From ffd10f4874b5f3695642f9904089dd627dff35ec Mon Sep 17 00:00:00 2001 From: Jan Steffen Date: Tue, 23 Jun 2026 10:40:46 +0200 Subject: [PATCH 01/11] Bump ske service dependency version Update the dependency version for the ske service SDK within the go.mod file. This bump includes several related updates across the ske service implementation, such as adding support for `service_account_issuer` fields and adjusting how certain types are assigned. --- .../services/ske/cluster/datasource.go | 4 ++ .../internal/services/ske/cluster/resource.go | 13 ++++ .../services/ske/cluster/resource_test.go | 67 +++++++++++-------- 3 files changed, 55 insertions(+), 29 deletions(-) diff --git a/stackit/internal/services/ske/cluster/datasource.go b/stackit/internal/services/ske/cluster/datasource.go index b32a0a8c5..7993cd8e4 100644 --- a/stackit/internal/services/ske/cluster/datasource.go +++ b/stackit/internal/services/ske/cluster/datasource.go @@ -96,6 +96,10 @@ func (r *clusterDataSource) Schema(_ context.Context, _ datasource.SchemaRequest Computed: true, ElementType: types.StringType, }, + "service_account_issuer": schema.StringAttribute{ + Description: "Service Account Issuer of the cluster.", + Computed: true, + }, "node_pools": schema.ListNestedAttribute{ Description: "One or more `node_pool` block as defined below.", Computed: true, diff --git a/stackit/internal/services/ske/cluster/resource.go b/stackit/internal/services/ske/cluster/resource.go index 70aa7a2b0..7807c716a 100644 --- a/stackit/internal/services/ske/cluster/resource.go +++ b/stackit/internal/services/ske/cluster/resource.go @@ -94,6 +94,7 @@ type Model struct { Extensions types.Object `tfsdk:"extensions"` EgressAddressRanges types.List `tfsdk:"egress_address_ranges"` PodAddressRanges types.List `tfsdk:"pod_address_ranges"` + ServiceAccountIssuer types.String `tfsdk:"service_account_issuer"` Region types.String `tfsdk:"region"` } @@ -455,6 +456,13 @@ func (r *clusterResource) Schema(_ context.Context, _ resource.SchemaRequest, re listplanmodifier.UseStateForUnknown(), }, }, + "service_account_issuer": schema.StringAttribute{ + Description: "Service Account Issuer of the cluster.", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, "node_pools": schema.ListNestedAttribute{ Description: "One or more `node_pool` block as defined below.\n" + "To keep your Terraform plans clean and readable, always append new node pools to the end of the list.", @@ -1528,6 +1536,11 @@ func mapFields(ctx context.Context, cl *ske.Cluster, m *Model, region string) er } } + m.ServiceAccountIssuer = types.StringNull() + if cl.Status != nil && cl.Status.ServiceAccountIssuer != nil { + m.ServiceAccountIssuer = types.StringValue(*cl.Status.ServiceAccountIssuer) + } + err := mapNodePools(ctx, cl, m) if err != nil { return fmt.Errorf("map node_pools: %w", err) diff --git a/stackit/internal/services/ske/cluster/resource_test.go b/stackit/internal/services/ske/cluster/resource_test.go index cf272de95..b7c5695d8 100644 --- a/stackit/internal/services/ske/cluster/resource_test.go +++ b/stackit/internal/services/ske/cluster/resource_test.go @@ -52,6 +52,7 @@ func TestMapFields(t *testing.T) { Extensions: types.ObjectNull(extensionsTypes), EgressAddressRanges: types.ListNull(types.StringType), PodAddressRanges: types.ListNull(types.StringType), + ServiceAccountIssuer: types.StringNull(), Region: types.StringValue(testRegion), KubernetesVersionUsed: types.StringValue(""), }, @@ -139,11 +140,12 @@ func TestMapFields(t *testing.T) { }, }, Status: &ske.ClusterStatus{ - Aggregated: &cs, - Error: nil, - Hibernated: nil, - EgressAddressRanges: []string{"0.0.0.0/32", "1.1.1.1/32"}, - PodAddressRanges: []string{"0.0.0.0/32", "1.1.1.1/32"}, + Aggregated: &cs, + Error: nil, + Hibernated: nil, + EgressAddressRanges: []string{"0.0.0.0/32", "1.1.1.1/32"}, + PodAddressRanges: []string{"0.0.0.0/32", "1.1.1.1/32"}, + ServiceAccountIssuer: new("issuer"), }, }, testRegion, @@ -166,6 +168,7 @@ func TestMapFields(t *testing.T) { types.StringValue("1.1.1.1/32"), }, ), + ServiceAccountIssuer: types.StringValue("issuer"), NodePools: types.ListValueMust( types.ObjectType{AttrTypes: nodePoolTypes}, []attr.Value{ @@ -284,6 +287,7 @@ func TestMapFields(t *testing.T) { Extensions: types.ObjectNull(extensionsTypes), EgressAddressRanges: types.ListNull(types.StringType), PodAddressRanges: types.ListNull(types.StringType), + ServiceAccountIssuer: types.StringNull(), KubernetesVersionUsed: types.StringValue(""), Region: types.StringValue(testRegion), }, @@ -312,14 +316,15 @@ func TestMapFields(t *testing.T) { }, testRegion, Model{ - Id: types.StringValue("pid,region,name"), - ProjectId: types.StringValue("pid"), - Name: types.StringValue("name"), - NodePools: types.ListNull(types.ObjectType{AttrTypes: nodePoolTypes}), - Maintenance: types.ObjectNull(maintenanceTypes), - Hibernations: types.ListNull(types.ObjectType{AttrTypes: hibernationTypes}), - EgressAddressRanges: types.ListNull(types.StringType), - PodAddressRanges: types.ListNull(types.StringType), + Id: types.StringValue("pid,region,name"), + ProjectId: types.StringValue("pid"), + Name: types.StringValue("name"), + NodePools: types.ListNull(types.ObjectType{AttrTypes: nodePoolTypes}), + Maintenance: types.ObjectNull(maintenanceTypes), + Hibernations: types.ListNull(types.ObjectType{AttrTypes: hibernationTypes}), + EgressAddressRanges: types.ListNull(types.StringType), + PodAddressRanges: types.ListNull(types.StringType), + ServiceAccountIssuer: types.StringNull(), Extensions: types.ObjectValueMust(extensionsTypes, map[string]attr.Value{ "acl": types.ObjectValueMust(aclTypes, map[string]attr.Value{ "enabled": types.BoolValue(true), @@ -364,14 +369,15 @@ func TestMapFields(t *testing.T) { }, testRegion, Model{ - Id: types.StringValue("pid,region,name"), - ProjectId: types.StringValue("pid"), - Name: types.StringValue("name"), - NodePools: types.ListNull(types.ObjectType{AttrTypes: nodePoolTypes}), - Maintenance: types.ObjectNull(maintenanceTypes), - Hibernations: types.ListNull(types.ObjectType{AttrTypes: hibernationTypes}), - EgressAddressRanges: types.ListNull(types.StringType), - PodAddressRanges: types.ListNull(types.StringType), + Id: types.StringValue("pid,region,name"), + ProjectId: types.StringValue("pid"), + Name: types.StringValue("name"), + NodePools: types.ListNull(types.ObjectType{AttrTypes: nodePoolTypes}), + Maintenance: types.ObjectNull(maintenanceTypes), + Hibernations: types.ListNull(types.ObjectType{AttrTypes: hibernationTypes}), + EgressAddressRanges: types.ListNull(types.StringType), + PodAddressRanges: types.ListNull(types.StringType), + ServiceAccountIssuer: types.StringNull(), Extensions: types.ObjectValueMust(extensionsTypes, map[string]attr.Value{ "acl": types.ObjectValueMust(aclTypes, map[string]attr.Value{ "enabled": types.BoolValue(false), @@ -427,14 +433,15 @@ func TestMapFields(t *testing.T) { }, testRegion, Model{ - Id: types.StringValue("pid,region,name"), - ProjectId: types.StringValue("pid"), - Name: types.StringValue("name"), - NodePools: types.ListNull(types.ObjectType{AttrTypes: nodePoolTypes}), - Maintenance: types.ObjectNull(maintenanceTypes), - Hibernations: types.ListNull(types.ObjectType{AttrTypes: hibernationTypes}), - EgressAddressRanges: types.ListNull(types.StringType), - PodAddressRanges: types.ListNull(types.StringType), + Id: types.StringValue("pid,region,name"), + ProjectId: types.StringValue("pid"), + Name: types.StringValue("name"), + NodePools: types.ListNull(types.ObjectType{AttrTypes: nodePoolTypes}), + Maintenance: types.ObjectNull(maintenanceTypes), + Hibernations: types.ListNull(types.ObjectType{AttrTypes: hibernationTypes}), + EgressAddressRanges: types.ListNull(types.StringType), + PodAddressRanges: types.ListNull(types.StringType), + ServiceAccountIssuer: types.StringNull(), Extensions: types.ObjectValueMust(extensionsTypes, map[string]attr.Value{ "acl": types.ObjectValueMust(aclTypes, map[string]attr.Value{ "enabled": types.BoolValue(true), @@ -476,6 +483,7 @@ func TestMapFields(t *testing.T) { Extensions: types.ObjectNull(extensionsTypes), EgressAddressRanges: types.ListNull(types.StringType), PodAddressRanges: types.ListNull(types.StringType), + ServiceAccountIssuer: types.StringNull(), KubernetesVersionUsed: types.StringValue(""), Region: types.StringValue(testRegion), }, @@ -606,6 +614,7 @@ func TestMapFields(t *testing.T) { KubernetesVersionUsed: types.StringValue("1.2.3"), EgressAddressRanges: types.ListNull(types.StringType), PodAddressRanges: types.ListNull(types.StringType), + ServiceAccountIssuer: types.StringNull(), NodePools: types.ListValueMust( types.ObjectType{AttrTypes: nodePoolTypes}, []attr.Value{ From 61a286e9f987619a609adcebef0c179c83e64778 Mon Sep 17 00:00:00 2001 From: Jan Steffen Date: Wed, 3 Jun 2026 13:17:15 +0200 Subject: [PATCH 02/11] Add service account issuer to SKE cluster docs --- docs/data-sources/ske_cluster.md | 1 + docs/resources/ske_cluster.