From 46a710bd8a3f32a876a129590535827b6aa1da9e Mon Sep 17 00:00:00 2001
From: John Julien <john@julienfamily.com>
Date: Mon, 22 Jul 2019 15:51:53 -0500
Subject: [PATCH] Allow S3 objects to use etag and SSE-S3 encryption

---
 aws/resource_aws_s3_bucket_object.go      |  2 +-
 aws/resource_aws_s3_bucket_object_test.go | 40 +++++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/aws/resource_aws_s3_bucket_object.go b/aws/resource_aws_s3_bucket_object.go
index b569c876b6e8..b67795d2299f 100644
--- a/aws/resource_aws_s3_bucket_object.go
+++ b/aws/resource_aws_s3_bucket_object.go
@@ -139,7 +139,7 @@ func resourceAwsS3BucketObject() *schema.Resource {
 				// See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html
 				Optional:      true,
 				Computed:      true,
-				ConflictsWith: []string{"kms_key_id", "server_side_encryption"},
+				ConflictsWith: []string{"kms_key_id"},
 			},
 
 			"version_id": {
diff --git a/aws/resource_aws_s3_bucket_object_test.go b/aws/resource_aws_s3_bucket_object_test.go
index 47d2c8217e12..51cde29f5d7c 100644
--- a/aws/resource_aws_s3_bucket_object_test.go
+++ b/aws/resource_aws_s3_bucket_object_test.go
@@ -223,6 +223,30 @@ func TestAccAWSS3BucketObject_content(t *testing.T) {
 	})
 }
 
+func TestAccAWSS3BucketObject_etagEncryption(t *testing.T) {
+	var obj s3.GetObjectOutput
+	resourceName := "aws_s3_bucket_object.object"
+	rInt := acctest.RandInt()
+	source := testAccAWSS3BucketObjectCreateTempFile(t, "{anything will do }")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSS3BucketObjectDestroy,
+		Steps: []resource.TestStep{
+			{
+				PreConfig: func() {},
+				Config:    testAccAWSS3BucketObjectEtagEncryption(rInt, source),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSS3BucketObjectExists(resourceName, &obj),
+					testAccCheckAWSS3BucketObjectBody(&obj, "{anything will do }"),
+					resource.TestCheckResourceAttr(resourceName, "etag", "7b006ff4d70f68cc65061acf2f802e6f"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSS3BucketObject_contentBase64(t *testing.T) {
 	var obj s3.GetObjectOutput
 	resourceName := "aws_s3_bucket_object.object"
@@ -880,6 +904,22 @@ resource "aws_s3_bucket_object" "object" {
 `, randInt, content)
 }
 
+func testAccAWSS3BucketObjectEtagEncryption(randInt int, source string) string {
+	return fmt.Sprintf(`
+resource "aws_s3_bucket" "object_bucket" {
+  bucket = "tf-object-test-bucket-%d"
+}
+
+resource "aws_s3_bucket_object" "object" {
+  bucket  = "${aws_s3_bucket.object_bucket.bucket}"
+  key     = "test-key"
+  source = "%s"
+  server_side_encryption = "AES256"
+  etag = "${filemd5("%s")}"
+}
+`, randInt, source, source)
+}
+
 func testAccAWSS3BucketObjectConfigContentBase64(randInt int, contentBase64 string) string {
 	return fmt.Sprintf(`
 resource "aws_s3_bucket" "object_bucket" {