Merge branch 'master' into feat/add-keymanager-encrypt-decrypt

Author: estellesoulard

docs/resources/container.md

@@ -48,6 +48,60 @@ resource "scaleway_container" "main" {
 }
 ```
 
+### Managing authentication of private containers with IAM
+
+```terraform
+# Project to be referenced in the IAM policy
+data "scaleway_account_project" "default" {
+  name = "default"
+}
+
+# IAM resources
+resource "scaleway_iam_application" "container_auth" {
+  name = "container-auth"
+}
+resource "scaleway_iam_policy" "access_private_containers" {
+  application_id = scaleway_iam_application.container_auth.id
+  rule {
+    project_ids          = [data.scaleway_account_project.default.id]
+    permission_set_names = ["ContainersPrivateAccess"]
+  }
+}
+resource "scaleway_iam_api_key" "api_key" {
+  application_id = scaleway_iam_application.container_auth.id
+}
+
+# Container resources
+resource "scaleway_container_namespace" "private" {
+  name = "private-container-namespace"
+}
+resource "scaleway_container" "private" {
+  namespace_id   = scaleway_container_namespace.private.id
+  registry_image = "rg.fr-par.scw.cloud/my-registry-ns/my-image:latest"
+  privacy        = "private"
+  deploy         = true
+}
+
+# Output the secret key and the container's endpoint for the curl command
+output "secret_key" {
+  value     = scaleway_iam_api_key.api_key.secret_key
+  sensitive = true
+}
+output "container_endpoint" {
+  value = scaleway_container.private.domain_name
+}
+
+```
+
+Then you can access your private container using the API key:
+
+```shell
+$ curl -H "X-Auth-Token: $(terraform output -raw secret_key)" \
+  "https://$(terraform output -raw container_endpoint)/"
+```
+
+Keep in mind that you should revoke your legacy JWT tokens to ensure maximum security.
+
 ## Argument Reference
 
 The following arguments are supported:

docs/resources/container_token.md

@@ -5,6 +5,9 @@ page_title: "Scaleway: scaleway_container_token"
 
 # Resource: scaleway_container_token
 
+> **Important:** The resource `scaleway_container_token` has been deprecated and will no longer be supported in v1 of the API.
+Please use IAM authentication instead. You will find an implementation example in the [IAM authentication](container.md#managing-authentication-of-private-containers-with-iam) section of the Container documentation.
+
 The `scaleway_container_token` resource allows you to create and manage authentication tokens for Scaleway [Serverless Containers](https://www.scaleway.com/en/docs/serverless/containers/).
 
 Refer to the Containers tokens [documentation](https://www.scaleway.com/en/docs/serverless/containers/how-to/create-auth-token-from-console/) and [API documentation](https://www.scaleway.com/en/developers/api/serverless-containers/#path-tokens-list-all-tokens) for more information.

docs/resources/function.md

@@ -23,7 +23,7 @@ resource "scaleway_function_namespace" "main" {
 
 resource "scaleway_function" "main" {
   namespace_id = scaleway_function_namespace.main.id
-  runtime      = "go118"
+  runtime      = "go124"
   handler      = "Handle"
   privacy      = "private"
 }
@@ -43,7 +43,7 @@ resource "scaleway_function" "main" {
   namespace_id = scaleway_function_namespace.main.id
   description  = "function with zip file"
   tags         = ["tag1", "tag2"]
-  runtime      = "go118"
+  runtime      = "go124"
   handler      = "Handle"
   privacy      = "private"
   timeout      = 10
@@ -53,6 +53,62 @@ resource "scaleway_function" "main" {
 }
 ```
 
+### Managing authentication of private functions with IAM
+
+```terraform
+# Project to be referenced in the IAM policy
+data "scaleway_account_project" "default" {
+  name = "default"
+}
+
+# IAM resources
+resource "scaleway_iam_application" "func_auth" {
+  name = "function-auth"
+}
+resource "scaleway_iam_policy" "access_private_funcs" {
+  application_id = scaleway_iam_application.func_auth.id
+  rule {
+    project_ids = [data.scaleway_account_project.default.id]
+    permission_set_names = ["FunctionsPrivateAccess"]
+  }
+}
+resource "scaleway_iam_api_key" "api_key" {
+  application_id = scaleway_iam_application.func_auth.id
+}
+
+# Function resources
+resource "scaleway_function_namespace" "private" {
+  name        = "private-function-namespace"
+}
+resource "scaleway_function" "private" {
+  namespace_id = scaleway_function_namespace.private.id
+  runtime      = "go124"
+  handler      = "Handle"
+  privacy      = "private"
+  zip_file     = "function.zip"
+  zip_hash     = filesha256("function.zip")
+  deploy       = true
+}
+
+# Output the secret key and the function's endpoint for the curl command
+output "secret_key" {
+  value = scaleway_iam_api_key.api_key.secret_key
+  sensitive = true
+}
+output "function_endpoint" {
+  value = scaleway_function.private.domain_name
+}
+```
+
+Then you can access your private function using the API key:
+
+```shell
+$ curl -H "X-Auth-Token: $(terraform output -raw secret_key)" \
+  "https://$(terraform output -raw function_endpoint)/"
+```
+
+Keep in mind that you should revoke your legacy JWT tokens to ensure maximum security.
+
 ## Argument Reference
 
