diff --git a/README.md b/README.md index ab79f28e..b90466b9 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ terraform { required_providers { stackitprivatepreview = { source = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview" - version = "= 0.0.5-alpha" + version = ">= 0.1.0" } } } @@ -38,7 +38,6 @@ Check one of the examples in the [examples](examples/) folder. To authenticate, you will need a [service account](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/). Create it in the [STACKIT Portal](https://portal.stackit.cloud/) and assign the necessary permissions to it, e.g. `project.owner`. There are multiple ways to authenticate: - Key flow (recommended) -- Token flow (is scheduled for deprecation and will be removed on December 17, 2025.) When setting up authentication, the provider will always try to use the key flow first and search for credentials in several locations, following a specific order: @@ -52,7 +51,6 @@ When setting up authentication, the provider will always try to use the key flow ```json { - "STACKIT_SERVICE_ACCOUNT_TOKEN": "foo_token", "STACKIT_SERVICE_ACCOUNT_KEY_PATH": "path/to/sa_key.json" } ``` @@ -71,35 +69,41 @@ To configure the key flow, follow this steps: 1. Create a service account key: -- Use the [STACKIT Portal](https://portal.stackit.cloud/): go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key. For more details, see [Create a service account key](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/how-tos/manage-service-account-keys/) + - Use the [STACKIT Portal](https://portal.stackit.cloud/): go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key. For more details, see [Create a service account key](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/how-tos/manage-service-account-keys/) 2. Save the content of the service account key by copying it and saving it in a JSON file. The expected format of the service account key is a **JSON** with the following structure: -```json -{ - "id": "uuid", - "publicKey": "public key", - "createdAt": "2023-08-24T14:15:22Z", - "validUntil": "2023-08-24T14:15:22Z", - "keyType": "USER_MANAGED", - "keyOrigin": "USER_PROVIDED", - "keyAlgorithm": "RSA_2048", - "active": true, - "credentials": { - "kid": "string", - "iss": "my-sa@sa.stackit.cloud", - "sub": "uuid", - "aud": "string", - (optional) "privateKey": "private key when generated by the SA service" - } -} -``` + ```json + { + "id": "uuid", + "publicKey": "public key", + "createdAt": "2023-08-24T14:15:22Z", + "validUntil": "2023-08-24T14:15:22Z", + "keyType": "USER_MANAGED", + "keyOrigin": "USER_PROVIDED", + "keyAlgorithm": "RSA_2048", + "active": true, + "credentials": { + "kid": "string", + "iss": "my-sa@sa.stackit.cloud", + "sub": "uuid", + "aud": "string", + (optional) "privateKey": "private key when generated by the SA service" + } + } + ``` 3. Configure the service account key for authentication in the provider by following one of the alternatives below: - setting the fields in the provider block: `service_account_key` or `service_account_key_path` + ```hcl + provider "stackitprivatepreview" { + default_region = "eu01" + service_account_key_path = "../service_account.json" + } + ``` - setting the environment variable: `STACKIT_SERVICE_ACCOUNT_KEY_PATH` or `STACKIT_SERVICE_ACCOUNT_KEY` - ensure the set the service account key in `STACKIT_SERVICE_ACCOUNT_KEY` is correctly formatted. Use e.g. `$ export STACKIT_SERVICE_ACCOUNT_KEY=$(cat ./service-account-key.json)` @@ -111,16 +115,6 @@ To configure the key flow, follow this steps: > - setting the environment variable: `STACKIT_PRIVATE_KEY_PATH` or `STACKIT_PRIVATE_KEY` > - setting `STACKIT_PRIVATE_KEY_PATH` in the credentials file (see above) -### Token flow - -> Is scheduled for deprecation and will be removed on December 17, 2025. - -Using this flow is less secure since the token is long-lived. You can provide the token in several ways: - -1. Setting the field `service_account_token` in the provider -2. Setting the environment variable `STACKIT_SERVICE_ACCOUNT_TOKEN` -3. Setting it in the credentials file (see above) - ## Backend configuration To keep track of your terraform state, you can configure an [S3 backend](https://developer.hashicorp.com/terraform/language/settings/backends/s3) using [STACKIT Object Storage](https://docs.stackit.cloud/products/storage/object-storage). @@ -150,62 +144,6 @@ terraform { Note: AWS specific checks must be skipped as they do not work on STACKIT. For details on what those validations do, see [here](https://developer.hashicorp.com/terraform/language/settings/backends/s3#configuration). -## Opting into Beta Resources - -To use beta resources in the STACKIT Terraform provider, follow these steps: - -1. **Provider Configuration Option** - - Set the `enable_beta_resources` option in the provider configuration. This is a boolean attribute that can be either `true` or `false`. - - ```hcl - provider "stackit" { - default_region = "eu01" - enable_beta_resources = true - } - ``` - -2. **Environment Variable** - - Set the `STACKIT_TF_ENABLE_BETA_RESOURCES` environment variable to `"true"` or `"false"`. Other values will be ignored and will produce a warning. - - ```sh - export STACKIT_TF_ENABLE_BETA_RESOURCES=true - ``` - -> **Note**: The environment variable takes precedence over the provider configuration option. This means that if the `STACKIT_TF_ENABLE_BETA_RESOURCES` environment variable is set to a valid value (`"true"` or `"false"`), it will override the `enable_beta_resources` option specified in the provider configuration. - -For more details, please refer to the [beta resources configuration guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources). - -## Opting into Experiments - -Experiments are features that are even less mature and stable than Beta Resources. While there is some assumed stability in beta resources, will have to expect breaking changes while using experimental resources. Experimental Resources do not come with any support or warranty. - -To enable experiments set the experiments field in the provider definition: - -```hcl -provider "stackit" { - default_region = "eu01" - experiments = ["iam", "routing-tables", "network"] -} -``` - -### Available Experiments - -#### `iam` - -Enables IAM management features in the Terraform provider. The underlying IAM API is expected to undergo a redesign in the future, which leads to it being considered experimental. - -#### `routing-tables` - -This feature enables experimental routing table capabilities in the Terraform Provider, available only to designated SNAs at this time. - -#### `network` - -The `stackit_network` provides the fields `region` and `routing_table_id` when the experiment flag `network` is set. -The underlying API is not stable yet and could change in the future. -If you don't need these fields, don't set the experiment flag `network`, to use the stable api. - ## Acceptance Tests > [!WARNING] diff --git a/sample/alpha-from-registry/key.tf b/sample/alpha-from-registry/key.tf new file mode 100644 index 00000000..8be28ac7 --- /dev/null +++ b/sample/alpha-from-registry/key.tf @@ -0,0 +1,38 @@ +resource "stackit_kms_keyring" "mshalpha-keyring" { + project_id = var.project_id + display_name = "msh-alpha-tests" + description = "This is a test keyring for private endpoints" +} + +resource "stackit_kms_key" "mshalpha-key01" { + project_id = var.project_id + keyring_id = stackit_kms_keyring.mshalpha-keyring.keyring_id + display_name = "mshalpha-key01" + protection = "software" + algorithm = "aes_256_gcm" + purpose = "symmetric_encrypt_decrypt" + access_scope = "SNA" +} + +output "keyid" { + value = stackit_kms_key.mshalpha-key01.key_id +} + +# (because stackit_kms_key.key001 is not in configuration) +resource "stackit_kms_key" "key001" { + access_scope = "SNA" + algorithm = "aes_256_gcm" + display_name = "msh-key-sna01" + keyring_id = stackit_kms_keyring.keyring001.keyring_id + project_id = var.project_id + protection = "software" + purpose = "symmetric_encrypt_decrypt" +} + +# stackit_kms_keyring.keyring001 will be destroyed +# (because stackit_kms_keyring.keyring001 is not in configuration) +resource "stackit_kms_keyring" "keyring001" { + description = "This is a test keyring for private endpoints" + display_name = "msh-keyring-sna01" + project_id = var.project_id +} diff --git a/sample/alpha-from-registry/postresql.tf b/sample/alpha-from-registry/postresql.tf new file mode 100644 index 00000000..0e728f81 --- /dev/null +++ b/sample/alpha-from-registry/postresql.tf @@ -0,0 +1,96 @@ + +data "stackitprivatepreview_postgresflexalpha_flavor" "pgsql_flavor" { + project_id = var.project_id + region = "eu01" + cpu = 2 + ram = 4 + node_type = "Single" + storage_class = "premium-perf2-stackit" +} + +resource "stackitprivatepreview_postgresflexalpha_instance" "msh-alpha-sna-enc" { + project_id = var.project_id + name = "msh-alpha-sna-enc" + backup_schedule = "0 0 * * *" + retention_days = 45 + flavor_id = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id + replicas = 1 + storage = { + performance_class = "premium-perf2-stackit" + size = 10 + } + encryption = { + kek_key_id = stackit_kms_key.mshalpha-key01.key_id + kek_key_ring_id = stackit_kms_keyring.mshalpha-keyring.keyring_id + kek_key_version = 1 + service_account = var.sa_email + } + network = { + acl = ["0.0.0.0/0", "193.148.160.0/19", "170.85.2.177/32"] + access_scope = "SNA" + } + version = 17 +} + +resource "stackitprivatepreview_postgresflexalpha_instance" "msh-alpha-nosna-noenc" { + project_id = var.project_id + name = "msh-alpha-nosna-enc" + backup_schedule = "0 0 * * *" + retention_days = 45 + flavor_id = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id + replicas = 1 + storage = { + performance_class = "premium-perf2-stackit" + size = 10 + } + network = { + acl = ["0.0.0.0/0", "193.148.160.0/19", "170.85.2.177/32"] + access_scope = "PUBLIC" + } + version = 16 +} + +resource "stackitprivatepreview_postgresflexalpha_user" "ptlsdbadminuser" { + project_id = var.project_id + instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-alpha-sna-enc.instance_id + name = var.db_admin_username + roles = ["createdb", "login"] + # roles = ["createdb", "login", "createrole"] +} + +resource "stackitprivatepreview_postgresflexalpha_user" "ptlsdbuser" { + project_id = var.project_id + instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-alpha-sna-enc.instance_id + name = var.db_username + roles = ["login"] + # roles = ["createdb", "login", "createrole"] +} + +resource "stackitprivatepreview_postgresflexalpha_database" "example" { + count = 5 + depends_on = [stackitprivatepreview_postgresflexalpha_user.ptlsdbadminuser] + project_id = var.project_id + instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-alpha-sna-enc.instance_id + name = "${var.db_name}${count.index}" + owner = var.db_admin_username +} + +# data "stackitprivatepreview_postgresflexalpha_instance" "datapsql" { +# project_id = var.project_id +# instance_id = var.instance_id +# region = "eu01" +# } + +# output "psql_instance_id" { +# value = data.stackitprivatepreview_postgresflexalpha_instance.datapsql.instance_id +# } + +output "psql_user_password" { + value = stackitprivatepreview_postgresflexalpha_user.ptlsdbuser.password + sensitive = true +} + +# output "psql_user_conn" { +# value = stackitprivatepreview_postgresflexalpha_user.ptlsdbuser.connection_string +# sensitive = true +# } diff --git a/sample/alpha-from-registry/providers.tf b/sample/alpha-from-registry/providers.tf new file mode 100644 index 00000000..66756cd7 --- /dev/null +++ b/sample/alpha-from-registry/providers.tf @@ -0,0 +1,24 @@ + +terraform { + required_providers { + stackit = { + source = "registry.terraform.io/stackitcloud/stackit" + version = "~> 0.70" + } + stackitprivatepreview = { + source = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview" + version = ">=0.1.0" + } + } +} + +provider "stackit" { + default_region = "eu01" + enable_beta_resources = true + service_account_key_path = "../service_account.json" +} + +provider "stackitprivatepreview" { + default_region = "eu01" + service_account_key_path = "../service_account.json" +} diff --git a/sample/alpha-from-registry/sqlserver.tf b/sample/alpha-from-registry/sqlserver.tf new file mode 100644 index 00000000..2bf17a9e --- /dev/null +++ b/sample/alpha-from-registry/sqlserver.tf @@ -0,0 +1,101 @@ +# resource "stackit_kms_keyring" "keyring001" { +# project_id = var.project_id +# display_name = "msh-keyring-sna01" +# description = "This is a test keyring for private endpoints" +# } +# +# resource "stackit_kms_key" "key001" { +# project_id = var.project_id +# keyring_id = stackit_kms_keyring.keyring001.keyring_id +# display_name = "msh-key-sna01" +# protection = "software" +# algorithm = "aes_256_gcm" +# purpose = "symmetric_encrypt_decrypt" +# access_scope = "SNA" +# } + +data "stackitprivatepreview_sqlserverflexbeta_flavor" "sqlserver_flavor" { + project_id = var.project_id + region = "eu01" + cpu = 4 + ram = 16 + node_type = "Single" + storage_class = "premium-perf2-stackit" +} + +resource "stackitprivatepreview_sqlserverflexbeta_instance" "msh-sna-001" { + project_id = var.project_id + name = "msh-sna-001" + backup_schedule = "0 3 * * *" + retention_days = 31 + flavor_id = data.stackitprivatepreview_sqlserverflexbeta_flavor.sqlserver_flavor.flavor_id + storage = { + class = "premium-perf2-stackit" + size = 50 + } + version = 2022 + encryption = { + kek_key_version = 1 + kek_key_id = var.key_id + kek_key_ring_id = var.keyring_id + service_account = var.sa_email + } + network = { + acl = ["0.0.0.0/0", "193.148.160.0/19"] + access_scope = "SNA" + } +} + +#resource "stackitprivatepreview_sqlserverflexbeta_instance" "msh-nosna-001" { +# project_id = var.project_id +# name = "msh-nosna-001" +# backup_schedule = "0 3 * * *" +# retention_days = 31 +# flavor_id = data.stackitprivatepreview_sqlserverflexbeta_flavor.sqlserver_flavor.flavor_id +# storage = { +# class = "premium-perf2-stackit" +# size = 50 +# } +# version = 2022 +# # encryption = { +# # #key_id = stackit_kms_key.key.key_id +# # #keyring_id = stackit_kms_keyring.keyring.keyring_id +# # #key_version = 1 +# # #key_id = var.key_id +# # # key with scope public +# # key_id = "fe039bcf-8d7b-431a-801d-9e81371a6b7b" +# # keyring_id = var.keyring_id +# # key_version = var.key_version +# # service_account = var.sa_email +# # } +# network = { +# acl = ["0.0.0.0/0", "193.148.160.0/19"] +# access_scope = "PUBLIC" +# } +#} + +# data "stackitprivatepreview_sqlserverflexbeta_instance" "test" { +# project_id = var.project_id +# instance_id = var.instance_id +# region = "eu01" +# } + +# output "test" { +# value = data.stackitprivatepreview_sqlserverflexbeta_instance.test +# } + +resource "stackitprivatepreview_sqlserverflexbeta_user" "ptlsdbadminuser" { + project_id = var.project_id + instance_id = stackitprivatepreview_sqlserverflexbeta_instance.msh-sna-001.instance_id + username = var.db_admin_username + #roles = ["##STACKIT_LoginManager##", "##STACKIT_DatabaseManager##"] + roles = ["##STACKIT_LoginManager##"] +} + +resource "stackitprivatepreview_sqlserverflexbeta_user" "ptlsdbuser" { + project_id = var.project_id + instance_id = stackitprivatepreview_sqlserverflexbeta_instance.msh-sna-001.instance_id + username = var.db_username + roles = ["##STACKIT_LoginManager##"] +} + diff --git a/sample/kms/kms.tf b/sample/kms/kms.tf new file mode 100644 index 00000000..01b1d46c --- /dev/null +++ b/sample/kms/kms.tf @@ -0,0 +1,57 @@ +resource "stackit_kms_keyring" "keyring001" { + project_id = var.project_id + display_name = "msh-keyring-sna01" + description = "This is a test keyring for private endpoints" +} + +resource "stackit_kms_key" "key001" { + project_id = var.project_id + keyring_id = stackit_kms_keyring.keyring001.keyring_id + display_name = "msh-key-sna01" + protection = "software" + algorithm = "aes_256_gcm" + purpose = "symmetric_encrypt_decrypt" + access_scope = "SNA" +} + + +# data "stackitprivatepreview_sqlserverflexalpha_instance" "test" { +# project_id = var.project_id +# instance_id = var.instance_id +# region = "eu01" +# } + +output "key_ring_id" { + value = stackit_kms_keyring.keyring001.id +} + +resource "stackit_kms_keyring" "keyring001yy" { + project_id = var.project_id + display_name = "msh-kr-sna01" + description = "This is a test keyring for private endpoints" +} + +resource "stackit_kms_key" "key001yy" { + project_id = var.project_id + keyring_id = stackit_kms_keyring.keyring001yy.keyring_id + display_name = "msh-k-001" + protection = "software" + algorithm = "aes_256_gcm" + purpose = "symmetric_encrypt_decrypt" + access_scope = "SNA" +} + + +# data "stackitprivatepreview_sqlserverflexalpha_instance" "test" { +# project_id = var.project_id +# instance_id = var.instance_id +# region = "eu01" +# } + +output "key_ring_idxx" { + value = stackit_kms_keyring.keyring001yy.id +} + +output "key_id" { + value = stackit_kms_key.key001yy.id +} diff --git a/sample/kms/providers.tf b/sample/kms/providers.tf new file mode 100644 index 00000000..1e7fe4f5 --- /dev/null +++ b/sample/kms/providers.tf @@ -0,0 +1,25 @@ + +terraform { + required_providers { + stackit = { + source = "registry.terraform.io/stackitcloud/stackit" + version = "~> 0.70" + } + # stackitprivatepreview = { + # source = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview" + # version = "= 0.0.2-alpha" + # } + } +} + +provider "stackit" { + default_region = "eu01" + enable_beta_resources = true + service_account_key_path = "../service_account.json" +} + +# provider "stackitprivatepreview" { +# default_region = "eu01" +# enable_beta_resources = true +# service_account_key_path = "../service_account.json" +# } diff --git a/sample/pg_import/outputs.tf b/sample/pg_import/outputs.tf new file mode 100644 index 00000000..d9edf19a --- /dev/null +++ b/sample/pg_import/outputs.tf @@ -0,0 +1,4 @@ +# +# output "postgres_flavor" { +# value = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id +# } diff --git a/sample/pg_import/postresql.tf b/sample/pg_import/postresql.tf new file mode 100644 index 00000000..1d8d478d --- /dev/null +++ b/sample/pg_import/postresql.tf @@ -0,0 +1,45 @@ + +data "stackitprivatepreview_postgresflexalpha_flavor" "pgsql_flavor" { + project_id = var.project_id + region = "eu01" + cpu = 2 + ram = 4 + node_type = "Single" + storage_class = "premium-perf2-stackit" +} + +resource "stackitprivatepreview_postgresflexalpha_instance" "import_for_deletion" { + project_id = var.project_id + name = "mshpetest2" + backup_schedule = "0 0 * * *" + retention_days = 45 + flavor_id = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id + replicas = 1 + storage = { + # class = "premium-perf2-stackit" + performance_class = "premium-perf2-stackit" + size = 10 + } + encryption = { + # key_id = stackit_kms_key.key.key_id + # keyring_id = stackit_kms_keyring.keyring.keyring_id + kek_key_id = var.key_id + kek_key_ring_id = var.keyring_id + kek_key_version = var.key_version + service_account = var.sa_email + } + network = { + acl = ["0.0.0.0/0", "193.148.160.0/19", "170.85.2.177/32"] + access_scope = "PUBLIC" + } + version = 14 +} + +import { + to = stackitprivatepreview_postgresflexalpha_instance.import_for_deletion + identity = { + project_id = var.project_id + region = "eu01" + instance_id = "d52b5d4c-be3f-4c14-a107-330dab99fd2e" + } +} diff --git a/sample/pg_import/providers.tf b/sample/pg_import/providers.tf new file mode 100644 index 00000000..5a54a129 --- /dev/null +++ b/sample/pg_import/providers.tf @@ -0,0 +1,25 @@ + +terraform { + required_providers { + # stackit = { + # source = "registry.terraform.io/stackitcloud/stackit" + # version = "~> 0.70" + # } + stackitprivatepreview = { + source = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview" + version = "> 0.0" + } + } +} + +# provider "stackit" { +# default_region = "eu01" +# enable_beta_resources = true +# service_account_key_path = "./service_account.json" +# } + +provider "stackitprivatepreview" { + default_region = "eu01" + enable_beta_resources = true + service_account_key_path = "../service_account.json" +} diff --git a/sample/pg_import/variables.tf.example b/sample/pg_import/variables.tf.example new file mode 100644 index 00000000..51a70be4 --- /dev/null +++ b/sample/pg_import/variables.tf.example @@ -0,0 +1,11 @@ +variable "project_id" { + default = "" +} + +variable "sa_email" { + default = "" +} + +variable "db_username" { + default = "" +} diff --git a/sample/pg_instance/outputs.tf b/sample/pg_instance/outputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/sample/pg_instance/postresql.tf b/sample/pg_instance/postresql.tf new file mode 100644 index 00000000..0f3f73ac --- /dev/null +++ b/sample/pg_instance/postresql.tf @@ -0,0 +1,17 @@ + +data "stackitprivatepreview_postgresflexalpha_flavor" "pgsql_flavor" { + project_id = var.project_id + region = "eu01" + cpu = 2 + ram = 4 + node_type = "Single" + storage_class = "premium-perf2-stackit" +} +data "stackitprivatepreview_postgresflexalpha_flavor" "pgsql_flavor2"{ + project_id = var.project_id + region = "eu01" + cpu = 2 + ram = 4 + node_type = "Single" + storage_class = "premium-perf2-stackit" +} diff --git a/sample/pg_instance/providers.tf b/sample/pg_instance/providers.tf new file mode 100644 index 00000000..f69b01a1 --- /dev/null +++ b/sample/pg_instance/providers.tf @@ -0,0 +1,25 @@ + +terraform { + required_providers { + # stackit = { + # source = "registry.terraform.io/stackitcloud/stackit" + # version = "~> 0.70" + # } + stackitprivatepreview = { + source = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview" + version = "> 0.0" + } + } +} + +# provider "stackit" { +# default_region = "eu01" +# enable_beta_resources = true +# service_account_key_path = "./service_account.json" +# } + +provider "stackitprivatepreview" { + default_region = "eu01" + enable_beta_resources = true + service_account_key_path = "/home/henselinm/Development/PTLS/terraform-provider-stackit-MSH/sample/pg_instance/service_account.json" +} diff --git a/sample/pg_instance/variables.tf.example b/sample/pg_instance/variables.tf.example new file mode 100644 index 00000000..51a70be4 --- /dev/null +++ b/sample/pg_instance/variables.tf.example @@ -0,0 +1,11 @@ +variable "project_id" { + default = "" +} + +variable "sa_email" { + default = "" +} + +variable "db_username" { + default = "" +} diff --git a/sample/sqlserver_beta/flavor.tf b/sample/sqlserver_beta/flavor.tf new file mode 100644 index 00000000..df6f3305 --- /dev/null +++ b/sample/sqlserver_beta/flavor.tf @@ -0,0 +1,13 @@ +# +# data "stackitprivatepreview_sqlserverflexalpha_flavor" "sqlserver_flavor" { +# project_id = var.project_id +# region = "eu01" +# cpu = 4 +# ram = 16 +# node_type = "Single" +# storage_class = "premium-perf2-stackit" +# } +# +# output "sqlserver_flavor" { +# value = data.stackitprivatepreview_sqlserverflexalpha_flavor.sqlserver_flavor.flavor_id +# } diff --git a/sample/sqlserver_beta/postgres.tf b/sample/sqlserver_beta/postgres.tf new file mode 100644 index 00000000..0f45ff66 --- /dev/null +++ b/sample/sqlserver_beta/postgres.tf @@ -0,0 +1,9 @@ + +data "stackitprivatepreview_postgresflexalpha_flavor" "pgsql_flavor" { + project_id = var.project_id + region = "eu01" + cpu = 2 + ram = 4 + node_type = "Single" + storage_class = "premium-perf2-stackit" +} diff --git a/sample/sqlserver_beta/providers.tf b/sample/sqlserver_beta/providers.tf new file mode 100644 index 00000000..233d4df2 --- /dev/null +++ b/sample/sqlserver_beta/providers.tf @@ -0,0 +1,25 @@ + +terraform { + required_providers { + # stackit = { + # source = "registry.terraform.io/stackitcloud/stackit" + # version = "~> 0.70" + # } + stackitprivatepreview = { + source = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview" + version = "> 0.0" + } + } +} + +# provider "stackit" { +# default_region = "eu01" +# enable_beta_resources = true +# service_account_key_path = "../service_account.json" +# } + +provider "stackitprivatepreview" { + default_region = "eu01" + enable_beta_resources = true + service_account_key_path = "../service_account.json" +} diff --git a/sample/sqlserver_beta/sqlserver.tf b/sample/sqlserver_beta/sqlserver.tf new file mode 100644 index 00000000..21bf7d23 --- /dev/null +++ b/sample/sqlserver_beta/sqlserver.tf @@ -0,0 +1,116 @@ +data "stackitprivatepreview_sqlserverflexbeta_flavor" "sqlserver_flavor" { + project_id = var.project_id + region = "eu01" + cpu = 4 + ram = 16 + node_type = "Single" + storage_class = "premium-perf2-stackit" +} + +data "stackitprivatepreview_sqlserverflexbeta_flavor" "sqlserver_flavor_2" { + project_id = var.project_id + region = "eu01" + cpu = 4 + ram = 32 + node_type = "Replica" + storage_class = "premium-perf2-stackit" +} + +resource "stackitprivatepreview_sqlserverflexbeta_instance" "msh-beta-nosna-001" { + project_id = var.project_id + name = "msh-beta-nosna-001-renamed" + backup_schedule = "0 3 * * *" + retention_days = 31 + flavor_id = data.stackitprivatepreview_sqlserverflexbeta_flavor.sqlserver_flavor.flavor_id + storage = { + class = "premium-perf2-stackit" + size = 50 + } + version = 2022 + network = { + acl = ["0.0.0.0/0", "193.148.160.0/19"] + access_scope = "PUBLIC" + } +} + +resource "stackitprivatepreview_sqlserverflexbeta_instance" "msh-beta-sna-001" { + project_id = var.project_id + name = "msh-beta-sna-001" + backup_schedule = "0 3 * * *" + retention_days = 31 + flavor_id = data.stackitprivatepreview_sqlserverflexbeta_flavor.sqlserver_flavor.flavor_id + storage = { + class = "premium-perf2-stackit" + size = 5 + } + version = 2022 + encryption = { + #key_id = stackit_kms_key.key.key_id + #keyring_id = stackit_kms_keyring.keyring.keyring_id + #key_version = 1 + # key with scope public + kek_key_id = "fe039bcf-8d7b-431a-801d-9e81371a6b7b" + # key_id = var.key_id + kek_key_ring_id = var.keyring_id + kek_key_version = var.key_version + service_account = var.sa_email + } + network = { + acl = ["0.0.0.0/0", "193.148.160.0/19"] + access_scope = "SNA" + } +} + +resource "stackitprivatepreview_sqlserverflexbeta_user" "exampleuseruno" { + project_id = var.project_id + instance_id = stackitprivatepreview_sqlserverflexbeta_instance.msh-beta-nosna-001.instance_id + username = "exampleuserdue" + roles = ["##STACKIT_ProcessManager##", "##STACKIT_LoginManager##", "##STACKIT_ServerManager##"] +} + +resource "stackitprivatepreview_sqlserverflexbeta_user" "exampleuser" { + project_id = var.project_id + instance_id = stackitprivatepreview_sqlserverflexbeta_instance.msh-beta-nosna-001.instance_id + username = "exampleuser" + roles = ["##STACKIT_LoginManager##"] +} + + +resource "stackitprivatepreview_sqlserverflexbeta_database" "mshtest002" { + project_id = var.project_id + instance_id = stackitprivatepreview_sqlserverflexbeta_instance.msh-beta-nosna-001.instance_id + name = "mshtest002" + # owner = "dbuser" + owner = stackitprivatepreview_sqlserverflexbeta_user.exampleuseruno.username +} + + +# data "stackitprivatepreview_sqlserverflexbeta_database" "example" { +# project_id = var.project_id +# region = "eu01" +# instance_id = "b3b63d0c-35bf-4804-84ea-5abec2a8ae58" +# database_name = "mshtest001" +# } + +# output "dbdetails" { +# value = data.stackitprivatepreview_sqlserverflexbeta_database.example +# } +# + + +# resource "stackitprivatepreview_sqlserverflexbeta_database" "mshtest" { +# project_id = var.project_id +# instance_id = "b3b63d0c-35bf-4804-84ea-5abec2a8ae58" +# name = "mshtest" +# owner = "dbuser" +# } +# +# import { +# to = stackitprivatepreview_sqlserverflexbeta_database.mshtest +# identity = { +# project_id = var.project_id +# region = "eu01" +# instance_id = "b3b63d0c-35bf-4804-84ea-5abec2a8ae58" +# database_name = "mshtest" +# } +# } diff --git a/sample/sqlserver_beta/variables.tf.example b/sample/sqlserver_beta/variables.tf.example new file mode 100644 index 00000000..51a70be4 --- /dev/null +++ b/sample/sqlserver_beta/variables.tf.example @@ -0,0 +1,11 @@ +variable "project_id" { + default = "" +} + +variable "sa_email" { + default = "" +} + +variable "db_username" { + default = "" +}