Remove use_legacy_workflow from the S3 backend configuration (#1730)

Signed-off-by: RLRabinowitz <rlrabinowitz2@gmail.com>
2025-12-25 01:00:16 -05:00 · 2024-06-17 20:33:10 +03:00
parent 5a40234661
commit 927d1a5759
5 changed files with 21 additions and 64 deletions
--- a/internal/backend/remote-state/s3/backend.go
+++ b/internal/backend/remote-state/s3/backend.go
@@ -288,12 +288,6 @@ func (b *Backend) ConfigSchema() *configschema.Block {
 				Optional:    true,
 				Description: "The maximum number of times an AWS API request is retried on retryable failure.",
 			},
-			"use_legacy_workflow": {
-				Type:        cty.Bool,
-				Optional:    true,
-				Description: "Use the legacy authentication workflow, preferring environment variables over backend configuration.",
-				Deprecated:  true,
-			},
 			"custom_ca_bundle": {
 				Type:        cty.String,
 				Optional:    true,
@@ -575,18 +569,6 @@ func (b *Backend) PrepareConfig(obj cty.Value) (cty.Value, tfdiags.Diagnostics)
 			attrPath))
 	}

-	if val := obj.GetAttr("use_legacy_workflow"); !val.IsNull() {
-		attrPath := cty.GetAttrPath("use_legacy_workflow")
-		detail := fmt.Sprintf(
-			`Parameter "%s" is deprecated and will be removed in an upcoming minor version.`,
-			pathString(attrPath))
-
-		diags = diags.Append(attributeWarningDiag(
-			"Deprecated Parameter",
-			detail,
-			attrPath))
-	}
-
 	validateAttributesConflict(
 		cty.GetAttrPath("force_path_style"),
 		cty.GetAttrPath("use_path_style"),
@@ -766,8 +748,6 @@ func (b *Backend) Configure(obj cty.Value) tfdiags.Diagnostics {
 		Logger:                         baselog,
 	}

-	cfg.UseLegacyWorkflow = boolAttr(obj, "use_legacy_workflow")
-
 	if val, ok := boolAttrOk(obj, "skip_metadata_api_check"); ok {
 		if val {
 			cfg.EC2MetadataServiceEnableState = imds.ClientDisabled
--- a/internal/backend/remote-state/s3/backend_complete_test.go
+++ b/internal/backend/remote-state/s3/backend_complete_test.go
@@ -226,34 +226,6 @@ aws_secret_access_key = ProfileSharedCredentialsSecretKey
 			ValidateDiags: ExpectNoDiags,
 		},

-		"environment AWS_ACCESS_KEY_ID overrides config Profile": { // Legacy behavior
-			config: map[string]any{
-				"profile":             "SharedCredentialsProfile",
-				"use_legacy_workflow": true,
-			},
-			EnvironmentVariables: map[string]string{
-				"AWS_ACCESS_KEY_ID":     servicemocks.MockEnvAccessKey,
-				"AWS_SECRET_ACCESS_KEY": servicemocks.MockEnvSecretKey,
-			},
-			ExpectedCredentialsValue: mockdata.MockEnvCredentials,
-			MockStsEndpoints: []*servicemocks.MockEndpoint{
-				servicemocks.MockStsGetCallerIdentityValidEndpoint,
-			},
-			SharedCredentialsFile: `
-[default]
-aws_access_key_id = DefaultSharedCredentialsAccessKey
-aws_secret_access_key = DefaultSharedCredentialsSecretKey
-[SharedCredentialsProfile]
-aws_access_key_id = ProfileSharedCredentialsAccessKey
-aws_secret_access_key = ProfileSharedCredentialsSecretKey
-`,
-			ValidateDiags: ExpectDiagsMatching(
-				tfdiags.Warning,
-				equalsMatcher("Deprecated Parameter"),
-				noopMatcher{},
-			),
-		},
-
 		"environment AWS_ACCESS_KEY_ID does not override config Profile": {
 			config: map[string]any{
 				"profile": "SharedCredentialsProfile",