Merge branch 'main' into 846-pingone-authorize-trust-framework

.changelog/906.txt

@@ -0,0 +1,3 @@
+```release-note:note
+`resource/pingone_population_default`: Suppress warning on creation where the default population for an environment cannot be found.
+```

.changelog/907.txt

@@ -0,0 +1,3 @@
+```release-note:note
+`resource/pingone_environment`: Align example HCL with best practice on creating blank/empty DaVinci service environments.
+```

.changelog/908.txt

@@ -0,0 +1,11 @@
+```release-note:note
+bump `github.com/hashicorp/terraform-plugin-framework` 1.10.0 => 1.11.0
+```
+
+```release-note:note
+bump `github.com/hashicorp/terraform-plugin-testing` 1.9.0 => 1.10.0
+```
+
+```release-note:note
+bump `github.com/hashicorp/terraform-plugin-framework-timetypes` 0.4.0 => 0.5.0
+```

.changelog/931.txt

@@ -0,0 +1,7 @@
+```release-note:note
+Upgraded go version to 1.23 to align with the go [release policy](https://go.dev/doc/devel/release#policy).
+```
+
+```release-note:note
+Corrected broken documentation bookmark references.
+```

.changelog/932.txt

@@ -0,0 +1,35 @@
+```release-note:note
+bump `github.com/patrickcping/pingone-go-sdk-v2` 0.12.3 => 0.12.4
+```
+
+```release-note:note
+bump `github.com/patrickcping/pingone-go-sdk-v2/authorize` 0.6.0 => 0.7.0
+```
+
+```release-note:note
+bump `github.com/patrickcping/pingone-go-sdk-v2/credentials` 0.9.0 => 0.10.0
+```
+
+```release-note:note
+bump `github.com/patrickcping/pingone-go-sdk-v2/management` 0.43.0 => 0.44.0
+```
+
+```release-note:note
+bump `github.com/patrickcping/pingone-go-sdk-v2/mfa` 0.20.0 => 0.21.0
+```
+
+```release-note:note
+bump `github.com/patrickcping/pingone-go-sdk-v2/risk` 0.16.0 => 0.17.0
+```
+
+```release-note:note
+bump `github.com/patrickcping/pingone-go-sdk-v2/verify` 0.7.0 => 0.8.0
+```
+
+```release-note:bug
+Fixed potential "Cannot find .." errors in multiple resources and data sources when many configuration items of the same type exist in an environment (fix paged results).
+```
+
+```release-note:bug
+Fixed potential missing results in data sources that return multiple configuration items (fix paged results).
+```

.changelog/934.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+`resource/pingone_application`: Add `session_not_on_or_after_duration` field to SAML applications.
+```
+
+```release-note:enhancement
+`data-source/pingone_application`: Add `session_not_on_or_after_duration` field to SAML applications.
+```

.changelog/935.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+`resource/pingone_mfa_device_policy`: Added `[email|sms|voice].otp.otp_length` field to allow admins to specify the length of the OTP displayed to users for SMS, Voice or Email delivery methods.
+```

.changelog/936.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+`resource/pingone_mfa_device_policy`: Added the `totp.uri_parameters` field to allow custom key:value pairs for authenticators that support `otpauth` URI parameters.
+```

.github/dependabot.yml

@@ -15,3 +15,10 @@ updates:
     schedule:
       # Check for updates to Go modules every week
       interval: "weekly"
+
+  # Maintain dependencies for Go modules for tools
+  - package-ecosystem: "gomod"
+    directory: "/tools"
+    schedule:
+      # Check for updates to Go modules every week
+      interval: "weekly"

.github/workflows/release.yml

@@ -39,7 +39,7 @@ jobs:
           passphrase: ${{ secrets.PASSPHRASE }}
       -
         name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v6.0.0
+        uses: goreleaser/goreleaser-action@v6.1.0
         with:
           version: "~> v2"
           args: release --clean

.golangci.yml

@@ -9,17 +9,16 @@ issues:
         - unparam
       text: "always receives"
 
