diff --git a/docs/resources/authorize_policy_management_policy.md b/docs/resources/authorize_policy_management_policy.md
index 7009b5889..426c233b5 100644
--- a/docs/resources/authorize_policy_management_policy.md
+++ b/docs/resources/authorize_policy_management_policy.md
@@ -89,15 +89,115 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--condition--condition--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--condition--condition--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--condition--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right))
+
+### Nested Schema for `condition.condition.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--right))
+
+
+### Nested Schema for `condition.condition.condition.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.condition.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.condition.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.condition.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--right))
+
+
+### Nested Schema for `condition.condition.condition.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.condition.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.condition.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
### Nested Schema for `condition.condition.condition.right`
@@ -138,15 +238,115 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--condition--conditions--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--condition--conditions--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--conditions--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right))
+
+### Nested Schema for `condition.condition.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--right))
+
+
+### Nested Schema for `condition.condition.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.condition.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--right))
+
+
+### Nested Schema for `condition.condition.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
### Nested Schema for `condition.condition.conditions.right`
@@ -238,15 +438,115 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--conditions--condition--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--conditions--condition--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--condition--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right))
+
+### Nested Schema for `condition.conditions.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--right))
+
+
+### Nested Schema for `condition.conditions.condition.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.condition.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.condition.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.conditions.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--right))
+
+
+### Nested Schema for `condition.conditions.condition.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.condition.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.condition.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
### Nested Schema for `condition.conditions.condition.right`
@@ -287,15 +587,115 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right))
+
+### Nested Schema for `condition.conditions.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--right))
+
+
+### Nested Schema for `condition.conditions.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.conditions.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--right))
+
+
+### Nested Schema for `condition.conditions.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
### Nested Schema for `condition.conditions.conditions.right`
diff --git a/docs/resources/authorize_policy_management_rule.md b/docs/resources/authorize_policy_management_rule.md
index 8b71237da..e318b9179 100644
--- a/docs/resources/authorize_policy_management_rule.md
+++ b/docs/resources/authorize_policy_management_rule.md
@@ -91,17 +91,33 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--right))
-
-### Nested Schema for `effect_settings.condition.condition.right.left`
+
+### Nested Schema for `effect_settings.condition.condition.right.condition`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--condition--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--condition--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--condition--right))
+
+
+### Nested Schema for `effect_settings.condition.condition.right.condition.right`
Required:
@@ -113,16 +129,16 @@ Optional:
- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
-
-### Nested Schema for `effect_settings.condition.condition.right.reference`
+
+### Nested Schema for `effect_settings.condition.condition.right.condition.right`
Required:
- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
-
-### Nested Schema for `effect_settings.condition.condition.right.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.condition.right`
Required:
@@ -135,8 +151,8 @@ Optional:
-
-### Nested Schema for `effect_settings.condition.condition.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.conditions`
Required:
@@ -145,12 +161,12 @@ Required:
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
-- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--left))
-- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--reference))
-- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--right))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--conditions--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--conditions--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--conditions--right))
-
-### Nested Schema for `effect_settings.condition.condition.right.left`
+
+### Nested Schema for `effect_settings.condition.condition.right.conditions.right`
Required:
@@ -162,16 +178,16 @@ Optional:
- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
-
-### Nested Schema for `effect_settings.condition.condition.right.reference`
+
+### Nested Schema for `effect_settings.condition.condition.right.conditions.right`
Required:
- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
-
-### Nested Schema for `effect_settings.condition.condition.right.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.conditions.right`
Required:
@@ -184,8 +200,8 @@ Optional:
-
-### Nested Schema for `effect_settings.condition.condition.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.left`
Required:
@@ -197,16 +213,16 @@ Optional:
- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
-
-### Nested Schema for `effect_settings.condition.condition.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.reference`
Required:
- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
-
-### Nested Schema for `effect_settings.condition.condition.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.right`
Required:
@@ -219,8 +235,8 @@ Optional:
-
-### Nested Schema for `effect_settings.condition.conditions`
+
+### Nested Schema for `effect_settings.condition.condition.right`
Required:
@@ -229,14 +245,14 @@ Required:
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
-- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--condition))
-- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--conditions))
-- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--left))
-- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--reference))
-- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right))
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--conditions))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--right))
-
-### Nested Schema for `effect_settings.condition.conditions.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.condition`
Required:
@@ -245,12 +261,12 @@ Required:
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
-- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--left))
-- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--reference))
-- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--right))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--condition--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--condition--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--condition--right))
-
-### Nested Schema for `effect_settings.condition.conditions.right.left`
+
+### Nested Schema for `effect_settings.condition.condition.right.condition.right`
Required:
