fix: disable shell color in runnerstats (#80)

Signed-off-by: marcel.henselin <marcel.henselin@stackit.cloud>

## Description

<!-- **Please link some issue here describing what you are trying to achieve.**

In case there is no issue present for your PR, please consider creating one.
At least please give us some description what you are trying to achieve and why your change is needed. -->

relates to #1234

## Checklist

- [ ] Issue was linked above
- [ ] Code format was applied: `make fmt`
- [ ] Examples were added / adjusted (see `examples/` directory)
- [x] Docs are up-to-date: `make generate-docs` (will be checked by CI)
- [ ] Unit tests got implemented or updated
- [ ] Acceptance tests got implemented or updated (see e.g. [here](f5f99d1709/stackit/internal/services/dns/dns_acc_test.go))
- [x] Unit tests are passing: `make test` (will be checked by CI)
- [x] No linter issues: `make lint` (will be checked by CI)

Reviewed-on: #80
Co-authored-by: marcel.henselin <marcel.henselin@stackit.cloud>
Co-committed-by: marcel.henselin <marcel.henselin@stackit.cloud>

.github/actions/acc_test/README.md

@@ -0,0 +1 @@
+# acceptance test action

.github/actions/acc_test/action.yaml

@@ -0,0 +1,114 @@
+name: Acceptance Testing
+description: "Acceptance Testing pipeline"
+
+inputs:
+  go-version:
+    description: "go version to install"
+    default: '1.25'
+    required: true
+
+  project_id:
+    description: "STACKIT project ID for tests"
+    required: true
+
+  region:
+    description: "STACKIT region for tests"
+    default: 'eu01'
+    required: true
+
+  service_account_json:
+    description: "STACKIT service account JSON file contents"
+    required: true
+
+  test_file:
+    description: "testfile to run"
+    default: ''
+
+outputs:
+  random-number:
+    description: "Random number"
+    value: ${{ steps.random-number-generator.outputs.random-number }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Random Number Generator
+      id: random-number-generator
+      run: echo "random-number=$(echo $RANDOM)" >> $GITHUB_OUTPUT
+      shell: bash
+
+    - name: Install needed tools
+      shell: bash
+      run: |
+        set -e
+        apt-get -y -qq update
+        apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget
+
+    - name: Setup JAVA
+      uses: actions/setup-java@v5
+      with:
+        distribution: 'temurin' # See 'Supported distributions' for available options
+        java-version: '21'
+
+    - name: Install Go ${{ inputs.go-version }}
+      uses: actions/setup-go@v6
+      with:
+        go-version: ${{ inputs.go-version }}
+        check-latest: true
+        go-version-file: 'go.mod'
+
+    - name: Install go tools
+      shell: bash
+      run: |
+        set -e
+        go mod download
+        go install golang.org/x/tools/cmd/goimports@latest
+        go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.7.2
+        go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@v0.24.0
+
+    - name: Prepare pkg_gen directory
+      shell: bash
+      run: |
+        go run cmd/main.go build -p
+
+    - name: Run acceptance test file
+      if: ${{ inputs.test_file != '' }}
+      shell: bash
+      run: |
+        echo "Running acceptance tests for the terraform provider"
+        echo "${STACKIT_SERVICE_ACCOUNT_JSON}" > ~/.service_account.json
+        cd stackit
+        TF_ACC=1 \
+        TF_ACC_PROJECT_ID=${TF_ACC_PROJECT_ID} \
+        TF_ACC_REGION=${TF_ACC_REGION} \
+        go test ${{ inputs.test_file }} -count=1 -timeout=30m
+      env:
+        STACKIT_SERVICE_ACCOUNT_JSON: ${{ inputs.service_account_json }}
+        TF_PROJECT_ID: ${{ inputs.project_id }}
+        TF_ACC_REGION: ${{ inputs.region }}
+        # TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL: ${{ secrets.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL }}
+        # TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN }}
+        # TF_ACC_TEST_PROJECT_PARENT_CONTAINER_ID: ${{ secrets.TF_ACC_TEST_PROJECT_PARENT_CONTAINER_ID }}
+        # TF_ACC_TEST_PROJECT_PARENT_UUID: ${{ secrets.TF_ACC_TEST_PROJECT_PARENT_UUID }}
+        # TF_ACC_TEST_PROJECT_USER_EMAIL: ${{ secrets.TF_ACC_TEST_PROJECT_USER_EMAIL }}
+
+    - name: Run acceptance tests
+      if: ${{ inputs.test_file == '' }}
+      shell: bash
+      run: |
+        echo "Running acceptance tests for the terraform provider"
+        echo "${STACKIT_SERVICE_ACCOUNT_JSON}" > ~/.service_account.json
+        cd stackit
+        TF_ACC=1 \
+        TF_ACC_PROJECT_ID=${TF_ACC_PROJECT_ID} \
+        TF_ACC_REGION=${TF_ACC_REGION} \
+        go test ./... -count=1 -timeout=30m
+      env:
+        STACKIT_SERVICE_ACCOUNT_JSON: ${{ inputs.service_account_json }}
+        TF_PROJECT_ID: ${{ inputs.project_id }}
+        TF_ACC_REGION: ${{ inputs.region }}
+        # TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL: ${{ secrets.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL }}
+        # TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN }}
+        # TF_ACC_TEST_PROJECT_PARENT_CONTAINER_ID: ${{ secrets.TF_ACC_TEST_PROJECT_PARENT_CONTAINER_ID }}
+        # TF_ACC_TEST_PROJECT_PARENT_UUID: ${{ secrets.TF_ACC_TEST_PROJECT_PARENT_UUID }}
+        # TF_ACC_TEST_PROJECT_USER_EMAIL: ${{ secrets.TF_ACC_TEST_PROJECT_USER_EMAIL }}

.github/actions/build/action.yaml

@@ -3,14 +3,61 @@ description: "Build pipeline"
 inputs:
   go-version:
     description: "Go version to install"
+    default: '1.25'
     required: true
+  java-distribution:
+    description: "JAVA distribution to use (default: temurin)"
+    default: 'temurin'
+  java-version:
+    description: "JAVA version to use (default: 21)"
+    default: '21'
+
 runs:
   using: "composite"
   steps:
+    - name: Install needed tools
+      shell: bash
+      run: |
+        set -e
+        apt-get -y -qq update
+        apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget
+
+
     - name: Install Go ${{ inputs.go-version }}
-      uses: actions/setup-go@v5
+      uses: actions/setup-go@v6
       with:
         go-version: ${{ inputs.go-version }}
-    - name: Install project tools and dependencies
+        check-latest: true
+        go-version-file: 'go.mod'
+
+    - name: Install go tools
       shell: bash
-      run: make project-tools
+      run: |
+        set -e
+        go install golang.org/x/tools/cmd/goimports@latest
+        go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest
+        go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest
+        go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@v0.24.0
+
+
+    - name: Setup JAVA ${{ inputs.java-distribution }} ${{ inputs.go-version }}
+      uses: actions/setup-java@v5
+      with:
+        distribution: ${{ inputs.java-distribution }} # See 'Supported distributions' for available options
+        java-version: ${{ inputs.java-version }}
+
+    - name: Checkout
+      uses: actions/checkout@v6
+
+    - name: Run build pkg directory
+      shell: bash
+      run: |
+        set -e
+        go run cmd/main.go build
+
+
+    - name: Run make to build app
+      shell: bash
+      run: |
+        set -e
+        make build

.github/actions/setup-cache-go/action.yaml

@@ -0,0 +1,71 @@
+name: 'Setup Go and cache dependencies'
+author: 'Forgejo authors, Marcel S. Henselin'
+description: |
+  Wrap the setup-go with improved dependency caching.
+
+inputs:
+  username:
+    description: 'User for which to manage the dependency cache'
+    default: root
+
+  go-version:
+    description: "go version to install"
+    default: '1.25'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: "Install zstd for faster caching"
+      shell: bash
+      run: |
+        apt-get update -qq
+        apt-get -q install -qq -y zstd
+
+    - name: "Set up Go using setup-go"
+      uses: https://code.forgejo.org/actions/setup-go@v6
+      id: go-version
+      with:
+        go-version: ${{ inputs.go-version }}
+        check-latest: true # Always check for the latest patch release
+        # go-version-file: "go.mod"
+        # do not cache dependencies, we do this manually
+        cache: false
+
+    - name: "Get go environment information"
+      shell: bash
+      id: go-environment
+      run: |
+        chmod 755 $HOME # ensure ${RUN_AS_USER} has permission when go is located in $HOME
+        export GOROOT="$(go env GOROOT)"
+        echo "modcache=$(su ${RUN_AS_USER} -c '${GOROOT}/bin/go env GOMODCACHE')" >> "$GITHUB_OUTPUT"
+        echo "cache=$(su ${RUN_AS_USER} -c '${GOROOT}/bin/go env GOCACHE')" >> "$GITHUB_OUTPUT"
+      env:
+        RUN_AS_USER: ${{ inputs.username }}
+        GO_VERSION: ${{ steps.go-version.outputs.go-version }}
+
+    - name: "Create cache folders with correct permissions (for non-root users)"
+      shell: bash
+      if: inputs.username != 'root'
+      # when the cache is restored, only the permissions of the last part are restored
+      # so assuming that /home/user exists and we are restoring /home/user/go/pkg/mod,
+      # both folders will have the correct permissions, but
+      # /home/user/go and /home/user/go/pkg might be owned by root
+      run: |
+        su ${RUN_AS_USER} -c 'mkdir -p "${MODCACHE_DIR}" "${CACHE_DIR}"'
+      env:
+        RUN_AS_USER: ${{ inputs.username }}
+        MODCACHE_DIR: ${{ steps.go-environment.outputs.modcache }}
+        CACHE_DIR: ${{ steps.go-environment.outputs.cache }}
+
+    - name: "Restore Go dependencies from cache or mark for later caching"
+      id: cache-deps
+      uses: https://code.forgejo.org/actions/cache@v5
+      with:
+        key: setup-cache-go-deps-${{ runner.os }}-${{ inputs.username }}-${{ steps.go-version.outputs.go_version }}-${{ hashFiles('go.sum', 'go.mod') }}
+        restore-keys: |
+          setup-cache-go-deps-${{ runner.os }}-${{ inputs.username }}-${{ steps.go-version.outputs.go_version }}-
+          setup-cache-go-deps-${{ runner.os }}-${{ inputs.username }}-
+        path: |
+          ${{ steps.go-environment.outputs.modcache }}
+          ${{ steps.go-environment.outputs.cache }}

.github/docs/contribution-guide/resource.go

@@ -1,3 +1,5 @@
+// Copyright (c) STACKIT
+
 package foo
 
 import (
@@ -12,10 +14,10 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
-	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/conversion"
-	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
-	fooUtils "github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/foo/utils"
-	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/utils"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/conversion"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/core"
+	fooUtils "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/services/foo/utils"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/utils"
 
 	"github.com/stackitcloud/stackit-sdk-go/services/foo"      // Import service "foo" from the STACKIT SDK for Go
 	"github.com/stackitcloud/stackit-sdk-go/services/foo/wait" // Import service "foo" waiters from the STACKIT SDK for Go (in case the service API has asynchronous endpoints)

.github/docs/contribution-guide/utils/util.go

@@ -1,3 +1,5 @@
+// Copyright (c) STACKIT
+
 package utils
 
 import (
@@ -7,8 +9,8 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/stackitcloud/stackit-sdk-go/core/config"
 	"github.com/stackitcloud/stackit-sdk-go/services/foo"
-	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
-	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/utils"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/core"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/utils"
 )
 
 func ConfigureClient(ctx context.Context, providerData *core.ProviderData, diags *diag.Diagnostics) *foo.APIClient {

.github/workflows/ci.yaml

@@ -2,23 +2,207 @@ name: CI Workflow
 
 on:
   pull_request:
+    branches:
+      - alpha
+      - main
   workflow_dispatch:
+  schedule:
+    # every sunday at 00:00
+    # - cron: '0 0 * * 0'
+    # every day at 00:00
+    - cron: '0 0 * * *'
   push:
     branches:
-      - main
+      - '!main'
+      - '!alpha'
 
 env:
-  GO_VERSION: "1.24"
+  GO_VERSION: "1.25"
   CODE_COVERAGE_FILE_NAME: "coverage.out" # must be the same as in Makefile
   CODE_COVERAGE_ARTIFACT_NAME: "code-coverage"
 
 jobs:
-  main:
-    name: CI
+  runner_test:
+    name: "Test STACKIT runner"
+    runs-on: stackit-docker
+    steps:
+      - name: Install needed tools
+        run: |
+          apt-get -y -qq update
+          apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget
+
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Install go tools
+        run: |
+          go install golang.org/x/tools/cmd/goimports@latest
+          go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest
+          go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest
+
+      - name: Setup JAVA
+        uses: actions/setup-java@v5
+        with:
+          distribution: 'temurin' # See 'Supported distributions' for available options
+          java-version: '21'
+
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Run build pkg directory
+        run: |
+          go run cmd/main.go build
+
+  publish_test:
+    name: "Test readiness for publishing provider"
+    needs: config
     runs-on: ubuntu-latest
+    permissions:
+      actions: read        # Required to identify workflow run.
+      checks: write        # Required to add status summary.
+      contents: read       # Required to checkout repository.
+      pull-requests: write # Required to add PR comment.
+    steps:
+      - name: Install needed tools
+        run: |
+          apt-get -y -qq update
+          apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget
+
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Install go tools
+        run: |
+          go install golang.org/x/tools/cmd/goimports@latest
+          go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest
+          go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest
+
+      - name: Setup JAVA
+        uses: actions/setup-java@v5
+        with:
+          distribution: 'temurin' # See 'Supported distributions' for available options
+          java-version: '21'
+
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Run build pkg directory
+        run: |
+          go run cmd/main.go build
+
+      - name: Set up s3cfg
+        run: |
+          cat <<'EOF' >> ~/.s3cfg
+          [default]
+          host_base = https://object.storage.eu01.onstackit.cloud
+          host_bucket = https://%(bucket).object.storage.eu01.onstackit.cloud
+          check_ssl_certificate = False
+          access_key = ${{ secrets.S3_ACCESS_KEY }}
+          secret_key = ${{ secrets.S3_SECRET_KEY }}
+          EOF
+
+      - name: Import GPG key
+        run: |
+          echo "${{ secrets.PRIVATE_KEY_PEM }}" > ~/private.key.pem
+          gpg --import ~/private.key.pem
+          rm ~/private.key.pem
+
+      - name: Run GoReleaser with SNAPSHOT
+        id: goreleaser
+        env:
+          GITHUB_TOKEN: ${{ env.FORGEJO_TOKEN }}
+          GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          args: release --skip publish --clean --snapshot
+
+      - name: Prepare key file
+        run: |
+          echo "${{ secrets.PUBLIC_KEY_PEM }}" >public_key.pem
+
+      - name: Prepare provider directory structure
+        run: |
+          VERSION=$(jq -r .version < dist/metadata.json)
+          go run cmd/main.go \
+            publish \
+              --namespace=mhenselin \
+              --providerName=stackitprivatepreview \
+              --repoName=terraform-provider-stackitprivatepreview \
+              --domain=tfregistry.sysops.stackit.rocks \
+              --gpgFingerprint="${{ secrets.GPG_FINGERPRINT }}" \
+              --gpgPubKeyFile=public_key.pem \
+              --version=${VERSION}
+
+  testing:
+    name: CI run tests
+    runs-on: ubuntu-latest
+    needs: config
+    env:
+      TF_ACC_PROJECT_ID: ${{ vars.TF_ACC_PROJECT_ID }}
+      TF_ACC_REGION: ${{ vars.TF_ACC_REGION }}
+      TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL: ${{ vars.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL }}
+      TF_ACC_SERVICE_ACCOUNT_FILE: "~/service_account.json"
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
+
+      - name: Build
+        uses: ./.github/actions/build
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_wrapper: false
+
+      - name: Create service account json file
+        if: ${{ github.event_name == 'pull_request' }}
+        run: |
+          echo "${{ secrets.TF_ACC_SERVICE_ACCOUNT_JSON }}" >~/service_account.json
+
+      - name: Run go mod tidy
+        if: ${{ github.event_name == 'pull_request' }}
+        run: go mod tidy
+
+      - name: Testing
+        run: make test
+
+      - name: Acceptance Testing
+        env:
+          TF_ACC: "1"
+        if: ${{ github.event_name == 'pull_request' }}
+        run: make test-acceptance-tf
+
+      - name: Check coverage threshold
+        shell: bash
+        run: |
+          make coverage
+          COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//')
+          echo "Coverage: $COVERAGE%"
+          if (( $(echo "$COVERAGE < 80" | bc -l) )); then
+            echo "Coverage is below 80%"
+            # exit 1
+          fi
+
+      - name: Archive code coverage results
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }}
+          path: "stackit/${{ env.CODE_COVERAGE_FILE_NAME }}"
+
+  main:
+    if: ${{ github.event_name != 'schedule' }}
+    name: CI run build and linting
+    runs-on: ubuntu-latest
+    needs: config
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
       
       - name: Build
         uses: ./.github/actions/build
@@ -33,28 +217,54 @@ jobs:
       - name: "Ensure docs are up-to-date"
         if: ${{ github.event_name == 'pull_request' }}
         run: ./scripts/check-docs.sh
+        continue-on-error: true
 
-      - name: Lint
-        run: make lint
-      
-      - name: Test
-        run: make test
+      - name: "Run go mod tidy"
+        if: ${{ github.event_name == 'pull_request' }}
+        run: go mod tidy
 
-
-      - name: Archive code coverage results
-        uses: actions/upload-artifact@v4
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v9
         with:
-          name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }}
-          path: "stackit/${{ env.CODE_COVERAGE_FILE_NAME }}"
+          version: v2.9
+          args: --config=golang-ci.yaml --allow-parallel-runners --timeout=5m
+        continue-on-error: true
 
+      - name: Linting
+        run: make lint
+        continue-on-error: true
+      
+#      - name: Testing
+#        run: make test
+#
+#      - name: Acceptance Testing
+#        if: ${{ github.event_name == 'pull_request' }}
+#        run: make test-acceptance-tf
+#
+#      - name: Check coverage threshold
+#        shell: bash
+#        run: |
+#          make coverage
+#          COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//')
+#          echo "Coverage: $COVERAGE%"
+#          if (( $(echo "$COVERAGE < 80" | bc -l) )); then
+#            echo "Coverage is below 80%"
+#            # exit 1
+#          fi
+
+#      - name: Archive code coverage results
+#        uses: actions/upload-artifact@v4
+#        with:
+#          name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }}
+#          path: "stackit/${{ env.CODE_COVERAGE_FILE_NAME }}"
 
   config:
+    if: ${{ github.event_name != 'schedule' }}
     name: Check GoReleaser config
-    if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Check GoReleaser
         uses: goreleaser/goreleaser-action@v6

.github/workflows/publish.yaml

@@ -0,0 +1,145 @@
+name: Publish
+
+run-name: Publish by @${{ github.actor }}
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - 'v0.*'
+
+env:
+  GO_VERSION: "1.25"
+  CODE_COVERAGE_FILE_NAME: "coverage.out" # must be the same as in Makefile
+  CODE_COVERAGE_ARTIFACT_NAME: "code-coverage"
+
+jobs:
+  config:
+    name: Check GoReleaser config
+    if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Check GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          args: check
+
+  publish:
+    name: "Publish provider"
+    if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
+    needs: config
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read        # Required to identify workflow run.
+      checks: write        # Required to add status summary.
+      contents: read       # Required to checkout repository.
+      pull-requests: write # Required to add PR comment.
+    steps:
+      - name: Install needed tools
+        run: |
+          apt-get -y -qq update
+          apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget
+
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Install go tools
+        run: |
+          go install golang.org/x/tools/cmd/goimports@latest
+          go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest
+          go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest
+
+      - name: Setup JAVA
+        uses: actions/setup-java@v5
+        with:
+          distribution: 'temurin' # See 'Supported distributions' for available options
+          java-version: '21'
+
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Run build pkg directory
+        run: |
+          set -e
+          mkdir -p generated/services
+          mkdir -p generated/internal/services
+          go run cmd/main.go build
+
+      - name: Set up s3cfg
+        run: |
+          cat <<'EOF' >> ~/.s3cfg
+          [default]
+          host_base = https://object.storage.eu01.onstackit.cloud
+          host_bucket = https://%(bucket).object.storage.eu01.onstackit.cloud
+          check_ssl_certificate = False
+          access_key = ${{ secrets.S3_ACCESS_KEY }}
+          secret_key = ${{ secrets.S3_SECRET_KEY }}
+          EOF
+
+      - name: Import GPG key
+        run: |
+          echo "${{ secrets.PRIVATE_KEY_PEM }}" > ~/private.key.pem
+          gpg --import ~/private.key.pem
+          rm ~/private.key.pem
+
+      - name: Run GoReleaser with SNAPSHOT
+        if: github.event_name == 'workflow_dispatch'
+        id: goreleaser
+        env:
+          GITHUB_TOKEN: ${{ env.FORGEJO_TOKEN }}
+          GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          args: release --skip publish --clean --snapshot
+
+      - name: Run GoReleaser
+        if: github.event_name != 'workflow_dispatch'
+        id: goreleaser
+        env:
+          GITHUB_TOKEN: ${{ env.FORGEJO_TOKEN }}
+          GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          args: release --skip publish --clean
+
+      - name: Prepare key file
+        run: |
+          echo "${{ secrets.PUBLIC_KEY_PEM }}" >public_key.pem
+
+      - name: Prepare provider directory structure
+        run: |
+          VERSION=$(jq -r .version < dist/metadata.json)
+          go run cmd/main.go \
+            publish \
+              --namespace=mhenselin \
+              --providerName=stackitprivatepreview \
+              --repoName=terraform-provider-stackitprivatepreview \
+              --domain=tfregistry.sysops.stackit.rocks \
+              --gpgFingerprint="${{ secrets.GPG_FINGERPRINT }}" \
+              --gpgPubKeyFile=public_key.pem \
+              --version=${VERSION}
+
+      - name: Publish provider to S3
+        run: |
+          set -e
+          cd release/
+          s3cmd put --recursive v1 s3://terraform-provider-privatepreview/
+          s3cmd put --recursive .well-known s3://terraform-provider-privatepreview/
+
+      - name: Import SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.DOCS_UPLOAD_SSH_KEY }}" > ~/.ssh/id_ed25519
+          chmod 0600 ~/.ssh/id_ed25519
+
+      - name: Upload docs via scp
+        run: |
+          set -e
+          ssh -o StrictHostKeyChecking=no ubuntu@${{ vars.DOCS_SERVER_IP }} 'rm -rf /srv/www/docs'
+          echo "${{ github.ref_name }}" >docs/_version.txt
+          scp -o StrictHostKeyChecking=no -r docs ubuntu@${{ vars.DOCS_SERVER_IP }}:/srv/www/

.github/workflows/release.yaml

@@ -4,9 +4,9 @@ name: Release
 # This GitHub action creates a release when a tag that matches the pattern
 # "v*" (e.g. v0.1.0) is created.
 on:
-  push:
-    tags:
-      - "v*"
+#  push:
+#    tags:
+#      - "v*"
   workflow_dispatch:
 
 # Releases need permissions to read and write the repository contents.
@@ -18,7 +18,7 @@ jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           # Allow goreleaser to access older tag information.
           fetch-depth: 0

.github/workflows/renovate.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Self-hosted Renovate
         uses: renovatebot/github-action@v41.0.0
         with:

.github/workflows/runnerstats.yaml

@@ -0,0 +1,29 @@
+name: Runner stats
+
+on:
+  workflow_dispatch:
+
+jobs:
+  stats-own:
+    name: "Get own runner stats"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install needed tools
+        run: |
+          apt-get -y -qq update
+          apt-get -y -qq install inxi
+
+      - name: Show stats
+        run: inxi -c 0
+
+  stats-stackit:
+    name: "Get STACKIT runner stats"
+    runs-on: stackit-docker
+    steps:
+      - name: Install needed tools
+        run: |
+          apt-get -y -qq update
+          apt-get -y -qq install inxi
+
+      - name: Show stats
+        run: inxi -c 0

