stackit-dev-tools/terraform-provider-stackitprivatepreview
3
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

chore: update README (#87)

Browse source 
## Description

<!-- **Please link some issue here describing what you are trying to achieve.**

In case there is no issue present for your PR, please consider creating one.
At least please give us some description what you are trying to achieve and why your change is needed. -->

relates to #1234

## Checklist

- [ ] Issue was linked above
- [ ] Code format was applied: `make fmt`
- [ ] Examples were added / adjusted (see `examples/` directory)
- [x] Docs are up-to-date: `make generate-docs` (will be checked by CI)
- [ ] Unit tests got implemented or updated
- [ ] Acceptance tests got implemented or updated (see e.g. [here](f5f99d1709/stackit/internal/services/dns/dns_acc_test.go))
- [x] Unit tests are passing: `make test` (will be checked by CI)
- [x] No linter issues: `make lint` (will be checked by CI)

Co-authored-by: Marcel S. Henselin <marcel@henselin.net>
Co-authored-by: Marcel S. Henselin <marcel.henselin@stackit.cloud>
Reviewed-on: #87
This commit is contained in:
Marcel_Henselin 2026-03-17 15:33:21 +00:00
parent dd77da71dd
commit 01deb9022d
Signed by: tf-provider.git.onstackit.cloud
GPG key ID: 6D7E8A1ED8955A9C
20 changed files with 680 additions and 89 deletions
Download patch file Download diff file Expand all files Collapse all files

116
README.md
View file

@ -19,7 +19,7 @@ terraform {
required_providers {
stackitprivatepreview = {
source = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview"
version = "= 0.0.5-alpha"
version = ">= 0.1.0"
}
}
}
@ -38,7 +38,6 @@ Check one of the examples in the [examples](examples/) folder.
To authenticate, you will need a [service account](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/). Create it in the [STACKIT Portal](https://portal.stackit.cloud/) and assign the necessary permissions to it, e.g. `project.owner`. There are multiple ways to authenticate:
- Key flow (recommended)
- Token flow (is scheduled for deprecation and will be removed on December 17, 2025.)
When setting up authentication, the provider will always try to use the key flow first and search for credentials in several locations, following a specific order:
@ -52,7 +51,6 @@ When setting up authentication, the provider will always try to use the key flow
```json
{
"STACKIT_SERVICE_ACCOUNT_TOKEN": "foo_token",
"STACKIT_SERVICE_ACCOUNT_KEY_PATH": "path/to/sa_key.json"
}
```
@ -71,35 +69,41 @@ To configure the key flow, follow this steps:
1. Create a service account key:
- Use the [STACKIT Portal](https://portal.stackit.cloud/): go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key. For more details, see [Create a service account key](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/how-tos/manage-service-account-keys/)
- Use the [STACKIT Portal](https://portal.stackit.cloud/): go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key. For more details, see [Create a service account key](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/how-tos/manage-service-account-keys/)
2. Save the content of the service account key by copying it and saving it in a JSON file.
The expected format of the service account key is a **JSON** with the following structure:
```json
{
"id": "uuid",
"publicKey": "public key",
"createdAt": "2023-08-24T14:15:22Z",
"validUntil": "2023-08-24T14:15:22Z",
"keyType": "USER_MANAGED",
"keyOrigin": "USER_PROVIDED",
"keyAlgorithm": "RSA_2048",
"active": true,
"credentials": {
"kid": "string",
"iss": "my-sa@sa.stackit.cloud",
"sub": "uuid",
"aud": "string",
(optional) "privateKey": "private key when generated by the SA service"
}
}
```
```json
{
"id": "uuid",
"publicKey": "public key",
"createdAt": "2023-08-24T14:15:22Z",
"validUntil": "2023-08-24T14:15:22Z",
"keyType": "USER_MANAGED",
"keyOrigin": "USER_PROVIDED",
"keyAlgorithm": "RSA_2048",
"active": true,
"credentials": {
"kid": "string",
"iss": "my-sa@sa.stackit.cloud",
"sub": "uuid",
"aud": "string",
(optional) "privateKey": "private key when generated by the SA service"
}
}
```
3. Configure the service account key for authentication in the provider by following one of the alternatives below:
- setting the fields in the provider block: `service_account_key` or `service_account_key_path`
```hcl
provider "stackitprivatepreview" {
default_region = "eu01"
service_account_key_path = "../service_account.json"
}
```
- setting the environment variable: `STACKIT_SERVICE_ACCOUNT_KEY_PATH` or `STACKIT_SERVICE_ACCOUNT_KEY`
- ensure the set the service account key in `STACKIT_SERVICE_ACCOUNT_KEY` is correctly formatted. Use e.g.
`$ export STACKIT_SERVICE_ACCOUNT_KEY=$(cat ./service-account-key.json)`
@ -111,16 +115,6 @@ To configure the key flow, follow this steps:
> - setting the environment variable: `STACKIT_PRIVATE_KEY_PATH` or `STACKIT_PRIVATE_KEY`
> - setting `STACKIT_PRIVATE_KEY_PATH` in the credentials file (see above)
### Token flow
> Is scheduled for deprecation and will be removed on December 17, 2025.
Using this flow is less secure since the token is long-lived. You can provide the token in several ways:
1. Setting the field `service_account_token` in the provider
2. Setting the environment variable `STACKIT_SERVICE_ACCOUNT_TOKEN`
3. Setting it in the credentials file (see above)
## Backend configuration
To keep track of your terraform state, you can configure an [S3 backend](https://developer.hashicorp.com/terraform/language/settings/backends/s3) using [STACKIT Object Storage](https://docs.stackit.cloud/products/storage/object-storage).
@ -150,62 +144,6 @@ terraform {
Note: AWS specific checks must be skipped as they do not work on STACKIT. For details on what those validations do, see [here](https://developer.hashicorp.com/terraform/language/settings/backends/s3#configuration).
## Opting into Beta Resources
To use beta resources in the STACKIT Terraform provider, follow these steps:
1. **Provider Configuration Option**
Set the `enable_beta_resources` option in the provider configuration. This is a boolean attribute that can be either `true` or `false`.
```hcl
provider "stackit" {
default_region = "eu01"
enable_beta_resources = true
}
```
2. **Environment Variable**
Set the `STACKIT_TF_ENABLE_BETA_RESOURCES` environment variable to `"true"` or `"false"`. Other values will be ignored and will produce a warning.
```sh
export STACKIT_TF_ENABLE_BETA_RESOURCES=true
```
> **Note**: The environment variable takes precedence over the provider configuration option. This means that if the `STACKIT_TF_ENABLE_BETA_RESOURCES` environment variable is set to a valid value (`"true"` or `"false"`), it will override the `enable_beta_resources` option specified in the provider configuration.
For more details, please refer to the [beta resources configuration guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources).
## Opting into Experiments
Experiments are features that are even less mature and stable than Beta Resources. While there is some assumed stability in beta resources, will have to expect breaking changes while using experimental resources. Experimental Resources do not come with any support or warranty.
To enable experiments set the experiments field in the provider definition:
```hcl
provider "stackit" {
default_region = "eu01"
experiments = ["iam", "routing-tables", "network"]
}
```
### Available Experiments
#### `iam`
Enables IAM management features in the Terraform provider. The underlying IAM API is expected to undergo a redesign in the future, which leads to it being considered experimental.
#### `routing-tables`
This feature enables experimental routing table capabilities in the Terraform Provider, available only to designated SNAs at this time.
#### `network`
The `stackit_network` provides the fields `region` and `routing_table_id` when the experiment flag `network` is set.
The underlying API is not stable yet and could change in the future.
If you don't need these fields, don't set the experiment flag `network`, to use the stable api.
## Acceptance Tests
> [!WARNING]

38
sample/alpha-from-registry/key.tf Normal file
View file

@ -0,0 +1,38 @@
resource "stackit_kms_keyring" "mshalpha-keyring" {
project_id = var.project_id
display_name = "msh-alpha-tests"
description = "This is a test keyring for private endpoints"
}
resource "stackit_kms_key" "mshalpha-key01" {
project_id = var.project_id
keyring_id = stackit_kms_keyring.mshalpha-keyring.keyring_id
display_name = "mshalpha-key01"
protection = "software"
algorithm = "aes_256_gcm"
purpose = "symmetric_encrypt_decrypt"
access_scope = "SNA"
}
output "keyid" {
value = stackit_kms_key.mshalpha-key01.key_id
}
# (because stackit_kms_key.key001 is not in configuration)
resource "stackit_kms_key" "key001" {
access_scope = "SNA"
algorithm = "aes_256_gcm"
display_name = "msh-key-sna01"
keyring_id = stackit_kms_keyring.keyring001.keyring_id
project_id = var.project_id
protection = "software"
purpose = "symmetric_encrypt_decrypt"
}
# stackit_kms_keyring.keyring001 will be destroyed
# (because stackit_kms_keyring.keyring001 is not in configuration)
resource "stackit_kms_keyring" "keyring001" {
description = "This is a test keyring for private endpoints"
display_name = "msh-keyring-sna01"
project_id = var.project_id
}

96
sample/alpha-from-registry/postresql.tf Normal file
View file

@ -0,0 +1,96 @@
data "stackitprivatepreview_postgresflexalpha_flavor" "pgsql_flavor" {
project_id = var.project_id
region = "eu01"
cpu = 2
ram = 4
node_type = "Single"
storage_class = "premium-perf2-stackit"
}
resource "stackitprivatepreview_postgresflexalpha_instance" "msh-alpha-sna-enc" {
project_id = var.project_id
name = "msh-alpha-sna-enc"
backup_schedule = "0 0 * * *"
retention_days = 45
flavor_id = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id
replicas = 1
storage = {
performance_class = "premium-perf2-stackit"
size = 10
}
encryption = {
kek_key_id = stackit_kms_key.mshalpha-key01.key_id
kek_key_ring_id = stackit_kms_keyring.mshalpha-keyring.keyring_id
kek_key_version = 1
service_account = var.sa_email
}
network = {
acl = ["0.0.0.0/0", "193.148.160.0/19", "170.85.2.177/32"]
access_scope = "SNA"
}
version = 17
}
resource "stackitprivatepreview_postgresflexalpha_instance" "msh-alpha-nosna-noenc" {
project_id = var.project_id
name = "msh-alpha-nosna-enc"
backup_schedule = "0 0 * * *"
retention_days = 45
flavor_id = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id
replicas = 1
storage = {
performance_class = "premium-perf2-stackit"
size = 10
}
network = {
acl = ["0.0.0.0/0", "193.148.160.0/19", "170.85.2.177/32"]
access_scope = "PUBLIC"
}
version = 16
}
resource "stackitprivatepreview_postgresflexalpha_user" "ptlsdbadminuser" {
project_id = var.project_id
instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-alpha-sna-enc.instance_id
name = var.db_admin_username
roles = ["createdb", "login"]
# roles = ["createdb", "login", "createrole"]
}
resource "stackitprivatepreview_postgresflexalpha_user" "ptlsdbuser" {
project_id = var.project_id
instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-alpha-sna-enc.instance_id
name = var.db_username
roles = ["login"]
# roles = ["createdb", "login", "createrole"]
}
resource "stackitprivatepreview_postgresflexalpha_database" "example" {
count = 5
depends_on = [stackitprivatepreview_postgresflexalpha_user.ptlsdbadminuser]
project_id = var.project_id
instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-alpha-sna-enc.instance_id
name = "${var.db_name}${count.index}"
owner = var.db_admin_username
}
# data "stackitprivatepreview_postgresflexalpha_instance" "datapsql" {
# project_id = var.project_id
# instance_id = var.instance_id
# region = "eu01"
# }
# output "psql_instance_id" {
# value = data.stackitprivatepreview_postgresflexalpha_instance.datapsql.instance_id
# }
output "psql_user_password" {
value = stackitprivatepreview_postgresflexalpha_user.ptlsdbuser.password
sensitive = true
}
# output "psql_user_conn" {
# value = stackitprivatepreview_postgresflexalpha_user.ptlsdbuser.connection_string
# sensitive = true
# }

