feat(iaas): add iaas network v2 alpha (#899)

* add experimental network v2

Author: marceljk

README.md

@@ -183,7 +183,7 @@ To enable experiments set the experiments field in the provider definition:
 ```hcl
 provider "stackit" {
   default_region        = "eu01"
-  experiments           = ["iam", "routing-tables"]
+  experiments           = ["iam", "routing-tables", "network"]
 }
 ```
 
@@ -197,6 +197,12 @@ Enables IAM management features in the Terraform provider. The underlying IAM AP
 
 This feature enables experimental routing table capabilities in the Terraform Provider, available only to designated SNAs at this time.
 
+#### `network`
+
+The `stackit_network` provides the fields `region` and `routing_table_id` when the experiment flag `network` is set. 
+The underlying API is not stable yet and could change in the future.  
+If you don't need these fields, don't set the experiment flag `network`, to use the stable api.
+
 ## Acceptance Tests
 
 Terraform acceptance tests are run using the command `make test-acceptance-tf`. For all services,

docs/data-sources/network.md

@@ -27,6 +27,11 @@ data "stackit_network" "example" {
 - `network_id` (String) The network ID.
 - `project_id` (String) STACKIT project ID to which the network is associated.
 
+### Optional
+
+- `region` (String) Can only be used when experimental "network" is set. This is likely going to undergo significant changes or be removed in the future.
+The resource region. If not defined, the provider region is used.
+
 ### Read-Only
 
 - `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`network_id`".
@@ -46,3 +51,5 @@ data "stackit_network" "example" {
 - `prefixes` (List of String, Deprecated) The prefixes of the network. This field is deprecated and will be removed soon, use `ipv4_prefixes` to read the prefixes of the IPv4 networks.
 - `public_ip` (String) The public IP of the network.
 - `routed` (Boolean) Shows if the network is routed and therefore accessible from other networks.
+- `routing_table_id` (String) Can only be used when experimental "network" is set. This is likely going to undergo significant changes or be removed in the future. Use it at your own discretion.
+The ID of the routing table associated with the network.

docs/index.md

@@ -157,7 +157,7 @@ Note: AWS specific checks must be skipped as they do not work on STACKIT. For de
 - `default_region` (String) Region will be used as the default location for regional services. Not all services require a region, some are global
 - `dns_custom_endpoint` (String) Custom endpoint for the DNS service
 - `enable_beta_resources` (Boolean) Enable beta resources. Default is false.
-- `experiments` (List of String) Enables experiments. These are unstable features without official support. More information can be found in the README. Available Experiments: [iam routing-tables]
+- `experiments` (List of String) Enables experiments. These are unstable features without official support. More information can be found in the README. Available Experiments: iam, routing-tables, network
 - `git_custom_endpoint` (String) Custom endpoint for the Git service
 - `iaas_custom_endpoint` (String) Custom endpoint for the IaaS service
 - `loadbalancer_custom_endpoint` (String) Custom endpoint for the Load Balancer service

docs/resources/network.md

@@ -63,7 +63,11 @@ resource "stackit_network" "example_non_routed_network" {
 - `nameservers` (List of String, Deprecated) The nameservers of the network. This field is deprecated and will be removed soon, use `ipv4_nameservers` to configure the nameservers for IPv4.
 - `no_ipv4_gateway` (Boolean) If set to `true`, the network doesn't have a gateway.
 - `no_ipv6_gateway` (Boolean) If set to `true`, the network doesn't have a gateway.
+- `region` (String) Can only be used when experimental "network" is set.
+The resource region. If not defined, the provider region is used.
 - `routed` (Boolean) If set to `true`, the network is routed and therefore accessible from other networks.
+- `routing_table_id` (String) Can only be used when experimental "network" is set.
+The ID of the routing table associated with the network.
 
 ### Read-Only
 

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/stackitcloud/stackit-sdk-go/services/dns v0.17.0
 	github.com/stackitcloud/stackit-sdk-go/services/git v0.6.0
 	github.com/stackitcloud/stackit-sdk-go/services/iaas v0.26.0
-	github.com/stackitcloud/stackit-sdk-go/services/iaasalpha v0.1.19-alpha
+	github.com/stackitcloud/stackit-sdk-go/services/iaasalpha v0.1.21-alpha
 	github.com/stackitcloud/stackit-sdk-go/services/loadbalancer v1.4.0
 	github.com/stackitcloud/stackit-sdk-go/services/logme v0.25.0
 	github.com/stackitcloud/stackit-sdk-go/services/mariadb v0.25.0