@@ -262,16 +278,16 @@ Optional:
- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
-
-### Nested Schema for `effect_settings.condition.conditions.right.reference`
+
+### Nested Schema for `effect_settings.condition.condition.right.condition.right`
Required:
- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
-
-### Nested Schema for `effect_settings.condition.conditions.right.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.condition.right`
Required:
@@ -284,8 +300,8 @@ Optional:
-
-### Nested Schema for `effect_settings.condition.conditions.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.conditions`
Required:
@@ -294,12 +310,12 @@ Required:
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
-- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--left))
-- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--reference))
-- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--right))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--conditions--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--conditions--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--condition--right--conditions--right))
-
-### Nested Schema for `effect_settings.condition.conditions.right.left`
+
+### Nested Schema for `effect_settings.condition.condition.right.conditions.right`
Required:
@@ -311,16 +327,16 @@ Optional:
- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
-
-### Nested Schema for `effect_settings.condition.conditions.right.reference`
+
+### Nested Schema for `effect_settings.condition.condition.right.conditions.right`
Required:
- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
-
-### Nested Schema for `effect_settings.condition.conditions.right.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.conditions.right`
Required:
@@ -333,8 +349,8 @@ Optional:
-
-### Nested Schema for `effect_settings.condition.conditions.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.left`
Required:
@@ -346,16 +362,16 @@ Optional:
- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
-
-### Nested Schema for `effect_settings.condition.conditions.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.reference`
Required:
- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
-
-### Nested Schema for `effect_settings.condition.conditions.right`
+
+### Nested Schema for `effect_settings.condition.condition.right.right`
Required:
@@ -368,8 +384,8 @@ Optional:
-
-### Nested Schema for `effect_settings.condition.left`
+
+### Nested Schema for `effect_settings.condition.condition.right`
Required:
@@ -381,16 +397,16 @@ Optional:
- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
-
-### Nested Schema for `effect_settings.condition.reference`
+
+### Nested Schema for `effect_settings.condition.condition.right`
Required:
- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
-
-### Nested Schema for `effect_settings.condition.right`
+
+### Nested Schema for `effect_settings.condition.condition.right`
Required:
@@ -403,9 +419,8 @@ Optional:
-
-
-### Nested Schema for `condition`
+
+### Nested Schema for `effect_settings.condition.conditions`
Required:
@@ -414,14 +429,14 @@ Required:
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
-- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--condition))
-- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--conditions))
-- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--left))
-- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--reference))
-- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--right))
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--conditions))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right))
-
-### Nested Schema for `condition.condition`
+
+### Nested Schema for `effect_settings.condition.conditions.right`
Required:
@@ -430,14 +445,14 @@ Required:
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
-- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--condition--condition))
-- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--condition--conditions))
-- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--left))
-- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--reference))
-- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--right))
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--conditions))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--right))
-
-### Nested Schema for `condition.condition.condition`
+
+### Nested Schema for `effect_settings.condition.conditions.right.condition`
Required:
@@ -446,12 +461,12 @@ Required:
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
-- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--left))
-- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--condition--reference))
-- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--condition--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--condition--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--condition--right))
-
-### Nested Schema for `condition.condition.condition.right`
+
+### Nested Schema for `effect_settings.condition.conditions.right.condition.right`
Required:
@@ -463,16 +478,16 @@ Optional:
- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
-
-### Nested Schema for `condition.condition.condition.right`
+
+### Nested Schema for `effect_settings.condition.conditions.right.condition.right`
Required:
- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
-
-### Nested Schema for `condition.condition.condition.right`
+
+### Nested Schema for `effect_settings.condition.conditions.right.condition.right`
Required:
@@ -485,8 +500,8 @@ Optional:
-
-### Nested Schema for `condition.condition.conditions`
+
+### Nested Schema for `effect_settings.condition.conditions.right.conditions`
Required:
@@ -495,12 +510,12 @@ Required:
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
-- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--left))
-- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--conditions--reference))
-- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--conditions--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--conditions--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--conditions--right))
-
-### Nested Schema for `condition.condition.conditions.right`
+
+### Nested Schema for `effect_settings.condition.conditions.right.conditions.right`
Required:
@@ -512,16 +527,16 @@ Optional:
- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
-
-### Nested Schema for `condition.condition.conditions.right`
+
+### Nested Schema for `effect_settings.condition.conditions.right.conditions.right`
Required:
- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
-
-### Nested Schema for `condition.condition.conditions.right`
+
+### Nested Schema for `effect_settings.condition.conditions.right.conditions.right`
Required:
@@ -534,8 +549,8 @@ Optional:
-
-### Nested Schema for `condition.condition.left`
+
+### Nested Schema for `effect_settings.condition.conditions.right.left`
Required:
@@ -547,16 +562,16 @@ Optional:
- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
-
-### Nested Schema for `condition.condition.reference`
+
+### Nested Schema for `effect_settings.condition.conditions.right.reference`
Required:
- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
-
-### Nested Schema for `condition.condition.right`
+
+### Nested Schema for `effect_settings.condition.conditions.right.right`
Required:
@@ -569,8 +584,8 @@ Optional:
-
-### Nested Schema for `condition.conditions`
+
+### Nested Schema for `effect_settings.condition.conditions.right`
Required:
@@ -579,14 +594,14 @@ Required:
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
-- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--conditions--condition))
-- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--conditions--conditions))
-- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--left))
-- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--reference))
-- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--right))
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--conditions))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--right))
-
-### Nested Schema for `condition.conditions.condition`
+
+### Nested Schema for `effect_settings.condition.conditions.right.condition`
Required:
@@ -595,12 +610,12 @@ Required:
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
-- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--left))
-- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--condition--reference))
-- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--condition--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--condition--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--condition--right))
-
-### Nested Schema for `condition.conditions.condition.right`
+
+### Nested Schema for `effect_settings.condition.conditions.right.condition.right`
Required:
@@ -612,16 +627,16 @@ Optional:
- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
-
-### Nested Schema for `condition.conditions.condition.right`
+
+### Nested Schema for `effect_settings.condition.conditions.right.condition.right`
Required:
- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
-
-### Nested Schema for `condition.conditions.condition.right`
+
+### Nested Schema for `effect_settings.condition.conditions.right.condition.right`
Required:
@@ -634,8 +649,8 @@ Optional:
-
-### Nested Schema for `condition.conditions.conditions`
+
+### Nested Schema for `effect_settings.condition.conditions.right.conditions`
Required:
@@ -644,9 +659,794 @@ Required:
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
-- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--left))
-- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--reference))
-- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--conditions--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--conditions--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--effect_settings--condition--conditions--right--conditions--right))
+
+
+### Nested Schema for `effect_settings.condition.conditions.right.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `effect_settings.condition.conditions.right.conditions.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `effect_settings.condition.conditions.right.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `effect_settings.condition.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `effect_settings.condition.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `effect_settings.condition.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `effect_settings.condition.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `effect_settings.condition.conditions.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `effect_settings.condition.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `effect_settings.condition.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `effect_settings.condition.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `effect_settings.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+
+### Nested Schema for `condition`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--conditions))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--right))
+
+
+### Nested Schema for `condition.condition`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--condition--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--condition--conditions))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--right))
+
+
+### Nested Schema for `condition.condition.condition`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--condition--condition--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--condition--condition--conditions))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--condition--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right))
+
+
+### Nested Schema for `condition.condition.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--right))
+
+
+### Nested Schema for `condition.condition.condition.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.condition.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.condition.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.condition.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--right))
+
+
+### Nested Schema for `condition.condition.condition.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.condition.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.condition.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.condition.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.condition.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.condition.conditions`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--condition--conditions--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--condition--conditions--conditions))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--conditions--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right))
+
+
+### Nested Schema for `condition.condition.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--right))
+
+
+### Nested Schema for `condition.condition.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.condition.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--right))
+
+
+### Nested Schema for `condition.condition.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.condition.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.conditions.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.condition.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.conditions`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--conditions--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--conditions--conditions))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--right))
+
+
+### Nested Schema for `condition.conditions.condition`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--conditions--condition--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--conditions--condition--conditions))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--condition--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right))
+
+
+### Nested Schema for `condition.conditions.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--right))
+
+
+### Nested Schema for `condition.conditions.condition.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.condition.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.condition.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.conditions.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--right))
+
+
+### Nested Schema for `condition.conditions.condition.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.condition.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.condition.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.conditions.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.condition.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.conditions.conditions`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--conditions))
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right))
+
+
+### Nested Schema for `condition.conditions.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--right))
+
+
+### Nested Schema for `condition.conditions.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.conditions.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--right))
+
+
+### Nested Schema for `condition.conditions.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
### Nested Schema for `condition.conditions.conditions.right`
diff --git a/docs/resources/authorize_trust_framework_attribute.md b/docs/resources/authorize_trust_framework_attribute.md
index ade3fb506..36ac6d89f 100644
--- a/docs/resources/authorize_trust_framework_attribute.md
+++ b/docs/resources/authorize_trust_framework_attribute.md
@@ -45,6 +45,7 @@ resource "pingone_authorize_trust_framework_attribute" "my_awesome_attribute" {
- `full_name` (String) A string that specifies a unique name generated by the system for each attribute resource. It is the concatenation of names in the attribute resource hierarchy.
- `id` (String) The ID of this resource.
+- `managed_entity` (Attributes) An object that specifies configuration settings for a system-assigned set of restrictions and metadata related to the resource. (see [below for nested schema](#nestedatt--managed_entity))
- `type` (String) A string that describes the resource type. Options are `ATTRIBUTE`.
- `version` (String) A string that describes a random ID generated by the system for concurrency control purposes.