-  max-per-linter: 0
   max-same-issues: 0
 
 linters:
   disable-all: true
   enable:
-    - deadcode
+    # - deadcode
     - errcheck
-    - exportloopref
+    - copyloopvar
     - gofmt
-    - gomnd
+    - mnd
     - gosimple
     - ineffassign
     - makezero
@@ -28,36 +27,38 @@ linters:
     - nilerr
     - nolintlint
     - staticcheck
-    - structcheck
+    # - structcheck
     - unconvert
     - unparam
-    - varcheck
-    - vet
+    # - varcheck
+    - govet
 
 linters-settings:
   errcheck:
-    ignore: github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema:ForceNew|Set,fmt:.*,io:Close
-  gomnd:
-    settings:
-      mnd:
-        checks:
-          - argument
-        ignored-functions:
-          - request.ConstantWaiterDelay
-          - request.WithWaiterMaxAttempts
-          # Terraform Plugin SDK
-          - resource.Retry
-          - schema.DefaultTimeout
-          - validation.*
-          # Go
-          - make
-          - strconv.FormatFloat
-          - strconv.FormatInt
-          - strconv.ParseFloat
-          - strconv.ParseInt
-          - strings.SplitN
+    exclude-functions:
+      - (*github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.ResourceData).Set
+      - (*github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.ResourceDiff).SetNewComputed
+      - (*github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.ResourceDiff).ForceNew
+      - io:Close
+
+  mnd:
+    checks:
+      - argument
+    ignored-functions:
+      - request.ConstantWaiterDelay
+      - request.WithWaiterMaxAttempts
+      # Terraform Plugin SDK
+      - resource.Retry
+      - schema.DefaultTimeout
+      - validation.*
+      # Go
+      - make
+      - strconv.FormatFloat
+      - strconv.FormatInt
+      - strconv.ParseFloat
+      - strconv.ParseInt
+      - strings.SplitN
   nolintlint:
-    allow-leading-space: false
     require-explanation: true
     require-specific: true
     allow-no-explanation:

CHANGELOG.md

@@ -1,3 +1,39 @@
+## 1.2.0 (Unreleased)
+
+NOTES:
+
+* Corrected broken documentation bookmark references. ([#931](https://github.com/pingidentity/terraform-provider-pingone/issues/931))
+* Upgraded go version to 1.23 to align with the go [release policy](https://go.dev/doc/devel/release#policy). ([#931](https://github.com/pingidentity/terraform-provider-pingone/issues/931))
+* bump `github.com/patrickcping/pingone-go-sdk-v2/authorize` 0.6.0 => 0.7.0 ([#932](https://github.com/pingidentity/terraform-provider-pingone/issues/932))
+* bump `github.com/patrickcping/pingone-go-sdk-v2/credentials` 0.9.0 => 0.10.0 ([#932](https://github.com/pingidentity/terraform-provider-pingone/issues/932))
+* bump `github.com/patrickcping/pingone-go-sdk-v2/management` 0.43.0 => 0.44.0 ([#932](https://github.com/pingidentity/terraform-provider-pingone/issues/932))
+* bump `github.com/patrickcping/pingone-go-sdk-v2/mfa` 0.20.0 => 0.21.0 ([#932](https://github.com/pingidentity/terraform-provider-pingone/issues/932))
+* bump `github.com/patrickcping/pingone-go-sdk-v2/risk` 0.16.0 => 0.17.0 ([#932](https://github.com/pingidentity/terraform-provider-pingone/issues/932))
+* bump `github.com/patrickcping/pingone-go-sdk-v2/verify` 0.7.0 => 0.8.0 ([#932](https://github.com/pingidentity/terraform-provider-pingone/issues/932))
+* bump `github.com/patrickcping/pingone-go-sdk-v2` 0.12.3 => 0.12.4 ([#932](https://github.com/pingidentity/terraform-provider-pingone/issues/932))
+
+ENHANCEMENTS:
+
+* `data-source/pingone_application`: Add `session_not_on_or_after_duration` field to SAML applications. ([#934](https://github.com/pingidentity/terraform-provider-pingone/issues/934))
+* `resource/pingone_application`: Add `session_not_on_or_after_duration` field to SAML applications. ([#934](https://github.com/pingidentity/terraform-provider-pingone/issues/934))
+* `resource/pingone_mfa_device_policy`: Added `[email|sms|voice].otp.otp_length` field to allow admins to specify the length of the OTP displayed to users for SMS, Voice or Email delivery methods. ([#935](https://github.com/pingidentity/terraform-provider-pingone/issues/935))
+* `resource/pingone_mfa_device_policy`: Added the `totp.uri_parameters` field to allow custom key:value pairs for authenticators that support `otpauth` URI parameters. ([#936](https://github.com/pingidentity/terraform-provider-pingone/issues/936))
+
+BUG FIXES:
+
+* Fixed potential "Cannot find .." errors in multiple resources and data sources when many configuration items of the same type exist in an environment (fix paged results). ([#932](https://github.com/pingidentity/terraform-provider-pingone/issues/932))
+* Fixed potential missing results in data sources that return multiple configuration items (fix paged results). ([#932](https://github.com/pingidentity/terraform-provider-pingone/issues/932))
+
+## 1.1.1 (28 August 2024)
+
+NOTES:
+
+* `resource/pingone_environment`: Align example HCL with best practice on creating blank/empty DaVinci service environments. ([#907](https://github.com/pingidentity/terraform-provider-pingone/issues/907))
+* `resource/pingone_population_default`: Suppress warning on creation where the default population for an environment cannot be found. ([#906](https://github.com/pingidentity/terraform-provider-pingone/issues/906))
+* bump `github.com/hashicorp/terraform-plugin-framework-timetypes` 0.4.0 => 0.5.0 ([#908](https://github.com/pingidentity/terraform-provider-pingone/issues/908))
+* bump `github.com/hashicorp/terraform-plugin-framework` 1.10.0 => 1.11.0 ([#908](https://github.com/pingidentity/terraform-provider-pingone/issues/908))
+* bump `github.com/hashicorp/terraform-plugin-testing` 1.9.0 => 1.10.0 ([#908](https://github.com/pingidentity/terraform-provider-pingone/issues/908))
+
 ## 1.1.0 (05 August 2024)
 
