Merge branch 'stackitcloud:main' into main

Author: PatrickKoss

docs/data-sources/ske_cluster.md

@@ -27,6 +27,10 @@ data "stackit_ske_cluster" "example" {
 - `name` (String) The cluster name.
 - `project_id` (String) STACKIT project ID to which the cluster is associated.
 
+### Optional
+
+- `region` (String) The resource region. If not defined, the provider region is used.
+
 ### Read-Only
 
 - `allow_privileged_containers` (Boolean, Deprecated) DEPRECATED as of Kubernetes 1.25+

docs/data-sources/ske_project.md

@@ -0,0 +1,82 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_service_account_key Resource - stackit"
+subcategory: ""
+description: |-
+  Service account key schema.
+  ~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our guide https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources for how to opt-in to use beta resources.
+  Example Usage
+  Automatically rotate service account keys
+  
+  resource "stackit_service_account" "sa" {
+    project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+    name       = "sa01"
+  }
+  
+  resource "time_rotating" "rotate" {
+    rotation_days = 80
+  }
+  
+  resource "stackit_service_account_key" "sa_key" {
+    project_id            = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+    service_account_email = stackit_service_account.sa.email
+    ttl_days              = 90
+  
+    rotate_when_changed = {
+      rotation = time_rotating.rotate.id
+    }	
+  }
+---
+
+# stackit_service_account_key (Resource)
+
+Service account key schema.
+
+~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our [guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources) for how to opt-in to use beta resources.
+## Example Usage
+
+
+### Automatically rotate service account keys
+```terraform
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "sa01"
+}
+
+resource "time_rotating" "rotate" {
+  rotation_days = 80
+}
+
+resource "stackit_service_account_key" "sa_key" {
+  project_id            = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  service_account_email = stackit_service_account.sa.email
+  ttl_days              = 90
+
+  rotate_when_changed = {
+    rotation = time_rotating.rotate.id
+  }	
+}
+
+```
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `project_id` (String) The STACKIT project ID associated with the service account key.
+- `service_account_email` (String) The email address associated with the service account, used for account identification and communication.
+
+### Optional
+
+- `public_key` (String) Specifies the public_key (RSA2048 key-pair). If not provided, a certificate from STACKIT will be used to generate a private_key.
+- `rotate_when_changed` (Map of String) A map of arbitrary key/value pairs designed to force key recreation when they change, facilitating key rotation based on external factors such as a changing timestamp. Modifying this map triggers the creation of a new resource.
+- `ttl_days` (Number) Specifies the key's validity duration in days. If left unspecified, the key is considered valid until it is deleted
+
+### Read-Only
+
+- `id` (String) Terraform's internal resource identifier. It is structured as "`project_id`,`service_account_email`,`key_id`".
+- `json` (String, Sensitive) The raw JSON representation of the service account key json, available for direct use.
+- `key_id` (String) The unique identifier for the key associated with the service account.

docs/resources/service_account_key.md

@@ -59,11 +59,12 @@ Deprecated as of Kubernetes 1.25 and later
 - `kubernetes_version_min` (String) The minimum Kubernetes version. This field will be used to set the minimum kubernetes version on creation/update of the cluster. If unset, the latest supported Kubernetes version will be used. SKE automatically updates the cluster Kubernetes version if you have set `maintenance.enable_kubernetes_version_updates` to true or if there is a mandatory update, as described in [Updates for Kubernetes versions and Operating System versions in SKE](https://docs.stackit.cloud/stackit/en/version-updates-in-ske-10125631.html). To get the current kubernetes version being used for your cluster, use the read-only `kubernetes_version_used` field.
 - `maintenance` (Attributes) A single maintenance block as defined below. (see [below for nested schema](#nestedatt--maintenance))
 - `network` (Attributes) Network block as defined below. (see [below for nested schema](#nestedatt--network))
+- `region` (String) The resource region. If not defined, the provider region is used.
 
 ### Read-Only
 
 - `egress_address_ranges` (List of String) The outgoing network ranges (in CIDR notation) of traffic originating from workload on the cluster.
-- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`name`".
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`region`,`name`".
 - `kubernetes_version_used` (String) Full Kubernetes version used. For example, if 1.22 was set in `kubernetes_version_min`, this value may result to 1.22.15. SKE automatically updates the cluster Kubernetes version if you have set `maintenance.enable_kubernetes_version_updates` to true or if there is a mandatory update, as described in [Updates for Kubernetes versions and Operating System versions in SKE](https://docs.stackit.cloud/stackit/en/version-updates-in-ske-10125631.html).
 
 <a id="nestedatt--node_pools"></a>

docs/resources/ske_cluster.md

@@ -31,7 +31,7 @@ require (
 	github.com/stackitcloud/stackit-sdk-go/services/serverbackup v0.6.0
 	github.com/stackitcloud/stackit-sdk-go/services/serverupdate v0.5.0
 	github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.6.0
-	github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v0.5.0
+	github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v1.0.0
 	github.com/stackitcloud/stackit-sdk-go/services/ske v0.22.0
 	github.com/stackitcloud/stackit-sdk-go/services/sqlserverflex v1.0.0
 	github.com/teambition/rrule-go v1.8.2

