Merge 4619435f1d into ba5c4ac5e3

2026-02-03 20:50:59 -05:00 · 2026-02-03 17:52:01 +00:00 · 2026-02-03 17:52:01 +00:00 · 06a8f8d279
commit 06a8f8d279
parent ba5c4ac5e3 4619435f1d
3 changed files with 24 additions and 1 deletions
--- a/.changes/v1.12/ENHANCEMENTS-20250320-120304.yaml
+++ b/.changes/v1.12/ENHANCEMENTS-20250320-120304.yaml
@ -0,0 +1,5 @@
+kind: ENHANCEMENTS
+body: Optional skipping of the validation of the KMS key ID in the S3 backends.
+time: 2025-03-20T12:03:04.152186-03:00
+custom:
+    Issue: "36730"
--- a/internal/backend/remote-state/s3/backend.go
+++ b/internal/backend/remote-state/s3/backend.go
@ -49,6 +49,7 @@ type Backend struct {
 	useLockFile           bool
 	workspaceKeyPrefix    string
 	skipS3Checksum        bool
+	skipKmsKeyIdValidation bool
 }

 // ConfigSchema returns a description of the expected configuration
@ -215,6 +216,11 @@ func (b *Backend) ConfigSchema() *configschema.Block {
 				Optional:    true,
 				Description: "Do not include checksum when uploading S3 Objects. Useful for some S3-Compatible APIs.",
 			},
+			"skip_kms_key_id_validation": {
+				Type:        cty.Bool,
+				Optional:    false,
+				Description: "Skip the KMS key ID validation.",
+			},
 			"sse_customer_key": {
 				Type:        cty.String,
 				Optional:    true,
@ -660,7 +666,10 @@ func (b *Backend) PrepareConfig(obj cty.Value) (cty.Value, tfdiags.Diagnostics)
 				validateStringKMSKey,
 			},
 		}
-		kmsKeyIDValidators.ValidateAttr(val, attrPath, &diags)
+				
+		if !b.skipKmsKeyIdValidation {
+			kmsKeyIDValidators.ValidateAttr(val, attrPath, &diags)
+		}
 	}

 	attrPath = cty.GetAttrPath("workspace_key_prefix")
@ -837,6 +846,7 @@ func (b *Backend) Configure(obj cty.Value) tfdiags.Diagnostics {
 	b.ddbTable = stringAttr(obj, "dynamodb_table")
 	b.useLockFile = boolAttr(obj, "use_lockfile")
 	b.skipS3Checksum = boolAttr(obj, "skip_s3_checksum")
+	b.skipKmsKeyIdValidation = boolAttr(obj, "skip_kms_key_id_validation")

 	if _, ok := stringAttrOk(obj, "kms_key_id"); ok {
 		if customerKey := os.Getenv("AWS_SSE_CUSTOMER_KEY"); customerKey != "" {
--- a/internal/backend/remote-state/s3/backend_test.go
+++ b/internal/backend/remote-state/s3/backend_test.go
@ -2476,6 +2476,14 @@ func TestBackendConfigKmsKeyId(t *testing.T) {
 				),
 			},
 		},
+
+		"skip-validation": {
+			config: map[string]any{
+				"kms_key_id": "not-an-arn",
+				"skip_kms_key_id_validation" : True,
+			},
+			expectedKeyId: "not-an-arn",
+		},
 	}

 	for name, tc := range testCases {