Merge branch 'main' into server-update-enablement

Author: cgoetz-inovex

.github/workflows/ci.yaml

@@ -8,7 +8,7 @@ on:
       - main
 
 env:
-  GO_VERSION: "1.24"
+  GO_VERSION: "1.26"
   CODE_COVERAGE_FILE_NAME: "coverage.out" # must be the same as in Makefile
   CODE_COVERAGE_ARTIFACT_NAME: "code-coverage"
 

CONTRIBUTION.md

@@ -103,7 +103,7 @@ If you want to onboard resources of a STACKIT service `foo` that was not yet in
 
 ### Local development
 
-To test your changes locally, you have to compile the provider (requires Go 1.24) and configure the Terraform CLI to use the local version.
+To test your changes locally, you have to compile the provider (requires Go 1.26) and configure the Terraform CLI to use the local version.
 
 1. Clone the repository.
 1. Run `$ make build` to build the Terraform provider binary in `<PATH_TO_REPO>/bin/`

go.mod

@@ -1,6 +1,6 @@
 module github.com/stackitcloud/terraform-provider-stackit
 
-go 1.24.0
+go 1.26.0
 
 require (
 	github.com/google/go-cmp v0.7.0

golang-ci.yaml

@@ -1,100 +1,111 @@
 # This file contains all available configuration options
 # with their default values.
 
+version: "2"
 # options for analysis running
 run:
   # default concurrency is a available CPU number
   concurrency: 4
 
   # timeout for analysis, e.g. 30s, 5m, default is 1m
   timeout: 5m
-linters-settings:
-  goimports:
-    # put imports beginning with prefix after 3rd-party packages;
-    # it's a comma-separated list of prefixes
-    local-prefixes: github.com/freiheit-com/nmww
-  depguard:
-    rules:
-      main:
-        list-mode: lax # Everything is allowed unless it is denied
-        deny:
-          - pkg: "github.com/stretchr/testify"
-            desc: Do not use a testing framework
-  misspell:
-    # Correct spellings using locale preferences for US or UK.
-    # Default is to use a neutral variety of English.
-    # Setting locale to US will correct the British spelling of 'colour' to 'color'.
-    locale: US
-  golint:
-    min-confidence: 0.8
-  gosec:
-    excludes:
-    # Suppressions: (see https://github.com/securego/gosec#available-rules for details)
-      - G104 # "Audit errors not checked" -> which we don't need and is a badly implemented version of errcheck
-      - G102 # "Bind to all interfaces" -> since this is normal in k8s
-      - G304 # "File path provided as taint input" -> too many false positives
-      - G307 # "Deferring unsafe method "Close" on type "io.ReadCloser" -> false positive when calling defer resp.Body.Close()
-  nakedret:
-    max-func-lines: 0
-  revive:
-    ignore-generated-header: true
-    severity: error
-    # https://github.com/mgechev/revive
-    rules:
-      - name: errorf
-      - name: context-as-argument
-      - name: error-return
-      - name: increment-decrement
-      - name: indent-error-flow
-      - name: superfluous-else
-      - name: unused-parameter
-      - name: unreachable-code
-      - name: atomic
-      - name: empty-lines
-      - name: early-return
-  gocritic:
-    enabled-tags:
-      - performance
-      - style
-      - experimental
-    disabled-checks:
-      - wrapperFunc
-      - typeDefFirst
-      - ifElseChain
-      - dupImport # https://github.com/go-critic/go-critic/issues/845
 linters:
   enable:
-    # https://golangci-lint.run/usage/linters/
-    # default linters
-    - gosimple
-    - govet
-    - ineffassign
-    - staticcheck
-    - typecheck
-    - unused
-    # additional linters
+    - bodyclose
+    - depguard
     - errorlint
+    - forcetypeassert
     - gochecknoinits
     - gocritic
-    - gofmt
-    - goimports
     - gosec
     - misspell
     - nakedret
     - revive
-    - depguard
-    - bodyclose
     - sqlclosecheck
     - wastedassign
-    - forcetypeassert
-    - errcheck
   disable:
     - noctx # false positive: finds errors with http.NewRequest that dont make sense
     - unparam # false positives
-issues:
-  exclude-use-default: false
-  # disable deprecation errors while we switch over to the SDK structure with multi API version support
-  exclude-rules:
-    - linters:
-        - staticcheck
-      text: "SA1019:"
+  settings:
+    depguard:
+      rules:
+        main:
+          list-mode: lax # Everything is allowed unless it is denied
+          deny:
+            - pkg: github.com/stretchr/testify
+              desc: Do not use a testing framework
+    gocritic:
+      disabled-checks:
+        - wrapperFunc
+        - typeDefFirst
+        - ifElseChain
+        - dupImport # https://github.com/go-critic/go-critic/issues/845
+      enabled-tags:
+        - performance
+        - style
+        - experimental
+    gosec:
+      excludes:
+        # Suppressions: (see https://github.com/securego/gosec#available-rules for details)
+        - G101 # "Look for hardcoded credentials" -> a lot of false positives in descriptions for resources like mariadb/credential
+        - G104 # "Audit errors not checked" -> which we don't need and is a badly implemented version of errcheck
+        - G102 # "Bind to all interfaces" -> since this is normal in k8s
+        - G304 # "File path provided as taint input" -> too many false positives
+        - G307 # "Deferring unsafe method "Close" on type "io.ReadCloser" -> false positive when calling defer resp.Body.Close()
+    misspell:
+      # Correct spellings using locale preferences for US or UK.
+      # Default is to use a neutral variety of English.
+      # Setting locale to US will correct the British spelling of 'colour' to 'color'.
+      locale: US
+    nakedret:
+      max-func-lines: 0
+    revive:
+      severity: error
+      # https://github.com/mgechev/revive
+      rules:
+        - name: errorf
+        - name: context-as-argument
+        - name: error-return
+        - name: increment-decrement
+        - name: indent-error-flow
+        - name: superfluous-else
+        - name: unused-parameter
+        - name: unreachable-code
+        - name: atomic
+        - name: empty-lines
+        - name: early-return
+    staticcheck:
+      checks:
+        # default from https://golangci-lint.run/docs/linters/configuration/#staticcheck
+        - all
+        - "-ST1000"
+        - "-ST1003"
+        - "-ST1016"
+        - "-ST1020"
+        - "-ST1021"
+        - "-ST1022"
+        # customizations
+        - "-SA1019" # disable deprecation errors while we switch over to the SDK structure with multi API version support
+        - "-QF1001" # disable 'could apply De Morgan's law': readability of boolean expressions is subjective and should be decided on a case-by-case basis
+        - "-QF1012" # disable 'use fmt.Fprintf instead' Fprintf returns bytes written and an error, which we'd have to handle/ignore to appease some other linter
+  exclusions:
+    generated: lax
+    rules:
+      - linters:
+          - gocritic
+        text: 'dupOption'
+        path: _acc_test\.go
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