24
sample/alpha-from-registry/providers.tf Normal file
View file

@ -0,0 +1,24 @@
terraform {
required_providers {
stackit = {
source = "registry.terraform.io/stackitcloud/stackit"
version = "~> 0.70"
}
stackitprivatepreview = {
source = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview"
version = ">=0.1.0"
}
}
}
provider "stackit" {
default_region = "eu01"
enable_beta_resources = true
service_account_key_path = "../service_account.json"
}
provider "stackitprivatepreview" {
default_region = "eu01"
service_account_key_path = "../service_account.json"
}

101
sample/alpha-from-registry/sqlserver.tf Normal file
View file

@ -0,0 +1,101 @@
# resource "stackit_kms_keyring" "keyring001" {
# project_id = var.project_id
# display_name = "msh-keyring-sna01"
# description = "This is a test keyring for private endpoints"
# }
#
# resource "stackit_kms_key" "key001" {
# project_id = var.project_id
# keyring_id = stackit_kms_keyring.keyring001.keyring_id
# display_name = "msh-key-sna01"
# protection = "software"
# algorithm = "aes_256_gcm"
# purpose = "symmetric_encrypt_decrypt"
# access_scope = "SNA"
# }
data "stackitprivatepreview_sqlserverflexbeta_flavor" "sqlserver_flavor" {
project_id = var.project_id
region = "eu01"
cpu = 4
ram = 16
node_type = "Single"
storage_class = "premium-perf2-stackit"
}
resource "stackitprivatepreview_sqlserverflexbeta_instance" "msh-sna-001" {
project_id = var.project_id
name = "msh-sna-001"
backup_schedule = "0 3 * * *"
retention_days = 31
flavor_id = data.stackitprivatepreview_sqlserverflexbeta_flavor.sqlserver_flavor.flavor_id
storage = {
class = "premium-perf2-stackit"
size = 50
}
version = 2022
encryption = {
kek_key_version = 1
kek_key_id = var.key_id
kek_key_ring_id = var.keyring_id
service_account = var.sa_email
}
network = {
acl = ["0.0.0.0/0", "193.148.160.0/19"]
access_scope = "SNA"
}
}
#resource "stackitprivatepreview_sqlserverflexbeta_instance" "msh-nosna-001" {
# project_id = var.project_id
# name = "msh-nosna-001"
# backup_schedule = "0 3 * * *"
# retention_days = 31
# flavor_id = data.stackitprivatepreview_sqlserverflexbeta_flavor.sqlserver_flavor.flavor_id
# storage = {
# class = "premium-perf2-stackit"
# size = 50
# }
# version = 2022
# # encryption = {
# # #key_id = stackit_kms_key.key.key_id
# # #keyring_id = stackit_kms_keyring.keyring.keyring_id
# # #key_version = 1
# # #key_id = var.key_id
# # # key with scope public
# # key_id = "fe039bcf-8d7b-431a-801d-9e81371a6b7b"
# # keyring_id = var.keyring_id
# # key_version = var.key_version
# # service_account = var.sa_email
# # }
# network = {
# acl = ["0.0.0.0/0", "193.148.160.0/19"]
# access_scope = "PUBLIC"
# }
#}
# data "stackitprivatepreview_sqlserverflexbeta_instance" "test" {
# project_id = var.project_id
# instance_id = var.instance_id
# region = "eu01"
# }
# output "test" {
# value = data.stackitprivatepreview_sqlserverflexbeta_instance.test
# }
resource "stackitprivatepreview_sqlserverflexbeta_user" "ptlsdbadminuser" {
project_id = var.project_id
instance_id = stackitprivatepreview_sqlserverflexbeta_instance.msh-sna-001.instance_id
username = var.db_admin_username
#roles = ["##STACKIT_LoginManager##", "##STACKIT_DatabaseManager##"]
roles = ["##STACKIT_LoginManager##"]
}
resource "stackitprivatepreview_sqlserverflexbeta_user" "ptlsdbuser" {
project_id = var.project_id
instance_id = stackitprivatepreview_sqlserverflexbeta_instance.msh-sna-001.instance_id
username = var.db_username
roles = ["##STACKIT_LoginManager##"]
}

