diff --git a/.changelog/32171.txt b/.changelog/32171.txt new file mode 100644 index 000000000000..bd2d89cdd7b5 --- /dev/null +++ b/.changelog/32171.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_storagegateway_smb_file_share: Fix update error when `kms_encrypted` is `true` but `kms_key_arn` is not sent in the request +``` \ No newline at end of file diff --git a/internal/service/storagegateway/smb_file_share.go b/internal/service/storagegateway/smb_file_share.go index fe92065db52f..7fc92b9817c2 100644 --- a/internal/service/storagegateway/smb_file_share.go +++ b/internal/service/storagegateway/smb_file_share.go @@ -402,6 +402,8 @@ func resourceSMBFileShareUpdate(ctx context.Context, d *schema.ResourceData, met // This value can only be set when KMSEncrypted is true. if d.HasChange("kms_key_arn") && d.Get("kms_encrypted").(bool) { input.KMSKey = aws.String(d.Get("kms_key_arn").(string)) + } else if d.Get("kms_encrypted").(bool) && d.Get("kms_key_arn").(string) != "" { + input.KMSKey = aws.String(d.Get("kms_key_arn").(string)) } if d.HasChange("notification_policy") { diff --git a/internal/service/storagegateway/smb_file_share_test.go b/internal/service/storagegateway/smb_file_share_test.go index af56abe1858b..7fa20814a7dd 100644 --- a/internal/service/storagegateway/smb_file_share_test.go +++ b/internal/service/storagegateway/smb_file_share_test.go @@ -237,6 +237,38 @@ func TestAccStorageGatewaySMBFileShare_defaultStorageClass(t *testing.T) { }) } +func TestAccStorageGatewaySMBFileShare_encryptedUpdate(t *testing.T) { + ctx := acctest.Context(t) + var smbFileShare storagegateway.SMBFileShareInfo + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_storagegateway_smb_file_share.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, storagegateway.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckSMBFileShareDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccSMBFileShareConfig_encryptedUpdate(rName, false), + Check: resource.ComposeTestCheckFunc( + testAccCheckSMBFileShareExists(ctx, resourceName, &smbFileShare), + resource.TestCheckResourceAttr(resourceName, "read_only", "false"), + resource.TestCheckResourceAttr(resourceName, "kms_encrypted", "true"), + ), + }, + { + Config: testAccSMBFileShareConfig_encryptedUpdate(rName, true), + Check: resource.ComposeTestCheckFunc( + testAccCheckSMBFileShareExists(ctx, resourceName, &smbFileShare), + resource.TestCheckResourceAttr(resourceName, "read_only", "true"), + resource.TestCheckResourceAttr(resourceName, "kms_encrypted", "true"), + ), + }, + }, + }) +} + func TestAccStorageGatewaySMBFileShare_fileShareName(t *testing.T) { ctx := acctest.Context(t) var smbFileShare storagegateway.SMBFileShareInfo @@ -1117,6 +1149,26 @@ resource "aws_storagegateway_smb_file_share" "test" { `, defaultStorageClass)) } +func testAccSMBFileShareConfig_encryptedUpdate(rName string, readOnly bool) string { + return acctest.ConfigCompose(testAcc_SMBFileShare_GuestAccessBase(rName), fmt.Sprintf(` +resource "aws_kms_key" "test" { + deletion_window_in_days = 7 + description = "Terraform Acceptance Testing" +} + +resource "aws_storagegateway_smb_file_share" "test" { + # Use GuestAccess to simplify testing + authentication = "GuestAccess" + gateway_arn = aws_storagegateway_gateway.test.arn + kms_encrypted = true + kms_key_arn = aws_kms_key.test.arn + location_arn = aws_s3_bucket.test.arn + role_arn = aws_iam_role.test.arn + read_only = %[1]t +} +`, readOnly)) +} + func testAccSMBFileShareConfig_name(rName, fileShareName string) string { return acctest.ConfigCompose(testAcc_SMBFileShare_GuestAccessBase(rName), fmt.Sprintf(` resource "aws_storagegateway_smb_file_share" "test" {