.github/workflows/tf-acc-test.yaml

@@ -7,21 +7,17 @@ on:
   workflow_dispatch:
 
 jobs:
-  main:
+  acc_test:
     name: Acceptance Tests
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
-      - name: Install project tools and dependencies
-        run: make project-tools
-      - name: Run tests
-        run: |
-          make test-acceptance-tf TF_ACC_PROJECT_ID=$${{ secrets.TF_ACC_PROJECT_ID }} TF_ACC_ORGANIZATION_ID=$${{ secrets.TF_ACC_ORGANIZATION_ID }} TF_ACC_REGION="eu01"
-        env:
-          STACKIT_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TF_ACC_SERVICE_ACCOUNT_TOKEN }}
-          TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL: ${{ secrets.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL }}
-          TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN }}
-          TF_ACC_TEST_PROJECT_PARENT_CONTAINER_ID: ${{ secrets.TF_ACC_TEST_PROJECT_PARENT_CONTAINER_ID }}
-          TF_ACC_TEST_PROJECT_PARENT_UUID: ${{ secrets.TF_ACC_TEST_PROJECT_PARENT_UUID }}
-          TF_ACC_TEST_PROJECT_USER_EMAIL: ${{ secrets.TF_ACC_TEST_PROJECT_USER_EMAIL }}
+        uses: actions/checkout@v6
+
+      - name: Run Test
+        uses: ./.github/actions/acc_test
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          project_id: ${{ vars.TEST_PROJECT_ID }}
+          region: 'eu01'
+          service_account_json: ${{ secrets.TF_ACC_SERVICE_ACCOUNT_JSON }}

.gitignore

@@ -15,9 +15,9 @@ bin/
 **/terraform.tfstate**
 .terraform.lock.hcl
 .terraform.tfstate.lock.info
-main.tf
-example.tf
-index.tf
+**/config.tfrc
+**/variables.tf
+**/service_account.json
 
 # Test binary, built with `go test -c`
 *.test
@@ -38,3 +38,13 @@ stackit/internal/services/iaas/test-512k.img
 # Test coverage reports
 coverage.out
 coverage.html
+generated
+stackit-sdk-generator
+dist
+
+.secrets
+
+pkg_gen
+/release/
+.env
+**/.env

.goreleaser.yaml

@@ -1,10 +1,12 @@
-# Copyright (c) HashiCorp, Inc.
+# Copyright (c) STACKIT
 # SPDX-License-Identifier: MPL-2.0
 
 # Visit https://goreleaser.com for documentation on how to customize this
 # behavior.
 version: 2
 
+project_name: terraform-provider-stackitprivatepreview
+
 builds:
 - env:
     # goreleaser does not work with CGO, it could also complicate
@@ -29,14 +31,16 @@ builds:
   ignore:
     - goos: darwin
       goarch: '386'
+    - goos: windows
+      goarch: arm
   binary: '{{ .ProjectName }}_v{{ .Version }}'
 archives:
 - formats: [ 'zip' ]
   name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
 checksum:
-  extra_files:
-    - glob: 'terraform-registry-manifest.json'
-      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+#  extra_files:
+#    - glob: 'terraform-registry-manifest.json'
+#      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
   name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
   algorithm: sha256
 signs:

Makefile

@@ -1,5 +1,6 @@
 ROOT_DIR              ?= $(shell git rev-parse --show-toplevel)
 SCRIPTS_BASE          ?= $(ROOT_DIR)/scripts
+VERSION               ?= ${VER}
 
 # SETUP AND TOOL INITIALIZATION TASKS
 project-help:
@@ -11,9 +12,10 @@ project-tools:
 # LINT
 lint-golangci-lint:
 	@echo "Linting with golangci-lint"
-	@$(SCRIPTS_BASE)/lint-golangci-lint.sh
+	@go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint run --fix --config golang-ci.yaml
 
-lint-tf: 
+
+lint-tf:
 	@echo "Linting terraform files"
 	@terraform fmt -check -diff -recursive
 
@@ -22,10 +24,11 @@ lint: lint-golangci-lint lint-tf
 # DOCUMENTATION GENERATION
 generate-docs:
 	@echo "Generating documentation with tfplugindocs"
+
 	@$(SCRIPTS_BASE)/tfplugindocs.sh
 
 build:
-	@go build -o bin/terraform-provider-stackit
+	@go build -o bin/terraform-provider-stackitprivatepreview
 
 fmt:
 	@gofmt -s -w .
@@ -33,15 +36,16 @@ fmt:
 	@terraform fmt -diff -recursive
 
 # TEST
+.PHONY: test coverage
 test:
 	@echo "Running tests for the terraform provider"
-	@cd $(ROOT_DIR)/stackit && go test ./... -count=1 -coverprofile=coverage.out && cd $(ROOT_DIR)
+	@cd $(ROOT_DIR)/stackit && go test -timeout 0 ./... -count=1 -coverprofile=../coverage.out && cd $(ROOT_DIR)
 
 # Test coverage
 coverage:
 	@echo ">> Creating test coverage report for the terraform provider"
-	@cd $(ROOT_DIR)/stackit && (go test ./... -count=1 -coverprofile=coverage.out || true) && cd $(ROOT_DIR)
-	@cd $(ROOT_DIR)/stackit && go tool cover -html=coverage.out -o coverage.html && cd $(ROOT_DIR)
+	@cd $(ROOT_DIR)/stackit && (go test -timeout 0 ./... -count=1 -coverprofile=../coverage.out || true) && cd $(ROOT_DIR)
+	@cd $(ROOT_DIR)/stackit && go tool cover -html=../coverage.out -o ../coverage.html && cd $(ROOT_DIR)
 
 test-acceptance-tf:
 	@if [ -z $(TF_ACC_PROJECT_ID) ]; then echo "Input TF_ACC_PROJECT_ID missing"; exit 1; fi
@@ -57,3 +61,11 @@ test-acceptance-tf:
 	TF_ACC_REGION=$(TF_ACC_REGION) \
 	go test ./... -count=1 -timeout=30m && \
 	cd $(ROOT_DIR)
+
+publish: build
+ifeq ($(strip $(VERSION)),)
+	@echo "please call like this: VER=0.1.0 make publish"
+else
+	@echo "version: $(VERSION)"
+endif
+

README.md

@@ -1,15 +1,14 @@
 <div align="center">
-<br>
 <img src=".github/images/stackit-logo.svg" alt="STACKIT logo" width="50%"/>
-<br>
-<br>
 </div>
 
-# STACKIT Terraform Provider
+# STACKIT Terraform Provider <br />(PRIVATE PREVIEW)
 
-[![Go Report Card](https://goreportcard.com/badge/github.com/stackitcloud/terraform-provider-stackit)](https://goreportcard.com/report/github.com/stackitcloud/terraform-provider-stackit) [![GitHub Release](https://img.shields.io/github/v/release/stackitcloud/terraform-provider-stackit)](https://registry.terraform.io/providers/stackitcloud/stackit/latest) ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/stackitcloud/terraform-provider-stackit) [![GitHub License](https://img.shields.io/github/license/stackitcloud/terraform-provider-stackit)](https://www.apache.org/licenses/LICENSE-2.0)
+[![GitHub Release](https://img.shields.io/github/v/release/stackitcloud/terraform-provider-stackit)](https://registry.terraform.io/providers/stackitcloud/stackit/latest) ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/stackitcloud/terraform-provider-stackit) [![GitHub License](https://img.shields.io/github/license/stackitcloud/terraform-provider-stackit)](https://www.apache.org/licenses/LICENSE-2.0)
 
-This project is the official [Terraform Provider](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs) for [STACKIT](https://www.stackit.de/en/), which allows you to manage STACKIT resources through Terraform.
+This project is the **NOT** official [Terraform Provider](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs) for [STACKIT](https://www.stackit.de/en/)!
+
+This a **private preview only**, which allows you to manage STACKIT resources through Terraform.
 
 ## Getting Started
 
@@ -18,20 +17,22 @@ To install the [STACKIT Terraform Provider](https://registry.terraform.io/provid
 ```hcl
 terraform {
   required_providers {
-    stackit = {
-      source = "stackitcloud/stackit"
-      version = "X.X.X"
+    stackitprivatepreview = {
+      source  = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview"
+      version = "= 0.0.5-alpha"
     }
   }
 }
 
-provider "stackit" {
+provider "stackitprivatepreview" {
   # Configuration options
 }
 ```
 
 Check one of the examples in the [examples](examples/) folder.
 
+<big font-size="3rem">TODO: revise the following sections</big>
+
 ## Authentication
 
 To authenticate, you will need a [service account](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/). Create it in the [STACKIT Portal](https://portal.stackit.cloud/) and assign the necessary permissions to it, e.g. `project.owner`. There are multiple ways to authenticate:

cmd/cmd/build/copy.go

@@ -0,0 +1,131 @@
+package build
+
+import (
+	"fmt"
+	"io"
+	"log/slog"
+	"os"
+	"path/filepath"
+	"syscall"
+)
+
+// Source - https://stackoverflow.com/a
+// Posted by Oleg Neumyvakin, modified by community. See post 'Timeline' for change history
+// Retrieved 2026-01-20, License - CC BY-SA 4.0
+
+func CopyDirectory(scrDir, dest string) error {
+	entries, err := os.ReadDir(scrDir)
+	if err != nil {
+		return err
+	}
+	for _, entry := range entries {
+		sourcePath := filepath.Join(scrDir, entry.Name())
+		destPath := filepath.Join(dest, entry.Name())
+
+		fileInfo, err := os.Stat(sourcePath)
+		if err != nil {
+			return err
+		}
+
+		stat, ok := fileInfo.Sys().(*syscall.Stat_t)
+		if !ok {
+			return fmt.Errorf("failed to get raw syscall.Stat_t data for '%s'", sourcePath)
+		}
+
+		switch fileInfo.Mode() & os.ModeType {
+		case os.ModeDir:
+			if err := CreateIfNotExists(destPath, 0o755); err != nil {
+				return err
+			}
+			if err := CopyDirectory(sourcePath, destPath); err != nil {
+				return err
+			}
+		case os.ModeSymlink:
+			if err := CopySymLink(sourcePath, destPath); err != nil {
+				return err
+			}
+		default:
+			if err := Copy(sourcePath, destPath); err != nil {
+				return err
+			}
+		}
+
+		if err := os.Lchown(destPath, int(stat.Uid), int(stat.Gid)); err != nil {
+			return err
+		}
+
+		fInfo, err := entry.Info()
+		if err != nil {
+			return err
+		}
+
+		isSymlink := fInfo.Mode()&os.ModeSymlink != 0
+		if !isSymlink {
+			if err := os.Chmod(destPath, fInfo.Mode()); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func Copy(srcFile, dstFile string) error {
+	out, err := os.Create(dstFile)
+	if err != nil {
+		return err
+	}
+
+	defer func(out *os.File) {
+		err := out.Close()
+		if err != nil {
+			slog.Error("failed to close file", slog.Any("err", err))
+		}
+	}(out)
+
+	in, err := os.Open(srcFile)
+	if err != nil {
+		return err
+	}
+
+	defer func(in *os.File) {
+		err := in.Close()
+		if err != nil {
+			slog.Error("error closing destination file", slog.Any("err", err))
+		}
+	}(in)
+
+	_, err = io.Copy(out, in)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func Exists(filePath string) bool {
+	if _, err := os.Stat(filePath); os.IsNotExist(err) {
+		return false
+	}
+
+	return true
+}
+
+func CreateIfNotExists(dir string, perm os.FileMode) error {
+	if Exists(dir) {
+		return nil
+	}
+
+	if err := os.MkdirAll(dir, perm); err != nil {
+		return fmt.Errorf("failed to create directory: '%s', error: '%s'", dir, err.Error())
+	}
+
+	return nil
+}
+
+func CopySymLink(source, dest string) error {
+	link, err := os.Readlink(source)
+	if err != nil {
+		return err
+	}
+	return os.Symlink(link, dest)
+}

cmd/cmd/build/formats.go

@@ -0,0 +1,53 @@
+package build
+
+import (
+	"regexp"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+)
+
+// snakeLetters will match to the first letter and an underscore followed by a letter
+var snakeLetters = regexp.MustCompile("(^[a-z])|_[a-z0-9]")
+
+func ToPascalCase(in string) string {
+	inputSplit := strings.Split(in, ".")
+
+	var ucName string
+
+	for _, v := range inputSplit {
+		if len(v) < 1 {
+			continue
+		}
+
+		firstChar := v[0:1]
+		ucFirstChar := strings.ToUpper(firstChar)
+
+		if len(v) < 2 {
+			ucName += ucFirstChar
+			continue
+		}
+
+		ucName += ucFirstChar + v[1:]
+	}
+
+	return snakeLetters.ReplaceAllStringFunc(ucName, func(s string) string {
+		return strings.ToUpper(strings.ReplaceAll(s, "_", ""))
+	})
+}
+
+func ToCamelCase(in string) string {
+	pascal := ToPascalCase(in)
+
+	// Grab first rune and lower case it
+	firstLetter, size := utf8.DecodeRuneInString(pascal)
+	if firstLetter == utf8.RuneError && size <= 1 {
+		return pascal
+	}
+
+	return string(unicode.ToLower(firstLetter)) + pascal[size:]
+}
+
+func ValidateSnakeCase(in string) bool {
+	return snakeLetters.MatchString(string(in))
+}

cmd/cmd/build/templates/data_source_scaffold.gotmpl

@@ -0,0 +1,148 @@
+package {{.PackageName}}
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	"github.com/stackitcloud/stackit-sdk-go/core/config"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/conversion"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/core"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/utils"
+
+    {{.PackageName}}Pkg "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/pkg_gen/{{.PackageName}}"
+
+    {{.PackageName}}Gen "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/services/{{.PackageName}}/{{.NameSnake}}/datasources_gen"
+)
+
+var _ datasource.DataSource = (*{{.NameCamel}}DataSource)(nil)
+
+const errorPrefix = "[{{.PackageNamePascal}} - {{.NamePascal}}]"
+
+func New{{.NamePascal}}DataSource() datasource.DataSource {
+	return &{{.NameCamel}}DataSource{}
+}
+
+type dsModel struct {
+	{{.PackageName}}Gen.{{.NamePascal}}Model
+	TfId types.String `tfsdk:"id"`
+}
+
+type {{.NameCamel}}DataSource struct{
+	client       *{{.PackageName}}Pkg.APIClient
+	providerData core.ProviderData
+}
+
+func (d *{{.NameCamel}}DataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_{{.PackageName}}_{{.NameSnake}}"
+}
+
+func (d *{{.NameCamel}}DataSource) Schema(ctx context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = {{.PackageName}}Gen.{{.NamePascal}}DataSourceSchema(ctx)
+    resp.Schema.Attributes["id"] = schema.StringAttribute{
+        Computed:            true,
+        Description:         "The terraform internal identifier.",
+        MarkdownDescription: "The terraform internal identifier.",
+    }
+}
+
+// Configure adds the provider configured client to the data source.
+func (d *{{.NameCamel}}DataSource) Configure(
+	ctx context.Context,
+	req datasource.ConfigureRequest,
+	resp *datasource.ConfigureResponse,
+) {
+	var ok bool
+	d.providerData, ok = conversion.ParseProviderData(ctx, req.ProviderData, &resp.Diagnostics)
+	if !ok {
+		return
+	}
+
+	apiClientConfigOptions := []config.ConfigurationOption{
+		config.WithCustomAuth(d.providerData.RoundTripper),
+		utils.UserAgentConfigOption(d.providerData.Version),
+	}
+	if d.providerData.{{.PackageNamePascal}}CustomEndpoint != "" {
+		apiClientConfigOptions = append(
+			apiClientConfigOptions,
+			config.WithEndpoint(d.providerData.{{.PackageNamePascal}}CustomEndpoint),
+		)
+	} else {
+		apiClientConfigOptions = append(
+			apiClientConfigOptions,
+			config.WithRegion(d.providerData.GetRegion()),
+		)
+	}
+	apiClient, err := {{.PackageName}}Pkg.NewAPIClient(apiClientConfigOptions...)
+	if err != nil {
+		resp.Diagnostics.AddError(
+			"Error configuring API client",
+			fmt.Sprintf(
+				"Configuring client: %v. This is an error related to the provider configuration, not to the resource configuration",
+				err,
+			),
+		)
+		return
+	}
+	d.client = apiClient
+	tflog.Info(ctx, fmt.Sprintf("%s client configured", errorPrefix))
+}
+
+func (d *{{.NameCamel}}DataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data dsModel
+
+	// Read Terraform configuration data into the model
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = core.InitProviderContext(ctx)
+
+	projectId := data.ProjectId.ValueString()
+	region := d.providerData.GetRegionWithOverride(data.Region)
+	{{.NameCamel}}Id := data.{{.NamePascal}}Id.ValueString()
+
+	ctx = tflog.SetField(ctx, "project_id", projectId)
+	ctx = tflog.SetField(ctx, "region", region)
+
+	// TODO: implement needed fields
+	ctx = tflog.SetField(ctx, "{{.NameCamel}}_id", {{.NameCamel}}Id)
+
+    // TODO: refactor to correct implementation
+	{{.NameCamel}}Resp, err := d.client.Get{{.NamePascal}}Request(ctx, projectId, region, {{.NameCamel}}Id).Execute()
+	if err != nil {
+		utils.LogError(
+			ctx,
+			&resp.Diagnostics,
+			err,
+			"Reading {{.NameCamel}}",
+			fmt.Sprintf("{{.NameCamel}} with ID %q does not exist in project %q.", {{.NameCamel}}Id, projectId),
+			map[int]string{
+				http.StatusForbidden: fmt.Sprintf("Project with ID %q not found or forbidden access", projectId),
+			},
+		)
+		resp.State.RemoveResource(ctx)
+		return
+	}
+
+	ctx = core.LogResponse(ctx)
+
+
+	data.TfId = utils.BuildInternalTerraformId(projectId, region, ..)
+
+	// TODO: fill remaining fields
+{{- range .Fields }}
+    // data.{{.}} = types.Sometype(apiResponse.Get{{.}}())
+{{- end -}}
+
+	// Save data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+
+	tflog.Info(ctx, fmt.Sprintf("%s read successful", errorPrefix))
+}

cmd/cmd/build/templates/functions_scaffold.gotmpl

@@ -0,0 +1,98 @@
+package {{.PackageName}}
+
+import (
+	"context"
+	"fmt"
+	"math"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/conversion"
+
+	{{.PackageName}} "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/pkg_gen/{{.PackageName}}"
+	{{.PackageName}}ResGen "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/services/{{.PackageName}}/instance/resources_gen"
+)
+
+func mapResponseToModel(
+	ctx context.Context,
+	resp *{{.PackageName}}.Get{{.NamePascal}}Response,
+	m *{{.PackageName}}ResGen.{{.NamePascal}}Model,
+	tfDiags diag.Diagnostics,
+) error {
+    // TODO: complete and refactor
+	m.Id = types.StringValue(resp.GetId())
+
+    /*
+	sampleList, diags := types.ListValueFrom(ctx, types.StringType, resp.GetList())
+	tfDiags.Append(diags...)
+	if diags.HasError() {
+		return fmt.Errorf(
+			"error converting list response value",
+		)
+	}
+	sample, diags := {{.PackageName}}ResGen.NewSampleValue(
+		{{.PackageName}}ResGen.SampleValue{}.AttributeTypes(ctx),
+		map[string]attr.Value{
+			"field":     types.StringValue(string(resp.GetField())),
+		},
+	)
+	tfDiags.Append(diags...)
+	if diags.HasError() {
+		return fmt.Errorf(
+			"error converting sample response value",
+			"sample",
+			types.StringValue(string(resp.GetField())),
+		)
+	}
+	m.Sample = sample
+	*/
+	return nil
+}
+
+func handleEncryption(
+	m *{{.PackageName}}ResGen.{{.NamePascal}}Model,
+	resp *{{.PackageName}}.Get{{.NamePascal}}Response,
+) {{.PackageName}}ResGen.EncryptionValue {
+	if !resp.HasEncryption() ||
+		resp.Encryption == nil ||
+		resp.Encryption.KekKeyId == nil ||
+		resp.Encryption.KekKeyRingId == nil ||
+		resp.Encryption.KekKeyVersion == nil ||
+		resp.Encryption.ServiceAccount == nil {
+
+		if m.Encryption.IsNull() || m.Encryption.IsUnknown() {
+			return {{.PackageName}}ResGen.NewEncryptionValueNull()
+		}
+		return m.Encryption
+	}
+
+	enc := {{.PackageName}}ResGen.NewEncryptionValueNull()
+	if kVal, ok := resp.Encryption.GetKekKeyIdOk(); ok {
+		enc.KekKeyId = types.StringValue(kVal)
+	}
+	if kkVal, ok := resp.Encryption.GetKekKeyRingIdOk(); ok {
+		enc.KekKeyRingId = types.StringValue(kkVal)
+	}
+	if kkvVal, ok := resp.Encryption.GetKekKeyVersionOk(); ok {
+		enc.KekKeyVersion = types.StringValue(kkvVal)
+	}
+	if sa, ok := resp.Encryption.GetServiceAccountOk(); ok {
+		enc.ServiceAccount = types.StringValue(sa)
+	}
+	return enc
+}
+
+func toCreatePayload(
+	ctx context.Context,
+	model *{{.PackageName}}ResGen.{{.NamePascal}}Model,
+) (*{{.PackageName}}.Create{{.NamePascal}}RequestPayload, error) {
+	if model == nil {
+		return nil, fmt.Errorf("nil model")
+	}
+
+	return &{{.PackageName}}.Create{{.NamePascal}}RequestPayload{
+	    // TODO: fill fields
+	}, nil
+}

cmd/cmd/build/templates/provider_scaffold.gotmpl

@@ -0,0 +1,39 @@
+package {{.PackageName}}
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/provider"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+)
+
+var _ provider.Provider = (*{{.NameCamel}}Provider)(nil)
+
+func New() func() provider.Provider {
+	return func() provider.Provider {
+		return &{{.NameCamel}}Provider{}
+	}
+}
+
+type {{.NameCamel}}Provider struct{}
+
+func (p *{{.NameCamel}}Provider) Schema(ctx context.Context, req provider.SchemaRequest, resp *provider.SchemaResponse) {
+
+}
+
+func (p *{{.NameCamel}}Provider) Configure(ctx context.Context, req provider.ConfigureRequest, resp *provider.ConfigureResponse) {
+
+}
+
+func (p *{{.NameCamel}}Provider) Metadata(ctx context.Context, req provider.MetadataRequest, resp *provider.MetadataResponse) {
+	resp.TypeName = "{{.NameSnake}}"
+}
+
+func (p *{{.NameCamel}}Provider) DataSources(ctx context.Context) []func() datasource.DataSource {
+	return []func() datasource.DataSource{}
+}
+
+func (p *{{.NameCamel}}Provider) Resources(ctx context.Context) []func() resource.Resource {
+	return []func() resource.Resource{}
+}