 NOTES:

GNUmakefile

@@ -3,7 +3,7 @@ SWEEP_DIR=./internal/sweep
 NAMESPACE=pingidentity
 PKG_NAME=pingone
 BINARY=terraform-provider-${NAME}
-VERSION=1.1.0
+VERSION=1.2.0
 OS_ARCH=linux_amd64
 
 default: install
@@ -17,7 +17,7 @@ fmtcheck:
 
 build:
 	go mod tidy
-	go mod vendor
+	go work vendor
 	go build -v .
 
 install: build

README.md

@@ -8,7 +8,7 @@ The PingOne Terraform provider is a plugin for [Terraform](https://www.terraform
 
 ## Requirements
 * Terraform 1.4+
-* Go 1.21+ (for local development builds)
+* Go 1.23.3+ (for local development builds)
 
 ## Quickstarts
 

contributing/development-environment.md

@@ -2,8 +2,8 @@
 
 ## Requirements
 
-- [Terraform](https://www.terraform.io/downloads.html) 1.3+ (to run acceptance tests)
-- [Go](https://golang.org/doc/install) 1.21+ (to build and test the provider plugin)
+- [Terraform](https://www.terraform.io/downloads.html) 1.4+ (to run acceptance tests)
+- [Go](https://golang.org/doc/install) 1.23.3+ (to build and test the provider plugin)
 
 ## Quick Start
 
@@ -78,12 +78,12 @@ Occasionally, development may include changes to the [PingOne GO SDK](https://gi
 ```
 module github.com/pingidentity/terraform-provider-pingone
 
-go 1.21
+go 1.23.3
 
 replace github.com/patrickcping/pingone-go-sdk-v2/management => ../pingone-go-sdk-v2/management
 
 require (
-	github.com/patrickcping/pingone-go-sdk-v2/management v0.1.0
+	github.com/patrickcping/pingone-go-sdk-v2/management v0.x.x
   
   ...
 )
@@ -94,6 +94,6 @@ require (
 Once updated, run the following to update the vendor cache and build the project:
 
