feat: ✨ use non-deprecated assume-role block syntax for S3 TF backend

plugins/terraform/stepper.go

@@ -356,47 +356,91 @@ func GetBackendConfig(exec config.StepExecution, backendParser TFBackendParser)
 	// if user has decided to overwrite state file convention in backend.tf, support this override
 	if declaredBackend.Key != "" {
 		// grab statefile name (base)
-		b["key"] = interpolateString(exec, declaredBackend.Key)
+		interpolatedKey := interpolateString(exec, declaredBackend.Key)
+
+		// only track override config if interpolated is different from what user declared
+		if interpolatedKey != declaredBackend.Key {
+			b["key"] = interpolatedKey
+		}
 	}
 
-	if declaredBackend.S3RoleArn != "" {
-		b["role_arn"] = interpolateString(exec, declaredBackend.S3RoleArn)
+	if declaredBackend.AssumeRole.RoleArn != "" {
+		roleArn := declaredBackend.AssumeRole.RoleArn
+		exec.Logger.Tracef("Declared S3RoleArn: %s", roleArn)
+		interpolatedRoelArn := interpolateString(exec, declaredBackend.AssumeRole.RoleArn)
 
-		exec.Logger.Debugf("Declared S3RoleArn: %s", b["role_arn"])
+		// only track override config if interpolated is different from what user declared
+		if interpolatedRoelArn != roleArn {
+			b["assume_role"] = fmt.Sprintf("{\"role_arn\"=\"%s\"}", roleArn)
+			roleArn = interpolatedRoelArn
+		}
+		exec.Logger.Debugf("Resolved S3RoleArn: %s", roleArn)
 	}
 
 	if declaredBackend.S3Bucket != "" {
-		b["bucket"] = interpolateString(exec, declaredBackend.S3Bucket)
-
-		exec.Logger.Debugf("Declared S3 bucket: %s", b["bucket"])
+		bucket := declaredBackend.S3Bucket
+		exec.Logger.Tracef("Declared S3 bucket: %s", bucket)
+		interpolatedBucket := interpolateString(exec, bucket)
+
+		// only track override config if interpolated is different from what user declared
+		if interpolatedBucket != bucket {
+			b["bucket"] = interpolatedBucket
+			bucket = interpolatedBucket
+		}
+		exec.Logger.Debugf("Resolved S3 bucket: %s", bucket)
 	}
 
 	if declaredBackend.GCSBucket != "" {
-		b["bucket"] = interpolateString(exec, declaredBackend.GCSBucket)
-
-		exec.Logger.Debugf("Declared GCS bucket: %s", b["bucket"])
+		bucket := declaredBackend.GCSBucket
+		exec.Logger.Tracef("Declared GCS bucket: %s", bucket)
+		interpolatedBucket := interpolateString(exec, bucket)
+
+		// only track override config if interpolated is different from what user declared
+		if interpolatedBucket != bucket {
+			b["bucket"] = interpolatedBucket
+			bucket = interpolatedBucket
+		}
+		exec.Logger.Debugf("Resolved GCS bucket: %s", bucket)
 	}
 
 	if declaredBackend.GCSPrefix != "" {
-		b["prefix"] = interpolateString(exec, declaredBackend.GCSPrefix)
-
-		exec.Logger.Debugf("Declared GCS prefix: %s", b["prefix"])
+		prefix := declaredBackend.GCSPrefix
+		exec.Logger.Tracef("Declared GCS prefix: %s", prefix)
+		interpolatedPrefix := interpolateString(exec, prefix)
+
+		// only track override config if interpolated is different from what user declared
+		if interpolatedPrefix != prefix {
+			b["prefix"] = interpolatedPrefix
+			prefix = interpolatedPrefix
+		}
+		exec.Logger.Debugf("Resolved GCS prefix: %s", prefix)
 	}
 
 	if declaredBackend.AZUResourceGroupName != "" {
-		b["resource_group_name"] = interpolateString(exec, declaredBackend.AZUResourceGroupName)
-	}
+		interpolatedRgName := interpolateString(exec, declaredBackend.AZUResourceGroupName)
 
-	if declaredBackend.AZUStorageAccountName != "" {
-		b["storage_account_name"] = interpolateString(exec, declaredBackend.AZUStorageAccountName)
+		// only track override config if interpolated is different from what user declared
+		if interpolatedRgName != declaredBackend.AZUResourceGroupName {
+			b["resource_group_name"] = interpolatedRgName
+		}
 	}
 
 	if declaredBackend.AZUStorageAccountName != "" {
-		b["storage_account_name"] = interpolateString(exec, declaredBackend.AZUStorageAccountName)
+		interpolatedStorageAcctName := interpolateString(exec, declaredBackend.AZUStorageAccountName)
+
+		// only track override config if interpolated is different from what user declared
+		if interpolatedStorageAcctName != declaredBackend.AZUStorageAccountName {
+			b["storage_account_name"] = interpolatedStorageAcctName
+		}
 	}
 
 	if declaredBackend.Path != "" {
-		b["path"] = interpolateString(exec, declaredBackend.Path)
+		interpolatedPath := interpolateString(exec, declaredBackend.Path)
+
+		// only track override config if interpolated is different from what user declared
+		if interpolatedPath != declaredBackend.Path {
+			b["path"] = interpolatedPath
+		}
 	}
 
 	declaredBackend.Config = b

plugins/terraform/stepper_test.go

@@ -502,7 +502,7 @@ func TestParseBackend_ShouldParseRoleArnWhenSet(t *testing.T) {
 	mockResult := ParseTFBackend(fs, logger, "testbackend.tf")
 
 	require.Equal(t, S3Backend, mockResult.Type)
-	require.Equal(t, "stubrolearn", mockResult.S3RoleArn)
+	require.Equal(t, "stubrolearn", mockResult.AssumeRole.RoleArn)
 }
 
 func TestTFBackendTypeToString(t *testing.T) {

plugins/terraform/terraform.go

@@ -50,11 +50,17 @@ func StringToBackendType(s string) (TFBackendType, error) {
 	return val, nil
 }
 
+// TerraformS3BackendAssumeRole provides a nested struct for the assume_role block in an S3 backend of Terraform
+// https://developer.hashicorp.com/terraform/language/settings/backends/s3#assume-role-configuration
+type TerraformS3BackendAssumeRole struct {
+	RoleArn string
+}
+
 // TerraformBackend is a structure that represents a terraform backend file
 type TerraformBackend struct {
 	Type                  TFBackendType
 	Key                   string
-	S3RoleArn             string
+	AssumeRole            TerraformS3BackendAssumeRole
 	S3Bucket              string
 	AZUResourceGroupName  string
 	AZUStorageAccountName string
@@ -115,7 +121,7 @@ func ParseTFBackend(fs afero.Fs, log *logrus.Entry, file string) (backend Terraf
 	roleMatch := rRegex.FindStringSubmatch(s)
 
 	if len(roleMatch) > 0 {
-		backend.S3RoleArn = roleMatch[1]
+		backend.AssumeRole.RoleArn = roleMatch[1]
 	}
 
 	// Bucket