Merge branch 'master' into instance_eos_filter_by_offer_id

Author: Mia-Cross

docs/resources/apple_silicon_server.md

@@ -19,6 +19,28 @@ resource "scaleway_apple_silicon_server" "server" {
 }
 ```
 
+### Enable VPC and attach private network
+
+```terraform
+resource "scaleway_vpc" "vpc-apple-silicon" {
+  name = "vpc-apple-silicon"
+}
+
+resource "scaleway_vpc_private_network" "pn-apple-silicon" {
+  name = "pn-apple-silicon"
+  vpc_id = scaleway_vpc.vpc-apple-silicon.id
+}
+
+resource "scaleway_apple_silicon_server" "my-server" {
+    name = "TestAccServerEnableVPC"
+    type = "M2-M"
+    enable_vpc = true
+    private_network {
+      id = scaleway_vpc_private_network.pn-apple-silicon.id
+    }
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
@@ -36,6 +58,10 @@ The following arguments are supported:
   associated with.
 - `enable_vpc` - (Optional, Default: false): Enables the VPC option when set to true.
 
+- `private_network` - (Optional) The private networks to attach to the server
+    - `id` - The private network ID
+    - `ipam_ip_ids` - A list of IPAM IP IDs to attach to the server.
+
 - `commitment_type` (Optional, Default: duration_24h): Activate commitment for this server
 
 - `public_bandwidth` (Optional) Configure the available public bandwidth for your server in bits per second. This option may not be available for all offers.
@@ -59,6 +85,11 @@ In addition to all arguments above, the following attributes are exported:
 - `deleted_at` - The minimal date and time on which you can delete this server due to Apple licence.
 - `organization_id` - The organization ID the server is associated with.
 - `vpc_status` - The current status of the VPC option.
+- `private_network` - The private networks to attach to the server
+    - `vlan`  - The VLAN ID associated with the private network.
+    - `status` - The current status of the private network.
+    - `created_at` - The date and time the private network was created.
+    - `updated_at` - The date and time the private network was last updated.
 
 ## Import
 

docs/resources/domain_record.md

@@ -207,8 +207,6 @@ The following arguments are supported:
 
 - `dns_zone` - (Required) The DNS zone of the domain. If the domain has no DNS zone, one will be automatically created.
 
-- `keep_empty_zone` - (Optional, defaults to `false`) When destroying a resource, if only NS records remain and this is set to `false`, the zone will be deleted. Note that each zone not deleted will [be billed](https://www.scaleway.com/en/dns/).
-
 - `name` - (Optional) The name of the record (can be an empty string for a root record).
 
 - `type` - (Required) The type of the record (`A`, `AAAA`, `MX`, `CNAME`, `DNAME`, `ALIAS`, `NS`, `PTR`, `SRV`, `TXT`, `TLSA`, or `CAA`).

docs/resources/key_manager_key.md

@@ -0,0 +1,91 @@
+---
+subcategory: "Key Manager"
+page_title: "Scaleway: scaleway_key_manager_key"
+---
+# Resource: scaleway_key_manager_key
+
+Provides a Scaleway Key Manager Key resource.  
+This resource allows you to create and manage cryptographic keys in Scaleway Key Manager (KMS).
+
+## Example Usage
+
+```terraform
+resource "scaleway_key_manager_key" "main" {
+  name         = "my-kms-key"
+  region       = "fr-par"
+  project_id   = "your-project-id" # optional, will use provider default if omitted
+  usage        = "symmetric_encryption"
+  description  = "Key for encrypting secrets"
+  tags         = ["env:prod", "kms"]
+  unprotected  = true
+
+  rotation_policy {
+    rotation_period = "720h" # 30 days
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+- `name` (String) – The name of the key.  
+- `region` (String) – The region in which to create the key (e.g., `fr-par`).  
+- `project_id` (String, Optional) – The ID of the project the key belongs to.  
+- `usage` (String, **Required**) – The usage of the key. Valid values are:
+    - `symmetric_encryption`
+    - `asymmetric_encryption`
+    - `asymmetric_signing`
+- `description` (String, Optional) – A description for the key.
+- `tags` (List of String, Optional) – A list of tags to assign to the key.
+- `unprotected` (Boolean, Optional) – If `true`, the key can be deleted. Defaults to `false` (protected).
+- `origin` (String, Optional) – The origin of the key. Valid values are:
+    - `scaleway_kms` (default)
+    - `external`
+- `rotation_policy` (Block, Optional) – Rotation policy for the key:
+    - `rotation_period` (String, Optional) – The period between key rotations (e.g., `"720h"` for 30 days).
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+- `id` – The ID of the key.
+- `state` – The state of the key (e.g., `enabled`).
+- `created_at` – The date and time when the key was created.
+- `updated_at` – The date and time when the key was last updated.
+- `rotation_count` – The number of times the key has been rotated.
+- `protected` – Whether the key is protected from deletion.
+- `locked` – Whether the key is locked.
+- `rotated_at` – The date and time when the key was last rotated.
+- `origin_read` – The origin of the key as returned by the API.
+- `region_read` – The region of the key as returned by the API.
+- `rotation_policy` (Block)
+    - `rotation_period` – The period between key rotations.
+    - `next_rotation_at` – The date and time of the next scheduled rotation.
+
+## Import
+
+You can import a key using its ID and region:
+
+```shell
+terraform import scaleway_key_manager_key.main fr-par/11111111-2222-3333-4444-555555555555
+```
+
+## Notes
+
+- **Protection**: By default, keys are protected and cannot be deleted. To allow deletion, set `unprotected = true` when creating the key.
+- **Rotation Policy**: The `rotation_policy` block allows you to set automatic rotation for your key.
+- **Origin**: The `origin` argument is optional and defaults to `scaleway_kms`. Use `external` if you want to import an external key (see Scaleway documentation for details).
+- **Project and Region**: If not specified, `project_id` and `region` will default to the provider configuration.
+
+## Example: Asymmetric Key
+
+```terraform
+resource "scaleway_key_manager_key" "asym" {
+  name        = "asymmetric-key"
+  region      = "fr-par"
+  usage       = "asymmetric_signing"
+  description = "Key for signing documents"
+  unprotected = true
+}
+```

docs/resources/vpc_acl.md

@@ -39,7 +39,7 @@ resource "scaleway_vpc_acl" "acl01" {
 The following arguments are supported:
 
 - `vpc_id` - (Required) The VPC ID the ACL belongs to.
-- `default_policy` - (Required) The action to take for packets which do not match any rules.
+- `default_policy` - (Optional. Defaults to `accept`) The action to take for packets which do not match any rules.
 - `is_ipv6` - (Optional) Defines whether this set of ACL rules is for IPv6 (false = IPv4). Each Network ACL can have rules for only one IP type.
 - `rules` - (Optional) The list of Network ACL rules.
     - `protocol` - (Optional) The protocol to which this rule applies. Default value: ANY.

internal/provider/provider.go

@@ -32,6 +32,7 @@ import (
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/ipam"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/jobs"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/k8s"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/keymanager"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/lb"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/marketplace"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/mnq"
@@ -195,6 +196,7 @@ func Provider(config *Config) plugin.ProviderFunc {
 				"scaleway_k8s_acl":                             k8s.ResourceACL(),
 				"scaleway_k8s_cluster":                         k8s.ResourceCluster(),
 				"scaleway_k8s_pool":                            k8s.ResourcePool(),
+				"scaleway_key_manager_key":                     keymanager.ResourceKeyManagerKey(),
 				"scaleway_lb":                                  lb.ResourceLb(),
 				"scaleway_lb_acl":                              lb.ResourceACL(),
 				"scaleway_lb_backend":                          lb.ResourceBackend(),

internal/services/domain/record.go

@@ -29,7 +29,6 @@ var changeKeys = []string{
 	"weighted",
 	"view",
 	"dns_zone",
-	"keep_empty_zone",
 }
 
 func ResourceRecord() *schema.Resource {
@@ -56,12 +55,6 @@ func ResourceRecord() *schema.Resource {
 				Required:    true,
 				ForceNew:    true,
 			},
-			"keep_empty_zone": {
-				Type:        schema.TypeBool,
-				Description: "When destroy a resource record, if a zone have only NS, delete the zone",
-				Optional:    true,
-				Default:     false,
-			},
 			"root_zone": {
 				Type:        schema.TypeBool,
 				Description: "Does the DNS zone is the root zone or not",
@@ -503,7 +496,7 @@ func resourceDomainRecordDelete(ctx context.Context, d *schema.ResourceData, m a
 	d.SetId("")
 
 	// for non-root zone, if the zone have only NS records, then delete the zone
-	if d.Get("keep_empty_zone").(bool) || d.Get("root_zone").(bool) {
+	if d.Get("root_zone").(bool) {
 		return nil
 	}
 

internal/services/domain/record_test.go

@@ -675,7 +675,6 @@ func TestAccDomainRecord_SRVZone(t *testing.T) {
 						name            = "%[2]s"
 						type            = "%[3]s"
 						data            = "%[4]s"
-						keep_empty_zone = false
 					}
 				`, testDNSZone, name, recordType, data),
 				Check: resource.ComposeTestCheckFunc(