Merge remote-tracking branch 'origin/alpha'

# Conflicts: # .github/workflows/publish.yaml # generator/cmd/build/build.go # generator/cmd/rootCmd.go # generator/main.go # stackit/internal/services/sqlserverflexalpha/sqlserverflex_acc_test.go
2026-03-13 11:22:10 +01:00 · 2026-03-13 11:22:10 +01:00 · a310d1454a
commit a310d1454a
parent 7d4cbb6b08 3790894563
20 changed files with 747 additions and 12 deletions
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@ -119,6 +119,12 @@ jobs:
              --gpgPubKeyFile=public_key.pem \
              --version=${VERSION}

+      - name: Prepare documentation nav file
+        run: |
+          go run generator/main.go \
+            docs \
+            --outFile nav.md
+
      - name: Publish provider to S3
        run: |
          set -e
@ -138,3 +144,4 @@ jobs:
          ssh -o StrictHostKeyChecking=no ubuntu@${{ vars.DOCS_SERVER_IP }} 'rm -rf /srv/www/docs'
          echo "${{ github.ref_name }}" >docs/_version.txt
          scp -o StrictHostKeyChecking=no -r docs ubuntu@${{ vars.DOCS_SERVER_IP }}:/srv/www/
+          scp -o StrictHostKeyChecking=no nav.md ubuntu@${{ vars.DOCS_SERVER_IP }}:/srv/www/
--- a/generator/cmd/build/build.go
+++ b/generator/cmd/build/build.go
@ -8,10 +8,11 @@ import (
 	"go/token"
 	"log/slog"
 	"os"
-	"os/exec"
 	"path"
 	"regexp"
 	"strings"
+
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/generator/cmd/tools"
 )

 type Builder struct {
@ -276,20 +277,14 @@ func handleLine(line string) (string, error) {
 }

 func (b *Builder) determineRoot() error {
-	cmd := exec.Command("git", "rev-parse", "--show-toplevel")
-	out, err := cmd.Output()
+	root, err := tools.GetGitRoot()
 	if err != nil {
 		return err
 	}
-	lines := strings.Split(string(out), "\n")
-	if lines[0] == "" {
-		return fmt.Errorf("unable to determine root directory from git")
-	}
-	b.rootDir = lines[0]
+	b.rootDir = root
 	if b.Verbose {
 		slog.Info("  ... using root", "dir", b.rootDir)
 	}
-
 	return nil
 }

--- a/generator/cmd/docCmd.go
+++ b/generator/cmd/docCmd.go
@ -0,0 +1,247 @@
+package cmd
+
+import (
+	"fmt"
+	"log/slog"
+	"os"
+	"path"
+	"regexp"
+	"sort"
+	"strings"
+	"text/template"
+
+	"github.com/spf13/cobra"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/generator/cmd/tools"
+)
+
+var outFile string
+
+var docsCmd = &cobra.Command{
+	Use:   "docs",
+	Short: "handle documentation",
+	Long:  `...`,
+	RunE: func(_ *cobra.Command, _ []string) error {
+		// filePathStr := "stackit/internal/services/postgresflexalpha/database/datasources_gen/database_data_source_gen.go"
+		//
+		// src, err := os.ReadFile(filePathStr)
+		// if err != nil {
+		//	return err
+		//}
+		//
+		// i := interp.New(
+		//	interp.Options{
+		//		GoPath:               "/home/henselinm/.asdf/installs/golang/1.25.6/packages",
+		//		BuildTags:            nil,
+		//		Stdin:                nil,
+		//		Stdout:               nil,
+		//		Stderr:               nil,
+		//		Args:                 nil,
+		//		Env:                  nil,
+		//		SourcecodeFilesystem: nil,
+		//		Unrestricted:         false,
+		//	},
+		//)
+		// err = i.Use(i.Symbols("github.com/hashicorp/terraform-plugin-framework-validators"))
+		// if err != nil {
+		//	return err
+		//}
+		// err = i.Use(stdlib.Symbols)
+		// if err != nil {
+		//	return err
+		//}
+		// _, err = i.Eval(string(src))
+		// if err != nil {
+		//	return err
+		//}
+		//
+		// v, err := i.Eval("DatabaseDataSourceSchema")
