diff --git a/.changelog/31155.txt b/.changelog/31155.txt new file mode 100644 index 000000000000..d6bad408844a --- /dev/null +++ b/.changelog/31155.txt @@ -0,0 +1,3 @@ +```release-note:breaking-change +provider: The `assume_role.duration_seconds`, `assume_role_with_web_identity.duration_seconds`, `s3_force_path_style`, `shared_credentials_file` and `skip_get_ec2_platforms` attributes have been removed +``` \ No newline at end of file diff --git a/internal/conns/config.go b/internal/conns/config.go index 61e6b3c3e7ec..2f45f62fc343 100644 --- a/internal/conns/config.go +++ b/internal/conns/config.go @@ -68,7 +68,6 @@ type Config struct { SharedConfigFiles []string SharedCredentialsFiles []string SkipCredsValidation bool - SkipGetEC2Platforms bool SkipRegionValidation bool SkipRequestingAccountId bool STSRegion string diff --git a/internal/generate/customends/custom_endpoints_footer.tmpl b/internal/generate/customends/custom_endpoints_footer.tmpl index 27f830774052..4e3d622a0b90 100644 --- a/internal/generate/customends/custom_endpoints_footer.tmpl +++ b/internal/generate/customends/custom_endpoints_footer.tmpl @@ -42,7 +42,7 @@ An example provider configuration: provider "aws" { access_key = "mock_access_key" region = "us-east-1" - s3_force_path_style = true + s3_use_path_style = true secret_key = "mock_secret_key" skip_credentials_validation = true skip_metadata_api_check = true diff --git a/internal/provider/fwprovider/provider.go b/internal/provider/fwprovider/provider.go index b36fc1629223..96d855242159 100644 --- a/internal/provider/fwprovider/provider.go +++ b/internal/provider/fwprovider/provider.go @@ -84,11 +84,6 @@ func (p *fwprovider) Schema(ctx context.Context, req provider.SchemaRequest, res Optional: true, Description: "The region where AWS operations will take place. Examples\nare us-east-1, us-west-2, etc.", // lintignore:AWSAT003 }, - "s3_force_path_style": schema.BoolAttribute{ - Optional: true, - Description: "Set this to true to enable the request to use path-style addressing,\ni.e., https://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will\nuse virtual hosted bucket addressing when possible\n(https://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.", - DeprecationMessage: "Use s3_use_path_style instead.", - }, "s3_use_path_style": schema.BoolAttribute{ Optional: true, Description: "Set this to true to enable the request to use path-style addressing,\ni.e., https://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will\nuse virtual hosted bucket addressing when possible\n(https://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.", @@ -102,11 +97,6 @@ func (p *fwprovider) Schema(ctx context.Context, req provider.SchemaRequest, res Optional: true, Description: "List of paths to shared config files. If not set, defaults to [~/.aws/config].", }, - "shared_credentials_file": schema.StringAttribute{ - Optional: true, - Description: "The path to the shared credentials file. If not set, defaults to ~/.aws/credentials.", - DeprecationMessage: "Use shared_credentials_files instead.", - }, "shared_credentials_files": schema.ListAttribute{ ElementType: types.StringType, Optional: true, @@ -116,11 +106,6 @@ func (p *fwprovider) Schema(ctx context.Context, req provider.SchemaRequest, res Optional: true, Description: "Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.", }, - "skip_get_ec2_platforms": schema.BoolAttribute{ - Optional: true, - Description: "Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.", - DeprecationMessage: `With the retirement of EC2-Classic the skip_get_ec2_platforms attribute has been deprecated and will be removed in a future version.`, - }, "skip_metadata_api_check": schema.StringAttribute{ Optional: true, Description: "Skip the AWS Metadata API check. Used for AWS API implementations that do not have a metadata api endpoint.", @@ -162,11 +147,6 @@ func (p *fwprovider) Schema(ctx context.Context, req provider.SchemaRequest, res Optional: true, Description: "The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m.", }, - "duration_seconds": schema.Int64Attribute{ - Optional: true, - Description: "The duration, in seconds, of the role session.", - DeprecationMessage: "Use assume_role.duration instead", - }, "external_id": schema.StringAttribute{ Optional: true, Description: "A unique identifier that might be required when you assume a role in another account.", diff --git a/internal/provider/provider.go b/internal/provider/provider.go index b3ed9411c6ad..d06e2e26ea51 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -143,15 +143,6 @@ func New(ctx context.Context) (*schema.Provider, error) { Description: "The region where AWS operations will take place. Examples\n" + "are us-east-1, us-west-2, etc.", // lintignore:AWSAT003, }, - "s3_force_path_style": { - Type: schema.TypeBool, - Optional: true, - Deprecated: "Use s3_use_path_style instead.", - Description: "Set this to true to enable the request to use path-style