Removes filter from data.aws_identitystore_group and data.aws_identitystore_user

.changelog/42325.txt

@@ -0,0 +1,7 @@
+```release-note:breaking-change
+resource/aws_identitystore_group: `filter` has been removed
+```
+
+```release-note:breaking-change
+data-source/aws_identitystore_user: `filter` has been removed
+```

internal/service/identitystore/group.go

@@ -217,12 +217,12 @@ func groupParseResourceID(id string) (string, string, error) {
 }
 
 func findGroupByTwoPartKey(ctx context.Context, conn *identitystore.Client, identityStoreID, groupID string) (*identitystore.DescribeGroupOutput, error) {
-	input := &identitystore.DescribeGroupInput{
+	input := identitystore.DescribeGroupInput{
 		GroupId:         aws.String(groupID),
 		IdentityStoreId: aws.String(identityStoreID),
 	}
 
-	return findGroup(ctx, conn, input)
+	return findGroup(ctx, conn, &input)
 }
 
 func findGroup(ctx context.Context, conn *identitystore.Client, input *identitystore.DescribeGroupInput) (*identitystore.DescribeGroupOutput, error) {

internal/service/identitystore/group_data_source.go

@@ -9,13 +9,11 @@ import (
 	"github.com/YakDriver/regexache"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/identitystore"
-	"github.com/aws/aws-sdk-go-v2/service/identitystore/types"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
-	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
@@ -69,7 +67,7 @@ func dataSourceGroup() *schema.Resource {
 						},
 					},
 				},
-				ConflictsWith: []string{names.AttrFilter, "group_id"},
+				ConflictsWith: []string{"group_id"},
 			},
 			names.AttrDescription: {
 				Type:     schema.TypeString,
@@ -95,26 +93,6 @@ func dataSourceGroup() *schema.Resource {
 					},
 				},
 			},
-			names.AttrFilter: {
-				Deprecated:    "filter is deprecated. Use alternate_identifier instead.",
-				Type:          schema.TypeList,
-				Optional:      true,
-				MaxItems:      1,
-				AtLeastOneOf:  []string{"alternate_identifier", names.AttrFilter, "group_id"},
-				ConflictsWith: []string{"alternate_identifier"},
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"attribute_path": {
-							Type:     schema.TypeString,
-							Required: true,
-						},
-						"attribute_value": {
-							Type:     schema.TypeString,
-							Required: true,
-						},
-					},
-				},
-			},
 			"group_id": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -123,7 +101,7 @@ func dataSourceGroup() *schema.Resource {
 					validation.StringLenBetween(1, 47),
 					validation.StringMatch(regexache.MustCompile(`^([0-9a-f]{10}-|)[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}$`), "must match ([0-9a-f]{10}-|)[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}"),
 				),
-				AtLeastOneOf:  []string{"alternate_identifier", names.AttrFilter, "group_id"},
+				AtLeastOneOf:  []string{"alternate_identifier", "group_id"},
 				ConflictsWith: []string{"alternate_identifier"},
 			},
 			"identity_store_id": {
@@ -144,57 +122,15 @@ func dataSourceGroupRead(ctx context.Context, d *schema.ResourceData, meta any)
 
 	identityStoreID := d.Get("identity_store_id").(string)
 