go.sum

@@ -162,8 +162,8 @@ github.com/stackitcloud/stackit-sdk-go/services/git v0.6.0 h1:C+8z3MdvnTngcH9L72
 github.com/stackitcloud/stackit-sdk-go/services/git v0.6.0/go.mod h1:agI7SONeLR/IZL3TOgn1tDzfS63O2rWKQE8+huRjEzU=
 github.com/stackitcloud/stackit-sdk-go/services/iaas v0.26.0 h1:7qm/Tft79wFlHomPdgjUJ9uJU8kEk+k9ficMGRoHtf0=
 github.com/stackitcloud/stackit-sdk-go/services/iaas v0.26.0/go.mod h1:lUGkcbyMkd4nRBDFmKohIwlgtOZqQo4Ek5S5ajw90Xg=
-github.com/stackitcloud/stackit-sdk-go/services/iaasalpha v0.1.19-alpha h1:HnQyJSXbtYzN9IhTO02zxLrcSxyauIbeJD+GTf23A50=
-github.com/stackitcloud/stackit-sdk-go/services/iaasalpha v0.1.19-alpha/go.mod h1:Wt77ucOwpe9g/84LijU+YhWbn3vLcpkAoRy2i+FobNQ=
+github.com/stackitcloud/stackit-sdk-go/services/iaasalpha v0.1.21-alpha h1:m1jq6a8dbUe+suFuUNdHmM/cSehpGLUtDbK1CqLqydg=
+github.com/stackitcloud/stackit-sdk-go/services/iaasalpha v0.1.21-alpha/go.mod h1:Nu1b5Phsv8plgZ51+fkxPVsU91ZJ5Ayz+cthilxdmQ8=
 github.com/stackitcloud/stackit-sdk-go/services/loadbalancer v1.4.0 h1:Ef4SyTBjIkfwaws4mssa6AoK+OokHFtr7ZIflUpoXVE=
 github.com/stackitcloud/stackit-sdk-go/services/loadbalancer v1.4.0/go.mod h1:FiVhDlw9+yuTiUmnyGLn2qpsLW26w9OC4TS1y78czvg=
 github.com/stackitcloud/stackit-sdk-go/services/logme v0.25.0 h1:QKOfaB7EcuJmBCxpFXN2K7g2ih0gQM6cyZ1VhTmtQfI=

stackit/internal/features/experiments.go

@@ -13,9 +13,11 @@ import (
 
 const (
 	RoutingTablesExperiment = "routing-tables"
+	NetworkExperiment       = "network"
+	IamExperiment           = "iam"
 )
 
-var AvailableExperiments = []string{"iam", RoutingTablesExperiment}
+var AvailableExperiments = []string{IamExperiment, RoutingTablesExperiment, NetworkExperiment}
 
 // Check if an experiment is valid.
 func ValidExperiment(experiment string, diags *diag.Diagnostics) bool {
@@ -31,11 +33,21 @@ func ValidExperiment(experiment string, diags *diag.Diagnostics) bool {
 
 // Check if an experiment is enabled.
 func CheckExperimentEnabled(ctx context.Context, data *core.ProviderData, experiment, resourceName string, resourceType core.ResourceType, diags *diag.Diagnostics) {
+	if CheckExperimentEnabledWithoutError(ctx, data, experiment, resourceName, resourceType, diags) {
+		return
+	}
+	errTitle := fmt.Sprintf("%s is part of the %s experiment, which is currently disabled by default", resourceName, experiment)
+	errContent := fmt.Sprintf(`Enable the %s experiment by adding it into your provider block.`, experiment)
+	tflog.Error(ctx, fmt.Sprintf("%s | %s", errTitle, errContent))
+	diags.AddError(errTitle, errContent)
+}
+
+func CheckExperimentEnabledWithoutError(ctx context.Context, data *core.ProviderData, experiment, resourceName string, resourceType core.ResourceType, diags *diag.Diagnostics) bool {
 	if !ValidExperiment(experiment, diags) {
 		errTitle := fmt.Sprintf("The experiment %s does not exist.", experiment)
 		errContent := "This is a bug in the STACKIT Terraform Provider. Please open an issue here: https://github.com/stackitcloud/terraform-provider-stackit/issues"
 		diags.AddError(errTitle, errContent)
-		return
+		return false
 	}
 	experimentActive := slices.ContainsFunc(data.Experiments, func(e string) bool {
 		return strings.EqualFold(e, experiment)
@@ -46,12 +58,9 @@ func CheckExperimentEnabled(ctx context.Context, data *core.ProviderData, experi
 		warnContent := fmt.Sprintf("This %s is part of the %s experiment and is likely going to undergo significant changes or be removed in the future. Use it at your own discretion.", resourceType, experiment)
 		tflog.Warn(ctx, fmt.Sprintf("%s | %s", warnTitle, warnContent))
 		diags.AddWarning(warnTitle, warnContent)
-		return
+		return true
 	}
-	errTitle := fmt.Sprintf("%s is part of the %s experiment, which is currently disabled by default", resourceName, experiment)
-	errContent := fmt.Sprintf(`Enable the %s experiment by adding it into your provider block.`, experiment)
-	tflog.Error(ctx, fmt.Sprintf("%s | %s", errTitle, errContent))
-	diags.AddError(errTitle, errContent)
+	return false
 }
 