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/data-sources/ske_cluster.md b/docs/data-sources/ske_cluster.md index be663d6d9..c67608119 100644 --- a/docs/data-sources/ske_cluster.md +++ b/docs/data-sources/ske_cluster.md @@ -43,6 +43,7 @@ data "stackit_ske_cluster" "example" { - `network` (Attributes) Network block as defined below. (see [below for nested schema](#nestedatt--network)) - `node_pools` (Attributes List) One or more `node_pool` block as defined below. (see [below for nested schema](#nestedatt--node_pools)) - `pod_address_ranges` (List of String) The network ranges (in CIDR notation) used by pods of the cluster. +- `service_account_issuer` (String) Service Account Issuer of the cluster. ### Nested Schema for `extensions` diff --git a/docs/resources/ske_cluster.md b/docs/resources/ske_cluster.md index 572ba210c..25198846a 100644 --- a/docs/resources/ske_cluster.md +++ b/docs/resources/ske_cluster.md @@ -78,6 +78,7 @@ To keep your Terraform plans clean and readable, always append new node pools to - `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`region`,`name`". - `kubernetes_version_used` (String) Full Kubernetes version used. For example, if 1.22 was set in `kubernetes_version_min`, this value may result to 1.22.15. SKE automatically updates the cluster Kubernetes version if you have set `maintenance.enable_kubernetes_version_updates` to true or if there is a mandatory update, as described in [General information for Kubernetes & OS updates](https://docs.stackit.cloud/products/runtime/kubernetes-engine/basics/version-updates/). - `pod_address_ranges` (List of String) The network ranges (in CIDR notation) used by pods of the cluster. +- `service_account_issuer` (String) Service Account Issuer of the cluster. ### Nested Schema for `node_pools` From 418daeeaf158ff95f14e7382b7d9c3240bbb4694 Mon Sep 17 00:00:00 2001 From: Jan Steffen Date: Wed, 24 Jun 2026 09:49:03 +0200 Subject: [PATCH 03/11] Add service_account_issuer to test configurations - Added `service_account_issuer` to `testConfigVarsMin`, `testConfigVarsMax`, and test check resource attributes in `TestAccSKEMin` and `TestAccSKEMax`. --- stackit/internal/services/ske/ske_acc_test.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/stackit/internal/services/ske/ske_acc_test.go b/stackit/internal/services/ske/ske_acc_test.go index 0efaff3ee..b32f2c340 100644 --- a/stackit/internal/services/ske/ske_acc_test.go +++ b/stackit/internal/services/ske/ske_acc_test.go @@ -52,6 +52,7 @@ var testConfigVarsMin = config.Variables{ "maintenance_end": config.StringVariable("04:00:00+01:00"), "region": config.StringVariable(testutil.Region), "network_control_plane_access_scope": config.StringVariable("PUBLIC"), + "service_account_issuer": config.StringVariable("issuer"), } var testConfigVarsMax = config.Variables{ @@ -93,6 +94,7 @@ var testConfigVarsMax = config.Variables{ "dns_zone_name": config.StringVariable("acc-" + acctest.RandStringFromCharSet(6, acctest.CharSetAlpha)), "dns_name": config.StringVariable("acc-" + acctest.RandStringFromCharSet(6, acctest.CharSetAlpha) + ".runs.onstackit.cloud"), "network_control_plane_access_scope": config.StringVariable("PUBLIC"), + "service_account_issuer": config.StringVariable("issuer"), } var testConfigDatasource = config.Variables{ @@ -144,6 +146,7 @@ func TestAccSKEMin(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "maintenance.start", testutil.ConvertConfigVariable(testConfigVarsMin["maintenance_start"])), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "maintenance.end", testutil.ConvertConfigVariable(testConfigVarsMin["maintenance_end"])), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "region", testutil.ConvertConfigVariable(testConfigVarsMin["region"])), + resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(testConfigVarsMin["service_account_issuer"])), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMin["network_control_plane_access_scope"])), @@ -185,6 +188,7 @@ func TestAccSKEMin(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "maintenance.end", testutil.ConvertConfigVariable(testConfigVarsMax["maintenance_end"])), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "region"), resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMin["network_control_plane_access_scope"])), + resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(testConfigVarsMin["service_account_issuer"])), ), }, // 3) Import cluster @@ -241,6 +245,7 @@ func TestAccSKEMin(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "region", testutil.ConvertConfigVariable(configVarsMinUpdated()["region"])), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(configVarsMinUpdated()["network_control_plane_access_scope"])), + resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(configVarsMinUpdated()["service_account_issuer"])), // Kubeconfig resource.TestCheckResourceAttrPair( @@ -319,6 +324,7 @@ func TestAccSKEMax(t *testing.T) { resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "egress_address_ranges.0"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "pod_address_ranges.#", "1"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "pod_address_ranges.0"), + resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(testConfigVarsMax["service_account_issuer"])), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMax["network_control_plane_access_scope"])), @@ -396,6 +402,7 @@ func TestAccSKEMax(t *testing.T) { resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "pod_address_ranges.#", "1"), resource.TestCheckResourceAttrSet("data.stackit_ske_cluster.cluster", "pod_address_ranges.0"), resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMax["network_control_plane_access_scope"])), + resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(testConfigVarsMax["service_account_issuer"])), ), }, // 3) Import cluster @@ -483,6 +490,7 @@ func TestAccSKEMax(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "pod_address_ranges.#", "1"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "pod_address_ranges.0"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), + resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(configVarsMaxUpdated()["service_account_issuer"])), ), }, // Deletion is done by the framework implicitly From 1afb008158b1be793d3f62b9882b783d09007dde Mon Sep 17 00:00:00 2001 From: Jan Steffen Date: Fri, 26 Jun 2026 12:29:54 +0200 Subject: [PATCH 04/11] Update stackit/internal/services/ske/ske_acc_test.go MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Ruben Hönle --- stackit/internal/services/ske/ske_acc_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stackit/internal/services/ske/ske_acc_test.go b/stackit/internal/services/ske/ske_acc_test.go index b32f2c340..b2646d72c 100644 --- a/stackit/internal/services/ske/ske_acc_test.go +++ b/stackit/internal/services/ske/ske_acc_test.go @@ -402,7 +402,7 @@ func TestAccSKEMax(t *testing.T) { resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "pod_address_ranges.#", "1"), resource.TestCheckResourceAttrSet("data.stackit_ske_cluster.cluster", "pod_address_ranges.0"), resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMax["network_control_plane_access_scope"])), - resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(testConfigVarsMax["service_account_issuer"])), + resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(testConfigVarsMax["service_account_issuer"])), ), }, // 3) Import cluster From 69729b8beec9e84084461f97171c158a35489ad1 Mon Sep 17 00:00:00 2001 From: Jan Steffen Date: Fri, 26 Jun 2026 12:30:01 +0200 Subject: [PATCH 05/11] Update stackit/internal/services/ske/ske_acc_test.go MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Ruben Hönle --- stackit/internal/services/ske/ske_acc_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stackit/internal/services/ske/ske_acc_test.go b/stackit/internal/services/ske/ske_acc_test.go index b2646d72c..b9807cf59 100644 --- a/stackit/internal/services/ske/ske_acc_test.go +++ b/stackit/internal/services/ske/ske_acc_test.go @@ -146,7 +146,7 @@ func