+		// if err != nil {
+		//	return err
+		//}
+		//
+		// bar := v.Interface().(func(string) string)
+		//
+		// r := bar("Kung")
+		// println(r)
+		//
+		// evalPath, err := i.EvalPath(filePathStr)
+		// if err != nil {
+		//	return err
+		//}
+		//
+		// fmt.Printf("%+v\n", evalPath)
+
+		// _, err = i.Eval(`import "fmt"`)
+		// if err != nil {
+		//	return err
+		//}
+		// _, err = i.Eval(`func Hallo() { fmt.Println("Hi!") }`)
+		// if err != nil {
+		//	return err
+		//}
+
+		// v = i.Symbols("Hallo")
+
+		// fmt.Println(v)
+		return workDocs()
+	},
+}
+
+type NavDocs struct {
+	PageTitle       string
+	Description     string
+	NavigationTitle string
+	ProviderTitle   string
+	IndexFound      bool
+	Services        []Service
+}
+
+type Service struct {
+	ServiceTitle string
+	DataSources  []ResItem
+	Resources    []ResItem
+}
+
+type ResItem struct {
+	ItemName string
+	ItemLink string
+}
+
+func workDocs() error {
+	slog.Info("creating docs navigation")
+	root, err := tools.GetGitRoot()
+	if err != nil {
+		slog.Error("ERROR", "err", err)
+		return err
+	}
+
+	nav := NavDocs{
+		PageTitle:       "STACKIT terraform provider PRIVATE-PREVIEW",
+		Description:     "",
+		NavigationTitle: "Navigation",
+		ProviderTitle:   "Provider",
+		IndexFound:      false,
+	}
+	startPath := path.Join(root, "docs")
+
+	docs, err := os.ReadDir(startPath)
+	if err != nil {
+		return err
+	}
+
+	services := make(map[string]Service)
+	dataSources := make(map[string][]ResItem)
+	resources := make(map[string][]ResItem)
+
+	for _, entry := range docs {
+		if !entry.IsDir() {
+			if entry.Name() == "index.md" {
+				slog.Debug("  found provider index file")
+				nav.IndexFound = true
+				continue
+			}
+			slog.Debug("  found am ignored file", "fileName", entry.Name())
+			continue
+		}
+
+		if entry.Name() != "data-sources" && entry.Name() != "resources" {
+			slog.Error("unable to handle entry, skipping", "entry", entry.Name())
+			continue
+		}
+
+		elements, err := os.ReadDir(path.Join(startPath, entry.Name()))
+		if err != nil {
+			return err
+		}
+		for _, res := range elements {
+			if res.IsDir() {
+				slog.Warn("found unexpected directory", "dir", res.Name())
+				continue
+			}
+
+			re := regexp.MustCompile(`([a-z]+)_([a-z]+).md`)
+			matches := re.FindAllStringSubmatch(res.Name(), -1)
+			if matches == nil {
+				slog.Error("unable to identify resource", "item", res.Name())
+				continue
+			}
+			services[matches[0][1]] = Service{
+				ServiceTitle: matches[0][1],
+			}
+			switch entry.Name() {
+			case "data-sources":
+				dataSources[matches[0][1]] = append(dataSources[matches[0][1]], ResItem{
+					ItemName: matches[0][2],
+					ItemLink: fmt.Sprintf("docs/%s/%s", entry.Name(), matches[0][0]),
+				})
+			case "resources":
+				resources[matches[0][1]] = append(resources[matches[0][1]], ResItem{
+					ItemName: matches[0][2],
+					ItemLink: fmt.Sprintf("docs/%s/%s", entry.Name(), matches[0][0]),
+				})
+			default:
+				return fmt.Errorf("this should never have happened")
+			}
+		}
+
+	}
+
+	keys := make([]string, 0, len(services))
+	for k := range services {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	for _, name := range keys {
+		item := services[name]
+		item.DataSources = dataSources[name]
+		item.Resources = resources[name]
+		nav.Services = append(nav.Services, item)
+	}
+
+	fn := template.FuncMap{
+		"ucfirst": ucfirst,
+	}
+
+	tmpl, err := template.
+		New("nav.md.gompl").
+		Funcs(fn).
+		ParseFiles(path.Join(root, "generator", "cmd", "docs", "templates", "nav.md.gompl"))
+	if err != nil {
+		return err
+	}
+
+	var f *os.File
+	f, err = os.Create(outFile)
+	if err != nil {
+		return err
+	}
+
+	err = tmpl.Execute(f, nav)
+	if err != nil {
+		return err
+	}
+
+	err = f.Close()
+	if err != nil {
+		return err
+	}
+
+	slog.Info("finished")
+	return nil
+}
+
+func NewDocsCmd() *cobra.Command {
+	return docsCmd
+}
+
+func ucfirst(s string) string {
+	if s == "" {
+		return ""
+	}
+	return strings.ToUpper(s[:1]) + s[1:]
+}
+
+func init() { // nolint: gochecknoinits
+	docsCmd.Flags().StringVarP(&outFile, "outFile", "o", "nav.md", "nav.md")
+}
--- a/generator/cmd/docs/templates/nav.md.gompl
+++ b/generator/cmd/docs/templates/nav.md.gompl
@ -0,0 +1,27 @@
+---
+page_title: {{ .PageTitle }}
+description: {{ .Description }}
+---
+## {{ .NavigationTitle }}
+### {{ .ProviderTitle }}
+{{ if .IndexFound }}
+[Provider](/docs/docs/index.md)
+{{ end }}
+{{- range $index, $service := .Services }}
+### {{ $service.ServiceTitle }}
+<details>
+
+#### data sources
+
+{{- range $service.DataSources }}
+- [{{ .ItemName }}]({{ .ItemLink }})
+{{- end }}
+
+#### resources
+
+{{- range $service.Resources }}
+- [{{ .ItemName }}]({{ .ItemLink }})
+{{- end }}
+</details>
+
+{{ end }}
--- a/generator/cmd/rootCmd.go
+++ b/generator/cmd/rootCmd.go
@ -6,7 +6,7 @@ import (

 func NewRootCmd() *cobra.Command {
 	return &cobra.Command{
-		Use:               "build-tools",
+		Use:               "generator",
 		Short:             "...",
 		Long:              "...",
 		SilenceErrors:     true, // Error is beautified in a custom way before being printed
--- a/generator/cmd/tools/tools.go
+++ b/generator/cmd/tools/tools.go
@ -0,0 +1,20 @@
+package tools
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+)
+
+func GetGitRoot() (string, error) {
+	cmd := exec.Command("git", "rev-parse", "--show-toplevel")
+	out, err := cmd.Output()
+	if err != nil {
+		return "", err
+	}
+	lines := strings.Split(string(out), "\n")
+	if lines[0] == "" {
+		return "", fmt.Errorf("unable to determine root directory from git")
+	}
+	return lines[0], nil
+}
--- a/generator/main.go
+++ b/generator/main.go
@ -31,6 +31,7 @@ func main() {
 		cmd.NewPublishCmd(),
 		cmd.NewGetFieldsCmd(),
 		cmd.NewExamplesCmd(),
+		cmd.NewDocsCmd(),
 	)

 	err := rootCmd.Execute()
--- a/golang-ci.yaml.bak
+++ b/golang-ci.yaml.bak
@ -0,0 +1,97 @@
+
+version: "2"
+run:
+  concurrency: 4
+output:
+  formats:
+    text:
+      print-linter-name: true
+      print-issued-lines: true
+      colors: true
+      path: stdout
+linters:
+  enable:
+    - bodyclose
+    - depguard
+    - errorlint
+    - forcetypeassert
+    - gochecknoinits
+    - gocritic
+    - gosec
+    - misspell
+    - nakedret
+    - revive
+    - sqlclosecheck
+    - wastedassign
+  disable:
+    - noctx
+    - unparam
+  settings:
+    depguard:
+      rules:
+        main:
+          list-mode: lax
+          allow:
+            - tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview
+            - github.com/hashicorp/terraform-plugin-framework
+            - github.com/hashicorp/terraform-plugin-log
+            - github.com/stackitcloud/stackit-sdk-go