docs/resources/ske_project.md

@@ -192,8 +192,8 @@ github.com/stackitcloud/stackit-sdk-go/services/serverupdate v0.5.0 h1:TMUxDh8XG
 github.com/stackitcloud/stackit-sdk-go/services/serverupdate v0.5.0/go.mod h1:giHnHz3kHeLY8Av9MZLsyJlaTXYz+BuGqdP/SKB5Vo0=
 github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.6.0 h1:y+XzJcntHJ7M+IWWvAUkiVFA8op+jZxwHs3ktW2aLoA=
 github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.6.0/go.mod h1:J/Wa67cbDI1wAyxib9PiEbNqGfIoFUH+DSLueVazQx8=
-github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v0.5.0 h1:QG+rGBHsyXOlJ3ZIeOgExGqu9PoTlGY1rltW/VpG6lw=
-github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v0.5.0/go.mod h1:16dOVT052cMuHhUJ3NIcPuY7TrpCr9QlxmvvfjLZubA=
+github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v1.0.0 h1:Xxd5KUSWRt7FytnNWClLEa0n9GM6e5xAKo835ODSpAM=
+github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v1.0.0/go.mod h1:EMqjiq/72WKXSwnJGLpumUJS4Uwlyhg5vtNg7qWoGtc=
 github.com/stackitcloud/stackit-sdk-go/services/ske v0.22.0 h1:3KUVls8zXsbT2tOYRSHyp3/l0Kpjl4f3INmQKYTe65Y=
 github.com/stackitcloud/stackit-sdk-go/services/ske v0.22.0/go.mod h1:63IvXpBJTIVONAnGPSDo0sRJ+6n6tzO918OLqfYBxto=
 github.com/stackitcloud/stackit-sdk-go/services/sqlserverflex v1.0.0 h1:RYJO0rZea9+sxVfaJDWRo2zgfKNgiUcA5c0nbvZURiU=

examples/data-sources/stackit_ske_project/data-source.tf

@@ -20,7 +20,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
-	"github.com/hashicorp/terraform-plugin-framework/resource/schema/setplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/stackitcloud/stackit-sdk-go/core/config"
@@ -202,9 +201,6 @@ func (r *userResource) Schema(_ context.Context, _ resource.SchemaRequest, resp
 				Description: descriptions["roles"],
 				ElementType: types.StringType,
 				Required:    true,
-				PlanModifiers: []planmodifier.Set{
-					setplanmodifier.RequiresReplace(),
-				},
 				Validators: []validator.Set{
 					setvalidator.ValueStringsAre(
 						stringvalidator.OneOf("login", "createdb"),
@@ -344,9 +340,74 @@ func (r *userResource) Read(ctx context.Context, req resource.ReadRequest, resp
 }
 
 // Update updates the resource and sets the updated Terraform state on success.
-func (r *userResource) Update(ctx context.Context, _ resource.UpdateRequest, resp *resource.UpdateResponse) { // nolint:gocritic // function signature required by Terraform
-	// Update shouldn't be called
-	core.LogAndAddError(ctx, &resp.Diagnostics, "Error updating user", "User can't be updated")
+func (r *userResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { // nolint:gocritic // function signature required by Terraform
+	// Retrieve values from plan
+	var model Model
+	diags := req.Plan.Get(ctx, &model)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	projectId := model.ProjectId.ValueString()
+	instanceId := model.InstanceId.ValueString()
+	userId := model.UserId.ValueString()
+	region := model.Region.ValueString()
+	ctx = tflog.SetField(ctx, "project_id", projectId)
+	ctx = tflog.SetField(ctx, "instance_id", instanceId)
+	ctx = tflog.SetField(ctx, "user_id", userId)
+	ctx = tflog.SetField(ctx, "region", region)
+
+	// Retrieve values from state
+	var stateModel Model
+	diags = req.State.Get(ctx, &stateModel)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	var roles []string
+	if !(model.Roles.IsNull() || model.Roles.IsUnknown()) {
+		diags = model.Roles.ElementsAs(ctx, &roles, false)
+		resp.Diagnostics.Append(diags...)
+		if resp.Diagnostics.HasError() {
+			return
+		}
+	}
+
+	// Generate API request body from model
+	payload, err := toUpdatePayload(&model, roles)
+	if err != nil {
+		core.LogAndAddError(ctx, &resp.Diagnostics, "Error updating user", fmt.Sprintf("Updating API payload: %v", err))
+		return
+	}
+
+	// Update existing instance
+	err = r.client.UpdateUser(ctx, projectId, region, instanceId, userId).UpdateUserPayload(*payload).Execute()
+	if err != nil {
+		core.LogAndAddError(ctx, &resp.Diagnostics, "Error updating user", err.Error())
+		return
+	}
+
+	userResp, err := r.client.GetUser(ctx, projectId, region, instanceId, userId).Execute()
+	if err != nil {
+		core.LogAndAddError(ctx, &resp.Diagnostics, "Error updating user", fmt.Sprintf("Calling API: %v", err))
+		return
+	}
+
+	// Map response body to schema
+	err = mapFields(userResp, &stateModel, region)
+	if err != nil {
+		core.LogAndAddError(ctx, &resp.Diagnostics, "Error updating user", fmt.Sprintf("Processing API payload: %v", err))
+		return
+	}
+
+	// Set state to fully populated data
+	diags = resp.State.Set(ctx, stateModel)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tflog.Info(ctx, "Postgres Flex user updated")
 }
 
 // Delete deletes the resource and removes the Terraform state on success.
@@ -515,3 +576,16 @@ func toCreatePayload(model *Model, roles []string) (*postgresflex.CreateUserPayl
 		Username: conversion.StringValueToPointer(model.Username),
 	}, nil
 }
+
+func toUpdatePayload(model *Model, roles []string) (*postgresflex.UpdateUserPayload, error) {
+	if model == nil {
+		return nil, fmt.Errorf("nil model")
+	}
+	if roles == nil {
+		return nil, fmt.Errorf("nil roles")
+	}
+
+	return &postgresflex.UpdateUserPayload{
+		Roles: &roles,
+	}, nil
+}