Merge remote-tracking branch 'upstream/main'

Author: david-mey-STACKIT

docs/data-sources/alb_certificate.md

@@ -0,0 +1,36 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_alb_certificate Data Source - stackit"
+subcategory: ""
+description: |-
+  ALB TLS Certificate data source schema. Must have a region specified in the provider configuration.
+---
+
+# stackit_alb_certificate (Data Source)
+
+ALB TLS Certificate data source schema. Must have a region specified in the provider configuration.
+
+## Example Usage
+
+```terraform
+data "stackit_alb_certificate" "example" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  cert_id    = "example-certificate-v1-dfa816b3184f63f43d918ea5f9493f5359f6c2404b69afbb0b60fb1af69d0bc0"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cert_id` (String) The ID of the certificate.
+- `project_id` (String) STACKIT project ID to which the certificate is associated.
+
+### Read-Only
+
+- `id` (String) Terraform's internal resource ID. It is structured as `project_id`,`region`,`name`.
+- `name` (String) Certificate name.
+- `private_key` (String) The PEM encoded private key part
+- `public_key` (String) The PEM encoded public key part
+- `region` (String) The resource region (e.g. eu01). If not defined, the provider region is used.

docs/index.md

@@ -163,6 +163,7 @@ Note: AWS specific checks must be skipped as they do not work on STACKIT. For de
 
 ### Optional
 
+- `alb_certificates_custom_endpoint` (String) Custom endpoint for the Application Load Balancer TLS Certificate service
 - `alb_custom_endpoint` (String) Custom endpoint for the Application Load Balancer service
 - `authorization_custom_endpoint` (String) Custom endpoint for the Membership service
 - `cdn_custom_endpoint` (String) Custom endpoint for the CDN service

docs/resources/alb_certificate.md

@@ -0,0 +1,76 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_alb_certificate Resource - stackit"
+subcategory: ""
+description: |-
+  Setting up supporting infrastructure
+  The example below creates the supporting infrastructure using the STACKIT Terraform provider, including the the automatic creation of a TLS certificate resource.
+---
+
+# stackit_alb_certificate (Resource)
+
+## Setting up supporting infrastructure
+
+
+The example below creates the supporting infrastructure using the STACKIT Terraform provider, including the the automatic creation of a TLS certificate resource.
+
+## Example Usage
+
+```terraform
+variable "project_id" {
+  description = "The STACKIT Project ID"
+  type        = string
+  default     = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}
+
+# Create a RAS key pair
+resource "tls_private_key" "example" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+# Create a TLS certificate
+resource "tls_self_signed_cert" "example" {
+  private_key_pem = tls_private_key.example.private_key_pem
+
+  subject {
+    common_name  = "localhost"
+    organization = "Stackit Test"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+# Create a ALB certificate
+resource "stackit_alb_certificate" "certificate" {
+  project_id  = var.project_id
+  name        = "example-certificate"
+  private_key = tls_private_key.example.private_key_pem
+  public_key  = tls_self_signed_cert.example.cert_pem
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Certificate name.
+- `private_key` (String, Sensitive) The PEM encoded private key part
+- `project_id` (String) STACKIT project ID to which the certificate is associated.
+- `public_key` (String) The PEM encoded public key part
+
+### Optional
+
+- `region` (String) The resource region (e.g. eu01). If not defined, the provider region is used.
+
+### Read-Only
+
+- `cert_id` (String) The ID of the certificate.
+- `id` (String) Terraform's internal resource ID. It is structured as `project_id`,`region`,`cert_id`.

docs/resources/application_load_balancer.md

@@ -115,6 +115,38 @@ resource "stackit_loadbalancer_observability_credential" "observability" {
   username     = "username"
 }
 
+# Create a RAS key pair
+resource "tls_private_key" "example" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+# Create a TLS certificate
+resource "tls_self_signed_cert" "example" {
+  private_key_pem = tls_private_key.example.private_key_pem
+
+  subject {
+    common_name  = "localhost"
+    organization = "Stackit Test"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+# Create a ALB certificate
+resource "stackit_alb_certificate" "certificate" {
+  project_id  = var.project_id
+  name        = "example-certificate"
+  private_key = tls_private_key.example.private_key_pem
+  public_key  = tls_self_signed_cert.example.cert_pem
+}
+
 # Create a Application Load Balancer
 resource "stackit_application_load_balancer" "example" {
   project_id = var.project_id
@@ -156,9 +188,7 @@ resource "stackit_application_load_balancer" "example" {
     https = {
       certificate_config = {
         certificate_ids = [
-          # Currently no TF provider available, needs to be added with API
-          # https://docs.api.stackit.cloud/documentation/certificates/version/v2
-          "name-v1-8c81bd317af8a03b8ef0851ccb074eb17d1ad589b540446244a5e593f78ef820"
+          stackit_alb_certificate.certificate.cert_id
         ]
       }
     }