+          deny:
+            - pkg: github.com/stretchr/testify
+              desc: Do not use a testing framework
+    gocritic:
+      disabled-checks:
+        - wrapperFunc
+        - typeDefFirst
+        - ifElseChain
+        - dupImport
+        - hugeParam
+      enabled-tags:
+        - performance
+        - style
+        - experimental
+    gosec:
+      excludes:
+        - G104
+        - G102
+        - G304
+        - G307
+    misspell:
+      locale: US
+    nakedret:
+      max-func-lines: 0
+    revive:
+      severity: error
+      rules:
+        - name: errorf
+        - name: context-as-argument
+        - name: error-return
+        - name: increment-decrement
+        - name: indent-error-flow
+        - name: superfluous-else
+        - name: unused-parameter
+        - name: unreachable-code
+        - name: atomic
+        - name: empty-lines
+        - name: early-return
+  exclusions:
+    paths:
+      - stackit-sdk-generator/
+      - generated/
+      - pkg_gen/
+    generated: lax
+    warn-unused: true
+    # Excluding configuration per-path, per-linter, per-text and per-source.
+    rules:
+      # Exclude some linters from running on tests files.
+        - path: _test\.go
+          linters:
+            - gochecknoinits
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  settings:
+    goimports:
+      local-prefixes:
+        - tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview
--- a/sample/.gitignore
+++ b/sample/.gitignore
@ -0,0 +1,7 @@
+*.json
+*.bak
+*.tfstate
+*.tfstate.backup
+terraform
+variables.tf
+*.tfrc
--- a/sample/config.tfrc.example
+++ b/sample/config.tfrc.example
@ -0,0 +1,10 @@
+provider_installation {
+   dev_overrides {
+      "registry.terraform.io/mhenselin/stackitprivatepreview" = "<CURRENT PROJECT PATH>/bin/"
+   }
+
+   # For all other providers, install them directly from their origin provider
+   # registries as normal. If you omit this, Terraform will _only_ use
+   # the dev_overrides block, and so no other providers will be available.
+   direct {}
+}
--- a/sample/postgres/outputs.tf
+++ b/sample/postgres/outputs.tf
@ -0,0 +1,4 @@
+
+output "postgres_flavor" {
+  value = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id
+}
--- a/sample/postgres/postresql.tf
+++ b/sample/postgres/postresql.tf
@ -0,0 +1,116 @@
+
+data "stackitprivatepreview_postgresflexalpha_flavor" "pgsql_flavor" {
+  project_id    = var.project_id
+  region        = "eu01"
+  cpu           = 2
+  ram           = 4
+  node_type     = "Single"
+  storage_class = "premium-perf2-stackit"
+}
+
+resource "stackitprivatepreview_postgresflexalpha_instance" "msh-sna-pe-example" {
+  project_id      = var.project_id
+  name            = "mshpetest2"
+  backup_schedule = "0 0 * * *"
+  retention_days  = 45
+  flavor_id       = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id
+  replicas        = 1
+  storage = {
+    # class = "premium-perf2-stackit"
+    performance_class = "premium-perf2-stackit"
+    size              = 10
+  }
+  encryption = {
+    #    key_id = stackit_kms_key.key.key_id
+    #    keyring_id = stackit_kms_keyring.keyring.keyring_id
+    kek_key_id      = var.key_id
+    kek_key_ring_id = var.keyring_id
+    kek_key_version = var.key_version