 ```shell
-$ go mod vendor
+$ go work vendor
 $ make build
 ```

docs/data-sources/application.md

@@ -152,7 +152,7 @@ Read-Only:
 - `google_play` (Attributes) A single object that describes Google Play Integrity API credential settings for Android device integrity detection. (see [below for nested schema](#nestedatt--oidc_options--mobile_app--integrity_detection--google_play))
 
 <a id="nestedatt--oidc_options--mobile_app--integrity_detection--cache_duration"></a>
-### Nested Schema for `oidc_options.mobile_app.integrity_detection.google_play`
+### Nested Schema for `oidc_options.mobile_app.integrity_detection.cache_duration`
 
 Read-Only:
 
@@ -189,6 +189,7 @@ Read-Only:
 - `idp_signing_key` (Attributes) SAML application assertion/response signing key settings. (see [below for nested schema](#nestedatt--saml_options--idp_signing_key))
 - `nameid_format` (String) A string that specifies the format of the Subject NameID attibute in the SAML assertion.
 - `response_is_signed` (Boolean) A boolean that specifies whether the SAML assertion response itself should be signed.
+- `session_not_on_or_after_duration` (Number) An integer that specifies a value for if the SAML application requires a different `SessionNotOnOrAfter` attribute value within the `AuthnStatement` element than the `NotOnOrAfter` value set by the `assertion_duration` property.
 - `slo_binding` (String) A string that specifies the binding protocol to be used for the logout response.
 - `slo_endpoint` (String) A string that specifies the logout endpoint URL.
 - `slo_response_endpoint` (String) A string that specifies the endpoint URL to submit the logout response.

docs/data-sources/verify_policy.md

@@ -91,7 +91,7 @@ Read-Only:
 - `count` (Number) Allowed maximum number of OTP deliveries.
 
 <a id="nestedatt--email--otp--deliveries--cooldown"></a>
-### Nested Schema for `email.otp.deliveries.count`
+### Nested Schema for `email.otp.deliveries.cooldown`
 
 Read-Only:
 
@@ -194,7 +194,7 @@ Read-Only:
 - `count` (Number) Allowed maximum number of OTP deliveries.
 
 <a id="nestedatt--phone--otp--deliveries--cooldown"></a>
-### Nested Schema for `phone.otp.deliveries.count`
+### Nested Schema for `phone.otp.deliveries.cooldown`
 
 Read-Only:
 

docs/index.md

@@ -33,7 +33,7 @@ terraform {
   required_providers {
     pingone = {
       source  = "pingidentity/pingone"
-      version = "1.1.0"
+      version = ">= 1.2, < 1.3"
     }
   }
 }
@@ -57,7 +57,7 @@ terraform {
   required_providers {
     pingone = {
       source  = "pingidentity/pingone"
-      version = "1.1.0"
+      version = ">= 1.2, < 1.3"
     }
   }
 }
@@ -85,7 +85,7 @@ terraform {
   required_providers {
     pingone = {
       source  = "pingidentity/pingone"
-      version = "1.1.0"
+      version = ">= 1.2, < 1.3"
     }
   }
 }

docs/resources/application.md

@@ -351,7 +351,7 @@ Optional:
 - `google_play` (Attributes) A single object that describes Google Play Integrity API credential settings for Android device integrity detection.  Required when `excluded_platforms` is unset or does not include `GOOGLE`. (see [below for nested schema](#nestedatt--oidc_options--mobile_app--integrity_detection--google_play))
 
 <a id="nestedatt--oidc_options--mobile_app--integrity_detection--cache_duration"></a>
-### Nested Schema for `oidc_options.mobile_app.integrity_detection.google_play`
+### Nested Schema for `oidc_options.mobile_app.integrity_detection.cache_duration`
 
 Required:
 
@@ -398,6 +398,7 @@ Optional:
 - `home_page_url` (String) A string that specifies the custom home page URL for the application.
 - `nameid_format` (String) A string that specifies the format of the Subject NameID attibute in the SAML assertion.
 - `response_is_signed` (Boolean) A boolean that specifies whether the SAML assertion response itself should be signed.  Defaults to `false`.
+- `session_not_on_or_after_duration` (Number) An integer that specifies a value for if the SAML application requires a different `SessionNotOnOrAfter` attribute value within the `AuthnStatement` element than the `NotOnOrAfter` value set by the `assertion_duration` property.
 - `slo_binding` (String) A string that specifies the binding protocol to be used for the logout response.  Options are `HTTP_POST`, `HTTP_REDIRECT`.  Existing configurations with no data default to `HTTP_POST`.  Defaults to `HTTP_POST`.
 - `slo_endpoint` (String) A string that specifies the logout endpoint URL. This is an optional property. However, if a logout endpoint URL is not defined, logout actions result in an error.
 - `slo_response_endpoint` (String) A string that specifies the endpoint URL to submit the logout response. If a value is not provided, the `slo_endpoint` property value is used to submit SLO response.

docs/resources/environment.md

@@ -28,6 +28,7 @@ resource "pingone_environment" "my_environment" {
     },
     {
       type = "DaVinci"
+      tags = ["DAVINCI_MINIMAL"]
     },
     {
       type = "MFA"

docs/resources/form.md

@@ -271,7 +271,7 @@ Optional:
 - `width_unit` (String) A string that specifies the unit to apply to the `width` parameter.  Options are `PERCENT`, `PIXELS`.
 
 <a id="nestedatt--components--fields--styles--padding"></a>
-### Nested Schema for `components.fields.styles.width_unit`
+### Nested Schema for `components.fields.styles.padding`
 
 Optional: