Merge pull request #33593 from hashicorp/f-aws_s3_bucket_request_paym…

…ent_configuration-aws-sdk-v2

r/aws_s3_bucket_intelligent_tiering_configuration et al.: Migrate to AWS SDK for Go v2

internal/conns/awsclient.go

@@ -42,6 +42,14 @@ type AWSClient struct {
 	stsRegion                 string                                    // From provider configuration.
 }
 
+// CredentialsProvider returns the AWS SDK for Go v2 credentials provider.
+func (client *AWSClient) CredentialsProvider() aws_sdkv2.CredentialsProvider {
+	if client.awsConfig == nil {
+		return nil
+	}
+	return client.awsConfig.Credentials
+}
+
 // PartitionHostname returns a hostname with the provider domain suffix for the partition
 // e.g. PREFIX.amazonaws.com
 // The prefix should not contain a trailing period.

internal/service/s3/bucket.go

@@ -78,7 +78,7 @@ func ResourceBucket() *schema.Resource {
 				Optional:      true,
 				Computed:      true,
 				ConflictsWith: []string{"grant"},
-				ValidateFunc:  validation.StringInSlice(BucketCannedACL_Values(), false),
+				ValidateFunc:  validation.StringInSlice(bucketCannedACL_Values(), false),
 				Deprecated:    "Use the aws_s3_bucket_acl resource instead",
 			},
 			"arn": {

internal/service/s3/bucket_accelerate_configuration.go

@@ -163,6 +163,7 @@ func resourceBucketAccelerateConfigurationDelete(ctx context.Context, d *schema.
 		input.ExpectedBucketOwner = aws.String(expectedBucketOwner)
 	}
 
+	log.Printf("[DEBUG] Deleting S3 Bucket Accelerate Configuration: %s", d.Id())
 	_, err = conn.PutBucketAccelerateConfiguration(ctx, input)
 
 	if tfawserr.ErrCodeEquals(err, errCodeNoSuchBucket) {

internal/service/s3/bucket_acl.go

@@ -20,6 +20,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/enum"
+	tfslices "github.com/hashicorp/terraform-provider-aws/internal/slices"
 	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/internal/verify"
 )
@@ -112,10 +113,10 @@ func ResourceBucketACL() *schema.Resource {
 				},
 			},
 			"acl": {
-				Type:             schema.TypeString,
-				Optional:         true,
-				ConflictsWith:    []string{"access_control_policy"},
-				ValidateDiagFunc: enum.Validate[types.BucketCannedACL](),
+				Type:          schema.TypeString,
+				Optional:      true,
+				ConflictsWith: []string{"access_control_policy"},
+				ValidateFunc:  validation.StringInSlice(bucketCannedACL_Values(), false),
 			},
 			"bucket": {
 				Type:         schema.TypeString,
@@ -523,3 +524,13 @@ func findBucketACL(ctx context.Context, conn *s3.Client, bucket, expectedBucketO
 
 	return output, nil
 }
+
+// These should be defined in the AWS SDK for Go. There is an issue, https://github.com/aws/aws-sdk-go/issues/2683.
+const (
+	bucketCannedACLExecRead         = "aws-exec-read"
+	bucketCannedACLLogDeliveryWrite = "log-delivery-write"
+)
+
+func bucketCannedACL_Values() []string {
+	return tfslices.AppendUnique(enum.Values[types.BucketCannedACL](), bucketCannedACLExecRead, bucketCannedACLLogDeliveryWrite)
+}

internal/service/s3/bucket_data_source.go

@@ -8,15 +8,14 @@ import (
 	"fmt"
 	"log"
 
-	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go-v2/feature/s3/manager"
+	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/aws/aws-sdk-go/aws/arn"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/service/s3"
-	"github.com/aws/aws-sdk-go/service/s3/s3manager"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 )
 
 // @SDKDataSource("aws_s3_bucket")
@@ -25,14 +24,14 @@ func DataSourceBucket() *schema.Resource {
 		ReadWithoutTimeout: dataSourceBucketRead,
 
 		Schema: map[string]*schema.Schema{
-			"bucket": {
-				Type:     schema.TypeString,
-				Required: true,
-			},
 			"arn": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"bucket": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
 			"bucket_domain_name": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -49,11 +48,11 @@ func DataSourceBucket() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-			"website_endpoint": {
+			"website_domain": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-			"website_domain": {
+			"website_endpoint": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
@@ -63,86 +62,62 @@ func DataSourceBucket() *schema.Resource {
 
 func dataSourceBucketRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
-	conn := meta.(*conns.AWSClient).S3Conn(ctx)
+	awsClient := meta.(*conns.AWSClient)
+	conn := awsClient.S3Client(ctx)
 
 	bucket := d.Get("bucket").(string)
+	err := findBucket(ctx, conn, bucket)
 
-	input := &s3.HeadBucketInput{
-		Bucket: aws.String(bucket),
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "reading S3 Bucket (%s): %s", bucket, err)
 	}
 
-	log.Printf("[DEBUG] Reading S3 bucket: %s", input)
-	_, err := conn.HeadBucketWithContext(ctx, input)
+	region, err := manager.GetBucketRegion(ctx, conn, bucket,
+		func(o *s3.Options) {
+			// By default, GetBucketRegion forces virtual host addressing, which
+			// is not compatible with many non-AWS implementations. Instead, pass
+			// the provider s3_force_path_style configuration, which defaults to
+			// false, but allows override.
+			o.UsePathStyle = awsClient.S3UsePathStyle()
+		},
+		func(o *s3.Options) {
+			// By default, GetBucketRegion uses anonymous credentials when doing
+			// a HEAD request to get the bucket region. This breaks in aws-cn regions
+			// when the account doesn't have an ICP license to host public content.
+			// Use the current credentials when getting the bucket region.
+			o.Credentials = awsClient.CredentialsProvider()
+		})
 
 	if err != nil {
-		return sdkdiag.AppendErrorf(diags, "Failed getting S3 bucket (%s): %s", bucket, err)
+		return sdkdiag.AppendErrorf(diags, "reading S3 Bucket (%s) Region: %s", bucket, err)
 	}
 
 	d.SetId(bucket)
 	arn := arn.ARN{
-		Partition: meta.(*conns.AWSClient).Partition,
+		Partition: awsClient.Partition,
 		Service:   "s3",
 		Resource:  bucket,
 	}.String()
 	d.Set("arn", arn)
-	d.Set("bucket_domain_name", meta.(*conns.AWSClient).PartitionHostname(fmt.Sprintf("%s.s3", bucket)))
-
-	err = bucketLocation(ctx, meta.(*conns.AWSClient), d, bucket)
-	if err != nil {
-		return sdkdiag.AppendErrorf(diags, "getting S3 Bucket location: %s", err)
-	}
-
-	regionalDomainName, err := BucketRegionalDomainName(bucket, d.Get("region").(string))
-	if err != nil {
-		return sdkdiag.AppendErrorf(diags, "getting S3 Bucket regional domain name: %s", err)
-	}
-	d.Set("bucket_regional_domain_name", regionalDomainName)
-
-	return diags
-}
-
-func bucketLocation(ctx context.Context, client *conns.AWSClient, d *schema.ResourceData, bucket string) error {
-	region, err := s3manager.GetBucketRegionWithClient(ctx, client.S3Conn(ctx), bucket, func(r *request.Request) {
-		// By default, GetBucketRegion forces virtual host addressing, which
-		// is not compatible with many non-AWS implementations. Instead, pass
-		// the provider s3_force_path_style configuration, which defaults to
-		// false, but allows override.
-		r.Config.S3ForcePathStyle = client.S3Conn(ctx).Config.S3ForcePathStyle
-
-		// By default, GetBucketRegion uses anonymous credentials when doing
-		// a HEAD request to get the bucket region. This breaks in aws-cn regions
-		// when the account doesn't have an ICP license to host public content.
-		// Use the current credentials when getting the bucket region.
-		r.Config.Credentials = client.S3Conn(ctx).Config.Credentials
-	})
-	if err != nil {
-		return err
-	}
-	if err := d.Set("region", region); err != nil {
-		return err
-	}
-
-	hostedZoneID, err := HostedZoneIDForRegion(region)
-	if err != nil {
-		log.Printf("[WARN] %s", err)
+	d.Set("bucket_domain_name", awsClient.PartitionHostname(fmt.Sprintf("%s.s3", bucket)))
+	if regionalDomainName, err := BucketRegionalDomainName(bucket, region); err == nil {
+		d.Set("bucket_regional_domain_name", regionalDomainName)
 	} else {
+		log.Printf("[WARN] BucketRegionalDomainName: %s", err)
+	}
+	if hostedZoneID, err := HostedZoneIDForRegion(region); err == nil {
 		d.Set("hosted_zone_id", hostedZoneID)
+	} else {
+		log.Printf("[WARN] HostedZoneIDForRegion: %s", err)
 	}
-
-	_, websiteErr := client.S3Conn(ctx).GetBucketWebsite(
-		&s3.GetBucketWebsiteInput{
-			Bucket: aws.String(bucket),
-		},
-	)
-
-	if websiteErr == nil {
-		websiteEndpoint := WebsiteEndpoint(client, bucket, region)
-		if err := d.Set("website_endpoint", websiteEndpoint.Endpoint); err != nil {
-			return err
-		}
-		if err := d.Set("website_domain", websiteEndpoint.Domain); err != nil {
-			return err
-		}
+	d.Set("region", region)
+	if _, err := findBucketWebsite(ctx, conn, bucket, ""); err == nil {
+		website := WebsiteEndpoint(awsClient, bucket, region)
+		d.Set("website_domain", website.Domain)
+		d.Set("website_endpoint", website.Endpoint)
+	} else if !tfresource.NotFound(err) {
+		log.Printf("[WARN] Reading S3 Bucket (%s) Website: %s", bucket, err)
 	}
-	return nil
+
+	return diags
 }

internal/service/s3/bucket_data_source_test.go

@@ -7,11 +7,11 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/aws/aws-sdk-go/service/s3"
 	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
 	tfs3 "github.com/hashicorp/terraform-provider-aws/internal/service/s3"
+	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
 func TestAccS3BucketDataSource_basic(t *testing.T) {
@@ -22,7 +22,7 @@ func TestAccS3BucketDataSource_basic(t *testing.T) {
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
-		ErrorCheck:               acctest.ErrorCheck(t, s3.EndpointsID),
+		ErrorCheck:               acctest.ErrorCheck(t, names.S3EndpointID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		Steps: []resource.TestStep{
 			{
@@ -47,7 +47,7 @@ func TestAccS3BucketDataSource_website(t *testing.T) {
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
-		ErrorCheck:               acctest.ErrorCheck(t, s3.EndpointsID),
+		ErrorCheck:               acctest.ErrorCheck(t, names.S3EndpointID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		Steps: []resource.TestStep{
 			{