feat(iaas): volume encryption

[rubenhoenle]

Description

relates to STACKITTPR-413 and #1045

Checklist

• Issue was linked above
• Code format was applied: make fmt
• Examples were added / adjusted (see examples/ directory)
• Docs are up-to-date: make generate-docs (will be checked by CI)
• Unit tests got implemented or updated
• Acceptance tests got implemented or updated (see e.g. here)
• Unit tests are passing: make test (will be checked by CI)
• No linter issues: make lint (will be checked by CI)

[github-actions]

Merging this branch will increase overall coverage

Impacted Packages	Coverage Δ	🤖
github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/iaas	0.00% (ø)
github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/iaas/volume	25.31% (+10.10%)	🎉

---

Coverage by file

Changed files (no unit tests)

Changed File	Coverage Δ	Total	Covered	Missed	🤖
github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/iaas/volume/datasource.go	41.56% (+41.56%)	77 (+37)	32 (+32)	45 (+5)	🌟
github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/iaas/volume/resource.go	20.16% (+2.37%)	243 (+7)	49 (+7)	194	👍

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

Changed unit test files

• github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/iaas/iaas_acc_test.go
• github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/iaas/volume/datasource_test.go
• github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/iaas/volume/resource_test.go

[marceljk]

key_payload_base64 can be set as WriteOnly attribute. Most providers offer both options, so a normal field and a WriteOnly field.
Because the WriteOnly isn't stored in the state, we would need a WriteOnlyVersion field as well. When the version field changes, a replaces can be triggered.
See https://developer.hashicorp.com/terraform/language/manage-sensitive-data/write-only

[marceljk]

nitpick: check of description & labels attribute is missing in both encrypted volumes

[marceljk]

I think you wanted to check here and in the following lines the resource "volume_encrypted_with_key_payload" 😄

Suggested change

	resource.TestCheckResourceAttr("stackit_volume.volume_encrypted_no_key_payload", "project_id", testutil.ConvertConfigVariable(testConfigVolumeVarsMax["project_id"])),
	resource.TestCheckResourceAttr("stackit_volume.volume_encrypted_with_key_payload", "project_id", testutil.ConvertConfigVariable(testConfigVolumeVarsMax["project_id"])),

[marceljk]

This check must be changed then as well, to compare if the correct value for key_payload_base64 is set

Suggested change

	resource.TestCheckNoResourceAttr("stackit_volume.volume_encrypted_no_key_payload", "encryption_parameters.key_payload_base64"),
	resource.TestCheckResourceAttr("stackit_volume.volume_encrypted_with_key_payload", "encryption_parameters.key_payload_base64", testutil.ConvertConfigVariable(testConfigVolumeVarsMax["key_payload_base64"])),

[marceljk]

Check for description and labels missing in the encrypted volumes

[marceljk]

wrong datasource here and the following lines

Suggested change

	resource.TestCheckResourceAttr("data.stackit_volume.volume_encrypted_no_key_payload", "project_id", testutil.ConvertConfigVariable(testConfigVolumeVarsMax["project_id"])),
	resource.TestCheckResourceAttr("data.stackit_volume.volume_encrypted_with_key_payload", "project_id", testutil.ConvertConfigVariable(testConfigVolumeVarsMax["project_id"])),

[marceljk]

description & labels checks are missing in both updated encrypted volumes

[marceljk]

wrong resource