TestAccSKEMin(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "maintenance.start", testutil.ConvertConfigVariable(testConfigVarsMin["maintenance_start"])), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "maintenance.end", testutil.ConvertConfigVariable(testConfigVarsMin["maintenance_end"])), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "region", testutil.ConvertConfigVariable(testConfigVarsMin["region"])), - resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(testConfigVarsMin["service_account_issuer"])), + resource.TestCheckNoResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMin["network_control_plane_access_scope"])), From 9ab173f4bbc32c034a44e5838781b819da79d27c Mon Sep 17 00:00:00 2001 From: Jan Steffen Date: Fri, 26 Jun 2026 12:33:17 +0200 Subject: [PATCH 06/11] Update stackit/internal/services/ske/ske_acc_test.go MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Ruben Hönle --- stackit/internal/services/ske/ske_acc_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stackit/internal/services/ske/ske_acc_test.go b/stackit/internal/services/ske/ske_acc_test.go index b9807cf59..928c89115 100644 --- a/stackit/internal/services/ske/ske_acc_test.go +++ b/stackit/internal/services/ske/ske_acc_test.go @@ -245,7 +245,7 @@ func TestAccSKEMin(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "region", testutil.ConvertConfigVariable(configVarsMinUpdated()["region"])), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(configVarsMinUpdated()["network_control_plane_access_scope"])), - resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(configVarsMinUpdated()["service_account_issuer"])), + resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(configVarsMinUpdated()["service_account_issuer"])), // Kubeconfig resource.TestCheckResourceAttrPair( From 94b79c064d518f2eb879222c23740bb756dac688 Mon Sep 17 00:00:00 2001 From: Jan Steffen Date: Fri, 26 Jun 2026 12:33:27 +0200 Subject: [PATCH 07/11] Update stackit/internal/services/ske/ske_acc_test.go MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Ruben Hönle --- stackit/internal/services/ske/ske_acc_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stackit/internal/services/ske/ske_acc_test.go b/stackit/internal/services/ske/ske_acc_test.go index 928c89115..035cb3613 100644 --- a/stackit/internal/services/ske/ske_acc_test.go +++ b/stackit/internal/services/ske/ske_acc_test.go @@ -188,7 +188,7 @@ func TestAccSKEMin(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "maintenance.end", testutil.ConvertConfigVariable(testConfigVarsMax["maintenance_end"])), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "region"), resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMin["network_control_plane_access_scope"])), - resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(testConfigVarsMin["service_account_issuer"])), + resource.TestCheckNoResourceAttr("data.stackit_ske_cluster.cluster", "service_account_issuer"), ), }, // 3) Import cluster From 3ec06a6634901cca8054d41e7cbd3f4e7d14a668 Mon Sep 17 00:00:00 2001 From: Jan Steffen Date: Fri, 26 Jun 2026 12:34:02 +0200 Subject: [PATCH 08/11] add missing vars --- stackit/internal/services/ske/testdata/resource-max.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/stackit/internal/services/ske/testdata/resource-max.tf b/stackit/internal/services/ske/testdata/resource-max.tf index fde7ff1cc..27ba6a272 100644 --- a/stackit/internal/services/ske/testdata/resource-max.tf +++ b/stackit/internal/services/ske/testdata/resource-max.tf @@ -36,6 +36,7 @@ variable "refresh_before" {} variable "dns_zone_name" {} variable "dns_name" {} variable "network_control_plane_access_scope" {} +variable "service_account_issuer" {} resource "stackit_ske_cluster" "cluster" { project_id = var.project_id @@ -98,6 +99,7 @@ resource "stackit_ske_cluster" "cluster" { access_scope = var.network_control_plane_access_scope } } + service_account_issuer = var.service_account_issuer } resource "stackit_ske_kubeconfig" "kubeconfig" { From e96649d65380c1de505e12706c5eac11e5c1a60d Mon Sep 17 00:00:00 2001 From: Jan Steffen Date: Fri, 26 Jun 2026 13:22:09 +0200 Subject: [PATCH 09/11] test(ske): remove service_account_issuer from tests --- stackit/internal/services/ske/ske_acc_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/stackit/internal/services/ske/ske_acc_test.go