From 2f7fa745d89a8b06701cc6eba8430ddcb8a8fd35 Mon Sep 17 00:00:00 2001 From: Patrick Cowland Date: Thu, 17 Oct 2024 13:13:23 +0100 Subject: [PATCH 1/3] initial draft --- docs/exporting-configuration/README.md | 3 +- .../pingone-plan-errors.md | 83 --- .../plan-errors/pingfederate.md | 25 + .../pingfederate_certificate_ca.md | 33 ++ .../plan-errors/pingfederate_data_store.md | 46 ++ .../plan-errors/pingfederate_idp_adapter.md | 78 +++ .../pingfederate_kerberos_realm.md | 37 ++ ...pingfederate_oauth_access_token_manager.md | 113 ++++ .../plan-errors/pingfederate_oauth_client.md | 43 ++ ...gfederate_password_credential_validator.md | 281 +++++++++ .../pingfederate_pingone_connection.md | 34 ++ .../pingfederate_server_settings.md | 22 + .../plan-errors/pingone.md | 27 + .../plan-errors/pingone_application.md | 11 + .../plan-errors/pingone_branding_theme.md | 39 ++ .../plan-errors/pingone_certificate.md | 33 ++ .../plan-errors/pingone_forms_recapcha_v2.md | 30 + .../plan-errors/pingone_gateway.md | 96 +++ .../plan-errors/pingone_identity_provider.md | 368 ++++++++++++ ...pingone_mfa_application_push_credential.md | 36 ++ .../pingone_notification_settings_email.md | 22 + .../pingone_phone_delivery_settings.md | 65 +++ .../plan-errors/pingone_schema_attribute.md | 10 + .../pingone_sign_on_policy_action.md | 546 ++++++++++++++++++ 24 files changed, 1997 insertions(+), 84 deletions(-) delete mode 100644 docs/exporting-configuration/pingone-plan-errors.md create mode 100644 docs/exporting-configuration/plan-errors/pingfederate.md create mode 100644 docs/exporting-configuration/plan-errors/pingfederate_certificate_ca.md create mode 100644 docs/exporting-configuration/plan-errors/pingfederate_data_store.md create mode 100644 docs/exporting-configuration/plan-errors/pingfederate_idp_adapter.md create mode 100644 docs/exporting-configuration/plan-errors/pingfederate_kerberos_realm.md create mode 100644 docs/exporting-configuration/plan-errors/pingfederate_oauth_access_token_manager.md create mode 100644 docs/exporting-configuration/plan-errors/pingfederate_oauth_client.md create mode 100644 docs/exporting-configuration/plan-errors/pingfederate_password_credential_validator.md create mode 100644 docs/exporting-configuration/plan-errors/pingfederate_pingone_connection.md create mode 100644 docs/exporting-configuration/plan-errors/pingfederate_server_settings.md create mode 100644 docs/exporting-configuration/plan-errors/pingone.md create mode 100644 docs/exporting-configuration/plan-errors/pingone_application.md create mode 100644 docs/exporting-configuration/plan-errors/pingone_branding_theme.md create mode 100644 docs/exporting-configuration/plan-errors/pingone_certificate.md create mode 100644 docs/exporting-configuration/plan-errors/pingone_forms_recapcha_v2.md create mode 100644 docs/exporting-configuration/plan-errors/pingone_gateway.md create mode 100644 docs/exporting-configuration/plan-errors/pingone_identity_provider.md create mode 100644 docs/exporting-configuration/plan-errors/pingone_mfa_application_push_credential.md create mode 100644 docs/exporting-configuration/plan-errors/pingone_notification_settings_email.md create mode 100644 docs/exporting-configuration/plan-errors/pingone_phone_delivery_settings.md create mode 100644 docs/exporting-configuration/plan-errors/pingone_schema_attribute.md create mode 100644 docs/exporting-configuration/plan-errors/pingone_sign_on_policy_action.md diff --git a/docs/exporting-configuration/README.md b/docs/exporting-configuration/README.md index 07970158..b4c388ff 100644 --- a/docs/exporting-configuration/README.md +++ b/docs/exporting-configuration/README.md @@ -4,6 +4,7 @@ The following documents describe the actions that must be taken, per provider, to resolve `terraform plan` errors following configuration generation. -- [PingOne Terraform Provider](./pingone-plan-errors.md) +- [PingFederate Terraform Provider](./plan-errors/pingfederate.md) +- [PingOne Terraform Provider](./plan-errors/pingone.md) If you encounter an error that is not documented, please [raise a new issue](https://github.com/pingidentity/pingcli/issues/new?title=Undocumented%20Config%20Generation%20Error). \ No newline at end of file diff --git a/docs/exporting-configuration/pingone-plan-errors.md