+    service_account = var.sa_email
+  }
+  network = {
+    acl          = ["0.0.0.0/0", "193.148.160.0/19", "170.85.2.177/32"]
+    access_scope = "PUBLIC"
+  }
+  version = 17
+}
+
+resource "stackitprivatepreview_postgresflexalpha_instance" "msh-sna-pe-example2" {
+  project_id      = var.project_id
+  name            = "mshpetest2-1"
+  backup_schedule = "0 0 * * *"
+  retention_days  = 45
+  flavor_id       = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id
+  replicas        = 1
+  storage = {
+    # class = "premium-perf2-stackit"
+    performance_class = "premium-perf2-stackit"
+    size              = 10
+  }
+  encryption = {
+    #    key_id = stackit_kms_key.key.key_id
+    #    keyring_id = stackit_kms_keyring.keyring.keyring_id
+    kek_key_id      = var.key_id
+    kek_key_ring_id = var.keyring_id
+    kek_key_version = var.key_version
+    service_account = var.sa_email
+  }
+  network = {
+    acl          = ["0.0.0.0/0", "193.148.160.0/19", "170.85.2.177/32"]
+    access_scope = "SNA"
+  }
+  version = 16
+}
+
+resource "stackitprivatepreview_postgresflexalpha_user" "ptlsdbadminuser" {
+  project_id  = var.project_id
+  instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-sna-pe-example.instance_id
+  name    = var.db_admin_username
+  roles       = ["createdb", "login", "login"]
+  # roles     = ["createdb", "login", "createrole"]
+}
+
+resource "stackitprivatepreview_postgresflexalpha_user" "ptlsdbadminuser2" {
+  project_id  = var.project_id
+  instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-sna-pe-example2.instance_id
+  name    = var.db_admin_username
+  roles       = ["createdb", "login"]
+  # roles     = ["createdb", "login", "createrole"]
+}
+
+resource "stackitprivatepreview_postgresflexalpha_user" "ptlsdbuser" {
+  project_id  = var.project_id
+  instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-sna-pe-example.instance_id
+  name    = var.db_name
+  roles       = ["login"]
+  # roles     = ["createdb", "login", "createrole"]
+}
+
+resource "stackitprivatepreview_postgresflexalpha_database" "example" {
+  count       = 5
+  depends_on  = [stackitprivatepreview_postgresflexalpha_user.ptlsdbadminuser]
+  project_id  = var.project_id
+  instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-sna-pe-example.instance_id
+  name        = "${var.db_name}${count.index}"
+  owner       = var.db_admin_username
+}
+
+# data "stackitprivatepreview_postgresflexalpha_instance" "datapsql" {
+#   project_id = var.project_id
+#   instance_id = var.instance_id
+#   region = "eu01"
+# }
+
+# output "psql_instance_id" {
+#   value = data.stackitprivatepreview_postgresflexalpha_instance.datapsql.instance_id
+# }
+
+output "psql_user_password" {
+  value     = stackitprivatepreview_postgresflexalpha_user.ptlsdbuser.password
+  sensitive = true
+}
+
+output "psql_user_conn" {
+  value     = stackitprivatepreview_postgresflexalpha_user.ptlsdbuser.connection_string
+  sensitive = true
+}
--- a/sample/postgres/providers.tf
+++ b/sample/postgres/providers.tf
@ -0,0 +1,25 @@
+
+terraform {
+  required_providers {
+    # stackit = {
+    #   source  = "registry.terraform.io/stackitcloud/stackit"
+    #   version = "~> 0.70"
+    # }
+    stackitprivatepreview = {
