From 4c2fe297a5dcac47867b78f49202f740857a726c Mon Sep 17 00:00:00 2001
From: trung <trung.n.k@gmail.com>
Date: Wed, 15 Nov 2017 22:18:01 -0500
Subject: [PATCH] #2217: added acceptance test for basic case

---
 aws/data_source_aws_s3_bucket.go      | 19 +++++++++++++++----
 aws/data_source_aws_s3_bucket_test.go | 21 +++++++++++++++++++++
 2 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/aws/data_source_aws_s3_bucket.go b/aws/data_source_aws_s3_bucket.go
index bd30098cbb66..433ac32ef40c 100644
--- a/aws/data_source_aws_s3_bucket.go
+++ b/aws/data_source_aws_s3_bucket.go
@@ -19,19 +19,23 @@ func dataSourceAwsS3Bucket() *schema.Resource {
 				Required: true,
 			},
 			"server_side_encryption_configuration": {
-				Type:     schema.TypeSet,
+				Type:     schema.TypeList,
 				MaxItems: 1,
 				Computed: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"enabled": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
 						"rule": {
-							Type:     schema.TypeSet,
+							Type:     schema.TypeList,
 							MaxItems: 1,
 							Computed: true,
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"apply_server_side_encryption_by_default": {
-										Type:     schema.TypeSet,
+										Type:     schema.TypeList,
 										MaxItems: 1,
 										Computed: true,
 										Elem: &schema.Resource{
@@ -119,7 +123,13 @@ func bucketEncryption(data *schema.ResourceData, bucket string, conn *s3.S3) err
 	output, err := conn.GetBucketEncryption(input)
 	if err != nil {
 		if isAWSErr(err, "ServerSideEncryptionConfigurationNotFoundError", "encryption configuration was not found") {
-
+			log.Printf("[DEBUG] Default encryption is not enabled for %s", bucket)
+			data.Set("server_side_encryption_configuration", []map[string]interface{}{
+				{
+					"enabled": false,
+				},
+			})
+			return nil
 		} else {
 			return err
 		}
@@ -133,6 +143,7 @@ func bucketEncryption(data *schema.ResourceData, bucket string, conn *s3.S3) err
 	defaultRule[0]["sse_algorithm"] = aws.StringValue(defaultRuleConfiguration.SSEAlgorithm)
 
 	encryptionConfiguration := make([]map[string]interface{}, 1)
+	encryptionConfiguration[0]["enabled"] = true
 	encryptionConfiguration[0]["rule"] = make([]map[string]interface{}, 1)
 	encryptionConfiguration[0]["rule"].(map[string]interface{})["apply_server_side_encryption_by_default"] = defaultRule
 
diff --git a/aws/data_source_aws_s3_bucket_test.go b/aws/data_source_aws_s3_bucket_test.go
index 9acc9a240510..11da5c45c096 100644
--- a/aws/data_source_aws_s3_bucket_test.go
+++ b/aws/data_source_aws_s3_bucket_test.go
@@ -56,6 +56,27 @@ func TestAccDataSourceS3Bucket_website(t *testing.T) {
 	})
 }
 
+func TestAccDataSourceS3Bucket_whenDefaultEncryptionNotEnabled(t *testing.T) {
+	rInt := acctest.RandInt()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSDataSourceS3BucketConfig_basic(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSS3BucketExists("data.aws_s3_bucket.bucket"),
+					resource.TestCheckResourceAttr(
+						"data.aws_s3_bucket.bucket", "server_side_encryption_configuration.0.enabled", "false"),
+					resource.TestCheckResourceAttr(
+						"data.aws_s3_bucket.bucket", "server_side_encryption_configuration.0.rule.#", "0"),
+				),
+			},
+		},
+	})
+}
+
 func testAccAWSDataSourceS3BucketConfig_basic(randInt int) string {
 	return fmt.Sprintf(`
 resource "aws_s3_bucket" "bucket" {