Merge branch 'master' into feat/add_support_for_blockedlist

Author: jremy42

docs/data-sources/lb_backends.md

@@ -58,12 +58,12 @@ In addition to all arguments above, the following attributes are exported:
     - `health_check_max_retries` - Number of allowed failed health check requests before the backend server is marked as down.
     - `health_check_tcp` - This block enables TCP health checks.
     - `health_check_http` - This block enables HTTP health checks.
-        - `uri` - The HTTP endpoint URL to call for health check requests.
+        - `uri` - The path of health check requests.
         - `method` - The HTTP method to use for health check requests.
         - `code` - The expected HTTP status code.
         - `host_header` -  The HTTP host header to use for health check requests.
     - `health_check_https` - This block enables HTTPS health checks.
-        - `uri` - The HTTPS endpoint URL to call for health check requests.
+        - `uri` - The path of health check requests.
         - `method` - The HTTP method to use for health check requests.
         - `code` - The expected HTTP status code.
         - `host_header` - The HTTP host header to use for health check requests.

docs/data-sources/lb_routes.md

@@ -38,5 +38,6 @@ In addition to all arguments above, the following attributes are exported:
     - `backend_id` - The backend ID to redirect to
     - `created_at` - The date on which the route was created (RFC 3339 format).
     - `update_at` - The date on which the route was last updated (RFC 3339 format).
+    - `match_subdomains` - If true, all subdomains will match.
     - `match_sni` - Server Name Indication TLS extension field from an incoming connection made via an SSL/TLS transport layer.
     - `match_host_header` - Specifies the host of the server to which the request is being sent.

docs/index.md

@@ -270,7 +270,7 @@ $ export TF_APPEND_USER_AGENT="CI/CD System XYZ Job #1234"
 
 In case you want to [debug a deployment](https://www.terraform.io/internals/debugging), you can use the following command to increase the level of verbosity.
 
-`SCW_DEBUG=1 TF_LOG=WARN TF_LOG_PROVIDER=DEBUG terraform apply`
+`SCW_DEBUG=1 TF_LOG=DEBUG TF_LOG_PROVIDER=DEBUG terraform apply`
 
 - `SCW_DEBUG`: set the debug level of the scaleway SDK.
 - `TF_LOG`: set the level of the Terraform logging.

docs/resources/apple_silicon_server.md

@@ -36,6 +36,8 @@ The following arguments are supported:
   associated with.
 - `enable_vpc` - (Optional, Default: false): Enables the VPC option when set to true.
 
+- `commitment_type` (Optional, Default: duration_24h): Activate commitment for this server
+
 ## Attributes Reference
 
 In addition to all arguments above, the following attributes are exported:

docs/resources/flexible_ip.md

@@ -8,6 +8,9 @@ page_title: "Scaleway: scaleway_flexible_ip"
 Creates and manages Scaleway flexible IPs.
 For more information, see the [API documentation](https://www.scaleway.com/en/developers/api/elastic-metal-flexible-ip).
 
+-> **Note:**
+Flexible IPs are exclusively available for Elastic Metal (bare metal) servers. They are not compatible with other Scaleway products.
+
 ## Example Usage
 
 ### Basic
@@ -74,6 +77,8 @@ The following arguments are supported:
 - `tags` - (Optional) A list of tags to apply to the flexible IP.
 - `reverse` - (Optional) The reverse domain associated with this flexible IP.
 - `is_ipv6` - (Optional) Defines whether the flexible IP has an IPv6 address.
+- `zone` -(Defaults to [provider](../index.md#zone) `zone`) The [zone](../guides/regions_and_zones.md#zones) of the Flexible IP.
+
 
 ## Attributes Reference
 
@@ -88,7 +93,6 @@ In addition to all arguments above, the following attributes are exported:
 - `status` - The status of the flexible IP.
 - `created_at` - The date and time of the creation of the Flexible IP (Format ISO 8601).
 - `updated_at` - The date and time of the last update of the Flexible IP (Format ISO 8601).
-- `zone` - The zone of the Flexible IP.
 - `organization_id` - The organization of the Flexible IP.
 - `project_id` - The project of the Flexible IP.
 