 The following arguments are supported:

docs/resources/function_token.md

@@ -5,6 +5,9 @@ page_title: "Scaleway: scaleway_function_token"
 
 # Resource: scaleway_function_token
 
+~> **Important:** The resource `scaleway_function_token` has been deprecated and will no longer be supported in v1 of the API.
+Please use IAM authentication instead. You will find an implementation example in the [IAM authentication](function.md#managing-authentication-of-private-functions-with-iam) section of the Function documentation.
+
 The `scaleway_function_token` resource allows you to create and manage authentication tokens for Scaleway [Serverless Functions](https://www.scaleway.com/en/docs/serverless/functions/).
 
 Refer to the Functions tokens [documentation](https://www.scaleway.com/en/docs/serverless/functions/how-to/create-auth-token-from-console/) and [API documentation](https://www.scaleway.com/en/developers/api/serverless-functions/#path-tokens-list-all-tokens) for more information.

internal/services/applesilicon/descriptions/server.md

@@ -0,0 +1,3 @@
+The [`scaleway_apple_silicon_server`](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/apple_silicon_server) resource creates and manages Scaleway Apple silicon servers.
+
+For more information, see the [API documentation](https://www.scaleway.com/en/developers/api/apple-silicon/).

internal/services/applesilicon/server.go

@@ -2,6 +2,7 @@ package applesilicon
 
 import (
 	"context"
+	_ "embed"
 	"fmt"
 	"time"
 
@@ -21,8 +22,12 @@ import (
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/verify"
 )
 
+//go:embed descriptions/server.md
+var serverDescription string
+
 func ResourceServer() *schema.Resource {
 	return &schema.Resource{
+		Description:   serverDescription,
 		CreateContext: ResourceAppleSiliconServerCreate,
 		ReadContext:   ResourceAppleSiliconServerRead,
 		UpdateContext: ResourceAppleSiliconServerUpdate,

internal/services/container/token.go

@@ -18,9 +18,10 @@ import (
 
 func ResourceToken() *schema.Resource {
 	return &schema.Resource{
-		CreateContext: ResourceContainerTokenCreate,
-		ReadContext:   ResourceContainerTokenRead,
-		DeleteContext: ResourceContainerTokenDelete,
+		CreateContext:      ResourceContainerTokenCreate,
+		ReadContext:        ResourceContainerTokenRead,
+		DeleteContext:      ResourceContainerTokenDelete,
+		DeprecationMessage: "The \"scaleway_container_token\" resource is deprecated in favor of IAM authentication",
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},

internal/services/function/token.go

@@ -20,9 +20,10 @@ import (
 
 func ResourceToken() *schema.Resource {
 	return &schema.Resource{
-		CreateContext: ResourceFunctionTokenCreate,
-		ReadContext:   ResourceFunctionTokenRead,
-		DeleteContext: ResourceFunctionTokenDelete,
+		CreateContext:      ResourceFunctionTokenCreate,
+		ReadContext:        ResourceFunctionTokenRead,
+		DeleteContext:      ResourceFunctionTokenDelete,
+		DeprecationMessage: "The \"scaleway_function_token\" resource is deprecated in favor of IAM authentication",
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},

internal/services/jobs/jobs.go

@@ -147,10 +147,9 @@ func definitionSchema() map[string]*schema.Schema {
 						ValidateFunc: validation.StringMatch(regexp.MustCompile(`^(/[^/]+)+$`), "must be an absolute path to the file"),
 					},
 					"environment": {
-						Type:         schema.TypeString,
-						Optional:     true,
-						Description:  "An environment variable containing the secret value.",
-						ValidateFunc: validation.StringMatch(regexp.MustCompile(`^[A-Z|0-9]+(_[A-Z|0-9]+)*$`), "environment variable must be composed of uppercase letters separated by an underscore"),
+						Type:        schema.TypeString,
+						Optional:    true,
+						Description: "An environment variable containing the secret value.",
 					},
 				},
 			},

templates/resources/apple_silicon_server.md.tmpl

@@ -6,8 +6,7 @@ page_title: "Scaleway: scaleway_apple_silicon"
 
 # Resource: scaleway_apple_silicon_server
 
-Creates and manages Scaleway Apple silicon. For more information,
-see the [API documentation](https://www.scaleway.com/en/developers/api/apple-silicon/).
+{{ .Description }}
 
 ## Example Usage