kubernetes
diff --git a/‎cluster-autoscaler/cloudprovider/hetzner/hcloud-go/hcloud/action.go‎
Lines changed: 70 additions & 15 deletions b/‎cluster-autoscaler/cloudprovider/hetzner/hcloud-go/hcloud/action.go‎
Lines changed: 70 additions & 15 deletions
diff --git a/‎cluster-autoscaler/cloudprovider/hetzner/hcloud-go/hcloud/action_waiter.go‎
Lines changed: 2 additions & 5 deletions b/‎cluster-autoscaler/cloudprovider/hetzner/hcloud-go/hcloud/action_waiter.go‎
Lines changed: 2 additions & 5 deletions
diff --git a/‎cluster-autoscaler/cloudprovider/hetzner/hcloud-go/hcloud/certificate.go‎
Lines changed: 16 additions & 5 deletions b/‎cluster-autoscaler/cloudprovider/hetzner/hcloud-go/hcloud/certificate.go‎
Lines changed: 16 additions & 5 deletions
diff --git a/‎cluster-autoscaler/cloudprovider/hetzner/hcloud-go/hcloud/client.go‎
Lines changed: 49 additions & 18 deletions b/‎cluster-autoscaler/cloudprovider/hetzner/hcloud-go/hcloud/client.go‎
Lines changed: 49 additions & 18 deletions
@@ -65,19 +65,26 @@ func (e ActionError) Action() *Action {
 }
 
 func (e ActionError) Error() string {
-	action := e.Action()
-	if action != nil {
+	if e.action != nil {
 		// For easier debugging, the error string contains the Action ID.
-		return fmt.Sprintf("%s (%s, %d)", e.Message, e.Code, action.ID)
+		return fmt.Sprintf("%s (%s, %d)", e.Message, e.Code, e.action.ID)
 	}
 	return fmt.Sprintf("%s (%s)", e.Message, e.Code)
 }
 
 func (a *Action) Error() error {
-	if a.ErrorCode != "" && a.ErrorMessage != "" {
+	if a.Status == ActionStatusError || a.ErrorCode != "" {
+		code := a.ErrorCode
+		if code == "" {
+			code = "<unknown>"
+		}
+		message := a.ErrorMessage
+		if message == "" {
+			message = "Unknown error"
+		}
 		return ActionError{
-			Code:    a.ErrorCode,
-			Message: a.ErrorMessage,
+			Code:    code,
+			Message: message,
 			action:  a,
 		}
 	}
@@ -86,7 +93,7 @@ func (a *Action) Error() error {
 
 // ActionClient is a client for the actions API.
 type ActionClient struct {
-	action *ResourceActionClient
+	action *ResourceActionClient[noopResource]
 }
 
 // GetByID retrieves an action by its ID. If the action does not exist, nil is returned.
@@ -116,7 +123,7 @@ func (l ActionListOpts) values() url.Values {
 	return vals
 }
 
-// List returns a list of actions for a specific page.
+// List returns a paginated list of actions.
 //
 // Please note that filters specified in opts are not taken into account
 // when their value corresponds to their zero value or when they are empty.
@@ -128,23 +135,27 @@ func (c *ActionClient) List(ctx context.Context, opts ActionListOpts) ([]*Action
 //
 // Deprecated: It is required to pass in a list of IDs since 30 January 2025. Please use [ActionClient.AllWithOpts] instead.
 func (c *ActionClient) All(ctx context.Context) ([]*Action, error) {
-	return c.action.All(ctx, ActionListOpts{ListOpts: ListOpts{PerPage: 50}})
+	return c.action.All(ctx, ActionListOpts{})
 }
 
 // AllWithOpts returns all actions for the given options.
 //
 // It is required to set [ActionListOpts.ID]. Any other fields set in the opts are ignored.
 func (c *ActionClient) AllWithOpts(ctx context.Context, opts ActionListOpts) ([]*Action, error) {
+	if opts.ListOpts.PerPage == 0 {
+		// Do not send unused per page param
+		opts.ListOpts.PerPage = -1
+	}
 	return c.action.All(ctx, opts)
 }
 
 // ResourceActionClient is a client for the actions API exposed by the resource.
-type ResourceActionClient struct {
+type ResourceActionClient[R actionSupporter] struct {
 	resource string
 	client   *Client
 }
 
-func (c *ResourceActionClient) getBaseURL() string {
+func (c *ResourceActionClient[R]) getBaseURL() string {
 	if c.resource == "" {
 		return ""
 	}
@@ -153,7 +164,7 @@ func (c *ResourceActionClient) getBaseURL() string {
 }
 
 // GetByID retrieves an action by its ID. If the action does not exist, nil is returned.
-func (c *ResourceActionClient) GetByID(ctx context.Context, id int64) (*Action, *Response, error) {
+func (c *ResourceActionClient[R]) GetByID(ctx context.Context, id int64) (*Action, *Response, error) {
 	opPath := c.getBaseURL() + "/actions/%d"
 	ctx = ctxutil.SetOpPath(ctx, opPath)
 
@@ -169,11 +180,11 @@ func (c *ResourceActionClient) GetByID(ctx context.Context, id int64) (*Action,
 	return ActionFromSchema(respBody.Action), resp, nil
 }
 
-// List returns a list of actions for a specific page.
+// List returns a paginated list of actions.
 //
 // Please note that filters specified in opts are not taken into account
 // when their value corresponds to their zero value or when they are empty.
-func (c *ResourceActionClient) List(ctx context.Context, opts ActionListOpts) ([]*Action, *Response, error) {
+func (c *ResourceActionClient[R]) List(ctx context.Context, opts ActionListOpts) ([]*Action, *Response, error) {
 	opPath := c.getBaseURL() + "/actions?%s"
 	ctx = ctxutil.SetOpPath(ctx, opPath)
 
@@ -188,9 +199,53 @@ func (c *ResourceActionClient) List(ctx context.Context, opts ActionListOpts) ([
 }
 
 // All returns all actions for the given options.
-func (c *ResourceActionClient) All(ctx context.Context, opts ActionListOpts) ([]*Action, error) {
+func (c *ResourceActionClient[R]) All(ctx context.Context, opts ActionListOpts) ([]*Action, error) {
+	if opts.ListOpts.PerPage == 0 {
+		opts.ListOpts.PerPage = 50
+	}
 	return iterPages(func(page int) ([]*Action, *Response, error) {
 		opts.Page = page
 		return c.List(ctx, opts)
 	})
 }
+
+type actionSupporter interface {
+	pathID() (string, error)
+}
+
+// noopResource is used by the [ActionClient] to satisfy its underlying
+// [ResourceActionClient] generic type.
+type noopResource struct{}
+
+func (noopResource) pathID() (string, error) { return "", nil }
+
+// ListFor returns a paginated list of actions for the given Resource.
+//
+// Please note that filters specified in opts are not taken into account
+// when their value corresponds to their zero value or when they are empty.
+func (c *ResourceActionClient[R]) ListFor(ctx context.Context, resource R, opts ActionListOpts) ([]*Action, *Response, error) {
+	opPath := c.getBaseURL() + "/%s/actions?%s"
+	ctx = ctxutil.SetOpPath(ctx, opPath)
+
+	id, err := resource.pathID()
+	if err != nil {
+		return nil, nil, invalidArgument("resource", resource, err)
+	}
+
+	reqPath := fmt.Sprintf(opPath, id, opts.values().Encode())
+
+	respBody, resp, err := getRequest[schema.ActionListResponse](ctx, c.client, reqPath)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return allFromSchemaFunc(respBody.Actions, ActionFromSchema), resp, nil
+}
+
+// AllFor returns all actions for the given Resource.
+func (c *ResourceActionClient[R]) AllFor(ctx context.Context, resource R, opts ActionListOpts) ([]*Action, error) {
+	return iterPages(func(page int) ([]*Action, *Response, error) {
+		opts.Page = page
+		return c.ListFor(ctx, resource, opts)
+	})
+}
@@ -39,14 +39,11 @@ func (c *ActionClient) WaitForFunc(ctx context.Context, handleUpdate func(update
 	}
 
 	retries := 0
-	for {
-		if len(running) == 0 {
-			break
-		}
+	for len(running) != 0 {
 
 		select {
 		case <-ctx.Done():
-			return ctx.Err()
+			return fmt.Errorf("%w: remaining running actions: %v", ctx.Err(), slices.Collect(maps.Keys(running)))
 		case <-time.After(c.action.client.pollBackoffFunc(retries)):
 			retries++
 		}
 