docs/resources/lb_backend.md

@@ -32,7 +32,7 @@ resource "scaleway_lb_backend" "backend01" {
   forward_port     = "80"
 
   health_check_http {
-    uri = "www.test.com/health"
+    uri = "/health"
   }
 }
 ```
@@ -79,12 +79,12 @@ You may use one of the following health check types: `TCP`, `HTTP` or `HTTPS`. (
 - `health_check_max_retries`      - (Default: `2`) Number of allowed failed health check requests before the backend server is marked as down.
 - `health_check_tcp`              - (Optional) This block enables TCP health checks. Only one of `health_check_tcp`, `health_check_http` and `health_check_https` should be specified.
 - `health_check_http`             - (Optional) This block enables HTTP health checks. Only one of `health_check_tcp`, `health_check_http` and `health_check_https` should be specified.
-    - `uri`                         - (Required) The HTTP endpoint URL to call for health check requests.
+    - `uri`                         - (Required) The path for health check requests.
     - `method`                      - (Default: `GET`) The HTTP method to use for health check requests.
     - `code`                        - (Default: `200`) The expected HTTP status code.
     - `host_header`                 - (Optional) The HTTP host header to use for health check requests.
 - `health_check_https`            - (Optional) This block enable HTTPS health checks. Only one of `health_check_tcp`, `health_check_http` and `health_check_https` should be specified.
-    - `uri`                         - (Required) The HTTPS endpoint URL to call for health check requests.
+    - `uri`                         - (Required) The path for health check requests.
     - `method`                      - (Default: `GET`) The HTTP method to use for health check requests.
     - `code`                        - (Default: `200`) The expected HTTP status code.
     - `host_header`                 - (Optional) The HTTP host header to use for health check requests.

docs/resources/lb_frontend.md

@@ -171,6 +171,8 @@ The following arguments are supported:
 
 - `enable_http3` - (Default: `false`) Activates HTTP/3 protocol.
 
+- `connection_rate_limit` - (Optional) The rate limit for new connections established on this frontend. Use 0 value to disable, else value is connections per second.
+
 - `acl` - (Optional) A list of ACL rules to apply to the Load Balancer frontend.  Defined below.
 
 ## acl

docs/resources/lb_route.md

@@ -79,6 +79,7 @@ The following arguments are supported:
 
 - `backend_id` - (Required) The ID of the backend the route is associated with.
 - `frontend_id` - (Required) The ID of the frontend the route is associated with.
+- `match_subdomains` - (Default: `false`) If true, all subdomains will match.
 - `match_sni` - The Server Name Indication (SNI) value to match. Value to match in the Server Name Indication TLS extension (SNI) field from an incoming connection made via an SSL/TLS transport layer.
   Only one of `match_sni` and `match_host_header` should be specified.
 

go.mod

@@ -26,9 +26,9 @@ require (
 	github.com/nats-io/jwt/v2 v2.7.3
 	github.com/nats-io/nats.go v1.38.0
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32.0.20250306092204-9c7eed199df5
+	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32.0.20250320132958-0f59cae533d0
 	github.com/stretchr/testify v1.10.0
-	golang.org/x/crypto v0.33.0
+	golang.org/x/crypto v0.35.0
 	gopkg.in/dnaeon/go-vcr.v3 v3.2.0
 )
 
@@ -132,7 +132,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.31.0 // indirect
 	golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect
 	golang.org/x/mod v0.23.0 // indirect
-	golang.org/x/net v0.35.0 // indirect
+	golang.org/x/net v0.36.0 // indirect
 	golang.org/x/sync v0.11.0 // indirect
 	golang.org/x/sys v0.30.0 // indirect
 	golang.org/x/text v0.22.0 // indirect

go.sum

@@ -296,8 +296,8 @@ github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