docs/resources/authorization_folder_role_assignment.md

@@ -43,7 +43,7 @@ import {
 
 - `resource_id` (String) folder Resource to assign the role to.
 - `role` (String) Role to be assigned. Available roles can be queried using stackit-cli: `stackit curl https://authorization.api.stackit.cloud/v2/permissions`
-- `subject` (String) Identifier of user, service account or client. Usually email address or name in case of clients
+- `subject` (String) Identifier of user, service account or client. Usually email address or name in case of clients. All letters must be lowercased.
 
 ### Read-Only
 

docs/resources/authorization_organization_role_assignment.md

@@ -36,7 +36,7 @@ import {
 
 - `resource_id` (String) organization Resource to assign the role to.
 - `role` (String) Role to be assigned. Available roles can be queried using stackit-cli: `stackit curl https://authorization.api.stackit.cloud/v2/permissions`
-- `subject` (String) Identifier of user, service account or client. Usually email address or name in case of clients
+- `subject` (String) Identifier of user, service account or client. Usually email address or name in case of clients. All letters must be lowercased.
 
 ### Read-Only
 

docs/resources/authorization_project_role_assignment.md

@@ -43,7 +43,7 @@ import {
 
 - `resource_id` (String) project Resource to assign the role to.
 - `role` (String) Role to be assigned. Available roles can be queried using stackit-cli: `stackit curl https://authorization.api.stackit.cloud/v2/permissions`
-- `subject` (String) Identifier of user, service account or client. Usually email address or name in case of clients
+- `subject` (String) Identifier of user, service account or client. Usually email address or name in case of clients. All letters must be lowercased.
 
 ### Read-Only
 

examples/data-sources/stackit_alb_certificate/data-source.tf

@@ -0,0 +1,4 @@
+data "stackit_alb_certificate" "example" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  cert_id    = "example-certificate-v1-dfa816b3184f63f43d918ea5f9493f5359f6c2404b69afbb0b60fb1af69d0bc0"
+}

examples/resources/stackit_alb_certificate/resource.tf

@@ -0,0 +1,37 @@
+variable "project_id" {
+  description = "The STACKIT Project ID"
+  type        = string
+  default     = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}
+
+# Create a RAS key pair
+resource "tls_private_key" "example" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+# Create a TLS certificate
+resource "tls_self_signed_cert" "example" {
+  private_key_pem = tls_private_key.example.private_key_pem
+
+  subject {
+    common_name  = "localhost"
+    organization = "Stackit Test"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+# Create a ALB certificate
+resource "stackit_alb_certificate" "certificate" {
+  project_id  = var.project_id
+  name        = "example-certificate"
+  private_key = tls_private_key.example.private_key_pem
+  public_key  = tls_self_signed_cert.example.cert_pem
+}

examples/resources/stackit_application_load_balancer/resource.tf

@@ -96,6 +96,38 @@ resource "stackit_loadbalancer_observability_credential" "observability" {
   username     = "username"
 }
 
+# Create a RAS key pair
+resource "tls_private_key" "example" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+# Create a TLS certificate
+resource "tls_self_signed_cert" "example" {
+  private_key_pem = tls_private_key.example.private_key_pem
+
+  subject {
+    common_name  = "localhost"
+    organization = "Stackit Test"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+# Create a ALB certificate
+resource "stackit_alb_certificate" "certificate" {
+  project_id  = var.project_id
+  name        = "example-certificate"
+  private_key = tls_private_key.example.private_key_pem
+  public_key  = tls_self_signed_cert.example.cert_pem
+}
+
 # Create a Application Load Balancer
 resource "stackit_application_load_balancer" "example" {
   project_id = var.project_id
@@ -137,9 +169,7 @@ resource "stackit_application_load_balancer" "example" {
     https = {
       certificate_config = {
         certificate_ids = [
-          # Currently no TF provider available, needs to be added with API
-          # https://docs.api.stackit.cloud/documentation/certificates/version/v2
-          "name-v1-8c81bd317af8a03b8ef0851ccb074eb17d1ad589b540446244a5e593f78ef820"
+          stackit_alb_certificate.certificate.cert_id
         ]
       }
     }