Merge branch 'main' into oas-bot-26755063837/iaas

Author: cgoetz-inovex

CHANGELOG.md

@@ -76,6 +76,8 @@
     - **Feature:** Added `_UNKNOWN_DEFAULT_OPEN_API` fallback value to all enums to handle unknown API values gracefully.
   - [v1.17.0](services/cdn/CHANGELOG.md#v1170)
     - **Feature:** Introduce enums for various attributes
+  - [v1.18.0](services/cdn/CHANGELOG.md#v1180)
+    - `v1beta2api`: v1beta2api was deprecated please migrate to `v1api`
 - `certificates`:
   - [v1.5.2](services/certificates/CHANGELOG.md#v152) 
     - **Dependencies:** Bump STACKIT SDK core module from `v0.24.0` to `v0.24.1`
@@ -546,7 +548,11 @@
   - [v1.11.0](services/sqlserverflex/CHANGELOG.md#v1110)
     - `v3beta1api`: **Feature:** Added `labels` to `CreateInstanceRequestPayload`, `GetInstanceReponse`, `UpdateInstancePartiallyRequestPayload`, `UpdateInstanceRequestPayload`
   - [v1.12.0](services/sqlserverflex/CHANGELOG.md#v1120)
-    - **Feature:** Introduce enums for various attributes
+    - **Feature:** Introduce enums for various attributes  
+  - [v1.13.0](services/sqlserverflex/CHANGELOG.md#v1130)    
+    - `v2api`:
+      - **Improvement**: Use new `WaiterHelper` struct in the SQLServer Flex WaitHandler
+      - **Breaking change:** Change return type of `wait.DeleteInstanceWaitHandler()` to `*wait.AsyncActionHandler[sqlserverflex.GetInstanceResponse]`
 - `stackitmarketplace`:
   - [v1.17.5](services/stackitmarketplace/CHANGELOG.md#v1175) 
     - **Dependencies:** Bump STACKIT SDK core module from `v0.24.0` to `v0.24.1`
@@ -612,6 +618,12 @@
       - **Breaking change:** `LocalAsn` is now marked as required (aligned with api) and no longer a pointer
     - `v1beta1api`:  Align package to latest API specification
     - `v1alpha1api`: Align package to latest API specification
+  - [v0.14.0](services/vpn/CHANGELOG.md#v0140)
+    - `v1api`:
+      - **Feature:** Add `ErrorMessage` field to `GatewayStatusResponse`
+      - **Improvement:** Add description that `RoutingType` can only be set at the creation
+    - `v1beta1api`:  Align package to latest API specification
+    - `v1alpha1api`: Align package to latest API specification
 
 ## Release (2026-04-07)
 - `alb`: [v0.13.1](services/alb/CHANGELOG.md#v0131)

core/clients/key_flow.go

@@ -183,7 +183,7 @@ func (c *KeyFlow) SetToken(accessToken, refreshToken string) error {
 	c.tokenMutex.Lock()
 	c.token = &TokenResponseBody{
 		AccessToken:  accessToken,
-		ExpiresIn:    int(exp.Time.Unix()),
+		ExpiresIn:    int(exp.Unix()),
 		RefreshToken: refreshToken,
 		Scope:        defaultScope,
 		TokenType:    defaultTokenType,
@@ -334,6 +334,7 @@ func (c *KeyFlow) createAccessToken() (err error) {
 
 // createAccessTokenWithRefreshToken creates an access token using
 // an existing pre-validated refresh token
+//
 // Deprecated: This method will be removed in future versions. Access tokens are going to be refreshed without refresh token.
 // This will be removed after 2026-07-01.
 func (c *KeyFlow) createAccessTokenWithRefreshToken() (err error) {

core/clients/key_flow_test.go

@@ -104,6 +104,7 @@ func TestKeyFlowInit(t *testing.T) {
 			invalidPrivateKey: true,
 			wantErr:           true,
 		},
+		//nolint:gosec // G101: These are only test values
 		{
 			name: "ok-custom-token-endpoint",
 			serviceAccountKey: fixtureServiceAccountKey(func(s *ServiceAccountKeyResponse) {