cmd/cmd/build/templates/resource_scaffold.gotmpl

@@ -0,0 +1,429 @@
+package {{.PackageName}}
+
+import (
+	"context"
+	_ "embed"
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/identityschema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	"github.com/stackitcloud/stackit-sdk-go/core/config"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/conversion"
+
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/pkg_gen/{{.PackageName}}"
+
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/core"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/utils"
+
+	{{.PackageName}}ResGen "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/services/{{.PackageName}}/{{.NameSnake}}/resources_gen"
+)
+
+var (
+	_ resource.Resource                = &{{.NameCamel}}Resource{}
+	_ resource.ResourceWithConfigure   = &{{.NameCamel}}Resource{}
+	_ resource.ResourceWithImportState = &{{.NameCamel}}Resource{}
+	_ resource.ResourceWithModifyPlan  = &{{.NameCamel}}Resource{}
+	_ resource.ResourceWithIdentity    = &{{.NameCamel}}Resource{}
+)
+
+func New{{.NamePascal}}Resource() resource.Resource {
+	return &{{.NameCamel}}Resource{}
+}
+
+type {{.NameCamel}}Resource struct{
+	client       *{{.PackageName}}.APIClient
+	providerData core.ProviderData
+}
+
+// resourceModel represents the Terraform resource state
+type resourceModel = {{.PackageName}}.{{.NamePascal}}Model
+
+type {{.NamePascal}}ResourceIdentityModel struct {
+	ProjectID  types.String `tfsdk:"project_id"`
+	Region     types.String `tfsdk:"region"`
+	// TODO: implement further needed parts
+	{{.NamePascal}}ID types.String `tfsdk:"{{.NameSnake}}_id"`
+}
+
+// Metadata defines terraform resource name
+func (r *{{.NameCamel}}Resource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_{{.PackageName}}_{{.NameSnake}}"
+}
+
+//go:embed planModifiers.yaml
+var modifiersFileByte []byte
+
+// Schema loads the schema from generated files and adds plan modifiers
+func (r *{{.NameCamel}}Resource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+	schema = {{.PackageName}}ResGen.{{.NamePascal}}ResourceSchema(ctx)
+
+    fields, err := {{.PackageName}}Utils.ReadModifiersConfig(modifiersFileByte)
+    if err != nil {
+        resp.Diagnostics.AddError("error during read modifiers config file", err.Error())
+        return
+    }
+
+    err = {{.PackageName}}Utils.AddPlanModifiersToResourceSchema(fields, &schema)
+    if err != nil {
+        resp.Diagnostics.AddError("error adding plan modifiers", err.Error())
+        return
+    }
+    resp.Schema = schema
+}
+
+// IdentitySchema defines the identity schema
+func (r *instanceResource) IdentitySchema(_ context.Context, _ resource.IdentitySchemaRequest, resp *resource.IdentitySchemaResponse) {
+	resp.IdentitySchema = identityschema.Schema{
+		Attributes: map[string]identityschema.Attribute{
+			"project_id": identityschema.StringAttribute{
+				RequiredForImport: true, // must be set during import by the practitioner
+			},
+			"region": identityschema.StringAttribute{
+				RequiredForImport: true, // can be defaulted by the provider configuration
+			},
+			"instance_id": identityschema.StringAttribute{
+				RequiredForImport: true, // can be defaulted by the provider configuration
+			},
+			// TODO: implement remaining schema parts
+		},
+	}
+}
+
+// Configure adds the provider configured client to the resource.
+func (r *{{.NameCamel}}Resource) Configure(
+	ctx context.Context,
+	req resource.ConfigureRequest,
+	resp *resource.ConfigureResponse,
+) {
+	var ok bool
+	r.providerData, ok = conversion.ParseProviderData(ctx, req.ProviderData, &resp.Diagnostics)
+	if !ok {
+		return
+	}
+
+	apiClientConfigOptions := []config.ConfigurationOption{
+		config.WithCustomAuth(r.providerData.RoundTripper),
+		utils.UserAgentConfigOption(r.providerData.Version),
+	}
+	if r.providerData.{{.PackageNamePascal}}CustomEndpoint != "" {
+		apiClientConfigOptions = append(apiClientConfigOptions, config.WithEndpoint(r.providerData.{{.PackageName}}CustomEndpoint))
+	} else {
+		apiClientConfigOptions = append(apiClientConfigOptions, config.WithRegion(r.providerData.GetRegion()))
+	}
+	apiClient, err := {{.PackageName}}.NewAPIClient(apiClientConfigOptions...)
+	if err != nil {
+		resp.Diagnostics.AddError(
+		    "Error configuring API client",
+		    fmt.Sprintf(
+		        "Configuring client: %v. This is an error related to the provider configuration, not to the resource configuration",
+		        err,
+            ),
+        )
+		return
+	}
+	r.client = apiClient
+	tflog.Info(ctx, "{{.PackageName}}.{{.NamePascal}} client configured")
+}
+
+// ModifyPlan implements resource.ResourceWithModifyPlan.
+// Use the modifier to set the effective region in the current plan.
+func (r *{{.NameCamel}}Resource) ModifyPlan(
+	ctx context.Context,
+	req resource.ModifyPlanRequest,
+	resp *resource.ModifyPlanResponse,
+) { // nolint:gocritic // function signature required by Terraform
+
+	// skip initial empty configuration to avoid follow-up errors
+	if req.Config.Raw.IsNull() {
+		return
+	}
+	var configModel {{.PackageName}}ResGen.{{.NamePascal}}Model
+	resp.Diagnostics.Append(req.Config.Get(ctx, &configModel)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	if req.Plan.Raw.IsNull() {
+		return
+	}
+	var planModel {{.PackageName}}ResGen.{{.NamePascal}}Model
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &planModel)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	utils.AdaptRegion(ctx, configModel.Region, &planModel.Region, r.providerData.GetRegion(), resp)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	resp.Diagnostics.Append(resp.Plan.Set(ctx, planModel)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+}
+
+// Create creates a new resource
+func (r *{{.NameCamel}}Resource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var data {{.PackageName}}ResGen.{{.NamePascal}}Model
+
+	// Read Terraform plan data into the model
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = core.InitProviderContext(ctx)
+
+	projectId := data.ProjectId.ValueString()
+	region := data.Region.ValueString()
+	ctx = tflog.SetField(ctx, "project_id", projectId)
+	ctx = tflog.SetField(ctx, "region", region)
+	// TODO: add remaining fields
+
+	// TODO: Create API call logic
+	/*
+		// Generate API request body from model
+    	payload, err := toCreatePayload(ctx, &model)
+    	if err != nil {
+    		core.LogAndAddError(
+    			ctx,
+    			&resp.Diagnostics,
+    			"Error creating {{.NamePascal}}",
+    			fmt.Sprintf("Creating API payload: %v", err),
+    		)
+    		return
+    	}
+    	// Create new {{.NamePascal}}
+    	createResp, err := r.client.Create{{.NamePascal}}Request(
+    		ctx,
+    		projectId,
+    		region,
+    	).Create{{.NamePascal}}RequestPayload(*payload).Execute()
+    	if err != nil {
+    		core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating {{.NamePascal}}", fmt.Sprintf("Calling API: %v", err))
+    		return
+    	}
+
+    	ctx = core.LogResponse(ctx)
+
+    	{{.NamePascal}}Id := *createResp.Id
+    */
+
+	// Example data value setting
+	data.{{.NameCamel | ucfirst}}Id = types.StringValue("id-from-response")
+
+	// TODO: Set data returned by API in identity
+	identity := {{.NamePascal}}ResourceIdentityModel{
+		ProjectID:  types.StringValue(projectId),
+		Region:     types.StringValue(region),
+		// TODO: add missing values
+		{{.NamePascal}}ID: types.StringValue({{.NamePascal}}Id),
+	}
+	resp.Diagnostics.Append(resp.Identity.Set(ctx, identity)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// TODO: implement wait handler if needed
+	/*
+
+		waitResp, err := wait.Create{{.NamePascal}}WaitHandler(
+    		ctx,
+    		r.client,
+    		projectId,
+    		{{.NamePascal}}Id,
+    		region,
+    	).SetSleepBeforeWait(
+    		30 * time.Second,
+    	).SetTimeout(
+    		90 * time.Minute,
+    	).WaitWithContext(ctx)
+    	if err != nil {
+    		core.LogAndAddError(
+    			ctx,
+    			&resp.Diagnostics,
+    			"Error creating {{.NamePascal}}",
+    			fmt.Sprintf("{{.NamePascal}} creation waiting: %v", err),
+    		)
+    		return
+    	}
+
+    	if waitResp.Id == nil {
+    		core.LogAndAddError(
+    			ctx,
+    			&resp.Diagnostics,
+    			"Error creating {{.NamePascal}}",
+    			"{{.NamePascal}} creation waiting: returned id is nil",
+    		)
+    		return
+    	}
+
+    	// Map response body to schema
+    	err = mapResponseToModel(ctx, waitResp, &model, resp.Diagnostics)
+    	if err != nil {
+    		core.LogAndAddError(
+    			ctx,
+    			&resp.Diagnostics,
+    			"Error creating {{.NamePascal}}",
+    			fmt.Sprintf("Processing API payload: %v", err),
+    		)
+    		return
+    	}
+
+	*/
+
+	// Save data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+
+	tflog.Info(ctx, "{{.PackageName}}.{{.NamePascal}} created")
+}
+
+func (r *{{.NameCamel}}Resource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var data {{.PackageName}}ResGen.{{.NamePascal}}Model
+
+	// Read Terraform prior state data into the model
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Read identity data
+	var identityData {{.NamePascal}}ResourceIdentityModel
+	resp.Diagnostics.Append(req.Identity.Get(ctx, &identityData)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+
+	ctx = core.InitProviderContext(ctx)
+
+	projectId := identityData.ProjectID.ValueString()
+	region := identityData.Region.ValueString()
+	ctx = tflog.SetField(ctx, "project_id", projectId)
+	ctx = tflog.SetField(ctx, "region", region)
+
+	// TODO: Read API call logic
+
+	// Save updated data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+
+	// TODO: Set data returned by API in identity
+	identity := {{.NamePascal}}ResourceIdentityModel{
+		ProjectID:  types.StringValue(projectId),
+		Region:     types.StringValue(region),
+		// InstanceID: types.StringValue(instanceId),
+	}
+	resp.Diagnostics.Append(resp.Identity.Set(ctx, identity)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Info(ctx, "{{.PackageName}}.{{.NamePascal}} read")
+}
+
+func (r *{{.NameCamel}}Resource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	var data {{.PackageName}}ResGen.{{.NamePascal}}Model
+
+	// Read Terraform prior state data into the model
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = core.InitProviderContext(ctx)
+
+	projectId := data.ProjectId.ValueString()
+	region := data.Region.ValueString()
+	ctx = tflog.SetField(ctx, "project_id", projectId)
+	ctx = tflog.SetField(ctx, "region", region)
+
+	// TODO: Update API call logic
+
+	// TODO: Set data returned by API in identity
+	identity := {{.NamePascal}}ResourceIdentityModel{
+		ProjectID:  types.StringValue(projectId),
+		Region:     types.StringValue(region),
+		// TODO: add missing values
+		{{.NamePascal}}ID: types.StringValue({{.NamePascal}}Id),
+	}
+	resp.Diagnostics.Append(resp.Identity.Set(ctx, identity)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Save updated data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+
+	tflog.Info(ctx, "{{.PackageName}}.{{.NamePascal}} updated")
+}
+
+func (r *{{.NameCamel}}Resource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	var data {{.PackageName}}ResGen.{{.NamePascal}}Model
+
+	// Read Terraform prior state data into the model
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Read identity data
+	var identityData {{.NamePascal}}ResourceIdentityModel
+	resp.Diagnostics.Append(req.Identity.Get(ctx, &identityData)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+
+	ctx = core.InitProviderContext(ctx)
+
+	projectId := identityData.ProjectID.ValueString()
+	region := identityData.Region.ValueString()
+	ctx = tflog.SetField(ctx, "project_id", projectId)
+	ctx = tflog.SetField(ctx, "region", region)
+
+	// TODO: Delete API call logic
+
+	tflog.Info(ctx, "{{.PackageName}}.{{.NamePascal}} deleted")
+}
+
+// ImportState imports a resource into the Terraform state on success.
+// The expected format of the resource import identifier is: project_id,zone_id,record_set_id
+func (r *{{.NameCamel}}Resource) ImportState(
+	ctx context.Context,
+	req resource.ImportStateRequest,
+	resp *resource.ImportStateResponse,
+) {
+	idParts := strings.Split(req.ID, core.Separator)
+
+	// TODO: Import logic
+	// TODO: fix len and parts itself
+	if len(idParts) < 2 || idParts[0] == "" || idParts[1] == "" {
+		core.LogAndAddError(
+			ctx, &resp.Diagnostics,
+			"Error importing database",
+			fmt.Sprintf(
+				"Expected import identifier with format [project_id],[region],..., got %q",
+				req.ID,
+			),
+		)
+		return
+	}
+
+	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("project_id"), idParts[0])...)
+	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("region"), idParts[1])...)
+	// ... more ...
+
+	core.LogAndAddWarning(
+		ctx,
+		&resp.Diagnostics,
+		"{{.PackageName | ucfirst}} database imported with empty password",
+		"The database password is not imported as it is only available upon creation of a new database. The password field will be empty.",
+	)
+	tflog.Info(ctx, "{{.PackageName | ucfirst}} {{.NameCamel}} state imported")
+}

cmd/cmd/build/templates/util.gotmpl

@@ -0,0 +1,47 @@
+package utils
+
+import (
+	"context"
+	"fmt"
+
+	{{.PackageName}} "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/pkg_gen/{{.PackageName}}"
+
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/stackitcloud/stackit-sdk-go/core/config"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/core"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/utils"
+)
+
+func ConfigureClient(
+	ctx context.Context,
+	providerData *core.ProviderData,
+	diags *diag.Diagnostics,
+) *{{.PackageName}}.APIClient {
+	apiClientConfigOptions := []config.ConfigurationOption{
+		config.WithCustomAuth(providerData.RoundTripper),
+		utils.UserAgentConfigOption(providerData.Version),
+	}
+	if providerData.{{.PackageName}}CustomEndpoint != "" {
+		apiClientConfigOptions = append(
+			apiClientConfigOptions,
+			config.WithEndpoint(providerData.{{.PackageName}}CustomEndpoint),
+		)
+	} else {
+		apiClientConfigOptions = append(apiClientConfigOptions, config.WithRegion(providerData.GetRegion()))
+	}
+	apiClient, err := {{.PackageName}}.NewAPIClient(apiClientConfigOptions...)
+	if err != nil {
+		core.LogAndAddError(
+			ctx,
+			diags,
+			"Error configuring API client",
+			fmt.Sprintf(
+				"Configuring client: %v. This is an error related to the provider configuration, not to the resource configuration",
+				err,
+			),
+		)
+		return nil
+	}
+
+	return apiClient
+}

cmd/cmd/build/templates/util_test.gotmpl

@@ -0,0 +1,97 @@
+package utils
+
+import (
+	"context"
+	"os"
+	"reflect"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	sdkClients "github.com/stackitcloud/stackit-sdk-go/core/clients"
+	"github.com/stackitcloud/stackit-sdk-go/core/config"
+	{{.PackageName}} "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/pkg_gen/{{.PackageName}}"
+
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/core"
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/utils"
+)
+
+const (
+	testVersion        = "1.2.3"
+	testCustomEndpoint = "https://sqlserverflex-custom-endpoint.api.stackit.cloud"
+)
+
+func TestConfigureClient(t *testing.T) {
+	/* mock authentication by setting service account token env variable */
+	os.Clearenv()
+	err := os.Setenv(sdkClients.ServiceAccountToken, "mock-val")
+	if err != nil {
+		t.Errorf("error setting env variable: %v", err)
+	}
+
+	type args struct {
+		providerData *core.ProviderData
+	}
+	tests := []struct {
+		name     string
+		args     args
+		wantErr  bool
+		expected *sqlserverflex.APIClient
+	}{
+		{
+			name: "default endpoint",
+			args: args{
+				providerData: &core.ProviderData{
+					Version: testVersion,
+				},
+			},
+			expected: func() *sqlserverflex.APIClient {
+				apiClient, err := sqlserverflex.NewAPIClient(
+					config.WithRegion("eu01"),
+					utils.UserAgentConfigOption(testVersion),
+				)
+				if err != nil {
+					t.Errorf("error configuring client: %v", err)
+				}
+				return apiClient
+			}(),
+			wantErr: false,
+		},
+		{
+			name: "custom endpoint",
+			args: args{
+				providerData: &core.ProviderData{
+					Version:                     testVersion,
+					SQLServerFlexCustomEndpoint: testCustomEndpoint,
+				},
+			},
+			expected: func() *sqlserverflex.APIClient {
+				apiClient, err := sqlserverflex.NewAPIClient(
+					utils.UserAgentConfigOption(testVersion),
+					config.WithEndpoint(testCustomEndpoint),
+				)
+				if err != nil {
+					t.Errorf("error configuring client: %v", err)
+				}
+				return apiClient
+			}(),
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(
+			tt.name, func(t *testing.T) {
+				ctx := context.Background()
+				diags := diag.Diagnostics{}
+
+				actual := ConfigureClient(ctx, tt.args.providerData, &diags)
+				if diags.HasError() != tt.wantErr {
+					t.Errorf("ConfigureClient() error = %v, want %v", diags.HasError(), tt.wantErr)
+				}
+
+				if !reflect.DeepEqual(actual, tt.expected) {
+					t.Errorf("ConfigureClient() = %v, want %v", actual, tt.expected)
+				}
+			},
+		)
+	}
+}

cmd/cmd/buildCmd.go

@@ -0,0 +1,37 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/cmd/cmd/build"
+)
+
+var (
+	skipCleanup  bool
+	skipClone    bool
+	packagesOnly bool
+)
+
+var buildCmd = &cobra.Command{
+	Use:   "build",
+	Short: "Build the necessary boilerplate",
+	Long:  `...`,
+	RunE: func(_ *cobra.Command, _ []string) error {
+		b := build.Builder{
+			SkipClone:    skipClone,
+			SkipCleanup:  skipCleanup,
+			PackagesOnly: packagesOnly,
+		}
+		return b.Build()
+	},
+}
+
+func NewBuildCmd() *cobra.Command {
+	return buildCmd
+}
+
+func init() { //nolint:gochecknoinits // This is the standard way to set up Cobra commands
+	buildCmd.Flags().BoolVarP(&skipCleanup, "skip-clean", "c", false, "Skip cleanup steps")
+	buildCmd.Flags().BoolVarP(&skipClone, "skip-clone", "g", false, "Skip cloning from git")
+	buildCmd.Flags().BoolVarP(&packagesOnly, "packages-only", "p", false, "Only generate packages")
+}

cmd/cmd/examplesCmd.go

@@ -0,0 +1,114 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"path"
+
+	"github.com/spf13/cobra"
+)
+
+var examplesCmd = &cobra.Command{
+	Use:   "examples",
+	Short: "create examples",
+	Long:  `...`,
+	RunE: func(_ *cobra.Command, _ []string) error {
+		// filePathStr := "stackit/internal/services/postgresflexalpha/database/datasources_gen/database_data_source_gen.go"
+		//
+		// src, err := os.ReadFile(filePathStr)
+		// if err != nil {
+		//	return err
+		//}
+		//
+		// i := interp.New(
+		//	interp.Options{
+		//		GoPath:               "/home/henselinm/.asdf/installs/golang/1.25.6/packages",
+		//		BuildTags:            nil,
+		//		Stdin:                nil,
+		//		Stdout:               nil,
+		//		Stderr:               nil,
+		//		Args:                 nil,
+		//		Env:                  nil,
+		//		SourcecodeFilesystem: nil,
+		//		Unrestricted:         false,
+		//	},
+		//)
+		// err = i.Use(i.Symbols("github.com/hashicorp/terraform-plugin-framework-validators"))
+		// if err != nil {
+		//	return err
+		//}
+		// err = i.Use(stdlib.Symbols)
+		// if err != nil {
+		//	return err
+		//}
+		// _, err = i.Eval(string(src))
+		// if err != nil {
+		//	return err
+		//}
+		//
+		// v, err := i.Eval("DatabaseDataSourceSchema")
+		// if err != nil {
+		//	return err
+		//}
+		//
+		// bar := v.Interface().(func(string) string)
+		//
+		// r := bar("Kung")
+		// println(r)
+		//
+		// evalPath, err := i.EvalPath(filePathStr)
+		// if err != nil {
+		//	return err
+		//}
+		//
+		// fmt.Printf("%+v\n", evalPath)
+
+		// _, err = i.Eval(`import "fmt"`)
+		// if err != nil {
+		//	return err
+		//}
+		// _, err = i.Eval(`func Hallo() { fmt.Println("Hi!") }`)
+		// if err != nil {
+		//	return err
+		//}
+
+		// v = i.Symbols("Hallo")
+
+		// fmt.Println(v)
+		return workServices()
+	},
+}
+
+func workServices() error {
+	startPath := path.Join("stackit", "internal", "services")
+
+	services, err := os.ReadDir(startPath)
+	if err != nil {
+		return err
+	}
+
+	for _, entry := range services {
+		if !entry.IsDir() {
+			continue
+		}
+		resources, err := os.ReadDir(path.Join(startPath, entry.Name()))
+		if err != nil {
+			return err
+		}
+		for _, res := range resources {
+			if !res.IsDir() {
+				continue
+			}
+			fmt.Println("Gefunden:", startPath, "subdir", entry.Name(), "resource", res.Name())
+		}
+	}
+	return nil
+}
+
+func NewExamplesCmd() *cobra.Command {
+	return examplesCmd
+}
+
+// func init() { // nolint: gochecknoinits
+//	examplesCmd.Flags().BoolVarP(&example, "example", "e", false, "example")
+//}

cmd/cmd/getFieldsCmd.go

@@ -0,0 +1,148 @@
+package cmd
+
+import (
+	"fmt"
+	"go/ast"
+	"go/parser"
+	"go/token"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"github.com/spf13/cobra"
+)
+
+var (
+	inFile   string
+	svcName  string
+	resName  string
+	resType  string
+	filePath string
+)
+
+var getFieldsCmd = &cobra.Command{
+	Use:   "get-fields",
+	Short: "get fields from file",
+	Long:  `...`,
+	PreRunE: func(_ *cobra.Command, _ []string) error {
+		typeStr := "data_source"
+		if resType != "resource" && resType != "datasource" {
+			return fmt.Errorf("--type can only be resource or datasource")
+		}
+
+		if resType == "resource" {
+			typeStr = resType
+		}
+
+		if inFile == "" && svcName == "" && resName == "" {
+			return fmt.Errorf("--infile or --service and --resource must be provided")
+		}
+
+		if inFile != "" {
+			if svcName != "" || resName != "" {
+				return fmt.Errorf("--infile is provided and excludes --service and --resource")
+			}
+			p, err := filepath.Abs(inFile)
+			if err != nil {
+				return err
+			}
+			filePath = p
+			return nil
+		}
+
+		if svcName != "" && resName == "" {
+			return fmt.Errorf("if --service is provided, you MUST also provide --resource")
+		}
+
+		if svcName == "" && resName != "" {
+			return fmt.Errorf("if --resource is provided, you MUST also provide --service")
+		}
+
+		p, err := filepath.Abs(
+			path.Join(
+				"stackit",
+				"internal",
+				"services",
+				svcName,
+				resName,
+				fmt.Sprintf("%ss_gen", resType),
+				fmt.Sprintf("%s_%s_gen.go", resName, typeStr),
+			),
+		)
+		if err != nil {
+			return err
+		}
+		filePath = p
+
+		//// Enum check
+		// switch format {
+		// case "json", "yaml":
+		//default:
+		//	return fmt.Errorf("invalid --format: %s (want json|yaml)", format)
+		//}
+		return nil
+	},
+	RunE: func(_ *cobra.Command, _ []string) error {
+		return getFields(filePath)
+	},
+}
+
+func getFields(f string) error {
+	tokens, err := getTokens(f)
+	if err != nil {
+		return err
+	}
+	for _, item := range tokens {
+		fmt.Printf("%s \n", item)
+	}
+	return nil
+}
+
+func getTokens(fileName string) ([]string, error) {
+	fset := token.NewFileSet()
+	var result []string
+
+	node, err := parser.ParseFile(fset, fileName, nil, parser.ParseComments)
+	if err != nil {
+		return nil, err
+	}
+
+	ast.Inspect(
+		node, func(n ast.Node) bool {
+			// Suche nach Typ-Deklarationen (structs)
+			ts, ok := n.(*ast.TypeSpec)
+			if ok {
+				if strings.Contains(ts.Name.Name, "Model") {
+					ast.Inspect(
+						ts, func(sn ast.Node) bool {
+							tts, tok := sn.(*ast.Field)
+							if tok {
+								result = append(result, tts.Names[0].String())
+							}
+							return true
+						},
+					)
+				}
+			}
+			return true
+		},
+	)
+	return result, nil
+}
+
+func NewGetFieldsCmd() *cobra.Command {
+	return getFieldsCmd
+}
+
+func init() { //nolint:gochecknoinits //this is the only way to add the command to the rootCmd
+	getFieldsCmd.Flags().StringVarP(&inFile, "infile", "i", "", "input filename incl path")
+	getFieldsCmd.Flags().StringVarP(&svcName, "service", "s", "", "service name")
+	getFieldsCmd.Flags().StringVarP(&resName, "resource", "r", "", "resource name")
+	getFieldsCmd.Flags().StringVarP(
+		&resType,
+		"type",
+		"t",
+		"resource",
+		"resource type (data-source or resource [default])",
+	)
+}

cmd/cmd/publish/architecture.go

@@ -0,0 +1,137 @@
+package publish
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/url"
+	"os"
+	"path"
+	"strings"
+)
+
+type Architecture struct {
+	Protocols           []string   `json:"protocols"`
+	OS                  string     `json:"os"`
+	Arch                string     `json:"arch"`
+	FileName            string     `json:"filename"`
+	DownloadUrl         string     `json:"download_url"`
+	ShaSumsUrl          string     `json:"shasums_url"`
+	ShaSumsSignatureUrl string     `json:"shasums_signature_url"`
+	ShaSum              string     `json:"shasum"`
+	SigningKeys         SigningKey `json:"signing_keys"`
+}
+
+type SigningKey struct {
+	GpgPublicKeys []GpgPublicKey `json:"gpg_public_keys"`
+}
+
+type GpgPublicKey struct {
+	KeyId          string `json:"key_id"`
+	AsciiArmor     string `json:"ascii_armor"`
+	TrustSignature string `json:"trust_signature"`
+	Source         string `json:"source"`
+	SourceUrl      string `json:"source_url"`
+}
+
+func (p *Provider) CreateArchitectureFiles() error {
+	log.Println("* Creating architecture files in target directories")
+
+	prefix := path.Join("v1", "providers", p.Namespace, p.Provider, p.Version)
+
+	pathPrefix := path.Join("release", prefix)
+
+	urlPrefix, err := url.JoinPath("https://", p.Domain, prefix)
+	if err != nil {
+		return fmt.Errorf("error creating base url: %w", err)
+	}
+
+	downloadUrlPrefix, err := url.JoinPath(urlPrefix, "download")
+	if err != nil {
+		return fmt.Errorf("error crearting download url: %w", err)
+	}
+	downloadPathPrefix := path.Join(pathPrefix, "download")
+
+	shasumsUrl, err := url.JoinPath(urlPrefix, fmt.Sprintf("%s_%s_SHA256SUMS", p.RepoName, p.Version))
+	if err != nil {
+		return fmt.Errorf("error creating shasums url: %w", err)
+	}
+	shasumsSigUrl := shasumsUrl + ".sig"
+
+	gpgAsciiPub, err := p.ReadGpgFile()
+	if err != nil {
+		return err
+	}
+
+	shaSums, err := p.GetShaSums()
+	if err != nil {
+		return err
+	}
+	for _, sum := range shaSums {
+		downloadUrl, err := url.JoinPath(downloadUrlPrefix, sum.Path)
+		if err != nil {
+			return fmt.Errorf("error creating url: %w", err)
+		}
+
+		// get os and arch from filename
+		removeFileExtension := strings.Split(sum.Path, ".zip")
+		fileNameSplit := strings.Split(removeFileExtension[0], "_")
+
+		// Get build target and architecture from the zip file name
+		target := fileNameSplit[2]
+		arch := fileNameSplit[3]
+
+		// build filepath
+		archFileName := path.Join(downloadPathPrefix, target, arch)
+
+		a := Architecture{
+			Protocols:           []string{"5.1", "6.0"},
+			OS:                  target,
+			Arch:                arch,
+			FileName:            sum.Path,
+			DownloadUrl:         downloadUrl,
+			ShaSumsUrl:          shasumsUrl,
+			ShaSumsSignatureUrl: shasumsSigUrl,
+			ShaSum:              sum.Sum,
+			SigningKeys:         SigningKey{},
+		}
+
+		a.SigningKeys = SigningKey{
+			GpgPublicKeys: []GpgPublicKey{
+				{
+					KeyId:          p.GpgFingerprint,
+					AsciiArmor:     gpgAsciiPub,
+					TrustSignature: "",
+					Source:         "",
+					SourceUrl:      "",
+				},
+			},
+		}
+
+		log.Printf("  - Arch file: %s", archFileName)
+
+		err = WriteArchitectureFile(archFileName, a)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func WriteArchitectureFile(filePath string, arch Architecture) error {
+	jsonString, err := json.Marshal(arch)
+	if err != nil {
+		return fmt.Errorf("error encoding data: %w", err)
+	}
+	//nolint:gosec // this file is not sensitive, so we can use os.ModePerm
+	err = os.WriteFile(
+		filePath,
+		jsonString,
+		os.ModePerm,
+	)
+	if err != nil {
+		return fmt.Errorf("error writing data: %w", err)
+	}
+	return nil
+}

cmd/cmd/publish/gpg.go

@@ -0,0 +1,14 @@
+package publish
+
+import (
+	"fmt"
+	"strings"
+)
+
+func (p *Provider) ReadGpgFile() (string, error) {
+	gpgFile, err := ReadFile(p.GpgPubKeyFile)
+	if err != nil {
+		return "", fmt.Errorf("error reading '%s' file: %w", p.GpgPubKeyFile, err)
+	}
+	return strings.Join(gpgFile, "\n"), nil
+}

cmd/cmd/publish/provider.go

@@ -0,0 +1,297 @@
+package publish
+
+import (
+	"bufio"
+	"errors"
+	"fmt"
+	"io"
+	"io/fs"
+	"log"
+	"log/slog"
+	"os"
+	"os/exec"
+	"path"
+	"strings"
+)
+
+type Provider struct {
+	RootPath       string
+	Namespace      string
+	Provider       string
+	DistPath       string
+	RepoName       string
+	Version        string
+	GpgFingerprint string
+	GpgPubKeyFile  string
+	Domain         string
+}
+
+func (p *Provider) GetRoot() error {
+	cmd := exec.Command("git", "rev-parse", "--show-toplevel")
+	out, err := cmd.Output()
+	if err != nil {
+		return err
+	}
+	lines := strings.Split(string(out), "\n")
+	p.RootPath = lines[0]
+	return nil
+}
+
+func (p *Provider) CreateV1Dir() error {
+	// Path to semantic version dir
+	versionPath := p.providerDirs()
+
+	// Files to create under v1/providers/[namespace]/[provider_name]
+	err := p.createVersionsFile()
+	if err != nil {
+		return fmt.Errorf("[CreateV1Dir] - create versions file:%w", err)
+	} // Creates version file one above download, which is why downloadPath isn't used
+
+	// Files/Directories to create under v1/providers/[namespace]/[provider_name]/[version]
+	err = p.copyShaFiles(versionPath)
+	if err != nil {
+		return fmt.Errorf("[CreateV1Dir] - copy sha files: %w", err)
+	}
+
+	log.Printf("* Creating download/ in %s directory", versionPath)
+	downloadsPath := path.Join(versionPath, "download")
+	err = CreateDir(downloadsPath)
+	if err != nil {
+		return err
+	}
+
+	// Create darwin, freebsd, linux, windows dirs
+	for _, v := range [4]string{"darwin", "freebsd", "linux", "windows"} {
+		err = CreateDir(path.Join(downloadsPath, v))
+		if err != nil {
+			return fmt.Errorf("error creating dir '%s': %w", path.Join(downloadsPath, v), err)
+		}
+	}
+
+	// Copy all zips
+	err = p.copyBuildZips(downloadsPath)
+	if err != nil {
+		return err
+	}
+
+	// Create all individual files for build targets and each architecture for the build targets
+	err = p.CreateArchitectureFiles()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (p *Provider) copyBuildZips(destPath string) error {
+	log.Println("* Copying build zips")
+
+	shaSums, err := p.GetShaSums()
+	if err != nil {
+		return err
+	}
+
+	// Loop through and copy each
+	for _, sum := range shaSums {
+		zipSrcPath := path.Join(p.DistPath, sum.Path)
+		zipDestPath := path.Join(destPath, sum.Path)
+
+		log.Printf("  - Zip Source: %s", zipSrcPath)
+		log.Printf("   - Zip Dest:  %s", zipDestPath)
+
+		// Copy the zip
+		_, err = CopyFile(zipSrcPath, zipDestPath)
+		if err != nil {
+			return fmt.Errorf("error copying file '%s': %w", zipSrcPath, err)
+		}
+	}
+
+	return nil
+}
+
+func (p *Provider) copyShaFiles(destPath string) error {
+	log.Printf("* Copying SHA files in %s directory", p.DistPath)
+
+	// Copy files from srcPath
+	shaSum := p.RepoName + "_" + p.Version + "_SHA256SUMS"
+	shaSumPath := path.Join(p.DistPath, shaSum)
+
+	// _SHA256SUMS file
+	_, err := CopyFile(shaSumPath, path.Join(destPath, shaSum))
+	if err != nil {
+		return err
+	}
+
+	// _SHA256SUMS.sig file
+	_, err = CopyFile(shaSumPath+".sig", path.Join(destPath, shaSum+".sig"))
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (p *Provider) createVersionsFile() error {
+	log.Println("* Writing to release/v1/providers/[namespace]/[repo]/versions file")
+
+	versionPath := path.Join("release", "v1", "providers", p.Namespace, p.Provider, "versions")
+
+	shasums, err := p.GetShaSums()
+	if err != nil {
+		return fmt.Errorf("error getting sha sums: %w", err)
+	}
+
+	// Build the versions file...
+	version := Version{
+		Version:   p.Version,
+		Protocols: []string{"5.1", "6.1"},
+		Platforms: nil,
+	}
+	for _, sum := range shasums {
+		// get os and arch from filename
+		removeFileExtension := strings.Split(sum.Path, ".zip")
+		if len(removeFileExtension) < 1 {
+			log.Fatalf("error: %s does not have .zip extension", sum.Path)
+		}
+		fileNameSplit := strings.Split(removeFileExtension[0], "_")
+		if len(fileNameSplit) < 4 {
+			log.Fatalf("filename does not match our regex: %s", removeFileExtension[0])
+		}
+
+		// Get build target and architecture from the zip file name
+		target := fileNameSplit[2]
+		arch := fileNameSplit[3]
+
+		version.Platforms = append(
+			version.Platforms, Platform{
+				OS:   target,
+				Arch: arch,
+			},
+		)
+	}
+
+	data := Data{}
+
+	downloadPath := path.Join(p.Domain, "v1", "providers", p.Namespace, p.Provider, "versions")
+	err = data.LoadFromUrl(fmt.Sprintf("https://%s", downloadPath))
+	if err != nil {
+		slog.Warn("error getting existing versions file, start with empty")
+		// TODO: create flag for first use or make it more robust
+		// return fmt.Errorf("error getting existing versions file: %w", err)
+	}
+
+	err = data.AddVersion(version)
+	if err != nil {
+		return fmt.Errorf("error appending version: %w", err)
+	}
+
+	err = data.WriteToFile(versionPath)
+	if err != nil {
+		return fmt.Errorf("error saving file '%s':%w", versionPath, err)
+	}
+
+	return nil
+}
+
+func (p *Provider) providerDirs() string {
+	log.Println("* Creating release/v1/providers/[namespace]/[provider]/[version] directories")
+
+	target := path.Join("release", "v1", "providers", p.Namespace, p.Provider, p.Version)
+
+	err := CreateDir(target)
+	if err != nil {
+		return ""
+	}
+	return target
+}
+
+func (p *Provider) CreateWellKnown() error {
+	log.Println("* Creating .well-known directory")
+	pathString := path.Join(p.RootPath, "release", ".well-known")
+
+	//nolint:gosec // this file is not sensitive, so we can use ModePerm
+	err := os.MkdirAll(pathString, os.ModePerm)
+	if err != nil && !errors.Is(err, fs.ErrExist) {
+		return fmt.Errorf("error creating '%s' dir: %w", pathString, err)
+	}
+
+	log.Println("  - Writing to .well-known/terraform.json file")
+
+	//nolint:gosec // this file is not sensitive, so we can use 0644
+	err = os.WriteFile(
+		fmt.Sprintf("%s/terraform.json", pathString),
+		[]byte(`{"providers.v1": "/v1/providers/"}`),
+		0o644,
+	)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func CreateDir(pathValue string) error {
+	log.Printf("* Creating %s directory", pathValue)
+	//nolint:gosec // this file is not sensitive, so we can use ModePerm
+	err := os.MkdirAll(pathValue, os.ModePerm)
+	if errors.Is(err, fs.ErrExist) {
+		return nil
+	}
+	return err
+}
+
+func ReadFile(filePath string) ([]string, error) {
+	rFile, err := os.Open(filePath)
+
+	if err != nil {
+		return nil, err
+	}
+	fileScanner := bufio.NewScanner(rFile)
+	fileScanner.Split(bufio.ScanLines)
+	var fileLines []string
+
+	for fileScanner.Scan() {
+		fileLines = append(fileLines, fileScanner.Text())
+	}
+
+	err = rFile.Close()
+	if err != nil {
+		return nil, err
+	}
+
+	return fileLines, nil
+}
+
+func CopyFile(src, dst string) (int64, error) {
+	sourceFileStat, err := os.Stat(src)
+	if err != nil {
+		return 0, err
+	}
+
+	if !sourceFileStat.Mode().IsRegular() {
+		return 0, fmt.Errorf("%s is not a regular file", src)
+	}
+
+	source, err := os.Open(src)
+	if err != nil {
+		return 0, err
+	}
+	defer func(source *os.File) {
+		err := source.Close()
+		if err != nil {
+			slog.Error("error closing source file", slog.Any("err", err))
+		}
+	}(source)
+
+	destination, err := os.Create(dst)
+	if err != nil {
+		return 0, err
+	}
+	defer func(destination *os.File) {
+		err := destination.Close()
+		if err != nil {
+			slog.Error("error closing destination file", slog.Any("err", err))
+		}
+	}(destination)
+	nBytes, err := io.Copy(destination, source)
+	return nBytes, err
+}

cmd/cmd/publish/shasums.go

@@ -0,0 +1,39 @@
+package publish
+
+import (
+	"log/slog"
+	"path"
+	"regexp"
+)
+
+func (p *Provider) GetShaSums() (ShaSums, error) {
+	return GetShaSumContents(p.DistPath, p.RepoName, p.Version)
+}
+
+type ShaSums []ShaSum
+type ShaSum struct {
+	Sum  string
+	Path string
+}
+
+func GetShaSumContents(distPath, repoName, version string) (ShaSums, error) {
+	shaSumFileName := repoName + "_" + version + "_SHA256SUMS"
+	shaSumPath := path.Join(distPath, shaSumFileName)
+
+	shaSumLine, err := ReadFile(shaSumPath)
+	if err != nil {
+		return nil, err
+	}
+
+	regEx := regexp.MustCompile(`([0-9a-fA-F]+)\s+(.+)`)
+	shaSums := ShaSums{}
+	for _, line := range shaSumLine {
+		matches := regEx.FindAllStringSubmatch(line, -1)
+		if len(matches) < 1 {
+			slog.Warn("unable to parse SHA sum line", "line", line)
+			continue
+		}
+		shaSums = append(shaSums, ShaSum{Sum: matches[0][1], Path: matches[0][2]})
+	}
+	return shaSums, nil
+}

cmd/cmd/publish/templates/Caddyfile

@@ -0,0 +1,38 @@
+{
+    log {
+            level debug
+        }
+
+
+    filesystem tf s3 {
+                         bucket "terraform-provider-privatepreview"
+                         region eu01
+                         endpoint https://object.storage.eu01.onstackit.cloud
+                         use_path_style
+                     }
+}
+
+tfregistry.sysops.stackit.rocks {
+    encode zstd gzip
+
+    handle_path /docs/* {
+                            root /srv/www
+                            templates
+
+                            @md {
+                                    file {path}
+                                    path *.md
+                                }
+
+                            rewrite @md /markdown.html
+
+                            file_server {
+                                            browse
+                                        }
+                        }
+
+    file_server {
+                    fs tf
+                    browse
+                }
+}

cmd/cmd/publish/templates/index.html.gompl

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html lang="de">
+<head>
+    <title>Forwarding | Weiterleitung</title>
+    <meta http-equiv="refresh" content="0; URL=index.md">
+</head>
+<body>
+<a href="index.md">Falls Sie nicht automatisch weitergeleitet werden, klicken Sie bitte hier.</a><br />
+Sie gelangen dann auf unsere Hauptseite
+</body>
+</html>

cmd/cmd/publish/templates/index.md.gompl

@@ -0,0 +1,34 @@
+---
+page_title: STACKIT provider PrivatePreview
+description: none
+---
+
+# provider
+[Provider](docs/index.md)
+
+## PostGreSQL alpha
+### data sources
+
+- [Flavor](docs/data-sources/postgresflexalpha_flavor.md)
+- [Database](docs/data-sources/postgresflexalpha_database.md)
+- [Instance](docs/data-sources/postgresflexalpha_instance.md)
+- [Flavors](docs/data-sources/postgresflexalpha_flavors.md)
+- [User](docs/data-sources/postgresflexalpha_user.md)
+
+### resources
+- [Database](docs/resources/postgresflexalpha_database.md)
+- [Instance](docs/resources/postgresflexalpha_instance.md)
+- [User](docs/resources/postgresflexalpha_user.md)
+
+## SQL Server alpha
+### data sources
+- [Database](docs/data-sources/sqlserverflexalpha_database.md)
+- [Version](docs/data-sources/sqlserverflexalpha_version.md)
+- [User](docs/data-sources/sqlserverflexalpha_user.md)
+- [Flavor](docs/data-sources/sqlserverflexalpha_flavor.md)
+- [Instance](docs/data-sources/sqlserverflexalpha_instance.md)
+
+### resources
+- [Database](docs/resources/sqlserverflexalpha_database.md)
+- [User](docs/resources/sqlserverflexalpha_user.md)
+- [Instance](docs/resources/sqlserverflexalpha_instance.md)

cmd/cmd/publish/templates/markdown.html.gompl

@@ -0,0 +1,79 @@
+<!DOCTYPE html>
+{{ $mdFile := .OriginalReq.URL.Path | trimPrefix "/docs" }}
+{{ $md := (include $mdFile | splitFrontMatter) }}
+<html lang="en">
+<head>
+    <title>{{$md.Meta.page_title}}</title>
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
+    <link rel="stylesheet" href="/docs/terraform-registry.css">
+</head>
+<body>
+<h1>{{$md.Meta.page_title}}</h1>
+<div class="provider-view">
+    <div class="provider-nav">
+        <nav class="bread-crumbs is-light" aria-label="Provider">
+            <div class="container is-widescreen">
+                <div class="level">
+                    <ul class="provider-nav-breadcrumbs bread-crumbs-list">
+                        <li class="bread-crumbs-item">
+                            <a id="ember20" class="ember-view bread-crumbs-link" href="/">
+                                Main
+                            </a>
+                        </li>
+                    </ul>
+                </div>
+            </div>
+        </nav>
+        <nav class="block-border section-navbar section-header" aria-label="Provider details">
+            <div class="container">
+                <div class="columns is-vcentered">
+                    <div class="column is-4">
+                          <div class="provider-nav-info-header">
+                              <div class="provider-overview-logo">
+                                <span class="provider-logo">
+                                    <img class="github-image" src="https://avatars3.githubusercontent.com/stackitcloud" alt="stackitcloud">
+                                </span>
+                              </div>
+                              <div class="provider-nav-info-origin">
+                                  <h1>PRIVATE PREVIEW</h1>
+                              </div>
+                          </div>
+                    </div>
+                    <div class="column is-8">
+
+                        <ul class="nav-tabs-list nav-tabs tabs">
+
+                            <li class="nav-tabs-item">
+                                <a id="ember30" class="ember-view navbar-item" href="/">
+                                    Overview
+                                </a>
+                            </li>
+
+                        </ul>
+
+                        <div class="provider-nav-provision-wrapper">
+                            <!---->          </div>
+                    </div>
+                </div>
+            </div>
+        </nav>
+    </div>
+
+    <div class="section block-border block-white section-content">
+        <div class="container">
+            <div class="columns columns-provider-docs">
+                <div class="column is-3 column-provider-docs-menu"></div>
+                <article id="provider-docs-content" class="column is-6  provider-docs-content">
+                    <div class="markdown">
+                        <div class="highlighted-code-wrapper">
+                            {{markdown $md.Body}}
+                        </div>
+                    </div>
+                </article>
+                <div class="column is-3 column-provider-docs-menu"></div>
+            </div>
+        </div>
+    </div>
+</div>
+</body>
+</html>

cmd/cmd/publish/versions.go

@@ -0,0 +1,169 @@
+package publish
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"log/slog"
+	"net/http"
+	"net/url"
+	"os"
+)
+
+type Version struct {
+	Version   string     `json:"version"`
+	Protocols []string   `json:"protocols"`
+	Platforms []Platform `json:"platforms"`
+}
+
+type Platform struct {
+	OS   string `json:"os" yaml:"os"`
+	Arch string `json:"arch" yaml:"arch"`
+}
+
+type Data struct {
+	Id       string    `json:"id,omitempty"`
+	Versions []Version `json:"versions"`
+}
+
+func (d *Data) WriteToFile(filePath string) error {
+	// TODO: make it variable
+	d.Id = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview"
+
+	jsonString, err := json.Marshal(d)
+	if err != nil {
+		return fmt.Errorf("error encoding data: %w", err)
+	}
+
+	//nolint:gosec // this file is not sensitive, so we can use os.ModePerm
+	err = os.WriteFile(
+		filePath,
+		jsonString,
+		os.ModePerm,
+	)
+	if err != nil {
+		return fmt.Errorf("error writing data: %w", err)
+	}
+	return nil
+}
+
+func (d *Data) AddVersion(v Version) error {
+	var newVersions []Version
+	for _, ver := range d.Versions {
+		if ver.Version != v.Version {
+			newVersions = append(newVersions, ver)
+		}
+	}
+	newVersions = append(newVersions, v)
+	d.Versions = newVersions
+	return nil
+}
+
+func (d *Data) Validate() error {
+	for _, v := range d.Versions {
+		err := v.Validate()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (d *Data) LoadFromFile(filePath string) error {
+	plan, err := os.ReadFile(filePath)
+	if err != nil {
+		return err
+	}
+	err = json.Unmarshal(plan, &d)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (d *Data) LoadFromUrl(uri string) error {
+	u, err := url.ParseRequestURI(uri)
+	if err != nil {
+		return err
+	}
+
+	file, err := os.CreateTemp("", "versions.*.json")
+	if err != nil {
+		return err
+	}
+	defer func(name string) {
+		//nolint:gosec // The file path is generated by os.CreateTemp and is not user-controllable
+		err := os.Remove(name)
+		if err != nil {
+			slog.Error("failed to remove temporary file", slog.Any("err", err))
+		}
+	}(file.Name()) // Clean up
+
+	err = DownloadFile(
+		u.String(),
+		file.Name(),
+	)
+	if err != nil {
+		return err
+	}
+
+	return d.LoadFromFile(file.Name())
+}
+
+func (v *Version) Validate() error {
+	slog.Warn("validation needs to be implemented")
+	return nil
+}
+
+func (v *Version) AddPlatform(p Platform) error {
+	if p.OS == "" || p.Arch == "" {
+		return fmt.Errorf("OS and Arch MUST NOT be empty")
+	}
+	v.Platforms = append(v.Platforms, p)
+	return nil
+}
+
+func (v *Version) AddProtocol(p string) error {
+	if p == "" {
+		return fmt.Errorf("protocol MUST NOT be empty")
+	}
+	v.Protocols = append(v.Protocols, p)
+	return nil
+}
+
+// DownloadFile will download a url and store it in local filepath.
+// It writes to the destination file as it downloads it, without
+// loading the entire file into memory.
+func DownloadFile(urlValue, filepath string) error {
+	// Create the file
+	//nolint:gosec // path traversal is not a concern here, as the filepath is generated by us and not user input
+	out, err := os.Create(filepath)
+	if err != nil {
+		return err
+	}
+	defer func(out *os.File) {
+		err := out.Close()
+		if err != nil {
+			slog.Error("failed to close file", slog.Any("err", err))
+		}
+	}(out)
+
+	// Get the data
+
+	//nolint:gosec,bodyclose // this is a controlled URL, not user input
+	resp, err := http.Get(urlValue)
+	if err != nil {
+		return err
+	}
+	defer func(Body io.ReadCloser) {
+		_ = Body.Close()
+	}(resp.Body)
+
+	// Write the body to file
+	_, err = io.Copy(out, resp.Body)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