addressing,\n" + - "i.e., https://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will\n" + - "use virtual hosted bucket addressing when possible\n" + - "(https://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.", - }, "s3_use_path_style": { Type: schema.TypeBool, Optional: true, @@ -172,19 +163,11 @@ func New(ctx context.Context) (*schema.Provider, error) { Description: "List of paths to shared config files. If not set, defaults to [~/.aws/config].", Elem: &schema.Schema{Type: schema.TypeString}, }, - "shared_credentials_file": { - Type: schema.TypeString, - Optional: true, - Deprecated: "Use shared_credentials_files instead.", - ConflictsWith: []string{"shared_credentials_files"}, - Description: "The path to the shared credentials file. If not set, defaults to ~/.aws/credentials.", - }, "shared_credentials_files": { - Type: schema.TypeList, - Optional: true, - ConflictsWith: []string{"shared_credentials_file"}, - Description: "List of paths to shared credentials files. If not set, defaults to [~/.aws/credentials].", - Elem: &schema.Schema{Type: schema.TypeString}, + Type: schema.TypeList, + Optional: true, + Description: "List of paths to shared credentials files. If not set, defaults to [~/.aws/credentials].", + Elem: &schema.Schema{Type: schema.TypeString}, }, "skip_credentials_validation": { Type: schema.TypeBool, @@ -192,13 +175,6 @@ func New(ctx context.Context) (*schema.Provider, error) { Description: "Skip the credentials validation via STS API. " + "Used for AWS API implementations that do not have STS available/implemented.", }, - "skip_get_ec2_platforms": { - Type: schema.TypeBool, - Optional: true, - Description: "Skip getting the supported EC2 platforms. " + - "Used by users that don't have ec2:DescribeAccountAttributes permissions.", - Deprecated: `With the retirement of EC2-Classic the skip_get_ec2_platforms attribute has been deprecated and will be removed in a future version.`, - }, "skip_metadata_api_check": { Type: nullable.TypeNullableBool, Optional: true, @@ -446,10 +422,9 @@ func configure(ctx context.Context, provider *schema.Provider, d *schema.Resourc MaxRetries: 25, // Set default here, not in schema (muxing with v6 provider). Profile: d.Get("profile").(string), Region: d.Get("region").(string), - S3UsePathStyle: d.Get("s3_use_path_style").(bool) || d.Get("s3_force_path_style").(bool), + S3UsePathStyle: d.Get("s3_use_path_style").(bool), SecretKey: d.Get("secret_key").(string), SkipCredsValidation: d.Get("skip_credentials_validation").(bool), - SkipGetEC2Platforms: d.Get("skip_get_ec2_platforms").(bool), SkipRegionValidation: d.Get("skip_region_validation").(bool), SkipRequestingAccountId: d.Get("skip_requesting_account_id").(bool), STSRegion: d.Get("sts_region").(string), @@ -507,9 +482,7 @@ func configure(ctx context.Context, provider *schema.Provider, d *schema.Resourc config.MaxRetries = v.(int) } - if v, ok := d.GetOk("shared_credentials_file"); ok { - config.SharedCredentialsFiles = []string{v.(string)} - } else if v, ok := d.GetOk("shared_credentials_files"); ok && len(v.([]interface{})) > 0 { + if v, ok := d.GetOk("shared_credentials_files"); ok && len(v.([]interface{})) > 0 { config.SharedCredentialsFiles = flex.ExpandStringValueList(v.([]interface{})) } @@ -548,19 +521,10 @@ func assumeRoleSchema() *schema.Schema { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "duration": { - Type: schema.TypeString, - Optional: true, - Description: "The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m.", - ValidateFunc: validAssumeRoleDuration, - ConflictsWith: []string{"assume_role.0.duration_seconds"}, - }, - "duration_seconds": { - Type: schema.TypeInt, - Optional: true, - Deprecated: "Use assume_role.duration instead", - Description: "The duration, in seconds, of the role session.", - ValidateFunc: validation.IntBetween(900, 43200), - ConflictsWith: []string{"assume_role.0.duration"}, + Type: schema.TypeString, + Optional: true, + Description: "The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m.", + ValidateFunc: validAssumeRoleDuration, }, "external_id": { Type: schema.TypeString, @@ -708,8 +672,6 @@ func expandAssumeRole(_ context.Context, tfMap map[string]interface{}) *awsbase. if v, ok := tfMap["duration"].(string); ok && v != "" { duration, _ := time.ParseDuration(v) assumeRole.Duration = duration - } else if v, ok := tfMap["duration_seconds"].(int); ok && v != 0 { - assumeRole.Duration = time.Duration(v) * time.Second } if v, ok := tfMap["external_id"].(string); ok && v != "" { @@ -757,8 +719,6 @@ func expandAssumeRoleWithWebIdentity(_ context.Context, tfMap map[string]interfa if v, ok := tfMap["duration"].(string); ok && v != "" { duration, _ := time.ParseDuration(v) assumeRole.Duration = duration - } else if v, ok := tfMap["duration_seconds"].(int); ok && v != 0 { - assumeRole.Duration = time.Duration(v) * time.Second } if v, ok := tfMap["policy"].(string); ok && v != "" { diff --git a/website/docs/guides/custom-service-endpoints.html.md b/website/docs/guides/custom-service-endpoints.html.md index 5ae13f8d31a4..bf5da3f2d8f3 100644 --- a/website/docs/guides/custom-service-endpoints.html.md +++ b/website/docs/guides/custom-service-endpoints.html.md @@ -433,7 +433,7 @@ An example provider configuration: provider "aws" { access_key = "mock_access_key" region = "us-east-1" - s3_force_path_style = true + s3_use_path_style = true secret_key = "mock_secret_key" skip_credentials_validation = true skip_metadata_api_check = true diff --git a/website/docs/guides/version-5-upgrade.html.md b/website/docs/guides/version-5-upgrade.html.md index c3e70a5fe731..8e83c1f0a55c 100644 --- a/website/docs/guides/version-5-upgrade.html.md +++ b/website/docs/guides/version-5-upgrade.html.md @@ -17,6 +17,7 @@ Upgrade topics: - [Provider Version Configuration](#provider-version-configuration) +- [Provider Arguments](#provider-arguments) - [Data Source: aws_redshift_service_account](#data-source-aws_redshift_service_account) - [Data Source: aws_subnet_ids](#data-source-aws_subnet_ids) - [Resource: aws_acmpca_certificate_authority](#resource-aws_acmpca_certificate_authority) @@ -73,6 +74,16 @@ provider "aws" { } ``` +## Provider Arguments + +Version 5.0.0 removes these `provider` arguments: + +* `assume_role.duration_seconds` - Use `assume_role.duration` instead +* `assume_role_with_web_identity.duration_seconds` - Use `assume_role_with_web_identity.duration` instead +* `s3_force_path_style` - Use `s3_use_path_style` instead +* `shared_credentials_file` - Use `shared_credentials_files` instead +* `skip_get_ec2_platforms` - Removed following the retirement of EC2-Classic + ## Resource: aws_acmpca_certificate_authority The `status` attribute is superfluous and sometimes incorrect. It has been removed. diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index c571e7658462..13f4e2d8fd66 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -322,14 +322,11 @@ In addition to [generic `provider` arguments](https://www.terraform.io/docs/conf Can also be set with either the `AWS_REGION` or `AWS_DEFAULT_REGION` environment variables, or via a shared config file parameter `region` if `profile` is used. If credentials are retrieved from the EC2 Instance Metadata Service, the region can also be retrieved from the metadata. -* `s3_force_path_style` - (Optional, **Deprecated**) Whether to enable the request to use path-style addressing, i.e., `https://s3.amazonaws.com/BUCKET/KEY`. By default, the S3 client will use virtual hosted bucket addressing, `https://BUCKET.s3.amazonaws.com/KEY`, when possible. Specific to the Amazon S3 service. * `s3_use_path_style` - (Optional) Whether to enable the request to use path-style addressing, i.e., `https://s3.amazonaws.com/BUCKET/KEY`. By default, the S3 client will use virtual hosted bucket addressing, `https://BUCKET.s3.amazonaws.com/KEY`, when possible. Specific to the Amazon S3 service. * `secret_key` - (Optional) AWS secret key. Can also be set with the `AWS_SECRET_ACCESS_KEY` environment variable, or via a shared configuration and credentials files if `profile` is used. See also `access_key`. * `shared_config_files` - (Optional) List of paths to AWS shared config files. If not set, the default is `[~/.aws/config]`. A single value can also be set with the `AWS_CONFIG_FILE` environment variable. -* `shared_credentials_file` - (Optional, **Deprecated**) Path to the shared credentials file. If not set and a profile is used, the default value is `~/.aws/credentials`. Can also be set with the `AWS_SHARED_CREDENTIALS_FILE` environment variable. * `shared_credentials_files` - (Optional) List of paths to the shared credentials file. If not set and a profile is used, the default value is `[~/.aws/credentials]`. A single value can also be set with the `AWS_SHARED_CREDENTIALS_FILE` environment variable. * `skip_credentials_validation` - (Optional) Whether to skip credentials validation via the STS API. This can be useful for testing and for AWS API implementations that do not have STS available. -* `skip_get_ec2_platforms` - (Optional, **Deprecated**) Whether to skip getting the supported EC2 platforms. Can be used when you do not have `ec2:DescribeAccountAttributes` permissions. * `skip_metadata_api_check` - (Optional) Whether to skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to `true` prevents Terraform from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables. * `skip_region_validation` - (Optional) Whether to skip validating the region. Useful for AWS-like implementations that use their own region names or to bypass the validation for regions that aren't publicly available yet. * `skip_requesting_account_id` - (Optional) Whether to skip requesting the account ID. Useful for AWS API implementations that do not have the IAM, STS API, or metadata API. When set to `true` and not determined previously, returns an empty account ID when manually constructing ARN attributes with the following: