refactor: remove reSensitive

docs/data-sources/clickhouse.md

@@ -78,6 +78,7 @@ Read-Only:
 - `privatelink_access` (List of Object) (see [below for nested schema](#nestedobjatt--clickhouse_user_config--privatelink_access))
 - `project_to_fork_from` (String)
 - `public_access` (List of Object) (see [below for nested schema](#nestedobjatt--clickhouse_user_config--public_access))
+- `recovery_basebackup_name` (String)
 - `service_log` (Boolean)
 - `service_to_fork_from` (String)
 - `static_ips` (Boolean)

docs/data-sources/flink.md

@@ -91,6 +91,8 @@ Read-Only:
 - `ip_filter_object` (Set of Object) (see [below for nested schema](#nestedobjatt--flink_user_config--ip_filter_object))
 - `ip_filter_string` (Set of String)
 - `number_of_task_slots` (Number)
+- `pekko_ask_timeout_s` (Number)
+- `pekko_framesize_b` (Number)
 - `privatelink_access` (List of Object) (see [below for nested schema](#nestedobjatt--flink_user_config--privatelink_access))
 - `service_log` (Boolean)
 - `static_ips` (Boolean)

docs/data-sources/kafka.md

@@ -116,6 +116,7 @@ Read-Only:
 - `schema_registry` (Boolean)
 - `schema_registry_config` (List of Object) (see [below for nested schema](#nestedobjatt--kafka_user_config--schema_registry_config))
 - `service_log` (Boolean)
+- `single_zone` (List of Object) (see [below for nested schema](#nestedobjatt--kafka_user_config--single_zone))
 - `static_ips` (Boolean)
 - `tiered_storage` (List of Object) (see [below for nested schema](#nestedobjatt--kafka_user_config--tiered_storage))
 
@@ -329,6 +330,14 @@ Read-Only:
 - `topic_name` (String)
 
 
+<a id="nestedobjatt--kafka_user_config--single_zone"></a>
+### Nested Schema for `kafka_user_config.single_zone`
+
+Read-Only:
+
+- `enabled` (Boolean)
+
+
 <a id="nestedobjatt--kafka_user_config--tiered_storage"></a>
 ### Nested Schema for `kafka_user_config.tiered_storage`
 

docs/data-sources/thanos.md

@@ -153,6 +153,7 @@ Read-Only:
 - `query_frontend` (Boolean)
 - `receiver_ingesting` (Boolean)
 - `receiver_routing` (Boolean)
+- `ruler` (Boolean)
 - `store` (Boolean)
 
 

docs/resources/clickhouse.md

@@ -86,6 +86,7 @@ Optional:
 - `privatelink_access` (Block List, Max: 1) Allow access to selected service components through Privatelink (see [below for nested schema](#nestedblock--clickhouse_user_config--privatelink_access))
 - `project_to_fork_from` (String) Name of another project to fork a service from. This has effect only when a new service is being created. Example: `anotherprojectname`.
 - `public_access` (Block List, Max: 1) Allow access to selected service ports from the public Internet (see [below for nested schema](#nestedblock--clickhouse_user_config--public_access))
+- `recovery_basebackup_name` (String) Name of the basebackup to restore in forked service. Example: `backup-20191112t091354293891z`.
 - `service_log` (Boolean) Store logs for the service so that they are available in the HTTP API and console.
 - `service_to_fork_from` (String) Name of another service to fork from. This has effect only when a new service is being created. Example: `anotherservicename`.
 - `static_ips` (Boolean) Use static public IP addresses.

docs/resources/flink.md

@@ -88,6 +88,8 @@ Optional:
 - `ip_filter_object` (Block Set, Max: 1024) Allow incoming connections from CIDR address block, e.g. `10.20.0.0/16` (see [below for nested schema](#nestedblock--flink_user_config--ip_filter_object))
 - `ip_filter_string` (Set of String) Allow incoming connections from CIDR address block, e.g. `10.20.0.0/16`.
 - `number_of_task_slots` (Number) Task slots per node. For a 3 node plan, total number of task slots is 3x this value. Example: `1`.
+- `pekko_ask_timeout_s` (Number) Timeout in seconds used for all futures and blocking Pekko requests. Example: `10`.
+- `pekko_framesize_b` (Number) Maximum size in bytes for messages exchanged between the JobManager and the TaskManagers. Example: `10485760`.
 - `privatelink_access` (Block List, Max: 1) Allow access to selected service components through Privatelink (see [below for nested schema](#nestedblock--flink_user_config--privatelink_access))
 - `service_log` (Boolean) Store logs for the service so that they are available in the HTTP API and console.
 - `static_ips` (Boolean) Use static public IP addresses.

docs/resources/grafana.md

@@ -237,7 +237,7 @@ Optional:
 
 Required:
 
-- `access_key` (String, Sensitive) S3 access key. Requires permissions to the S3 bucket for the s3:PutObject and s3:PutObjectAcl actions. Example: `AAAAAAAAAAAAAAAAAAA`.
+- `access_key` (String) S3 access key. Requires permissions to the S3 bucket for the s3:PutObject and s3:PutObjectAcl actions. Example: `AAAAAAAAAAAAAAAAAAA`.
 - `bucket_url` (String) Bucket URL for S3. Example: `https://grafana.s3-ap-southeast-2.amazonaws.com/`.
 - `provider` (String) Enum: `s3`. Provider type.
 - `secret_key` (String, Sensitive) S3 secret key. Example: `AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`.

docs/resources/kafka.md

@@ -129,6 +129,7 @@ Optional:
 - `schema_registry` (Boolean) Enable Schema-Registry service. Default: `false`.
 - `schema_registry_config` (Block List, Max: 1) Schema Registry configuration (see [below for nested schema](#nestedblock--kafka_user_config--schema_registry_config))
 - `service_log` (Boolean) Store logs for the service so that they are available in the HTTP API and console.
+- `single_zone` (Block List, Max: 1) Single-zone configuration (see [below for nested schema](#nestedblock--kafka_user_config--single_zone))
 - `static_ips` (Boolean) Use static public IP addresses.
 - `tiered_storage` (Block List, Max: 1) Tiered storage configuration (see [below for nested schema](#nestedblock--kafka_user_config--tiered_storage))
 
@@ -259,7 +260,7 @@ Required:
 
 Optional:
 
-- `access_key` (String, Sensitive) Access key used to authenticate with aws.
+- `access_key` (String) Access key used to authenticate with aws.
 - `secret_key` (String, Sensitive) Secret key used to authenticate with aws.
 
 
@@ -354,6 +355,14 @@ Optional:
 - `topic_name` (String) The durable single partition topic that acts as the durable log for the data. This topic must be compacted to avoid losing data due to retention policy. Please note that changing this configuration in an existing Schema Registry / Karapace setup leads to previous schemas being inaccessible, data encoded with them potentially unreadable and schema ID sequence put out of order. It's only possible to do the switch while Schema Registry / Karapace is disabled. Defaults to `_schemas`.
 
 
+<a id="nestedblock--kafka_user_config--single_zone"></a>
+### Nested Schema for `kafka_user_config.single_zone`
+
+Optional:
+
+- `enabled` (Boolean) Whether to allocate nodes on the same Availability Zone or spread across zones available.
+
+
 <a id="nestedblock--kafka_user_config--tiered_storage"></a>
 ### Nested Schema for `kafka_user_config.tiered_storage`
 

docs/resources/kafka_connect.md

@@ -210,7 +210,7 @@ Required:
 
 Optional:
 
-- `access_key` (String, Sensitive) Access key used to authenticate with aws.
+- `access_key` (String) Access key used to authenticate with aws.
 - `secret_key` (String, Sensitive) Secret key used to authenticate with aws.
 
 

docs/resources/opensearch.md

@@ -100,10 +100,10 @@ Read-Only:
 Optional:
 
 - `additional_backup_regions` (List of String) Additional Cloud Regions for Backup Replication.
-- `azure_migration` (Block List, Max: 1) (see [below for nested schema](#nestedblock--opensearch_user_config--azure_migration))
+- `azure_migration` (Block List, Max: 1) Azure migration settings (see [below for nested schema](#nestedblock--opensearch_user_config--azure_migration))
 - `custom_domain` (String) Serve the web frontend using a custom CNAME pointing to the Aiven DNS name. Example: `grafana.example.org`.
 - `disable_replication_factor_adjustment` (Boolean) Disable automatic replication factor adjustment for multi-node services. By default, Aiven ensures all indexes are replicated at least to two nodes. Note: Due to potential data loss in case of losing a service node, this setting can no longer be activated.
-- `gcs_migration` (Block List, Max: 1) (see [below for nested schema](#nestedblock--opensearch_user_config--gcs_migration))
+- `gcs_migration` (Block List, Max: 1) Google Cloud Storage migration settings (see [below for nested schema](#nestedblock--opensearch_user_config--gcs_migration))
 - `index_patterns` (Block List, Max: 512) Index patterns (see [below for nested schema](#nestedblock--opensearch_user_config--index_patterns))
 - `index_rollup` (Block List, Max: 1) Index rollup settings (see [below for nested schema](#nestedblock--opensearch_user_config--index_rollup))
 - `index_template` (Block List, Max: 1) Template settings for all new indexes (see [below for nested schema](#nestedblock--opensearch_user_config--index_template))
@@ -121,7 +121,7 @@ Optional:
 - `project_to_fork_from` (String) Name of another project to fork a service from. This has effect only when a new service is being created. Example: `anotherprojectname`.
 - `public_access` (Block List, Max: 1) Allow access to selected service ports from the public Internet (see [below for nested schema](#nestedblock--opensearch_user_config--public_access))
 - `recovery_basebackup_name` (String) Name of the basebackup to restore in forked service. Example: `backup-20191112t091354293891z`.
-- `s3_migration` (Block List, Max: 1) (see [below for nested schema](#nestedblock--opensearch_user_config--s3_migration))
+- `s3_migration` (Block List, Max: 1) AWS S3 / AWS S3 compatible migration settings (see [below for nested schema](#nestedblock--opensearch_user_config--s3_migration))
 - `saml` (Block List, Max: 1) OpenSearch SAML configuration (see [below for nested schema](#nestedblock--opensearch_user_config--saml))
 - `service_log` (Boolean) Store logs for the service so that they are available in the HTTP API and console.
 - `service_to_fork_from` (String) Name of another service to fork from. This has effect only when a new service is being created. Example: `anotherservicename`.
@@ -143,8 +143,8 @@ Optional:
 - `compress` (Boolean) When set to true metadata files are stored in compressed format.
 - `endpoint_suffix` (String) Defines the DNS suffix for Azure Storage endpoints.
 - `indices` (String) A comma-delimited list of indices to restore from the snapshot. Multi-index syntax is supported. By default, a restore operation includes all data streams and indices in the snapshot. If this argument is provided, the restore operation only includes the data streams and indices that you specify. Example: `metrics*,logs*,data-20240823`.
-- `key` (String) Azure account secret key. One of key or sas_token should be specified.
-- `sas_token` (String) A shared access signatures (SAS) token. One of key or sas_token should be specified.
+- `key` (String, Sensitive) Azure account secret key. One of key or sas_token should be specified.
+- `sas_token` (String, Sensitive) A shared access signatures (SAS) token. One of key or sas_token should be specified.
 
 
 <a id="nestedblock--opensearch_user_config--gcs_migration"></a>
@@ -154,7 +154,7 @@ Required:
 
 - `base_path` (String) The path to the repository data within its container. The value of this setting should not start or end with a /.
 - `bucket` (String) The path to the repository data within its container.
-- `credentials` (String) Google Cloud Storage credentials file content.
+- `credentials` (String, Sensitive) Google Cloud Storage credentials file content.
 - `snapshot_name` (String) The snapshot name to restore from.
 
 Optional:
@@ -365,7 +365,7 @@ Optional:
 
 Required:
 
-- `access_key` (String, Sensitive) AWS Access key.
+- `access_key` (String) AWS Access key.
 - `base_path` (String) The path to the repository data within its container. The value of this setting should not start or end with a /.
 - `bucket` (String) S3 bucket name.
 - `region` (String) S3 region.

docs/resources/service_integration_endpoint.md

@@ -80,7 +80,7 @@ Optional:
 
 Required:
 
-- `access_key` (String, Sensitive) AWS access key. Required permissions are logs:CreateLogGroup, logs:CreateLogStream, logs:PutLogEvents and logs:DescribeLogStreams. Example: `AAAAAAAAAAAAAAAAAAAA`.
+- `access_key` (String) AWS access key. Required permissions are logs:CreateLogGroup, logs:CreateLogStream, logs:PutLogEvents and logs:DescribeLogStreams. Example: `AAAAAAAAAAAAAAAAAAAA`.
 - `region` (String) AWS region. Example: `us-east-1`.
 - `secret_key` (String, Sensitive) AWS secret key. Example: `AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`.
 
