158 changed files with 6057 additions and 8913 deletions
--- a/.github/actions/acc_test/action.yaml
+++ b/.github/actions/acc_test/action.yaml
@ -2,11 +2,6 @@ name: Acceptance Testing
 description: "Acceptance Testing pipeline"
 inputs:
  test_timeout_string:
    description: "string that determines the timeout (default: 45m)"
    default: '45m'
    required: true
  go-version:
    description: "go version to install"
    default: '1.25'
@ -16,78 +11,38 @@ inputs:
    description: "STACKIT project ID for tests"
    required: true
  project_user_email:
    required: true
    description: "project user email for acc testing"
  tf_acc_kek_key_id:
    description: "KEK key ID"
    required: true
  tf_acc_kek_key_ring_id:
    description: "KEK key ring ID"
    required: true
  tf_acc_kek_key_version:
    description: "KEK key version"
    required: true
  tf_acc_kek_service_account:
    description: "KEK service account email"
    required: true
  region:
    description: "STACKIT region for tests"
    default: 'eu01'
    required: true
-  service_account_json_content:
+  service_account_json:
    description: "STACKIT service account JSON file contents"
    required: true
    default: ""
  service_account_json_content_b64:
    description: "STACKIT service account JSON file contents"
    required: true
    default: ""
  service_account_json_file_path:
    description: "STACKIT service account JSON file contents"
    required: true
    default: 'service_account.json'
  test_file:
    description: "testfile to run"
    default: ''
-
+outputs:
-#outputs:
+  random-number:
-#  random-number:
+    description: "Random number"
-#    description: "Random number"
+    value: ${{ steps.random-number-generator.outputs.random-number }}
 #    value: ${{ steps.random-number-generator.outputs.random-number }}
 runs:
  using: "composite"
  steps:
-#    - name: Random Number Generator
+    - name: Random Number Generator
-#      id: random-number-generator
+      id: random-number-generator
-#      run: echo "random-number=$(echo $RANDOM)" >> $GITHUB_OUTPUT
+      run: echo "random-number=$(echo $RANDOM)" >> $GITHUB_OUTPUT
-#      shell: bash
+      shell: bash
    - name: Install needed tools
      shell: bash
      run: |
        echo "::group::apt install"
        set -e
-        apt-get -y -qq update >apt_update.log 2>apt_update_err.log
+        apt-get -y -qq update
-        if [ $? -ne 0 ]; then
+        apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget
          cat apt_update.log apt_update_err.log
        fi
        apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget >apt_get.log 2>apt_get_err.log
        if [ $? -ne 0 ]; then
          cat apt_get.log apt_get_err.log
        fi
        echo "::endgroup::"
    - name: Setup JAVA
      uses: actions/setup-java@v5
@ -98,165 +53,62 @@ runs:
    - name: Install Go ${{ inputs.go-version }}
      uses: actions/setup-go@v6
      with:
-        # go-version: ${{ inputs.go-version }}
+        go-version: ${{ inputs.go-version }}
        check-latest: true
        go-version-file: 'go.mod'
    - name: Determine GOMODCACHE
      shell: bash
      id: goenv
      run: |
        set -e
        echo "gomodcache=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
    - name: Restore cached GO pkg
      id: cache-gopkg
      uses: actions/cache/restore@v5
      with:
        path: "${{ steps.goenv.outputs.gomodcache }}"
        key: ${{ runner.os }}-gopkg
    - name: Install go tools
      if: steps.cache-gopkg.outputs.cache-hit != 'true'
      shell: bash
      run: |
        echo "::group::go install"
        set -e
        go mod download
        go install golang.org/x/tools/cmd/goimports@latest
-        go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest
+        go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.7.2
-        go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest
+        go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@v0.24.0
        go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@latest
        go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest
        echo "::endgroup::"
    - name: Run go mod tidy
      shell: bash
      run: go mod tidy
-    - name: Save GO package Cache
+    - name: Prepare pkg_gen directory
      id: cache-gopkg-save
      uses: actions/cache/save@v5
      with:
        path: |
          ${{ steps.goenv.outputs.gomodcache }}
        key: ${{ runner.os }}-gopkg
    - name: Creating service_account file from json input
      if: inputs.service_account_json_content != ''
      shell: bash
      run: |
-        echo "::group::create service account file"
+        go run cmd/main.go build -p
        set -e
        set -o pipefail
        jsonFile="${{ inputs.service_account_json_file_path }}"
        jsonFile="${jsonFile:-x}"
        if [ "${jsonFile}" == "x" ]; then
          echo "no service account file path provided"
          exit 1
        fi
        if [ ! -f "${jsonFile}" ]; then
