From 8aadf1d56d2cbc79f0a60255e7acce7f832474c2 Mon Sep 17 00:00:00 2001
From: Brandon Siegel <brandon.siegel@mobiledefense.com>
Date: Tue, 8 Mar 2016 16:48:04 -0500
Subject: [PATCH 1/5] Add storage_encrypted as an optional parameter to
 aws_rds_cluster

---
 builtin/providers/aws/resource_aws_rds_cluster.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_rds_cluster.go b/builtin/providers/aws/resource_aws_rds_cluster.go
index 45f3531e2ae5..482da052f3a1 100644
--- a/builtin/providers/aws/resource_aws_rds_cluster.go
+++ b/builtin/providers/aws/resource_aws_rds_cluster.go
@@ -71,6 +71,12 @@ func resourceAwsRDSCluster() *schema.Resource {
 				Computed: true,
 			},
 
+			"storage_encrypted": &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+				ForceNew: true,
+			},
+
 			"final_snapshot_identifier": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
@@ -167,6 +173,7 @@ func resourceAwsRDSClusterCreate(d *schema.ResourceData, meta interface{}) error
 		Engine:              aws.String("aurora"),
 		MasterUserPassword:  aws.String(d.Get("master_password").(string)),
 		MasterUsername:      aws.String(d.Get("master_username").(string)),
+		StorageEncrypted:    aws.Bool(d.Get("storage_encrypted").(bool)),
 	}
 
 	if v := d.Get("database_name"); v.(string) != "" {
@@ -276,6 +283,7 @@ func resourceAwsRDSClusterRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("engine", dbc.Engine)
 	d.Set("master_username", dbc.MasterUsername)
 	d.Set("port", dbc.Port)
+	d.Set("storage_encrypted", dbc.StorageEncrypted)
 	d.Set("backup_retention_period", dbc.BackupRetentionPeriod)
 	d.Set("preferred_backup_window", dbc.PreferredBackupWindow)
 	d.Set("preferred_maintenance_window", dbc.PreferredMaintenanceWindow)

From 8a60c68c8ccebd732104538705b4a06274acb7ff Mon Sep 17 00:00:00 2001
From: Brandon Siegel <brandon.siegel@mobiledefense.com>
Date: Tue, 8 Mar 2016 16:51:16 -0500
Subject: [PATCH 2/5] Update rds_cluster.html.markdown

Add documentation around the `storage_encrypted` parameter
---
 website/source/docs/providers/aws/r/rds_cluster.html.markdown | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/website/source/docs/providers/aws/r/rds_cluster.html.markdown b/website/source/docs/providers/aws/r/rds_cluster.html.markdown
index cd843a16ebab..5d3c5c98b7f1 100644
--- a/website/source/docs/providers/aws/r/rds_cluster.html.markdown
+++ b/website/source/docs/providers/aws/r/rds_cluster.html.markdown
@@ -71,6 +71,7 @@ Default: A 30-minute window selected at random from an 8-hour block of time per
 * `port` - (Optional) The port on which the DB accepts connections
 * `vpc_security_group_ids` - (Optional) List of VPC security groups to associate
   with the Cluster
+* `storage_encrypted` - (Optional) Specifies whether the DB cluster is encrypted. The default is `false` if not specified.
 * `apply_immediately` - (Optional) Specifies whether any cluster modifications
      are applied immediately, or during the next maintenance window. Default is
      `false`. See [Amazon RDS Documentation for more information.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html)
@@ -97,7 +98,7 @@ The following attributes are exported:
 * `port` - The database port
 * `status` - The RDS instance status
 * `username` - The master username for the database
-* `storage_encrypted` - Specifies whether the DB instance is encrypted
+* `storage_encrypted` - Specifies whether the DB cluster is encrypted
 * `preferred_backup_window` - The daily time range during which the backups happen
 
 [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html

From b3864db46267c9cd49d342a8be4a74fc6bc78072 Mon Sep 17 00:00:00 2001
From: Brandon Siegel <brandon.siegel@mobiledefense.com>
Date: Tue, 8 Mar 2016 17:15:01 -0500
Subject: [PATCH 3/5] fixup! Add storage_encrypted as an optional parameter to
 aws_rds_cluster

