Merge pull request #31155 from hashicorp/remove-deprecated-provider-c…

…onfiguration-attributes Remove deprecated provider configuration attributes
hashicorp · May 4, 2023 · dcccfd3 · dcccfd3
2 parents bb17cf5 + 083b6ad
commit dcccfd3
Show file tree

Hide file tree

Showing 8 changed files with 26 additions and 76 deletions.
diff --git a/.changelog/31155.txt b/.changelog/31155.txt
@@ -0,0 +1,3 @@
+```release-note:breaking-change
+provider: The `assume_role.duration_seconds`, `assume_role_with_web_identity.duration_seconds`, `s3_force_path_style`, `shared_credentials_file` and `skip_get_ec2_platforms` attributes have been removed
+```
diff --git a/internal/conns/config.go b/internal/conns/config.go
@@ -68,7 +68,6 @@ type Config struct {
 	SharedConfigFiles              []string
 	SharedCredentialsFiles         []string
 	SkipCredsValidation            bool
-	SkipGetEC2Platforms            bool
 	SkipRegionValidation           bool
 	SkipRequestingAccountId        bool
 	STSRegion                      string

diff --git a/internal/generate/customends/custom_endpoints_footer.tmpl b/internal/generate/customends/custom_endpoints_footer.tmpl
@@ -42,7 +42,7 @@ An example provider configuration:
 provider "aws" {
   access_key                  = "mock_access_key"
   region                      = "us-east-1"
-  s3_force_path_style         = true
+  s3_use_path_style           = true
   secret_key                  = "mock_secret_key"
   skip_credentials_validation = true
   skip_metadata_api_check     = true

diff --git a/internal/provider/fwprovider/provider.go b/internal/provider/fwprovider/provider.go
@@ -84,11 +84,6 @@ func (p *fwprovider) Schema(ctx context.Context, req provider.SchemaRequest, res
 				Optional:    true,
 				Description: "The region where AWS operations will take place. Examples\nare us-east-1, us-west-2, etc.", // lintignore:AWSAT003
 			},
-			"s3_force_path_style": schema.BoolAttribute{
-				Optional:           true,
-				Description:        "Set this to true to enable the request to use path-style addressing,\ni.e., https://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will\nuse virtual hosted bucket addressing when possible\n(https://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.",
-				DeprecationMessage: "Use s3_use_path_style instead.",
-			},
 			"s3_use_path_style": schema.BoolAttribute{
 				Optional:    true,
 				Description: "Set this to true to enable the request to use path-style addressing,\ni.e., https://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will\nuse virtual hosted bucket addressing when possible\n(https://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.",
@@ -102,11 +97,6 @@ func (p *fwprovider) Schema(ctx context.Context, req provider.SchemaRequest, res
 				Optional:    true,
 				Description: "List of paths to shared config files. If not set, defaults to [~/.aws/config].",
 			},
-			"shared_credentials_file": schema.StringAttribute{
-				Optional:           true,
-				Description:        "The path to the shared credentials file. If not set, defaults to ~/.aws/credentials.",
-				DeprecationMessage: "Use shared_credentials_files instead.",
-			},
 			"shared_credentials_files": schema.ListAttribute{
 				ElementType: types.StringType,
 				Optional:    true,
@@ -116,11 +106,6 @@ func (p *fwprovider) Schema(ctx context.Context, req provider.SchemaRequest, res
 				Optional:    true,
 				Description: "Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.",
 			},
-			"skip_get_ec2_platforms": schema.BoolAttribute{
-				Optional:           true,
-				Description:        "Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.",
-				DeprecationMessage: `With the retirement of EC2-Classic the skip_get_ec2_platforms attribute has been deprecated and will be removed in a future version.`,
-			},
 			"skip_metadata_api_check": schema.StringAttribute{
 				Optional:    true,
 				Description: "Skip the AWS Metadata API check. Used for AWS API implementations that do not have a metadata api endpoint.",
@@ -162,11 +147,6 @@ func (p *fwprovider) Schema(ctx context.Context, req provider.SchemaRequest, res
 							Optional:    true,
 							Description: "The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m.",
 						},
-						"duration_seconds": schema.Int64Attribute{
-							Optional:           true,
-							Description:        "The duration, in seconds, of the role session.",
-							DeprecationMessage: "Use assume_role.duration instead",
-						},
 						"external_id": schema.StringAttribute{
 							Optional:    true,
 							Description: "A unique identifier that might be required when you assume a role in another account.",