          echo "creating service account file '${{ inputs.service_account_json_file_path }}'"
          echo "${{ inputs.service_account_json_content }}" > stackit/"${{ inputs.service_account_json_file_path }}"
        fi
        ls -l stackit/"${{ inputs.service_account_json_file_path }}"
        echo "::endgroup::"
    - name: Creating service_account file from base64 json input
      if: inputs.service_account_json_content_b64 != ''
      shell: bash
      run: |
        echo "::group::create service account file"
        set -e
        set -o pipefail
        jsonFile="${{ inputs.service_account_json_file_path }}"
        jsonFile="${jsonFile:-x}"
        if [ "${jsonFile}" == "x" ]; then
          echo "no service account file path provided"
          exit 1
        fi
        if [ ! -f "${jsonFile}" ]; then
          echo "creating service account file '${{ inputs.service_account_json_file_path }}'"
          echo "${{ inputs.service_account_json_content_b64 }}" | base64 -d > stackit/"${{ inputs.service_account_json_file_path }}"
        fi
        ls -l stackit/"${{ inputs.service_account_json_file_path }}"
        echo "::endgroup::"
    - name: Run acceptance test file
      if: ${{ inputs.test_file != '' }}
      shell: bash
      run: |
        echo "::group::go test file"
        set -e 
        set -o pipefail
        echo "Running acceptance tests for the terraform provider"
-        cd stackit || exit 1
+        echo "${STACKIT_SERVICE_ACCOUNT_JSON}" > ~/.service_account.json
        cd stackit
        TF_ACC=1 \
        TF_ACC_PROJECT_ID=${TF_ACC_PROJECT_ID} \
        TF_ACC_REGION=${TF_ACC_REGION} \
-        TF_ACC_TEST_PROJECT_USER_EMAIL=${TF_ACC_TEST_PROJECT_USER_EMAIL} \
+        go test ${{ inputs.test_file }} -count=1 -timeout=30m
        TF_ACC_SERVICE_ACCOUNT_FILE="${PWD}/${{ inputs.service_account_json_file_path }}" \
        TF_ACC_KEK_KEY_ID=${TF_ACC_KEK_KEY_ID} \
        TF_ACC_KEK_KEY_RING_ID=${TF_ACC_KEK_KEY_RING_ID} \
        TF_ACC_KEK_KEY_VERSION=${TF_ACC_KEK_KEY_VERSION} \
        TF_ACC_KEK_SERVICE_ACCOUNT=${TF_ACC_KEK_SERVICE_ACCOUNT} \
        go test ${{ inputs.test_file }} -count=1 -timeout=${{ inputs.test_timeout_string }}
        echo "::endgroup::"
      env:
-        TF_ACC_PROJECT_ID: ${{ inputs.project_id }}
+        STACKIT_SERVICE_ACCOUNT_JSON: ${{ inputs.service_account_json }}
        TF_PROJECT_ID: ${{ inputs.project_id }}
        TF_ACC_REGION: ${{ inputs.region }}
-        TF_ACC_TEST_PROJECT_USER_EMAIL: ${{ inputs.project_user_email }}
+        # TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL: ${{ secrets.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL }}
-        TF_ACC_KEK_KEY_ID: ${{ inputs.tf_acc_kek_key_id }}
+        # TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN }}
-        TF_ACC_KEK_KEY_RING_ID: ${{ inputs.tf_acc_kek_key_ring_id }}
+        # TF_ACC_TEST_PROJECT_PARENT_CONTAINER_ID: ${{ secrets.TF_ACC_TEST_PROJECT_PARENT_CONTAINER_ID }}
-        TF_ACC_KEK_KEY_VERSION: ${{ inputs.tf_acc_kek_key_version }}
+        # TF_ACC_TEST_PROJECT_PARENT_UUID: ${{ secrets.TF_ACC_TEST_PROJECT_PARENT_UUID }}
-        TF_ACC_KEK_SERVICE_ACCOUNT: ${{ inputs.tf_acc_kek_service_account }}
+        # TF_ACC_TEST_PROJECT_USER_EMAIL: ${{ secrets.TF_ACC_TEST_PROJECT_USER_EMAIL }}
 #    - name: Run test action
 #      if: ${{ inputs.test_file == '' }}
 #      env:
 #        TF_ACC: 1
 #        TF_ACC_PROJECT_ID: ${{ inputs.project_id }}
 #        TF_ACC_REGION: ${{ inputs.region }}
 #        TF_ACC_TEST_PROJECT_USER_EMAIL: ${{ inputs.project_user_email }}
 #        TF_ACC_KEK_KEY_ID: ${{ inputs.tf_acc_kek_key_id }}
 #        TF_ACC_KEK_KEY_RING_ID: ${{ inputs.tf_acc_kek_key_ring_id }}
 #        TF_ACC_KEK_KEY_VERSION: ${{ inputs.tf_acc_kek_key_version }}
 #        TF_ACC_KEK_SERVICE_ACCOUNT: ${{ inputs.tf_acc_kek_service_account }}
 #        TF_ACC_SERVICE_ACCOUNT_FILE: "${PWD}/${{ inputs.service_account_json_file_path }}"
 #      uses: robherley/go-test-action@v0.1.0
 #      with:
 #        testArguments: "./... -timeout 45m"
    - name: Run acceptance tests
      if: ${{ inputs.test_file == '' }}
      shell: bash
      run: |
        echo "::group::go test all"
        set -e 
        set -o pipefail
        echo "Running acceptance tests for the terraform provider"
-        cd stackit || exit 1
+        echo "${STACKIT_SERVICE_ACCOUNT_JSON}" > ~/.service_account.json
        cd stackit
        TF_ACC=1 \
        TF_ACC_PROJECT_ID=${TF_ACC_PROJECT_ID} \
        TF_ACC_REGION=${TF_ACC_REGION} \
-        TF_ACC_TEST_PROJECT_USER_EMAIL=${TF_ACC_TEST_PROJECT_USER_EMAIL} \
+        go test ./... -count=1 -timeout=30m
        TF_ACC_SERVICE_ACCOUNT_FILE="${PWD}/${{ inputs.service_account_json_file_path }}" \
        TF_ACC_KEK_KEY_ID=${TF_ACC_KEK_KEY_ID} \
        TF_ACC_KEK_KEY_RING_ID=${TF_ACC_KEK_KEY_RING_ID} \
        TF_ACC_KEK_KEY_VERSION=${TF_ACC_KEK_KEY_VERSION} \
        TF_ACC_KEK_SERVICE_ACCOUNT=${TF_ACC_KEK_SERVICE_ACCOUNT} \
        go test ./... -count=1 -timeout=${{ inputs.test_timeout_string }}