b/docs/exporting-configuration/pingone-plan-errors.md deleted file mode 100644 index 76783ce6..00000000 --- a/docs/exporting-configuration/pingone-plan-errors.md +++ /dev/null @@ -1,83 +0,0 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors - -The following sections describe the actions that must be taken, per resource, to resolve `terraform plan` errors following configuration generation. - -If you encounter an error that is not documented, please [raise a new issue](https://github.com/pingidentity/pingcli/issues/new?title=Undocumented%20PingOne%20Config%20Generation%20Error). - -## Resource: pingone_application - -### Attribute saml_options.type value must be one of: ["WEB_APP" "CUSTOM_APP"], got: "TEMPLATE_APP" - -**Cause**: Template applications are not supported in the PingOne provider version used to run `terraform plan`. - -**Resolution**: Upgrade the PingOne Terraform provider version. Further details can be found at https://github.com/pingidentity/terraform-provider-pingone/issues/841 - -**Documentation**: -- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/application#nestedatt--saml_options) - -## Resource: pingone_branding_theme - -### 2 attributes specified when one (and only one) of [background_color.<.background_color,background_color.<.use_default_background,background_color.<.background_image] is required - -**Cause**: Due to a [Terraform configuration generation limitation](https://developer.hashicorp.com/terraform/language/import/generating-configuration#conflicting-resource-arguments), conflicting parameters are included in the generated HCL. - -**Resolution**: Manual modification is required to ensure only one of `background_color`, `use_default_background` or `background_image` is defined. - -**Documentation**: -- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/branding_theme#schema) - -## Resource: pingone_certificate - -### one of `pem_file,pkcs7_file_base64` must be specified - -**Cause**: Certificates are not exported from PingOne to maintain tenant security. - -**Resolution**: Manual modification is required to set either `pem_file` or `pkcs7_file_base64` in the generated HCL. - -**Documentation**: -- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/certificate#schema) - -## Resource: pingone_forms_recaptcha_v2 - -### Must set a configuration value for the secret_key attribute as the provider has marked it as required - -**Cause**: The reCaptcha v2 secret key is not exported from PingOne to maintain tenant security. - -**Resolution**: Manual modification is required to set `secret_key` in the generated HCL. - -**Documentation**: -- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/forms_recaptcha_v2#schema) - -## Resource: pingone_mfa_application_push_credential - -### No attribute specified when one (and only one) of [apns.<.fcm,apns.<.apns,apns.<.hms] is required - -**Cause**: Push credential values are not exported from PingOne to maintain tenant security. - -**Resolution**: Manual modification is required to set one of `apns`, `fcm`, or `hms` in the generated HCL. - -**Documentation**: -- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/mfa_application_push_credential#schema) - -## Resource: pingone_notification_settings_email - -### Must set a configuration value for the password attribute as the provider has marked it as required. - -**Cause**: Passwords for email servers are not exported from PingOne to maintain tenant security. - -**Resolution**: Manual modification is required to set the `password` field in the generated HCL. - -**Documentation**: -- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/notification_settings_email#schema) - -## Resource: pingone_phone_delivery_settings - -### The argument provider_custom.authentication.password is required because provider_custom.authentication.method is configured as: "BASIC" - -**Cause**: Password fields are not exported from PingOne to maintain tenant security. - -**Resolution**: Manual modification is required to set the `provider_custom.authentication.password` value in the generated HCL. - -**Documentation**: -- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/phone_delivery_settings#password) - diff --git a/docs/exporting-configuration/plan-errors/pingfederate.md b/docs/exporting-configuration/plan-errors/pingfederate.md new