---
 builtin/providers/aws/resource_aws_rds_cluster.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/builtin/providers/aws/resource_aws_rds_cluster.go b/builtin/providers/aws/resource_aws_rds_cluster.go
index 482da052f3a1..190b3e275c04 100644
--- a/builtin/providers/aws/resource_aws_rds_cluster.go
+++ b/builtin/providers/aws/resource_aws_rds_cluster.go
@@ -74,6 +74,7 @@ func resourceAwsRDSCluster() *schema.Resource {
 			"storage_encrypted": &schema.Schema{
 				Type:     schema.TypeBool,
 				Optional: true,
+				Default:  false,
 				ForceNew: true,
 			},
 

From 0085bf6ae8247bf5c7628b2be4b80c50278381f1 Mon Sep 17 00:00:00 2001
From: Brandon Siegel <brandon.siegel@mobiledefense.com>
Date: Tue, 8 Mar 2016 17:28:32 -0500
Subject: [PATCH 4/5] Ensure aws_rds_cluster has storage_encrypted set to false
 by default

---
 builtin/providers/aws/resource_aws_rds_cluster_test.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_rds_cluster_test.go b/builtin/providers/aws/resource_aws_rds_cluster_test.go
index 99693e7e26d9..24440e2248e2 100644
--- a/builtin/providers/aws/resource_aws_rds_cluster_test.go
+++ b/builtin/providers/aws/resource_aws_rds_cluster_test.go
@@ -29,6 +29,8 @@ func TestAccAWSRDSCluster_basic(t *testing.T) {
 				Config: config,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSClusterExists("aws_rds_cluster.default", &v),
+					resource.TestCheckResourceAttr(
+						"aws_rds_cluster.default", "storage_encrypted", "false"),
 				),
 			},
 		},

From fc7e9fcd53485e31e473f83ef0a0758059bb0443 Mon Sep 17 00:00:00 2001
From: Brandon Siegel <brandon.siegel@mobiledefense.com>
Date: Tue, 8 Mar 2016 17:28:44 -0500
Subject: [PATCH 5/5] Ensure aws_rds_cluster can have storage_encrypted set to
 true

---
 .../aws/resource_aws_rds_cluster_test.go      | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_rds_cluster_test.go b/builtin/providers/aws/resource_aws_rds_cluster_test.go
index 24440e2248e2..616861206c13 100644
--- a/builtin/providers/aws/resource_aws_rds_cluster_test.go
+++ b/builtin/providers/aws/resource_aws_rds_cluster_test.go
@@ -37,6 +37,29 @@ func TestAccAWSRDSCluster_basic(t *testing.T) {
 	})
 }
 
+func TestAccAWSRDSCluster_encrypted(t *testing.T) {
+	var v rds.DBCluster
+
+	ri := rand.New(rand.NewSource(time.Now().UnixNano())).Int()
+	encConfig := fmt.Sprintf(testAccAWSClusterConfig_encrypted, ri)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSClusterDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: encConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSClusterExists("aws_rds_cluster.default", &v),
+					resource.TestCheckResourceAttr(
+						"aws_rds_cluster.default", "storage_encrypted", "true"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSRDSCluster_backupsUpdate(t *testing.T) {
 	var v rds.DBCluster
 
@@ -152,6 +175,16 @@ resource "aws_rds_cluster" "default" {
   master_password = "mustbeeightcharaters"
 }`
 
+var testAccAWSClusterConfig_encrypted = `
+resource "aws_rds_cluster" "default" {
+  cluster_identifier = "tf-aurora-cluster-%d"
+  availability_zones = ["us-west-2a","us-west-2b","us-west-2c"]
+  database_name = "mydb"
+  master_username = "foo"
+  master_password = "mustbeeightcharaters"
+  storage_encrypted = true
+}`
+
 var testAccAWSClusterConfig_backups = `
 resource "aws_rds_cluster" "default" {
   cluster_identifier = "tf-aurora-cluster-%d"