-	if v, ok := d.GetOk(names.AttrFilter); ok && len(v.([]any)) > 0 {
-		// Use ListGroups for backwards compat.
-		var output []types.Group
-		input := &identitystore.ListGroupsInput{
-			IdentityStoreId: aws.String(identityStoreID),
-			Filters:         expandFilters(d.Get(names.AttrFilter).([]any)),
-		}
-
-		pages := identitystore.NewListGroupsPaginator(conn, input)
-		for pages.HasMorePages() {
-			page, err := pages.NextPage(ctx)
-
-			if err != nil {
-				return sdkdiag.AppendErrorf(diags, "reading IdentityStore Groups (%s): %s", identityStoreID, err)
-			}
-
-			for _, group := range page.Groups {
-				if v, ok := d.GetOk("group_id"); ok && v.(string) != aws.ToString(group.GroupId) {
-					continue
-				}
-
-				output = append(output, group)
-			}
-		}
-
-		group, err := tfresource.AssertSingleValueResult(output)
-
-		if err != nil {
-			return sdkdiag.AppendFromErr(diags, tfresource.SingularDataSourceFindError("IdentityStore Group", err))
-		}
-
-		d.SetId(aws.ToString(group.GroupId))
-		d.Set(names.AttrDescription, group.Description)
-		d.Set(names.AttrDisplayName, group.DisplayName)
-		if err := d.Set("external_ids", flattenExternalIDs(group.ExternalIds)); err != nil {
-			return sdkdiag.AppendErrorf(diags, "setting external_ids: %s", err)
-		}
-		d.Set("group_id", group.GroupId)
-
-		return diags
-	}
-
 	var groupID string
 
 	if v, ok := d.GetOk("alternate_identifier"); ok && len(v.([]any)) > 0 {
-		input := &identitystore.GetGroupIdInput{
+		input := identitystore.GetGroupIdInput{
 			AlternateIdentifier: expandAlternateIdentifier(v.([]any)[0].(map[string]any)),
 			IdentityStoreId:     aws.String(identityStoreID),
 		}
 
-		output, err := conn.GetGroupId(ctx, input)
+		output, err := conn.GetGroupId(ctx, &input)
 
 		if err != nil {
 			return sdkdiag.AppendErrorf(diags, "reading IdentityStore Group (%s): %s", identityStoreID, err)
@@ -228,32 +164,3 @@ func dataSourceGroupRead(ctx context.Context, d *schema.ResourceData, meta any)
 
 	return diags
 }
-
-func expandFilters(tfList []any) []types.Filter {
-	if len(tfList) == 0 || tfList[0] == nil {
-		return nil
-	}
-
-	apiObjects := make([]types.Filter, 0, len(tfList))
-
-	for _, v := range tfList {
-		tfMap, ok := v.(map[string]any)
-		if !ok {
-			continue
-		}
-
-		apiObject := types.Filter{}
-
-		if v, ok := tfMap["attribute_path"].(string); ok && v != "" {
-			apiObject.AttributePath = aws.String(v)
-		}
-
-		if v, ok := tfMap["attribute_value"].(string); ok && v != "" {
-			apiObject.AttributeValue = aws.String(v)
-		}
-
-		apiObjects = append(apiObjects, apiObject)
-	}
-
-	return apiObjects
-}

internal/service/identitystore/group_data_source_test.go

@@ -13,33 +13,6 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
-func TestAccIdentityStoreGroupDataSource_filterDisplayName(t *testing.T) {
-	ctx := acctest.Context(t)
-	resourceName := "aws_identitystore_group.test"
-	dataSourceName := "data.aws_identitystore_group.test"
-	name := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
-
-	resource.ParallelTest(t, resource.TestCase{
-		PreCheck: func() {
-			acctest.PreCheck(ctx, t)
-			acctest.PreCheckSSOAdminInstances(ctx, t)
-		},
-		ErrorCheck:               acctest.ErrorCheck(t, names.IdentityStoreServiceID),
-		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
-		Steps: []resource.TestStep{
-			{
-				Config: testAccGroupDataSourceConfig_filterDisplayName(name),
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrDescription, resourceName, names.AttrDescription),
-					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrDisplayName, resourceName, names.AttrDisplayName),
-					resource.TestCheckResourceAttrPair(dataSourceName, "group_id", resourceName, "group_id"),
-					resource.TestCheckResourceAttr(dataSourceName, "external_ids.#", "0"),
-				),
-			},
-		},
-	})
-}
-
 func TestAccIdentityStoreGroupDataSource_uniqueAttributeDisplayName(t *testing.T) {
 	ctx := acctest.Context(t)
 	resourceName := "aws_identitystore_group.test"
@@ -56,7 +29,7 @@ func TestAccIdentityStoreGroupDataSource_uniqueAttributeDisplayName(t *testing.T
 		Steps: []resource.TestStep{
 			{
 				Config: testAccGroupDataSourceConfig_uniqueAttributeDisplayName(name),
-				Check: resource.ComposeTestCheckFunc(
+				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrDescription, resourceName, names.AttrDescription),
 					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrDisplayName, resourceName, names.AttrDisplayName),
 					resource.TestCheckResourceAttrPair(dataSourceName, "group_id", resourceName, "group_id"),
@@ -67,7 +40,7 @@ func TestAccIdentityStoreGroupDataSource_uniqueAttributeDisplayName(t *testing.T
 	})
 }
 