cmd/cmd/publishCmd.go

@@ -0,0 +1,139 @@
+package cmd
+
+import (
+	"errors"
+	"fmt"
+	"io/fs"
+	"log"
+	"os"
+	"path"
+	"path/filepath"
+
+	"github.com/spf13/cobra"
+
+	publish2 "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/cmd/cmd/publish"
+)
+
+var (
+	namespace      string
+	domain         string
+	providerName   string
+	distPath       string
+	repoName       string
+	version        string
+	gpgFingerprint string
+	gpgPubKeyFile  string
+)
+
+var publishCmd = &cobra.Command{
+	Use:   "publish",
+	Short: "Publish terraform provider",
+	Long:  `...`,
+	RunE: func(_ *cobra.Command, _ []string) error {
+		return publish()
+	},
+}
+
+func init() { //nolint:gochecknoinits //this is the standard way to set up cobra commands
+	publishCmd.Flags().StringVarP(&namespace, "namespace", "n", "", "Namespace for the Terraform registry.")
+	publishCmd.Flags().StringVarP(&domain, "domain", "d", "", "Domain for the Terraform registry.")
+	publishCmd.Flags().StringVarP(&providerName, "providerName", "p", "", "ProviderName for the Terraform registry.")
+	publishCmd.Flags().StringVarP(&distPath, "distPath", "x", "dist", "Dist Path for the Terraform registry.")
+	publishCmd.Flags().StringVarP(&repoName, "repoName", "r", "", "RepoName for the Terraform registry.")
+	publishCmd.Flags().StringVarP(&version, "version", "v", "", "Version for the Terraform registry.")
+	publishCmd.Flags().StringVarP(
+		&gpgFingerprint,
+		"gpgFingerprint",
+		"f",
+		"",
+		"GPG Fingerprint for the Terraform registry.",
+	)
+	publishCmd.Flags().StringVarP(
+		&gpgPubKeyFile,
+		"gpgPubKeyFile",
+		"k",
+		"",
+		"GPG PubKey file name for the Terraform registry.",
+	)
+
+	err := publishCmd.MarkFlagRequired("namespace")
+	if err != nil {
+		return
+	}
+	err = publishCmd.MarkFlagRequired("domain")
+	if err != nil {
+		return
+	}
+	err = publishCmd.MarkFlagRequired("providerName")
+	if err != nil {
+		return
+	}
+	err = publishCmd.MarkFlagRequired("gpgFingerprint")
+	if err != nil {
+		return
+	}
+	err = publishCmd.MarkFlagRequired("gpgPubKeyFile")
+	if err != nil {
+		return
+	}
+	err = publishCmd.MarkFlagRequired("repoName")
+	if err != nil {
+		return
+	}
+	err = publishCmd.MarkFlagRequired("version")
+	if err != nil {
+		return
+	}
+	err = publishCmd.MarkFlagRequired("gpgFingerprint")
+	if err != nil {
+		return
+	}
+	err = publishCmd.MarkFlagRequired("gpgPubKeyFile")
+	if err != nil {
+		return
+	}
+}
+
+func NewPublishCmd() *cobra.Command {
+	return publishCmd
+}
+
+func publish() error {
+	log.Println("📦 Packaging Terraform Provider for private registry...")
+	p := publish2.Provider{
+		Namespace:      namespace,
+		Provider:       providerName,
+		DistPath:       filepath.Clean(distPath) + "/",
+		RepoName:       repoName,
+		Version:        version,
+		GpgFingerprint: gpgFingerprint,
+		GpgPubKeyFile:  gpgPubKeyFile,
+		Domain:         domain,
+	}
+	err := p.GetRoot()
+	if err != nil {
+		return err
+	}
+
+	// Create release dir - only the contents of this need to be uploaded to S3
+	log.Printf("* Creating release directory")
+	//nolint:gosec // this directory is not sensitive, so we can use 0750
+	err = os.MkdirAll(path.Join(p.RootPath, "release"), os.ModePerm)
+	if err != nil && !errors.Is(err, fs.ErrExist) {
+		return fmt.Errorf("error creating '%s' dir: %w", path.Join(p.RootPath, "release"), err)
+	}
+
+	// Create .wellKnown directory and terraform.json file
+	err = p.CreateWellKnown()
+	if err != nil {
+		return fmt.Errorf("error creating '.well-known' dir: %w", err)
+	}
+
+	err = p.CreateV1Dir()
+	if err != nil {
+		return fmt.Errorf("error creating 'v1' dir: %w", err)
+	}
+
+	log.Println("📦 Packaged Terraform Provider for private registry.")
+	return nil
+}

cmd/cmd/rootCmd.go

@@ -0,0 +1,23 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func NewRootCmd() *cobra.Command {
+	return &cobra.Command{
+		Use:               "build-tools",
+		Short:             "...",
+		Long:              "...",
+		SilenceErrors:     true, // Error is beautified in a custom way before being printed
+		SilenceUsage:      true,
+		DisableAutoGenTag: true,
+		RunE: func(cmd *cobra.Command, _ []string) error {
+			err := cmd.Help()
+			if err != nil {
+				return err
+			}
+			return nil
+		},
+	}
+}

cmd/main.go

@@ -0,0 +1,40 @@
+package main
+
+import (
+	"log"
+	"log/slog"
+	"os"
+
+	"github.com/SladkyCitron/slogcolor"
+	cc "github.com/ivanpirog/coloredcobra"
+
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/cmd/cmd"
+)
+
+func main() {
+	slog.SetDefault(slog.New(slogcolor.NewHandler(os.Stderr, slogcolor.DefaultOptions)))
+
+	rootCmd := cmd.NewRootCmd()
+
+	cc.Init(&cc.Config{
+		RootCmd:  rootCmd,
+		Headings: cc.HiCyan + cc.Bold + cc.Underline,
+		Commands: cc.HiYellow + cc.Bold,
+		Example:  cc.Italic,
+		ExecName: cc.Bold,
+		Flags:    cc.Bold,
+	})
+	rootCmd.SetOut(os.Stdout)
+
+	rootCmd.AddCommand(
+		cmd.NewBuildCmd(),
+		cmd.NewPublishCmd(),
+		cmd.NewGetFieldsCmd(),
+		cmd.NewExamplesCmd(),
+	)
+
+	err := rootCmd.Execute()
+	if err != nil {
+		log.Fatal(err)
+	}
+}

examples/data-sources/stackitprivatepreview_postgresflexalpha_database/data-source.tf

@@ -0,0 +1,5 @@
+data "stackitprivatepreview_postgresflexalpha_database" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  database_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}

examples/data-sources/stackitprivatepreview_postgresflexalpha_flavor/data-source.tf

@@ -0,0 +1,8 @@
+data "stackitprivatepreview_postgresflexalpha_flavor" "flavor" {
+  project_id    = var.project_id
+  region        = var.region
+  cpu           = 4
+  ram           = 16
+  node_type     = "Single"
+  storage_class = "premium-perf2-stackit"
+}

examples/data-sources/stackitprivatepreview_postgresflexalpha_instance/data-source.tf

@@ -0,0 +1,4 @@
+data "stackitprivatepreview_postgresflexalpha_instance" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}

examples/data-sources/stackitprivatepreview_postgresflexalpha_user/data-source.tf

@@ -0,0 +1,5 @@
+data "stackitprivatepreview_postgresflexalpha_user" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  user_id     = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}

examples/data-sources/stackitprivatepreview_sqlserverflexalpha_flavor/data-source.tf

@@ -0,0 +1,8 @@
+data "stackitprivatepreview_sqlserverflexalpha_flavor" "flavor" {
+  project_id    = var.project_id
+  region        = var.region
+  cpu           = 4
+  ram           = 16
+  node_type     = "Single"
+  storage_class = "premium-perf2-stackit"
+}

examples/data-sources/stackitprivatepreview_sqlserverflexalpha_instance/data-source.tf

@@ -0,0 +1,4 @@
+data "stackitprivatepreview_sqlserverflexalpha_instance" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}

examples/data-sources/stackitprivatepreview_sqlserverflexalpha_user/data-source.tf

@@ -0,0 +1,5 @@
+data "stackitprivatepreview_sqlserverflexalpha_user" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  user_id     = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}

examples/data-sources/stackitprivatepreview_sqlserverflexbeta_database/data-source.tf

@@ -0,0 +1,5 @@
+data "stackitprivatepreview_sqlserverflexbeta_database" "example" {
+  project_id    = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  database_name = "dbname"
+}

examples/data-sources/stackitprivatepreview_sqlserverflexbeta_flavor/data-source.tf

@@ -0,0 +1,8 @@
+data "stackitprivatepreview_sqlserverflexbeta_flavor" "flavor" {
+  project_id    = var.project_id
+  region        = var.region
+  cpu           = 4
+  ram           = 16
+  node_type     = "Single"
+  storage_class = "premium-perf2-stackit"
+}

examples/data-sources/stackitprivatepreview_sqlserverflexbeta_instance/data-source.tf

@@ -0,0 +1,4 @@
+data "stackitprivatepreview_sqlserverflexbeta_instance" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}

examples/provider/provider.tf

@@ -0,0 +1,24 @@
+provider "stackitprivatepreview" {
+  default_region = "eu01"
+}
+
+provider "stackitprivatepreview" {
+  default_region           = "eu01"
+  service_account_key_path = "service_account.json"
+}
+
+# Authentication
+
+# Key flow
+provider "stackitprivatepreview" {
+  default_region      = "eu01"
+  service_account_key = var.service_account_key
+  private_key         = var.private_key
+}
+
+# Key flow (using path)
+provider "stackitprivatepreview" {
+  default_region           = "eu01"
+  service_account_key_path = var.service_account_key_path
+  private_key_path         = var.private_key_path
+}

examples/resources/stackitprivatepreview_postgresflexalpha_database/resource.tf

@@ -0,0 +1,22 @@
+resource "stackitprivatepreview_postgresflexalpha_database" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name        = "mydb"
+  owner       = "myusername"
+}
+
+# Only use the import statement, if you want to import an existing postgresflex database
+import {
+  to = stackitprivatepreview_postgresflexalpha_database.import-example
+  id = "${var.project_id},${var.region},${var.postgres_instance_id},${var.postgres_database_id}"
+}
+
+import {
+  to = stackitprivatepreview_postgresflexalpha_database.import-example
+  identity = {
+    project_id  = "project_id"
+    region      = "region"
+    instance_id = "instance_id"
+    database_id = "database_id"
+  }
+}

examples/resources/stackitprivatepreview_postgresflexalpha_instance/resource.tf

@@ -0,0 +1,39 @@
+resource "stackitprivatepreview_postgresflexalpha_instance" "example-instance" {
+  project_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name            = "example-instance"
+  acl             = ["XXX.XXX.XXX.X/XX", "XX.XXX.XX.X/XX"]
+  backup_schedule = "0 0 * * *"
+  retention_days  = 30
+  flavor_id       = "flavor.id"
+  replicas        = 1
+  storage = {
+    performance_class = "premium-perf2-stackit"
+    size              = 10
+  }
+  encryption = {
+    kek_key_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+    kek_key_ring_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+    kek_key_version = 1
+    service_account = "service@account.email"
+  }
+  network = {
+    acl          = ["XXX.XXX.XXX.X/XX", "XX.XXX.XX.X/XX"]
+    access_scope = "PUBLIC"
+  }
+  version = 17
+}
+
+# Only use the import statement, if you want to import an existing postgresflex instance
+import {
+  to = stackitprivatepreview_postgresflexalpha_instance.import-example
+  id = "${var.project_id},${var.region},${var.postgres_instance_id}"
+}
+
+import {
+  to = stackitprivatepreview_postgresflexalpha_instance.import-example
+  identity = {
+    project_id  = var.project_id
+    region      = var.region
+    instance_id = var.postgres_instance_id
+  }
+}

examples/resources/stackitprivatepreview_postgresflexalpha_user/resource.tf

@@ -0,0 +1,22 @@
+resource "stackitprivatepreview_postgresflexalpha_user" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name        = "username"
+  roles       = ["role"]
+}
+
+# Only use the import statement, if you want to import an existing postgresflex user
+import {
+  to = stackitprivatepreview_postgresflexalpha_user.import-example
+  id = "${var.project_id},${var.region},${var.postgres_instance_id},${var.user_id}"
+}
+
+import {
+  to = stackitprivatepreview_postgresflexalpha_user.import-example
+  identity = {
+    project_id  = "project.id"
+    region      = "region"
+    instance_id = "instance.id"
+    user_id     = "user.id"
+  }
+}

examples/resources/stackitprivatepreview_sqlserverflexalpha_database/resource.tf

@@ -0,0 +1,24 @@
+resource "stackitprivatepreview_sqlserverflexalpha_database" "example" {
+  project_id    = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  collation     = ""
+  compatibility = "160"
+  name          = ""
+  owner         = ""
+}
+
+# Only use the import statement, if you want to import a existing sqlserverflex database
+import {
+  to = stackitprivatepreview_sqlserverflexalpha_database.import-example
+  id = "${var.project_id},${var.region},${var.sql_instance_id},${var.sql_user_id}"
+}
+
+import {
+  to = stackitprivatepreview_sqlserverflexalpha_database.import-example
+  identity = {
+    project_id  = "project.id"
+    region      = "region"
+    instance_id = "instance.id"
+    database_id = "database.id"
+  }
+}

examples/resources/stackitprivatepreview_sqlserverflexalpha_instance/resource.tf

@@ -0,0 +1,21 @@
+resource "stackitprivatepreview_sqlserverflexalpha_instance" "example" {
+  project_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name            = "example-instance"
+  acl             = ["XXX.XXX.XXX.X/XX", "XX.XXX.XX.X/XX"]
+  backup_schedule = "00 00 * * *"
+  flavor = {
+    cpu = 4
+    ram = 16
+  }
+  storage = {
+    class = "class"
+    size  = 5
+  }
+  version = 2022
+}
+
+# Only use the import statement, if you want to import an existing sqlserverflex instance
+import {
+  to = stackitprivatepreview_sqlserverflexalpha_instance.import-example
+  id = "${var.project_id},${var.region},${var.sql_instance_id}"
+}

examples/resources/stackitprivatepreview_sqlserverflexalpha_user/resource.tf

@@ -0,0 +1,12 @@
+resource "stackitprivatepreview_sqlserverflexalpha_user" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  username    = "username"
+  roles       = ["role"]
+}
+
+# Only use the import statement, if you want to import an existing sqlserverflex user
+import {
+  to = stackitprivatepreview_sqlserverflexalpha_user.import-example
+  id = "${var.project_id},${var.region},${var.sql_instance_id},${var.sql_user_id}"
+}

examples/resources/stackitprivatepreview_sqlserverflexbeta_database/resource.tf

@@ -0,0 +1,12 @@
+resource "stackitprivatepreview_sqlserverflexalpha_user" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  username    = "username"
+  roles       = ["role"]
+}
+
+# Only use the import statement, if you want to import an existing sqlserverflex user
+import {
+  to = stackitprivatepreview_sqlserverflexalpha_user.import-example
+  id = "${var.project_id},${var.region},${var.sql_instance_id},${var.sql_user_id}"
+}

examples/resources/stackitprivatepreview_sqlserverflexbeta_instance/resource.tf

@@ -0,0 +1,76 @@
+# without encryption and SNA
+resource "stackitprivatepreview_sqlserverflexbeta_instance" "instance" {
+  project_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name            = "example-instance"
+  backup_schedule = "0 3 * * *"
+  retention_days  = 31
+  flavor_id       = "flavor_id"
+  storage = {
+    class = "premium-perf2-stackit"
+    size  = 50
+  }
+  version = 2022
+  network = {
+    acl          = ["XXX.XXX.XXX.X/XX", "XX.XXX.XX.X/XX"]
+    access_scope = "SNA"
+  }
+}
+
+# without encryption and PUBLIC
+resource "stackitprivatepreview_sqlserverflexbeta_instance" "instance" {
+  project_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name            = "example-instance"
+  backup_schedule = "0 3 * * *"
+  retention_days  = 31
+  flavor_id       = "flavor_id"
+  storage = {
+    class = "premium-perf2-stackit"
+    size  = 50
+  }
+  version = 2022
+  network = {
+    acl          = ["XXX.XXX.XXX.X/XX", "XX.XXX.XX.X/XX"]
+    access_scope = "PUBLIC"
+  }
+}
+
+# with encryption and SNA
+resource "stackitprivatepreview_sqlserverflexbeta_instance" "instance" {
+  project_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name            = "example-instance"
+  backup_schedule = "0 3 * * *"
+  retention_days  = 31
+  flavor_id       = "flavor_id"
+  storage = {
+    class = "premium-perf2-stackit"
+    size  = 50
+  }
+  version = 2022
+  encryption = {
+    kek_key_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+    kek_key_ring_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+    kek_key_version = 1
+    service_account = "service_account@email"
+  }
+  network = {
+    acl          = ["XXX.XXX.XXX.X/XX", "XX.XXX.XX.X/XX"]
+    access_scope = "SNA"
+  }
+}
+
+
+# Only use the import statement, if you want to import an existing sqlserverflex instance
+import {
+  to = stackitprivatepreview_sqlserverflexalpha_instance.import-example
+  id = "${var.project_id},${var.region},${var.sql_instance_id}"
+}
+
+# import with identity
+import {
+  to = stackitprivatepreview_sqlserverflexalpha_instance.import-example
+  identity = {
+    project_id  = var.project_id
+    region      = var.region
+    instance_id = var.sql_instance_id
+  }
+}

examples/resources/stackitprivatepreview_sqlserverflexbeta_user/resource.tf

@@ -0,0 +1,12 @@
+resource "stackitprivatepreview_sqlserverflexalpha_user" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  username    = "username"
+  roles       = ["role"]
+}
+
+# Only use the import statement, if you want to import an existing sqlserverflex user
+import {
+  to = stackitprivatepreview_sqlserverflexalpha_user.import-example
+  id = "${var.project_id},${var.region},${var.sql_instance_id},${var.sql_user_id}"
+}

go.mod

@@ -0,0 +1,302 @@
+module tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview
+
+go 1.25.6
+
+
+
+require (
+	github.com/SladkyCitron/slogcolor v1.8.0
+	github.com/golang-jwt/jwt/v5 v5.3.1
+	github.com/golangci/golangci-lint/v2 v2.10.1
+	github.com/google/go-cmp v0.7.0
+	github.com/google/uuid v1.6.0
+	github.com/hashicorp/terraform-plugin-codegen-framework v0.4.1
+	github.com/hashicorp/terraform-plugin-codegen-openapi v0.3.0
+	github.com/hashicorp/terraform-plugin-docs v0.24.0
+	github.com/hashicorp/terraform-plugin-framework v1.17.0
+	github.com/hashicorp/terraform-plugin-framework-validators v0.19.0
+	github.com/hashicorp/terraform-plugin-go v0.29.0
+	github.com/hashicorp/terraform-plugin-log v0.10.0
+	github.com/hashicorp/terraform-plugin-testing v1.14.0
+	github.com/iancoleman/strcase v0.3.0
+	github.com/ivanpirog/coloredcobra v1.0.1
+	github.com/jarcoal/httpmock v1.4.1
+	github.com/joho/godotenv v1.5.1
+	github.com/ldez/go-git-cmd-wrapper/v2 v2.9.1
+	github.com/spf13/cobra v1.10.2
+	github.com/stackitcloud/stackit-sdk-go/core v0.21.1
+	github.com/stackitcloud/stackit-sdk-go/services/iaasalpha v0.1.23-alpha
+	github.com/teambition/rrule-go v1.8.2
+	golang.org/x/tools v0.42.0
+	gopkg.in/yaml.v3 v3.0.1
+)
+
+require github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
+
+require (
+	4d63.com/gocheckcompilerdirectives v1.3.0 // indirect
+	4d63.com/gochecknoglobals v0.2.2 // indirect
+	codeberg.org/chavacava/garif v0.2.0 // indirect
+	codeberg.org/polyfloyd/go-errorlint v1.9.0 // indirect
+	dario.cat/mergo v1.0.1 // indirect
+	dev.gaijin.team/go/exhaustruct/v4 v4.0.0 // indirect
+	dev.gaijin.team/go/golib v0.6.0 // indirect
+	github.com/4meepo/tagalign v1.4.3 // indirect
+	github.com/Abirdcfly/dupword v0.1.7 // indirect
+	github.com/AdminBenni/iota-mixing v1.0.0 // indirect
+	github.com/AlwxSin/noinlineerr v1.0.5 // indirect
+	github.com/Antonboom/errname v1.1.1 // indirect
+	github.com/Antonboom/nilnil v1.1.1 // indirect
+	github.com/Antonboom/testifylint v1.6.4 // indirect
+	github.com/BurntSushi/toml v1.6.0 // indirect
+	github.com/Djarvur/go-err113 v0.1.1 // indirect
+	github.com/Kunde21/markdownfmt/v3 v3.1.0 // indirect
+	github.com/Masterminds/goutils v1.1.1 // indirect
+	github.com/Masterminds/semver/v3 v3.4.0 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
+	github.com/MirrexOne/unqueryvet v1.5.3 // indirect
+	github.com/OpenPeeDeeP/depguard/v2 v2.2.1 // indirect
+	github.com/ProtonMail/go-crypto v1.3.0 // indirect
+	github.com/agext/levenshtein v1.2.3 // indirect
+	github.com/alecthomas/chroma/v2 v2.23.1 // indirect
+	github.com/alecthomas/go-check-sumtype v0.3.1 // indirect
+	github.com/alexkohler/nakedret/v2 v2.0.6 // indirect
+	github.com/alexkohler/prealloc v1.0.2 // indirect
+	github.com/alfatraining/structtag v1.0.0 // indirect
+	github.com/alingse/asasalint v0.0.11 // indirect
+	github.com/alingse/nilnesserr v0.2.0 // indirect
+	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
+	github.com/armon/go-radix v1.0.0 // indirect
+	github.com/ashanbrown/forbidigo/v2 v2.3.0 // indirect
+	github.com/ashanbrown/makezero/v2 v2.1.0 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/bahlo/generic-list-go v0.2.0 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bgentry/speakeasy v0.1.0 // indirect
+	github.com/bkielbasa/cyclop v1.2.3 // indirect
+	github.com/blizzy78/varnamelen v0.8.0 // indirect
+	github.com/bmatcuk/doublestar/v4 v4.9.1 // indirect
+	github.com/bombsimon/wsl/v4 v4.7.0 // indirect
+	github.com/bombsimon/wsl/v5 v5.6.0 // indirect
+	github.com/breml/bidichk v0.3.3 // indirect
+	github.com/breml/errchkjson v0.4.1 // indirect
+	github.com/buger/jsonparser v1.1.1 // indirect
+	github.com/butuzov/ireturn v0.4.0 // indirect
+	github.com/butuzov/mirror v1.3.0 // indirect
+	github.com/catenacyber/perfsprint v0.10.1 // indirect
+	github.com/ccojocar/zxcvbn-go v1.0.4 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/charithe/durationcheck v0.0.11 // indirect
+	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
+	github.com/charmbracelet/lipgloss v1.1.0 // indirect
+	github.com/charmbracelet/x/ansi v0.10.1 // indirect
+	github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd // indirect
+	github.com/charmbracelet/x/term v0.2.1 // indirect
+	github.com/ckaznocha/intrange v0.3.1 // indirect
+	github.com/cloudflare/circl v1.6.3 // indirect
+	github.com/curioswitch/go-reassign v0.3.0 // indirect
+	github.com/daixiang0/gci v0.13.7 // indirect
+	github.com/dave/dst v0.27.3 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/denis-tingaikin/go-header v0.5.0 // indirect
+	github.com/dlclark/regexp2 v1.11.5 // indirect
+	github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936 // indirect
+	github.com/ettle/strcase v0.2.0 // indirect
+	github.com/fatih/color v1.18.0 // indirect
+	github.com/fatih/structtag v1.2.0 // indirect
+	github.com/firefart/nonamedreturns v1.0.6 // indirect
+	github.com/fsnotify/fsnotify v1.5.4 // indirect
+	github.com/fzipp/gocyclo v0.6.0 // indirect
+	github.com/ghostiam/protogetter v0.3.20 // indirect
+	github.com/go-critic/go-critic v0.14.3 // indirect
+	github.com/go-toolsmith/astcast v1.1.0 // indirect
+	github.com/go-toolsmith/astcopy v1.1.0 // indirect
+	github.com/go-toolsmith/astequal v1.2.0 // indirect
+	github.com/go-toolsmith/astfmt v1.1.0 // indirect
+	github.com/go-toolsmith/astp v1.1.0 // indirect
+	github.com/go-toolsmith/strparse v1.1.0 // indirect
+	github.com/go-toolsmith/typep v1.1.0 // indirect
+	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
+	github.com/go-xmlfmt/xmlfmt v1.1.3 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
+	github.com/godoc-lint/godoc-lint v0.11.2 // indirect
+	github.com/gofrs/flock v0.13.0 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/golangci/asciicheck v0.5.0 // indirect
+	github.com/golangci/dupl v0.0.0-20250308024227-f665c8d69b32 // indirect
+	github.com/golangci/go-printf-func-name v0.1.1 // indirect
+	github.com/golangci/gofmt v0.0.0-20250106114630-d62b90e6713d // indirect
+	github.com/golangci/golines v0.15.0 // indirect
+	github.com/golangci/misspell v0.8.0 // indirect
+	github.com/golangci/plugin-module-register v0.1.2 // indirect
+	github.com/golangci/revgrep v0.8.0 // indirect
+	github.com/golangci/swaggoswag v0.0.0-20250504205917-77f2aca3143e // indirect
+	github.com/golangci/unconvert v0.0.0-20250410112200-a129a6e6413e // indirect
+	github.com/gordonklaus/ineffassign v0.2.0 // indirect
+	github.com/gostaticanalysis/analysisutil v0.7.1 // indirect
+	github.com/gostaticanalysis/comment v1.5.0 // indirect
+	github.com/gostaticanalysis/forcetypeassert v0.2.0 // indirect
+	github.com/gostaticanalysis/nilerr v0.1.2 // indirect
+	github.com/hashicorp/cli v1.1.7 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-cty v1.5.0 // indirect
+	github.com/hashicorp/go-hclog v1.6.3 // indirect
+	github.com/hashicorp/go-immutable-radix/v2 v2.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-plugin v1.7.0 // indirect
+	github.com/hashicorp/go-uuid v1.0.3 // indirect
+	github.com/hashicorp/go-version v1.8.0 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
+	github.com/hashicorp/hc-install v0.9.3 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hashicorp/hcl/v2 v2.24.0 // indirect
+	github.com/hashicorp/logutils v1.0.0 // indirect
+	github.com/hashicorp/terraform-exec v0.25.0 // indirect
+	github.com/hashicorp/terraform-json v0.27.2 // indirect
+	github.com/hashicorp/terraform-plugin-codegen-spec v0.2.0 // indirect
+	github.com/hashicorp/terraform-plugin-sdk/v2 v2.38.2 // indirect
+	github.com/hashicorp/terraform-registry-address v0.4.0 // indirect
+	github.com/hashicorp/terraform-svchost v0.2.0 // indirect
+	github.com/hashicorp/yamux v0.1.2 // indirect
+	github.com/hexops/gotextdiff v1.0.3 // indirect
+	github.com/huandu/xstrings v1.4.0 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/jgautheron/goconst v1.8.2 // indirect
+	github.com/jingyugao/rowserrcheck v1.1.1 // indirect
+	github.com/jjti/go-spancheck v0.6.5 // indirect
+	github.com/julz/importas v0.2.0 // indirect
+	github.com/karamaru-alpha/copyloopvar v1.2.2 // indirect
+	github.com/kisielk/errcheck v1.9.0 // indirect
+	github.com/kkHAIKE/contextcheck v1.1.6 // indirect
+	github.com/kulti/thelper v0.7.1 // indirect
+	github.com/kunwardeep/paralleltest v1.0.15 // indirect
+	github.com/lasiar/canonicalheader v1.1.2 // indirect
+	github.com/ldez/exptostd v0.4.5 // indirect
+	github.com/ldez/gomoddirectives v0.8.0 // indirect
+	github.com/ldez/grignotin v0.10.1 // indirect
+	github.com/ldez/structtags v0.6.1 // indirect
+	github.com/ldez/tagliatelle v0.7.2 // indirect
+	github.com/ldez/usetesting v0.5.0 // indirect
+	github.com/leonklingele/grouper v1.1.2 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/macabu/inamedparam v0.2.0 // indirect
+	github.com/magiconair/properties v1.8.6 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/manuelarte/embeddedstructfieldcheck v0.4.0 // indirect
+	github.com/manuelarte/funcorder v0.5.0 // indirect
+	github.com/maratori/testableexamples v1.0.1 // indirect
+	github.com/maratori/testpackage v1.1.2 // indirect
+	github.com/matoous/godox v1.1.0 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/mgechev/revive v1.14.0 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/moricho/tparallel v0.3.2 // indirect
+	github.com/muesli/termenv v0.16.0 // indirect
+	github.com/nakabonne/nestif v0.3.1 // indirect
+	github.com/nishanths/exhaustive v0.12.0 // indirect
+	github.com/nishanths/predeclared v0.2.2 // indirect
+	github.com/nunnatsa/ginkgolinter v0.23.0 // indirect
+	github.com/oklog/run v1.2.0 // indirect
+	github.com/pb33f/libopenapi v0.15.0 // indirect
+	github.com/pelletier/go-toml v1.9.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/posener/complete v1.2.3 // indirect
+	github.com/prometheus/client_golang v1.12.1 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.32.1 // indirect
+	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/quasilyte/go-ruleguard v0.4.5 // indirect
+	github.com/quasilyte/go-ruleguard/dsl v0.3.23 // indirect
+	github.com/quasilyte/gogrep v0.5.0 // indirect
+	github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 // indirect
+	github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect
+	github.com/raeperd/recvcheck v0.2.0 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/rogpeppe/go-internal v1.14.1 // indirect
+	github.com/ryancurrah/gomodguard v1.4.1 // indirect
+	github.com/ryanrolds/sqlclosecheck v0.5.1 // indirect
+	github.com/sanposhiho/wastedassign/v2 v2.1.0 // indirect
+	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
+	github.com/sashamelentyev/interfacebloat v1.1.0 // indirect
+	github.com/sashamelentyev/usestdlibvars v1.29.0 // indirect
+	github.com/securego/gosec/v2 v2.23.0 // indirect
+	github.com/shopspring/decimal v1.3.1 // indirect
+	github.com/sirupsen/logrus v1.9.4 // indirect
+	github.com/sivchari/containedctx v1.0.3 // indirect
+	github.com/sonatard/noctx v0.4.0 // indirect
+	github.com/sourcegraph/go-diff v0.7.0 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
+	github.com/spf13/viper v1.12.0 // indirect
+	github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect
+	github.com/stbenjam/no-sprintf-host-port v0.3.1 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/stretchr/testify v1.11.1 // indirect
+	github.com/subosito/gotenv v1.4.1 // indirect
+	github.com/tetafro/godot v1.5.4 // indirect
+	github.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67 // indirect
+	github.com/timonwong/loggercheck v0.11.0 // indirect
+	github.com/tomarrell/wrapcheck/v2 v2.12.0 // indirect
+	github.com/tommy-muehle/go-mnd/v2 v2.5.1 // indirect
+	github.com/ultraware/funlen v0.2.0 // indirect
+	github.com/ultraware/whitespace v0.2.0 // indirect
+	github.com/uudashr/gocognit v1.2.0 // indirect
+	github.com/uudashr/iface v1.4.1 // indirect
+	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
+	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
+	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
+	github.com/vmware-labs/yaml-jsonpath v0.3.2 // indirect
+	github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
+	github.com/xen0n/gosmopolitan v1.3.0 // indirect
+	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
+	github.com/yagipy/maintidx v1.0.0 // indirect
+	github.com/yeya24/promlinter v0.3.0 // indirect
+	github.com/ykadowak/zerologlint v0.1.5 // indirect
+	github.com/yuin/goldmark v1.7.7 // indirect
+	github.com/yuin/goldmark-meta v1.1.0 // indirect
+	github.com/zclconf/go-cty v1.17.0 // indirect
+	gitlab.com/bosi/decorder v0.4.2 // indirect
+	go-simpler.org/musttag v0.14.0 // indirect
+	go-simpler.org/sloglint v0.11.1 // indirect
+	go.abhg.dev/goldmark/frontmatter v0.2.0 // indirect
+	go.augendre.info/arangolint v0.4.0 // indirect
+	go.augendre.info/fatcontext v0.9.0 // indirect
+	go.uber.org/multierr v1.10.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/crypto v0.48.0 // indirect
+	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
+	golang.org/x/exp/typeparams v0.0.0-20260209203927-2842357ff358 // indirect
+	golang.org/x/mod v0.33.0 // indirect
+	golang.org/x/net v0.50.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4 // indirect
+	golang.org/x/text v0.34.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect
+	google.golang.org/grpc v1.79.1 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	honnef.co/go/tools v0.7.0 // indirect
+	mvdan.cc/gofumpt v0.9.2 // indirect
+	mvdan.cc/unparam v0.0.0-20251027182757-5beb8c8f8f15 // indirect
+)

