fix encryption

opentelekomcloud · Dec 19, 2024 · bb199bf · bb199bf
1 parent 4a2d3a8
commit bb199bf
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 62 deletions.
diff --git a/opentelekomcloud/acceptance/obs/resource_opentelekomcloud_obs_bucket_test.go b/opentelekomcloud/acceptance/obs/resource_opentelekomcloud_obs_bucket_test.go
@@ -8,8 +8,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
-	"github.com/opentelekomcloud/gophertelekomcloud/acceptance/tools"
-	"github.com/opentelekomcloud/gophertelekomcloud/openstack/obs"
 	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/common"
 	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/env"
 	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/cfg"
@@ -38,19 +36,23 @@ func TestAccObsBucket_basic(t *testing.T) {
 			{
 				Config: testAccObsBucketUpdate(rInt),
 				Check: resource.ComposeTestCheckFunc(testAccCheckObsBucketExists(resourceName),
-					testUploadObjectToObsBucket(rInt),
 					resource.TestCheckResourceAttr(resourceName, "acl", "public-read"),
 					resource.TestCheckResourceAttr(resourceName, "storage_class", "WARM"),
 				),
 			},
 			{
 				Config: testAccObsBucketSSE(rInt),
 				Check: resource.ComposeTestCheckFunc(testAccCheckObsBucketExists(resourceName),
-					testUploadDeleteObjectObsBucket(rInt),
 					resource.TestCheckResourceAttr(resourceName, "server_side_encryption.0.kms_key_id", env.OS_KMS_ID),
 					resource.TestCheckResourceAttr(resourceName, "server_side_encryption.0.algorithm", "kms"),
 				),
 			},
+			{
+				Config: testAccObsBucketUpdate(rInt),
+				Check: resource.ComposeTestCheckFunc(testAccCheckObsBucketExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "server_side_encryption.#", "0"),
+				),
+			},
 		},
 	})
 }
@@ -351,63 +353,6 @@ func testAccCheckObsBucketExists(n string) resource.TestCheckFunc {
 	}
 }
 
-func testUploadObjectToObsBucket(obsNumber int) resource.TestCheckFunc {
-	return func(s *terraform.State) error {
-		config := common.TestAccProvider.Meta().(*cfg.Config)
-		client, err := config.NewObjectStorageClient(env.OS_REGION_NAME)
-		if err != nil {
-			return fmt.Errorf("error creating OpenTelekomCloud OBS client: %s", err)
-		}
-
-		objectName := tools.RandomString("test-obs-", 5)
-
-		_, err = client.PutObject(&obs.PutObjectInput{
-			PutObjectBasicInput: obs.PutObjectBasicInput{
-				ObjectOperationInput: obs.ObjectOperationInput{
-					Bucket: fmt.Sprintf("tf-test-bucket-%d", obsNumber),
-					Key:    objectName,
-				},
-			},
-		})
-		if err != nil {
-			return fmt.Errorf("error uploading object to OBS bucket: %s", err)
-		}
-		return nil
-	}
-}
-
-func testUploadDeleteObjectObsBucket(obsNumber int) resource.TestCheckFunc {
-	return func(s *terraform.State) error {
-		config := common.TestAccProvider.Meta().(*cfg.Config)
-		client, err := config.NewObjectStorageClient(env.OS_REGION_NAME)
-		if err != nil {
-			return fmt.Errorf("error creating OpenTelekomCloud OBS client: %s", err)
-		}
-
-		objectName := tools.RandomString("test-obs-", 5)
-
-		_, err = client.PutObject(&obs.PutObjectInput{
-			PutObjectBasicInput: obs.PutObjectBasicInput{
-				ObjectOperationInput: obs.ObjectOperationInput{
-					Bucket: fmt.Sprintf("tf-test-bucket-%d", obsNumber),
-					Key:    objectName,
-				},
-			},
-		})
-		if err != nil {
-			return fmt.Errorf("error uploading object to OBS bucket: %s", err)
-		}
-		_, err = client.DeleteObject(&obs.DeleteObjectInput{
-			Bucket: fmt.Sprintf("tf-test-bucket-%d", obsNumber),
-			Key:    objectName,
-		})
-		if err != nil {
-			return fmt.Errorf("error deleting object from OBS bucket: %s", err)
-		}
-		return nil
-	}
-}
-
 func testAccCheckObsBucketLogging(name, target, prefix string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[name]

diff --git a/opentelekomcloud/services/obs/resource_opentelekomcloud_obs_bucket.go b/opentelekomcloud/services/obs/resource_opentelekomcloud_obs_bucket.go
@@ -1424,7 +1424,11 @@ type WebsiteRoutingRule struct {
 }
 
 func resourceObsBucketEncryptionUpdate(client *obs.ObsClient, d *schema.ResourceData) error {
-	if d.Get("server_side_encryption.#") == 0 {
+	if d.Get("server_side_encryption.#") == 0 && !d.IsNewResource() {
+		_, err := client.DeleteBucketEncryption(d.Id())
+		if err != nil {
+			return fmt.Errorf("failed to disable default encryption of OBS bucket %s", d.Id())
+		}
 		return nil
 	}
 	_, err := client.SetBucketEncryption(&obs.SetBucketEncryptionInput{

diff --git a/releasenotes/notes/obs_kms_fix-85ca84ef660a3b07.yaml b/releasenotes/notes/obs_kms_fix-85ca84ef660a3b07.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    **[OBS]** Fix encryption disable for ``resource/opentelekomcloud_obs_bucket`` (`# <https://github.com/opentelekomcloud/terraform-provider-opentelekomcloud/pull/>`_)