 github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32.0.20250306092204-9c7eed199df5 h1:SxQid3QYa7GBdbdKqzTfnLRsaFJjSKPueH3duzuC1Dk=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32.0.20250306092204-9c7eed199df5/go.mod h1:792k1RTU+5JeMXm35/e2Wgp71qPH/DmDoZrRc+EFZDk=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32.0.20250320132958-0f59cae533d0 h1:aqpUaCWx5ta43b9dZv1bMIvUUJTux9Am+S7RmJbiVN8=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32.0.20250320132958-0f59cae533d0/go.mod h1:792k1RTU+5JeMXm35/e2Wgp71qPH/DmDoZrRc+EFZDk=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
@@ -366,8 +366,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
-golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
 golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df h1:UA2aFVmmsIlefxMk29Dp2juaUSth8Pyn3Tq5Y5mJGME=
 golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
@@ -385,8 +385,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
-golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
+golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
+golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

internal/services/applesilicon/server.go

@@ -50,6 +50,13 @@ func ResourceServer() *schema.Resource {
 				Default:     false,
 				Description: "Whether or not to enable VPC access",
 			},
+			"commitment": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				Default:          "duration_24h",
+				Description:      "The commitment period of the server",
+				ValidateDiagFunc: verify.ValidateEnum[applesilicon.CommitmentType](),
+			},
 			"private_network": {
 				Type:        schema.TypeSet,
 				Optional:    true,
@@ -162,10 +169,11 @@ func ResourceAppleSiliconServerCreate(ctx context.Context, d *schema.ResourceDat
 	}
 
 	createReq := &applesilicon.CreateServerRequest{
-		Name:      types.ExpandOrGenerateString(d.Get("name"), "m1"),
-		Type:      d.Get("type").(string),
-		ProjectID: d.Get("project_id").(string),
-		EnableVpc: d.Get("enable_vpc").(bool),
+		Name:           types.ExpandOrGenerateString(d.Get("name"), "m1"),
+		Type:           d.Get("type").(string),
+		ProjectID:      d.Get("project_id").(string),
+		EnableVpc:      d.Get("enable_vpc").(bool),
+		CommitmentType: applesilicon.CommitmentType(d.Get("commitment").(string)),
 	}
 
 	res, err := asAPI.CreateServer(createReq, scw.WithContext(ctx))
@@ -277,6 +285,10 @@ func ResourceAppleSiliconServerUpdate(ctx context.Context, d *schema.ResourceDat
 		req.Name = types.ExpandStringPtr(d.Get("name"))
 	}
 
+	if d.HasChange("commitment") {
+		req.CommitmentType = &applesilicon.CommitmentTypeValue{CommitmentType: applesilicon.CommitmentType(d.Get("commitment").(string))}
+	}
+
 	if d.HasChange("enable_vpc") {
 		enableVpc := d.Get("enable_vpc").(bool)
 		req.EnableVpc = &enableVpc

internal/services/applesilicon/server_test.go

@@ -128,6 +128,7 @@ func TestAccServer_EnableVPC(t *testing.T) {
 					isServerPresent(tt, "scaleway_apple_silicon_server.main"),
 					resource.TestCheckResourceAttr("scaleway_apple_silicon_server.main", "name", "TestAccServerEnableVPC"),
 					resource.TestCheckResourceAttr("scaleway_apple_silicon_server.main", "type", "M2-M"),
+					resource.TestCheckResourceAttr("scaleway_apple_silicon_server.main", "commitment", "duration_24h"),
 					// Computed
 					resource.TestCheckResourceAttrSet("scaleway_apple_silicon_server.main", "ip"),
 					resource.TestCheckResourceAttrSet("scaleway_apple_silicon_server.main", "vnc_url"),
@@ -225,6 +226,61 @@ func TestAccServer_EnableVPC(t *testing.T) {
 	})
 }
 
+func TestAccServer_Commitment(t *testing.T) {
+	t.Skip("can not delete server at the time")
+
+	tt := acctest.NewTestTools(t)
+	defer tt.Cleanup()
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.PreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      isServerDestroyed(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+
