From 6f130f58dd90d9f4410602944ac29666f19ac87d Mon Sep 17 00:00:00 2001 From: Manuel Vaas Date: Mon, 4 May 2026 17:44:52 +0200 Subject: [PATCH 1/4] removed duplicated acc testcases --- stackit/internal/services/dns/dns_acc_test.go | 9 -- .../internal/services/iaas/iaas_acc_test.go | 83 +++++-------------- .../internal/services/logs/logs_acc_test.go | 1 - stackit/internal/services/scf/scf_acc_test.go | 1 - .../serverupdate/serverupdate_acc_test.go | 3 - stackit/internal/services/ske/ske_acc_test.go | 4 - 6 files changed, 21 insertions(+), 80 deletions(-) diff --git a/stackit/internal/services/dns/dns_acc_test.go b/stackit/internal/services/dns/dns_acc_test.go index bfae27463..9b451893e 100644 --- a/stackit/internal/services/dns/dns_acc_test.go +++ b/stackit/internal/services/dns/dns_acc_test.go @@ -117,12 +117,9 @@ func TestAccDnsMinResource(t *testing.T) { resource.TestCheckResourceAttr("stackit_dns_zone.zone", "project_id", testutil.ProjectId), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "zone_id"), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "state"), - resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "primary_name_server"), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "serial_number"), - resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "state"), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "visibility"), - resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "zone_id"), // Record set data resource.TestCheckResourceAttrPair( "stackit_dns_record_set.record_set", "project_id", @@ -242,9 +239,7 @@ func TestAccDnsMinResource(t *testing.T) { resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "state"), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "primary_name_server"), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "serial_number"), - resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "state"), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "visibility"), - resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "zone_id"), // Record set data resource.TestCheckResourceAttrPair( "stackit_dns_record_set.record_set", "project_id", @@ -306,9 +301,7 @@ func TestAccDnsMaxResource(t *testing.T) { resource.TestCheckResourceAttr("stackit_dns_zone.zone", "type", testutil.ConvertConfigVariable(testConfigVarsMax["type"])), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "primary_name_server"), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "serial_number"), - resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "state"), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "visibility"), - resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "zone_id"), resource.TestCheckResourceAttrSet("stackit_dns_record_set.record_set", "record_set_id"), resource.TestCheckResourceAttr("stackit_dns_record_set.record_set", "name", testutil.ConvertConfigVariable(testConfigVarsMax["record_name"])), @@ -480,9 +473,7 @@ func TestAccDnsMaxResource(t *testing.T) { resource.TestCheckResourceAttr("stackit_dns_zone.zone", "type", testutil.ConvertConfigVariable(testConfigVarsMax["type"])), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "primary_name_server"), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "serial_number"), - resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "state"), resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "visibility"), - resource.TestCheckResourceAttrSet("stackit_dns_zone.zone", "zone_id"), // Record set data resource.TestCheckResourceAttrPair( "stackit_dns_record_set.record_set", "project_id", diff --git a/stackit/internal/services/iaas/iaas_acc_test.go b/stackit/internal/services/iaas/iaas_acc_test.go index ab27d2563..343ebf7bf 100644 --- a/stackit/internal/services/iaas/iaas_acc_test.go +++ b/stackit/internal/services/iaas/iaas_acc_test.go @@ -1048,7 +1048,7 @@ func TestAccNetworkAreaMin(t *testing.T) { Config: fmt.Sprintf(` %s %s - + data "stackit_network_area" "network_area" { organization_id = stackit_network_area.network_area.organization_id network_area_id = stackit_network_area.network_area.network_area_id @@ -1151,12 +1151,12 @@ func TestAccNetworkAreaMax(t *testing.T) { Config: fmt.Sprintf(` %s %s - + data "stackit_network_area" "network_area" { organization_id = stackit_network_area.network_area.organization_id network_area_id = stackit_network_area.network_area.network_area_id } - + data "stackit_network_area_route" "network_area_route" { organization_id = stackit_network_area.network_area.organization_id network_area_id = stackit_network_area.network_area.network_area_id @@ -1336,7 +1336,7 @@ func TestAccNetworkAreaRegionMin(t *testing.T) { Config: fmt.Sprintf(` %s %s - + data "stackit_network_area_region" "network_area_region" { organization_id = stackit_network_area_region.network_area_region.organization_id network_area_id = stackit_network_area_region.network_area_region.network_area_id @@ -1455,7 +1455,7 @@ func TestAccNetworkAreaRegionMax(t *testing.T) { Config: fmt.Sprintf(` %s %s - + data "stackit_network_area_region" "network_area_region" { organization_id = stackit_network_area_region.network_area_region.organization_id network_area_id = stackit_network_area_region.network_area_region.network_area_id @@ -1583,7 +1583,7 @@ func TestAccVolumeMin(t *testing.T) { Config: fmt.Sprintf(` %s %s - + data "stackit_volume" "volume_size" { project_id = stackit_volume.volume_size.project_id volume_id = stackit_volume.volume_size.volume_id @@ -1836,7 +1836,7 @@ func TestAccVolumeMax(t *testing.T) { Config: fmt.Sprintf(` %s %s - + data "stackit_volume" "volume_size" { project_id = stackit_volume.volume_size.project_id volume_id = stackit_volume.volume_size.volume_id @@ -1846,17 +1846,17 @@ func TestAccVolumeMax(t *testing.T) { project_id = stackit_volume.volume_source.project_id volume_id = stackit_volume.volume_source.volume_id } - + data "stackit_volume" "volume_encrypted_no_key_payload" { project_id = stackit_volume.volume_encrypted_no_key_payload.project_id volume_id = stackit_volume.volume_encrypted_no_key_payload.volume_id } - + data "stackit_volume" "volume_encrypted_with_regular_key_payload" { project_id = stackit_volume.volume_encrypted_with_regular_key_payload.project_id volume_id = stackit_volume.volume_encrypted_with_regular_key_payload.volume_id } - + data "stackit_volume" "volume_encrypted_with_write_only_key_payload" { project_id = stackit_volume.volume_encrypted_with_write_only_key_payload.project_id volume_id = stackit_volume.volume_encrypted_with_write_only_key_payload.volume_id @@ -2207,7 +2207,6 @@ func TestAccServerMin(t *testing.T) { resource.TestCheckNoResourceAttr("stackit_server.server", "boot_volume.performance_class"), resource.TestCheckResourceAttrSet("stackit_server.server", "boot_volume.size"), resource.TestCheckResourceAttrSet("stackit_server.server", "boot_volume.id"), - resource.TestCheckResourceAttr("stackit_server.server", "boot_volume.source_type", "image"), resource.TestCheckNoResourceAttr("stackit_server.server", "image_id"), resource.TestCheckResourceAttr("stackit_server.server", "labels.%", "0"), resource.TestCheckResourceAttrSet("stackit_server.server", "server_id"), @@ -2250,7 +2249,6 @@ func TestAccServerMin(t *testing.T) { resource.TestCheckNoResourceAttr("data.stackit_server.server", "boot_volume.source_id"), resource.TestCheckNoResourceAttr("data.stackit_server.server", "boot_volume.size"), resource.TestCheckNoResourceAttr("data.stackit_server.server", "boot_volume.performance_class"), - resource.TestCheckNoResourceAttr("data.stackit_server.server", "boot_volume.source_type"), resource.TestCheckResourceAttr("data.stackit_server.server", "boot_volume.delete_on_termination", "true"), resource.TestCheckResourceAttrPair( "data.stackit_server.server", "boot_volume.id", @@ -2312,7 +2310,6 @@ func TestAccServerMin(t *testing.T) { resource.TestCheckNoResourceAttr("stackit_server.server", "boot_volume.performance_class"), resource.TestCheckResourceAttrSet("stackit_server.server", "boot_volume.size"), resource.TestCheckResourceAttrSet("stackit_server.server", "boot_volume.id"), - resource.TestCheckResourceAttr("stackit_server.server", "boot_volume.source_type", "image"), resource.TestCheckNoResourceAttr("stackit_server.server", "image_id"), resource.TestCheckResourceAttr("stackit_server.server", "labels.%", "0"), resource.TestCheckResourceAttrSet("stackit_server.server", "server_id"), @@ -2966,7 +2963,7 @@ func TestAccAffinityGroupMin(t *testing.T) { Config: fmt.Sprintf(` %s %s - + data "stackit_affinity_group" "affinity_group" { project_id = stackit_affinity_group.affinity_group.project_id affinity_group_id = stackit_affinity_group.affinity_group.affinity_group_id @@ -3044,7 +3041,7 @@ func TestAccIaaSSecurityGroupMin(t *testing.T) { Config: fmt.Sprintf(` %s %s - + data "stackit_security_group" "security_group" { project_id = stackit_security_group.security_group.project_id security_group_id = stackit_security_group.security_group.security_group_id @@ -3193,10 +3190,6 @@ func TestAccIaaSSecurityGroupMax(t *testing.T) { resource.TestCheckResourceAttr("stackit_security_group_rule.security_group_rule", "ip_range", testutil.ConvertConfigVariable(testConfigSecurityGroupsVarsMax["ip_range"])), // Security Group Rule (icmp) - resource.TestCheckResourceAttrPair( - "stackit_security_group_rule.security_group_rule_icmp", "project_id", - "stackit_security_group.security_group", "project_id", - ), resource.TestCheckResourceAttrPair( "stackit_security_group_rule.security_group_rule_icmp", "security_group_id", "stackit_security_group.security_group", "security_group_id", @@ -3211,20 +3204,10 @@ func TestAccIaaSSecurityGroupMax(t *testing.T) { resource.TestCheckResourceAttr("stackit_security_group_rule.security_group_rule_icmp", "ip_range", testutil.ConvertConfigVariable(testConfigSecurityGroupsVarsMax["ip_range"])), // Security Group Rule (remote) - resource.TestCheckResourceAttrPair( - "stackit_security_group_rule.security_group_rule", "project_id", - "stackit_security_group.security_group", "project_id", - ), - resource.TestCheckResourceAttrPair( - "stackit_security_group_rule.security_group_rule", "security_group_id", - "stackit_security_group.security_group", "security_group_id", - ), resource.TestCheckResourceAttrPair( "stackit_security_group_rule.security_group_rule_remote_security_group", "remote_security_group_id", "stackit_security_group.security_group_remote", "security_group_id", ), - resource.TestCheckResourceAttrSet("stackit_security_group_rule.security_group_rule", "security_group_rule_id"), - resource.TestCheckResourceAttr("stackit_security_group_rule.security_group_rule", "direction", testutil.ConvertConfigVariable(testConfigSecurityGroupsVarsMax["direction"])), ), }, // Data source @@ -3233,7 +3216,7 @@ func TestAccIaaSSecurityGroupMax(t *testing.T) { Config: fmt.Sprintf(` %s %s - + data "stackit_security_group" "security_group" { project_id = stackit_security_group.security_group.project_id security_group_id = stackit_security_group.security_group.security_group_id @@ -3384,8 +3367,6 @@ func TestAccIaaSSecurityGroupMax(t *testing.T) { "data.stackit_security_group_rule.security_group_rule_remote_security_group", "remote_security_group_id", "data.stackit_security_group.security_group_remote", "security_group_id", ), - resource.TestCheckResourceAttrSet("data.stackit_security_group_rule.security_group_rule", "security_group_rule_id"), - resource.TestCheckResourceAttr("data.stackit_security_group_rule.security_group_rule", "direction", testutil.ConvertConfigVariable(testConfigSecurityGroupsVarsMax["direction"])), ), }, // Import @@ -3483,20 +3464,10 @@ func TestAccIaaSSecurityGroupMax(t *testing.T) { resource.TestCheckResourceAttr("stackit_security_group_rule.security_group_rule_icmp", "ip_range", testutil.ConvertConfigVariable(testConfigSecurityGroupsVarsMaxUpdated()["ip_range"])), // Security Group Rule (remote) - resource.TestCheckResourceAttrPair( - "stackit_security_group_rule.security_group_rule", "project_id", - "stackit_security_group.security_group", "project_id", - ), - resource.TestCheckResourceAttrPair( - "stackit_security_group_rule.security_group_rule", "security_group_id", - "stackit_security_group.security_group", "security_group_id", - ), resource.TestCheckResourceAttrPair( "stackit_security_group_rule.security_group_rule_remote_security_group", "remote_security_group_id", "stackit_security_group.security_group_remote", "security_group_id", ), - resource.TestCheckResourceAttrSet("stackit_security_group_rule.security_group_rule", "security_group_rule_id"), - resource.TestCheckResourceAttr("stackit_security_group_rule.security_group_rule", "direction", testutil.ConvertConfigVariable(testConfigSecurityGroupsVarsMaxUpdated()["direction"])), ), }, // Deletion is done by the framework implicitly @@ -4221,8 +4192,6 @@ func TestAccImageMin(t *testing.T) { resource.TestCheckResourceAttrSet("stackit_image.image", "scope"), resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.algorithm"), resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.digest"), - resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.algorithm"), - resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.digest"), ), }, // Data source @@ -4252,8 +4221,6 @@ func TestAccImageMin(t *testing.T) { resource.TestCheckResourceAttrSet("data.stackit_image.image", "scope"), resource.TestCheckResourceAttrSet("data.stackit_image.image", "checksum.algorithm"), resource.TestCheckResourceAttrSet("data.stackit_image.image", "checksum.digest"), - resource.TestCheckResourceAttrSet("data.stackit_image.image", "checksum.algorithm"), - resource.TestCheckResourceAttrSet("data.stackit_image.image", "checksum.digest"), ), }, // Import @@ -4289,8 +4256,6 @@ func TestAccImageMin(t *testing.T) { resource.TestCheckResourceAttrSet("stackit_image.image", "scope"), resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.algorithm"), resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.digest"), - resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.algorithm"), - resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.digest"), ), }, // Deletion is done by the framework implicitly @@ -4335,8 +4300,6 @@ func TestAccImageMax(t *testing.T) { resource.TestCheckResourceAttrSet("stackit_image.image", "scope"), resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.algorithm"), resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.digest"), - resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.algorithm"), - resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.digest"), ), }, // Data source @@ -4382,8 +4345,6 @@ func TestAccImageMax(t *testing.T) { resource.TestCheckResourceAttrSet("data.stackit_image.image", "scope"), resource.TestCheckResourceAttrSet("data.stackit_image.image", "checksum.algorithm"), resource.TestCheckResourceAttrSet("data.stackit_image.image", "checksum.digest"), - resource.TestCheckResourceAttrSet("data.stackit_image.image", "checksum.algorithm"), - resource.TestCheckResourceAttrSet("data.stackit_image.image", "checksum.digest"), ), }, // Import @@ -4435,8 +4396,6 @@ func TestAccImageMax(t *testing.T) { resource.TestCheckResourceAttrSet("stackit_image.image", "scope"), resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.algorithm"), resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.digest"), - resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.algorithm"), - resource.TestCheckResourceAttrSet("stackit_image.image", "checksum.digest"), ), }, // Deletion is done by the framework implicitly @@ -4717,14 +4676,14 @@ func TestAccRoutingTableMin(t *testing.T) { Config: fmt.Sprintf(` %s %s - + # single routing table data "stackit_routing_table" "routing_table" { organization_id = stackit_routing_table.routing_table.organization_id network_area_id = stackit_network_area.network_area.network_area_id routing_table_id = stackit_routing_table.routing_table.routing_table_id } - + # all routing tables in network area data "stackit_routing_tables" "routing_tables" { organization_id = stackit_routing_table.routing_table.organization_id @@ -4901,14 +4860,14 @@ func TestAccRoutingTableMax(t *testing.T) { Config: fmt.Sprintf(` %s %s - + # single routing table data "stackit_routing_table" "routing_table" { organization_id = stackit_routing_table.routing_table.organization_id network_area_id = stackit_routing_table.routing_table.network_area_id routing_table_id = stackit_routing_table.routing_table.routing_table_id } - + # all routing tables in network area data "stackit_routing_tables" "routing_tables" { organization_id = stackit_routing_table.routing_table.organization_id @@ -5095,7 +5054,7 @@ func TestAccRoutingTableRouteMin(t *testing.T) { Config: fmt.Sprintf(` %s %s - + # single routing table route data "stackit_routing_table_route" "route" { organization_id = stackit_routing_table_route.route.organization_id @@ -5103,7 +5062,7 @@ func TestAccRoutingTableRouteMin(t *testing.T) { routing_table_id = stackit_routing_table_route.route.routing_table_id route_id = stackit_routing_table_route.route.route_id } - + # all routing table routes in routing table data "stackit_routing_table_routes" "routes" { organization_id = stackit_routing_table_route.route.organization_id @@ -5294,7 +5253,7 @@ func TestAccRoutingTableRouteMax(t *testing.T) { Config: fmt.Sprintf(` %s %s - + # single routing table route data "stackit_routing_table_route" "route" { organization_id = stackit_routing_table_route.route.organization_id @@ -5302,7 +5261,7 @@ func TestAccRoutingTableRouteMax(t *testing.T) { routing_table_id = stackit_routing_table_route.route.routing_table_id route_id = stackit_routing_table_route.route.route_id } - + # all routing table routes in routing table data "stackit_routing_table_routes" "routes" { organization_id = stackit_routing_table_route.route.organization_id diff --git a/stackit/internal/services/logs/logs_acc_test.go b/stackit/internal/services/logs/logs_acc_test.go index 546429a95..9130a715c 100644 --- a/stackit/internal/services/logs/logs_acc_test.go +++ b/stackit/internal/services/logs/logs_acc_test.go @@ -531,7 +531,6 @@ func TestAccLogsAccessTokenMax(t *testing.T) { resource.TestCheckResourceAttr("stackit_logs_access_token.accessToken", "description", testutil.ConvertConfigVariable(testConfigAccessTokenVarsMax["description"])), resource.TestCheckResourceAttr("stackit_logs_access_token.accessToken", "lifetime", testutil.ConvertConfigVariable(testConfigAccessTokenVarsMax["lifetime"])), resource.TestCheckResourceAttrSet("stackit_logs_access_token.accessToken", "id"), - resource.TestCheckResourceAttrSet("stackit_logs_access_token.accessToken", "access_token_id"), resource.TestCheckResourceAttrSet("stackit_logs_access_token.accessToken", "creator"), resource.TestCheckResourceAttrSet("stackit_logs_access_token.accessToken", "access_token"), resource.TestCheckResourceAttr("stackit_logs_access_token.accessToken", "expires", testutil.ConvertConfigVariable(testConfigAccessTokenVarsMax["expires"])), diff --git a/stackit/internal/services/scf/scf_acc_test.go b/stackit/internal/services/scf/scf_acc_test.go index 45d630ee2..94e6d7604 100644 --- a/stackit/internal/services/scf/scf_acc_test.go +++ b/stackit/internal/services/scf/scf_acc_test.go @@ -339,7 +339,6 @@ func TestAccScfOrgMax(t *testing.T) { ), resource.TestCheckResourceAttr("data.stackit_scf_platform.platform", "display_name", platformName), resource.TestCheckResourceAttr("data.stackit_scf_platform.platform", "system_id", platformSystemId), - resource.TestCheckResourceAttr("data.stackit_scf_platform.platform", "display_name", platformName), resource.TestCheckResourceAttr("data.stackit_scf_platform.platform", "region", region), resource.TestCheckResourceAttr("data.stackit_scf_platform.platform", "api_url", platformApiUrl), resource.TestCheckResourceAttrWith("data.stackit_scf_platform.platform", "console_url", testutil.CheckAttrHasPrefix(platformConsoleUrl)), diff --git a/stackit/internal/services/serverupdate/serverupdate_acc_test.go b/stackit/internal/services/serverupdate/serverupdate_acc_test.go index 9e5959167..802c34c5f 100644 --- a/stackit/internal/services/serverupdate/serverupdate_acc_test.go +++ b/stackit/internal/services/serverupdate/serverupdate_acc_test.go @@ -220,9 +220,6 @@ func TestAccServerUpdateScheduleMaxResource(t *testing.T) { resource.TestCheckResourceAttr("stackit_server_update_schedule.test_schedule", "enabled", testutil.ConvertConfigVariable(testConfigVarsMax["enabled"])), resource.TestCheckResourceAttr("stackit_server_update_schedule.test_schedule", "region", testutil.Region), - // server - resource.TestCheckResourceAttrSet("stackit_server_update_schedule.test_schedule", "server_id"), - // enable resource.TestCheckResourceAttrSet("stackit_server_update_enable.enable", "server_id"), resource.TestCheckResourceAttr("stackit_server_update_enable.enable", "enabled", "true"), diff --git a/stackit/internal/services/ske/ske_acc_test.go b/stackit/internal/services/ske/ske_acc_test.go index 4a9fb5243..0efaff3ee 100644 --- a/stackit/internal/services/ske/ske_acc_test.go +++ b/stackit/internal/services/ske/ske_acc_test.go @@ -184,7 +184,6 @@ func TestAccSKEMin(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "maintenance.start", testutil.ConvertConfigVariable(testConfigVarsMax["maintenance_start"])), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "maintenance.end", testutil.ConvertConfigVariable(testConfigVarsMax["maintenance_end"])), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "region"), - resource.TestCheckResourceAttrSet("data.stackit_ske_cluster.cluster", "kubernetes_version_used"), resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMin["network_control_plane_access_scope"])), ), }, @@ -396,9 +395,6 @@ func TestAccSKEMax(t *testing.T) { resource.TestCheckResourceAttrSet("data.stackit_ske_cluster.cluster", "egress_address_ranges.0"), resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "pod_address_ranges.#", "1"), resource.TestCheckResourceAttrSet("data.stackit_ske_cluster.cluster", "pod_address_ranges.0"), - - resource.TestCheckResourceAttrSet("data.stackit_ske_cluster.cluster", "kubernetes_version_used"), - resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMax["network_control_plane_access_scope"])), ), }, From b9bfe156dc006aaa87b60e5d12f220ad4d889db8 Mon Sep 17 00:00:00 2001 From: Manuel Vaas Date: Mon, 4 May 2026 17:47:05 +0200 Subject: [PATCH 2/4] gosec - flag false positive hardcoded credentials --- golang-ci.yaml | 1 - .../internal/services/access_token/ephemeral_resource_test.go | 2 +- stackit/internal/services/cdn/distribution/resource.go | 2 +- stackit/internal/services/iaas/image/resource.go | 2 +- stackit/internal/services/logme/credential/datasource.go | 2 +- stackit/internal/services/logme/credential/resource.go | 2 +- stackit/internal/services/mariadb/credential/datasource.go | 2 +- stackit/internal/services/mariadb/credential/resource.go | 2 +- .../internal/services/objectstorage/credential/datasource.go | 2 +- stackit/internal/services/objectstorage/credential/resource.go | 2 +- stackit/internal/services/opensearch/credential/datasource.go | 2 +- stackit/internal/services/opensearch/credential/resource.go | 2 +- stackit/internal/services/rabbitmq/credential/datasource.go | 2 +- stackit/internal/services/rabbitmq/credential/resource.go | 2 +- stackit/internal/services/redis/credential/datasource.go | 2 +- stackit/internal/services/redis/credential/resource.go | 2 +- stackit/internal/testutil/testutil_test.go | 2 +- stackit/provider.go | 2 +- 18 files changed, 17 insertions(+), 18 deletions(-) diff --git a/golang-ci.yaml b/golang-ci.yaml index 1bfd93ba1..4f7cabb17 100644 --- a/golang-ci.yaml +++ b/golang-ci.yaml @@ -48,7 +48,6 @@ linters: gosec: excludes: # Suppressions: (see https://github.com/securego/gosec#available-rules for details) - - G101 # "Look for hardcoded credentials" -> a lot of false positives in descriptions for resources like mariadb/credential - G104 # "Audit errors not checked" -> which we don't need and is a badly implemented version of errcheck - G102 # "Bind to all interfaces" -> since this is normal in k8s - G304 # "File path provided as taint input" -> too many false positives diff --git a/stackit/internal/services/access_token/ephemeral_resource_test.go b/stackit/internal/services/access_token/ephemeral_resource_test.go index 92301ced1..714df2abf 100644 --- a/stackit/internal/services/access_token/ephemeral_resource_test.go +++ b/stackit/internal/services/access_token/ephemeral_resource_test.go @@ -30,7 +30,7 @@ func startMockTokenServer() *httptest.Server { Scope: "mock_scope", } w.Header().Set("Content-Type", "application/json") - _ = json.NewEncoder(w).Encode(resp) // nolint:gosec // mock_access_token is not sensitive information + _ = json.NewEncoder(w).Encode(resp) //nolint:gosec // no secret, just a mock }) return httptest.NewServer(handler) } diff --git a/stackit/internal/services/cdn/distribution/resource.go b/stackit/internal/services/cdn/distribution/resource.go index 0e6acca3f..4ba680ea5 100644 --- a/stackit/internal/services/cdn/distribution/resource.go +++ b/stackit/internal/services/cdn/distribution/resource.go @@ -140,7 +140,7 @@ type backend struct { } type backendCredentials struct { - AccessKey *string `tfsdk:"access_key_id"` + AccessKey *string `tfsdk:"access_key_id"` //nolint:gosec // AccessKey should be exported from this struct SecretKey *string `tfsdk:"secret_access_key"` } diff --git a/stackit/internal/services/iaas/image/resource.go b/stackit/internal/services/iaas/image/resource.go index ad11af6d3..4e146a57c 100644 --- a/stackit/internal/services/iaas/image/resource.go +++ b/stackit/internal/services/iaas/image/resource.go @@ -884,7 +884,7 @@ func uploadImage(ctx context.Context, diags *diag.Diagnostics, filePath, uploadU req.ContentLength = stat.Size() client := &http.Client{} - resp, err := client.Do(req) + resp, err := client.Do(req) //nolint:gosec // file upload if err != nil { return fmt.Errorf("upload image: %w", err) } diff --git a/stackit/internal/services/logme/credential/datasource.go b/stackit/internal/services/logme/credential/datasource.go index 5897dd290..3b1eb03e9 100644 --- a/stackit/internal/services/logme/credential/datasource.go +++ b/stackit/internal/services/logme/credential/datasource.go @@ -57,7 +57,7 @@ func (r *credentialDataSource) Configure(ctx context.Context, req datasource.Con // Schema defines the schema for the data source. func (r *credentialDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // description for credential id "main": "LogMe credential data source schema. Must have a `region` specified in the provider configuration.", "id": "Terraform's internal data source. identifier. It is structured as \"`project_id`,`instance_id`,`credential_id`\".", "credential_id": "The credential's ID.", diff --git a/stackit/internal/services/logme/credential/resource.go b/stackit/internal/services/logme/credential/resource.go index 7fd0b5c19..d1d90f79a 100644 --- a/stackit/internal/services/logme/credential/resource.go +++ b/stackit/internal/services/logme/credential/resource.go @@ -80,7 +80,7 @@ func (r *credentialResource) Configure(ctx context.Context, req resource.Configu // Schema defines the schema for the resource. func (r *credentialResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // description for credential id "main": "LogMe credential resource schema. Must have a `region` specified in the provider configuration.", "id": "Terraform's internal resource identifier. It is structured as \"`project_id`,`instance_id`,`credential_id`\".", "credential_id": "The credential's ID.", diff --git a/stackit/internal/services/mariadb/credential/datasource.go b/stackit/internal/services/mariadb/credential/datasource.go index 48f2e8d82..03b7dd9ad 100644 --- a/stackit/internal/services/mariadb/credential/datasource.go +++ b/stackit/internal/services/mariadb/credential/datasource.go @@ -58,7 +58,7 @@ func (r *credentialDataSource) Configure(ctx context.Context, req datasource.Con // Schema defines the schema for the data source. func (r *credentialDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // description for credential id "main": "MariaDB credential data source schema. Must have a `region` specified in the provider configuration.", "id": "Terraform's internal data source. identifier. It is structured as \"`project_id`,`instance_id`,`credential_id`\".", "credential_id": "The credential's ID.", diff --git a/stackit/internal/services/mariadb/credential/resource.go b/stackit/internal/services/mariadb/credential/resource.go index 2cafdaf4f..fd3a7c11c 100644 --- a/stackit/internal/services/mariadb/credential/resource.go +++ b/stackit/internal/services/mariadb/credential/resource.go @@ -80,7 +80,7 @@ func (r *credentialResource) Configure(ctx context.Context, req resource.Configu // Schema defines the schema for the resource. func (r *credentialResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // description for credential id "main": "MariaDB credential resource schema. Must have a `region` specified in the provider configuration.", "id": "Terraform's internal resource identifier. It is structured as \"`project_id`,`instance_id`,`credential_id`\".", "credential_id": "The credential's ID.", diff --git a/stackit/internal/services/objectstorage/credential/datasource.go b/stackit/internal/services/objectstorage/credential/datasource.go index 7c1da2e98..9d8b96a3b 100644 --- a/stackit/internal/services/objectstorage/credential/datasource.go +++ b/stackit/internal/services/objectstorage/credential/datasource.go @@ -69,7 +69,7 @@ func (r *credentialDataSource) Configure(ctx context.Context, req datasource.Con // Schema defines the schema for the datasource. func (r *credentialDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // description for credential id "main": "ObjectStorage credential data source schema. Must have a `region` specified in the provider configuration.", "id": "Terraform's internal resource identifier. It is structured as \"`project_id`,`region`,`credentials_group_id`,`credential_id`\".", "credential_id": "The credential ID.", diff --git a/stackit/internal/services/objectstorage/credential/resource.go b/stackit/internal/services/objectstorage/credential/resource.go index 5026e2413..ec491e86f 100644 --- a/stackit/internal/services/objectstorage/credential/resource.go +++ b/stackit/internal/services/objectstorage/credential/resource.go @@ -152,7 +152,7 @@ func (r *credentialResource) Configure(ctx context.Context, req resource.Configu // Schema defines the schema for the resource. func (r *credentialResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // description for credential id "main": "ObjectStorage credential resource schema. Must have a `region` specified in the provider configuration.", "id": "Terraform's internal resource identifier. It is structured as \"`project_id`,`region`,`credentials_group_id`,`credential_id`\".", "credential_id": "The credential ID.", diff --git a/stackit/internal/services/opensearch/credential/datasource.go b/stackit/internal/services/opensearch/credential/datasource.go index 2b463d065..6d88ff040 100644 --- a/stackit/internal/services/opensearch/credential/datasource.go +++ b/stackit/internal/services/opensearch/credential/datasource.go @@ -58,7 +58,7 @@ func (r *credentialDataSource) Configure(ctx context.Context, req datasource.Con // Schema defines the schema for the data source. func (r *credentialDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // description for credential id "main": "OpenSearch credential data source schema. Must have a `region` specified in the provider configuration.", "id": "Terraform's internal data source. identifier. It is structured as \"`project_id`,`instance_id`,`credential_id`\".", "credential_id": "The credential's ID.", diff --git a/stackit/internal/services/opensearch/credential/resource.go b/stackit/internal/services/opensearch/credential/resource.go index ad3c62f4a..542c8a0d3 100644 --- a/stackit/internal/services/opensearch/credential/resource.go +++ b/stackit/internal/services/opensearch/credential/resource.go @@ -80,7 +80,7 @@ func (r *credentialResource) Configure(ctx context.Context, req resource.Configu // Schema defines the schema for the resource. func (r *credentialResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // description for credential id "main": "OpenSearch credential resource schema. Must have a `region` specified in the provider configuration.", "id": "Terraform's internal resource identifier. It is structured as \"`project_id`,`instance_id`,`credential_id`\".", "credential_id": "The credential's ID.", diff --git a/stackit/internal/services/rabbitmq/credential/datasource.go b/stackit/internal/services/rabbitmq/credential/datasource.go index fa6ddce34..d1e91b1c2 100644 --- a/stackit/internal/services/rabbitmq/credential/datasource.go +++ b/stackit/internal/services/rabbitmq/credential/datasource.go @@ -58,7 +58,7 @@ func (r *credentialDataSource) Configure(ctx context.Context, req datasource.Con // Schema defines the schema for the data source. func (r *credentialDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // description for credential id "main": "RabbitMQ credential data source schema. Must have a `region` specified in the provider configuration.", "id": "Terraform's internal data source. identifier. It is structured as \"`project_id`,`instance_id`,`credential_id`\".", "credential_id": "The credential's ID.", diff --git a/stackit/internal/services/rabbitmq/credential/resource.go b/stackit/internal/services/rabbitmq/credential/resource.go index f75591eb7..cf9be1e50 100644 --- a/stackit/internal/services/rabbitmq/credential/resource.go +++ b/stackit/internal/services/rabbitmq/credential/resource.go @@ -83,7 +83,7 @@ func (r *credentialResource) Configure(ctx context.Context, req resource.Configu // Schema defines the schema for the resource. func (r *credentialResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // description for credential id "main": "RabbitMQ credential resource schema. Must have a `region` specified in the provider configuration.", "id": "Terraform's internal resource identifier. It is structured as \"`project_id`,`instance_id`,`credential_id`\".", "credential_id": "The credential's ID.", diff --git a/stackit/internal/services/redis/credential/datasource.go b/stackit/internal/services/redis/credential/datasource.go index c135b36bd..ed7a8aaaf 100644 --- a/stackit/internal/services/redis/credential/datasource.go +++ b/stackit/internal/services/redis/credential/datasource.go @@ -58,7 +58,7 @@ func (r *credentialDataSource) Configure(ctx context.Context, req datasource.Con // Schema defines the schema for the data source. func (r *credentialDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // description for credential id "main": "Redis credential data source schema. Must have a `region` specified in the provider configuration.", "id": "Terraform's internal data source. identifier. It is structured as \"`project_id`,`instance_id`,`credential_id`\".", "credential_id": "The credential's ID.", diff --git a/stackit/internal/services/redis/credential/resource.go b/stackit/internal/services/redis/credential/resource.go index 3712c5b1c..6b333b0b8 100644 --- a/stackit/internal/services/redis/credential/resource.go +++ b/stackit/internal/services/redis/credential/resource.go @@ -80,7 +80,7 @@ func (r *credentialResource) Configure(ctx context.Context, req resource.Configu // Schema defines the schema for the resource. func (r *credentialResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // description for credential id "main": "Redis credential resource schema. Must have a `region` specified in the provider configuration.", "id": "Terraform's internal resource identifier. It is structured as \"`project_id`,`instance_id`,`credential_id`\".", "credential_id": "The credential's ID.", diff --git a/stackit/internal/testutil/testutil_test.go b/stackit/internal/testutil/testutil_test.go index ec430c3c7..d4dd144f3 100644 --- a/stackit/internal/testutil/testutil_test.go +++ b/stackit/internal/testutil/testutil_test.go @@ -173,7 +173,7 @@ func TestConfigBuilderClientOptions(t *testing.T) { name: "custom token endpoint", builder: NewConfigBuilder(). CustomEndpoint(TokenCustomEndpoint, "http://token.example.com"), - want: sdkConf.Configuration{ + want: sdkConf.Configuration{ //nolint:gosec // no hardcoded credentials, just for testcases TokenCustomUrl: "http://token.example.com", }, }, diff --git a/stackit/provider.go b/stackit/provider.go index 01b56db9c..81d54af59 100644 --- a/stackit/provider.go +++ b/stackit/provider.go @@ -205,7 +205,7 @@ type providerModel struct { // Schema defines the provider-level schema for configuration data. func (p *Provider) Schema(_ context.Context, _ provider.SchemaRequest, resp *provider.SchemaResponse) { - descriptions := map[string]string{ + descriptions := map[string]string{ //nolint:gosec // descriptions "credentials_path": "Path of JSON from where the credentials are read. Takes precedence over the env var `STACKIT_CREDENTIALS_PATH`. Default value is `~/.stackit/credentials.json`.", "service_account_token": "Token used for authentication. If set, the token flow will be used to authenticate all operations.", "service_account_key_path": "Path for the service account key used for authentication. If set, the key flow will be used to authenticate all operations.", From cd6b3dbbc4a34b50a194ee3bad761bd45f4c2883 Mon Sep 17 00:00:00 2001 From: Manuel Vaas Date: Mon, 4 May 2026 17:51:36 +0200 Subject: [PATCH 3/4] update golang-ci file --- golang-ci.yaml | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/golang-ci.yaml b/golang-ci.yaml index 4f7cabb17..a1db076f2 100644 --- a/golang-ci.yaml +++ b/golang-ci.yaml @@ -1,6 +1,3 @@ -# This file contains all available configuration options -# with their default values. - version: "2" # options for analysis running run: @@ -10,6 +7,7 @@ run: # timeout for analysis, e.g. 30s, 5m, default is 1m timeout: 5m linters: + # https://golangci-lint.run/usage/linters/ enable: - bodyclose - depguard @@ -78,23 +76,18 @@ linters: checks: # default from https://golangci-lint.run/docs/linters/configuration/#staticcheck - all - - "-ST1000" - - "-ST1003" - - "-ST1016" - - "-ST1020" - - "-ST1021" - - "-ST1022" + - "-ST1000" # Incorrect or missing package comment. + - "-ST1003" # Poorly chosen identifier. + - "-ST1016" # Use consistent method receiver names. + - "-ST1020" # The documentation of an exported function should start with the function's name. + - "-ST1021" # The documentation of an exported function should start with the function's name. + - "-ST1022" # The documentation of an exported variable or constant should start with variable's name. # customizations - "-SA1019" # disable deprecation errors while we switch over to the SDK structure with multi API version support - "-QF1001" # disable 'could apply De Morgan's law': readability of boolean expressions is subjective and should be decided on a case-by-case basis - "-QF1012" # disable 'use fmt.Fprintf instead' Fprintf returns bytes written and an error, which we'd have to handle/ignore to appease some other linter exclusions: generated: lax - rules: - - linters: - - gocritic - text: 'dupOption' - path: _acc_test\.go paths: - third_party$ - builtin$ From f2f07116c7e7b5830be2fb2e5fe4d1678ad8ce74 Mon Sep 17 00:00:00 2001 From: Manuel Vaas <34416897+Manuelvaas@users.noreply.github.com> Date: Wed, 6 May 2026 09:49:17 +0200 Subject: [PATCH 4/4] Update golang-ci.yaml Co-authored-by: Marcel Jacek <72880145+marceljk@users.noreply.github.com> --- golang-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/golang-ci.yaml b/golang-ci.yaml index a1db076f2..94a6a2f22 100644 --- a/golang-ci.yaml +++ b/golang-ci.yaml @@ -80,7 +80,7 @@ linters: - "-ST1003" # Poorly chosen identifier. - "-ST1016" # Use consistent method receiver names. - "-ST1020" # The documentation of an exported function should start with the function's name. - - "-ST1021" # The documentation of an exported function should start with the function's name. + - "-ST1021" # The documentation of an exported type should start with type's name. - "-ST1022" # The documentation of an exported variable or constant should start with variable's name. # customizations - "-SA1019" # disable deprecation errors while we switch over to the SDK structure with multi API version support