Skip to content

feat(iaas): add image share resource #1164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
h3adex wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat(iaas): add image share resource #1164

h3adex wants to merge 1 commit into from
+532 −0

Conversation

@h3adex
Copy link
Contributor

@h3adex h3adex commented Jan 28, 2026
edited
Loading

Description

Problems with this resource:

  1. When you set parent_organization = true, you are telling the API to share the image with every project in your organization. projects = null (Because they are mutually exclusive, user don't set this). The API calculates which projects belongs to your organization and returns that list of projects in the response (e.g., projects: ["proj-A", "proj-B"]). To fix this we ignore the data the API returns for projects whenever parent_organization is active (mapShareFields).

  2. The API treats image sharing as a single global configuration. Creating a new share silently overwrites any existing one. Fix: Added a Check-Then-Act validation in Create (using authorization resource utils right now, should be moved to general utils?)

  3. The API rejects null for projects (requires []), but throws a 400 Conflict if both projects and parentOrganization keys are present in the payload, even if one is empty/null. Fix: Implemented custom payload serialization (toSetImageSharePayload) that explicitly sets unused fields to nil (omitting the key) while initializing used fields

Open Problem (unlikely case a user does that but still open):

Resource1: Sets parent_organization = false.
Resource2: runs its pre-create check, it calls the API. My duplicate check logic interprets this as "No resource exists," effectively making Resource 1 invisible to the conflict detector.

resource "stackit_image" "image" {
  project_id      = var.stackit_project_id
  name            = "dev"
  disk_format     = "raw"
  local_file_path = "./files/test-512k.img"
}

resource "stackit_image_share" "resource1" {
  project_id          = var.stackit_project_id
  image_id            = stackit_image.image.image_id
  // a user says explicit this image share should not be shared accros parent org. Therefor also projects
  parent_organization = false
}

// duplicate func won't detect stackit_image_share.share. On next apply they will update each other :-D
resource "stackit_image_share" "resource2" {
  project_id          = var.stackit_project_id
  image_id            = stackit_image.image.image_id
  projects = [
    "e8072f14-30e8-4d0e-8c24-a87322e507bf",
    "f8f925f1-2d67-49e9-9c50-2efcfb261899",
  ]
}

I don't have a solution for this problem. We could add this resource as beta and add a comment to the documentation which explains that each image can only have a single share resource.

Checklist

  • Issue was linked above
  • Code format was applied: make fmt
  • Examples were added / adjusted (see examples/ directory)
  • Docs are up-to-date: make generate-docs (will be checked by CI)
  • Unit tests got implemented or updated
  • Acceptance tests got implemented or updated (see e.g. here)
  • Unit tests are passing: make test (will be checked by CI)
  • No linter issues: make lint (will be checked by CI)

@h3adex h3adex requested a review from a team as a code owner January 28, 2026 14:07
@h3adex h3adex marked this pull request as draft January 28, 2026 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@h3adex