fixup updateEncryption account flag

Author: BourgoisMickael

lib/api/apiUtils/bucket/updateEncryption.js

@@ -26,7 +26,7 @@ function updateBucketEncryption(bucket, log, cb) {
     }
     log.debug('trying to update bucket encryption', { oldKey: masterKey || configuredKey });
     // this should trigger vault account key update as well
-    return kms.createBucketKey(bucket, log, (err, key) => {
+    return kms.createBucketKey(bucket, log, (err, newSse) => {
         if (err) {
             return cb(err, bucket);
         }
@@ -36,13 +36,21 @@ function updateBucketEncryption(bucket, log, cb) {
         // will break and the same KMS key will continue to be used.
         // And the key is managed (created) by Scality, not passed from input.
         if (updateMaster) {
-            sse.masterKeyId = key.masterKeyArn;
+            sse.masterKeyId = newSse.masterKeyArn;
         }
         if (updateConfigured) {
-            sse.configuredMasterKeyId = key.masterKeyArn;
+            sse.configuredMasterKeyId = newSse.masterKeyArn;
+        }
+        // KMS account key will not be deleted when bucket is deleted
+        if (newSse.isAccountEncryptionEnabled) {
+            sse.isAccountEncryptionEnabled = newSse.isAccountEncryptionEnabled;
         }
 
-        log.info('updating bucket encryption', { oldKey: masterKey || configuredKey, newKey: key.masterKeyArn });
+        log.info('updating bucket encryption', {
+            oldKey: masterKey || configuredKey,
+            newKey: newSse.masterKeyArn,
+            isAccount: newSse.isAccountEncryptionEnabled,
+        });
         return metadata.updateBucket(bucket.getName(), bucket, log, err => cb(err, bucket));
     });
 }