-func TestAccIdentityStoreGroupDataSource_filterDisplayNameAndGroupID(t *testing.T) {
+func TestAccIdentityStoreGroupDataSource_groupID(t *testing.T) {
 	ctx := acctest.Context(t)
 	resourceName := "aws_identitystore_group.test"
 	dataSourceName := "data.aws_identitystore_group.test"
@@ -82,8 +55,8 @@ func TestAccIdentityStoreGroupDataSource_filterDisplayNameAndGroupID(t *testing.
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccGroupDataSourceConfig_filterDisplayNameAndGroupID(name),
-				Check: resource.ComposeTestCheckFunc(
+				Config: testAccGroupDataSourceConfig_groupID(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrDescription, resourceName, names.AttrDescription),
 					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrDisplayName, resourceName, names.AttrDisplayName),
 					resource.TestCheckResourceAttrPair(dataSourceName, "group_id", resourceName, "group_id"),
@@ -106,19 +79,6 @@ resource "aws_identitystore_group" "test" {
 `, name)
 }
 
-func testAccGroupDataSourceConfig_filterDisplayName(name string) string {
-	return acctest.ConfigCompose(testAccGroupDataSourceConfig_base(name), `
-data "aws_identitystore_group" "test" {
-  filter {
-    attribute_path  = "DisplayName"
-    attribute_value = aws_identitystore_group.test.display_name
-  }
-
-  identity_store_id = tolist(data.aws_ssoadmin_instances.test.identity_store_ids)[0]
-}
-`)
-}
-
 func testAccGroupDataSourceConfig_uniqueAttributeDisplayName(name string) string {
 	return acctest.ConfigCompose(testAccGroupDataSourceConfig_base(name), `
 data "aws_identitystore_group" "test" {
@@ -134,14 +94,9 @@ data "aws_identitystore_group" "test" {
 `)
 }
 
-func testAccGroupDataSourceConfig_filterDisplayNameAndGroupID(name string) string {
+func testAccGroupDataSourceConfig_groupID(name string) string {
 	return acctest.ConfigCompose(testAccGroupDataSourceConfig_base(name), `
 data "aws_identitystore_group" "test" {
-  filter {
-    attribute_path  = "DisplayName"
-    attribute_value = aws_identitystore_group.test.display_name
-  }
-
   group_id          = aws_identitystore_group.test.group_id
   identity_store_id = tolist(data.aws_ssoadmin_instances.test.identity_store_ids)[0]
 }

internal/service/identitystore/user.go

@@ -650,12 +650,12 @@ func userParseResourceID(id string) (string, string, error) {
 }
 
 func findUserByTwoPartKey(ctx context.Context, conn *identitystore.Client, identityStoreID, userID string) (*identitystore.DescribeUserOutput, error) {
-	input := &identitystore.DescribeUserInput{
+	input := identitystore.DescribeUserInput{
 		IdentityStoreId: aws.String(identityStoreID),
 		UserId:          aws.String(userID),
 	}
 
-	return findUser(ctx, conn, input)
+	return findUser(ctx, conn, &input)
 }
 
 func findUser(ctx context.Context, conn *identitystore.Client, input *identitystore.DescribeUserInput) (*identitystore.DescribeUserOutput, error) {