golang-ci.yaml

@@ -0,0 +1,97 @@
+
+version: "2"
+run:
+  concurrency: 4
+output:
+  formats:
+    text:
+      print-linter-name: true
+      print-issued-lines: true
+      colors: true
+      path: stdout
+linters:
+  enable:
+    - bodyclose
+    - depguard
+    - errorlint
+    - forcetypeassert
+    - gochecknoinits
+    - gocritic
+    - gosec
+    - misspell
+    - nakedret
+    - revive
+    - sqlclosecheck
+    - wastedassign
+  disable:
+    - noctx
+    - unparam
+  settings:
+    depguard:
+      rules:
+        main:
+          list-mode: lax
+          allow:
+            - tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview
+            - github.com/hashicorp/terraform-plugin-framework
+            - github.com/hashicorp/terraform-plugin-log
+            - github.com/stackitcloud/stackit-sdk-go
+          deny:
+            - pkg: github.com/stretchr/testify
+              desc: Do not use a testing framework
+    gocritic:
+      disabled-checks:
+        - wrapperFunc
+        - typeDefFirst
+        - ifElseChain
+        - dupImport
+        - hugeParam
+      enabled-tags:
+        - performance
+        - style
+        - experimental
+    gosec:
+      excludes:
+        - G104
+        - G102
+        - G304
+        - G307
+    misspell:
+      locale: US
+    nakedret:
+      max-func-lines: 0
+    revive:
+      severity: error
+      rules:
+        - name: errorf
+        - name: context-as-argument
+        - name: error-return
+        - name: increment-decrement
+        - name: indent-error-flow
+        - name: superfluous-else
+        - name: unused-parameter
+        - name: unreachable-code
+        - name: atomic
+        - name: empty-lines
+        - name: early-return
+  exclusions:
+    paths:
+      - stackit-sdk-generator/
+      - generated/
+      - pkg_gen/
+    generated: lax
+    warn-unused: true
+    # Excluding configuration per-path, per-linter, per-text and per-source.
+    rules:
+      # Exclude some linters from running on tests files.
+        - path: _test\.go
+          linters:
+            - gochecknoinits
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  settings:
+    goimports:
+      local-prefixes:
+        - tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview

internal/testutil/assert.go

@@ -0,0 +1,11 @@
+package testutil
+
+import "testing"
+
+func Equal[V comparable](t *testing.T, got, expected V) {
+	t.Helper()
+
+	if expected != got {
+		t.Errorf("assert equal failed:\ngot: %v \nexpected: %v", got, expected)
+	}
+}

internal/testutil/testutil.go.bak

@@ -0,0 +1,651 @@
+package testutil
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-framework/providerserver"
+	"github.com/hashicorp/terraform-plugin-go/tfprotov6"
+	"github.com/hashicorp/terraform-plugin-testing/config"
+	"github.com/hashicorp/terraform-plugin-testing/echoprovider"
+
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit"
+)
+
+const (
+	// Default location of credentials JSON
+	// credentialsFilePath = ".stackit/credentials.json" //nolint:gosec // linter false positive
+	serviceAccountFilePath = ".stackit/service_account.json"
+)
+
+var (
+	// TestAccProtoV6ProviderFactories is used to instantiate a provider during
+	// acceptance testing. The factory function will be invoked for every Terraform
+	// CLI command executed to create a provider server to which the CLI can
+	// reattach.
+	TestAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){
+		"stackitprivatepreview": providerserver.NewProtocol6WithError(stackit.New("test-version")()),
+	}
+
+	// TestEphemeralAccProtoV6ProviderFactories is used to instantiate a provider during
+	// acceptance testing. The factory function will be invoked for every Terraform
+	// CLI command executed to create a provider server to which the CLI can
+	// reattach.
+	//
+	// See the Terraform acceptance test documentation on ephemeral resources for more information:
+	// https://developer.hashicorp.com/terraform/plugin/testing/acceptance-tests/ephemeral-resources
+	TestEphemeralAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){
+		"stackitprivatepreview": providerserver.NewProtocol6WithError(stackit.New("test-version")()),
+		"echo":                  echoprovider.NewProviderServer(),
+	}
+
+	// E2ETestsEnabled checks if end-to-end tests should be run.
+	// It is enabled when the TF_ACC environment variable is set to "1".
+	E2ETestsEnabled = os.Getenv("TF_ACC") == "1"
+	// OrganizationId is the id of organization used for tests
+	OrganizationId = os.Getenv("TF_ACC_ORGANIZATION_ID")
+	// ProjectId is the id of project used for tests
+	ProjectId = os.Getenv("TF_ACC_PROJECT_ID")
+	Region    = os.Getenv("TF_ACC_REGION")
+	// ServiceAccountFile is the json file of the service account
+	ServiceAccountFile = os.Getenv("TF_ACC_SERVICE_ACCOUNT_FILE")
+	// ServerId is the id of a server used for some tests
+	ServerId = getenv("TF_ACC_SERVER_ID", "")
+	// TestProjectParentContainerID is the container id of the parent resource under which projects are created as part of the resource-manager acceptance tests
+	TestProjectParentContainerID = os.Getenv("TF_ACC_TEST_PROJECT_PARENT_CONTAINER_ID")
+	// TestProjectParentUUID is the uuid of the parent resource under which projects are created as part of the resource-manager acceptance tests
+	TestProjectParentUUID = os.Getenv("TF_ACC_TEST_PROJECT_PARENT_UUID")
+	// TestProjectServiceAccountEmail is the e-mail of a service account with admin permissions on the organization under which projects are created as part of the resource-manager acceptance tests
+	TestProjectServiceAccountEmail = os.Getenv("TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL")
+	// TestProjectUserEmail is the e-mail of a user for the project created as part of the resource-manager acceptance tests
+	// Default email: acc-test@sa.stackit.cloud
+	TestProjectUserEmail = getenv("TF_ACC_TEST_PROJECT_USER_EMAIL", "acc-test@sa.stackit.cloud")
+	// TestImageLocalFilePath is the local path to an image file used for image acceptance tests
+	TestImageLocalFilePath = getenv("TF_ACC_TEST_IMAGE_LOCAL_FILE_PATH", "default")
+
+	CdnCustomEndpoint             = os.Getenv("TF_ACC_CDN_CUSTOM_ENDPOINT")
+	DnsCustomEndpoint             = os.Getenv("TF_ACC_DNS_CUSTOM_ENDPOINT")
+	GitCustomEndpoint             = os.Getenv("TF_ACC_GIT_CUSTOM_ENDPOINT")
+	IaaSCustomEndpoint            = os.Getenv("TF_ACC_IAAS_CUSTOM_ENDPOINT")
+	KMSCustomEndpoint             = os.Getenv("TF_ACC_KMS_CUSTOM_ENDPOINT")
+	LoadBalancerCustomEndpoint    = os.Getenv("TF_ACC_LOADBALANCER_CUSTOM_ENDPOINT")
+	LogMeCustomEndpoint           = os.Getenv("TF_ACC_LOGME_CUSTOM_ENDPOINT")
+	MariaDBCustomEndpoint         = os.Getenv("TF_ACC_MARIADB_CUSTOM_ENDPOINT")
+	ModelServingCustomEndpoint    = os.Getenv("TF_ACC_MODELSERVING_CUSTOM_ENDPOINT")
+	AuthorizationCustomEndpoint   = os.Getenv("TF_ACC_authorization_custom_endpoint")
+	MongoDBFlexCustomEndpoint     = os.Getenv("TF_ACC_MONGODBFLEX_CUSTOM_ENDPOINT")
+	OpenSearchCustomEndpoint      = os.Getenv("TF_ACC_OPENSEARCH_CUSTOM_ENDPOINT")
+	ObservabilityCustomEndpoint   = os.Getenv("TF_ACC_OBSERVABILITY_CUSTOM_ENDPOINT")
+	ObjectStorageCustomEndpoint   = os.Getenv("TF_ACC_OBJECTSTORAGE_CUSTOM_ENDPOINT")
+	PostgresFlexCustomEndpoint    = os.Getenv("TF_ACC_POSTGRESFLEX_CUSTOM_ENDPOINT")
+	RabbitMQCustomEndpoint        = os.Getenv("TF_ACC_RABBITMQ_CUSTOM_ENDPOINT")
+	RedisCustomEndpoint           = os.Getenv("TF_ACC_REDIS_CUSTOM_ENDPOINT")
+	ResourceManagerCustomEndpoint = os.Getenv("TF_ACC_RESOURCEMANAGER_CUSTOM_ENDPOINT")
+	ScfCustomEndpoint             = os.Getenv("TF_ACC_SCF_CUSTOM_ENDPOINT")
+	SecretsManagerCustomEndpoint  = os.Getenv("TF_ACC_SECRETSMANAGER_CUSTOM_ENDPOINT")
+	SQLServerFlexCustomEndpoint   = os.Getenv("TF_ACC_SQLSERVERFLEX_CUSTOM_ENDPOINT")
+	ServerBackupCustomEndpoint    = os.Getenv("TF_ACC_SERVER_BACKUP_CUSTOM_ENDPOINT")
+	ServerUpdateCustomEndpoint    = os.Getenv("TF_ACC_SERVER_UPDATE_CUSTOM_ENDPOINT")
+	ServiceAccountCustomEndpoint  = os.Getenv("TF_ACC_SERVICE_ACCOUNT_CUSTOM_ENDPOINT")
+	SKECustomEndpoint             = os.Getenv("TF_ACC_SKE_CUSTOM_ENDPOINT")
+)
+
+// Provider config helper functions
+
+func ObservabilityProviderConfig() string {
+	if ObservabilityCustomEndpoint == "" {
+		return `provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			observability_custom_endpoint = "%s"
+		}`,
+		ObservabilityCustomEndpoint,
+	)
+}
+
+func CdnProviderConfig() string {
+	if CdnCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			enable_beta_resources = true
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			cdn_custom_endpoint = "%s"
+			enable_beta_resources = true
+		}`,
+		CdnCustomEndpoint,
+	)
+}
+
+func DnsProviderConfig() string {
+	if DnsCustomEndpoint == "" {
+		return `provider "stackitprivatepreview" {}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			dns_custom_endpoint = "%s"
+		}`,
+		DnsCustomEndpoint,
+	)
+}
+
+func IaaSProviderConfig() string {
+	if IaaSCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			iaas_custom_endpoint = "%s"
+		}`,
+		IaaSCustomEndpoint,
+	)
+}
+
+func IaaSProviderConfigWithBetaResourcesEnabled() string {
+	if IaaSCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			enable_beta_resources = true
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			enable_beta_resources = true
+			iaas_custom_endpoint = "%s"
+		}`,
+		IaaSCustomEndpoint,
+	)
+}
+
+func IaaSProviderConfigWithExperiments() string {
+	if IaaSCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+  			experiments = [ "routing-tables", "network" ]
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			iaas_custom_endpoint = "%s"
+			experiments = [ "routing-tables", "network" ]
+		}`,
+		IaaSCustomEndpoint,
+	)
+}
+
+func KMSProviderConfig() string {
+	if KMSCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			kms_custom_endpoint = "%s"
+		}`,
+		KMSCustomEndpoint,
+	)
+}
+
+func LoadBalancerProviderConfig() string {
+	if LoadBalancerCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			loadbalancer_custom_endpoint = "%s"
+		}`,
+		LoadBalancerCustomEndpoint,
+	)
+}
+
+func LogMeProviderConfig() string {
+	if LogMeCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			logme_custom_endpoint = "%s"
+		}`,
+		LogMeCustomEndpoint,
+	)
+}
+
+func MariaDBProviderConfig() string {
+	if MariaDBCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			mariadb_custom_endpoint = "%s"
+		}`,
+		MariaDBCustomEndpoint,
+	)
+}
+
+func ModelServingProviderConfig() string {
+	if ModelServingCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}
+		`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			modelserving_custom_endpoint = "%s"
+		}`,
+		ModelServingCustomEndpoint,
+	)
+}
+
+func MongoDBFlexProviderConfig() string {
+	if MongoDBFlexCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			mongodbflex_custom_endpoint = "%s"
+		}`,
+		MongoDBFlexCustomEndpoint,
+	)
+}
+
+func ObjectStorageProviderConfig() string {
+	if ObjectStorageCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			objectstorage_custom_endpoint = "%s"
+		}`,
+		ObjectStorageCustomEndpoint,
+	)
+}
+
+func OpenSearchProviderConfig() string {
+	if OpenSearchCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			opensearch_custom_endpoint = "%s"
+		}`,
+		OpenSearchCustomEndpoint,
+	)
+}
+
+func PostgresFlexProviderConfig(saFile string) string {
+	if PostgresFlexCustomEndpoint == "" {
+		return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+            service_account_key_path = "%s"
+		}`, saFile)
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+            service_account_key_path = "%s"
+			postgresflex_custom_endpoint = "%s"
+		}`,
+		saFile,
+		PostgresFlexCustomEndpoint,
+	)
+}
+
+func RabbitMQProviderConfig() string {
+	if RabbitMQCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			rabbitmq_custom_endpoint = "%s"
+		}`,
+		RabbitMQCustomEndpoint,
+	)
+}
+
+func RedisProviderConfig() string {
+	if RedisCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			redis_custom_endpoint = "%s"
+		}`,
+		RedisCustomEndpoint,
+	)
+}
+
+func ResourceManagerProviderConfig() string {
+	key := GetTestProjectServiceAccountJson("")
+	if ResourceManagerCustomEndpoint == "" || AuthorizationCustomEndpoint == "" {
+		return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			service_account_key = "%s"
+		}`,
+			key,
+		)
+	}
+	return fmt.Sprintf(`
+	provider "stackitprivatepreview" {
+		resourcemanager_custom_endpoint = "%s"
+		authorization_custom_endpoint = "%s"
+		service_account_token = "%s"
+	}`,
+		ResourceManagerCustomEndpoint,
+		AuthorizationCustomEndpoint,
+		key,
+	)
+}
+
+func SecretsManagerProviderConfig() string {
+	if SecretsManagerCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			secretsmanager_custom_endpoint = "%s"
+		}`,
+		SecretsManagerCustomEndpoint,
+	)
+}
+
+func SQLServerFlexProviderConfig(saFile string) string {
+	if SQLServerFlexCustomEndpoint == "" {
+		return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+            service_account_key_path = "%s"
+		}`, saFile)
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+            service_account_key_path = "%s"
+			sqlserverflex_custom_endpoint = "%s"
+		}`,
+		saFile,
+		SQLServerFlexCustomEndpoint,
+	)
+}
+
+func ServerBackupProviderConfig() string {
+	if ServerBackupCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+			enable_beta_resources = true
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			server_backup_custom_endpoint = "%s"
+			enable_beta_resources = true
+		}`,
+		ServerBackupCustomEndpoint,
+	)
+}
+
+func ServerUpdateProviderConfig() string {
+	if ServerUpdateCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+			enable_beta_resources = true
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			server_update_custom_endpoint = "%s"
+			enable_beta_resources = true
+		}`,
+		ServerUpdateCustomEndpoint,
+	)
+}
+
+func SKEProviderConfig() string {
+	if SKECustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			ske_custom_endpoint = "%s"
+		}`,
+		SKECustomEndpoint,
+	)
+}
+
+func AuthorizationProviderConfig() string {
+	if AuthorizationCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+			experiments = ["iam"]
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			authorization_custom_endpoint = "%s"
+			experiments = ["iam"]
+		}`,
+		AuthorizationCustomEndpoint,
+	)
+}
+
+func ServiceAccountProviderConfig() string {
+	if ServiceAccountCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+			enable_beta_resources = true
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			service_account_custom_endpoint = "%s"
+			enable_beta_resources = true
+		}`,
+		ServiceAccountCustomEndpoint,
+	)
+}
+
+func GitProviderConfig() string {
+	if GitCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+			enable_beta_resources = true
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			git_custom_endpoint = "%s"
+			enable_beta_resources = true
+		}`,
+		GitCustomEndpoint,
+	)
+}
+
+func ScfProviderConfig() string {
+	if ScfCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+			scf_custom_endpoint = "%s"
+		}`,
+		ScfCustomEndpoint,
+	)
+}
+
+func ResourceNameWithDateTime(name string) string {
+	dateTime := time.Now().Format(time.RFC3339)
+	// Remove timezone to have a smaller datetime
+	dateTimeTrimmed, _, _ := strings.Cut(dateTime, "+")
+	return fmt.Sprintf("tf-acc-%s-%s", name, dateTimeTrimmed)
+}
+
+func GetTestProjectServiceAccountJson(path string) string {
+	var err error
+	token, tokenSet := os.LookupEnv("TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_JSON")
+	if !tokenSet || token == "" {
+		token, err = readTestServiceAccountJsonFromFile(path)
+		if err != nil {
+			return ""
+		}
+	}
+	return token
+}
+
+//func GetTestProjectServiceAccountToken(path string) string {
+//	var err error
+//	token, tokenSet := os.LookupEnv("TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN")
+//	if !tokenSet || token == "" {
+//		token, err = readTestTokenFromCredentialsFile(path)
+//		if err != nil {
+//			return ""
+//		}
+//	}
+//	return token
+//}
+//
+//func readTestTokenFromCredentialsFile(path string) (string, error) {
+//	if path == "" {
+//		customPath, customPathSet := os.LookupEnv("STACKIT_CREDENTIALS_PATH")
+//		if !customPathSet || customPath == "" {
+//			path = credentialsFilePath
+//			home, err := os.UserHomeDir()
+//			if err != nil {
+//				return "", fmt.Errorf("getting home directory: %w", err)
+//			}
+//			path = filepath.Join(home, path)
+//		} else {
+//			path = customPath
+//		}
+//	}
+//
+//	credentialsRaw, err := os.ReadFile(path)
+//	if err != nil {
+//		return "", fmt.Errorf("opening file: %w", err)
+//	}
+//
+//	var credentials struct {
+//		TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN string `json:"TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN"`
+//	}
+//	err = json.Unmarshal(credentialsRaw, &credentials)
+//	if err != nil {
+//		return "", fmt.Errorf("unmarshalling credentials: %w", err)
+//	}
+//	return credentials.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN, nil
+//}
+
+func readTestServiceAccountJsonFromFile(path string) (string, error) {
+	if path == "" {
+		customPath, customPathSet := os.LookupEnv("STACKIT_SERVICE_ACCOUNT_PATH")
+		if !customPathSet || customPath == "" {
+			path = serviceAccountFilePath
+			home, err := os.UserHomeDir()
+			if err != nil {
+				return "", fmt.Errorf("getting home directory: %w", err)
+			}
+			path = filepath.Join(home, path)
+		} else {
+			path = customPath
+		}
+	}
+
+	credentialsRaw, err := os.ReadFile(path)
+	if err != nil {
+		return "", fmt.Errorf("opening file: %w", err)
+	}
+	return string(credentialsRaw), nil
+}
+
+func getenv(key, defaultValue string) string {
+	val := os.Getenv(key)
+	if val == "" {
+		return defaultValue
+	}
+	return val
+}
+
+// CreateDefaultLocalFile is a helper for local_file_path. No real data is created
+func CreateDefaultLocalFile() os.File {
+	// Define the file name and size
+	fileName := "test-512k.img"
+	size := 512 * 1024 // 512 KB
+
+	// Create the file
+	file, err := os.Create(fileName)
+	if err != nil {
+		panic(err)
+	}
+
+	// Seek to the desired position (512 KB)
+	_, err = file.Seek(int64(size), 0)
+	if err != nil {
+		panic(err)
+	}
+
+	return *file
+}
+
+func ConvertConfigVariable(variable config.Variable) string {
+	tmpByteArray, _ := variable.MarshalJSON()
+	// In case the variable is a string, the quotes should be removed
+	if tmpByteArray[0] == '"' && tmpByteArray[len(tmpByteArray)-1] == '"' {
+		result := string(tmpByteArray[1 : len(tmpByteArray)-1])
+		// Replace escaped quotes which where added MarshalJSON
+		rawString := strings.ReplaceAll(result, `\"`, `"`)
+		return rawString
+	}
+	return string(tmpByteArray)
+}