@@ -253,15 +254,115 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--right))
+
+### Nested Schema for `resolvers.condition.condition.right.condition`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--condition--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--condition--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--condition--right))
+
+
+### Nested Schema for `resolvers.condition.condition.right.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `resolvers.condition.condition.right.condition.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `resolvers.condition.condition.right.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `resolvers.condition.condition.right.conditions`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--conditions--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--conditions--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--conditions--right))
+
+
+### Nested Schema for `resolvers.condition.condition.right.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `resolvers.condition.condition.right.conditions.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `resolvers.condition.condition.right.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
### Nested Schema for `resolvers.condition.condition.right.left`
@@ -302,15 +403,115 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--right))
+
+### Nested Schema for `resolvers.condition.condition.right.condition`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--condition--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--condition--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--condition--right))
+
+
+### Nested Schema for `resolvers.condition.condition.right.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `resolvers.condition.condition.right.condition.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `resolvers.condition.condition.right.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `resolvers.condition.condition.right.conditions`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--conditions--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--conditions--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--condition--right--conditions--right))
+
+
+### Nested Schema for `resolvers.condition.condition.right.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `resolvers.condition.condition.right.conditions.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `resolvers.condition.condition.right.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
### Nested Schema for `resolvers.condition.condition.right.left`
@@ -402,15 +603,115 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--right))
+
+### Nested Schema for `resolvers.condition.conditions.right.condition`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--condition--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--condition--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--condition--right))
+
+
+### Nested Schema for `resolvers.condition.conditions.right.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `resolvers.condition.conditions.right.condition.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `resolvers.condition.conditions.right.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `resolvers.condition.conditions.right.conditions`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--conditions--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--conditions--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--conditions--right))
+
+
+### Nested Schema for `resolvers.condition.conditions.right.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `resolvers.condition.conditions.right.conditions.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `resolvers.condition.conditions.right.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
### Nested Schema for `resolvers.condition.conditions.right.left`
@@ -451,15 +752,115 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--right))
+
+### Nested Schema for `resolvers.condition.conditions.right.condition`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--condition--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--condition--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--condition--right))
+
+
+### Nested Schema for `resolvers.condition.conditions.right.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `resolvers.condition.conditions.right.condition.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `resolvers.condition.conditions.right.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `resolvers.condition.conditions.right.conditions`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--conditions--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--conditions--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--resolvers--condition--conditions--right--conditions--right))
+
+
+### Nested Schema for `resolvers.condition.conditions.right.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `resolvers.condition.conditions.right.conditions.right`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `resolvers.condition.conditions.right.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
### Nested Schema for `resolvers.condition.conditions.right.left`
@@ -719,6 +1120,52 @@ Required:
- `type` (String) A string that specifies the type of the value. Options are `BOOLEAN`, `COLLECTION`, `DATE_TIME`, `DURATION`, `JSON`, `LOCAL_DATE`, `LOCAL_DATE_TIME`, `LOCAL_TIME`, `NUMBER`, `PERIOD`, `STRING`, `TIME_PERIOD`, `XML`, `ZONED_DATE_TIME`.
+
+
+
+### Nested Schema for `managed_entity`
+
+Read-Only:
+
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--managed_entity--owner))
+- `reference` (Attributes) (see [below for nested schema](#nestedatt--managed_entity--reference))
+- `restrictions` (Attributes) (see [below for nested schema](#nestedatt--managed_entity--restrictions))
+
+
+### Nested Schema for `managed_entity.owner`
+
+Read-Only:
+
+- `service` (Attributes) (see [below for nested schema](#nestedatt--managed_entity--owner--service))
+
+
+### Nested Schema for `managed_entity.owner.service`
+
+Read-Only:
+
+- `name` (String)
+
+
+
+
+### Nested Schema for `managed_entity.reference`
+
+Read-Only:
+
+- `id` (String)
+- `name` (String)
+- `type` (String)
+- `ui_deep_link` (String)
+
+
+
+### Nested Schema for `managed_entity.restrictions`
+
+Read-Only:
+
+- `disallow_children` (Boolean)
+- `read_only` (Boolean)
+
## Import
Import is supported using the following syntax, where attributes in `<>` brackets are replaced with the relevant ID. For example, `` should be replaced with the ID of the environment to import from.
diff --git a/docs/resources/authorize_trust_framework_condition.md b/docs/resources/authorize_trust_framework_condition.md
index 3667a2d86..c62769363 100644
--- a/docs/resources/authorize_trust_framework_condition.md
+++ b/docs/resources/authorize_trust_framework_condition.md
@@ -120,15 +120,115 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--condition--condition--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--condition--condition--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--condition--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right))
+
+### Nested Schema for `condition.condition.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--right))
+
+
+### Nested Schema for `condition.condition.condition.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.condition.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.condition.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.condition.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--condition--right--right))
+
+
+### Nested Schema for `condition.condition.condition.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.condition.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.condition.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
### Nested Schema for `condition.condition.condition.right`
@@ -169,15 +269,115 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--condition--conditions--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--condition--conditions--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--conditions--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right))
+
+### Nested Schema for `condition.condition.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--right))
+
+
+### Nested Schema for `condition.condition.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.condition.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--condition--conditions--right--right))
+
+
+### Nested Schema for `condition.condition.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.condition.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.condition.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
### Nested Schema for `condition.condition.conditions.right`
@@ -269,15 +469,115 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--conditions--condition--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--conditions--condition--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--condition--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right))
+
+### Nested Schema for `condition.conditions.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--right))
+
+
+### Nested Schema for `condition.conditions.condition.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.condition.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.condition.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.conditions.condition.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--condition--right--right))
+
+
+### Nested Schema for `condition.conditions.condition.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.condition.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.condition.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
### Nested Schema for `condition.conditions.condition.right`
@@ -318,15 +618,115 @@ Optional:
Required:
-- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+- `type` (String) A string that specifies the authorization condition type. Options are `AND`, `COMPARISON`, `EMPTY`, `NOT`, `OR`, `REFERENCE`.
Optional:
- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `condition` (Attributes) An object that specifies configuration settings for a single authorization condition to evaluate. This field is required when `type` is `NOT`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--condition))
+- `conditions` (Attributes Set) A set of objects that specifies configuration settings for multiple authorization conditions to evaluate. This field is required when `type` is `AND` or `OR`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--conditions))
- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--left))
- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--reference))
- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right))
+
+### Nested Schema for `condition.conditions.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--right))
+
+
+### Nested Schema for `condition.conditions.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+
+### Nested Schema for `condition.conditions.conditions.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition type. Options are `COMPARISON`, `EMPTY`, `REFERENCE`.
+
+Optional:
+
+- `comparator` (String) A string that specifies the comparison operator used to evaluate the authorization condition. This field is required when `type` is `COMPARISON`. Options are `CONTAINS`, `ENDS_WITH`, `EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `HAS_PERMISSION`, `IN_CIDR_BLOCK`, `IS_IN`, `IS_MEMBER_OF`, `IS_NOT_IN`, `IS_NOT_MEMBER_OF`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `MATCHES`, `NOT_CONTAINS`, `NOT_ENDS_WITH`, `NOT_EQUALS`, `NOT_IN_CIDR_BLOCK`, `NOT_MATCHES`, `NOT_STARTS_WITH`, `REGULAR_EXPRESSION`, `STARTS_WITH`.
+- `left` (Attributes) An object that specifies configuration settings that apply to the left side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--left))
+- `reference` (Attributes) An object that specifies configuration settings for the authorization condition reference to evaluate. This field is required when `type` is `REFERENCE`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--reference))
+- `right` (Attributes) An object that specifies configuration settings that apply to the right side of the authorization condition statement. This field is required when `type` is `COMPARISON`. (see [below for nested schema](#nestedatt--condition--conditions--conditions--right--right))
+
+
+### Nested Schema for `condition.conditions.conditions.right.left`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
+### Nested Schema for `condition.conditions.conditions.right.reference`
+
+Required:
+
+- `id` (String) A string that specifies the ID of the authorization condition reference in the trust framework. Must be a valid PingOne resource ID.
+
+
+
+### Nested Schema for `condition.conditions.conditions.right.right`
+
+Required:
+
+- `type` (String) A string that specifies the authorization condition comparand type. Options are `ATTRIBUTE`, `CONSTANT`.
+
+Optional:
+
+- `id` (String) A string that specifies the ID of the authorization attribute in the trust framework to use as the condition comparand. This field is required when `type` is `ATTRIBUTE`. Must be a valid PingOne resource ID.
+- `value` (String) A string that specifies a constant text value to use as the condition comparand. This field is required when `type` is `CONSTANT`.
+
+
+
### Nested Schema for `condition.conditions.conditions.right`
diff --git a/internal/service/authorize/resource_trust_framework_attribute.go b/internal/service/authorize/resource_trust_framework_attribute.go
index 9336dfe0d..2aa364a69 100644
--- a/internal/service/authorize/resource_trust_framework_attribute.go
+++ b/internal/service/authorize/resource_trust_framework_attribute.go
@@ -12,6 +12,8 @@ import (
"github.com/hashicorp/terraform-plugin-framework/resource"
"github.com/hashicorp/terraform-plugin-framework/resource/schema"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/listdefault"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
"github.com/hashicorp/terraform-plugin-framework/schema/validator"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/patrickcping/pingone-go-sdk-v2/authorize"
@@ -25,20 +27,20 @@ import (
type TrustFrameworkAttributeResource serviceClientType
type trustFrameworkAttributeResourceModel struct {
- Id pingonetypes.ResourceIDValue `tfsdk:"id"`
- EnvironmentId pingonetypes.ResourceIDValue `tfsdk:"environment_id"`
- DefaultValue types.String `tfsdk:"default_value"`
- Description types.String `tfsdk:"description"`
- Type types.String `tfsdk:"type"`
- FullName types.String `tfsdk:"full_name"`
- // ManagedEntity types.Object `tfsdk:"managed_entity"`
- Name types.String `tfsdk:"name"`
- Parent types.Object `tfsdk:"parent"`
- Processor types.Object `tfsdk:"processor"`
- RepetitionSource types.Object `tfsdk:"repetition_source"`
- Resolvers types.List `tfsdk:"resolvers"`
- ValueType types.Object `tfsdk:"value_type"`
- Version types.String `tfsdk:"version"`
+ Id pingonetypes.ResourceIDValue `tfsdk:"id"`
+ EnvironmentId pingonetypes.ResourceIDValue `tfsdk:"environment_id"`
+ DefaultValue types.String `tfsdk:"default_value"`
+ Description types.String `tfsdk:"description"`
+ Type types.String `tfsdk:"type"`
+ FullName types.String `tfsdk:"full_name"`
+ ManagedEntity types.Object `tfsdk:"managed_entity"`
+ Name types.String `tfsdk:"name"`
+ Parent types.Object `tfsdk:"parent"`
+ Processor types.Object `tfsdk:"processor"`
+ RepetitionSource types.Object `tfsdk:"repetition_source"`
+ Resolvers types.List `tfsdk:"resolvers"`
+ ValueType types.Object `tfsdk:"value_type"`
+ Version types.String `tfsdk:"version"`
// ValueSchema types.String `tfsdk:"value_schema"`
}
@@ -72,9 +74,9 @@ func (r *TrustFrameworkAttributeResource) Schema(ctx context.Context, req resour
"A string that describes the resource type.",
).AllowedValuesEnum(authorize.AllowedEnumAuthorizeEditorDataDefinitionsAttributeDefinitionDTOTypeEnumValues)
- // managedEntityDescription := framework.SchemaAttributeDescriptionFromMarkdown(
- // "An object that specifies configuration settings for a system-assigned set of restrictions and metadata related to the resource.",
- // )
+ managedEntityDescription := framework.SchemaAttributeDescriptionFromMarkdown(
+ "An object that specifies configuration settings for a system-assigned set of restrictions and metadata related to the resource.",
+ )
resp.Schema = schema.Schema{
// This description is used by the documentation generator and the language server.
@@ -106,15 +108,19 @@ func (r *TrustFrameworkAttributeResource) Schema(ctx context.Context, req resour
Description: typeDescription.Description,
MarkdownDescription: typeDescription.MarkdownDescription,
Computed: true,
+
+ PlanModifiers: []planmodifier.String{
+ stringplanmodifier.UseStateForUnknown(),
+ },
},
- // "managed_entity": schema.SingleNestedAttribute{ // TODO: DOC ERROR - Object Not in docs
- // Description: managedEntityDescription.Description,
- // MarkdownDescription: managedEntityDescription.MarkdownDescription,
- // Computed: true,
+ "managed_entity": schema.SingleNestedAttribute{ // TODO: DOC ERROR - Object Not in docs
+ Description: managedEntityDescription.Description,
+ MarkdownDescription: managedEntityDescription.MarkdownDescription,
+ Computed: true,
- // Attributes: managedEntityObjectSchemaAttributes(),
- // },
+ Attributes: managedEntityObjectSchemaAttributes(),
+ },
"name": schema.StringAttribute{ // DONE
Description: framework.SchemaAttributeDescriptionFromMarkdown("A string that specifies a user-friendly authorization attribute name. The value must be unique.").Description,
@@ -449,10 +455,6 @@ func (p *trustFrameworkAttributeResourceModel) expand(ctx context.Context, updat
data.SetDescription(p.Description.ValueString())
}
- // if !p.FullName.IsNull() && !p.FullName.IsUnknown() {
- // data.SetFullName(p.FullName.ValueString())
- // }
-
// if !p.ManagedEntity.IsNull() && !p.ManagedEntity.IsUnknown() {
// managedEntity, d := expandEditorManagedEntity(ctx, p.ManagedEntity)
@@ -549,7 +551,7 @@ func (p *trustFrameworkAttributeResourceModel) toState(ctx context.Context, apiO
p.Type = framework.EnumOkToTF(apiObject.GetTypeOk())
p.FullName = framework.StringOkToTF(apiObject.GetFullNameOk())
- // p.ManagedEntity, d = editorManagedEntityOkToTF(apiObject.GetManagedEntityOk())
+ p.ManagedEntity, d = editorManagedEntityOkToTF(apiObject.GetManagedEntityOk())
diags.Append(d...)
