Merge branch 'main' into postgresflex-sdk-update

Author: GokceGK

Makefile

@@ -1,5 +1,7 @@
 ROOT_DIR              ?= $(shell git rev-parse --show-toplevel)
 SCRIPTS_BASE          ?= $(ROOT_DIR)/scripts
+GOLANG_CI_YAML_PATH ?= ${ROOT_DIR}/golang-ci.yaml
+GOLANG_CI_ARGS ?= --allow-parallel-runners --config=${GOLANG_CI_YAML_PATH}
 
 # SETUP AND TOOL INITIALIZATION TASKS
 project-help:
@@ -11,7 +13,7 @@ project-tools:
 # LINT
 lint-golangci-lint:
 	@echo "Linting with golangci-lint"
-	@$(SCRIPTS_BASE)/lint-golangci-lint.sh
+	@go tool golangci-lint run ${GOLANG_CI_ARGS}
 
 lint-tf: 
 	@echo "Linting terraform files"
@@ -29,7 +31,7 @@ build:
 
 fmt:
 	@gofmt -s -w .
-	@go tool goimports -w .
+	@go tool golangci-lint fmt --config=${GOLANG_CI_YAML_PATH}
 	@terraform fmt -diff -recursive
 
 # TEST

docs/data-sources/alb_certificate.md

@@ -0,0 +1,35 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_alb_certificate Data Source - stackit"
+subcategory: ""
+description: |-
+  ALB TLS Certificate data source schema. Must have a region specified in the provider configuration.
+---
+
+# stackit_alb_certificate (Data Source)
+
+ALB TLS Certificate data source schema. Must have a region specified in the provider configuration.
+
+## Example Usage
+
+```terraform
+data "stackit_alb_certificate" "example" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  cert_id    = "example-certificate-v1-dfa816b3184f63f43d918ea5f9493f5359f6c2404b69afbb0b60fb1af69d0bc0"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cert_id` (String) The ID of the certificate.
+- `project_id` (String) STACKIT project ID to which the certificate is associated.
+
+### Read-Only
+
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`region`,`cert_id`".
+- `name` (String) Certificate name.
+- `public_key` (String) The PEM encoded public key part
+- `region` (String) The resource region (e.g. eu01). If not defined, the provider region is used.

docs/data-sources/loadbalancer.md

@@ -43,6 +43,7 @@ data "stackit_loadbalancer" "example" {
 - `private_address` (String) Transient private Load Balancer IP address. It can change any time.
 - `security_group_id` (String) The ID of the egress security group assigned to the Load Balancer's internal machines. This ID is essential for allowing traffic from the Load Balancer to targets in different networks or STACKIT Network areas (SNA). To enable this, create a security group rule for your target VMs and set the `remote_security_group_id` of that rule to this value. This is typically used when `disable_security_group_assignment` is set to `true`.
 - `target_pools` (Attributes List) List of all target pools which will be used in the Load Balancer. Limited to 20. (see [below for nested schema](#nestedatt--target_pools))
+- `version` (String) Load balancer resource version.
 
 <a id="nestedatt--listeners"></a>
 ### Nested Schema for `listeners`

docs/index.md

@@ -163,6 +163,7 @@ Note: AWS specific checks must be skipped as they do not work on STACKIT. For de
 
 ### Optional
 
+- `alb_certificates_custom_endpoint` (String) Custom endpoint for the Application Load Balancer TLS Certificate service
 - `alb_custom_endpoint` (String) Custom endpoint for the Application Load Balancer service
 - `authorization_custom_endpoint` (String) Custom endpoint for the Membership service
 - `cdn_custom_endpoint` (String) Custom endpoint for the CDN service

docs/resources/alb_certificate.md

@@ -0,0 +1,76 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_alb_certificate Resource - stackit"
+subcategory: ""
+description: |-
+  Setting up supporting infrastructure
+  The example below creates the supporting infrastructure using the STACKIT Terraform provider, including the automatic creation of a TLS certificate resource.
+---
+
+# stackit_alb_certificate (Resource)
+
+## Setting up supporting infrastructure
+
+
+The example below creates the supporting infrastructure using the STACKIT Terraform provider, including the automatic creation of a TLS certificate resource.
+
+## Example Usage
+
+```terraform
+variable "project_id" {
+  description = "The STACKIT Project ID"
+  type        = string
+  default     = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}
+
+# Create a RAS key pair
+resource "tls_private_key" "example" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+# Create a TLS certificate
+resource "tls_self_signed_cert" "example" {
+  private_key_pem = tls_private_key.example.private_key_pem
+
+  subject {
+    common_name  = "localhost"
+    organization = "STACKIT Test"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+# Create a ALB certificate
+resource "stackit_alb_certificate" "certificate" {
+  project_id  = var.project_id
+  name        = "example-certificate"
+  private_key = tls_private_key.example.private_key_pem
+  public_key  = tls_self_signed_cert.example.cert_pem
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Certificate name.
+- `private_key` (String, Sensitive) The PEM encoded private key part
+- `project_id` (String) STACKIT project ID to which the certificate is associated.
+- `public_key` (String) The PEM encoded public key part
+
+### Optional
+
+- `region` (String) The resource region (e.g. eu01). If not defined, the provider region is used.
+
+### Read-Only
+
+- `cert_id` (String) The ID of the certificate.
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`region`,`cert_id`".

docs/resources/application_load_balancer.md

@@ -107,14 +107,46 @@ resource "stackit_server" "server" {
 }
 
 # Create example credentials for observability of the ALB
-# Create real credentials in your stackit observability
+# Create real credentials in your STACKIT observability
 resource "stackit_loadbalancer_observability_credential" "observability" {
   project_id   = var.project_id
   display_name = "my-cred"
   password     = "password"
   username     = "username"
 }
 