internal/testutil/testutil_test.go.bak

@@ -0,0 +1,50 @@
+// Copyright (c) STACKIT
+
+package testutil
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/config"
+)
+
+func TestConvertConfigVariable(t *testing.T) {
+	tests := []struct {
+		name     string
+		variable config.Variable
+		want     string
+	}{
+		{
+			name:     "string",
+			variable: config.StringVariable("test"),
+			want:     "test",
+		},
+		{
+			name:     "bool: true",
+			variable: config.BoolVariable(true),
+			want:     "true",
+		},
+		{
+			name:     "bool: false",
+			variable: config.BoolVariable(false),
+			want:     "false",
+		},
+		{
+			name:     "integer",
+			variable: config.IntegerVariable(10),
+			want:     "10",
+		},
+		{
+			name:     "quoted string",
+			variable: config.StringVariable(`instance =~ ".*"`),
+			want:     `instance =~ ".*"`,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := ConvertConfigVariable(tt.variable); got != tt.want {
+				t.Errorf("ConvertConfigVariable() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

internal/testutils/activateMocks.go

@@ -0,0 +1,39 @@
+package testutils
+
+import (
+	"fmt"
+	"net/http"
+	"path/filepath"
+	"regexp"
+	"runtime"
+	"strings"
+
+	"github.com/jarcoal/httpmock"
+)
+
+func TestName() string {
+	pc, _, _, _ := runtime.Caller(1)
+	nameFull := runtime.FuncForPC(pc).Name()
+	nameEnd := filepath.Ext(nameFull)
+	name := strings.TrimPrefix(nameEnd, ".")
+	return name
+}
+
+func ActivateEnvironmentHttpMocks() {
+	httpmock.RegisterNoResponder(
+		func(req *http.Request) (*http.Response, error) {
+			return nil, fmt.Errorf("no responder found for %s %s, please check your http mocks", req.Method, req.URL)
+		},
+	)
+
+	httpmock.RegisterRegexpResponder(
+		"GET",
+		regexp.MustCompile(`^https://api\.bap\.microsoft\.com/providers/Microsoft\.BusinessAppPlatform/locations/(europe|unitedstates)/environmentLanguages\?api-version=2023-06-01$`),
+		func(_ *http.Request) (*http.Response, error) {
+			return httpmock.NewStringResponse(
+				http.StatusOK,
+				httpmock.File("../../services/languages/tests/datasource/Validate_Read/get_languages.json").String(),
+			), nil
+		},
+	)
+}

internal/testutils/functions.go

@@ -0,0 +1,129 @@
+package testutils
+
+import (
+	"bytes"
+	"fmt"
+	"log"
+	"os"
+	"path"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+	"text/template"
+)
+
+// GetHomeEnvVariableName Helper function to obtain the home directory on different systems.
+// Based on os.UserHomeDir().
+func GetHomeEnvVariableName() string {
+	env := "HOME"
+	switch runtime.GOOS {
+	case "windows":
+		env = "USERPROFILE"
+	case "plan9":
+		env = "home"
+	}
+	return env
+}
+
+// CreateTemporaryHome create temporary home and initialize the credentials file as well
+func CreateTemporaryHome(createValidCredentialsFile bool, t *testing.T) string {
+	// create a temporary file
+	tempHome, err := os.MkdirTemp("", "tempHome")
+	if err != nil {
+		t.Fatalf("Failed to create temporary home directory: %v", err)
+	}
+
+	// create credentials file in temp directory
+	stackitFolder := path.Join(tempHome, ".stackit")
+	if err := os.Mkdir(stackitFolder, 0o750); err != nil {
+		t.Fatalf("Failed to create stackit folder: %v", err)
+	}
+
+	filePath := path.Join(stackitFolder, "credentials.json")
+	file, err := os.Create(filePath)
+	if err != nil {
+		t.Fatalf("Failed to create credentials file: %v", err)
+	}
+	defer func() {
+		if err := file.Close(); err != nil {
+			t.Fatalf("Error while closing the file: %v", err)
+		}
+	}()
+
+	// Define content, default = invalid token
+	token := "foo_token"
+	if createValidCredentialsFile {
+		token = GetTestProjectServiceAccountJson("")
+	}
+	if _, err = file.WriteString(token); err != nil {
+		t.Fatalf("Error writing to file: %v", err)
+	}
+
+	return tempHome
+}
+
+// SetTemporaryHome Function to overwrite the home folder
+func SetTemporaryHome(tempHomePath string) {
+	env := GetHomeEnvVariableName()
+	if err := os.Setenv(env, tempHomePath); err != nil {
+		fmt.Printf("Error setting temporary home directory %v", err)
+	}
+}
+
+// CleanupTemporaryHome cleanup the temporary home and reset the environment variable
+func CleanupTemporaryHome(tempHomePath string, t *testing.T) {
+	if err := os.RemoveAll(tempHomePath); err != nil {
+		t.Fatalf("Error cleaning up temporary folder: %v", err)
+	}
+	originalHomeDir, err := os.UserHomeDir()
+	if err != nil {
+		t.Fatalf("Failed to restore home directory back to normal: %v", err)
+	}
+	// revert back to original home folder
+	env := GetHomeEnvVariableName()
+	if err := os.Setenv(env, originalHomeDir); err != nil {
+		fmt.Printf("Error resetting temporary home directory %v", err)
+	}
+}
+
+func ucFirst(s string) string {
+	if s == "" {
+		return ""
+	}
+	return strings.ToUpper(s[:1]) + s[1:]
+}
+
+func StringFromTemplateMust(tplFile string, data any) string {
+	res, err := StringFromTemplate(tplFile, data)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	return res
+}
+
+func StringFromTemplate(tplFile string, data any) (string, error) {
+	fn := template.FuncMap{
+		"ucfirst": ucFirst,
+	}
+
+	file := filepath.Base(tplFile)
+
+	tmpl, err := template.New(file).Funcs(fn).ParseFiles(tplFile)
+	if err != nil {
+		return "", err
+	}
+
+	tplBuf := &bytes.Buffer{}
+
+	err = tmpl.Execute(tplBuf, data)
+	if err != nil {
+		return "", err
+	}
+
+	return tplBuf.String(), nil
+}
+
+func ResStr(prefix, resource, name string) string {
+	return fmt.Sprintf("%s_%s.%s", prefix, resource, name)
+}

internal/testutils/helpers.go

@@ -0,0 +1,465 @@
+package testutils
+
+import (
+	"fmt"
+	"os"
+)
+
+var (
+	CdnCustomEndpoint             = os.Getenv("TF_ACC_CDN_CUSTOM_ENDPOINT")
+	DnsCustomEndpoint             = os.Getenv("TF_ACC_DNS_CUSTOM_ENDPOINT")
+	GitCustomEndpoint             = os.Getenv("TF_ACC_GIT_CUSTOM_ENDPOINT")
+	IaaSCustomEndpoint            = os.Getenv("TF_ACC_IAAS_CUSTOM_ENDPOINT")
+	KMSCustomEndpoint             = os.Getenv("TF_ACC_KMS_CUSTOM_ENDPOINT")
+	LoadBalancerCustomEndpoint    = os.Getenv("TF_ACC_LOADBALANCER_CUSTOM_ENDPOINT")
+	LogMeCustomEndpoint           = os.Getenv("TF_ACC_LOGME_CUSTOM_ENDPOINT")
+	MariaDBCustomEndpoint         = os.Getenv("TF_ACC_MARIADB_CUSTOM_ENDPOINT")
+	ModelServingCustomEndpoint    = os.Getenv("TF_ACC_MODELSERVING_CUSTOM_ENDPOINT")
+	AuthorizationCustomEndpoint   = os.Getenv("TF_ACC_authorization_custom_endpoint")
+	MongoDBFlexCustomEndpoint     = os.Getenv("TF_ACC_MONGODBFLEX_CUSTOM_ENDPOINT")
+	OpenSearchCustomEndpoint      = os.Getenv("TF_ACC_OPENSEARCH_CUSTOM_ENDPOINT")
+	ObservabilityCustomEndpoint   = os.Getenv("TF_ACC_OBSERVABILITY_CUSTOM_ENDPOINT")
+	ObjectStorageCustomEndpoint   = os.Getenv("TF_ACC_OBJECTSTORAGE_CUSTOM_ENDPOINT")
+	PostgresFlexCustomEndpoint    = os.Getenv("TF_ACC_POSTGRESFLEX_CUSTOM_ENDPOINT")
+	RabbitMQCustomEndpoint        = os.Getenv("TF_ACC_RABBITMQ_CUSTOM_ENDPOINT")
+	RedisCustomEndpoint           = os.Getenv("TF_ACC_REDIS_CUSTOM_ENDPOINT")
+	ResourceManagerCustomEndpoint = os.Getenv("TF_ACC_RESOURCEMANAGER_CUSTOM_ENDPOINT")
+	ScfCustomEndpoint             = os.Getenv("TF_ACC_SCF_CUSTOM_ENDPOINT")
+	SecretsManagerCustomEndpoint  = os.Getenv("TF_ACC_SECRETSMANAGER_CUSTOM_ENDPOINT")
+	SQLServerFlexCustomEndpoint   = os.Getenv("TF_ACC_SQLSERVERFLEX_CUSTOM_ENDPOINT")
+	ServerBackupCustomEndpoint    = os.Getenv("TF_ACC_SERVER_BACKUP_CUSTOM_ENDPOINT")
+	ServerUpdateCustomEndpoint    = os.Getenv("TF_ACC_SERVER_UPDATE_CUSTOM_ENDPOINT")
+	ServiceAccountCustomEndpoint  = os.Getenv("TF_ACC_SERVICE_ACCOUNT_CUSTOM_ENDPOINT")
+	SKECustomEndpoint             = os.Getenv("TF_ACC_SKE_CUSTOM_ENDPOINT")
+)
+
+func ObservabilityProviderConfig() string {
+	if ObservabilityCustomEndpoint == "" {
+		return `provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			observability_custom_endpoint = "%s"
+		}`,
+		ObservabilityCustomEndpoint,
+	)
+}
+
+func CdnProviderConfig() string {
+	if CdnCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			enable_beta_resources = true
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			cdn_custom_endpoint = "%s"
+			enable_beta_resources = true
+		}`,
+		CdnCustomEndpoint,
+	)
+}
+
+func DnsProviderConfig() string {
+	if DnsCustomEndpoint == "" {
+		return `provider "stackitprivatepreview" {}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			dns_custom_endpoint = "%s"
+		}`,
+		DnsCustomEndpoint,
+	)
+}
+
+func IaaSProviderConfig() string {
+	if IaaSCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			iaas_custom_endpoint = "%s"
+		}`,
+		IaaSCustomEndpoint,
+	)
+}
+
+func IaaSProviderConfigWithBetaResourcesEnabled() string {
+	if IaaSCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			enable_beta_resources = true
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			enable_beta_resources = true
+			iaas_custom_endpoint = "%s"
+		}`,
+		IaaSCustomEndpoint,
+	)
+}
+
+func IaaSProviderConfigWithExperiments() string {
+	if IaaSCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+  			experiments = [ "routing-tables", "network" ]
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			iaas_custom_endpoint = "%s"
+			experiments = [ "routing-tables", "network" ]
+		}`,
+		IaaSCustomEndpoint,
+	)
+}
+
+func KMSProviderConfig() string {
+	if KMSCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			kms_custom_endpoint = "%s"
+		}`,
+		KMSCustomEndpoint,
+	)
+}
+
+func LoadBalancerProviderConfig() string {
+	if LoadBalancerCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			loadbalancer_custom_endpoint = "%s"
+		}`,
+		LoadBalancerCustomEndpoint,
+	)
+}
+
+func LogMeProviderConfig() string {
+	if LogMeCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			logme_custom_endpoint = "%s"
+		}`,
+		LogMeCustomEndpoint,
+	)
+}
+
+func MariaDBProviderConfig() string {
+	if MariaDBCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			mariadb_custom_endpoint = "%s"
+		}`,
+		MariaDBCustomEndpoint,
+	)
+}
+
+func ModelServingProviderConfig() string {
+	if ModelServingCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}
+		`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			modelserving_custom_endpoint = "%s"
+		}`,
+		ModelServingCustomEndpoint,
+	)
+}
+
+func MongoDBFlexProviderConfig() string {
+	if MongoDBFlexCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			mongodbflex_custom_endpoint = "%s"
+		}`,
+		MongoDBFlexCustomEndpoint,
+	)
+}
+
+func ObjectStorageProviderConfig() string {
+	if ObjectStorageCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			objectstorage_custom_endpoint = "%s"
+		}`,
+		ObjectStorageCustomEndpoint,
+	)
+}
+
+func OpenSearchProviderConfig() string {
+	if OpenSearchCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			opensearch_custom_endpoint = "%s"
+		}`,
+		OpenSearchCustomEndpoint,
+	)
+}
+
+func PostgresFlexProviderConfig(saFile string) string {
+	if PostgresFlexCustomEndpoint == "" {
+		return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+            service_account_key_path = "%s"
+		}`, saFile)
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+            service_account_key_path = "%s"
+			postgresflex_custom_endpoint = "%s"
+		}`,
+		saFile,
+		PostgresFlexCustomEndpoint,
+	)
+}
+
+func RabbitMQProviderConfig() string {
+	if RabbitMQCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			rabbitmq_custom_endpoint = "%s"
+		}`,
+		RabbitMQCustomEndpoint,
+	)
+}
+
+func RedisProviderConfig() string {
+	if RedisCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			redis_custom_endpoint = "%s"
+		}`,
+		RedisCustomEndpoint,
+	)
+}
+
+func ResourceManagerProviderConfig() string {
+	key := GetTestProjectServiceAccountJson("")
+	if ResourceManagerCustomEndpoint == "" || AuthorizationCustomEndpoint == "" {
+		return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			service_account_key = "%s"
+		}`,
+			key,
+		)
+	}
+	return fmt.Sprintf(`
+	provider "stackitprivatepreview" {
+		resourcemanager_custom_endpoint = "%s"
+		authorization_custom_endpoint = "%s"
+		service_account_token = "%s"
+	}`,
+		ResourceManagerCustomEndpoint,
+		AuthorizationCustomEndpoint,
+		key,
+	)
+}
+
+func SecretsManagerProviderConfig() string {
+	if SecretsManagerCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			secretsmanager_custom_endpoint = "%s"
+		}`,
+		SecretsManagerCustomEndpoint,
+	)
+}
+
+func SQLServerFlexProviderConfig(saFile string) string {
+	if SQLServerFlexCustomEndpoint == "" {
+		return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+            service_account_key_path = "%s"
+		}`, saFile)
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+            service_account_key_path = "%s"
+			sqlserverflex_custom_endpoint = "%s"
+		}`,
+		saFile,
+		SQLServerFlexCustomEndpoint,
+	)
+}
+
+func ServerBackupProviderConfig() string {
+	if ServerBackupCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+			enable_beta_resources = true
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			server_backup_custom_endpoint = "%s"
+			enable_beta_resources = true
+		}`,
+		ServerBackupCustomEndpoint,
+	)
+}
+
+func ServerUpdateProviderConfig() string {
+	if ServerUpdateCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+			enable_beta_resources = true
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			server_update_custom_endpoint = "%s"
+			enable_beta_resources = true
+		}`,
+		ServerUpdateCustomEndpoint,
+	)
+}
+
+func SKEProviderConfig() string {
+	if SKECustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			ske_custom_endpoint = "%s"
+		}`,
+		SKECustomEndpoint,
+	)
+}
+
+func AuthorizationProviderConfig() string {
+	if AuthorizationCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+			experiments = ["iam"]
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			authorization_custom_endpoint = "%s"
+			experiments = ["iam"]
+		}`,
+		AuthorizationCustomEndpoint,
+	)
+}
+
+func ServiceAccountProviderConfig() string {
+	if ServiceAccountCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+			enable_beta_resources = true
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			service_account_custom_endpoint = "%s"
+			enable_beta_resources = true
+		}`,
+		ServiceAccountCustomEndpoint,
+	)
+}
+
+func GitProviderConfig() string {
+	if GitCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+			enable_beta_resources = true
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			git_custom_endpoint = "%s"
+			enable_beta_resources = true
+		}`,
+		GitCustomEndpoint,
+	)
+}
+
+func ScfProviderConfig() string {
+	if ScfCustomEndpoint == "" {
+		return `
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+		}`
+	}
+	return fmt.Sprintf(`
+		provider "stackitprivatepreview" {
+			default_region = "eu01"
+			scf_custom_endpoint = "%s"
+		}`,
+		ScfCustomEndpoint,
+	)
+}

internal/testutils/testutils.go

@@ -0,0 +1,219 @@
+package testutils
+
+import (
+	"fmt"
+	"log"
+	"log/slog"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-framework/providerserver"
+	"github.com/hashicorp/terraform-plugin-go/tfprotov6"
+	"github.com/hashicorp/terraform-plugin-testing/config"
+	"github.com/hashicorp/terraform-plugin-testing/echoprovider"
+	"github.com/joho/godotenv"
+
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit"
+)
+
+const (
+	// Default location of credentials JSON
+	// credentialsFilePath = ".stackit/credentials.json" //nolint:gosec // linter false positive
+	serviceAccountFilePath = ".stackit/service_account.json"
+)
+
+var (
+	// TestAccProtoV6ProviderFactories is used to instantiate a provider during
+	// acceptance testing. The factory function will be invoked for every Terraform
+	// CLI command executed to create a provider server to which the CLI can
+	// reattach.
+	TestAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){
+		"stackitprivatepreview": providerserver.NewProtocol6WithError(stackit.New("test-version")()),
+	}
+
+	// TestEphemeralAccProtoV6ProviderFactories is used to instantiate a provider during
+	// acceptance testing. The factory function will be invoked for every Terraform
+	// CLI command executed to create a provider server to which the CLI can
+	// reattach.
+	//
+	// See the Terraform acceptance test documentation on ephemeral resources for more information:
+	// https://developer.hashicorp.com/terraform/plugin/testing/acceptance-tests/ephemeral-resources
+	TestEphemeralAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){
+		"stackitprivatepreview": providerserver.NewProtocol6WithError(stackit.New("test-version")()),
+		"echo":                  echoprovider.NewProviderServer(),
+	}
+
+	// E2ETestsEnabled checks if end-to-end tests should be run.
+	// It is enabled when the TF_ACC environment variable is set to "1".
+	E2ETestsEnabled = os.Getenv("TF_ACC") == "1"
+	// OrganizationId is the id of organization used for tests
+	OrganizationId = os.Getenv("TF_ACC_ORGANIZATION_ID")
+	// ProjectId is the id of project used for tests
+	ProjectId = os.Getenv("TF_ACC_PROJECT_ID")
+	Region    = os.Getenv("TF_ACC_REGION")
+	// ServiceAccountFile is the json file of the service account
+	ServiceAccountFile = os.Getenv("TF_ACC_SERVICE_ACCOUNT_FILE")
+	// ServerId is the id of a server used for some tests
+	ServerId = getenv("TF_ACC_SERVER_ID", "")
+	// TestProjectParentContainerID is the container id of the parent resource under which projects are created as part of the resource-manager acceptance tests
+	TestProjectParentContainerID = os.Getenv("TF_ACC_TEST_PROJECT_PARENT_CONTAINER_ID")
+	// TestProjectParentUUID is the uuid of the parent resource under which projects are created as part of the resource-manager acceptance tests
+	TestProjectParentUUID = os.Getenv("TF_ACC_TEST_PROJECT_PARENT_UUID")
+	// TestProjectServiceAccountEmail is the e-mail of a service account with admin permissions on the organization under which projects are created as part of the resource-manager acceptance tests
+	TestProjectServiceAccountEmail = os.Getenv("TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL")
+	// TestProjectUserEmail is the e-mail of a user for the project created as part of the resource-manager acceptance tests
+	// Default email: acc-test@sa.stackit.cloud
+	TestProjectUserEmail = getenv("TF_ACC_TEST_PROJECT_USER_EMAIL", "acc-test@sa.stackit.cloud")
+	// TestImageLocalFilePath is the local path to an image file used for image acceptance tests
+	TestImageLocalFilePath = getenv("TF_ACC_TEST_IMAGE_LOCAL_FILE_PATH", "default")
+)
+
+func Setup() {
+	root, err := getRoot()
+	if err != nil {
+		log.Fatalln(err)
+	}
+	err = godotenv.Load(fmt.Sprintf("%s/.env", *root))
+	if err != nil {
+		slog.Info("could not find .env file - not loading .env")
+		return
+	}
+	slog.Info("loaded .env file", "path", *root)
+}
+
+func getRoot() (*string, error) {
+	cmd := exec.Command("git", "rev-parse", "--show-toplevel")
+	out, err := cmd.Output()
+	if err != nil {
+		return nil, err
+	}
+	lines := strings.Split(string(out), "\n")
+	return &lines[0], nil
+}
+
+func ResourceNameWithDateTime(name string) string {
+	dateTime := time.Now().Format(time.RFC3339)
+	// Remove timezone to have a smaller datetime
+	dateTimeTrimmed, _, _ := strings.Cut(dateTime, "+")
+	return fmt.Sprintf("tf-acc-%s-%s", name, dateTimeTrimmed)
+}
+
+func GetTestProjectServiceAccountJson(path string) string {
+	var err error
+	token, tokenSet := os.LookupEnv("TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_JSON")
+	if !tokenSet || token == "" {
+		token, err = readTestServiceAccountJsonFromFile(path)
+		if err != nil {
+			return ""
+		}
+	}
+	return token
+}
+
+// func GetTestProjectServiceAccountToken(path string) string {
+//	var err error
+//	token, tokenSet := os.LookupEnv("TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN")
+//	if !tokenSet || token == "" {
+//		token, err = readTestTokenFromCredentialsFile(path)
+//		if err != nil {
+//			return ""
+//		}
+//	}
+//	return token
+//}
+//
+// func readTestTokenFromCredentialsFile(path string) (string, error) {
+//	if path == "" {
+//		customPath, customPathSet := os.LookupEnv("STACKIT_CREDENTIALS_PATH")
+//		if !customPathSet || customPath == "" {
+//			path = credentialsFilePath
+//			home, err := os.UserHomeDir()
+//			if err != nil {
+//				return "", fmt.Errorf("getting home directory: %w", err)
+//			}
+//			path = filepath.Join(home, path)
+//		} else {
+//			path = customPath
+//		}
+//	}
+//
+//	credentialsRaw, err := os.ReadFile(path)
+//	if err != nil {
+//		return "", fmt.Errorf("opening file: %w", err)
+//	}
+//
+//	var credentials struct {
+//		TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN string `json:"TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN"`
+//	}
+//	err = json.Unmarshal(credentialsRaw, &credentials)
+//	if err != nil {
+//		return "", fmt.Errorf("unmarshalling credentials: %w", err)
+//	}
+//	return credentials.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN, nil
+//}
+
+func readTestServiceAccountJsonFromFile(path string) (string, error) {
+	if path == "" {
+		customPath, customPathSet := os.LookupEnv("STACKIT_SERVICE_ACCOUNT_PATH")
+		if !customPathSet || customPath == "" {
+			path = serviceAccountFilePath
+			home, err := os.UserHomeDir()
+			if err != nil {
+				return "", fmt.Errorf("getting home directory: %w", err)
+			}
+			path = filepath.Join(home, path)
+		} else {
+			path = customPath
+		}
+	}
+
+	credentialsRaw, err := os.ReadFile(path)
+	if err != nil {
+		return "", fmt.Errorf("opening file: %w", err)
+	}
+	return string(credentialsRaw), nil
+}
+
+func getenv(key, defaultValue string) string {
+	val := os.Getenv(key)
+	if val == "" {
+		return defaultValue
+	}
+	return val
+}
+
+// CreateDefaultLocalFile is a helper for local_file_path. No real data is created
+func CreateDefaultLocalFile() os.File {
+	// Define the file name and size
+	fileName := "test-512k.img"
+	size := 512 * 1024 // 512 KB
+
+	// Create the file
+	file, err := os.Create(fileName)
+	if err != nil {
+		panic(err)
+	}
+
+	// Seek to the desired position (512 KB)
+	_, err = file.Seek(int64(size), 0)
+	if err != nil {
+		panic(err)
+	}
+
+	return *file
+}
+
+func ConvertConfigVariable(variable config.Variable) string {
+	tmpByteArray, _ := variable.MarshalJSON()
+	// In case the variable is a string, the quotes should be removed
+	if tmpByteArray[0] == '"' && tmpByteArray[len(tmpByteArray)-1] == '"' {
+		result := string(tmpByteArray[1 : len(tmpByteArray)-1])
+		// Replace escaped quotes which where added MarshalJSON
+		rawString := strings.ReplaceAll(result, `\"`, `"`)
+		return rawString
+	}
+	return string(tmpByteArray)
+}

