backend/s3: Adds nested attribute for assume_role

[gdavison]

Adds a nested attribute assume_role for all arguments related to assuming an IAM role. Deprecates arguments related to assuming role at top level.

Related #30443
Closes #30495

Target Release

1.6.0

Draft CHANGELOG entry

ENHANCEMENTS

• backend/s3: Moves arguments related to assuming IAM role to nested attribute assume_role
• backend/s3: Deprecates the arguments role_arn, session_name, external_id, assume_role_duration_seconds, assume_role_policy, assume_role_policy_arns, assume_role_tags, and assume_role_transitive_tag_keys

[jar-b]

LGTM 👍

$ TF_ACC=1 go test -count=1 ./internal/backend/remote-state/s3/...
ok      github.com/hashicorp/terraform/internal/backend/remote-state/s3 171.348s

[Nuru]

This is a breaking change. IMHO this does not provide enough benefits to be worth a breaking change. Why is this important?

[gdavison]

Hi @Nuru. The top-level parameters are being deprecated, not removed, so they will still work. That isn't my understanding of a breaking change. Could you explain your perspective more, please?

The benefit in this case is to have configuration parity with the AWS Provider

[Nuru]

@gdavison "deprecated" is the step before "removed". Usually "deprecated" means "will be removed in the next major release". Additionally, people complain about deprecation warnings and want the underlying cause fixed. It ends up being a lot of work, especially on something as widely used as the S3 backend.

If you were adding a new capability or removing something that does not work anymore, that would be a good reason for such a change. Changing things to look more like the AWS provider, especially when you are not providing full feature parity, does not seem worth the disruption to me.

[gdavison]

@Nuru we are planning for feature parity for authentication and configuration. The issue #33687 details the changes that we will be making.

[github-actions]

Reminder for the merging maintainer: if this is a user-visible change, please update the changelog on the appropriate release branch.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.