+# Create a RAS key pair
+resource "tls_private_key" "example" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+# Create a TLS certificate
+resource "tls_self_signed_cert" "example" {
+  private_key_pem = tls_private_key.example.private_key_pem
+
+  subject {
+    common_name  = "localhost"
+    organization = "STACKIT Test"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+# Create a ALB certificate
+resource "stackit_alb_certificate" "certificate" {
+  project_id  = var.project_id
+  name        = "example-certificate"
+  private_key = tls_private_key.example.private_key_pem
+  public_key  = tls_self_signed_cert.example.cert_pem
+}
+
 # Create a Application Load Balancer
 resource "stackit_application_load_balancer" "example" {
   project_id = var.project_id
@@ -156,9 +188,7 @@ resource "stackit_application_load_balancer" "example" {
     https = {
       certificate_config = {
         certificate_ids = [
-          # Currently no TF provider available, needs to be added with API
-          # https://docs.api.stackit.cloud/documentation/certificates/version/v2
-          "name-v1-8c81bd317af8a03b8ef0851ccb074eb17d1ad589b540446244a5e593f78ef820"
+          stackit_alb_certificate.certificate.cert_id
         ]
       }
     }

docs/resources/loadbalancer.md

@@ -247,6 +247,7 @@ import {
 - `id` (String) Terraform's internal resource ID. It is structured as "`project_id`","region","`name`".
 - `private_address` (String) Transient private Load Balancer IP address. It can change any time.
 - `security_group_id` (String) The ID of the egress security group assigned to the Load Balancer's internal machines. This ID is essential for allowing traffic from the Load Balancer to targets in different networks or STACKIT network areas (SNA). To enable this, create a security group rule for your target VMs and set the `remote_security_group_id` of that rule to this value. This is typically used when `disable_security_group_assignment` is set to `true`.
+- `version` (String) Load balancer resource version. This is needed to have concurrency safe updates.
 
 <a id="nestedatt--listeners"></a>
 ### Nested Schema for `listeners`
@@ -365,7 +366,7 @@ Optional:
 Optional:
 
 - `credentials_ref` (String) Credentials reference for logs. Not changeable after creation.
-- `push_url` (String) Credentials reference for logs. Not changeable after creation.
+- `push_url` (String) The ARGUS/Loki remote write Push URL to ship the logs to. Not changeable after creation.
 
 
 <a id="nestedatt--options--observability--metrics"></a>
@@ -374,4 +375,4 @@ Optional:
 Optional:
 
 - `credentials_ref` (String) Credentials reference for metrics. Not changeable after creation.
-- `push_url` (String) Credentials reference for metrics. Not changeable after creation.
+- `push_url` (String) The ARGUS/Prometheus remote write Push URL to ship the metrics to. Not changeable after creation.

examples/data-sources/stackit_alb_certificate/data-source.tf

@@ -0,0 +1,4 @@
+data "stackit_alb_certificate" "example" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  cert_id    = "example-certificate-v1-dfa816b3184f63f43d918ea5f9493f5359f6c2404b69afbb0b60fb1af69d0bc0"
+}

examples/resources/stackit_alb_certificate/resource.tf

@@ -0,0 +1,37 @@
+variable "project_id" {
+  description = "The STACKIT Project ID"
+  type        = string
+  default     = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}
+
+# Create a RAS key pair
+resource "tls_private_key" "example" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+# Create a TLS certificate
+resource "tls_self_signed_cert" "example" {
+  private_key_pem = tls_private_key.example.private_key_pem
+
+  subject {
+    common_name  = "localhost"
+    organization = "STACKIT Test"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+# Create a ALB certificate
+resource "stackit_alb_certificate" "certificate" {
+  project_id  = var.project_id
+  name        = "example-certificate"
+  private_key = tls_private_key.example.private_key_pem
+  public_key  = tls_self_signed_cert.example.cert_pem
+}

examples/resources/stackit_application_load_balancer/resource.tf

@@ -88,14 +88,46 @@ resource "stackit_server" "server" {
 }
 
 # Create example credentials for observability of the ALB
-# Create real credentials in your stackit observability
+# Create real credentials in your STACKIT observability
 resource "stackit_loadbalancer_observability_credential" "observability" {
   project_id   = var.project_id
   display_name = "my-cred"
   password     = "password"
   username     = "username"
 }
 
+# Create a RAS key pair
+resource "tls_private_key" "example" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+# Create a TLS certificate
+resource "tls_self_signed_cert" "example" {
+  private_key_pem = tls_private_key.example.private_key_pem
+
+  subject {
+    common_name  = "localhost"
+    organization = "STACKIT Test"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+# Create a ALB certificate
+resource "stackit_alb_certificate" "certificate" {
+  project_id  = var.project_id
+  name        = "example-certificate"
+  private_key = tls_private_key.example.private_key_pem
+  public_key  = tls_self_signed_cert.example.cert_pem
+}
+
 # Create a Application Load Balancer
 resource "stackit_application_load_balancer" "example" {
   project_id = var.project_id
@@ -137,9 +169,7 @@ resource "stackit_application_load_balancer" "example" {
     https = {
       certificate_config = {
         certificate_ids = [
-          # Currently no TF provider available, needs to be added with API
-          # https://docs.api.stackit.cloud/documentation/certificates/version/v2
-          "name-v1-8c81bd317af8a03b8ef0851ccb074eb17d1ad589b540446244a5e593f78ef820"
+          stackit_alb_certificate.certificate.cert_id
         ]
       }
     }