        echo "::endgroup::"
      env:
-        TF_ACC_PROJECT_ID: ${{ inputs.project_id }}
+        STACKIT_SERVICE_ACCOUNT_JSON: ${{ inputs.service_account_json }}
        TF_PROJECT_ID: ${{ inputs.project_id }}
        TF_ACC_REGION: ${{ inputs.region }}
-        TF_ACC_TEST_PROJECT_USER_EMAIL: ${{ inputs.project_user_email }}
+        # TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL: ${{ secrets.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL }}
-        TF_ACC_KEK_KEY_ID: ${{ inputs.tf_acc_kek_key_id }}
+        # TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN }}
-        TF_ACC_KEK_KEY_RING_ID: ${{ inputs.tf_acc_kek_key_ring_id }}
+        # TF_ACC_TEST_PROJECT_PARENT_CONTAINER_ID: ${{ secrets.TF_ACC_TEST_PROJECT_PARENT_CONTAINER_ID }}
-        TF_ACC_KEK_KEY_VERSION: ${{ inputs.tf_acc_kek_key_version }}
+        # TF_ACC_TEST_PROJECT_PARENT_UUID: ${{ secrets.TF_ACC_TEST_PROJECT_PARENT_UUID }}
-        TF_ACC_KEK_SERVICE_ACCOUNT: ${{ inputs.tf_acc_kek_service_account }}
+        # TF_ACC_TEST_PROJECT_USER_EMAIL: ${{ secrets.TF_ACC_TEST_PROJECT_USER_EMAIL }}
--- a/.github/actions/build/action.yaml
+++ b/.github/actions/build/action.yaml
@ -20,63 +20,25 @@ runs:
      run: |
        set -e
        apt-get -y -qq update
-        apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget unzip bc
+        apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget
    - name: Checkout
      uses: actions/checkout@v6
    - name: Install Go ${{ inputs.go-version }}
      uses: actions/setup-go@v6
      with:
-        # go-version: ${{ inputs.go-version }}
+        go-version: ${{ inputs.go-version }}
        check-latest: true
        go-version-file: 'go.mod'
    - name: Determine GOMODCACHE
      shell: bash
      id: goenv
      run: |
        set -e
        # echo "::set-output name=gomodcache::$(go env GOMODCACHE)"
        echo "gomodcache=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
    - name: Restore cached GO pkg
      id: cache-gopkg
      uses: actions/cache/restore@v5
      with:
        path: "${{ steps.goenv.outputs.gomodcache }}"
        key: ${{ runner.os }}-gopkg
    - name: Install go tools
      if: steps.cache-gopkg.outputs.cache-hit != 'true'
      shell: bash
      run: |
        set -e
        go install golang.org/x/tools/cmd/goimports@latest
        go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest
        go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest
-        go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@latest
+        go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@v0.24.0
 #    - name: Run build pkg directory
 #      shell: bash
 #      run: |
 #        set -e
 #        go run generator/main.go build
    - name: Get all go packages
      if: steps.cache-gopkg.outputs.cache-hit != 'true'
      shell: bash
      run: |
        set -e
        go get ./...
    - name: Save Cache
      id: cache-gopkg-save
      uses: actions/cache/save@v5
      with:
        path: |
          ${{ steps.goenv.outputs.gomodcache }}
        key: ${{ runner.os }}-gopkg
    - name: Setup JAVA ${{ inputs.java-distribution }} ${{ inputs.go-version }}
      uses: actions/setup-java@v5
@ -84,6 +46,16 @@ runs:
        distribution: ${{ inputs.java-distribution }} # See 'Supported distributions' for available options
        java-version: ${{ inputs.java-version }}
    - name: Checkout
      uses: actions/checkout@v6
    - name: Run build pkg directory
      shell: bash
      run: |
        set -e
        go run cmd/main.go build
    - name: Run make to build app
      shell: bash
      run: |
--- a/.github/actions/setup-cache-go/action.yaml
+++ b/.github/actions/setup-cache-go/action.yaml
@ -26,9 +26,9 @@ runs:
      uses: https://code.forgejo.org/actions/setup-go@v6
      id: go-version
      with:
-        # go-version: ${{ inputs.go-version }}
+        go-version: ${{ inputs.go-version }}
        check-latest: true # Always check for the latest patch release
-        go-version-file: "go.mod"
+        # go-version-file: "go.mod"
        # do not cache dependencies, we do this manually
        cache: false
--- a/.github/workflows/ci.yaml.bak
+++ b/.github/workflows/ci.yaml.bak
@ -22,39 +22,6 @@ env:
  CODE_COVERAGE_ARTIFACT_NAME: "code-coverage"
 jobs:
  runner_test:
    name: "Test STACKIT runner"
    runs-on: stackit-docker
    steps:
      - name: Install needed tools
        run: |
          apt-get -y -qq update
          apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget
      - name: Setup Go
        uses: actions/setup-go@v6
        with:
          go-version: ${{ env.GO_VERSION }}
      - name: Install go tools
        run: |
          go install golang.org/x/tools/cmd/goimports@latest
          go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest
          go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest
      - name: Setup JAVA
        uses: actions/setup-java@v5
        with:
          distribution: 'temurin' # See 'Supported distributions' for available options