core/clients/workload_identity_flow_test.go

@@ -181,7 +181,7 @@ func TestWorkloadIdentityFlowRoundTrip(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			authServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				err := r.ParseForm()
+				err := r.ParseForm() //nolint:gosec // G120: Safe to bypass inside unit tests
 				if err != nil {
 					t.Fatalf("failed to parse form: %v", err)
 				}

core/config/config.go

@@ -430,9 +430,9 @@ func (sc ServerConfigurations) URL(index int, variables map[string]string) (stri
 			if !found {
 				return "", fmt.Errorf("the variable %s in the server URL has invalid value %v. Must be %v", name, value, variable.EnumValues)
 			}
-			serverUrl = strings.Replace(serverUrl, "{"+name+"}", value, -1)
+			serverUrl = strings.ReplaceAll(serverUrl, "{"+name+"}", value)
 		} else {
-			serverUrl = strings.Replace(serverUrl, "{"+name+"}", variable.DefaultValue, -1)
+			serverUrl = strings.ReplaceAll(serverUrl, "{"+name+"}", variable.DefaultValue)
 		}
 	}
 	return serverUrl, nil
@@ -554,7 +554,7 @@ func ConfigureRegion(cfg *Configuration) error {
 		}
 		// API is regional (not global)
 		if containsCaseSensitive(availableRegions, cfg.Region) {
-			cfgUrl := strings.Replace(servers[0].URL, "{region}", fmt.Sprintf("%s.", cfg.Region), -1)
+			cfgUrl := strings.ReplaceAll(servers[0].URL, "{region}", fmt.Sprintf("%s.", cfg.Region))
 			cfg.Servers = ServerConfigurations{
 				{
 					URL:         cfgUrl,
@@ -574,7 +574,7 @@ func ConfigureRegion(cfg *Configuration) error {
 	}
 	// If the url is a template, generated using deprecated config.json, the region variable is replaced
 	// If the url is already configured, there is no region variable and it remains the same
-	cfgUrl := strings.Replace(servers[0].URL, "{region}", "", -1)
+	cfgUrl := strings.ReplaceAll(servers[0].URL, "{region}", "")
 	cfg.Servers = ServerConfigurations{
 		{
 			URL:         cfgUrl,

golang-ci.yaml

@@ -1,102 +1,95 @@
 # This file contains all available configuration options
 # with their default values.
 