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/url"
+	"strconv"
 	"time"
 
 	"k8s.io/autoscaler/cluster-autoscaler/cloudprovider/hetzner/hcloud-go/hcloud/exp/ctxutil"
@@ -61,8 +62,8 @@ type CertificateStatus struct {
 // IsFailed returns true if either the Issuance or the Renewal of a certificate
 // failed. In this case the FailureReason field details the nature of the
 // failure.
-func (st *CertificateStatus) IsFailed() bool {
-	return st.Issuance == CertificateStatusTypeFailed || st.Renewal == CertificateStatusTypeFailed
+func (o *CertificateStatus) IsFailed() bool {
+	return o.Issuance == CertificateStatusTypeFailed || o.Renewal == CertificateStatusTypeFailed
 }
 
 // Certificate represents a certificate in the Hetzner Cloud.
@@ -81,6 +82,13 @@ type Certificate struct {
 	UsedBy         []CertificateUsedByRef
 }
 
+func (o *Certificate) pathID() (string, error) {
+	if o.ID == 0 {
+		return "", missingField(o, "ID")
+	}
+	return strconv.FormatInt(o.ID, 10), nil
+}
+
 // CertificateCreateResult is the result of creating a certificate.
 type CertificateCreateResult struct {
 	Certificate *Certificate
@@ -90,7 +98,7 @@ type CertificateCreateResult struct {
 // CertificateClient is a client for the Certificates API.
 type CertificateClient struct {
 	client *Client
-	Action *ResourceActionClient
+	Action *ResourceActionClient[*Certificate]
 }
 
 // GetByID retrieves a Certificate by its ID. If the Certificate does not exist, nil is returned.
@@ -161,11 +169,14 @@ func (c *CertificateClient) List(ctx context.Context, opts CertificateListOpts)
 
 // All returns all Certificates.
 func (c *CertificateClient) All(ctx context.Context) ([]*Certificate, error) {
-	return c.AllWithOpts(ctx, CertificateListOpts{ListOpts: ListOpts{PerPage: 50}})
+	return c.AllWithOpts(ctx, CertificateListOpts{})
 }
 
 // AllWithOpts returns all Certificates for the given options.
 func (c *CertificateClient) AllWithOpts(ctx context.Context, opts CertificateListOpts) ([]*Certificate, error) {
+	if opts.ListOpts.PerPage == 0 {
+		opts.ListOpts.PerPage = 50
+	}
 	return iterPages(func(page int) ([]*Certificate, *Response, error) {
 		opts.Page = page
 		return c.List(ctx, opts)
@@ -219,7 +230,7 @@ func (o CertificateCreateOpts) validateUploaded() error {
 // Create returns an error for certificates of any other type. Use
 // CreateCertificate to create such certificates.
 func (c *CertificateClient) Create(ctx context.Context, opts CertificateCreateOpts) (*Certificate, *Response, error) {
-	if !(opts.Type == "" || opts.Type == CertificateTypeUploaded) {
+	if opts.Type != "" && opts.Type != CertificateTypeUploaded {
 		return nil, nil, invalidFieldValue(opts, "Type", opts.Type)
 	}
 	result, resp, err := c.CreateCertificate(ctx, opts)
 
@@ -20,9 +20,12 @@ import (
 	"k8s.io/autoscaler/cluster-autoscaler/cloudprovider/hetzner/hcloud-go/hcloud/internal/instrumentation"
 )
 
-// Endpoint is the base URL of the API.
+// Endpoint is the base URL of the Cloud API.
 const Endpoint = "https://api.hetzner.cloud/v1"
 
+// Endpoint is the base URL of the Hetzner API.
+const HetznerEndpoint = "https://api.hetzner.com/v1"
+
 // UserAgent is the value for the library part of the User-Agent header
 // that is sent with each request.
 const UserAgent = "hcloud-go/" + Version
@@ -84,6 +87,7 @@ func ExponentialBackoffWithOpts(opts ExponentialBackoffOpts) BackoffFunc {
 // Client is a client for the Hetzner Cloud API.
 type Client struct {
 	endpoint                string
+	hetznerEndpoint         string
 	token                   string
 	tokenValid              bool
 	retryBackoffFunc        BackoffFunc
@@ -111,11 +115,14 @@ type Client struct {
 	Pricing          PricingClient
 	Server           ServerClient
 	ServerType       ServerTypeClient
+	StorageBox       StorageBoxClient
 	SSHKey           SSHKeyClient
 	Volume           VolumeClient
 	PlacementGroup   PlacementGroupClient
 	RDNS             RDNSClient
 	PrimaryIP        PrimaryIPClient
+	StorageBoxType   StorageBoxTypeClient
+	Zone             ZoneClient
 }
 
 // A ClientOption is used to configure a Client.
@@ -128,6 +135,16 @@ func WithEndpoint(endpoint string) ClientOption {
 	}
 }
 
+// WithHetznerEndpoint configures a Client to use the specified Hetzner API endpoint.
+//
+// Experimental: This option is experimental, breaking changes may occur within minor releases.
+// See https://docs.hetzner.cloud/changelog#2025-06-25-new-api-for-storage-boxes for more details.
+func WithHetznerEndpoint(endpoint string) ClientOption {
+	return func(client *Client) {
+		client.hetznerEndpoint = strings.TrimRight(endpoint, "/")
+	}
+}
+
 // WithToken configures a Client to use the specified token for authentication.
 func WithToken(token string) ClientOption {
 	return func(client *Client) {
@@ -245,9 +262,10 @@ func WithInstrumentation(registry prometheus.Registerer) ClientOption {
 // NewClient creates a new client.
 func NewClient(options ...ClientOption) *Client {
 	client := &Client{
-		endpoint:   Endpoint,
-		tokenValid: true,
-		httpClient: &http.Client{},
+		endpoint:        Endpoint,
+		hetznerEndpoint: HetznerEndpoint,
+		tokenValid:      true,
+		httpClient:      &http.Client{},
 
 		retryBackoffFunc: ExponentialBackoffWithOpts(ExponentialBackoffOpts{
 			Base:       time.Second,
@@ -272,25 +290,39 @@ func NewClient(options ...ClientOption) *Client {
 
 	client.handler = assembleHandlerChain(client)
 
-	client.Action = ActionClient{action: &ResourceActionClient{client: client}}
+	// Cloud API
+	client.Action = ActionClient{action: &ResourceActionClient[noopResource]{client: client}}
 	client.Datacenter = DatacenterClient{client: client}
-	client.FloatingIP = FloatingIPClient{client: client, Action: &ResourceActionClient{client: client, resource: "floating_ips"}}
-	client.Image = ImageClient{client: client, Action: &ResourceActionClient{client: client, resource: "images"}}
+	client.FloatingIP = FloatingIPClient{client: client, Action: &ResourceActionClient[*FloatingIP]{client: client, resource: "floating_ips"}}
+	client.Image = ImageClient{client: client, Action: &ResourceActionClient[*Image]{client: client, resource: "images"}}
 	client.ISO = ISOClient{client: client}
 	client.Location = LocationClient{client: client}
-	client.Network = NetworkClient{client: client, Action: &ResourceActionClient{client: client, resource: "networks"}}
+	client.Network = NetworkClient{client: client, Action: &ResourceActionClient[*Network]{client: client, resource: "networks"}}
 	client.Pricing = PricingClient{client: client}
-	client.Server = ServerClient{client: client, Action: &ResourceActionClient{client: client, resource: "servers"}}
+	client.Server = ServerClient{client: client, Action: &ResourceActionClient[*Server]{client: client, resource: "servers"}}
 	client.ServerType = ServerTypeClient{client: client}
 	client.SSHKey = SSHKeyClient{client: client}
-	client.Volume = VolumeClient{client: client, Action: &ResourceActionClient{client: client, resource: "volumes"}}
-	client.LoadBalancer = LoadBalancerClient{client: client, Action: &ResourceActionClient{client: client, resource: "load_balancers"}}
+	client.Volume = VolumeClient{client: client, Action: &ResourceActionClient[*Volume]{client: client, resource: "volumes"}}
+	client.LoadBalancer = LoadBalancerClient{client: client, Action: &ResourceActionClient[*LoadBalancer]{client: client, resource: "load_balancers"}}
 	client.LoadBalancerType = LoadBalancerTypeClient{client: client}
-	client.Certificate = CertificateClient{client: client, Action: &ResourceActionClient{client: client, resource: "certificates"}}
-	client.Firewall = FirewallClient{client: client, Action: &ResourceActionClient{client: client, resource: "firewalls"}}
+	client.Certificate = CertificateClient{client: client, Action: &ResourceActionClient[*Certificate]{client: client, resource: "certificates"}}
+	client.Firewall = FirewallClient{client: client, Action: &ResourceActionClient[*Firewall]{client: client, resource: "firewalls"}}
 	client.PlacementGroup = PlacementGroupClient{client: client}
 	client.RDNS = RDNSClient{client: client}
-	client.PrimaryIP = PrimaryIPClient{client: client, Action: &ResourceActionClient{client: client, resource: "primary_ips"}}
+	client.PrimaryIP = PrimaryIPClient{client: client, Action: &ResourceActionClient[*PrimaryIP]{client: client, resource: "primary_ips"}}
+	client.Zone = ZoneClient{client: client, Action: &ResourceActionClient[*Zone]{client: client, resource: "zones"}}
+
+	// Hetzner API
+
+	// Shallow copy of the client and overwrite of the API endpoint.
+	// We have two "base clients" because the endpoint is only added to the requests URL 3 layers deep, and we want to avoid passing this info through all the layers. By embedding it in the client, we can easily select which "base client" is used for each "resource client".
+	// We create a shallow copy so the handler chain and prometheus registry are the same values and it is transparent to the user.
+	hetznerClient := new(Client)
+	*hetznerClient = *client
+	hetznerClient.endpoint = hetznerClient.hetznerEndpoint
+
+	client.StorageBox = StorageBoxClient{client: hetznerClient, Action: &ResourceActionClient[*StorageBox]{client: hetznerClient, resource: "storage_boxes"}}
+	client.StorageBoxType = StorageBoxTypeClient{client: hetznerClient}
 
 	return client
 }
@@ -299,23 +331,22 @@ func NewClient(options ...ClientOption) *Client {
 // is assigned with ctx and has all necessary headers set (auth, user agent, etc.).
 func (c *Client) NewRequest(ctx context.Context, method, path string, body io.Reader) (*http.Request, error) {
 	url := c.endpoint + path
-	req, err := http.NewRequest(method, url, body)
+	req, err := http.NewRequestWithContext(ctx, method, url, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header.Set("User-Agent", c.userAgent)
 	req.Header.Set("Accept", "application/json")
 
 	if !c.tokenValid {
-		return nil, errors.New("Authorization token contains invalid characters")
+		return nil, errors.New("authorization token contains invalid characters")
 	} else if c.token != "" {
 		req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", c.token))
 	}
 
 	if body != nil {
 		req.Header.Set("Content-Type", "application/json")
 	}
-	req = req.WithContext(ctx)
 	return req, nil
 }
 
@@ -356,7 +387,7 @@ type Response struct {
 func (r *Response) populateBody() error {
 	// Read full response body and save it for later use
 	body, err := io.ReadAll(r.Body)
-	r.Body.Close()
+	_ = r.Body.Close()
 	if err != nil {
 		return err
 	}