generated terraform fails because s3 bucket attributes acl and server_side_encryption are empty

[mwiede]

/kind bug

I am upgrading from Kops 1.29.0 to 1.30.0 and facing the issue described in #16818

resource "aws_s3_object" "cluster-completed-spec" {
  acl                    = ""
  bucket                 = "foobar"
  content                = file("${path.module}/data/aws_s3_object_cluster-completed.spec_content")
  key                    = "foobar/cluster-completed.spec"
  provider               = aws.files
  server_side_encryption = ""
}

1. What kops version are you running? The command kops version, will display this information. v1.30.0

3. What cloud provider are you using? AWS 4. What commands did you run? What is the simplest way to reproduce this issue? I found #16818 so the issue was already reproduced.

9. Anything else do we need to know?

if I use master branch and build Kops, the issue does not occur in 1.30.0-beta.1

I tried setting KOPS_STATE_S3_ACL=private which solves the empty acl, but there is no way to overwrite server_side_encryption.

When is the next release published from master?

[rifelpet]

I opened a cherrypick for 1.30 https://github.com/kubernetes/kops/pull/16830 so this will be included in the next 1.30.2 release. We just created the 1.30.1 release so 1.30.2 may be a week or two away.