From b4dc70610b085a8a4a0f25faf9e9637a56887762 Mon Sep 17 00:00:00 2001
From: Julius Adamek <9818404+julada@users.noreply.github.com>
Date: Tue, 14 Jun 2022 15:54:25 +0200
Subject: [PATCH] fix: set kms key on aws_s3_object when encryption is enabled
 (#2147)

* fix: set kms key on aws_s3_object when encryption is enabled

* Apply suggestions from code review

use try instead lookup to check if sse is enabled

Co-authored-by: Niek Palm <npalm@users.noreply.github.com>

Co-authored-by: Niek Palm <npalm@users.noreply.github.com>
---
 modules/runner-binaries-syncer/runner-binaries-syncer.tf | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/modules/runner-binaries-syncer/runner-binaries-syncer.tf b/modules/runner-binaries-syncer/runner-binaries-syncer.tf
index 956d5add73..b6d091de09 100644
--- a/modules/runner-binaries-syncer/runner-binaries-syncer.tf
+++ b/modules/runner-binaries-syncer/runner-binaries-syncer.tf
@@ -134,10 +134,11 @@ resource "aws_lambda_permission" "syncer" {
 ###################################################################################
 
 resource "aws_s3_object" "trigger" {
-  bucket = aws_s3_bucket.action_dist.id
-  key    = "triggers/${aws_lambda_function.syncer.id}-trigger.json"
-  source = "${path.module}/trigger.json"
-  etag   = filemd5("${path.module}/trigger.json")
+  bucket     = aws_s3_bucket.action_dist.id
+  key        = "triggers/${aws_lambda_function.syncer.id}-trigger.json"
+  source     = "${path.module}/trigger.json"
+  etag       = try(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default.kms_master_key_id, null) == null ? filemd5("${path.module}/trigger.json") : null
+  kms_key_id = try(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default.kms_master_key_id, null)
 
   depends_on = [aws_s3_bucket_notification.on_deploy]
 }