          java-version: '21'
      - name: Checkout
        uses: actions/checkout@v6
      - name: Run build pkg directory
        run: |
          go run cmd/main.go build
  publish_test:
    name: "Test readiness for publishing provider"
    needs: config
@ -234,29 +201,29 @@ jobs:
        run: make lint
        continue-on-error: true
-  #      - name: Testing
+#      - name: Testing
-  #        run: make test
+#        run: make test
-  #
+#
-  #      - name: Acceptance Testing
+#      - name: Acceptance Testing
-  #        if: ${{ github.event_name == 'pull_request' }}
+#        if: ${{ github.event_name == 'pull_request' }}
-  #        run: make test-acceptance-tf
+#        run: make test-acceptance-tf
-  #
+#
-  #      - name: Check coverage threshold
+#      - name: Check coverage threshold
-  #        shell: bash
+#        shell: bash
-  #        run: |
+#        run: |
-  #          make coverage
+#          make coverage
-  #          COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//')
+#          COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//')
-  #          echo "Coverage: $COVERAGE%"
+#          echo "Coverage: $COVERAGE%"
-  #          if (( $(echo "$COVERAGE < 80" | bc -l) )); then
+#          if (( $(echo "$COVERAGE < 80" | bc -l) )); then
-  #            echo "Coverage is below 80%"
+#            echo "Coverage is below 80%"
-  #            # exit 1
+#            # exit 1
-  #          fi
+#          fi
-  #      - name: Archive code coverage results
+#      - name: Archive code coverage results
-  #        uses: actions/upload-artifact@v4
+#        uses: actions/upload-artifact@v4
-  #        with:
+#        with:
-  #          name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }}
+#          name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }}
-  #          path: "stackit/${{ env.CODE_COVERAGE_FILE_NAME }}"
+#          path: "stackit/${{ env.CODE_COVERAGE_FILE_NAME }}"
  config:
    if: ${{ github.event_name != 'schedule' }}
--- a/.github/workflows/ci_new.yaml
+++ b/.github/workflows/ci_new.yaml
@ -1,343 +0,0 @@
 name: CI Workflow
 on:
  pull_request:
    branches:
      - alpha
      - main
  workflow_dispatch:
  schedule:
    # every sunday at 00:00
    # - cron: '0 0 * * 0'
    # every day at 00:00
    - cron: '0 0 * * *'
  push:
    branches:
      - '!main'
      - '!alpha'
    paths:
      - '!.github'
 env:
  GO_VERSION: "1.25"
  CODE_COVERAGE_FILE_NAME: "coverage.out" # must be the same as in Makefile
  CODE_COVERAGE_ARTIFACT_NAME: "code-coverage"
 jobs:
  config:
    if: ${{ github.event_name != 'schedule' }}
    name: Check GoReleaser config
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Check GoReleaser
        uses: goreleaser/goreleaser-action@v7
        with:
          args: check
  prepare:
    name: Prepare GO cache
    runs-on: ubuntu-latest
    permissions:
      actions: read        # Required to identify workflow run.
      checks: write        # Required to add status summary.
      contents: read       # Required to checkout repository.
      pull-requests: write # Required to add PR comment.
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Install Go ${{ inputs.go-version }}
        id: go-install
        uses: actions/setup-go@v6
        with:
          # go-version: ${{ inputs.go-version }}
          check-latest: true
          go-version-file: 'go.mod'
      - name: Determine GOMODCACHE
        shell: bash
        id: goenv
        run: |
          set -e
          # echo "::set-output name=gomodcache::$(go env GOMODCACHE)"
          echo "gomodcache=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
      - name: Restore cached GO pkg
        id: cache-gopkg
        uses: actions/cache/restore@v5
        with:
          path: "${{ steps.goenv.outputs.gomodcache }}"
          key: ${{ runner.os }}-gopkg
      - name: Install go tools
        if: steps.cache-gopkg.outputs.cache-hit != 'true'
        run: |
          go install golang.org/x/tools/cmd/goimports@latest
          go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest
          go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest
      - name: Get all go packages
        if: steps.cache-gopkg.outputs.cache-hit != 'true'
        shell: bash
        run: |
          set -e
          go get ./...
      - name: Save Cache
        if: steps.cache-gopkg.outputs.cache-hit != 'true'
        id: cache-gopkg-save
        uses: actions/cache/save@v5
        with:
          path: |
            ${{ steps.goenv.outputs.gomodcache }}
          key: ${{ runner.os }}-gopkg
  publish_test:
    name: "Test readiness for publishing provider"
    needs:
      - config
      - prepare
    runs-on: ubuntu-latest
    permissions:
      actions: read        # Required to identify workflow run.
      checks: write        # Required to add status summary.
      contents: read       # Required to checkout repository.
      pull-requests: write # Required to add PR comment.
