Feature/platform metering config

.github/.copilot-instructions.md

@@ -131,6 +131,19 @@ This pattern ensures:
 - Implement proper authentication token refresh
 - Follow meshStack API conventions for CRUD operations
 
+### Data Structure Guidelines
+**Pointer and `omitempty` Usage:**
+- Only use pointers (`*type`) and `omitempty` JSON tags for fields that are **actually nullable** in the backend API
+- Non-nullable fields should use value types (e.g., `string`, `int64`, `bool`) without `omitempty`
+- This ensures proper validation and prevents sending incorrect null values to the API
+- Example:
+  ```go
+  type Resource struct {
+      RequiredField string  `json:"requiredField" tfsdk:"required_field"`           // Non-nullable
+      OptionalField *string `json:"optionalField,omitempty" tfsdk:"optional_field"` // Nullable in backend
+  }
+  ```
+
 ## Key Dependencies
 
 - **Terraform Plugin Framework**: Latest stable version for provider development

CHANGELOG.md

@@ -1,3 +1,51 @@
+## v0.13.0
+
+FEATURES:
+- Add metering config support to `meshstack_mesh_platform` resource and data source.
+
+FIXES:
+- Correctly model nullable platform config fields.
+
+## v0.12.4
+
+FEATURES:
+- Add quota definitions to meshPlatforms.
+
+## v0.12.3
+
+FIXES:
+- Bump terraform-plugin-docs and fix docs.
+
+## v0.12.2
+
+FIXES:
+- Fix possible nil-pointer issue when handling obfuscated secrets.
+
+## v0.12.1
+
+FIXES:
+- Handle obfuscated secrets in meshPlatform Azure Type.
+
+## v0.12.0
+
+FEATURES:
+- Added `meshstack_mesh_platform` resource.
+- Added `meshstack_mesh_platform` data source.
+
+FIXES:
+- Fix landing zone data source.
+
+## v0.11.0
+
+FEATURES:
+- Added `meshstack_mesh_landing_zone` resource.
+- Added `meshstack_mesh_landing_zone` data source.
+- Automatically set `type` inside platform_properties for landing zones.
+
+FIXES:
+- Fix landing zone status handling.
+- Make `type` a read-only property for landing zones.
+
 ## v0.10.1
 
 FIXES:

client/platform_config_aks.go

@@ -0,0 +1,35 @@
+package client
+
+type AksPlatformConfig struct {
+	BaseUrl              string                `json:"baseUrl" tfsdk:"base_url"`
+	DisableSslValidation bool                  `json:"disableSslValidation" tfsdk:"disable_ssl_validation"`
+	Replication          *AksReplicationConfig `json:"replication" tfsdk:"replication"`
+	Metering             *AksMeteringConfig    `json:"metering,omitempty" tfsdk:"metering"`
+}
+
+type AksReplicationConfig struct {
+	AccessToken             string                    `json:"accessToken" tfsdk:"access_token"`
+	NamespaceNamePattern    string                    `json:"namespaceNamePattern" tfsdk:"namespace_name_pattern"`
+	GroupNamePattern        string                    `json:"groupNamePattern" tfsdk:"group_name_pattern"`
+	ServicePrincipal        AksServicePrincipalConfig `json:"servicePrincipal" tfsdk:"service_principal"`
+	AksSubscriptionId       string                    `json:"aksSubscriptionId" tfsdk:"aks_subscription_id"`
+	AksClusterName          string                    `json:"aksClusterName" tfsdk:"aks_cluster_name"`
+	AksResourceGroup        string                    `json:"aksResourceGroup" tfsdk:"aks_resource_group"`
+	RedirectUrl             *string                   `json:"redirectUrl,omitempty" tfsdk:"redirect_url"`
+	SendAzureInvitationMail bool                      `json:"sendAzureInvitationMail" tfsdk:"send_azure_invitation_mail"`
+	UserLookUpStrategy      string                    `json:"userLookUpStrategy" tfsdk:"user_look_up_strategy"`
+	AdministrativeUnitId    *string                   `json:"administrativeUnitId,omitempty" tfsdk:"administrative_unit_id"`
+}
+
+type AksServicePrincipalConfig struct {
+	ClientId                    string  `json:"clientId" tfsdk:"client_id"`
+	AuthType                    string  `json:"authType" tfsdk:"auth_type"`
+	CredentialsAuthClientSecret *string `json:"credentialsAuthClientSecret,omitempty" tfsdk:"credentials_auth_client_secret"`
+	EntraTenant                 string  `json:"entraTenant" tfsdk:"entra_tenant"`
+	ObjectId                    string  `json:"objectId" tfsdk:"object_id"`
+}
+
+type AksMeteringConfig struct {
+	ClientConfig KubernetesClientConfig               `json:"clientConfig" tfsdk:"client_config"`
+	Processing   MeshPlatformMeteringProcessingConfig `json:"processing" tfsdk:"processing"`
+}