57
sample/kms/kms.tf Normal file
View file

@ -0,0 +1,57 @@
resource "stackit_kms_keyring" "keyring001" {
project_id = var.project_id
display_name = "msh-keyring-sna01"
description = "This is a test keyring for private endpoints"
}
resource "stackit_kms_key" "key001" {
project_id = var.project_id
keyring_id = stackit_kms_keyring.keyring001.keyring_id
display_name = "msh-key-sna01"
protection = "software"
algorithm = "aes_256_gcm"
purpose = "symmetric_encrypt_decrypt"
access_scope = "SNA"
}
# data "stackitprivatepreview_sqlserverflexalpha_instance" "test" {
# project_id = var.project_id
# instance_id = var.instance_id
# region = "eu01"
# }
output "key_ring_id" {
value = stackit_kms_keyring.keyring001.id
}
resource "stackit_kms_keyring" "keyring001yy" {
project_id = var.project_id
display_name = "msh-kr-sna01"
description = "This is a test keyring for private endpoints"
}
resource "stackit_kms_key" "key001yy" {
project_id = var.project_id
keyring_id = stackit_kms_keyring.keyring001yy.keyring_id
display_name = "msh-k-001"
protection = "software"
algorithm = "aes_256_gcm"
purpose = "symmetric_encrypt_decrypt"
access_scope = "SNA"
}
# data "stackitprivatepreview_sqlserverflexalpha_instance" "test" {
# project_id = var.project_id
# instance_id = var.instance_id
# region = "eu01"
# }
output "key_ring_idxx" {
value = stackit_kms_keyring.keyring001yy.id
}
output "key_id" {
value = stackit_kms_key.key001yy.id
}

25
sample/kms/providers.tf Normal file
View file

@ -0,0 +1,25 @@
terraform {
required_providers {
stackit = {
source = "registry.terraform.io/stackitcloud/stackit"
version = "~> 0.70"
}
# stackitprivatepreview = {
# source = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview"
# version = "= 0.0.2-alpha"
# }
}
}
provider "stackit" {
default_region = "eu01"
enable_beta_resources = true
service_account_key_path = "../service_account.json"
}
# provider "stackitprivatepreview" {
# default_region = "eu01"
# enable_beta_resources = true
# service_account_key_path = "../service_account.json"
# }

4
sample/pg_import/outputs.tf Normal file
View file

@ -0,0 +1,4 @@
#
# output "postgres_flavor" {
# value = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id
# }

45
sample/pg_import/postresql.tf Normal file
View file

@ -0,0 +1,45 @@
data "stackitprivatepreview_postgresflexalpha_flavor" "pgsql_flavor" {
project_id = var.project_id
region = "eu01"
cpu = 2
ram = 4
node_type = "Single"
storage_class = "premium-perf2-stackit"
}
resource "stackitprivatepreview_postgresflexalpha_instance" "import_for_deletion" {
project_id = var.project_id
name = "mshpetest2"
backup_schedule = "0 0 * * *"
retention_days = 45
flavor_id = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id
replicas = 1
storage = {
# class = "premium-perf2-stackit"
performance_class = "premium-perf2-stackit"
size = 10
}
encryption = {
# key_id = stackit_kms_key.key.key_id
# keyring_id = stackit_kms_keyring.keyring.keyring_id
kek_key_id = var.key_id
kek_key_ring_id = var.keyring_id
kek_key_version = var.key_version
service_account = var.sa_email
}
network = {
acl = ["0.0.0.0/0", "193.148.160.0/19", "170.85.2.177/32"]
access_scope = "PUBLIC"
}
version = 14
}
import {
to = stackitprivatepreview_postgresflexalpha_instance.import_for_deletion
identity = {
project_id = var.project_id
region = "eu01"
instance_id = "d52b5d4c-be3f-4c14-a107-330dab99fd2e"
}
}

25
sample/pg_import/providers.tf Normal file
View file

@ -0,0 +1,25 @@
terraform {
required_providers {
# stackit = {
# source = "registry.terraform.io/stackitcloud/stackit"
# version = "~> 0.70"
# }
stackitprivatepreview = {
source = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview"
version = "> 0.0"
}
}
}
# provider "stackit" {
# default_region = "eu01"
# enable_beta_resources = true
# service_account_key_path = "./service_account.json"
# }
provider "stackitprivatepreview" {
default_region = "eu01"
enable_beta_resources = true
service_account_key_path = "../service_account.json"
}