b/stackit/internal/services/ske/ske_acc_test.go index 035cb3613..da605f6b3 100644 --- a/stackit/internal/services/ske/ske_acc_test.go +++ b/stackit/internal/services/ske/ske_acc_test.go @@ -52,7 +52,6 @@ var testConfigVarsMin = config.Variables{ "maintenance_end": config.StringVariable("04:00:00+01:00"), "region": config.StringVariable(testutil.Region), "network_control_plane_access_scope": config.StringVariable("PUBLIC"), - "service_account_issuer": config.StringVariable("issuer"), } var testConfigVarsMax = config.Variables{ @@ -245,7 +244,7 @@ func TestAccSKEMin(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "region", testutil.ConvertConfigVariable(configVarsMinUpdated()["region"])), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(configVarsMinUpdated()["network_control_plane_access_scope"])), - resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(configVarsMinUpdated()["service_account_issuer"])), + resource.TestCheckNoResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer"), // Kubeconfig resource.TestCheckResourceAttrPair( From 2dcba2739d9bcac890a28d3c2fe5f6dd37834263 Mon Sep 17 00:00:00 2001 From: Jan Steffen Date: Fri, 26 Jun 2026 13:39:05 +0200 Subject: [PATCH 10/11] refactor(ske): removed service_account_issuer since it is read_only --- stackit/internal/services/ske/ske_acc_test.go | 10 +++------- stackit/internal/services/ske/testdata/resource-max.tf | 2 -- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/stackit/internal/services/ske/ske_acc_test.go b/stackit/internal/services/ske/ske_acc_test.go index da605f6b3..e6f93103b 100644 --- a/stackit/internal/services/ske/ske_acc_test.go +++ b/stackit/internal/services/ske/ske_acc_test.go @@ -93,7 +93,6 @@ var testConfigVarsMax = config.Variables{ "dns_zone_name": config.StringVariable("acc-" + acctest.RandStringFromCharSet(6, acctest.CharSetAlpha)), "dns_name": config.StringVariable("acc-" + acctest.RandStringFromCharSet(6, acctest.CharSetAlpha) + ".runs.onstackit.cloud"), "network_control_plane_access_scope": config.StringVariable("PUBLIC"), - "service_account_issuer": config.StringVariable("issuer"), } var testConfigDatasource = config.Variables{ @@ -145,7 +144,6 @@ func TestAccSKEMin(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "maintenance.start", testutil.ConvertConfigVariable(testConfigVarsMin["maintenance_start"])), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "maintenance.end", testutil.ConvertConfigVariable(testConfigVarsMin["maintenance_end"])), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "region", testutil.ConvertConfigVariable(testConfigVarsMin["region"])), - resource.TestCheckNoResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMin["network_control_plane_access_scope"])), @@ -187,7 +185,6 @@ func TestAccSKEMin(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "maintenance.end", testutil.ConvertConfigVariable(testConfigVarsMax["maintenance_end"])), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "region"), resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMin["network_control_plane_access_scope"])), - resource.TestCheckNoResourceAttr("data.stackit_ske_cluster.cluster", "service_account_issuer"), ), }, // 3) Import cluster @@ -244,7 +241,6 @@ func TestAccSKEMin(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "region", testutil.ConvertConfigVariable(configVarsMinUpdated()["region"])), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(configVarsMinUpdated()["network_control_plane_access_scope"])), - resource.TestCheckNoResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer"), // Kubeconfig resource.TestCheckResourceAttrPair( @@ -323,7 +319,7 @@ func TestAccSKEMax(t *testing.T) { resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "egress_address_ranges.0"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "pod_address_ranges.#", "1"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "pod_address_ranges.0"), - resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(testConfigVarsMax["service_account_issuer"])), + resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", "issuer"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMax["network_control_plane_access_scope"])), @@ -401,7 +397,7 @@ func TestAccSKEMax(t *testing.T) { resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "pod_address_ranges.