client/platform_config_aws.go

@@ -0,0 +1,68 @@
+package client
+
+type AwsPlatformConfig struct {
+	Region      string                `json:"region,omitempty" tfsdk:"region"`
+	Replication *AwsReplicationConfig `json:"replication,omitempty" tfsdk:"replication"`
+	Metering    *AwsMeteringConfig    `json:"metering,omitempty" tfsdk:"metering"`
+}
+
+type AwsReplicationConfig struct {
+	AccessConfig                                  AwsAccessConfig             `json:"accessConfig" tfsdk:"access_config"`
+	WaitForExternalAvm                            bool                        `json:"waitForExternalAvm" tfsdk:"wait_for_external_avm"`
+	AutomationAccountRole                         string                      `json:"automationAccountRole" tfsdk:"automation_account_role"`
+	AutomationAccountExternalId                   *string                     `json:"automationAccountExternalId,omitempty" tfsdk:"automation_account_external_id"`
+	AccountAccessRole                             string                      `json:"accountAccessRole" tfsdk:"account_access_role"`
+	AccountAliasPattern                           string                      `json:"accountAliasPattern" tfsdk:"account_alias_pattern"`
+	EnforceAccountAlias                           bool                        `json:"enforceAccountAlias" tfsdk:"enforce_account_alias"`
+	AccountEmailPattern                           string                      `json:"accountEmailPattern" tfsdk:"account_email_pattern"`
+	TenantTags                                    *MeshTenantTags             `json:"tenantTags,omitempty" tfsdk:"tenant_tags"`
+	AwsSso                                        *AwsSsoConfig               `json:"awsSso,omitempty" tfsdk:"aws_sso"`
+	EnrollmentConfiguration                       *AwsEnrollmentConfiguration `json:"enrollmentConfiguration,omitempty" tfsdk:"enrollment_configuration"`
+	SelfDowngradeAccessRole                       bool                        `json:"selfDowngradeAccessRole" tfsdk:"self_downgrade_access_role"`
+	SkipUserGroupPermissionCleanup                bool                        `json:"skipUserGroupPermissionCleanup" tfsdk:"skip_user_group_permission_cleanup"`
+	AllowHierarchicalOrganizationalUnitAssignment bool                        `json:"allowHierarchicalOrganizationalUnitAssignment" tfsdk:"allow_hierarchical_organizational_unit_assignment"`
+}
+
+type AwsAccessConfig struct {
+	OrganizationRootAccountRole       string                     `json:"organizationRootAccountRole" tfsdk:"organization_root_account_role"`
+	OrganizationRootAccountExternalId *string                    `json:"organizationRootAccountExternalId,omitempty" tfsdk:"organization_root_account_external_id"`
+	ServiceUserConfig                 *AwsServiceUserConfig      `json:"serviceUserConfig,omitempty" tfsdk:"service_user_config"`
+	WorkloadIdentityConfig            *AwsWorkloadIdentityConfig `json:"workloadIdentityConfig,omitempty" tfsdk:"workload_identity_config"`
+}
+
+type AwsServiceUserConfig struct {
+	AccessKey string `json:"accessKey" tfsdk:"access_key"`
+	SecretKey string `json:"secretKey" tfsdk:"secret_key"`
+}
+
+type AwsWorkloadIdentityConfig struct {
+	RoleArn string `json:"roleArn" tfsdk:"role_arn"`
+}
+
+type AwsSsoConfig struct {
+	ScimEndpoint     string              `json:"scimEndpoint" tfsdk:"scim_endpoint"`
+	Arn              string              `json:"arn" tfsdk:"arn"`
+	GroupNamePattern string              `json:"groupNamePattern" tfsdk:"group_name_pattern"`
+	SsoAccessToken   string              `json:"ssoAccessToken" tfsdk:"sso_access_token"`
+	AwsRoleMappings  []AwsSsoRoleMapping `json:"awsRoleMappings" tfsdk:"aws_role_mappings"`
+	SignInUrl        string              `json:"signInUrl" tfsdk:"sign_in_url"`
+}
+
+type AwsSsoRoleMapping struct {
+	MeshProjectRoleRef MeshProjectRoleRefV2 `json:"projectRoleRef" tfsdk:"project_role_ref"`
+	AwsRole            string               `json:"awsRole" tfsdk:"aws_role"`
+	PermissionSetArns  []string             `json:"permissionSetArns" tfsdk:"permission_set_arns"`
+}
+
+type AwsEnrollmentConfiguration struct {
+	ManagementAccountId     string `json:"managementAccountId" tfsdk:"management_account_id"`
+	AccountFactoryProductId string `json:"accountFactoryProductId" tfsdk:"account_factory_product_id"`
+}
+
+type AwsMeteringConfig struct {
+	AccessConfig                   AwsAccessConfig                      `json:"accessConfig" tfsdk:"access_config"`
+	Filter                         string                               `json:"filter" tfsdk:"filter"`
+	ReservedInstanceFairChargeback bool                                 `json:"reservedInstanceFairChargeback" tfsdk:"reserved_instance_fair_chargeback"`
+	SavingsPlanFairChargeback      bool                                 `json:"savingsPlanFairChargeback" tfsdk:"savings_plan_fair_chargeback"`
+	Processing                     MeshPlatformMeteringProcessingConfig `json:"processing" tfsdk:"processing"`
+}

client/platform_config_azure.go

@@ -0,0 +1,82 @@
+package client
+
+type AzurePlatformConfig struct {
+	EntraTenant string                  `json:"entraTenant" tfsdk:"entra_tenant"`
+	Replication *AzureReplicationConfig `json:"replication,omitempty" tfsdk:"replication"`
+	Metering    *AzureMeteringConfig    `json:"metering,omitempty" tfsdk:"metering"`
+}
+
+type AzureReplicationConfig struct {
+	ServicePrincipal                           AzureServicePrincipalConfig          `json:"servicePrincipal" tfsdk:"service_principal"`
+	Provisioning                               *AzureSubscriptionProvisioningConfig `json:"provisioning,omitempty" tfsdk:"provisioning"`
+	B2bUserInvitation                          *AzureInviteB2BUserConfig            `json:"b2bUserInvitation,omitempty" tfsdk:"b2b_user_invitation"`
+	SubscriptionNamePattern                    string                               `json:"subscriptionNamePattern" tfsdk:"subscription_name_pattern"`
+	GroupNamePattern                           string                               `json:"groupNamePattern" tfsdk:"group_name_pattern"`
+	BlueprintServicePrincipal                  string                               `json:"blueprintServicePrincipal" tfsdk:"blueprint_service_principal"`
+	BlueprintLocation                          string                               `json:"blueprintLocation" tfsdk:"blueprint_location"`
+	AzureRoleMappings                          []AzureRoleMapping                   `json:"azureRoleMappings" tfsdk:"azure_role_mappings"`
+	TenantTags                                 *MeshTenantTags                      `json:"tenantTags,omitempty" tfsdk:"tenant_tags"`
+	UserLookUpStrategy                         string                               `json:"userLookUpStrategy" tfsdk:"user_look_up_strategy"`
+	SkipUserGroupPermissionCleanup             bool                                 `json:"skipUserGroupPermissionCleanup" tfsdk:"skip_user_group_permission_cleanup"`
+	AdministrativeUnitId                       *string                              `json:"administrativeUnitId,omitempty" tfsdk:"administrative_unit_id"`
+	AllowHierarchicalManagementGroupAssignment bool                                 `json:"allowHierarchicalManagementGroupAssignment" tfsdk:"allow_hierarchical_management_group_assignment"`
+}
+
+type AzureServicePrincipalConfig struct {
+	ClientId                    string  `json:"clientId" tfsdk:"client_id"`
+	AuthType                    string  `json:"authType" tfsdk:"auth_type"`
+	CredentialsAuthClientSecret *string `json:"credentialsAuthClientSecret,omitempty" tfsdk:"credentials_auth_client_secret"`
+	ObjectId                    string  `json:"objectId" tfsdk:"object_id"`
+}
+
+type AzureGraphApiCredentials struct {
+	ClientId                    string  `json:"clientId" tfsdk:"client_id"`
+	AuthType                    string  `json:"authType" tfsdk:"auth_type"`
+	CredentialsAuthClientSecret *string `json:"credentialsAuthClientSecret,omitempty" tfsdk:"credentials_auth_client_secret"`
+}
+
+type AzureSubscriptionProvisioningConfig struct {
+	SubscriptionOwnerObjectIds []string                               `json:"subscriptionOwnerObjectIds" tfsdk:"subscription_owner_object_ids"`
+	EnterpriseEnrollment       *AzureEnterpriseEnrollmentConfig       `json:"enterpriseEnrollment,omitempty" tfsdk:"enterprise_enrollment"`
+	CustomerAgreement          *AzureCustomerAgreementConfig          `json:"customerAgreement,omitempty" tfsdk:"customer_agreement"`
+	PreProvisioned             *AzurePreProvisionedSubscriptionConfig `json:"preProvisioned,omitempty" tfsdk:"pre_provisioned"`
+}
+
+type AzureEnterpriseEnrollmentConfig struct {
+	EnrollmentAccountId                  string `json:"enrollmentAccountId" tfsdk:"enrollment_account_id"`
+	SubscriptionOfferType                string `json:"subscriptionOfferType" tfsdk:"subscription_offer_type"`
+	UseLegacySubscriptionEnrollment      bool   `json:"useLegacySubscriptionEnrollment" tfsdk:"use_legacy_subscription_enrollment"`
+	SubscriptionCreationErrorCooldownSec int64  `json:"subscriptionCreationErrorCooldownSec" tfsdk:"subscription_creation_error_cooldown_sec"`
+}
+
+type AzureCustomerAgreementConfig struct {
+	SourceServicePrincipal               AzureGraphApiCredentials `json:"sourceServicePrincipal" tfsdk:"source_service_principal"`
+	DestinationEntraId                   string                   `json:"destinationEntraId" tfsdk:"destination_entra_id"`
+	SourceEntraTenant                    string                   `json:"sourceEntraTenant" tfsdk:"source_entra_tenant"`
+	BillingScope                         string                   `json:"billingScope" tfsdk:"billing_scope"`
+	SubscriptionCreationErrorCooldownSec int64                    `json:"subscriptionCreationErrorCooldownSec" tfsdk:"subscription_creation_error_cooldown_sec"`
+}
+
+type AzurePreProvisionedSubscriptionConfig struct {
+	UnusedSubscriptionNamePrefix string `json:"unusedSubscriptionNamePrefix" tfsdk:"unused_subscription_name_prefix"`
+}
+
+type AzureInviteB2BUserConfig struct {
+	RedirectUrl             string `json:"redirectUrl" tfsdk:"redirect_url"`
+	SendAzureInvitationMail bool   `json:"sendAzureInvitationMail" tfsdk:"send_azure_invitation_mail"`
+}
+
+type AzureRoleMapping struct {
+	MeshProjectRoleRef MeshProjectRoleRefV2 `json:"projectRoleRef" tfsdk:"project_role_ref"`
+	AzureRole          AzureRole            `json:"azureRole" tfsdk:"azure_role"`
+}
+
+type AzureRole struct {
+	Alias string `json:"alias" tfsdk:"alias"`
+	Id    string `json:"id" tfsdk:"id"`
+}
+
+type AzureMeteringConfig struct {
+	ServicePrincipal AzureServicePrincipalConfig          `json:"servicePrincipal" tfsdk:"service_principal"`
+	Processing       MeshPlatformMeteringProcessingConfig `json:"processing" tfsdk:"processing"`
+}

client/platform_config_azurerg.go

@@ -0,0 +1,19 @@
+package client
+
+type AzureRgPlatformConfig struct {
+	EntraTenant string                    `json:"entraTenant" tfsdk:"entra_tenant"`
+	Replication *AzureRgReplicationConfig `json:"replication,omitempty" tfsdk:"replication"`
+}
+
+type AzureRgReplicationConfig struct {
+	ServicePrincipal                           AzureServicePrincipalConfig `json:"servicePrincipal" tfsdk:"service_principal"`
+	Subscription                               string                      `json:"subscription" tfsdk:"subscription"`
+	ResourceGroupNamePattern                   string                      `json:"resourceGroupNamePattern" tfsdk:"resource_group_name_pattern"`
+	UserGroupNamePattern                       string                      `json:"userGroupNamePattern" tfsdk:"user_group_name_pattern"`
+	B2bUserInvitation                          *AzureInviteB2BUserConfig   `json:"b2bUserInvitation,omitempty" tfsdk:"b2b_user_invitation"`
+	UserLookUpStrategy                         string                      `json:"userLookUpStrategy" tfsdk:"user_look_up_strategy"`
+	TenantTags                                 *MeshTenantTags             `json:"tenantTags,omitempty" tfsdk:"tenant_tags"`
+	SkipUserGroupPermissionCleanup             bool                        `json:"skipUserGroupPermissionCleanup" tfsdk:"skip_user_group_permission_cleanup"`
+	AdministrativeUnitId                       *string                     `json:"administrativeUnitId,omitempty" tfsdk:"administrative_unit_id"`
+	AllowHierarchicalManagementGroupAssignment bool                        `json:"allowHierarchicalManagementGroupAssignment" tfsdk:"allow_hierarchical_management_group_assignment"`
+}