11
sample/pg_import/variables.tf.example Normal file
View file

@ -0,0 +1,11 @@
variable "project_id" {
default = "<PROJECT ID UUID>"
}
variable "sa_email" {
default = "<SERVICE ACCOUNT EMAIL>"
}
variable "db_username" {
default = "<DB USERNAME>"
}

0
sample/pg_instance/outputs.tf Normal file
View file

17
sample/pg_instance/postresql.tf Normal file
View file

@ -0,0 +1,17 @@
data "stackitprivatepreview_postgresflexalpha_flavor" "pgsql_flavor" {
project_id = var.project_id
region = "eu01"
cpu = 2
ram = 4
node_type = "Single"
storage_class = "premium-perf2-stackit"
}
data "stackitprivatepreview_postgresflexalpha_flavor" "pgsql_flavor2"{
project_id = var.project_id
region = "eu01"
cpu = 2
ram = 4
node_type = "Single"
storage_class = "premium-perf2-stackit"
}

25
sample/pg_instance/providers.tf Normal file
View file

@ -0,0 +1,25 @@
terraform {
required_providers {
# stackit = {
# source = "registry.terraform.io/stackitcloud/stackit"
# version = "~> 0.70"
# }
stackitprivatepreview = {
source = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview"
version = "> 0.0"
}
}
}
# provider "stackit" {
# default_region = "eu01"
# enable_beta_resources = true
# service_account_key_path = "./service_account.json"
# }
provider "stackitprivatepreview" {
default_region = "eu01"
enable_beta_resources = true
service_account_key_path = "/home/henselinm/Development/PTLS/terraform-provider-stackit-MSH/sample/pg_instance/service_account.json"
}

11
sample/pg_instance/variables.tf.example Normal file
View file

@ -0,0 +1,11 @@
variable "project_id" {
default = "<PROJECT ID UUID>"
}
variable "sa_email" {
default = "<SERVICE ACCOUNT EMAIL>"
}
variable "db_username" {
default = "<DB USERNAME>"
}

13
sample/sqlserver_beta/flavor.tf Normal file
View file

@ -0,0 +1,13 @@
#
# data "stackitprivatepreview_sqlserverflexalpha_flavor" "sqlserver_flavor" {
# project_id = var.project_id
# region = "eu01"
# cpu = 4
# ram = 16
# node_type = "Single"
# storage_class = "premium-perf2-stackit"
# }
#
# output "sqlserver_flavor" {
# value = data.stackitprivatepreview_sqlserverflexalpha_flavor.sqlserver_flavor.flavor_id
# }

9
sample/sqlserver_beta/postgres.tf Normal file
View file

@ -0,0 +1,9 @@
data "stackitprivatepreview_postgresflexalpha_flavor" "pgsql_flavor" {
project_id = var.project_id
region = "eu01"
cpu = 2
ram = 4
node_type = "Single"
storage_class = "premium-perf2-stackit"
}

25
sample/sqlserver_beta/providers.tf Normal file
View file

@ -0,0 +1,25 @@
terraform {
required_providers {
# stackit = {
# source = "registry.terraform.io/stackitcloud/stackit"
# version = "~> 0.70"
# }
stackitprivatepreview = {
source = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview"
version = "> 0.0"
}
}
}
# provider "stackit" {
# default_region = "eu01"
# enable_beta_resources = true
# service_account_key_path = "../service_account.json"
# }
provider "stackitprivatepreview" {
default_region = "eu01"
enable_beta_resources = true
service_account_key_path = "../service_account.json"
}

