Merge pull request #39814 from hashicorp/td-isolate-aws-sdk-go-refere…

…nces Tech debt: Isolate AWS SDK for Go v1 references
hashicorp · Oct 23, 2024 · 745c31b · 745c31b
2 parents 20fac1c + f439503
commit 745c31b
Show file tree

Hide file tree

Showing 756 changed files with 9,053 additions and 10,037 deletions.
diff --git a/.ci/.semgrep.yml b/.ci/.semgrep.yml
@@ -337,17 +337,17 @@ rules:
     patterns:
       - pattern-either:
           - pattern: |
-              aws.TimeValue($X) == $Y
+              aws.ToTime($X) == $Y
           - pattern: |
-              aws.TimeValue($X) != $Y
+              aws.ToTime($X) != $Y
           - pattern: |
               ($X : time.Time) == $Y
           - pattern: |
               ($X : time.Time) != $Y
           - pattern: |
-              $X == aws.TimeValue($Y)
+              $X == aws.ToTime($Y)
           - pattern: |
-              $X != aws.TimeValue($Y)
+              $X != aws.ToTime($Y)
           - pattern: |
               $X == ($Y : time.Time)
           - pattern: |

diff --git a/.ci/semgrep/aws/awserr.yml b/.ci/semgrep/aws/awserr.yml
diff --git a/.ci/semgrep/aws/go-sdk-v1.yml b/.ci/semgrep/aws/go-sdk-v1.yml
@@ -0,0 +1,34 @@
+rules:
+  - id: aws-sdk-go-imports
+    languages: [go]
+    message: Do not use AWS SDK for Go v1
+    paths:
+      include:
+        - internal/
+      exclude:
+        - "internal/service/simpledb/*.go"
+        - "internal/conns/awsclient.go"
+    patterns:
+      - pattern: |
+          import ("$X")
+      - metavariable-regex:
+          metavariable: "$X"
+          regex: '^github.com/aws/aws-sdk-go/.+$'
+    severity: WARNING
+
+  - id: aws-sdk-go-base-awsv1shim-imports
+    languages: [go]
+    message: Do not use aws-sdk-go-base AWS SDK for Go v1 shims
+    paths:
+      include:
+        - internal/
+      exclude:
+        - "internal/service/simpledb/*.go"
+        - "internal/conns/config.go"
+    patterns:
+      - pattern: |
+          import ("$X")
+      - metavariable-regex:
+          metavariable: "$X"
+          regex: '^github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/?.*$'
+    severity: WARNING
diff --git a/.ci/semgrep/aws/go-sdk.yml b/.ci/semgrep/aws/go-sdk.yml
@@ -16,19 +16,15 @@ rules:
           import ("$Y")
       - metavariable-regex:
           metavariable: "$X"
-          regex: '^github.com/aws/aws-sdk-go(-v2)?/service/[^/]+$'
+          regex: '^github.com/aws/aws-sdk-go-v2/service/[^/]+$'
       - metavariable-regex:
           metavariable: "$Y"
-          regex: '^github.com/aws/aws-sdk-go/service(-v2)?/[^/]+$'
-      # wafregional uses a number of resources from waf
-      - pattern-not: |
-          import ("github.com/aws/aws-sdk-go/service/waf")
-          import ("github.com/aws/aws-sdk-go/service/wafregional")
+          regex: '^github.com/aws/aws-sdk-go-v2/service/[^/]+$'
     severity: WARNING
 
   - id: prefer-pointer-conversion-assignment
     languages: [go]
-    message: Prefer AWS Go SDK pointer conversion functions for dereferencing during assignment, e.g. aws.StringValue()
+    message: Prefer AWS Go SDK pointer conversion functions for dereferencing during assignment, e.g. aws.ToString()
     paths:
       include:
         - internal/service
@@ -43,7 +39,7 @@ rules:
 
   - id: prefer-pointer-conversion-conditional
     languages: [go]
-    message: Prefer AWS Go SDK pointer conversion functions for dereferencing during conditionals, e.g. aws.StringValue()
+    message: Prefer AWS Go SDK pointer conversion functions for dereferencing during conditionals, e.g. aws.ToString()
     paths:
       include:
         - internal/service
@@ -82,9 +78,9 @@ rules:
     severity: WARNING
 
   - id: pointer-conversion-ResourceData-SetId
-    fix: d.SetId(aws.StringValue($VALUE))
+    fix: d.SetId(aws.ToString($VALUE))
     languages: [go]
-    message: Prefer AWS Go SDK pointer conversion aws.StringValue() function for dereferencing during d.SetId()
+    message: Prefer AWS Go SDK pointer conversion aws.ToString() function for dereferencing during d.SetId()
     paths:
       include:
         - internal/
@@ -100,17 +96,14 @@ rules:
         - internal/
     patterns:
       - pattern-either:
-          - pattern: d.Set($ATTRIBUTE, aws.BoolValue($APIOBJECT))
           - pattern: d.Set($ATTRIBUTE, aws.ToBool($APIOBJECT))
-          - pattern: d.Set($ATTRIBUTE, aws.Float64Value($APIOBJECT))
+          - pattern: d.Set($ATTRIBUTE, aws.ToFloat32($APIOBJECT))
           - pattern: d.Set($ATTRIBUTE, aws.ToFloat64($APIOBJECT))
-          - pattern: d.Set($ATTRIBUTE, aws.IntValue($APIOBJECT))
           - pattern: d.Set($ATTRIBUTE, aws.ToInt($APIOBJECT))
-          - pattern: d.Set($ATTRIBUTE, aws.Int64Value($APIOBJECT))
+          - pattern: d.Set($ATTRIBUTE, aws.ToInt32($APIOBJECT))
           - pattern: d.Set($ATTRIBUTE, aws.ToInt64($APIOBJECT))
-          - pattern: d.Set($ATTRIBUTE, int(aws.Int64Value($APIOBJECT)))
+          - pattern: d.Set($ATTRIBUTE, int(aws.ToInt32($APIOBJECT)))
           - pattern: d.Set($ATTRIBUTE, int(aws.ToInt64($APIOBJECT)))
-          - pattern: d.Set($ATTRIBUTE, aws.StringValue($APIOBJECT))
           - pattern: d.Set($ATTRIBUTE, aws.ToString($APIOBJECT))
     severity: WARNING
 

diff --git a/.ci/semgrep/migrate/context.yml b/.ci/semgrep/migrate/context.yml
@@ -1,42 +1,4 @@
 rules:
-  - id: aws-api-context
-    languages: [go]
-    message: All AWS API calls should use the WithContext version
-    paths:
-      include:
-        - internal/service/*
-        - internal/acctest/*
-      exclude:
-        - "internal/service/*/service_package.go"
-        - "internal/service/*/service_package_gen.go"
-    patterns:
-      - pattern: |
-          $CONN.$API(...)
-      - metavariable-regex:
-          metavariable: $CONN
-          regex: ^(?!conns)\w*([cC]onn)
-      - metavariable-regex:
-          metavariable: $API
-          # This weird construction is to get around greedy matching
-          regex: ^(?!.*(WithContext|_Values|Paginator)).*$
-      - pattern-not: |
-          $CONN.$APIV2(ctx, ...)
-      - pattern-not: tfcodestarconnections.$API()
-      - pattern-not: tfconnect.$API(...)
-      - pattern-not: tfdirectconnect.$API()
-      - pattern-not: tfkafkaconnect.$API()
-      - pattern-not: conn.Handlers.$X(...)
-      - pattern-not: conn.Handlers.$X.$Y(...)
-      - pattern-not: conn.Options()
-      - pattern-not: codeconnections_sdkv2.$API()
-      - pattern-not: codestarconnections_sdkv2.$API()
-      - pattern-not: connect_sdkv2.$API()
-      - pattern-not: connectcases_sdkv2.$API()
-      - pattern-not: directconnect_sdkv2.$API()
-      - pattern-not: kafkaconnect_sdkv2.$API()
-      - pattern-not: mediaconnect_sdkv2.$API()
-      - pattern-not: pcaconnectorad_sdkv2.$API()
-    severity: ERROR
   - id: context-todo
     languages: [go]
     message: Should not use `context.TODO()`

diff --git a/internal/acctest/acctest.go b/internal/acctest/acctest.go
@@ -41,9 +41,8 @@ import (
 	ssoadmintypes "github.com/aws/aws-sdk-go-v2/service/ssoadmin/types"
 	"github.com/aws/aws-sdk-go-v2/service/wafv2"
 	wafv2types "github.com/aws/aws-sdk-go-v2/service/wafv2/types"
-	tfawserr_sdkv1 "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
 	"github.com/hashicorp/aws-sdk-go-base/v2/endpoints"
-	tfawserr_sdkv2 "github.com/hashicorp/aws-sdk-go-base/v2/tfawserr"
+	"github.com/hashicorp/aws-sdk-go-base/v2/tfawserr"
 	"github.com/hashicorp/terraform-plugin-go/tfprotov5"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/id"
@@ -903,7 +902,7 @@ func PartitionDNSSuffix() string {
 }
 
 func PartitionReverseDNSPrefix() string {
-	return names.ReverseDNS(PartitionDNSSuffix())
+	return conns.ReverseDNS(PartitionDNSSuffix())
 }
 
 func alternateRegionPartition() string {
@@ -1786,31 +1785,31 @@ func PreCheckSkipError(err error) bool {
 	// GovCloud has endpoints that respond with (no message provided after the error code):
 	// AccessDeniedException:
 	// Ignore these API endpoints that exist but are not officially enabled
-	if tfawserr_sdkv1.ErrCodeEquals(err, "AccessDeniedException") || tfawserr_sdkv2.ErrCodeEquals(err, "AccessDeniedException") {
+	if tfawserr.ErrCodeEquals(err, "AccessDeniedException") {
 		return true
 	}
 	// Ignore missing API endpoints
-	if tfawserr_sdkv1.ErrMessageContains(err, "RequestError", "send request failed") || tfawserr_sdkv2.ErrMessageContains(err, "RequestError", "send request failed") {
+	if tfawserr.ErrMessageContains(err, "RequestError", "send request failed") {
 		return true
 	}
 	// Ignore unsupported API calls
-	if tfawserr_sdkv1.ErrCodeEquals(err, "UnknownOperationException") || tfawserr_sdkv2.ErrCodeEquals(err, "UnknownOperationException") {
+	if tfawserr.ErrCodeEquals(err, "UnknownOperationException") {
 		return true
 	}
-	if tfawserr_sdkv1.ErrCodeEquals(err, "UnsupportedOperation") || tfawserr_sdkv2.ErrCodeEquals(err, "UnsupportedOperation") {
+	if tfawserr.ErrCodeEquals(err, "UnsupportedOperation") {
 		return true
 	}
-	if tfawserr_sdkv1.ErrMessageContains(err, "InvalidInputException", "Unknown operation") || tfawserr_sdkv2.ErrMessageContains(err, "InvalidInputException", "Unknown operation") {
+	if tfawserr.ErrMessageContains(err, "InvalidInputException", "Unknown operation") {
 		return true
 	}
-	if tfawserr_sdkv1.ErrMessageContains(err, "InvalidAction", "is not valid") || tfawserr_sdkv2.ErrMessageContains(err, "InvalidAction", "is not valid") {
+	if tfawserr.ErrMessageContains(err, "InvalidAction", "is not valid") {
 		return true
 	}
-	if tfawserr_sdkv1.ErrMessageContains(err, "InvalidAction", "Unavailable Operation") || tfawserr_sdkv2.ErrMessageContains(err, "InvalidAction", "Unavailable Operation") {
+	if tfawserr.ErrMessageContains(err, "InvalidAction", "Unavailable Operation") {
 		return true
 	}
 	// ignore when not authorized to call API from account
-	if tfawserr_sdkv1.ErrCodeEquals(err, "ForbiddenException") || tfawserr_sdkv2.ErrCodeEquals(err, "ForbiddenException") {
+	if tfawserr.ErrCodeEquals(err, "ForbiddenException") {
 		return true
 	}
 	// Ignore missing API endpoints