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -143,15 +143,6 @@ func New(ctx context.Context) (*schema.Provider, error) {
 				Description: "The region where AWS operations will take place. Examples\n" +
 					"are us-east-1, us-west-2, etc.", // lintignore:AWSAT003,
 			},
-			"s3_force_path_style": {
-				Type:       schema.TypeBool,
-				Optional:   true,
-				Deprecated: "Use s3_use_path_style instead.",
-				Description: "Set this to true to enable the request to use path-style addressing,\n" +
-					"i.e., https://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will\n" +
-					"use virtual hosted bucket addressing when possible\n" +
-					"(https://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.",
-			},
 			"s3_use_path_style": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -172,33 +163,18 @@ func New(ctx context.Context) (*schema.Provider, error) {
 				Description: "List of paths to shared config files. If not set, defaults to [~/.aws/config].",
 				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
-			"shared_credentials_file": {
-				Type:          schema.TypeString,
-				Optional:      true,
-				Deprecated:    "Use shared_credentials_files instead.",
-				ConflictsWith: []string{"shared_credentials_files"},
-				Description:   "The path to the shared credentials file. If not set, defaults to ~/.aws/credentials.",
-			},
 			"shared_credentials_files": {
-				Type:          schema.TypeList,
-				Optional:      true,
-				ConflictsWith: []string{"shared_credentials_file"},
-				Description:   "List of paths to shared credentials files. If not set, defaults to [~/.aws/credentials].",
-				Elem:          &schema.Schema{Type: schema.TypeString},
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: "List of paths to shared credentials files. If not set, defaults to [~/.aws/credentials].",
+				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
 			"skip_credentials_validation": {
 				Type:     schema.TypeBool,
 				Optional: true,
 				Description: "Skip the credentials validation via STS API. " +
 					"Used for AWS API implementations that do not have STS available/implemented.",
 			},
-			"skip_get_ec2_platforms": {
-				Type:     schema.TypeBool,
-				Optional: true,
-				Description: "Skip getting the supported EC2 platforms. " +
-					"Used by users that don't have ec2:DescribeAccountAttributes permissions.",
-				Deprecated: `With the retirement of EC2-Classic the skip_get_ec2_platforms attribute has been deprecated and will be removed in a future version.`,
-			},
 			"skip_metadata_api_check": {
 				Type:         nullable.TypeNullableBool,
 				Optional:     true,
@@ -446,10 +422,9 @@ func configure(ctx context.Context, provider *schema.Provider, d *schema.Resourc
 		MaxRetries:                     25, // Set default here, not in schema (muxing with v6 provider).
 		Profile:                        d.Get("profile").(string),
 		Region:                         d.Get("region").(string),
-		S3UsePathStyle:                 d.Get("s3_use_path_style").(bool) || d.Get("s3_force_path_style").(bool),
+		S3UsePathStyle:                 d.Get("s3_use_path_style").(bool),
 		SecretKey:                      d.Get("secret_key").(string),
 		SkipCredsValidation:            d.Get("skip_credentials_validation").(bool),
-		SkipGetEC2Platforms:            d.Get("skip_get_ec2_platforms").(bool),
 		SkipRegionValidation:           d.Get("skip_region_validation").(bool),
 		SkipRequestingAccountId:        d.Get("skip_requesting_account_id").(bool),
 		STSRegion:                      d.Get("sts_region").(string),
@@ -507,9 +482,7 @@ func configure(ctx context.Context, provider *schema.Provider, d *schema.Resourc
 		config.MaxRetries = v.(int)
 	}
 
-	if v, ok := d.GetOk("shared_credentials_file"); ok {
-		config.SharedCredentialsFiles = []string{v.(string)}
-	} else if v, ok := d.GetOk("shared_credentials_files"); ok && len(v.([]interface{})) > 0 {
+	if v, ok := d.GetOk("shared_credentials_files"); ok && len(v.([]interface{})) > 0 {
 		config.SharedCredentialsFiles = flex.ExpandStringValueList(v.([]interface{}))
 	}
 
@@ -548,19 +521,10 @@ func assumeRoleSchema() *schema.Schema {
 		Elem: &schema.Resource{
 			Schema: map[string]*schema.Schema{
 				"duration": {
-					Type:          schema.TypeString,
-					Optional:      true,
-					Description:   "The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m.",
-					ValidateFunc:  validAssumeRoleDuration,
-					ConflictsWith: []string{"assume_role.0.duration_seconds"},
-				},
-				"duration_seconds": {
-					Type:          schema.TypeInt,
-					Optional:      true,
-					Deprecated:    "Use assume_role.duration instead",
-					Description:   "The duration, in seconds, of the role session.",
-					ValidateFunc:  validation.IntBetween(900, 43200),
-					ConflictsWith: []string{"assume_role.0.duration"},
+					Type:         schema.TypeString,
+					Optional:     true,
+					Description:  "The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m.",
+					ValidateFunc: validAssumeRoleDuration,
 				},
 				"external_id": {
 					Type:        schema.TypeString,
@@ -708,8 +672,6 @@ func expandAssumeRole(_ context.Context, tfMap map[string]interface{}) *awsbase.
 	if v, ok := tfMap["duration"].(string); ok && v != "" {
 		duration, _ := time.ParseDuration(v)
 		assumeRole.Duration = duration
-	} else if v, ok := tfMap["duration_seconds"].(int); ok && v != 0 {
-		assumeRole.Duration = time.Duration(v) * time.Second
 	}
 
 	if v, ok := tfMap["external_id"].(string); ok && v != "" {
@@ -757,8 +719,6 @@ func expandAssumeRoleWithWebIdentity(_ context.Context, tfMap map[string]interfa
 	if v, ok := tfMap["duration"].(string); ok && v != "" {
 		duration, _ := time.ParseDuration(v)
 		assumeRole.Duration = duration
-	} else if v, ok := tfMap["duration_seconds"].(int); ok && v != 0 {
-		assumeRole.Duration = time.Duration(v) * time.Second
 	}
 
 	if v, ok := tfMap["policy"].(string); ok && v != "" {

diff --git a/website/docs/guides/custom-service-endpoints.html.md b/website/docs/guides/custom-service-endpoints.html.md
@@ -433,7 +433,7 @@ An example provider configuration:
 provider "aws" {
   access_key                  = "mock_access_key"
   region                      = "us-east-1"
-  s3_force_path_style         = true
+  s3_use_path_style           = true
   secret_key                  = "mock_secret_key"
   skip_credentials_validation = true
   skip_metadata_api_check     = true

diff --git a/website/docs/guides/version-5-upgrade.html.md b/website/docs/guides/version-5-upgrade.html.md
@@ -17,6 +17,7 @@ Upgrade topics:
 <!-- TOC depthFrom:2 depthTo:2 -->
 
 - [Provider Version Configuration](#provider-version-configuration)
+- [Provider Arguments](#provider-arguments)
 - [Data Source: aws_redshift_service_account](#data-source-aws_redshift_service_account)
 - [Data Source: aws_subnet_ids](#data-source-aws_subnet_ids)
 - [Resource: aws_acmpca_certificate_authority](#resource-aws_acmpca_certificate_authority)
@@ -73,6 +74,16 @@ provider "aws" {
 }
 ```
 
+## Provider Arguments
+
+Version 5.0.0 removes these `provider` arguments:
+
+* `assume_role.duration_seconds` - Use `assume_role.duration` instead
+* `assume_role_with_web_identity.duration_seconds` - Use `assume_role_with_web_identity.duration` instead
+* `s3_force_path_style` - Use `s3_use_path_style` instead
+* `shared_credentials_file` - Use `shared_credentials_files` instead
+* `skip_get_ec2_platforms` - Removed following the retirement of EC2-Classic
+
 ## Resource: aws_acmpca_certificate_authority
 
 The `status` attribute is superfluous and sometimes incorrect. It has been removed.

diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
@@ -322,14 +322,11 @@ In addition to [generic `provider` arguments](https://www.terraform.io/docs/conf
   Can also be set with either the `AWS_REGION` or `AWS_DEFAULT_REGION` environment variables,
   or via a shared config file parameter `region` if `profile` is used.
   If credentials are retrieved from the EC2 Instance Metadata Service, the region can also be retrieved from the metadata.
-* `s3_force_path_style` - (Optional, **Deprecated**) Whether to enable the request to use path-style addressing, i.e., `https://s3.amazonaws.com/BUCKET/KEY`. By default, the S3 client will use virtual hosted bucket addressing, `https://BUCKET.s3.amazonaws.com/KEY`, when possible. Specific to the Amazon S3 service.
 * `s3_use_path_style` - (Optional) Whether to enable the request to use path-style addressing, i.e., `https://s3.amazonaws.com/BUCKET/KEY`. By default, the S3 client will use virtual hosted bucket addressing, `https://BUCKET.s3.amazonaws.com/KEY`, when possible. Specific to the Amazon S3 service.
 * `secret_key` - (Optional) AWS secret key. Can also be set with the `AWS_SECRET_ACCESS_KEY` environment variable, or via a shared configuration and credentials files if `profile` is used. See also `access_key`.
 * `shared_config_files` - (Optional) List of paths to AWS shared config files. If not set, the default is `[~/.aws/config]`. A single value can also be set with the `AWS_CONFIG_FILE` environment variable.
-* `shared_credentials_file` - (Optional, **Deprecated**) Path to the shared credentials file. If not set and a profile is used, the default value is `~/.aws/credentials`. Can also be set with the `AWS_SHARED_CREDENTIALS_FILE` environment variable.
 * `shared_credentials_files` - (Optional) List of paths to the shared credentials file. If not set and a profile is used, the default value is `[~/.aws/credentials]`. A single value can also be set with the `AWS_SHARED_CREDENTIALS_FILE` environment variable.
 * `skip_credentials_validation` - (Optional) Whether to skip credentials validation via the STS API. This can be useful for testing and for AWS API implementations that do not have STS available.
-* `skip_get_ec2_platforms` - (Optional, **Deprecated**) Whether to skip getting the supported EC2 platforms. Can be used when you do not have `ec2:DescribeAccountAttributes` permissions.
 * `skip_metadata_api_check` - (Optional) Whether to skip the AWS Metadata API check.  Useful for AWS API implementations that do not have a metadata API endpoint.  Setting to `true` prevents Terraform from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
 * `skip_region_validation` - (Optional) Whether to skip validating the region. Useful for AWS-like implementations that use their own region names or to bypass the validation for regions that aren't publicly available yet.
 * `skip_requesting_account_id` - (Optional) Whether to skip requesting the account ID.  Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.  When set to `true` and not determined previously, returns an empty account ID when manually constructing ARN attributes with the following: