scaleway
diff --git a/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/data-sources/instance_servers.md‎
Lines changed: 3 additions & 0 deletions b/‎docs/data-sources/instance_servers.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎docs/resources/baremetal_server.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/resources/baremetal_server.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/resources/instance_security_group.md‎
Lines changed: 6 additions & 6 deletions b/‎docs/resources/instance_security_group.md‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎docs/resources/instance_security_group_rules.md‎
Lines changed: 9 additions & 9 deletions b/‎docs/resources/instance_security_group_rules.md‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎go.mod‎
Lines changed: 16 additions & 16 deletions b/‎go.mod‎
Lines changed: 16 additions & 16 deletions
@@ -7,6 +7,8 @@ name: "CodeQL"
 
 permissions:
   contents: read
+  security-events: write
+  actions: read
 
 on:
   push:
 
@@ -46,6 +46,9 @@ In addition to all above arguments, the following attributes are exported:
     - `tags` - The tags associated with the server.
     - `public_ip` - The public IP address of the server.
     - `private_ip` - The Scaleway internal IP address of the server.
+    - `private_ips` - The list of private IPv4 and IPv6 addresses associated with the server.
+        - `id` - The ID of the IP address resource.
+        - `address` - The private IP address.
     - `public_ips` - The list of public IPs of the server
         - `id` - The ID of the IP
         - `address` - The address of the IP
 
@@ -305,6 +305,7 @@ The following arguments are supported:
     - `ipam_ip_ids` - (Optional) List of IPAM IP IDs to assign to the server in the requested private network.
 - `zone` - (Defaults to [provider](../index.md#zone) `zone`) The [zone](../guides/regions_and_zones.md#zones) in which the server should be created.
 - `partitioning` (Optional) The partitioning schema in JSON format
+- `protected` - (Optional) Set to true to activate server protection option.
 - `project_id` - (Defaults to [provider](../index.md#project_id) `project_id`) The ID of the project the server is associated with.
 
 
 
@@ -21,7 +21,7 @@ resource "scaleway_instance_security_group" "web" {
   inbound_rule {
     action = "accept"
     port   = 22
-    ip     = "212.47.225.64"
+    ip_range     = "212.47.225.64/32"
   }
 
   inbound_rule {
@@ -46,13 +46,13 @@ resource "scaleway_instance_security_group" "web" {
 
   inbound_rule {
     action = "drop"
-    ip     = "1.1.1.1" # Banned IP
+    ip_range     = "1.1.1.1/32" # Banned IP range
   }
 
   inbound_rule {
     action = "accept"
     port   = 22
-    ip     = "212.47.225.64"
+    ip_range     = "212.47.225.64/32"
   }
 
   inbound_rule {
@@ -62,7 +62,7 @@ resource "scaleway_instance_security_group" "web" {
 
   outbound_rule {
     action = "accept"
-    ip     = "8.8.8.8" # Only allow outgoing connection to this IP.
+    ip_range     = "8.8.8.8/32" # Only allow outgoing connection to this IP range.
   }
 }
 ```
@@ -86,7 +86,7 @@ resource "scaleway_instance_security_group" "dummy" {
     content {
       action = "accept"
       port   = 22
-      ip     = inbound_rule.value
+      ip_range     = inbound_rule.value
     }
   }
 }
@@ -132,7 +132,7 @@ The `inbound_rule` and `outbound_rule` block supports:
   If no `port` nor `port_range` are specified, rule will apply to all port.
   Only one of `port` and `port_range` should be specified.
 
-- `ip`- (Optional) The ip this rule apply to. If no `ip` nor `ip_range` are specified, rule will apply to all ip. Only one of `ip` and `ip_range` should be specified.
+- `ip`- (Deprecated) The ip this rule apply to. If no `ip` nor `ip_range` are specified, rule will apply to all ip. Only one of `ip` and `ip_range` should be specified.
 
 - `ip_range`- (Optional) The ip range (e.g `192.168.1.0/24`) this rule applies to. If no `ip` nor `ip_range` are specified, rule will apply to all ip. Only one of `ip` and `ip_range` should be specified.
 
 
@@ -46,9 +46,9 @@ resource "scaleway_instance_security_group" "main" {
 
 locals {
   trusted = [
-    "1.2.3.4",
-    "4.5.6.7",
-    "7.8.9.10"
+    "1.2.3.4/32",
+    "4.5.6.7/32",
+    "7.8.9.10/24"
   ]
 }
 
@@ -59,7 +59,7 @@ resource "scaleway_instance_security_group_rules" "main" {
     for_each = local.trusted
     content {
       action = "accept"
-      ip     = inbound_rule.value
+      ip_range     = inbound_rule.value
       port   = 80
     }
   }
@@ -79,9 +79,9 @@ resource "scaleway_instance_security_group" "main" {
 
 locals {
   trusted = [
-    { ip = "1.2.3.4", port = "80" },
-    { ip = "5.6.7.8", port = "81" },
-    { ip = "9.10.11.12", port = "81" },
+    { ip_range = "1.2.3.4/32", port = "80" },
+    { ip_range = "5.6.7.8/32", port = "81" },
+    { ip_range = "9.10.11.12/32", port = "81" },
   ]
 }
 
@@ -92,7 +92,7 @@ resource "scaleway_instance_security_group_rules" "main" {
     for_each = local.trusted
     content {
       action = "accept"
-      ip     = inbound_rule.value.ip
+      ip_range     = inbound_rule.value.ip_range
       port   = inbound_rule.value.port
     }
   }
@@ -122,7 +122,7 @@ The `inbound_rule` and `outbound_rule` block supports:
   If no `port` nor `port_range` are specified, rule will apply to all port.
   Only one of `port` and `port_range` should be specified.
 
-- `ip`- (Optional) The ip this rule apply to. If no `ip` nor `ip_range` are specified, rule will apply to all ip. Only one of `ip` and `ip_range` should be specified.
+- `ip`- (Deprecated) The ip this rule apply to. If no `ip` nor `ip_range` are specified, rule will apply to all ip. Only one of `ip` and `ip_range` should be specified.
 
 - `ip_range`- (Optional) The ip range (e.g `192.168.1.0/24`) this rule applies to. If no `ip` nor `ip_range` are specified, rule will apply to all ip. Only one of `ip` and `ip_range` should be specified.
 
 
@@ -4,14 +4,14 @@ go 1.24.0
 
 require (
 	github.com/alexedwards/argon2id v1.0.0
-	github.com/aws/aws-sdk-go-v2 v1.36.5
+	github.com/aws/aws-sdk-go-v2 v1.37.1
 	github.com/aws/aws-sdk-go-v2/config v1.29.17
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.70
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.82.0
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.85.1
 	github.com/aws/aws-sdk-go-v2/service/sns v1.34.4
 	github.com/aws/aws-sdk-go-v2/service/sqs v1.38.6
-	github.com/aws/smithy-go v1.22.4
-	github.com/docker/docker v28.2.2+incompatible
+	github.com/aws/smithy-go v1.22.5
+	github.com/docker/docker v28.3.3+incompatible
 	github.com/dustin/go-humanize v1.0.1
 	github.com/google/go-cmp v0.7.0
 	github.com/google/uuid v1.6.0
@@ -26,11 +26,11 @@ require (
 	github.com/hashicorp/terraform-plugin-mux v0.20.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.37.0
 	github.com/nats-io/jwt/v2 v2.7.4
-	github.com/nats-io/nats.go v1.38.0
+	github.com/nats-io/nats.go v1.44.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.34.0.20250721082157-a9b7a7bd9686
 	github.com/stretchr/testify v1.10.0
-	golang.org/x/crypto v0.39.0
+	golang.org/x/crypto v0.40.0
 	gopkg.in/dnaeon/go-vcr.v3 v3.2.0
 )
 
@@ -46,16 +46,16 @@ require (
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/aws/aws-sdk-go v1.55.5 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.11 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.1 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.36 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.25.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.34.0 // indirect
@@ -105,7 +105,7 @@ require (
 	github.com/katbyte/andreyvit-diff v0.0.2 // indirect
 	github.com/katbyte/sergi-go-diff v1.2.2 // indirect
 	github.com/katbyte/terrafmt v0.5.5 // indirect
-	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
@@ -157,7 +157,7 @@ require (
 	golang.org/x/mod v0.25.0 // indirect
 	golang.org/x/net v0.41.0 // indirect
 	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/sys v0.34.0 // indirect
 	golang.org/x/text v0.27.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.34.0 // indirect
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ resource "scaleway_instance_security_group" "web" {`
`21`	`21`	`inbound_rule {`
`22`	`22`	`action = "accept"`
`23`	`23`	`port = 22`
`24`		`- ip = "212.47.225.64"`
	`24`	`+ ip_range = "212.47.225.64/32"`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`inbound_rule {`
`@@ -46,13 +46,13 @@ resource "scaleway_instance_security_group" "web" {`
`46`	`46`
`47`	`47`	`inbound_rule {`
`48`	`48`	`action = "drop"`
`49`		`- ip = "1.1.1.1" # Banned IP`
	`49`	`+ ip_range = "1.1.1.1/32" # Banned IP range`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`inbound_rule {`
`53`	`53`	`action = "accept"`
`54`	`54`	`port = 22`
`55`		`- ip = "212.47.225.64"`
	`55`	`+ ip_range = "212.47.225.64/32"`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`inbound_rule {`
`@@ -62,7 +62,7 @@ resource "scaleway_instance_security_group" "web" {`
`62`	`62`
`63`	`63`	`outbound_rule {`
`64`	`64`	`action = "accept"`
`65`		`- ip = "8.8.8.8" # Only allow outgoing connection to this IP.`
	`65`	`+ ip_range = "8.8.8.8/32" # Only allow outgoing connection to this IP range.`
`66`	`66`	`}`
`67`	`67`	`}`
`68`	`68`	```
`@@ -86,7 +86,7 @@ resource "scaleway_instance_security_group" "dummy" {`
`86`	`86`	`content {`
`87`	`87`	`action = "accept"`
`88`	`88`	`port = 22`
`89`		`- ip = inbound_rule.value`
	`89`	`+ ip_range = inbound_rule.value`
`90`	`90`	`}`
`91`	`91`	`}`
`92`	`92`	`}`
@@ -132,7 +132,7 @@ The `inbound_rule` and `outbound_rule` block supports:
`132`	`132`	If no `port` nor `port_range` are specified, rule will apply to all port.
`133`	`133`	Only one of `port` and `port_range` should be specified.
`134`	`134`
`135`		-- `ip`- (Optional) The ip this rule apply to. If no `ip` nor `ip_range` are specified, rule will apply to all ip. Only one of `ip` and `ip_range` should be specified.
	`135`	+- `ip`- (Deprecated) The ip this rule apply to. If no `ip` nor `ip_range` are specified, rule will apply to all ip. Only one of `ip` and `ip_range` should be specified.
`136`	`136`
`137`	`137`	- `ip_range`- (Optional) The ip range (e.g `192.168.1.0/24`) this rule applies to. If no `ip` nor `ip_range` are specified, rule will apply to all ip. Only one of `ip` and `ip_range` should be specified.
`138`	`138`
Original file line number	Diff line number	Diff line change
`@@ -46,9 +46,9 @@ resource "scaleway_instance_security_group" "main" {`
`46`	`46`
`47`	`47`	`locals {`
`48`	`48`	`trusted = [`
`49`		`- "1.2.3.4",`
`50`		`- "4.5.6.7",`
`51`		`- "7.8.9.10"`
	`49`	`+ "1.2.3.4/32",`
	`50`	`+ "4.5.6.7/32",`
	`51`	`+ "7.8.9.10/24"`
`52`	`52`	`]`
`53`	`53`	`}`
`54`	`54`
`@@ -59,7 +59,7 @@ resource "scaleway_instance_security_group_rules" "main" {`
`59`	`59`	`for_each = local.trusted`
`60`	`60`	`content {`
`61`	`61`	`action = "accept"`
`62`		`- ip = inbound_rule.value`
	`62`	`+ ip_range = inbound_rule.value`
`63`	`63`	`port = 80`
`64`	`64`	`}`
`65`	`65`	`}`
`@@ -79,9 +79,9 @@ resource "scaleway_instance_security_group" "main" {`
`79`	`79`
`80`	`80`	`locals {`
`81`	`81`	`trusted = [`
`82`		`- { ip = "1.2.3.4", port = "80" },`
`83`		`- { ip = "5.6.7.8", port = "81" },`
`84`		`- { ip = "9.10.11.12", port = "81" },`
	`82`	`+ { ip_range = "1.2.3.4/32", port = "80" },`
	`83`	`+ { ip_range = "5.6.7.8/32", port = "81" },`
	`84`	`+ { ip_range = "9.10.11.12/32", port = "81" },`
`85`	`85`	`]`
`86`	`86`	`}`
`87`	`87`
`@@ -92,7 +92,7 @@ resource "scaleway_instance_security_group_rules" "main" {`
`92`	`92`	`for_each = local.trusted`
`93`	`93`	`content {`
`94`	`94`	`action = "accept"`
`95`		`- ip = inbound_rule.value.ip`
	`95`	`+ ip_range = inbound_rule.value.ip_range`
`96`	`96`	`port = inbound_rule.value.port`
`97`	`97`	`}`
`98`	`98`	`}`
@@ -122,7 +122,7 @@ The `inbound_rule` and `outbound_rule` block supports:
`122`	`122`	If no `port` nor `port_range` are specified, rule will apply to all port.
`123`	`123`	Only one of `port` and `port_range` should be specified.
`124`	`124`
`125`		-- `ip`- (Optional) The ip this rule apply to. If no `ip` nor `ip_range` are specified, rule will apply to all ip. Only one of `ip` and `ip_range` should be specified.
	`125`	+- `ip`- (Deprecated) The ip this rule apply to. If no `ip` nor `ip_range` are specified, rule will apply to all ip. Only one of `ip` and `ip_range` should be specified.
`126`	`126`
`127`	`127`	- `ip_range`- (Optional) The ip range (e.g `192.168.1.0/24`) this rule applies to. If no `ip` nor `ip_range` are specified, rule will apply to all ip. Only one of `ip` and `ip_range` should be specified.
`128`	`128`