Merge pull request #32171 from hashicorp/b-storagegateway_smb_file_sh…

…are_update aws_storagegateway_smb_file_share: Set `kms_key_arn` when `kms_encrypted` is `true`
hashicorp · Jun 22, 2023 · 36eca54 · 36eca54
2 parents 4680521 + 64dd57f
commit 36eca54
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 0 deletions.
diff --git a/.changelog/32171.txt b/.changelog/32171.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_storagegateway_smb_file_share: Fix update error when `kms_encrypted` is `true` but `kms_key_arn` is not sent in the request
+```
diff --git a/internal/service/storagegateway/smb_file_share.go b/internal/service/storagegateway/smb_file_share.go
@@ -402,6 +402,8 @@ func resourceSMBFileShareUpdate(ctx context.Context, d *schema.ResourceData, met
 		// This value can only be set when KMSEncrypted is true.
 		if d.HasChange("kms_key_arn") && d.Get("kms_encrypted").(bool) {
 			input.KMSKey = aws.String(d.Get("kms_key_arn").(string))
+		} else if d.Get("kms_encrypted").(bool) && d.Get("kms_key_arn").(string) != "" {
+			input.KMSKey = aws.String(d.Get("kms_key_arn").(string))
 		}
 
 		if d.HasChange("notification_policy") {

diff --git a/internal/service/storagegateway/smb_file_share_test.go b/internal/service/storagegateway/smb_file_share_test.go
@@ -237,6 +237,38 @@ func TestAccStorageGatewaySMBFileShare_defaultStorageClass(t *testing.T) {
 	})
 }
 
+func TestAccStorageGatewaySMBFileShare_encryptedUpdate(t *testing.T) {
+	ctx := acctest.Context(t)
+	var smbFileShare storagegateway.SMBFileShareInfo
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_storagegateway_smb_file_share.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, storagegateway.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckSMBFileShareDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSMBFileShareConfig_encryptedUpdate(rName, false),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckSMBFileShareExists(ctx, resourceName, &smbFileShare),
+					resource.TestCheckResourceAttr(resourceName, "read_only", "false"),
+					resource.TestCheckResourceAttr(resourceName, "kms_encrypted", "true"),
+				),
+			},
+			{
+				Config: testAccSMBFileShareConfig_encryptedUpdate(rName, true),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckSMBFileShareExists(ctx, resourceName, &smbFileShare),
+					resource.TestCheckResourceAttr(resourceName, "read_only", "true"),
+					resource.TestCheckResourceAttr(resourceName, "kms_encrypted", "true"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccStorageGatewaySMBFileShare_fileShareName(t *testing.T) {
 	ctx := acctest.Context(t)
 	var smbFileShare storagegateway.SMBFileShareInfo
@@ -1117,6 +1149,26 @@ resource "aws_storagegateway_smb_file_share" "test" {
 `, defaultStorageClass))
 }
 
+func testAccSMBFileShareConfig_encryptedUpdate(rName string, readOnly bool) string {
+	return acctest.ConfigCompose(testAcc_SMBFileShare_GuestAccessBase(rName), fmt.Sprintf(`
+resource "aws_kms_key" "test" {
+  deletion_window_in_days = 7
+  description             = "Terraform Acceptance Testing"
+}
+
+resource "aws_storagegateway_smb_file_share" "test" {
+  # Use GuestAccess to simplify testing
+  authentication = "GuestAccess"
+  gateway_arn    = aws_storagegateway_gateway.test.arn
+  kms_encrypted  = true
+  kms_key_arn    = aws_kms_key.test.arn
+  location_arn   = aws_s3_bucket.test.arn
+  role_arn       = aws_iam_role.test.arn
+  read_only      = %[1]t
+}
+`, readOnly))
+}
+
 func testAccSMBFileShareConfig_name(rName, fileShareName string) string {
 	return acctest.ConfigCompose(testAcc_SMBFileShare_GuestAccessBase(rName), fmt.Sprintf(`
 resource "aws_storagegateway_smb_file_share" "test" {