116
sample/sqlserver_beta/sqlserver.tf Normal file
View file

@ -0,0 +1,116 @@
data "stackitprivatepreview_sqlserverflexbeta_flavor" "sqlserver_flavor" {
project_id = var.project_id
region = "eu01"
cpu = 4
ram = 16
node_type = "Single"
storage_class = "premium-perf2-stackit"
}
data "stackitprivatepreview_sqlserverflexbeta_flavor" "sqlserver_flavor_2" {
project_id = var.project_id
region = "eu01"
cpu = 4
ram = 32
node_type = "Replica"
storage_class = "premium-perf2-stackit"
}
resource "stackitprivatepreview_sqlserverflexbeta_instance" "msh-beta-nosna-001" {
project_id = var.project_id
name = "msh-beta-nosna-001-renamed"
backup_schedule = "0 3 * * *"
retention_days = 31
flavor_id = data.stackitprivatepreview_sqlserverflexbeta_flavor.sqlserver_flavor.flavor_id
storage = {
class = "premium-perf2-stackit"
size = 50
}
version = 2022
network = {
acl = ["0.0.0.0/0", "193.148.160.0/19"]
access_scope = "PUBLIC"
}
}
resource "stackitprivatepreview_sqlserverflexbeta_instance" "msh-beta-sna-001" {
project_id = var.project_id
name = "msh-beta-sna-001"
backup_schedule = "0 3 * * *"
retention_days = 31
flavor_id = data.stackitprivatepreview_sqlserverflexbeta_flavor.sqlserver_flavor.flavor_id
storage = {
class = "premium-perf2-stackit"
size = 5
}
version = 2022
encryption = {
#key_id = stackit_kms_key.key.key_id
#keyring_id = stackit_kms_keyring.keyring.keyring_id
#key_version = 1
# key with scope public
kek_key_id = "fe039bcf-8d7b-431a-801d-9e81371a6b7b"
# key_id = var.key_id
kek_key_ring_id = var.keyring_id
kek_key_version = var.key_version
service_account = var.sa_email
}
network = {
acl = ["0.0.0.0/0", "193.148.160.0/19"]
access_scope = "SNA"
}
}
resource "stackitprivatepreview_sqlserverflexbeta_user" "exampleuseruno" {
project_id = var.project_id
instance_id = stackitprivatepreview_sqlserverflexbeta_instance.msh-beta-nosna-001.instance_id
username = "exampleuserdue"
roles = ["##STACKIT_ProcessManager##", "##STACKIT_LoginManager##", "##STACKIT_ServerManager##"]
}
resource "stackitprivatepreview_sqlserverflexbeta_user" "exampleuser" {
project_id = var.project_id
instance_id = stackitprivatepreview_sqlserverflexbeta_instance.msh-beta-nosna-001.instance_id
username = "exampleuser"
roles = ["##STACKIT_LoginManager##"]
}
resource "stackitprivatepreview_sqlserverflexbeta_database" "mshtest002" {
project_id = var.project_id
instance_id = stackitprivatepreview_sqlserverflexbeta_instance.msh-beta-nosna-001.instance_id
name = "mshtest002"
# owner = "dbuser"
owner = stackitprivatepreview_sqlserverflexbeta_user.exampleuseruno.username
}
# data "stackitprivatepreview_sqlserverflexbeta_database" "example" {
# project_id = var.project_id
# region = "eu01"
# instance_id = "b3b63d0c-35bf-4804-84ea-5abec2a8ae58"
# database_name = "mshtest001"
# }
# output "dbdetails" {
# value = data.stackitprivatepreview_sqlserverflexbeta_database.example
# }
#
# resource "stackitprivatepreview_sqlserverflexbeta_database" "mshtest" {
# project_id = var.project_id
# instance_id = "b3b63d0c-35bf-4804-84ea-5abec2a8ae58"
# name = "mshtest"
# owner = "dbuser"
# }
#
# import {
# to = stackitprivatepreview_sqlserverflexbeta_database.mshtest
# identity = {
# project_id = var.project_id
# region = "eu01"
# instance_id = "b3b63d0c-35bf-4804-84ea-5abec2a8ae58"
# database_name = "mshtest"
# }
# }

11
sample/sqlserver_beta/variables.tf.example Normal file
View file

@ -0,0 +1,11 @@
variable "project_id" {
default = "<PROJECT ID UUID>"
}
variable "sa_email" {
default = "<SERVICE ACCOUNT EMAIL>"
}
variable "db_username" {
default = "<DB USERNAME>"
}