 func AddExperimentDescription(description, experiment string, resourceType core.ResourceType) string {

stackit/internal/features/experiments_test.go

@@ -21,7 +21,7 @@ func TestValidExperiment(t *testing.T) {
 		{
 			name: "valid",
 			args: args{
-				experiment: "iam",
+				experiment: IamExperiment,
 				diags:      &diag.Diagnostics{},
 			},
 			want: true,
@@ -64,9 +64,9 @@ func TestCheckExperimentEnabled(t *testing.T) {
 			args: args{
 				ctx: context.Background(),
 				data: &core.ProviderData{
-					Experiments: []string{"iam"},
+					Experiments: []string{IamExperiment},
 				},
-				experiment:   "iam",
+				experiment:   IamExperiment,
 				resourceType: core.Resource,
 				diags:        &diag.Diagnostics{},
 			},
@@ -80,7 +80,7 @@ func TestCheckExperimentEnabled(t *testing.T) {
 				data: &core.ProviderData{
 					Experiments: []string{},
 				},
-				experiment:   "iam",
+				experiment:   IamExperiment,
 				resourceType: core.Resource,
 				diags:        &diag.Diagnostics{},
 			},
@@ -92,7 +92,7 @@ func TestCheckExperimentEnabled(t *testing.T) {
 			args: args{
 				ctx: context.Background(),
 				data: &core.ProviderData{
-					Experiments: []string{"iam"},
+					Experiments: []string{IamExperiment},
 				},
 				experiment:   "foobar",
 				resourceType: core.Resource,
@@ -101,6 +101,34 @@ func TestCheckExperimentEnabled(t *testing.T) {
 			wantDiagsErr:     true,
 			wantDiagsWarning: false,
 		},
+		{
+			name: "enabled multiple experiment",
+			args: args{
+				ctx: context.Background(),
+				data: &core.ProviderData{
+					Experiments: []string{IamExperiment, NetworkExperiment, RoutingTablesExperiment},
+				},
+				experiment:   NetworkExperiment,
+				resourceType: core.Resource,
+				diags:        &diag.Diagnostics{},
+			},
+			wantDiagsErr:     false,
+			wantDiagsWarning: true,
+		},
+		{
+			name: "enabled multiple experiment - without the required experiment",
+			args: args{
+				ctx: context.Background(),
+				data: &core.ProviderData{
+					Experiments: []string{IamExperiment, RoutingTablesExperiment},
+				},
+				experiment:   NetworkExperiment,
+				resourceType: core.Resource,
+				diags:        &diag.Diagnostics{},
+			},
+			wantDiagsErr:     true,
+			wantDiagsWarning: false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -114,3 +142,111 @@ func TestCheckExperimentEnabled(t *testing.T) {
 		})
 	}
 }
+
+func TestCheckExperimentEnabledWithoutError(t *testing.T) {
+	type args struct {
+		ctx          context.Context
+		data         *core.ProviderData
+		experiment   string
+		resourceName string
+		resourceType core.ResourceType
+		diags        *diag.Diagnostics
+	}
+	tests := []struct {
+		name             string
+		args             args
+		wantEnabled      bool
+		wantDiagsErr     bool
+		wantDiagsWarning bool
+	}{
+
+		{
+			name: "enabled",
+			args: args{
+				ctx: context.Background(),
+				data: &core.ProviderData{
+					Experiments: []string{IamExperiment},
+				},
+				experiment:   IamExperiment,
+				resourceType: core.Resource,
+				diags:        &diag.Diagnostics{},
+			},
+			wantEnabled:      true,
+			wantDiagsErr:     false,
+			wantDiagsWarning: true,
+		},
+		{
+			name: "disabled - no error",
+			args: args{
+				ctx: context.Background(),
+				data: &core.ProviderData{
+					Experiments: []string{},
+				},
+				experiment:   NetworkExperiment,
+				resourceType: core.Resource,
+				diags:        &diag.Diagnostics{},
+			},
+			wantEnabled:      false,
+			wantDiagsErr:     false,
+			wantDiagsWarning: false,
+		},
+		{
+			name: "invalid experiment",
+			args: args{
+				ctx: context.Background(),
+				data: &core.ProviderData{
+					Experiments: []string{IamExperiment},
+				},
+				experiment:   "foobar",
+				resourceType: core.Resource,
+				diags:        &diag.Diagnostics{},
+			},
+			wantEnabled:      false,
+			wantDiagsErr:     true,
+			wantDiagsWarning: false,
+		},
+		{
+			name: "enabled multiple experiment",
+			args: args{
+				ctx: context.Background(),
+				data: &core.ProviderData{
+					Experiments: []string{IamExperiment, NetworkExperiment, RoutingTablesExperiment},
+				},
+				experiment:   NetworkExperiment,
+				resourceType: core.Resource,
+				diags:        &diag.Diagnostics{},
+			},
+			wantEnabled:      true,
+			wantDiagsErr:     false,
+			wantDiagsWarning: true,
+		},
+		{
+			name: "enabled multiple experiment - without the required experiment",
+			args: args{
+				ctx: context.Background(),
+				data: &core.ProviderData{
+					Experiments: []string{IamExperiment, RoutingTablesExperiment},
+				},
+				experiment:   NetworkExperiment,
+				resourceType: core.Resource,
+				diags:        &diag.Diagnostics{},
+			},
+			wantEnabled:      false,
+			wantDiagsErr:     false,
+			wantDiagsWarning: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := CheckExperimentEnabledWithoutError(tt.args.ctx, tt.args.data, tt.args.experiment, tt.args.resourceName, tt.args.resourceType, tt.args.diags); got != tt.wantEnabled {
+				t.Errorf("CheckExperimentEnabledWithoutError() = %v, want %v", got, tt.wantEnabled)
+			}
+			if got := tt.args.diags.HasError(); got != tt.wantDiagsErr {
+				t.Errorf("CheckExperimentEnabled() diags.HasError() = %v, want %v", got, tt.wantDiagsErr)
+			}
+			if got := tt.args.diags.WarningsCount() > 0; got != tt.wantDiagsWarning {
+				t.Errorf("CheckExperimentEnabled() diags.WarningsCount() > 0 = %v, want %v", got, tt.wantDiagsErr)
+			}
+		})
+	}
+}