+					resource scaleway_apple_silicon_server main {
+						name = "TestAccServerEnableDisableVPC"
+						type = "M2-M"
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					isServerPresent(tt, "scaleway_apple_silicon_server.main"),
+					resource.TestCheckResourceAttr("scaleway_apple_silicon_server.main", "name", "TestAccServerEnableDisableVPC"),
+					resource.TestCheckResourceAttr("scaleway_apple_silicon_server.main", "type", "M2-M"),
+					resource.TestCheckResourceAttr("scaleway_apple_silicon_server.main", "commitment", "duration_24h"),
+					// Computed
+					resource.TestCheckResourceAttrSet("scaleway_apple_silicon_server.main", "ip"),
+					resource.TestCheckResourceAttrSet("scaleway_apple_silicon_server.main", "vnc_url"),
+					resource.TestCheckResourceAttrSet("scaleway_apple_silicon_server.main", "created_at"),
+					resource.TestCheckResourceAttrSet("scaleway_apple_silicon_server.main", "deletable_at"),
+				),
+			},
+			{
+				Config: `
+
+					resource scaleway_apple_silicon_server main {
+						name = "TestAccServerEnableDisableVPC"
+						type = "M2-M"
+						commitment = "renewed_monthly"
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					isServerPresent(tt, "scaleway_apple_silicon_server.main"),
+					resource.TestCheckResourceAttr("scaleway_apple_silicon_server.main", "name", "TestAccServerEnableDisableVPC"),
+					resource.TestCheckResourceAttr("scaleway_apple_silicon_server.main", "type", "M2-M"),
+					resource.TestCheckResourceAttr("scaleway_apple_silicon_server.main", "commitment", "renewed_monthly"),
+					// Computed
+					resource.TestCheckResourceAttrSet("scaleway_apple_silicon_server.main", "ip"),
+					resource.TestCheckResourceAttrSet("scaleway_apple_silicon_server.main", "vnc_url"),
+					resource.TestCheckResourceAttrSet("scaleway_apple_silicon_server.main", "created_at"),
+					resource.TestCheckResourceAttrSet("scaleway_apple_silicon_server.main", "deletable_at"),
+				),
+			},
+		},
+	})
+}
+
 func isServerPresent(tt *acctest.TestTools, n string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]

internal/services/container/helpers_container.go

@@ -3,6 +3,7 @@ package container
 import (
 	"context"
 	"errors"
+	"fmt"
 	"strings"
 	"time"
 
@@ -302,6 +303,30 @@ func expandContainerSecrets(secretsRawMap interface{}) []*container.Secret {
 	return secrets
 }
 
+func convertToMapStringInterface(raw interface{}) map[string]interface{} {
+	out := make(map[string]interface{})
+	if raw == nil {
+		return out
+	}
+
+	m, ok := raw.(map[interface{}]interface{})
+	if ok {
+		for k, v := range m {
+			stringKey := fmt.Sprintf("%v", k)
+			out[stringKey] = v
+		}
+
+		return out
+	}
+
+	m2, ok := raw.(map[string]interface{})
+	if ok {
+		return m2
+	}
+
+	return out
+}
+
 func isContainerDNSResolveError(err error) bool {
 	responseError := &scw.ResponseError{}
 

internal/services/container/namespace.go

@@ -193,7 +193,28 @@ func ResourceContainerNamespaceUpdate(ctx context.Context, d *schema.ResourceDat
 	}
 
 	if d.HasChange("secret_environment_variables") {
-		req.SecretEnvironmentVariables = expandContainerSecrets(d.Get("secret_environment_variables"))
+		oldSecretsRaw, newSecretsRaw := d.GetChange("secret_environment_variables")
+
+		oldSecretsMap := convertToMapStringInterface(oldSecretsRaw)
+		newSecretsMap := convertToMapStringInterface(newSecretsRaw)
+
+		oldSecrets := expandContainerSecrets(oldSecretsMap)
+		newSecrets := expandContainerSecrets(newSecretsMap)
+
+		deletedSecrets := make([]*container.Secret, 0)
+
+		for _, oldSecret := range oldSecrets {
+			if _, exists := newSecretsMap[oldSecret.Key]; !exists {
+				deletedSecrets = append(deletedSecrets, &container.Secret{
+					Key:   oldSecret.Key,
+					Value: nil,
+				})
+			}
+		}
+
+		deletedSecrets = append(deletedSecrets, newSecrets...)
+
+		req.SecretEnvironmentVariables = deletedSecrets
 	}
 
 	if _, err := api.UpdateNamespace(req, scw.WithContext(ctx)); err != nil {