#", "1"), resource.TestCheckResourceAttrSet("data.stackit_ske_cluster.cluster", "pod_address_ranges.0"), resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMax["network_control_plane_access_scope"])), - resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(testConfigVarsMax["service_account_issuer"])), + resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "service_account_issuer", "issuer"), ), }, // 3) Import cluster @@ -489,7 +485,7 @@ func TestAccSKEMax(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "pod_address_ranges.#", "1"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "pod_address_ranges.0"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), - resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", testutil.ConvertConfigVariable(configVarsMaxUpdated()["service_account_issuer"])), + resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", "issuer"), ), }, // Deletion is done by the framework implicitly diff --git a/stackit/internal/services/ske/testdata/resource-max.tf b/stackit/internal/services/ske/testdata/resource-max.tf index 27ba6a272..fde7ff1cc 100644 --- a/stackit/internal/services/ske/testdata/resource-max.tf +++ b/stackit/internal/services/ske/testdata/resource-max.tf @@ -36,7 +36,6 @@ variable "refresh_before" {} variable "dns_zone_name" {} variable "dns_name" {} variable "network_control_plane_access_scope" {} -variable "service_account_issuer" {} resource "stackit_ske_cluster" "cluster" { project_id = var.project_id @@ -99,7 +98,6 @@ resource "stackit_ske_cluster" "cluster" { access_scope = var.network_control_plane_access_scope } } - service_account_issuer = var.service_account_issuer } resource "stackit_ske_kubeconfig" "kubeconfig" { From aad5f23e4c6bd05cc5a892998330823bb86bf0f6 Mon Sep 17 00:00:00 2001 From: Jan Steffen Date: Fri, 26 Jun 2026 13:45:44 +0200 Subject: [PATCH 11/11] test(ske): use set attribute checks for service_account_issuer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update acceptance tests to verify that the service_account_issuer attribute is set instead of asserting a specific value, reflecting its removal and read‑only status. --- stackit/internal/services/ske/ske_acc_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/stackit/internal/services/ske/ske_acc_test.go b/stackit/internal/services/ske/ske_acc_test.go index e6f93103b..9d6045d65 100644 --- a/stackit/internal/services/ske/ske_acc_test.go +++ b/stackit/internal/services/ske/ske_acc_test.go @@ -319,7 +319,7 @@ func TestAccSKEMax(t *testing.T) { resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "egress_address_ranges.0"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "pod_address_ranges.#", "1"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "pod_address_ranges.0"), - resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", "issuer"), + resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "service_account_issuer"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMax["network_control_plane_access_scope"])), @@ -397,7 +397,7 @@ func TestAccSKEMax(t *testing.T) { resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "pod_address_ranges.#", "1"), resource.TestCheckResourceAttrSet("data.stackit_ske_cluster.cluster", "pod_address_ranges.0"), resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "network.control_plane.access_scope", testutil.ConvertConfigVariable(testConfigVarsMax["network_control_plane_access_scope"])), - resource.TestCheckResourceAttr("data.stackit_ske_cluster.cluster", "service_account_issuer", "issuer"), + resource.TestCheckResourceAttrSet("data.stackit_ske_cluster.cluster", "service_account_issuer"), ), }, // 3) Import cluster @@ -485,7 +485,7 @@ func TestAccSKEMax(t *testing.T) { resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "pod_address_ranges.#", "1"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "pod_address_ranges.0"), resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "kubernetes_version_used"), - resource.TestCheckResourceAttr("stackit_ske_cluster.cluster", "service_account_issuer", "issuer"), + resource.TestCheckResourceAttrSet("stackit_ske_cluster.cluster", "service_account_issuer"), ), }, // Deletion is done by the framework implicitly