    steps:
      - name: Install needed tools
        run: |
          apt-get -y -qq update
          apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget unzip bc
      - name: Checkout
        uses: actions/checkout@v6
      - name: Setup Go
        uses: actions/setup-go@v6
        with:
          # go-version: ${{ env.GO_VERSION }}
          check-latest: true
          go-version-file: 'go.mod'
      - name: Install go tools
        run: |
          go install golang.org/x/tools/cmd/goimports@latest
          go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest
          go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest
      - name: Setup JAVA
        uses: actions/setup-java@v5
        with:
          distribution: 'temurin' # See 'Supported distributions' for available options
          java-version: '21'
 #      - name: Run build pkg directory
 #        run: |
 #          go run generator/main.go build
      - name: Set up s3cfg
        run: |
          cat <<'EOF' >> ~/.s3cfg
          [default]
          host_base = https://object.storage.eu01.onstackit.cloud
          host_bucket = https://%(bucket).object.storage.eu01.onstackit.cloud
          check_ssl_certificate = False
          access_key = ${{ secrets.S3_ACCESS_KEY }}
          secret_key = ${{ secrets.S3_SECRET_KEY }}
          EOF
      - name: Import GPG key
        run: |
          echo "${{ secrets.PRIVATE_KEY_PEM }}" > ~/private.key.pem
          gpg --import ~/private.key.pem
          rm ~/private.key.pem
      - name: Run GoReleaser with SNAPSHOT
        id: goreleaser
        env:
          GITHUB_TOKEN: ${{ env.FORGEJO_TOKEN }}
          GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
        uses: goreleaser/goreleaser-action@v7
        with:
          args: release --skip publish --clean --snapshot
      - name: Prepare key file
        run: |
          echo "${{ secrets.PUBLIC_KEY_PEM }}" >public_key.pem
      - name: Prepare provider directory structure
        run: |
          VERSION=$(jq -r .version < dist/metadata.json)
          go run generator/main.go \
            publish \
              --namespace=mhenselin \
              --providerName=stackitprivatepreview \
              --repoName=terraform-provider-stackitprivatepreview \
              --domain=tfregistry.sysops.stackit.rocks \
              --gpgFingerprint="${{ secrets.GPG_FINGERPRINT }}" \
              --gpgPubKeyFile=public_key.pem \
              --version=${VERSION}
  testing:
    name: CI run tests
    runs-on: ubuntu-latest
    needs:
      - config
      - prepare
    env:
      TF_ACC_PROJECT_ID: ${{ vars.TF_ACC_PROJECT_ID }}
      TF_ACC_ORGANIZATION_ID: ${{ vars.TF_ACC_ORGANIZATION_ID }}
      TF_ACC_REGION: ${{ vars.TF_ACC_REGION }}
      TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL: ${{ vars.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL }}
      TF_ACC_SERVICE_ACCOUNT_FILE: "~/service_account.json"
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Build
        uses: ./.github/actions/build
        with:
          go-version: ${{ env.GO_VERSION }}
      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v2
        with:
          terraform_wrapper: false
      - name: Create service account json file
        if: ${{ github.event_name == 'pull_request' }}
        run: |
          echo "${{ secrets.TF_ACC_SERVICE_ACCOUNT_JSON }}" >~/.service_account.json
      - name: Run go mod tidy
        if: ${{ github.event_name == 'pull_request' }}
        run: go mod tidy
      - name: Testing
        run: |
          TF_ACC_SERVICE_ACCOUNT_FILE=~/.service_account.json
          export TF_ACC_SERVICE_ACCOUNT_FILE
          make test
 #      - name: Acceptance Testing
 #        env:
 #          TF_ACC: "1"
 #        if: ${{ github.event_name == 'pull_request' }}
 #        run: |
 #          TF_ACC_SERVICE_ACCOUNT_FILE=~/.service_account.json
 #          export TF_ACC_SERVICE_ACCOUNT_FILE
 #          make test-acceptance-tf
      - name: Run Test
        if: ${{ github.event_name == 'pull_request' }}
        uses: ./.github/actions/acc_test
        with:
          go-version: ${{ env.GO_VERSION }}
          project_id: ${{ vars.TF_ACC_PROJECT_ID }}
          region: ${{ vars.TF_ACC_REGION }}
          service_account_json_content_b64: "${{ secrets.TF_ACC_SERVICE_ACCOUNT_JSON_B64 }}"
          project_user_email: ${{ vars.TEST_PROJECT_USER_EMAIL }}
          tf_acc_kek_key_id: ${{ vars.TF_ACC_KEK_KEY_ID }}
          tf_acc_kek_key_ring_id: ${{ vars.TF_ACC_KEK_KEY_RING_ID }}
          tf_acc_kek_key_version: ${{ vars.TF_ACC_KEK_KEY_VERSION }}
          tf_acc_kek_service_account: ${{ vars.TF_ACC_KEK_SERVICE_ACCOUNT }}
          # service_account_json_file_path: "~/service_account.json"
      - name: Check coverage threshold
        shell: bash
        run: |
          make coverage
          COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//')
          echo "Coverage: $COVERAGE%"
          if (( $(echo "$COVERAGE < 80" | bc -l) )); then
            echo "Coverage is below 80%"
            # exit 1
          fi
      - name: Archive code coverage results
        uses: actions/upload-artifact@v4
        with:
          name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }}
          path: "stackit/${{ env.CODE_COVERAGE_FILE_NAME }}"
  main:
    if: ${{ github.event_name != 'schedule' }}
    name: CI run build and linting
    runs-on: ubuntu-latest
    needs:
      - config
      - prepare
    steps:
      - name: Checkout
        uses: actions/checkout@v6
 #      - uses: actions/cache@v5
 #        id: cache
 #        with:
 #          path: path/to/dependencies
 #          key: ${{ runner.os }}-${{ hashFiles('**/lockfiles') }}
 #      - name: Install Dependencies
 #        if: steps.cache.outputs.cache-hit != 'true'
 #        run: /install.sh
      - name: Build
        uses: ./.github/actions/build
        with:
          go-version: ${{ env.GO_VERSION }}
      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v2
        with:
          terraform_wrapper: false
      - name: "Ensure docs are up-to-date"
        if: ${{ github.event_name == 'pull_request' }}
        run: ./scripts/check-docs.sh
        continue-on-error: true
      - name: "Run go mod tidy"
        if: ${{ github.event_name == 'pull_request' }}
        run: go mod tidy
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v9
        with:
          version: v2.10
          args: --config=.golang-ci.yaml --allow-parallel-runners --timeout=5m
        continue-on-error: true
      - name: Linting terraform files
        run: make lint-tf
        continue-on-error: true
  code_coverage:
    name: "Code coverage report"
    if: github.event_name == 'pull_request' # Do not run when workflow is triggered by push to main branch
    runs-on: ubuntu-latest
    needs:
      - main
      - prepare
    permissions:
      contents: read
      actions: read  # to download code coverage results from "main" job
      pull-requests: write # write permission needed to comment on PR
    steps:
      - name: Install needed tools
        shell: bash
        run: |
          set -e
          apt-get -y -qq update
          apt-get -y -qq install sudo
      - name: Check new code coverage
        uses: fgrosse/go-coverage-report@v1.2.0
        continue-on-error: true  # Add this line to prevent pipeline failures in forks
        with:
          coverage-artifact-name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }}
          coverage-file-name: ${{ env.CODE_COVERAGE_FILE_NAME }}
          root-package: 'github.com/stackitcloud/terraform-provider-stackit'
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@ -23,7 +23,7 @@ jobs:
        uses: actions/checkout@v6
      - name: Check GoReleaser
-        uses: goreleaser/goreleaser-action@v7
+        uses: goreleaser/goreleaser-action@v6
        with:
          args: check
@ -43,15 +43,10 @@ jobs:
          apt-get -y -qq update
          apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget
      - name: Checkout
        uses: actions/checkout@v6
      - name: Setup Go
        uses: actions/setup-go@v6
        with:
-          # go-version: ${{ env.GO_VERSION }}
+          go-version: ${{ env.GO_VERSION }}
          check-latest: true
          go-version-file: 'go.mod'
      - name: Install go tools
        run: |
@ -65,6 +60,16 @@ jobs:
          distribution: 'temurin' # See 'Supported distributions' for available options
          java-version: '21'
      - name: Checkout
        uses: actions/checkout@v6
      - name: Run build pkg directory
        run: |
          set -e
          mkdir -p generated/services
          mkdir -p generated/internal/services
          go run cmd/main.go build
      - name: Set up s3cfg
        run: |
          cat <<'EOF' >> ~/.s3cfg
@ -88,7 +93,7 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ env.FORGEJO_TOKEN }}
          GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
-        uses: goreleaser/goreleaser-action@v7
+        uses: goreleaser/goreleaser-action@v6
        with:
          args: release --skip publish --clean --snapshot
@ -98,7 +103,7 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ env.FORGEJO_TOKEN }}
          GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
-        uses: goreleaser/goreleaser-action@v7
+        uses: goreleaser/goreleaser-action@v6
        with:
          args: release --skip publish --clean
@ -109,7 +114,7 @@ jobs:
      - name: Prepare provider directory structure
        run: |
          VERSION=$(jq -r .version < dist/metadata.json)
-          go run generator/main.go \
+          go run cmd/main.go \
            publish \
              --namespace=mhenselin \
              --providerName=stackitprivatepreview \
@ -119,12 +124,6 @@ jobs:
              --gpgPubKeyFile=public_key.pem \
              --version=${VERSION}
      - name: Prepare documentation nav file
        run: |
          go run generator/main.go \
            docs \
            --outFile nav.md
      - name: Publish provider to S3
        run: |
          set -e
@ -144,4 +143,3 @@ jobs:
          ssh -o StrictHostKeyChecking=no ubuntu@${{ vars.DOCS_SERVER_IP }} 'rm -rf /srv/www/docs'
          echo "${{ github.ref_name }}" >docs/_version.txt
          scp -o StrictHostKeyChecking=no -r docs ubuntu@${{ vars.DOCS_SERVER_IP }}:/srv/www/
          scp -o StrictHostKeyChecking=no nav.md ubuntu@${{ vars.DOCS_SERVER_IP }}:/srv/www/
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -22,19 +22,17 @@ jobs:
        with:
          # Allow goreleaser to access older tag information.
          fetch-depth: 0
-
+      - uses: actions/setup-go@v5
      - uses: https://code.forgejo.org/actions/setup-go@v6
        with:
          go-version-file: "go.mod"
          cache: true
      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v6
