Merge branch 'main' into oas-bot-21901736871/observability

Author: cgoetz-inovex

CHANGELOG.md

@@ -17,11 +17,16 @@
   - [v0.1.4](services/auditlog/CHANGELOG.md#v014) 
     - **Dependencies**: Bump `github.com/golang-jwt/jwt/v5` from `v5.3.0` to `v5.3.1`
 - `authorization`: 
+  - [v0.12.0](services/authorization/CHANGELOG.md#v0120)
+    - **Breaking change:** removed operation `GetAssignableSubjects` and related models `AssignableSubject`, `ListAssignableSubjectsResponse`
   - [v0.11.3](services/authorization/CHANGELOG.md#v0113)
     - Bump STACKIT SDK core module from `v0.21.0` to `v0.21.1`
   - [v0.11.2](services/authorization/CHANGELOG.md#v0112) 
     - **Dependencies**: Bump `github.com/golang-jwt/jwt/v5` from `v5.3.0` to `v5.3.1`
 - `cdn`: 
+  - [v1.10.0](services/cdn/CHANGELOG.md#v1100)
+    - **Feature:** Add support for `RedirectConfig` in `Config`, `ConfigPatch` and `CreateDistributionPayload` models
+      - new related models `RedirectConfig`, `RedirectRule`, `Matcher` and `MatchCondition`
   - [v1.9.4](services/cdn/CHANGELOG.md#v194)
     - Bump STACKIT SDK core module from `v0.21.0` to `v0.21.1`
   - [v1.9.3](services/cdn/CHANGELOG.md#v193) 
@@ -165,6 +170,8 @@
   - [v1.3.4](services/postgresflex/CHANGELOG.md#v134) 
     - **Dependencies**: Bump `github.com/golang-jwt/jwt/v5` from `v5.3.0` to `v5.3.1`
 - `rabbitmq`: 
+  - [v0.26.0](services/rabbitmq/CHANGELOG.md#v0260)
+    - **Breaking change:** `SetTLSProtocols` now accepts a slice of strings instead of a single string
   - [v0.25.6](services/rabbitmq/CHANGELOG.md#v0256)
     - Bump STACKIT SDK core module from `v0.21.0` to `v0.21.1`
   - [v0.25.5](services/rabbitmq/CHANGELOG.md#v0255) 
@@ -205,6 +212,10 @@
   - [v1.2.5](services/serverupdate/CHANGELOG.md#v125) 
     - **Dependencies**: Bump `github.com/golang-jwt/jwt/v5` from `v5.3.0` to `v5.3.1`
 - `serviceaccount`: 
+  - [v0.12.0](services/serviceaccount/CHANGELOG.md#v0120)
+    - **Feature:** add support for Federated Identity Providers
+      - new operations: `CreateFederatedIdentityProvider`, `DeleteServiceFederatedIdentityProvider`, `ListFederatedIdentityProviders`, `PartialUpdateServiceAccountFederatedIdentityProvider`
+      - new models: `CreateFederatedIdentityProviderPayload`, `CreateFederatedIdentityProviderPayloadAssertionsInner`, `CreateFederatedIdentityProviderResponse`, `CreateFederatedIdentityProviderResponseAssertionsInner`, `FederatedListFederatedIdentityProvidersResponse`, `PartialUpdateServiceAccountFederatedIdentityProviderPayload`
   - [v0.11.6](services/serviceaccount/CHANGELOG.md#v0116)
     - Bump STACKIT SDK core module from `v0.21.0` to `v0.21.1`
   - [v0.11.5](services/serviceaccount/CHANGELOG.md#v0115) 
@@ -225,6 +236,10 @@
   - [v0.2.2](services/sfs/CHANGELOG.md#v022) 
     - **Dependencies**: Bump `github.com/golang-jwt/jwt/v5` from `v5.3.0` to `v5.3.1`
 - `ske`: 
+  - [v1.7.0](services/ske/CHANGELOG.md#v170)
+    - **Feature:** new model `AccessScope`
+    - **Feature:** new model `V2ControlPlaneNetwork`
+    - **Feature:** added field `ControlPlane` of type `V2ControlPlaneNetwork` to model `Network`
   - [v1.6.3](services/ske/CHANGELOG.md#v163)
     - Bump STACKIT SDK core module from `v0.21.0` to `v0.21.1`
   - [v1.6.2](services/ske/CHANGELOG.md#v162) 

README.md

@@ -103,15 +103,20 @@ To authenticate with the SDK, you need a [service account](https://docs.stackit.
 