p.Name = framework.StringOkToTF(apiObject.GetNameOk())
diff --git a/internal/service/authorize/resource_trust_framework_attribute_test.go b/internal/service/authorize/resource_trust_framework_attribute_test.go
index df473739c..43fb25604 100644
--- a/internal/service/authorize/resource_trust_framework_attribute_test.go
+++ b/internal/service/authorize/resource_trust_framework_attribute_test.go
@@ -123,7 +123,7 @@ func TestAccTrustFrameworkAttribute_Full(t *testing.T) {
resource.TestCheckResourceAttr(resourceFullName, "default_value", "test"),
resource.TestCheckResourceAttr(resourceFullName, "processor.name", fmt.Sprintf("%s Test processor", name)),
resource.TestCheckResourceAttr(resourceFullName, "resolvers.#", "1"),
- // resource.TestCheckResourceAttr(resourceFullName, "managed_entity", "1"),
+ resource.TestCheckNoResourceAttr(resourceFullName, "managed_entity"),
resource.TestMatchResourceAttr(resourceFullName, "repetition_source.id", verify.P1ResourceIDRegexpFullString),
resource.TestCheckResourceAttr(resourceFullName, "type", "ATTRIBUTE"),
resource.TestCheckResourceAttr(resourceFullName, "value_type.type", "STRING"),
@@ -140,7 +140,7 @@ func TestAccTrustFrameworkAttribute_Full(t *testing.T) {
resource.TestCheckNoResourceAttr(resourceFullName, "default_value"),
resource.TestCheckNoResourceAttr(resourceFullName, "processor"),
resource.TestCheckResourceAttr(resourceFullName, "resolvers.#", "0"),
- // resource.TestCheckResourceAttr(resourceFullName, "managed_entity", "1"),
+ resource.TestCheckNoResourceAttr(resourceFullName, "managed_entity"),
resource.TestCheckNoResourceAttr(resourceFullName, "repetition_source"),
resource.TestCheckResourceAttr(resourceFullName, "type", "ATTRIBUTE"),
resource.TestCheckResourceAttr(resourceFullName, "value_type.type", "STRING"),
@@ -2358,18 +2358,14 @@ func testAccTrustFrameworkAttributeConfig_Resolver_User_Full(resourceName, name
return fmt.Sprintf(`
%[1]s
-resource "pingone_population" "%[2]s" {
- environment_id = data.pingone_environment.general_test.id
-
- name = "%[3]s"
-}
-
-resource "pingone_user" "%[2]s" {
+resource "pingone_authorize_trust_framework_attribute" "%[2]s-user" {
environment_id = data.pingone_environment.general_test.id
+ name = "%[3]s-user"
+ description = "Test attribute"
- username = "%[3]s"
- email = "%[3]s@pingidentity.com"
- population_id = pingone_population.%[2]s.id
+ value_type = {
+ type = "STRING"
+ }
}
resource "pingone_authorize_trust_framework_attribute" "%[2]s" {
@@ -2384,7 +2380,7 @@ resource "pingone_authorize_trust_framework_attribute" "%[2]s" {
type = "USER"
query = {
type = "USER_ID"
- user_id = pingone_user.%[2]s.id
+ user_id = pingone_authorize_trust_framework_attribute.%[2]s-user.id
}
condition = {
@@ -2451,18 +2447,14 @@ func testAccTrustFrameworkAttributeConfig_Resolver_User_Min(resourceName, name s
return fmt.Sprintf(`
%[1]s
-resource "pingone_population" "%[2]s" {
- environment_id = data.pingone_environment.general_test.id
-
- name = "%[3]s"
-}
-
-resource "pingone_user" "%[2]s" {
+resource "pingone_authorize_trust_framework_attribute" "%[2]s-user" {
environment_id = data.pingone_environment.general_test.id
+ name = "%[3]s-user"
+ description = "Test attribute"
- username = "%[3]s"
- email = "%[3]s@pingidentity.com"
- population_id = pingone_population.%[2]s.id
+ value_type = {
+ type = "STRING"
+ }
}
resource "pingone_authorize_trust_framework_attribute" "%[2]s" {
@@ -2475,7 +2467,7 @@ resource "pingone_authorize_trust_framework_attribute" "%[2]s" {
type = "USER"
query = {
type = "USER_ID"
- user_id = pingone_user.%[2]s.id
+ user_id = pingone_authorize_trust_framework_attribute.%[2]s-user.id
}
}
]
diff --git a/internal/service/authorize/resource_trust_framework_condition.go b/internal/service/authorize/resource_trust_framework_condition.go
index e6504fca9..e71f55f4c 100644
--- a/internal/service/authorize/resource_trust_framework_condition.go
+++ b/internal/service/authorize/resource_trust_framework_condition.go
@@ -10,6 +10,8 @@ import (
"github.com/hashicorp/terraform-plugin-framework/path"
"github.com/hashicorp/terraform-plugin-framework/resource"
"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
"github.com/hashicorp/terraform-plugin-framework/schema/validator"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/patrickcping/pingone-go-sdk-v2/authorize"
@@ -84,6 +86,10 @@ func (r *TrustFrameworkConditionResource) Schema(ctx context.Context, req resour
Description: typeDescription.Description,
MarkdownDescription: typeDescription.MarkdownDescription,
Computed: true,
+
+ PlanModifiers: []planmodifier.String{
+ stringplanmodifier.UseStateForUnknown(),
+ },
},
"full_name": schema.StringAttribute{
@@ -395,10 +401,6 @@ func (p *trustFrameworkConditionResourceModel) expand(ctx context.Context, updat
data.SetDescription(p.Description.ValueString())
}
- // if !p.FullName.IsNull() && !p.FullName.IsUnknown() {
- // data.SetFullName(p.FullName.ValueString())
- // }
-
if !p.Parent.IsNull() && !p.Parent.IsUnknown() {
parent, d := expandEditorParent(ctx, p.Parent)
diags.Append(d...)