+version: "2"
+
 # options for analysis running
 run:
   # default concurrency is a available CPU number
   concurrency: 4
-
-  # timeout for analysis, e.g. 30s, 5m, default is 1m
-  timeout: 5m
-linters-settings:
-  goimports:
-    # put imports beginning with prefix after 3rd-party packages;
-    # it's a comma-separated list of prefixes
-    local-prefixes: github.com/stackitcloud/stackit-sdk-go
-  depguard:
-    rules:
-        main:
-          list-mode: lax # Everything is allowed unless it is denied
-          deny:
-            - pkg: "github.com/stretchr/testify"
-              desc: Do not use a testing framework
-  misspell:
-    # Correct spellings using locale preferences for US or UK.
-    # Default is to use a neutral variety of English.
-    # Setting locale to US will correct the British spelling of 'colour' to 'color'.
-    locale: US
-  golint:
-    min-confidence: 0.8
-  gosec:
-    excludes:
-    # Suppressions: (see https://github.com/securego/gosec#available-rules for details)
-      - G104 # "Audit errors not checked" -> which we don't need and is a badly implemented version of errcheck
-      - G102 # "Bind to all interfaces" -> since this is normal in k8s
-      - G304 # "File path provided as taint input" -> too many false positives
-      - G307 # "Deferring unsafe method "Close" on type "io.ReadCloser" -> false positive when calling defer resp.Body.Close()
-  nakedret:
-    max-func-lines: 0
-  revive:
-    ignore-generated-header: true
-    severity: error
-    # https://github.com/mgechev/revive
-    rules:
-      - name: errorf
-      - name: context-as-argument
-      - name: error-return
-      - name: increment-decrement
-      - name: indent-error-flow
-      - name: superfluous-else
-      - name: unused-parameter
-      - name: unreachable-code
-      - name: atomic
-      - name: empty-lines
-      - name: early-return
-  gocritic:
-    enabled-tags:
-      - performance
-      - style
-      - experimental
-    disabled-checks:
-      - wrapperFunc
-      - typeDefFirst
-      - ifElseChain
-      - dupImport # https://github.com/go-critic/go-critic/issues/845
 linters:
   enable:
-    # https://golangci-lint.run/usage/linters/
-    # default linters
-    - gosimple
-    - govet
-    - ineffassign
-    - staticcheck
-    - typecheck
-    - unused
-    # additional linters
+    - bodyclose
+    - depguard
     - errorlint
+    - forcetypeassert
     - gochecknoinits
     - gocritic
-    - gofmt
-    - goimports
     - gosec
     - misspell
     - nakedret
     - revive
-    - depguard
-    - bodyclose
     - sqlclosecheck
     - wastedassign
-    - forcetypeassert
-    - errcheck
   disable:
     - noctx # false positive: finds errors with http.NewRequest that dont make sense
     - unparam # false positives
-issues:
-  exclude-use-default: false
-  exclude-rules:
-    # This ignores all deprecation warnings in the old wait packages while we have the compatibilty layer in place
-    - path: ^wait/[^/]+\.go$
-      linters:
-        - staticcheck
-      text: "SA1019:" 
-go: 1.25
+  settings:
+    depguard:
+      rules:
+        main:
+          list-mode: lax # Everything is allowed unless it is denied
+          deny:
+            - pkg: github.com/stretchr/testify
+              desc: Do not use a testing framework
+    gocritic:
+      disabled-checks:
+        - wrapperFunc
+        - typeDefFirst
+        - ifElseChain
+        - dupImport # https://github.com/go-critic/go-critic/issues/845
+      enabled-tags:
+        - performance
+        - style
+        - experimental
+    gosec:
+      excludes:
+      # Suppressions: (see https://github.com/securego/gosec#available-rules for details)
+        - G104 # "Audit errors not checked" -> which we don't need and is a badly implemented version of errcheck
+        - G102 # "Bind to all interfaces" -> since this is normal in k8s
+        - G304 # "File path provided as taint input" -> too many false positives
+        - G307 # "Deferring unsafe method "Close" on type "io.ReadCloser" -> false positive when calling defer resp.Body.Close()
+        - G117 # "Marshaled struct field xxx (JSON key xxx) matches secret pattern" -> too many false positives, no true positives expected in our code
+        - G704 # "SSRF via taint analysis" -> too many false positives
+    misspell:
+      # Correct spellings using locale preferences for US or UK.
+      # Default is to use a neutral variety of English.
+      # Setting locale to US will correct the British spelling of 'colour' to 'color'.
+      locale: US
+    nakedret:
+      max-func-lines: 0
+    revive:
+      severity: error
+      # https://github.com/mgechev/revive
+      rules:
+        - name: errorf
+        - name: context-as-argument
+        - name: error-return
+        - name: increment-decrement
+        - name: indent-error-flow
+        - name: superfluous-else
+        - name: unused-parameter
+        - name: unreachable-code
+        - name: atomic
+        - name: empty-lines
+        - name: early-return
+  exclusions:
+    generated: lax
+    rules:
+      - linters:
+          - staticcheck
+        # This ignores all deprecation warnings in the old wait packages while we have the compatibilty layer in place
+        path: wait/[^/]+\.go$
+        text: "SA1019:"
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  settings:
+    goimports:
+      # put imports beginning with prefix after 3rd-party packages;
+      # it's a comma-separated list of prefixes
+      local-prefixes:
+        - github.com/stackitcloud/stackit-sdk-go
+  exclusions:
+    generated: lax

scripts/project.sh

@@ -16,7 +16,7 @@ elif [ "$action" = "tools" ]; then
 
     go mod download
 
-    go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.62.0
+    go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.12.2
 else
     echo "Invalid action: '$action', please use $0 help for help"
 fi

services/albwaf/LICENSE.md

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2026 Schwarz IT KG
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

services/cdn/CHANGELOG.md

@@ -1,3 +1,6 @@
+## v1.18.0
+- `v1beta2api`: v1beta2api was deprecated please migrate to `v1api`
+
 ## v1.17.0
 - **Feature:** Introduce enums for various attributes
 

services/cdn/VERSION

@@ -1 +1 @@
-v1.17.0
+v1.18.0