stackit/internal/services/authorization/roleassignments/resource.go

@@ -32,9 +32,6 @@ var roleTargets = []string{
 	"organization",
 }
 
-// This resource is part of the "iam" experiment
-var experiment = "iam"
-
 // Ensure the implementation satisfies the expected interfaces.
 var (
 	_ resource.Resource                = &roleAssignmentResource{}
@@ -84,7 +81,7 @@ func (r *roleAssignmentResource) Configure(ctx context.Context, req resource.Con
 		return
 	}
 
-	features.CheckExperimentEnabled(ctx, &providerData, experiment, fmt.Sprintf("stackit_authorization_%s_role_assignment", r.apiName), core.Resource, &resp.Diagnostics)
+	features.CheckExperimentEnabled(ctx, &providerData, features.IamExperiment, fmt.Sprintf("stackit_authorization_%s_role_assignment", r.apiName), core.Resource, &resp.Diagnostics)
 	if resp.Diagnostics.HasError() {
 		return
 	}
@@ -100,7 +97,7 @@ func (r *roleAssignmentResource) Configure(ctx context.Context, req resource.Con
 // Schema defines the schema for the resource.
 func (r *roleAssignmentResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
 	descriptions := map[string]string{
-		"main":        features.AddExperimentDescription(fmt.Sprintf("%s Role Assignment resource schema.", r.apiName), experiment, core.Resource),
+		"main":        features.AddExperimentDescription(fmt.Sprintf("%s Role Assignment resource schema.", r.apiName), features.IamExperiment, core.Resource),
 		"id":          "Terraform's internal resource identifier. It is structured as \"[resource_id],[role],[subject]\".",
 		"resource_id": fmt.Sprintf("%s Resource to assign the role to.", r.apiName),
 		"role":        "Role to be assigned",