+      source  = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview"
+      version = "> 0.0"
+    }
+  }
+}
+
+# provider "stackit" {
+#   default_region           = "eu01"
+#   enable_beta_resources    = true
+#   service_account_key_path = "./service_account.json"
+# }
+
+provider "stackitprivatepreview" {
+  default_region           = "eu01"
+  enable_beta_resources    = true
+  service_account_key_path = "../service_account.json"
+}
--- a/sample/postgres/variables.tf.example
+++ b/sample/postgres/variables.tf.example
@ -0,0 +1,11 @@
+variable "project_id" {
+  default = "<PROJECT ID UUID>"
+}
+
+variable "sa_email" {
+  default = "<SERVICE ACCOUNT EMAIL>"
+}
+
+variable "db_username" {
+  default = "<DB USERNAME>"
+}
--- a/sample/sqlserver/flavor.tf
+++ b/sample/sqlserver/flavor.tf
@ -0,0 +1,13 @@
+
+data "stackitprivatepreview_sqlserverflexbeta_flavor" "sqlserver_flavor" {
+  project_id    = var.project_id
+  region        = "eu01"
+  cpu           = 4
+  ram           = 16
+  node_type     = "Single"
+  storage_class = "premium-perf2-stackit"
+}
+
+output "sqlserver_flavor" {
+  value = data.stackitprivatepreview_sqlserverflexbeta_flavor.sqlserver_flavor.flavor_id
+}
--- a/sample/sqlserver/providers.tf
+++ b/sample/sqlserver/providers.tf
@ -0,0 +1,25 @@
+
+terraform {
+  required_providers {
+    # stackit = {
+    #   source  = "registry.terraform.io/stackitcloud/stackit"
+    #   version = "~> 0.70"
+    # }
+    stackitprivatepreview = {
+      source  = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview"
+      version = "> 0.0"
+    }
+  }
+}
+
+# provider "stackit" {
+#   default_region           = "eu01"
+#   enable_beta_resources    = true
+#   service_account_key_path = "../service_account.json"
+# }
+
+provider "stackitprivatepreview" {
+  default_region           = "eu01"
+  enable_beta_resources    = true
+  service_account_key_path = "../service_account.json"
+}
--- a/sample/sqlserver/sqlserver.tf
+++ b/sample/sqlserver/sqlserver.tf
@ -0,0 +1,63 @@
+# resource "stackit_kms_keyring" "keyring" {
+#   project_id   = var.project_id
+#   display_name = "msh-keyring01"
+#   description  = "This is a test keyring for private endpoints"
+# }
+#
+# resource "stackit_kms_key" "key" {
+#   project_id   = var.project_id
+#   keyring_id   = stackit_kms_keyring.keyring.keyring_id
+#   display_name = "msh-key01"
+#   protection   = "software"
+#   algorithm    = "aes_256_gcm"
+#   purpose      = "symmetric_encrypt_decrypt"
+#   access_scope = "SNA"
+# }
+#
+# output "keyid" {
+#   value = stackit_kms_key.key.key_id
+# }
+
+resource "stackitprivatepreview_sqlserverflexbeta_instance" "msh-beta-sna-001" {
+  project_id      = var.project_id
+  name            = "msh-beta-sna-001"
+  backup_schedule = "0 3 * * *"
+  retention_days  = 31
+  flavor_id       = data.stackitprivatepreview_sqlserverflexbeta_flavor.sqlserver_flavor.flavor_id
+  storage = {
+    class = "premium-perf2-stackit"
+    size  = 10
+  }
+  version = 2022
+  encryption = {
+    #key_id     = stackit_kms_key.key.key_id
+    #keyring_id = stackit_kms_keyring.keyring.keyring_id
+    #key_version     = 1
+    # key with scope public
+    # kek_key_id          = "fe039bcf-8d7b-431a-801d-9e81371a6b7b"
