Disallow use of `SingleNestedBlock` in resource schemas

[ewbankkit]

The use of SingleNestedBlock resource schemas for resources implemented using Terraform Plugin Framework is problematic. NestedBlocks have no Required/Optional/Computed flags – they are effectively always there, so an “Optional” SingleNestedBlock doesn’t work as expected if the block isn’t present in configuration (e.g. Required attributes). The pattern with Terraform Plugin SDK v2 is to use ListNestedBlock with SizeAtMost(1) and then a missing block is equivalent to an empty list. In fact SingleNestedBlocks are not available in Terraform Plugin SDK v2.

• https://developer.hashicorp.com/terraform/language/syntax/configuration#arguments-and-blocks
• https://developer.hashicorp.com/terraform/language/attr-as-blocks
• https://stackoverflow.com/a/71443376
• https://developer.hashicorp.com/terraform/plugin/framework/handling-data/blocks

Relates https://github.com/hashicorp/terraform-provider-aws/issues/34664.

There are only 3 uses in the current codebase:

% grep SingleNestedBlock internal/service/*/*.go
internal/service/bedrock/model_invocation_logging_configuration.go:         "logging_config": schema.SingleNestedBlock{
internal/service/bedrock/model_invocation_logging_configuration.go:                 "cloudwatch_config": schema.SingleNestedBlock{
internal/service/bedrock/model_invocation_logging_configuration.go:                         "large_data_delivery_s3_config": schema.SingleNestedBlock{
internal/service/bedrock/model_invocation_logging_configuration.go:                 "s3_config": schema.SingleNestedBlock{
internal/service/opensearchserverless/security_config.go:           "saml_options": schema.SingleNestedBlock{
internal/service/opensearchserverless/security_config_data_source.go:           "saml_options": schema.SingleNestedBlock{
internal/service/verifiedpermissions/schema.go:         "definition": schema.SingleNestedBlock{

Add a semgrep rule to prevent additional occurrences and migrate the existing occurrences to ListNestedBlocks.

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.