        id: import_gpg
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v7
+        uses: goreleaser/goreleaser-action@v6
        with:
          args: release --clean
        env:
--- a/.github/workflows/runnerstats.yaml
+++ b/.github/workflows/runnerstats.yaml
@ -1,29 +0,0 @@
 name: Runner stats
 on:
  workflow_dispatch:
 jobs:
  stats-own:
    name: "Get own runner stats"
    runs-on: ubuntu-latest
    steps:
      - name: Install needed tools
        run: |
          apt-get -y -qq update
          apt-get -y -qq install inxi
      - name: Show stats
        run: inxi -c 0
  stats-stackit:
    name: "Get STACKIT runner stats"
    runs-on: stackit-docker
    steps:
      - name: Install needed tools
        run: |
          apt-get -y -qq update
          apt-get -y -qq install inxi
      - name: Show stats
        run: inxi -c 0
--- a/.github/workflows/tf-acc-test.yaml
+++ b/.github/workflows/tf-acc-test.yaml
@ -18,12 +18,6 @@ jobs:
        uses: ./.github/actions/acc_test
        with:
          go-version: ${{ env.GO_VERSION }}
-          project_id: ${{ vars.TF_ACC_PROJECT_ID }}
+          project_id: ${{ vars.TEST_PROJECT_ID }}
          region: 'eu01'
-          service_account_json_content_b64: "${{ secrets.TF_ACC_SERVICE_ACCOUNT_JSON_B64 }}"
+          service_account_json: ${{ secrets.TF_ACC_SERVICE_ACCOUNT_JSON }}
          project_user_email: ${{ vars.TEST_PROJECT_USER_EMAIL }}
          tf_acc_kek_key_id: ${{ vars.TF_ACC_KEK_KEY_ID }}
          tf_acc_kek_key_ring_id: ${{ vars.TF_ACC_KEK_KEY_RING_ID }}
          tf_acc_kek_key_version: ${{ vars.TF_ACC_KEK_KEY_VERSION }}
          tf_acc_kek_service_account: ${{ vars.TF_ACC_KEK_SERVICE_ACCOUNT }}
          # service_account_json_file_path: "~/service_account.json"
--- a/.gitignore
+++ b/.gitignore
@ -40,7 +40,6 @@ coverage.out
 coverage.html
 generated
 stackit-sdk-generator
 stackit-sdk-generator/**
 dist
 .secrets
--- a/.golang-ci.yaml
+++ b/.golang-ci.yaml
@ -1,94 +0,0 @@
 version: "2"
 run:
  concurrency: 4
 output:
  formats:
    text:
      print-linter-name: true
      print-issued-lines: true
      colors: true
      path: stdout
 linters:
  enable:
    - bodyclose
    - depguard
    - errorlint
    - forcetypeassert
    - gochecknoinits
    - gocritic
    - gosec
    - misspell
    - nakedret
    - revive
    - sqlclosecheck
    - wastedassign
  disable:
    - noctx
    - unparam
  settings:
    depguard:
      rules:
        main:
          list-mode: lax
          allow:
            - tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview
            - github.com/hashicorp/terraform-plugin-framework
            - github.com/hashicorp/terraform-plugin-log
            - github.com/stackitcloud/stackit-sdk-go
          deny:
            - pkg: github.com/stretchr/testify
              desc: Do not use a testing framework
    gocritic:
      disabled-checks:
        - wrapperFunc
        - typeDefFirst
        - ifElseChain
        - dupImport
        - hugeParam
      enabled-tags:
        - performance
        - style
        - experimental
    gosec:
      excludes:
        - G104
        - G102
        - G304
        - G307
    misspell:
      locale: US
    nakedret:
      max-func-lines: 0
    revive:
      severity: error
      rules:
        - name: errorf
        - name: context-as-argument
        - name: error-return
        - name: increment-decrement
        - name: indent-error-flow
        - name: superfluous-else
        - name: unused-parameter
        - name: unreachable-code
        - name: atomic
        - name: empty-lines
        - name: early-return
  exclusions:
    paths:
      - generator/
    generated: lax
    warn-unused: true
    # Excluding configuration per-path, per-linter, per-text and per-source.
    rules:
      # Exclude some linters from running on tests files.
        - path: _test\.go
          linters:
            - gochecknoinits
 formatters:
  enable:
    #- gofmt
    - goimports
  settings:
    goimports:
      local-prefixes:
        - tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview
--- a/7
+++ b/7
@ -12,20 +12,17 @@ project-tools:
 # LINT
 lint-golangci-lint:
 	@echo "Linting with golangci-lint"
-	@go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint run --fix --config .golang-ci.yaml
+	@$(SCRIPTS_BASE)/lint-golangci-lint.sh
 lint-tf: 
 	@echo "Linting terraform files"
-	@terraform fmt -check -diff -recursive examples/
+	@terraform fmt -check -diff -recursive
 	@terraform fmt -check -diff -recursive stackit/
 lint: lint-golangci-lint lint-tf
 # DOCUMENTATION GENERATION
 generate-docs:
 	@echo "Generating documentation with tfplugindocs"
 	@$(SCRIPTS_BASE)/tfplugindocs.sh
 build:
--- a/cmd/cmd/build/build.go
+++ b/cmd/cmd/build/build.go
@ -0,0 +1,956 @@
 package build
 import (
 	"bufio"
 	"bytes"
 	"errors"
 	"fmt"
 	"go/ast"
 	"go/parser"
 	"go/token"
 	"io"
 	"log"
 	"log/slog"
 	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
 	"text/template"
 	"github.com/ldez/go-git-cmd-wrapper/v2/clone"
 	"github.com/ldez/go-git-cmd-wrapper/v2/git"
 )
 const (
 	OAS_REPO_NAME = "stackit-api-specifications"
 	OAS_REPO      = "https://github.com/stackitcloud/stackit-api-specifications.git"
 	GEN_REPO_NAME = "stackit-sdk-generator"
 	GEN_REPO      = "https://github.com/stackitcloud/stackit-sdk-generator.git"
 )
 type version struct {
 	verString string
 	major     int
 	minor     int
 }
 type Builder struct {