@@ -94,7 +94,7 @@ Optional:
 
 Required:
 
-- `access_key` (String, Sensitive) AWS access key. Required permissions are cloudwatch:PutMetricData. Example: `AAAAAAAAAAAAAAAAAAAA`.
+- `access_key` (String) AWS access key. Required permissions are cloudwatch:PutMetricData. Example: `AAAAAAAAAAAAAAAAAAAA`.
 - `namespace` (String) AWS CloudWatch Metrics Namespace. Example: `my-metrics-namespace`.
 - `region` (String) AWS region. Example: `us-east-1`.
 - `secret_key` (String, Sensitive) AWS secret key. Example: `AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`.
@@ -105,8 +105,8 @@ Required:
 
 Required:
 
-- `access_key_id` (String, Sensitive) Access Key Id. Example: `AAAAAAAAAAAAAAAAAAA`.
-- `secret_access_key` (String, Sensitive) Secret Access Key. Example: `AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`.
+- `access_key_id` (String) Access Key Id. Example: `AAAAAAAAAAAAAAAAAAA`.
+- `secret_access_key` (String) Secret Access Key. Example: `AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`.
 - `url` (String) S3-compatible bucket URL. Example: `https://mybucket.s3-myregion.amazonaws.com/mydataset/`.
 
 

docs/resources/thanos.md

@@ -148,6 +148,7 @@ Optional:
 - `query_frontend` (Boolean) Allow clients to connect to query_frontend from the public internet for service nodes that are in a project VPC or another type of private network.
 - `receiver_ingesting` (Boolean) Allow clients to connect to receiver_ingesting from the public internet for service nodes that are in a project VPC or another type of private network.
 - `receiver_routing` (Boolean) Allow clients to connect to receiver_routing from the public internet for service nodes that are in a project VPC or another type of private network.
+- `ruler` (Boolean) Allow clients to connect to ruler from the public internet for service nodes that are in a project VPC or another type of private network.
 - `store` (Boolean) Allow clients to connect to store from the public internet for service nodes that are in a project VPC or another type of private network.
 
 

go.mod

@@ -16,6 +16,7 @@ require (
 	github.com/hashicorp/terraform-plugin-mux v0.16.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0
 	github.com/kelseyhightower/envconfig v1.4.0
+	github.com/rs/zerolog v1.33.0
 	github.com/samber/lo v1.47.0
 	github.com/stoewer/go-strcase v1.3.0
 	github.com/stretchr/testify v1.9.0
@@ -37,7 +38,6 @@ require (
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
-	github.com/rs/zerolog v1.33.0 // indirect
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect
@@ -55,7 +55,7 @@ require (
 	cloud.google.com/go v0.112.0 // indirect
 	cloud.google.com/go/storage v1.36.0 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
-	github.com/aiven/go-api-schemas v1.88.0
+	github.com/aiven/go-api-schemas v1.89.0
 	github.com/aws/aws-sdk-go v1.44.122 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect

go.sum

@@ -197,8 +197,8 @@ github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7l
 github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/aiven/aiven-go-client/v2 v2.27.0 h1:iTr85xDpD8td3Okj2+djUOfGLlVvngvUwaz/bla3Hzc=
 github.com/aiven/aiven-go-client/v2 v2.27.0/go.mod h1:KdHfLIlIRZIfCSEBd39j1Q81jlSb6Nd+oCQKqERfnuA=
-github.com/aiven/go-api-schemas v1.88.0 h1:CgOVscQ4a28gwI4Bp6l7QZVQ79jhrztW9LYrvU28kfo=
-github.com/aiven/go-api-schemas v1.88.0/go.mod h1:V8xqp59BeC2ptwKjh6MnxkzKVRxCWJRo3t6GvqgmURQ=
+github.com/aiven/go-api-schemas v1.89.0 h1:YR2BMPMrp/UHhnP1qs4v0SHWn/Ebz+OTOpX+hD5UWN0=
+github.com/aiven/go-api-schemas v1.89.0/go.mod h1:V8xqp59BeC2ptwKjh6MnxkzKVRxCWJRo3t6GvqgmURQ=
 github.com/aiven/go-client-codegen v0.33.0 h1:NBkY+zhFO0RWr1Cn+BBEZufT2WZ4uold3sf1Qciwz+w=
 github.com/aiven/go-client-codegen v0.33.0/go.mod h1:FfbH32Xb+Hx5zeKTIug1Y8SfMeB+AKNRzxgrzkts2oA=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=

internal/plugin/service/externalidentity/external_identity_data_source.go

@@ -5,12 +5,12 @@ import (
 	"fmt"
 
 	"github.com/aiven/aiven-go-client/v2"
-	"github.com/aiven/terraform-provider-aiven/internal/schemautil/userconfig"
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
 	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 
 	"github.com/aiven/terraform-provider-aiven/internal/plugin/util"
+	"github.com/aiven/terraform-provider-aiven/internal/schemautil/userconfig"
 )
 
 var (