 ### Authentication Methods
 
-The SDK supports two authentication methods:
+The SDK supports three authentication methods:
 
-1. **Key Flow** (Recommended)
+1. **Workload Identity Federation Flow**
+
+   - Uses OIDC trusted tokens
+   - Provides best security through short-lived tokens without secrets
+
+2. **Key Flow**
 
    - Uses RSA key-pair based authentication
    - Provides better security through short-lived tokens
    - Supports both STACKIT-generated and custom key pairs
 
-2. **Token Flow**
+3. **Token Flow** (Deprecated)
    - Uses long-lived service account tokens
    - Simpler but less secure
 
@@ -120,10 +125,40 @@ The SDK supports two authentication methods:
 The SDK searches for credentials in the following order:
 
 1. Explicit configuration in code
-2. Environment variables (KEY_PATH for KEY)
+2. Environment variables
 3. Credentials file (`$HOME/.stackit/credentials.json`)
 
-For each authentication method, the key flow is attempted first, followed by the token flow.
+For each authentication method, the try order is:
+1. Workload Identity Federation Flow
+2. Key Flow
+3. Token Flow
+
+### Using the Workload Identity Fedearion Flow
+
+1. Create a service account trusted relation in the STACKIT Portal:
+
+   - Navigate to `Service Accounts` → Select account → `Federated Identity Providers`
+   - [Configure a Federated Identity Provider](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/how-tos/manage-service-account-federations/#create-a-federated-identity-provider) and the required assertions to trust in.
+
+2. Configure authentication using any of these methods:
+
+   **A. Code Configuration**
+
+```go
+// Using wokload identity federation flow
+config.WithWorkloadIdentityFederationAuth()
+// With the custom path for the external OIDC token
+config.WithWorkloadIdentityFederationPath("/path/to/your/federated/token")
+// For the service account
+config.WithServiceAccountEmail("my-sa@sa-stackit.cloud")
+```
+**B. Environment Variables**
+```bash
+# With the custom path for the external OIDC token
+STACKIT_FEDERATED_TOKEN_FILE=/path/to/your/federated/token
+# For the service account
+STACKIT_SERVICE_ACCOUNT_EMAIL=my-sa@sa-stackit.cloud
+```
 
 ### Using the Key Flow
 

examples/authorization/go.mod

@@ -4,7 +4,7 @@ go 1.21
 
 require (
 	github.com/stackitcloud/stackit-sdk-go/core v0.21.1
-	github.com/stackitcloud/stackit-sdk-go/services/authorization v0.11.3
+	github.com/stackitcloud/stackit-sdk-go/services/authorization v0.12.0
 )
 
 require (

examples/authorization/go.sum

@@ -6,5 +6,5 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/stackitcloud/stackit-sdk-go/core v0.21.1 h1:Y/PcAgM7DPYMNqum0MLv4n1mF9ieuevzcCIZYQfm3Ts=
 github.com/stackitcloud/stackit-sdk-go/core v0.21.1/go.mod h1:osMglDby4csGZ5sIfhNyYq1bS1TxIdPY88+skE/kkmI=
-github.com/stackitcloud/stackit-sdk-go/services/authorization v0.11.3 h1:JMKEeNQpA+Mb1DRpY3MRQL3pko5JjUWGrevN0xOrx+4=
-github.com/stackitcloud/stackit-sdk-go/services/authorization v0.11.3/go.mod h1:uYI9pHAA2g84jJN25ejFUxa0/JtfpPZqMDkctQ1BzJk=
+github.com/stackitcloud/stackit-sdk-go/services/authorization v0.12.0 h1:HxPgBu04j5tj6nfZ2r0l6v4VXC0/tYOGe4sA5Addra8=
+github.com/stackitcloud/stackit-sdk-go/services/authorization v0.12.0/go.mod h1:uYI9pHAA2g84jJN25ejFUxa0/JtfpPZqMDkctQ1BzJk=

examples/rabbitmq/go.mod

@@ -4,7 +4,7 @@ go 1.21
 
 require (
 	github.com/stackitcloud/stackit-sdk-go/core v0.21.1
-	github.com/stackitcloud/stackit-sdk-go/services/rabbitmq v0.25.6
+	github.com/stackitcloud/stackit-sdk-go/services/rabbitmq v0.26.0
 )
 