diff --git a/internal/service/authorize/resource_trust_framework_processor.go b/internal/service/authorize/resource_trust_framework_processor.go
index be2e2846c..464e833a9 100644
--- a/internal/service/authorize/resource_trust_framework_processor.go
+++ b/internal/service/authorize/resource_trust_framework_processor.go
@@ -10,6 +10,8 @@ import (
"github.com/hashicorp/terraform-plugin-framework/path"
"github.com/hashicorp/terraform-plugin-framework/resource"
"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
"github.com/hashicorp/terraform-plugin-framework/schema/validator"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/patrickcping/pingone-go-sdk-v2/authorize"
@@ -84,6 +86,10 @@ func (r *TrustFrameworkProcessorResource) Schema(ctx context.Context, req resour
Description: typeDescription.Description,
MarkdownDescription: typeDescription.MarkdownDescription,
Computed: true,
+
+ PlanModifiers: []planmodifier.String{
+ stringplanmodifier.UseStateForUnknown(),
+ },
},
"full_name": schema.StringAttribute{
@@ -397,10 +403,6 @@ func (p *trustFrameworkProcessorResourceModel) expand(ctx context.Context, updat
data.SetDescription(p.Description.ValueString())
}
- if !p.FullName.IsNull() && !p.FullName.IsUnknown() {
- data.SetFullName(p.FullName.ValueString())
- }
-
if !p.Parent.IsNull() && !p.Parent.IsUnknown() {
parent, d := expandEditorParent(ctx, p.Parent)
diags.Append(d...)
diff --git a/internal/service/authorize/resource_trust_framework_service.go b/internal/service/authorize/resource_trust_framework_service.go
index 2181b0ff0..ddf74635c 100644
--- a/internal/service/authorize/resource_trust_framework_service.go
+++ b/internal/service/authorize/resource_trust_framework_service.go
@@ -15,6 +15,8 @@ import (
"github.com/hashicorp/terraform-plugin-framework/path"
"github.com/hashicorp/terraform-plugin-framework/resource"
"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
"github.com/hashicorp/terraform-plugin-framework/schema/validator"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
@@ -354,6 +356,10 @@ func (r *TrustFrameworkServiceResource) Schema(ctx context.Context, req resource
Description: typeDescription.Description,
MarkdownDescription: typeDescription.MarkdownDescription,
Computed: true,
+
+ PlanModifiers: []planmodifier.String{
+ stringplanmodifier.UseStateForUnknown(),
+ },
},
"cache_settings": schema.SingleNestedAttribute{ // DONE
@@ -1206,10 +1212,6 @@ func (p *trustFrameworkServiceResourceModel) expandCommon(ctx context.Context, u
authorize.EnumAuthorizeEditorDataDefinitionsServiceDefinitionDTOServiceType(p.ServiceType.ValueString()),
)
- // if !p.FullName.IsNull() && !p.FullName.IsUnknown() {
- // data.SetFullName(p.FullName.ValueString())
- // }
-
if !p.Description.IsNull() && !p.Description.IsUnknown() {
data.SetDescription(p.Description.ValueString())
}
diff --git a/internal/service/authorize/utils_editor_model_condition.go b/internal/service/authorize/utils_editor_model_condition.go
index f8e6b64bb..ec21bb5c7 100644
--- a/internal/service/authorize/utils_editor_model_condition.go
+++ b/internal/service/authorize/utils_editor_model_condition.go
@@ -23,7 +23,7 @@ import (
"github.com/pingidentity/terraform-provider-pingone/internal/utils"
)
-const conditionNestedIterationMaxDepth = 3
+const conditionNestedIterationMaxDepth = 4
var leafConditionTypes = []authorize.EnumAuthorizeEditorDataConditionDTOType{
"COMPARISON",
diff --git a/internal/service/authorize/utils_editor_model_resolver_query.go b/internal/service/authorize/utils_editor_model_resolver_query.go
index fae8af768..903f4b4bc 100644
--- a/internal/service/authorize/utils_editor_model_resolver_query.go
+++ b/internal/service/authorize/utils_editor_model_resolver_query.go
@@ -147,9 +147,9 @@ func editorDataResolverQueryOkToTF(ctx context.Context, apiObject *authorize.Aut
return types.ObjectNull(editorDataResolverQueryTFObjectTypes), diags
}
- attributeMap = editorDataResolverConvertEmptyValuesToTFNulls(attributeMap)
+ attributeMap = editorDataResolverQueryConvertEmptyValuesToTFNulls(attributeMap)
- objValue, d := types.ObjectValue(editorDataResolverTFObjectTypes, attributeMap)
+ objValue, d := types.ObjectValue(editorDataResolverQueryTFObjectTypes, attributeMap)
diags.Append(d...)
return objValue, diags