 	SkipClone    bool
 	SkipCleanup  bool
 	PackagesOnly bool
 }
 func (b *Builder) Build() error {
 	slog.Info("Starting Builder")
 	if b.PackagesOnly {
 		slog.Info("  >>> only generating pkg_gen <<<")
 	}
 	root, err := getRoot()
 	if err != nil {
 		log.Fatal(err)
 	}
 	if root == nil || *root == "" {
 		return fmt.Errorf("unable to determine root directory from git")
 	}
 	slog.Info("  ... using root directory", "dir", *root)
 	if !b.PackagesOnly {
 		slog.Info("  ... Checking needed commands available")
 		err := checkCommands([]string{"tfplugingen-framework", "tfplugingen-openapi"})
 		if err != nil {
 			return err
 		}
 	}
 	if !b.SkipCleanup {
 		slog.Info("Cleaning up old packages directory")
 		err = os.RemoveAll(path.Join(*root, "pkg_gen"))
 		if err != nil {
 			return err
 		}
 	}
 	if !b.SkipCleanup && !b.PackagesOnly {
 		slog.Info("Cleaning up old packages directory")
 		err = os.RemoveAll(path.Join(*root, "pkg_gen"))
 		if err != nil {
 			return err
 		}
 	}
 	slog.Info("Creating generator dir", "dir", fmt.Sprintf("%s/%s", *root, GEN_REPO_NAME))
 	genDir := path.Join(*root, GEN_REPO_NAME)
 	if !b.SkipClone {
 		err = createGeneratorDir(GEN_REPO, genDir, b.SkipClone)
 		if err != nil {
 			return err
 		}
 	}
 	slog.Info("Creating oas repo dir", "dir", fmt.Sprintf("%s/%s", *root, OAS_REPO_NAME))
 	repoDir, err := createRepoDir(genDir, OAS_REPO, OAS_REPO_NAME, b.SkipClone)
 	if err != nil {
 		return fmt.Errorf("%s", err.Error())
 	}
 	slog.Info("Retrieving versions from subdirs")
 	// TODO - major
 	verMap, err := getVersions(repoDir)
 	if err != nil {
 		return fmt.Errorf("%s", err.Error())
 	}
 	slog.Info("Reducing to only latest or highest")
 	res, err := getOnlyLatest(verMap)
 	if err != nil {
 		return fmt.Errorf("%s", err.Error())
 	}
 	slog.Info("Creating OAS dir")
 	err = os.MkdirAll(path.Join(genDir, "oas"), 0755)
 	if err != nil {
 		return err
 	}
 	slog.Info("Copying OAS files")
 	for service, item := range res {
 		baseService := strings.TrimSuffix(service, "alpha")
 		baseService = strings.TrimSuffix(baseService, "beta")
 		itemVersion := fmt.Sprintf("v%d%s", item.major, item.verString)
 		if item.minor != 0 {
 			itemVersion = itemVersion + "" + strconv.Itoa(item.minor)
 		}
 		srcFile := path.Join(
 			repoDir,
 			"services",
 			baseService,
 			itemVersion,
 			fmt.Sprintf("%s.json", baseService),
 		)
 		dstFile := path.Join(genDir, "oas", fmt.Sprintf("%s.json", service))
 		_, err = copyFile(srcFile, dstFile)
 		if err != nil {
 			return fmt.Errorf("%s", err.Error())
 		}
 	}
 	slog.Info("Changing dir", "dir", genDir)
 	err = os.Chdir(genDir)
 	if err != nil {
 		return err
 	}
 	slog.Info("Calling make", "command", "generate-go-sdk")
 	cmd := exec.Command("make", "generate-go-sdk")
 	var stdOut, stdErr bytes.Buffer
 	cmd.Stdout = &stdOut
 	cmd.Stderr = &stdErr
 	if err = cmd.Start(); err != nil {
 		slog.Error("cmd.Start", "error", err)
 		return err
 	}
 	if err = cmd.Wait(); err != nil {
 		var exitErr *exec.ExitError
 		if errors.As(err, &exitErr) {
 			slog.Error("cmd.Wait", "code", exitErr.ExitCode(), "error", err, "stdout", stdOut.String(), "stderr", stdErr.String())
 			return fmt.Errorf("%s", stdErr.String())
 		}
 		if err != nil {
 			slog.Error("cmd.Wait", "err", err)
 			return err
 		}
 	}
 	slog.Info("Cleaning up go.mod and go.sum files")
 	cleanDir := path.Join(genDir, "sdk-repo-updated", "services")
 	dirEntries, err := os.ReadDir(cleanDir)
 	if err != nil {
 		return err
 	}
 	for _, entry := range dirEntries {
 		if entry.IsDir() {
 			err = deleteFiles(
 				path.Join(cleanDir, entry.Name(), "go.mod"),
 				path.Join(cleanDir, entry.Name(), "go.sum"),
 			)
 			if err != nil {
 				return err
 			}
 		}
 	}
 	slog.Info("Changing dir", "dir", *root)
 	err = os.Chdir(*root)
 	if err != nil {
 		return err
 	}
 	slog.Info("Rearranging package directories")
 	err = os.MkdirAll(path.Join(*root, "pkg_gen"), 0755) // noqa:gosec
 	if err != nil {
 		return err
 	}
 	srcDir := path.Join(genDir, "sdk-repo-updated", "services")
 	items, err := os.ReadDir(srcDir)
 	if err != nil {
 		return err
 	}
 	for _, item := range items {
 		if item.IsDir() {
 			slog.Info(" -> package", "name", item.Name())
 			tgtDir := path.Join(*root, "pkg_gen", item.Name())
 			if fileExists(tgtDir) {
 				delErr := os.RemoveAll(tgtDir)
 				if delErr != nil {
 					return delErr
 				}
 			}
 			err = os.Rename(path.Join(srcDir, item.Name()), tgtDir)
 			if err != nil {
 				return err
 			}
 		}
 	}
 	if !b.PackagesOnly {
 		slog.Info("Generating service boilerplate")
 		err = generateServiceFiles(*root, path.Join(*root, GEN_REPO_NAME))
 		if err != nil {
 			return err
 		}
 		slog.Info("Copying all service files")
 		err = CopyDirectory(
 			path.Join(*root, "generated", "internal", "services"),
 			path.Join(*root, "stackit", "internal", "services"),
 		)
 		if err != nil {
 			return err
 		}
 		err = createBoilerplate(*root, path.Join(*root, "stackit", "internal", "services"))
 		if err != nil {
 			return err
 		}
 	}
 	if !b.SkipCleanup {
 		slog.Info("Finally removing temporary files and directories")
 		err = os.RemoveAll(path.Join(*root, "generated"))
 		if err != nil {
 			slog.Error("RemoveAll", "dir", path.Join(*root, "generated"), "err", err)
 			return err
 		}
 		err = os.RemoveAll(path.Join(*root, GEN_REPO_NAME))
 		if err != nil {
 			slog.Error("RemoveAll", "dir", path.Join(*root, GEN_REPO_NAME), "err", err)