 require (

examples/rabbitmq/go.sum

@@ -6,5 +6,5 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/stackitcloud/stackit-sdk-go/core v0.21.1 h1:Y/PcAgM7DPYMNqum0MLv4n1mF9ieuevzcCIZYQfm3Ts=
 github.com/stackitcloud/stackit-sdk-go/core v0.21.1/go.mod h1:osMglDby4csGZ5sIfhNyYq1bS1TxIdPY88+skE/kkmI=
-github.com/stackitcloud/stackit-sdk-go/services/rabbitmq v0.25.6 h1:+TFfl1ON/uM5aO0FdkBNYKBa7vx0zrCYVtX6zvqQYBA=
-github.com/stackitcloud/stackit-sdk-go/services/rabbitmq v0.25.6/go.mod h1:hnhvlLX1Y71R8KIQqLBeoSZqkU5ZJOG0J4wz0LeUdaw=
+github.com/stackitcloud/stackit-sdk-go/services/rabbitmq v0.26.0 h1:/8lmviszgrB+0Cz7HdhFELyTiTeqIs7LfnI6sNX4rW8=
+github.com/stackitcloud/stackit-sdk-go/services/rabbitmq v0.26.0/go.mod h1:hnhvlLX1Y71R8KIQqLBeoSZqkU5ZJOG0J4wz0LeUdaw=

examples/serviceaccount/go.mod

@@ -4,7 +4,7 @@ go 1.21
 
 require (
 	github.com/stackitcloud/stackit-sdk-go/core v0.21.1
-	github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.11.6
+	github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.12.0
 )
 
 require (

examples/serviceaccount/go.sum

@@ -6,5 +6,5 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/stackitcloud/stackit-sdk-go/core v0.21.1 h1:Y/PcAgM7DPYMNqum0MLv4n1mF9ieuevzcCIZYQfm3Ts=
 github.com/stackitcloud/stackit-sdk-go/core v0.21.1/go.mod h1:osMglDby4csGZ5sIfhNyYq1bS1TxIdPY88+skE/kkmI=
-github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.11.6 h1:WU76mZkJP6diMDjGFqM8On6fZhUDmGcy6ppX0+kWx9Y=
-github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.11.6/go.mod h1:hRllU+yEJM6ovrLeXwVeT5hI70ftPKjX4z/Nj8TZqJw=
+github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.12.0 h1:l1EDIlXce2C8JcbBDHVa6nZ4SjPTqmnALTgrhms+NKI=
+github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.12.0/go.mod h1:EXq8/J7t9p8zPmdIq+atuxyAbnQwxrQT18fI+Qpv98k=

examples/ske/go.mod

@@ -4,7 +4,7 @@ go 1.21
 
 require (
 	github.com/stackitcloud/stackit-sdk-go/core v0.21.1
-	github.com/stackitcloud/stackit-sdk-go/services/ske v1.6.3
+	github.com/stackitcloud/stackit-sdk-go/services/ske v1.7.0
 )
 
 require (

examples/ske/go.sum

@@ -6,5 +6,5 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/stackitcloud/stackit-sdk-go/core v0.21.1 h1:Y/PcAgM7DPYMNqum0MLv4n1mF9ieuevzcCIZYQfm3Ts=
 github.com/stackitcloud/stackit-sdk-go/core v0.21.1/go.mod h1:osMglDby4csGZ5sIfhNyYq1bS1TxIdPY88+skE/kkmI=
-github.com/stackitcloud/stackit-sdk-go/services/ske v1.6.3 h1:c+nQMvSml08cdRF1kE24vCw0r/l56olP/svQyhcnKOs=
-github.com/stackitcloud/stackit-sdk-go/services/ske v1.6.3/go.mod h1:1Jr+ImrmPERxbYnlTy6O2aSZYNnREf2qQyysv6YC1RY=
+github.com/stackitcloud/stackit-sdk-go/services/ske v1.7.0 h1:l1QjxW7sdE/6B6BZtHxbmus8XJdI9KDuXX3fwUa5fog=
+github.com/stackitcloud/stackit-sdk-go/services/ske v1.7.0/go.mod h1:1Jr+ImrmPERxbYnlTy6O2aSZYNnREf2qQyysv6YC1RY=