internal/testutils/testutils_test.go

@@ -0,0 +1,48 @@
+package testutils
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/config"
+)
+
+func TestConvertConfigVariable(t *testing.T) {
+	tests := []struct {
+		name     string
+		variable config.Variable
+		want     string
+	}{
+		{
+			name:     "string",
+			variable: config.StringVariable("test"),
+			want:     "test",
+		},
+		{
+			name:     "bool: true",
+			variable: config.BoolVariable(true),
+			want:     "true",
+		},
+		{
+			name:     "bool: false",
+			variable: config.BoolVariable(false),
+			want:     "false",
+		},
+		{
+			name:     "integer",
+			variable: config.IntegerVariable(10),
+			want:     "10",
+		},
+		{
+			name:     "quoted string",
+			variable: config.StringVariable(`instance =~ ".*"`),
+			want:     `instance =~ ".*"`,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := ConvertConfigVariable(tt.variable); got != tt.want {
+				t.Errorf("ConvertConfigVariable() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

main.go

@@ -0,0 +1,29 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-framework/providerserver"
+
+	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit"
+)
+
+var (
+	// goreleaser configuration will override this value
+	version string = "dev"
+)
+
+func main() {
+	var debug bool
+	flag.BoolVar(&debug, "debug", false, "allows debugging the provider")
+	flag.Parse()
+	err := providerserver.Serve(context.Background(), stackit.New(version), providerserver.ServeOpts{
+		Address: "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview",
+		Debug:   debug,
+	})
+	if err != nil {
+		log.Fatal(err.Error())
+	}
+}

sample/.gitignore

@@ -0,0 +1,7 @@
+*.json
+*.bak
+*.tfstate
+*.tfstate.backup
+terraform
+variables.tf
+*.tfrc

sample/config.tfrc.example

@@ -0,0 +1,10 @@
+provider_installation {
+   dev_overrides {
+      "registry.terraform.io/mhenselin/stackitprivatepreview" = "<CURRENT PROJECT PATH>/bin/"
+   }
+
+   # For all other providers, install them directly from their origin provider
+   # registries as normal. If you omit this, Terraform will _only_ use
+   # the dev_overrides block, and so no other providers will be available.
+   direct {}
+}

sample/postgres/outputs.tf

@@ -0,0 +1,4 @@
+
+output "postgres_flavor" {
+  value = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id
+}

sample/postgres/postresql.tf

@@ -0,0 +1,116 @@
+
+data "stackitprivatepreview_postgresflexalpha_flavor" "pgsql_flavor" {
+  project_id    = var.project_id
+  region        = "eu01"
+  cpu           = 2
+  ram           = 4
+  node_type     = "Single"
+  storage_class = "premium-perf2-stackit"
+}
+
+resource "stackitprivatepreview_postgresflexalpha_instance" "msh-sna-pe-example" {
+  project_id      = var.project_id
+  name            = "mshpetest2"
+  backup_schedule = "0 0 * * *"
+  retention_days  = 45
+  flavor_id       = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id
+  replicas        = 1
+  storage = {
+    # class = "premium-perf2-stackit"
+    performance_class = "premium-perf2-stackit"
+    size              = 10
+  }
+  encryption = {
+    #    key_id = stackit_kms_key.key.key_id
+    #    keyring_id = stackit_kms_keyring.keyring.keyring_id
+    kek_key_id      = var.key_id
+    kek_key_ring_id = var.keyring_id
+    kek_key_version = var.key_version
+    service_account = var.sa_email
+  }
+  network = {
+    acl          = ["0.0.0.0/0", "193.148.160.0/19", "170.85.2.177/32"]
+    access_scope = "PUBLIC"
+  }
+  version = 17
+}
+
+resource "stackitprivatepreview_postgresflexalpha_instance" "msh-sna-pe-example2" {
+  project_id      = var.project_id
+  name            = "mshpetest2-1"
+  backup_schedule = "0 0 * * *"
+  retention_days  = 45
+  flavor_id       = data.stackitprivatepreview_postgresflexalpha_flavor.pgsql_flavor.flavor_id
+  replicas        = 1
+  storage = {
+    # class = "premium-perf2-stackit"
+    performance_class = "premium-perf2-stackit"
+    size              = 10
+  }
+  encryption = {
+    #    key_id = stackit_kms_key.key.key_id
+    #    keyring_id = stackit_kms_keyring.keyring.keyring_id
+    kek_key_id      = var.key_id
+    kek_key_ring_id = var.keyring_id
+    kek_key_version = var.key_version
+    service_account = var.sa_email
+  }
+  network = {
+    acl          = ["0.0.0.0/0", "193.148.160.0/19", "170.85.2.177/32"]
+    access_scope = "SNA"
+  }
+  version = 16
+}
+
+resource "stackitprivatepreview_postgresflexalpha_user" "ptlsdbadminuser" {
+  project_id  = var.project_id
+  instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-sna-pe-example.instance_id
+  name    = var.db_admin_username
+  roles       = ["createdb", "login", "login"]
+  # roles     = ["createdb", "login", "createrole"]
+}
+
+resource "stackitprivatepreview_postgresflexalpha_user" "ptlsdbadminuser2" {
+  project_id  = var.project_id
+  instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-sna-pe-example2.instance_id
+  name    = var.db_admin_username
+  roles       = ["createdb", "login"]
+  # roles     = ["createdb", "login", "createrole"]
+}
+
+resource "stackitprivatepreview_postgresflexalpha_user" "ptlsdbuser" {
+  project_id  = var.project_id
+  instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-sna-pe-example.instance_id
+  name    = var.db_name
+  roles       = ["login"]
+  # roles     = ["createdb", "login", "createrole"]
+}
+
+resource "stackitprivatepreview_postgresflexalpha_database" "example" {
+  count       = 5
+  depends_on  = [stackitprivatepreview_postgresflexalpha_user.ptlsdbadminuser]
+  project_id  = var.project_id
+  instance_id = stackitprivatepreview_postgresflexalpha_instance.msh-sna-pe-example.instance_id
+  name        = "${var.db_name}${count.index}"
+  owner       = var.db_admin_username
+}
+
+# data "stackitprivatepreview_postgresflexalpha_instance" "datapsql" {
+#   project_id = var.project_id
+#   instance_id = var.instance_id
+#   region = "eu01"
+# }
+
+# output "psql_instance_id" {
+#   value = data.stackitprivatepreview_postgresflexalpha_instance.datapsql.instance_id
+# }
+
+output "psql_user_password" {
+  value     = stackitprivatepreview_postgresflexalpha_user.ptlsdbuser.password
+  sensitive = true
+}
+
+output "psql_user_conn" {
+  value     = stackitprivatepreview_postgresflexalpha_user.ptlsdbuser.connection_string
+  sensitive = true
+}

sample/postgres/providers.tf

@@ -0,0 +1,25 @@
+
+terraform {
+  required_providers {
+    # stackit = {
+    #   source  = "registry.terraform.io/stackitcloud/stackit"
+    #   version = "~> 0.70"
+    # }
+    stackitprivatepreview = {
+      source  = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview"
+      version = "> 0.0"
+    }
+  }
+}
+
+# provider "stackit" {
+#   default_region           = "eu01"
+#   enable_beta_resources    = true
+#   service_account_key_path = "./service_account.json"
+# }
+
+provider "stackitprivatepreview" {
+  default_region           = "eu01"
+  enable_beta_resources    = true
+  service_account_key_path = "../service_account.json"
+}

sample/postgres/variables.tf.example

@@ -0,0 +1,11 @@
+variable "project_id" {
+  default = "<PROJECT ID UUID>"
+}
+
+variable "sa_email" {
+  default = "<SERVICE ACCOUNT EMAIL>"
+}
+
+variable "db_username" {
+  default = "<DB USERNAME>"
+}

sample/sqlserver/flavor.tf

@@ -0,0 +1,13 @@
+
+data "stackitprivatepreview_sqlserverflexbeta_flavor" "sqlserver_flavor" {
+  project_id    = var.project_id
+  region        = "eu01"
+  cpu           = 4
+  ram           = 16
+  node_type     = "Single"
+  storage_class = "premium-perf2-stackit"
+}
+
+output "sqlserver_flavor" {
+  value = data.stackitprivatepreview_sqlserverflexbeta_flavor.sqlserver_flavor.flavor_id
+}

sample/sqlserver/providers.tf

@@ -0,0 +1,25 @@
+
+terraform {
+  required_providers {
+    # stackit = {
+    #   source  = "registry.terraform.io/stackitcloud/stackit"
+    #   version = "~> 0.70"
+    # }
+    stackitprivatepreview = {
+      source  = "tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview"
+      version = "> 0.0"
+    }
+  }
+}
+
+# provider "stackit" {
+#   default_region           = "eu01"
+#   enable_beta_resources    = true
+#   service_account_key_path = "../service_account.json"
+# }
+
+provider "stackitprivatepreview" {
+  default_region           = "eu01"
+  enable_beta_resources    = true
+  service_account_key_path = "../service_account.json"
+}

sample/sqlserver/sqlserver.tf

@@ -0,0 +1,63 @@
+# resource "stackit_kms_keyring" "keyring" {
+#   project_id   = var.project_id
+#   display_name = "msh-keyring01"
+#   description  = "This is a test keyring for private endpoints"
+# }
+#
+# resource "stackit_kms_key" "key" {
+#   project_id   = var.project_id
+#   keyring_id   = stackit_kms_keyring.keyring.keyring_id
+#   display_name = "msh-key01"
+#   protection   = "software"
+#   algorithm    = "aes_256_gcm"
+#   purpose      = "symmetric_encrypt_decrypt"
+#   access_scope = "SNA"
+# }
+#
+# output "keyid" {
+#   value = stackit_kms_key.key.key_id
+# }
+
+resource "stackitprivatepreview_sqlserverflexbeta_instance" "msh-beta-sna-001" {
+  project_id      = var.project_id
+  name            = "msh-beta-sna-001"
+  backup_schedule = "0 3 * * *"
+  retention_days  = 31
+  flavor_id       = data.stackitprivatepreview_sqlserverflexbeta_flavor.sqlserver_flavor.flavor_id
+  storage = {
+    class = "premium-perf2-stackit"
+    size  = 10
+  }
+  version = 2022
+  encryption = {
+    #key_id     = stackit_kms_key.key.key_id
+    #keyring_id = stackit_kms_keyring.keyring.keyring_id
+    #key_version     = 1
+    # key with scope public
+    # kek_key_id          = "fe039bcf-8d7b-431a-801d-9e81371a6b7b"
+    kek_key_id          = "c6878f92-ce55-4b79-8236-ba9d001d7967" # msh-k-001
+    # key_id          = var.key_id
+    # kek_key_ring_id      = var.keyring_id
+    kek_key_ring_id      = "0dea3f5f-9947-4dda-a9d3-18418832cefe" # msh-kr-sna01
+    kek_key_version     = var.key_version
+    service_account = var.sa_email
+  }
+  network = {
+    acl          = ["0.0.0.0/0", "193.148.160.0/19"]
+    access_scope = "SNA"
+  }
+}
+
+resource "stackitprivatepreview_sqlserverflexbeta_user" "betauser" {
+  project_id  = var.project_id
+  instance_id = stackitprivatepreview_sqlserverflexbeta_instance.msh-beta-sna-001.instance_id
+  username    = "betauser"
+  roles       = ["##STACKIT_DatabaseManager##", "##STACKIT_LoginManager##"]
+}
+
+resource "stackitprivatepreview_sqlserverflexbeta_database" "betadb" {
+  project_id    = var.project_id
+  instance_id   = stackitprivatepreview_sqlserverflexbeta_instance.msh-beta-sna-001.instance_id
+  name = "mshtest002"
+  owner = stackitprivatepreview_sqlserverflexbeta_user.betauser.username
+}

sample/sqlserver/variables.tf.example

@@ -0,0 +1,11 @@
+variable "project_id" {
+  default = "<PROJECT ID UUID>"
+}
+
+variable "sa_email" {
+  default = "<SERVICE ACCOUNT EMAIL>"
+}
+
+variable "db_username" {
+  default = "<DB USERNAME>"
+}

sample/tf.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+
+
+# ./tf.sh apply > >(tee -a stdout.log) 2> >(tee -a stderr.log >&2)
+
+usage() {
+  echo "$0 usage:" && grep "[[:space:]].)\ #" "$0" | sed 's/#//' | sed -r 's/([a-z])\)/-\1/';
+  exit 0;
+}
+
+[ $# -eq 0 ] && usage
+
+CONFIG_FOLDER=$(dirname "$0")
+BINARY=terraform
+
+ADD=""
+
+while getopts ":b:hdirt" arg; do
+  case $arg in
+    b) # Set binary (default is terraform).
+      BINARY=${OPTARG}
+      shift 2
+      ;;
+    d) # Set log level to DEBUG.
+      TF_LOG=DEBUG
+      export TF_LOG
+      shift
+      ;;
+    i) # Set log level to INFO.
+      TF_LOG=INFO
+      export TF_LOG
+      shift
+      ;;
+    r) # Set log level to INFO.
+      ADD="-refresh-only"
+      shift
+      ;;
+    t) # Set log level to TRACE.
+      TF_LOG=TRACE
+      export TF_LOG
+      shift
+      ;;
+    h | *) # Display help.
+      usage
+      ;;
+  esac
+done
+
+TERRAFORM_CONFIG=${CONFIG_FOLDER}/config.tfrc
+export TERRAFORM_CONFIG
+
+${BINARY} "$@" ${ADD}

scripts/check-docs.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+
+# This script is used to ensure for PRs the docs are up-to-date via the CI pipeline
+# Usage: ./check-docs.sh
+set -eo pipefail
+
+ROOT_DIR=$(git rev-parse --show-toplevel)
+
+before_hash=$(find docs -type f -exec sha256sum {} \; | sort | sha256sum | awk '{print $1}')
+
+# re-generate the docs
+"${ROOT_DIR}/scripts/tfplugindocs.sh"
+
+after_hash=$(find docs -type f -exec sha256sum {} \; | sort | sha256sum | awk '{print $1}')
+
+if [[ "$before_hash" == "$after_hash" ]]; then
+	echo "Docs are up-to-date"
+else 
+	echo "Changes detected. Docs are *not* up-to-date."
+	exit 1
+fi

scripts/project.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+
+# This script is used to manage the project, only used for installing the required tools for now
+# Usage: ./project.sh [action]
+# * tools: Install required tools to run the project
+set -eo pipefail
+
+ROOT_DIR=$(git rev-parse --show-toplevel)
+
+action=$1
+
+if [ "$action" = "help" ]; then
+    [ -f "$0".man ] && man "$0".man || echo "No help, please read the script in ${script}, we will add help later"
+elif [ "$action" = "tools" ]; then
+    cd ${ROOT_DIR}
+
+    go mod download
+
+    go install golang.org/x/tools/cmd/goimports@v0.42.0
+else
+    echo "Invalid action: '$action', please use $0 help for help"
+fi

scripts/replace.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+
+# Add replace directives to local files to go.work
+set -eo pipefail
+
+while getopts "s:" option; do
+    case "${option}" in
+        s)
+        SDK_DIR=${OPTARG}
+        ;;
+        
+        *)
+            echo "call: $0 [-s sdk-dir] <apis*>"
+            exit 0
+        ;;
+    esac
+done
+shift $((OPTIND-1))
+
+if [ -z "$SDK_DIR" ]; then
+    SDK_DIR=../stackit-sdk-generator/sdk-repo-updated
+    echo "No SDK_DIR set, using $SDK_DIR"
+fi
+
+
+if [ ! -f go.work ]; then
+    go work init
+    go work use .
+else
+    echo "go.work already exists"
+fi
+
+if [ $# -gt 0 ];then
+    # modules passed via commandline
+    for service in $*; do
+        if [ ! -d $SDK_DIR/services/$service ]; then
+            echo "service directory $SDK_DIR/services/$service does not exist"
+            exit 1
+        fi
+        echo "replacing selected service $service"
+        if [ "$service" = "core" ]; then
+            go work edit -replace github.com/stackitcloud/stackit-sdk-go/core=$SDK_DIR/core
+        else
+            go work edit -replace github.com/stackitcloud/stackit-sdk-go/services/$service=$SDK_DIR/services/$service
+        fi
+    done
+else
+    # replace all modules
+    echo "replacing all services"
+    go work edit -replace github.com/stackitcloud/stackit-sdk-go/core=$SDK_DIR/core
+    for n in $(find ${SDK_DIR}/services -name go.mod);do
+        service=$(dirname $n)
+        service=${service#${SDK_DIR}/services/}
+        go work edit -replace github.com/stackitcloud/stackit-sdk-go/services/$service=$(dirname $n)
+    done
+fi
+go work edit -fmt
+go work sync

scripts/tfplugindocs.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# Pre-requisites: tfplugindocs
+set -eo pipefail
+
+ROOT_DIR=$(git rev-parse --show-toplevel)
+EXAMPLES_DIR="${ROOT_DIR}/examples"
+PROVIDER_NAME="stackitprivatepreview"
+
+# Create a new empty directory for the docs
+if [ -d ${ROOT_DIR}/docs ]; then
+    rm -rf ${ROOT_DIR}/docs
+fi
+mkdir -p ${ROOT_DIR}/docs
+
+echo ">> Generating documentation"
+go run github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs generate \
+    --provider-name "stackitprivatepreview"

service_specs/postgres-flex/alpha/database_config.yml

@@ -0,0 +1,28 @@
+provider:
+  name: stackitprivatepreview
+
+resources:
+  database:
+    create:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/databases
+      method: POST
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/databases/{databaseId}
+      method: GET
+    update:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/databases/{databaseId}
+      method: PUT
+    delete:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/databases/{databaseId}
+      method: DELETE
+
+data_sources:
+  database:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/databases/{databaseId}
+      method: GET
+
+  databases:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/databases
+      method: GET

service_specs/postgres-flex/alpha/flavors_config.yml

@@ -0,0 +1,9 @@
+
+provider:
+  name: stackitprivatepreview
+
+data_sources:
+  flavors:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/flavors
+      method: GET

service_specs/postgres-flex/alpha/instance_config.yml

@@ -0,0 +1,35 @@
+
+provider:
+  name: stackitprivatepreview
+
+resources:
+  instance:
+    schema:
+      attributes:
+        name:
+          plan_modifiers:
+            - UseStateForUnknown
+
+    create:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances
+      method: POST
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}
+      method: GET
+    update:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}
+      method: PUT
+    delete:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}
+      method: DELETE
+
+data_sources:
+  instances:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances
+      method: GET
+
+  instance:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}
+      method: GET

service_specs/postgres-flex/alpha/role_config.yml

@@ -0,0 +1,9 @@
+
+provider:
+  name: stackitprivatepreview
+
+data_sources:
+  roles:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/roles
+      method: GET

service_specs/postgres-flex/alpha/user_config.yml

@@ -0,0 +1,29 @@
+
+provider:
+  name: stackitprivatepreview
+
+resources:
+  user:
+    create:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/users
+      method: POST
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/users/{userId}
+      method: GET
+    update:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/users/{userId}
+      method: PUT
+    delete:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/users/{userId}
+      method: DELETE
+
+data_sources:
+  users:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/users
+      method: GET
+
+  user:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/users/{userId}
+      method: GET

service_specs/postgres-flex/alpha/version_config.yml

@@ -0,0 +1,9 @@
+
+provider:
+  name: stackitprivatepreview
+
+data_sources:
+  versions:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/versions
+      method: GET

service_specs/sqlserverflex/alpha/backup_config.yml.disabled

@@ -0,0 +1,13 @@
+provider:
+  name: stackitprivatepreview
+
+data_sources:
+  backups:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/backups
+      method: GET
+
+  backup:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/backups/{backupId}
+      method: GET

service_specs/sqlserverflex/alpha/collation_config.yml.bak

@@ -0,0 +1,8 @@
+provider:
+  name: stackitprivatepreview
+
+data_sources:
+  collations:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/collations
+      method: GET

service_specs/sqlserverflex/alpha/database_config.yml

@@ -0,0 +1,34 @@
+provider:
+  name: stackitprivatepreview
+
+resources:
+  database:
+    create:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/databases
+      method: POST
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/databases/{databaseName}
+      method: GET
+    delete:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/databases/{databaseName}
+      method: DELETE
+    schema:
+      attributes:
+        aliases:
+          id: databaseId
+
+
+data_sources:
+  databases:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/databases
+      method: GET
+
+  database:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/databases/{databaseName}
+      method: GET
+    schema:
+      attributes:
+        aliases:
+          id: database_id

service_specs/sqlserverflex/alpha/flavors_config.yml

@@ -0,0 +1,9 @@
+
+provider:
+  name: stackitprivatepreview
+
+data_sources:
+  flavors:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/flavors
+      method: GET

service_specs/sqlserverflex/alpha/instance_config.yml

@@ -0,0 +1,28 @@
+provider:
+  name: stackitprivatepreview
+
+resources:
+  instance:
+    create:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances
+      method: POST
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}
+      method: GET
+    update:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}
+      method: PUT
+    delete:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}
+      method: DELETE
+
+data_sources:
+  instances:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances
+      method: GET
+
+  instance:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}
+      method: GET

service_specs/sqlserverflex/alpha/user_config.yml

@@ -0,0 +1,24 @@
+
+provider:
+  name: stackitprivatepreview
+
+resources:
+  user:
+    create:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/users
+      method: POST
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/users/{userId}
+      method: GET
+    update:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/users/{userId}
+      method: PUT
+    delete:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/users/{userId}
+      method: DELETE
+
+data_sources:
+  user:
+    read:
+      path: /v3alpha1/projects/{projectId}/regions/{region}/instances/{instanceId}/users
+      method: GET