scripts/project.sh

@@ -16,7 +16,7 @@ elif [ "$action" = "tools" ]; then
 
     go mod download
 
-    go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.62.0
+    go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.11.4
     go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@v0.21.0
 else
     echo "Invalid action: '$action', please use $0 help for help"

stackit/internal/conversion/conversion.go

@@ -63,14 +63,14 @@ func ToTerraformStringMap(ctx context.Context, m map[string]string) (basetypes.M
 }
 
 // ToStringInterfaceMap converts a basetypes.MapValue of Strings to a map[string]interface{}.
-func ToStringInterfaceMap(ctx context.Context, m basetypes.MapValue) (map[string]interface{}, error) {
+func ToStringInterfaceMap(ctx context.Context, m basetypes.MapValue) (map[string]any, error) {
 	labels := map[string]string{}
 	diags := m.ElementsAs(ctx, &labels, false)
 	if diags.HasError() {
 		return nil, fmt.Errorf("converting from MapValue: %w", core.DiagsToError(diags))
 	}
 
-	interfaceMap := make(map[string]interface{}, len(labels))
+	interfaceMap := make(map[string]any, len(labels))
 	for k, v := range labels {
 		interfaceMap[k] = v
 	}
@@ -184,7 +184,7 @@ func StringSetToSlice(set basetypes.SetValue) ([]string, error) {
 // It takes a current map as it is in the terraform state and a desired map as it is in the user configuratiom
 // and builds a map which sets to null keys that should be removed, updates the values of existing keys and adds new keys
 // This method is needed because in partial updates, e.g. if the key is not provided it is ignored and not removed
-func ToJSONMapPartialUpdatePayload(ctx context.Context, current, desired types.Map) (map[string]interface{}, error) {
+func ToJSONMapPartialUpdatePayload(ctx context.Context, current, desired types.Map) (map[string]any, error) {
 	currentMap, err := ToStringInterfaceMap(ctx, current)
 	if err != nil {
 		return nil, fmt.Errorf("converting to Go map: %w", err)
@@ -195,7 +195,7 @@ func ToJSONMapPartialUpdatePayload(ctx context.Context, current, desired types.M
 		return nil, fmt.Errorf("converting to Go map: %w", err)
 	}
 
-	mapPayload := map[string]interface{}{}
+	mapPayload := map[string]any{}
 	// Update and remove existing keys
 	for k := range currentMap {
 		if desiredValue, ok := desiredMap[k]; ok {

stackit/internal/conversion/conversion_test.go

@@ -24,7 +24,7 @@ func TestFromTerraformStringMapToInterfaceMap(t *testing.T) {
 	tests := []struct {
 		name    string
 		args    args
-		want    map[string]interface{}
+		want    map[string]any
 		wantErr bool
 	}{
 		{
@@ -37,7 +37,7 @@ func TestFromTerraformStringMapToInterfaceMap(t *testing.T) {
 					"key3": types.StringValue("value3"),
 				}),
 			},
-			want: map[string]interface{}{
+			want: map[string]any{
 				"key":  "value",
 				"key2": "value2",
 				"key3": "value3",
@@ -50,7 +50,7 @@ func TestFromTerraformStringMapToInterfaceMap(t *testing.T) {
 				ctx: context.Background(),
 				m:   types.MapValueMust(types.StringType, map[string]attr.Value{}),
 			},
-			want:    map[string]interface{}{},
+			want:    map[string]any{},
 			wantErr: false,
 		},
 		{
@@ -59,7 +59,7 @@ func TestFromTerraformStringMapToInterfaceMap(t *testing.T) {
 				ctx: context.Background(),
 				m:   types.MapNull(types.StringType),
 			},
-			want:    map[string]interface{}{},
+			want:    map[string]any{},
 			wantErr: false,
 		},
 		{
@@ -92,7 +92,7 @@ func TestToJSONMapUpdatePayload(t *testing.T) {
 		description   string
 		currentLabels types.Map
 		desiredLabels types.Map
-		expected      map[string]interface{}
+		expected      map[string]any
 		isValid       bool
 	}{
 		{
@@ -103,7 +103,7 @@ func TestToJSONMapUpdatePayload(t *testing.T) {
 			types.MapValueMust(types.StringType, map[string]attr.Value{
 				"key": types.StringValue("value"),
 			}),
-			map[string]interface{}{
+			map[string]any{
 				"key": "value",
 			},
 			true,
@@ -116,7 +116,7 @@ func TestToJSONMapUpdatePayload(t *testing.T) {
 			types.MapValueMust(types.StringType, map[string]attr.Value{
 				"key": types.StringValue("updated_value"),
 			}),
-			map[string]interface{}{
+			map[string]any{
 				"key": "updated_value",
 			},
 			true,
@@ -130,7 +130,7 @@ func TestToJSONMapUpdatePayload(t *testing.T) {
 			types.MapValueMust(types.StringType, map[string]attr.Value{
 				"key": types.StringValue("value"),
 			}),
-			map[string]interface{}{
+			map[string]any{
 				"key":  "value",
 				"key2": nil,
 			},
@@ -145,7 +145,7 @@ func TestToJSONMapUpdatePayload(t *testing.T) {
 				"key":  types.StringValue("value"),
 				"key2": types.StringValue("value2"),
 			}),
-			map[string]interface{}{
+			map[string]any{
 				"key":  "value",
 				"key2": "value2",
 			},
@@ -158,7 +158,7 @@ func TestToJSONMapUpdatePayload(t *testing.T) {
 				"key2": types.StringValue("value2"),
 			}),
 			types.MapValueMust(types.StringType, map[string]attr.Value{}),
-			map[string]interface{}{
+			map[string]any{
 				"key":  nil,
 				"key2": nil,
 			},
@@ -171,7 +171,7 @@ func TestToJSONMapUpdatePayload(t *testing.T) {
 				"key2": types.StringValue("value2"),
 			}),
 			types.MapNull(types.StringType),
-			map[string]interface{}{
+			map[string]any{
 				"key":  nil,
 				"key2": nil,
 			},
@@ -184,7 +184,7 @@ func TestToJSONMapUpdatePayload(t *testing.T) {
 				"key":  types.StringValue("value"),
 				"key2": types.StringValue("value2"),
 			}),
-			map[string]interface{}{
+			map[string]any{
 				"key":  "value",
 				"key2": "value2",
 			},
@@ -197,7 +197,7 @@ func TestToJSONMapUpdatePayload(t *testing.T) {
 				"key":  types.StringValue("value"),
 				"key2": types.StringValue("value2"),
 			}),
-			map[string]interface{}{
+			map[string]any{
 				"key":  "value",
 				"key2": "value2",
 			},

stackit/internal/core/core.go

@@ -157,7 +157,7 @@ func LogResponse(ctx context.Context) context.Context {
 	traceId := runtime.GetTraceId(ctx)
 	ctx = tflog.SetField(ctx, "x-trace-id", traceId)
 
-	tflog.Info(ctx, "response data", map[string]interface{}{
+	tflog.Info(ctx, "response data", map[string]any{
 		"x-trace-id": traceId,
 	})
 	return ctx

stackit/internal/services/access_token/ephemeral_resource_test.go

@@ -30,7 +30,7 @@ func startMockTokenServer() *httptest.Server {
 			Scope:       "mock_scope",
 		}
 		w.Header().Set("Content-Type", "application/json")
-		_ = json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp) // nolint:gosec // mock_access_token is not sensitive information
 	})
 	return httptest.NewServer(handler)
 }