+    kek_key_id          = "c6878f92-ce55-4b79-8236-ba9d001d7967" # msh-k-001
+    # key_id          = var.key_id
+    # kek_key_ring_id      = var.keyring_id
+    kek_key_ring_id      = "0dea3f5f-9947-4dda-a9d3-18418832cefe" # msh-kr-sna01
+    kek_key_version     = var.key_version
+    service_account = var.sa_email
+  }
+  network = {
+    acl          = ["0.0.0.0/0", "193.148.160.0/19"]
+    access_scope = "SNA"
+  }
+}
+
+resource "stackitprivatepreview_sqlserverflexbeta_user" "betauser" {
+  project_id  = var.project_id
+  instance_id = stackitprivatepreview_sqlserverflexbeta_instance.msh-beta-sna-001.instance_id
+  username    = "betauser"
+  roles       = ["##STACKIT_DatabaseManager##", "##STACKIT_LoginManager##"]
+}
+
+resource "stackitprivatepreview_sqlserverflexbeta_database" "betadb" {
+  project_id    = var.project_id
+  instance_id   = stackitprivatepreview_sqlserverflexbeta_instance.msh-beta-sna-001.instance_id
+  name = "mshtest002"
+  owner = stackitprivatepreview_sqlserverflexbeta_user.betauser.username
+}
--- a/sample/sqlserver/variables.tf.example
+++ b/sample/sqlserver/variables.tf.example
@ -0,0 +1,11 @@
+variable "project_id" {
+  default = "<PROJECT ID UUID>"
+}
+
+variable "sa_email" {
+  default = "<SERVICE ACCOUNT EMAIL>"
+}
+
+variable "db_username" {
+  default = "<DB USERNAME>"
+}
--- a/sample/tf.sh
+++ b/sample/tf.sh
@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+
+
+# ./tf.sh apply > >(tee -a stdout.log) 2> >(tee -a stderr.log >&2)
+
+usage() {
+  echo "$0 usage:" && grep "[[:space:]].)\ #" "$0" | sed 's/#//' | sed -r 's/([a-z])\)/-\1/';
+  exit 0;
+}
+
+[ $# -eq 0 ] && usage
+
+CONFIG_FOLDER=$(dirname "$0")
+BINARY=terraform
+
+ADD=""
+
+while getopts ":b:hdirt" arg; do
+  case $arg in
+    b) # Set binary (default is terraform).
+      BINARY=${OPTARG}
+      shift 2
+      ;;
+    d) # Set log level to DEBUG.
+      TF_LOG=DEBUG
+      export TF_LOG
+      shift
+      ;;
+    i) # Set log level to INFO.
+      TF_LOG=INFO
+      export TF_LOG
+      shift
+      ;;
+    r) # Set log level to INFO.
+      ADD="-refresh-only"
+      shift
+      ;;
+    t) # Set log level to TRACE.
+      TF_LOG=TRACE
+      export TF_LOG
+      shift
+      ;;
+    h | *) # Display help.
+      usage
+      ;;
+  esac
+done
+
+TERRAFORM_CONFIG=${CONFIG_FOLDER}/config.tfrc
+export TERRAFORM_CONFIG
+
+${BINARY} "$@" ${ADD}
--- a/stackit/internal/services/sqlserverflexalpha/sqlserverflex_acc_test.go
+++ b/stackit/internal/services/sqlserverflexalpha/sqlserverflex_acc_test.go
@ -314,11 +314,14 @@ func TestAccInstanceEncryption(t *testing.T) {
 	data.KekKeyID = os.Getenv("TF_ACC_KEK_KEY_ID")
 	data.KekKeyRingID = os.Getenv("TF_ACC_KEK_KEY_RING_ID")
 	verString := os.Getenv("TF_ACC_KEK_KEY_VERSION")
+	if verString == "" {
+		verString = "1"
+	}
 	version, err := strconv.ParseInt(verString, 0, 32)
 	if err != nil {
-		t.Errorf("error coverting value to uint8: %+v", verString)
+		t.Errorf("error coverting value to uint8: '%+v'", verString)
 	}
-	data.KekKeyVersion = uint8(version) //nolint:gosec // not important its a test
+	data.KekKeyVersion = uint8(version) //nolint:gosec // not important it's a test
 	data.KekServiceAccount = os.Getenv("TF_ACC_KEK_SERVICE_ACCOUNT")

 	resource.ParallelTest(t, resource.TestCase{