Remove deprecated provider configuration attributes

.changelog/31155.txt

@@ -0,0 +1,3 @@
+```release-note:breaking-change
+provider: The `assume_role.duration_seconds`, `assume_role_with_web_identity.duration_seconds`, `s3_force_path_style`, `shared_credentials_file` and `skip_get_ec2_platforms` attributes have been removed
+```

internal/conns/config.go

@@ -68,7 +68,6 @@ type Config struct {
  SharedConfigFiles []string
  SharedCredentialsFiles []string
  SkipCredsValidation bool
- SkipGetEC2Platforms bool
  SkipRegionValidation bool
  SkipRequestingAccountId bool
  STSRegion string

internal/generate/customends/custom_endpoints_footer.tmpl

@@ -42,7 +42,7 @@ An example provider configuration:
 provider "aws" {
  access_key = "mock_access_key"
  region = "us-east-1"
- s3_force_path_style = true
+ s3_use_path_style  = true
  secret_key = "mock_secret_key"
  skip_credentials_validation = true
  skip_metadata_api_check = true

internal/provider/fwprovider/provider.go

@@ -84,11 +84,6 @@ func (p *fwprovider) Schema(ctx context.Context, req provider.SchemaRequest, res
  Optional: true,
  Description: "The region where AWS operations will take place. Examples\nare us-east-1, us-west-2, etc.", // lintignore:AWSAT003
  },
- "s3_force_path_style": schema.BoolAttribute{
- Optional: true,
- Description: "Set this to true to enable the request to use path-style addressing,\ni.e., https://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will\nuse virtual hosted bucket addressing when possible\n(https://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.",
- DeprecationMessage: "Use s3_use_path_style instead.",
- },
  "s3_use_path_style": schema.BoolAttribute{
  Optional: true,
  Description: "Set this to true to enable the request to use path-style addressing,\ni.e., https://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will\nuse virtual hosted bucket addressing when possible\n(https://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.",
@@ -102,11 +97,6 @@ func (p *fwprovider) Schema(ctx context.Context, req provider.SchemaRequest, res
  Optional: true,
  Description: "List of paths to shared config files. If not set, defaults to [~/.aws/config].",
  },
- "shared_credentials_file": schema.StringAttribute{
- Optional: true,
- Description: "The path to the shared credentials file. If not set, defaults to ~/.aws/credentials.",
- DeprecationMessage: "Use shared_credentials_files instead.",
- },
  "shared_credentials_files": schema.ListAttribute{
  ElementType: types.StringType,
  Optional: true,
@@ -116,11 +106,6 @@ func (p *fwprovider) Schema(ctx context.Context, req provider.SchemaRequest, res
  Optional: true,
  Description: "Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.",
  },
- "skip_get_ec2_platforms": schema.BoolAttribute{
- Optional: true,
- Description: "Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.",
- DeprecationMessage: `With the retirement of EC2-Classic the skip_get_ec2_platforms attribute has been deprecated and will be removed in a future version.`,
- },
  "skip_metadata_api_check": schema.StringAttribute{
  Optional: true,
  Description: "Skip the AWS Metadata API check. Used for AWS API implementations that do not have a metadata api endpoint.",
@@ -162,11 +147,6 @@ func (p *fwprovider) Schema(ctx context.Context, req provider.SchemaRequest, res
  Optional: true,
  Description: "The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m.",
  },
- "duration_seconds": schema.Int64Attribute{
- Optional: true,
- Description: "The duration, in seconds, of the role session.",
- DeprecationMessage: "Use assume_role.duration instead",
- },
  "external_id": schema.StringAttribute{
  Optional: true,
  Description: "A unique identifier that might be required when you assume a role in another account.",

internal/provider/provider.go

@@ -143,15 +143,6 @@ func New(ctx context.Context) (*schema.Provider, error) {
  Description: "The region where AWS operations will take place. Examples\n" +
  "are us-east-1, us-west-2, etc.", // lintignore:AWSAT003,
  },
- "s3_force_path_style": {
- Type: schema.TypeBool,
- Optional: true,
- Deprecated: "Use s3_use_path_style instead.",
- Description: "Set this to true to enable the request to use path-style addressing,\n" +
- "i.e., https://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will\n" +
- "use virtual hosted bucket addressing when possible\n" +
- "(https://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.",
- },
  "s3_use_path_style": {
  Type: schema.TypeBool,
  Optional: true,
@@ -172,33 +163,18 @@ func New(ctx context.Context) (*schema.Provider, error) {
  Description: "List of paths to shared config files. If not set, defaults to [~/.aws/config].",
  Elem: &schema.Schema{Type: schema.TypeString},
  },
- "shared_credentials_file": {
- Type: schema.TypeString,
- Optional: true,
- Deprecated: "Use shared_credentials_files instead.",
- ConflictsWith: []string{"shared_credentials_files"},
- Description: "The path to the shared credentials file. If not set, defaults to ~/.aws/credentials.",
- },
  "shared_credentials_files": {
- Type: schema.TypeList,
- Optional: true,
- ConflictsWith: []string{"shared_credentials_file"},
- Description: "List of paths to shared credentials files. If not set, defaults to [~/.aws/credentials].",
- Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "List of paths to shared credentials files. If not set, defaults to [~/.aws/credentials].",
+ Elem: &schema.Schema{Type: schema.TypeString},
  },
  "skip_credentials_validation": {
  Type: schema.TypeBool,
  Optional: true,
  Description: "Skip the credentials validation via STS API. " +
  "Used for AWS API implementations that do not have STS available/implemented.",
  },
- "skip_get_ec2_platforms": {
- Type: schema.TypeBool,
- Optional: true,
- Description: "Skip getting the supported EC2 platforms. " +
- "Used by users that don't have ec2:DescribeAccountAttributes permissions.",
- Deprecated: `With the retirement of EC2-Classic the skip_get_ec2_platforms attribute has been deprecated and will be removed in a future version.`,
- },
  "skip_metadata_api_check": {
  Type: nullable.TypeNullableBool,
  Optional: true,
@@ -446,10 +422,9 @@ func configure(ctx context.Context, provider *schema.Provider, d *schema.Resourc
  MaxRetries: 25, // Set default here, not in schema (muxing with v6 provider).
  Profile: d.Get("profile").(string),
  Region: d.Get("region").(string),
- S3UsePathStyle: d.Get("s3_use_path_style").(bool) || d.Get("s3_force_path_style").(bool),
+ S3UsePathStyle: d.Get("s3_use_path_style").(bool),
  SecretKey: d.Get("secret_key").(string),
  SkipCredsValidation: d.Get("skip_credentials_validation").(bool),
- SkipGetEC2Platforms: d.Get("skip_get_ec2_platforms").(bool),
  SkipRegionValidation: d.Get("skip_region_validation").(bool),
  SkipRequestingAccountId: d.Get("skip_requesting_account_id").(bool),
  STSRegion: d.Get("sts_region").(string),
@@ -507,9 +482,7 @@ func configure(ctx context.Context, provider *schema.Provider, d *schema.Resourc
  config.MaxRetries = v.(int)
  }
 
- if v, ok := d.GetOk("shared_credentials_file"); ok {
- config.SharedCredentialsFiles = []string{v.(string)}
- } else if v, ok := d.GetOk("shared_credentials_files"); ok && len(v.([]interface{})) > 0 {
+ if v, ok := d.GetOk("shared_credentials_files"); ok && len(v.([]interface{})) > 0 {
  config.SharedCredentialsFiles = flex.ExpandStringValueList(v.([]interface{}))
  }
 
@@ -548,19 +521,10 @@ func assumeRoleSchema() *schema.Schema {
  Elem: &schema.Resource{
  Schema: map[string]*schema.Schema{
  "duration": {
- Type: schema.TypeString,
- Optional: true,
- Description: "The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m.",
- ValidateFunc: validAssumeRoleDuration,
- ConflictsWith: []string{"assume_role.0.duration_seconds"},
- },
- "duration_seconds": {
- Type: schema.TypeInt,
- Optional: true,
- Deprecated: "Use assume_role.duration instead",
- Description: "The duration, in seconds, of the role session.",
- ValidateFunc: validation.IntBetween(900, 43200),
- ConflictsWith: []string{"assume_role.0.duration"},
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m.",
+ ValidateFunc: validAssumeRoleDuration,
  },
  "external_id": {
  Type: schema.TypeString,
@@ -708,8 +672,6 @@ func expandAssumeRole(_ context.Context, tfMap map[string]interface{}) *awsbase.
  if v, ok := tfMap["duration"].(string); ok && v != "" {
  duration, _ := time.ParseDuration(v)
  assumeRole.Duration = duration
- } else if v, ok := tfMap["duration_seconds"].(int); ok && v != 0 {
- assumeRole.Duration = time.Duration(v) * time.Second
  }
 
  if v, ok := tfMap["external_id"].(string); ok && v != "" {
@@ -757,8 +719,6 @@ func expandAssumeRoleWithWebIdentity(_ context.Context, tfMap map[string]interfa
  if v, ok := tfMap["duration"].(string); ok && v != "" {
  duration, _ := time.ParseDuration(v)
  assumeRole.Duration = duration
- } else if v, ok := tfMap["duration_seconds"].(int); ok && v != 0 {
- assumeRole.Duration = time.Duration(v) * time.Second
  }
 
  if v, ok := tfMap["policy"].(string); ok && v != "" {

website/docs/guides/custom-service-endpoints.html.md

@@ -433,7 +433,7 @@ An example provider configuration:
 provider "aws" {
  access_key = "mock_access_key"
  region = "us-east-1"
- s3_force_path_style = true
+ s3_use_path_style  = true
  secret_key = "mock_secret_key"
  skip_credentials_validation = true
  skip_metadata_api_check = true

website/docs/guides/version-5-upgrade.html.md

@@ -17,6 +17,7 @@ Upgrade topics:
 <!-- TOC depthFrom:2 depthTo:2 -->
 
 - [Provider Version Configuration](#provider-version-configuration)
+- [Provider Arguments](#provider-arguments)
 - [Data Source: aws_redshift_service_account](#data-source-aws_redshift_service_account)
 - [Data Source: aws_subnet_ids](#data-source-aws_subnet_ids)
 - [Resource: aws_acmpca_certificate_authority](#resource-aws_acmpca_certificate_authority)
@@ -73,6 +74,16 @@ provider "aws" {
 }
 ```
 
+## Provider Arguments
+
+Version 5.0.0 removes these `provider` arguments:
+
+* `assume_role.duration_seconds` - Use `assume_role.duration` instead
+* `assume_role_with_web_identity.duration_seconds` - Use `assume_role_with_web_identity.duration` instead
+* `s3_force_path_style` - Use `s3_use_path_style` instead
+* `shared_credentials_file` - Use `shared_credentials_files` instead
+* `skip_get_ec2_platforms` - Removed following the retirement of EC2-Classic
+
 ## Resource: aws_acmpca_certificate_authority
 
 The `status` attribute is superfluous and sometimes incorrect. It has been removed.

website/docs/index.html.markdown

@@ -322,14 +322,11 @@ In addition to [generic `provider` arguments](https://www.terraform.io/docs/conf
  Can also be set with either the `AWS_REGION` or `AWS_DEFAULT_REGION` environment variables,
  or via a shared config file parameter `region` if `profile` is used.
  If credentials are retrieved from the EC2 Instance Metadata Service, the region can also be retrieved from the metadata.
-* `s3_force_path_style` - (Optional, **Deprecated**) Whether to enable the request to use path-style addressing, i.e., `https://s3.amazonaws.com/BUCKET/KEY`. By default, the S3 client will use virtual hosted bucket addressing, `https://BUCKET.s3.amazonaws.com/KEY`, when possible. Specific to the Amazon S3 service.
 * `s3_use_path_style` - (Optional) Whether to enable the request to use path-style addressing, i.e., `https://s3.amazonaws.com/BUCKET/KEY`. By default, the S3 client will use virtual hosted bucket addressing, `https://BUCKET.s3.amazonaws.com/KEY`, when possible. Specific to the Amazon S3 service.
 * `secret_key` - (Optional) AWS secret key. Can also be set with the `AWS_SECRET_ACCESS_KEY` environment variable, or via a shared configuration and credentials files if `profile` is used. See also `access_key`.
 * `shared_config_files` - (Optional) List of paths to AWS shared config files. If not set, the default is `[~/.aws/config]`. A single value can also be set with the `AWS_CONFIG_FILE` environment variable.
-* `shared_credentials_file` - (Optional, **Deprecated**) Path to the shared credentials file. If not set and a profile is used, the default value is `~/.aws/credentials`. Can also be set with the `AWS_SHARED_CREDENTIALS_FILE` environment variable.
 * `shared_credentials_files` - (Optional) List of paths to the shared credentials file. If not set and a profile is used, the default value is `[~/.aws/credentials]`. A single value can also be set with the `AWS_SHARED_CREDENTIALS_FILE` environment variable.
 * `skip_credentials_validation` - (Optional) Whether to skip credentials validation via the STS API. This can be useful for testing and for AWS API implementations that do not have STS available.
-* `skip_get_ec2_platforms` - (Optional, **Deprecated**) Whether to skip getting the supported EC2 platforms. Can be used when you do not have `ec2:DescribeAccountAttributes` permissions.
 * `skip_metadata_api_check` - (Optional) Whether to skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to `true` prevents Terraform from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
 * `skip_region_validation` - (Optional) Whether to skip validating the region. Useful for AWS-like implementations that use their own region names or to bypass the validation for regions that aren't publicly available yet.
 * `skip_requesting_account_id` - (Optional) Whether to skip requesting the account ID. Useful for AWS API implementations that do not have the IAM, STS API, or metadata API. When set to `true` and not determined previously, returns an empty account ID when manually constructing ARN attributes with the following: