Merge pull request #31487 from hashicorp/remove-aws_secretsmanager_se…

…cret.rotation_ r/aws_secretsmanager_secret: Remove `rotation_*`
hashicorp · May 19, 2023 · 8da7db5 · 8da7db5
2 parents 580b64e + b53d8f6
commit 8da7db5
Show file tree

Hide file tree

Showing 12 changed files with 116 additions and 574 deletions.
diff --git a/.changelog/31487.txt b/.changelog/31487.txt
@@ -0,0 +1,7 @@
+```release-note:breaking-change
+resource/aws_secretsmanager_secret: The `rotation_enabled`, `rotation_lambda_arn` and `rotation_rules` attributes have been removed
+```
+
+```release-note:breaking-change
+data-source/aws_secretsmanager_secret: The `rotation_enabled`, `rotation_lambda_arn` and `rotation_rules` attributes have been removed
+```
diff --git a/internal/service/secretsmanager/secret.go b/internal/service/secretsmanager/secret.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"log"
-	"regexp"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -126,52 +125,6 @@ func ResourceSecret() *schema.Resource {
 					},
 				},
 			},
-			"rotation_enabled": {
-				Deprecated: "Use the aws_secretsmanager_secret_rotation resource instead",
-				Type:       schema.TypeBool,
-				Computed:   true,
-			},
-			"rotation_lambda_arn": {
-				Deprecated: "Use the aws_secretsmanager_secret_rotation resource instead",
-				Type:       schema.TypeString,
-				Optional:   true,
-				Computed:   true,
-			},
-			"rotation_rules": {
-				Deprecated: "Use the aws_secretsmanager_secret_rotation resource instead",
-				Type:       schema.TypeList,
-				Computed:   true,
-				Optional:   true,
-				MaxItems:   1,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"automatically_after_days": {
-							Type:          schema.TypeInt,
-							Optional:      true,
-							ConflictsWith: []string{"rotation_rules.0.schedule_expression"},
-							ExactlyOneOf:  []string{"rotation_rules.0.automatically_after_days", "rotation_rules.0.schedule_expression"},
-							DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
-								_, exists := d.GetOk("rotation_rules.0.schedule_expression")
-								return exists
-							},
-							DiffSuppressOnRefresh: true,
-							ValidateFunc:          validation.IntBetween(1, 1000),
-						},
-						"duration": {
-							Type:         schema.TypeString,
-							Optional:     true,
-							ValidateFunc: validation.StringMatch(regexp.MustCompile(`[0-9h]+`), ""),
-						},
-						"schedule_expression": {
-							Type:          schema.TypeString,
-							Optional:      true,
-							ConflictsWith: []string{"rotation_rules.0.automatically_after_days"},
-							ExactlyOneOf:  []string{"rotation_rules.0.automatically_after_days", "rotation_rules.0.schedule_expression"},
-							ValidateFunc:  validation.StringMatch(regexp.MustCompile(`[0-9A-Za-z\(\)#\?\*\-\/, ]+`), ""),
-						},
-					},
-				},
-			},
 			names.AttrTags:    tftags.TagsSchema(),
 			names.AttrTagsAll: tftags.TagsSchemaComputed(),
 		},
@@ -257,33 +210,6 @@ func resourceSecretCreate(ctx context.Context, d *schema.ResourceData, meta inte
 		}
 	}
 
-	if v, ok := d.GetOk("rotation_lambda_arn"); ok && v.(string) != "" {
-		input := &secretsmanager.RotateSecretInput{
-			RotationLambdaARN: aws.String(v.(string)),
-			RotationRules:     expandRotationRules(d.Get("rotation_rules").([]interface{})),
-			SecretId:          aws.String(d.Id()),
-		}
-
-		log.Printf("[DEBUG] Enabling Secrets Manager Secret rotation: %s", input)
-		err := retry.RetryContext(ctx, 1*time.Minute, func() *retry.RetryError {
-			_, err := conn.RotateSecretWithContext(ctx, input)
-			if err != nil {
-				// AccessDeniedException: Secrets Manager cannot invoke the specified Lambda function.
-				if tfawserr.ErrCodeEquals(err, "AccessDeniedException") {
-					return retry.RetryableError(err)
-				}
-				return retry.NonRetryableError(err)
-			}
-			return nil
-		})
-		if tfresource.TimedOut(err) {
-			_, err = conn.RotateSecretWithContext(ctx, input)
-		}
-		if err != nil {
-			return sdkdiag.AppendErrorf(diags, "enabling Secrets Manager Secret %q rotation: %s", d.Id(), err)
-		}
-	}
-
 	return append(diags, resourceSecretRead(ctx, d, meta)...)
 }
 
@@ -295,7 +221,7 @@ func resourceSecretRead(ctx context.Context, d *schema.ResourceData, meta interf
 		return FindSecretByID(ctx, conn, d.Id())
 	}, d.IsNewResource())
 
-	if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, secretsmanager.ErrCodeResourceNotFoundException) {
+	if !d.IsNewResource() && tfresource.NotFound(err) {
 		log.Printf("[WARN] Secrets Manager Secret (%s) not found, removing from state", d.Id())
 		d.SetId("")
 		return diags
@@ -354,18 +280,6 @@ func resourceSecretRead(ctx context.Context, d *schema.ResourceData, meta interf
 		d.Set("policy", "")
 	}
 
-	d.Set("rotation_enabled", output.RotationEnabled)
-
-	if aws.BoolValue(output.RotationEnabled) {
-		d.Set("rotation_lambda_arn", output.RotationLambdaARN)
-		if err := d.Set("rotation_rules", flattenRotationRules(output.RotationRules)); err != nil {
-			return sdkdiag.AppendErrorf(diags, "setting rotation_rules: %s", err)
-		}
-	} else {
-		d.Set("rotation_lambda_arn", "")
-		d.Set("rotation_rules", []interface{}{})
-	}
-
 	SetTagsOut(ctx, output.Tags)
 
 	return diags
@@ -446,45 +360,6 @@ func resourceSecretUpdate(ctx context.Context, d *schema.ResourceData, meta inte
 		}
 	}
 
-	if d.HasChanges("rotation_lambda_arn", "rotation_rules") {
-		if v, ok := d.GetOk("rotation_lambda_arn"); ok && v.(string) != "" {
-			input := &secretsmanager.RotateSecretInput{
-				RotationLambdaARN: aws.String(v.(string)),
-				RotationRules:     expandRotationRules(d.Get("rotation_rules").([]interface{})),
-				SecretId:          aws.String(d.Id()),
-			}
-
-			log.Printf("[DEBUG] Enabling Secrets Manager Secret rotation: %s", input)
-			err := retry.RetryContext(ctx, 1*time.Minute, func() *retry.RetryError {
-				_, err := conn.RotateSecretWithContext(ctx, input)
-				if err != nil {
-					// AccessDeniedException: Secrets Manager cannot invoke the specified Lambda function.
-					if tfawserr.ErrCodeEquals(err, "AccessDeniedException") {
-						return retry.RetryableError(err)
-					}
-					return retry.NonRetryableError(err)
-				}
-				return nil
-			})
-			if tfresource.TimedOut(err) {
-				_, err = conn.RotateSecretWithContext(ctx, input)
-			}
-			if err != nil {
-				return sdkdiag.AppendErrorf(diags, "updating Secrets Manager Secret %q rotation: %s", d.Id(), err)
-			}
-		} else {
-			input := &secretsmanager.CancelRotateSecretInput{
-				SecretId: aws.String(d.Id()),
-			}
-
-			log.Printf("[DEBUG] Cancelling Secrets Manager Secret rotation: %s", input)
-			_, err := conn.CancelRotateSecretWithContext(ctx, input)
-			if err != nil {
-				return sdkdiag.AppendErrorf(diags, "cancelling Secret Manager Secret %q rotation: %s", d.Id(), err)
-			}
-		}
-	}
-
 	return append(diags, resourceSecretRead(ctx, d, meta)...)
 }
 

diff --git a/internal/service/secretsmanager/secret_data_source.go b/internal/service/secretsmanager/secret_data_source.go
@@ -44,37 +44,6 @@ func DataSourceSecret() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-			"rotation_enabled": {
-				Deprecated: "Use the aws_secretsmanager_secret_rotation data source instead",
-				Type:       schema.TypeBool,
-				Computed:   true,
-			},
-			"rotation_lambda_arn": {
-				Deprecated: "Use the aws_secretsmanager_secret_rotation data source instead",
-				Type:       schema.TypeString,
-				Computed:   true,
-			},
-			"rotation_rules": {
-				Deprecated: "Use the aws_secretsmanager_secret_rotation data source instead",
-				Type:       schema.TypeList,
-				Computed:   true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"automatically_after_days": {
-							Type:     schema.TypeInt,
-							Computed: true,
-						},
-						"duration": {
-							Type:     schema.TypeString,
-							Computed: true,
-						},
-						"schedule_expression": {
-							Type:     schema.TypeString,
-							Computed: true,
-						},
-					},
-				},
-			},
 			"tags": {
 				Type:     schema.TypeMap,
 				Computed: true,
@@ -126,8 +95,6 @@ func dataSourceSecretRead(ctx context.Context, d *schema.ResourceData, meta inte
 	d.Set("description", output.Description)
 	d.Set("kms_key_id", output.KmsKeyId)
 	d.Set("name", output.Name)
-	d.Set("rotation_enabled", output.RotationEnabled)
-	d.Set("rotation_lambda_arn", output.RotationLambdaARN)
 	d.Set("policy", "")
 
 	pIn := &secretsmanager.GetResourcePolicyInput{
@@ -147,10 +114,6 @@ func dataSourceSecretRead(ctx context.Context, d *schema.ResourceData, meta inte
 		d.Set("policy", policy)
 	}
 
-	if err := d.Set("rotation_rules", flattenRotationRules(output.RotationRules)); err != nil {
-		return sdkdiag.AppendErrorf(diags, "setting rotation_rules: %s", err)
-	}
-
 	if err := d.Set("tags", KeyValueTags(ctx, output.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting tags: %s", err)
 	}

diff --git a/internal/service/secretsmanager/secret_data_source_test.go b/internal/service/secretsmanager/secret_data_source_test.go
@@ -116,9 +116,6 @@ func testAccSecretCheckDataSource(datasourceName, resourceName string) resource.
 			"kms_key_id",
 			"name",
 			"policy",
-			"rotation_enabled",
-			"rotation_lambda_arn",
-			"rotation_rules.#",
 			"tags.#",
 		}