From dae4887379d25895889203f8291c8e9e87ec7df1 Mon Sep 17 00:00:00 2001
From: Julius Adamek <julius.adamek@adesso.de>
Date: Mon, 13 Jun 2022 12:42:13 +0200
Subject: [PATCH 1/2] fix: set kms key on aws_s3_object when encryption is
 enabled

---
 modules/runner-binaries-syncer/runner-binaries-syncer.tf | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/modules/runner-binaries-syncer/runner-binaries-syncer.tf b/modules/runner-binaries-syncer/runner-binaries-syncer.tf
index af82c29e2f..00bba217d5 100644
--- a/modules/runner-binaries-syncer/runner-binaries-syncer.tf
+++ b/modules/runner-binaries-syncer/runner-binaries-syncer.tf
@@ -134,10 +134,11 @@ resource "aws_lambda_permission" "syncer" {
 ###################################################################################
 
 resource "aws_s3_object" "trigger" {
-  bucket = aws_s3_bucket.action_dist.id
-  key    = "triggers/${aws_lambda_function.syncer.id}-trigger.json"
-  source = "${path.module}/trigger.json"
-  etag   = filemd5("${path.module}/trigger.json")
+  bucket     = aws_s3_bucket.action_dist.id
+  key        = "triggers/${aws_lambda_function.syncer.id}-trigger.json"
+  source     = "${path.module}/trigger.json"
+  etag       = lookup(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default, "kms_master_key_id", null) == null ? filemd5("${path.module}/trigger.json") : null
+  kms_key_id = lookup(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default, "kms_master_key_id", null)
 
   depends_on = [aws_s3_bucket_notification.on_deploy]
 }

From 856e0dffd94f06feb729446d48f44a85b4da5ccb Mon Sep 17 00:00:00 2001
From: Julius Adamek <9818404+julada@users.noreply.github.com>
Date: Tue, 14 Jun 2022 15:41:40 +0200
Subject: [PATCH 2/2] Apply suggestions from code review

use try instead lookup to check if sse is enabled

Co-authored-by: Niek Palm <npalm@users.noreply.github.com>
---
 modules/runner-binaries-syncer/runner-binaries-syncer.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/runner-binaries-syncer/runner-binaries-syncer.tf b/modules/runner-binaries-syncer/runner-binaries-syncer.tf
index 00bba217d5..b0eab9f70b 100644
--- a/modules/runner-binaries-syncer/runner-binaries-syncer.tf
+++ b/modules/runner-binaries-syncer/runner-binaries-syncer.tf
@@ -137,8 +137,8 @@ resource "aws_s3_object" "trigger" {
   bucket     = aws_s3_bucket.action_dist.id
   key        = "triggers/${aws_lambda_function.syncer.id}-trigger.json"
   source     = "${path.module}/trigger.json"
-  etag       = lookup(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default, "kms_master_key_id", null) == null ? filemd5("${path.module}/trigger.json") : null
-  kms_key_id = lookup(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default, "kms_master_key_id", null)
+  etag       = try(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default.kms_master_key_id, null) == null ? filemd5("${path.module}/trigger.json") : null
+  kms_key_id = try(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default.kms_master_key_id, null)
 
   depends_on = [aws_s3_bucket_notification.on_deploy]
 }