - - objectName := tools.RandomString("test-obs-", 5) - - _, err = client.PutObject(&obs.PutObjectInput{ - PutObjectBasicInput: obs.PutObjectBasicInput{ - ObjectOperationInput: obs.ObjectOperationInput{ - Bucket: fmt.Sprintf("tf-test-bucket-%d", obsNumber), - Key: objectName, - }, - }, - }) - if err != nil { - return fmt.Errorf("error uploading object to OBS bucket: %s", err) - } - _, err = client.DeleteObject(&obs.DeleteObjectInput{ - Bucket: fmt.Sprintf("tf-test-bucket-%d", obsNumber), - Key: objectName, - }) - if err != nil { - return fmt.Errorf("error deleting object from OBS bucket: %s", err) - } - return nil - } -} - func testAccCheckObsBucketLogging(name, target, prefix string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[name] diff --git a/opentelekomcloud/services/obs/resource_opentelekomcloud_obs_bucket.go b/opentelekomcloud/services/obs/resource_opentelekomcloud_obs_bucket.go index 445a06fa8..e67ba40fb 100644 --- a/opentelekomcloud/services/obs/resource_opentelekomcloud_obs_bucket.go +++ b/opentelekomcloud/services/obs/resource_opentelekomcloud_obs_bucket.go @@ -1424,7 +1424,11 @@ type WebsiteRoutingRule struct { } func resourceObsBucketEncryptionUpdate(client *obs.ObsClient, d *schema.ResourceData) error { - if d.Get("server_side_encryption.#") == 0 { + if d.Get("server_side_encryption.#") == 0 && !d.IsNewResource() { + _, err := client.DeleteBucketEncryption(d.Id()) + if err != nil { + return fmt.Errorf("failed to disable default encryption of OBS bucket %s", d.Id()) + } return nil } _, err := client.SetBucketEncryption(&obs.SetBucketEncryptionInput{ diff --git a/releasenotes/notes/obs_kms_fix-85ca84ef660a3b07.yaml b/releasenotes/notes/obs_kms_fix-85ca84ef660a3b07.yaml new file mode 100644 index 000000000..3f8146d21 --- /dev/null +++ b/releasenotes/notes/obs_kms_fix-85ca84ef660a3b07.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + **[OBS]** Fix encryption disable for ``resource/opentelekomcloud_obs_bucket`` (`# `_) From 198fae750a41b8e7e4733e7ee59282f55b112dd8 Mon Sep 17 00:00:00 2001 From: Artem Lifshits <55093318+artem-lifshits@users.noreply.github.com> Date: Thu, 19 Dec 2024 11:28:19 +0100 Subject: [PATCH 2/2] Update obs_kms_fix-85ca84ef660a3b07.yaml --- releasenotes/notes/obs_kms_fix-85ca84ef660a3b07.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releasenotes/notes/obs_kms_fix-85ca84ef660a3b07.yaml b/releasenotes/notes/obs_kms_fix-85ca84ef660a3b07.yaml index 3f8146d21..d8d95bfce 100644 --- a/releasenotes/notes/obs_kms_fix-85ca84ef660a3b07.yaml +++ b/releasenotes/notes/obs_kms_fix-85ca84ef660a3b07.yaml @@ -1,4 +1,4 @@ --- fixes: - | - **[OBS]** Fix encryption disable for ``resource/opentelekomcloud_obs_bucket`` (`# `_) + **[OBS]** Fix encryption disable for ``resource/opentelekomcloud_obs_bucket`` (`#2771 `_)