214 bug application policy identifies change as replace

GNUmakefile

@@ -4,7 +4,7 @@ DAVINCI_DIR=./internal/service/davinci
 NAMESPACE=pingidentity
 PKG_NAME=davinci
 BINARY=terraform-provider-${NAME}
-VERSION=0.1.13
+VERSION=0.2.0
 OS_ARCH=linux_amd64
 
 default: build

docs/guides/migrate-application-flow-policy.md

@@ -0,0 +1,179 @@
+---
+layout: ""
+page_title: "Migrate Application Flow Policies to Individual Resources"
+description: |-
+  The guide describes how to migrate application flow policies, configured with Terraform, from using being a sub-resource of applications to the new format as individual policies to provide better overall stability of downstream applications
+---
+
+# Migrate Application Flow Policies to Individual Resources
+
+The guide describes how to migrate application flow policies, configured with Terraform, from using being a sub-resource of applications to the new format as individual policies to provide better overall stability of downstream applications
+
+This guide applies to users upgrading _from_ DaVinci provider < 0.2.0.
+
+## Background
+
+A defect was discovered in the `policy` field of `resource.davinci_application` that causes policies to be replaced rather than updated when there is a change to be made. The replace behavious causes upstream breaks on pingone_applications that use DaVinci Policies.
+
+## Migration Process
+
+In the DaVinci provider version 0.2.0 the `policy` field has been removed from `resource.davinci_application`. This functionality is now handled in the `davinci_application_flow_policy` resource.
+
+It is important to follow these migration steps *in order*:
+
+  1. Update Configuration
+    a.  Move all instances of `resource.davinci_application.policy` to separate `davinci_application_flow_policy` resources. 
+    b. Update all references to these new resources accordingly.
+  3. Update the provider version and run `terraform init -upgrade`
+  4. Before applying the new configuration, import existing managed policies to be part of state.
+  5. Run a final plan to confirm there are no identified changes
+
+### Update Configuration
+
+The following example shows a before and after of what the relevant configuration may look like for the first two steps: 
+
+**BEFORE**
+
+```terraform
+resource "davinci_application" "registration_flow_app" {
+  name           = "PingOne SSO Connection"
+  environment_id = var.pingone_environment_id
+  oauth {
+    enabled = true
+    values {
+      allowed_grants                = ["authorizationCode"]
+      allowed_scopes                = ["openid", "profile"]
+      enabled                       = true
+      enforce_signed_request_openid = false
+      redirect_uris                 = ["https://auth.pingone.com/0000-0000-000/rp/callback/openid_connect"]
+    }
+  }
+  policy {
+    name   = "PingOne - Authentication"
+    status = "enabled"
+    policy_flow {
+      flow_id    = var.davinci_flow_id
+      version_id = -1
+      weight     = 100
+    }
+  }
+  policy {
+    name   = "PingOne - Registration"
+    status = "enabled"
+    policy_flow {
+      flow_id    = resource.davinci_flow.registration.id
+      version_id = -1
+      weight     = 100
+    }
+  }
+  saml {
+    values {
+      enabled                = false
+      enforce_signed_request = false
+    }
+  }
+}
+
+resource "pingone_application" "oidc_sdk_sample_app" {
+  environment_id = var.pingone_environment_id
+  enabled        = true
+  name           = "Sample App"
+  description    = "A custom sample OIDC application to demonstrate PingOne integration."
+
+  oidc_options {
+    type                        = "SINGLE_PAGE_APP"
+    grant_types                 = ["AUTHORIZATION_CODE", "IMPLICIT", "REFRESH_TOKEN"]
+    response_types              = ["CODE", "TOKEN", "ID_TOKEN"]
+    pkce_enforcement            = "S256_REQUIRED"
+    token_endpoint_authn_method = "NONE"
+    redirect_uris               = var.redirect_uris
+    post_logout_redirect_uris   = ["${var.app_url}"]
+  }
+}
+
+resource "pingone_application_flow_policy_assignment" "login_flow" {
+  environment_id = module.environment.environment_id
+  application_id = pingone_application.oidc_sdk_sample_app.id
+  flow_policy_id = davinci_application.registration_flow_app.policy.* [index(davinci_application.registration_flow_app.policy[*].name, "PingOne - Registration")].policy_id
+
+  priority = 1
+}
+```
+
+**AFTER:**
+
+```terraform
+resource "davinci_application" "registration_flow_app" {
+  name           = "PingOne SSO Connection"
+  environment_id = var.pingone_environment_id
+  oauth {
+    enabled = true
+    values {
+      allowed_grants                = ["authorizationCode"]
+      allowed_scopes                = ["openid", "profile"]
+      enabled                       = true
+      enforce_signed_request_openid = false
+      redirect_uris                 = ["https://auth.pingone.com/0000-0000-000/rp/callback/openid_connect"]
+    }
+  }
+  ## Policy is removed
+  saml {
+    values {
+      enabled                = false
+      enforce_signed_request = false
+    }
+  }
+}
+
+## New policy resource is added 
+resource "davinci_application_flow_policy" "registration_flow_policy"  {
+  environment_id = var.pingone_environment_id
+  application_id = davinci_application.registration_flow_app.id
+  name   = "PingOne - Registration"
+  status = "enabled"
+  policy_flow {
+    flow_id    = resource.davinci_flow.registration.id
+    version_id = -1
+    weight     = 100
+  }
+}
+
+## Remains the same
+resource "pingone_application" "oidc_sdk_sample_app" {
+  environment_id = var.pingone_environment_id
+  enabled        = true
+  name           = "Sample App"
+  description    = "A custom sample OIDC application to demonstrate PingOne integration."
+
+  oidc_options {
+    type                        = "SINGLE_PAGE_APP"
+    grant_types                 = ["AUTHORIZATION_CODE", "IMPLICIT", "REFRESH_TOKEN"]
+    response_types              = ["CODE", "TOKEN", "ID_TOKEN"]
+    pkce_enforcement            = "S256_REQUIRED"
+    token_endpoint_authn_method = "NONE"
+    redirect_uris               = var.redirect_uris
+    post_logout_redirect_uris   = ["${var.app_url}"]
+  }
+}
+
+resource "pingone_application_flow_policy_assignment" "login_flow" {
+  environment_id = module.environment.environment_id
+  application_id = pingone_application.oidc_sdk_sample_app.id
+  ## Simplified to point to the id of the desired flow policy resource
+  flow_policy_id = davinci_application_flow_policy.registration_flow_policy.id
+
+  priority = 1
+}
+```
+
+### Import Existing Policies
+
+Before attempting to apply the new configuration, upgrade the provider version and import any managed resources that were migrated. 
+
+In the example above the import command would be similar to:
+
+```
+terraform import davinci_application_flow_policy.registration_flow_policy <environment_id>/<application_id>/<application_flow_policy_id>
+```
+
+If all of the steps were completed correctly, a final `terraform plan` should result in: "Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed."

docs/resources/application.md

@@ -70,7 +70,6 @@ output "default_app_test_key" {
 
 - `api_key_enabled` (Boolean) Enabled by default in UI Defaults to `true`.
 - `oauth` (Block List, Max: 1) OIDC configuration (see [below for nested schema](#nestedblock--oauth))
-- `policy` (Block Set) Flow Policy Configuration (see [below for nested schema](#nestedblock--policy))
 - `user_portal` (Block List, Max: 1) This is deprecated in the UI and will be removed in a future release. (see [below for nested schema](#nestedblock--user_portal))
 
 ### Read-Only
@@ -130,32 +129,6 @@ Read-Only:
 
 
 
-<a id="nestedblock--policy"></a>
-### Nested Schema for `policy`
-
-Optional:
-
-- `name` (String) Policy friendly name
-- `policy_flow` (Block Set) Set of weighted flows that this application will use (see [below for nested schema](#nestedblock--policy--policy_flow))
-- `status` (String) Policy status. Valid values are: enabled, disabled Defaults to `enabled`.
-
-Read-Only:
-
-- `created_date` (Number) Creation epoch of policy.
-- `policy_id` (String) Generated identifier of a created policy.
-
-<a id="nestedblock--policy--policy_flow"></a>
-### Nested Schema for `policy.policy_flow`
-
-Optional:
-
-- `flow_id` (String) Identifier of the flow that this policy will use.
-- `success_nodes` (List of String) List of node ids used by analytics for tracking user interaction.
-- `version_id` (Number) Version of the flow that this policy will use. Use -1 for latest
-- `weight` (Number) If multiple flows are specified, the weight determines the probability of the flow being used. This must add up to 100
-
-
-
 <a id="nestedblock--user_portal"></a>
 ### Nested Schema for `user_portal`
 

docs/resources/application_flow_policy.md

@@ -0,0 +1,85 @@
+---
+page_title: "davinci_application_flow_policy Resource - terraform-provider-davinci"
+subcategory: "Application Flow Policy"
+description: |-
+
+---
+
+# davinci_application_flow_policy (Resource)
+
+
+
+## Example Usage
+
+```terraform
+// example of bootstrapped application
+resource "davinci_application" "registration_flow_app" {
+  name           = "PingOne SSO Connection"
+  environment_id = var.pingone_environment_id
+  oauth {
+    enabled = true
+    values {
+      allowed_grants                = ["authorizationCode"]
+      allowed_scopes                = ["openid", "profile"]
+      enabled                       = true
+      enforce_signed_request_openid = false
+      redirect_uris                 = ["https://auth.pingone.com/0000-0000-000/rp/callback/openid_connect"]
+    }
+  }
+  saml {
+    values {
+      enabled                = false
+      enforce_signed_request = false
+    }
+  }
+}
+
+resource "davinci_application_flow_policy" "registration_flow_policy" {
+  environment_id = var.pingone_environment_id
+  application_id = davinci_application.registration_flow_app.id
+  name           = "PingOne - Registration"
+  status         = "enabled"
+  policy_flow {
+    flow_id    = resource.davinci_flow.registration.id
+    version_id = -1
+    weight     = 100
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `application_id` (String) Id of the application this policy is associated with
+- `environment_id` (String) PingOne environment id
+- `name` (String) Policy Name
+
+### Optional
+
+- `policy_flow` (Block Set) Set of weighted flows that this application will use (see [below for nested schema](#nestedblock--policy_flow))
+- `status` (String) If Policy should be enabled. Valid values are: enabled, disabled Defaults to `enabled`.
+
+### Read-Only
+
+- `created_date` (Number) Creation epoch of policy.
+- `id` (String) The ID of this resource.
+
+<a id="nestedblock--policy_flow"></a>
+### Nested Schema for `policy_flow`
+
+Optional:
+
+- `flow_id` (String) Identifier of the flow that this policy will use.
+- `success_nodes` (List of String) List of node ids used by analytics for tracking user interaction.
+- `version_id` (Number) Version of the flow that this policy will use. Use -1 for latest
+- `weight` (Number) If multiple flows are specified, the weight determines the probability of the flow being used. This must add up to 100
+
+## Import
+
+Import is supported using the following syntax, where attributes in `<>` brackets are replaced with the relevant ID.  For example, `<environment_id>` should be replaced with the ID of the environment to import from.
+
+```shell
+$ terraform import davinci_application.example <environment_id>/<davinci_application_id>/<davinci_application_flow_policy_id>
+```

docs/resources/connection.md

@@ -208,6 +208,23 @@ If the `value` type of a property is not defined it must be inferred.
 
 
 
+### Allthenticate
+
+**Connector Display Name**: Allthenticate
+
+**Connector ID** - schema `connectorId`: connectorAllthenticate
+
+**Properties Table:** 
+
+
+
+| Display Name | `name` | `value` Type | Description |
+| ---- | ---- | ---- | ----|
+| Custom Parameters | `customAuth` | `array` |  | 
+
+
+
+
 ### Amazon DynamoDB
 
 **Connector Display Name**: Amazon DynamoDB
@@ -1090,6 +1107,26 @@ If the `value` type of a property is not defined it must be inferred.
 
 
 
+### GBG
+
+**Connector Display Name**: GBG
+
+**Connector ID** - schema `connectorId`: gbgConnector
+
+**Properties Table:** 
+
+
+
+| Display Name | `name` | `value` Type | Description |
+| ---- | ---- | ---- | ----|
+| GBG Password | `password` | `string` |  |
+| Request URL | `requestUrl` | `string` |  |
+| Soap Action URL | `soapAction` | `string` | SOAP Action is a header required for the soap request |
+| GBG Username | `username` | `string` |  | 
+
+
+
+
 ### GitHub Login
 
 **Connector Display Name**: GitHub Login
@@ -2491,6 +2528,7 @@ If the `value` type of a property is not defined it must be inferred.
 | Username | `adminUsername` | `` | The username of your Salesforce administrator account. |
 | Consumer Key | `consumerKey` | `` | The consumer key shown on your Salesforce connected app. |
 | Domain Name | `domainName` | `` | Your Salesforce domain name, such as "mycompany-dev-ed". |
+| Environment | `environment` | `string` | If the environment you specify in the Domain Name field is part of a sandbox organization, select Sandbox. Otherwise, select Production. |
 | Private Key | `privateKey` | `` | The private key that corresponds to the X.509 certificate you added to your Salesforce connected app. | 
 
 

examples/resources/davinci_application_flow_policy/import.sh

@@ -0,0 +1 @@
+$ terraform import davinci_application.example <environment_id>/<davinci_application_id>/<davinci_application_flow_policy_id>