file mode 100644 index 00000000..c436ad95 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingfederate.md @@ -0,0 +1,25 @@ +# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors + +The following sections describe the actions that must be taken, per resource, to resolve `terraform plan` errors following configuration generation. + +If you encounter an error that is not documented, please [raise a new issue](https://github.com/pingidentity/pingcli/issues/new?title=Undocumented%20PingFederate%20Config%20Generation%20Error). + +## General (Any Resource) + +### Reference to undeclared resource - A managed resource "[any]" "[any]" has not been declared in the root module + +**Cause**: Terraform configuration has been generated with syntax errors. This is an issue with the Terraform CLI. + +**Resolution**: Upgrade the Terraform CLI to the latest version available and re-generate the HCL configuration. + +## Resource Plan Errors + +- [pingfederate_certificate_ca](pingfederate_certificate_ca.md) +- [pingfederate_data_store](pingfederate_data_store.md) +- [pingfederate_idp_adapter](pingfederate_idp_adapter.md) +- [pingfederate_kerberos_realm](pingfederate_kerberos_realm.md) +- [pingfederate_oauth_access_token_manager](pingfederate_oauth_access_token_manager.md) +- [pingfederate_oauth_client](pingfederate_oauth_client.md) +- [pingfederate_password_credential_validator](pingfederate_password_credential_validator.md) +- [pingfederate_pingone_connection](pingfederate_pingone_connection.md) +- [pingfederate_server_settings](pingfederate_server_settings.md) diff --git a/docs/exporting-configuration/plan-errors/pingfederate_certificate_ca.md b/docs/exporting-configuration/plan-errors/pingfederate_certificate_ca.md new file mode 100644 index 00000000..bd7c3ef9 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingfederate_certificate_ca.md @@ -0,0 +1,33 @@ +# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_certificate_ca) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/certificate_ca#schema) + +## Invalid Attribute Value Length - Attribute file_data string length must be at least 1, got: 0 + +**Cause**: The CA file data is not exported. + +**Resolution**: Manual modification is required to set the `file_data` field in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingfederate_certificate_ca" "my_awesome_certificate_ca" { + ca_id = "7zz3****************5fnja" + crypto_provider = null + file_data = "" +} +``` + +After manual modification (`file_data` is defined): +```hcl +resource "pingfederate_certificate_ca" "my_awesome_certificate_ca" { + ca_id = "7zz3****************5fnja" + crypto_provider = null + file_data = filebase64("my_ca.pem") +} +``` + + + diff --git a/docs/exporting-configuration/plan-errors/pingfederate_data_store.md b/docs/exporting-configuration/plan-errors/pingfederate_data_store.md new file mode 100644 index 00000000..3c46b00e --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingfederate_data_store.md @@ -0,0 +1,46 @@ +# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_data_store) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/data_store#nestedatt--ldap_data_store) + +## Invalid attribute configuration - 'password' and 'user_dn' must be set together + +**Cause**: The data store password is not exported from PingFederate to maintain tenant security. + +**Resolution**: Manual modification is required to set the `ldap_data_store.password` field in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingfederate_data_store" "my_ldap_data_store" { + # ... other configuration parameters + + ldap_data_store = { + # ... other configuration parameters + + ldap_type = "PING_DIRECTORY" + name = "PingDirectory LDAP Data Store" + password = null # sensitive + user_dn = "cn=administrator" + } +} +``` + +After manual modification (`ldap_data_store.password` is defined): +```hcl +resource "pingfederate_data_store" "my_ldap_data_store" { + # ... other configuration parameters + + ldap_data_store = { + # ... other configuration parameters + + ldap_type = "PING_DIRECTORY" + name = "PingDirectory LDAP Data Store" + password = var.pingdirectory_ldap_data_store + user_dn = "cn=administrator" + } +} +``` + + diff --git a/docs/exporting-configuration/plan-errors/pingfederate_idp_adapter.md b/docs/exporting-configuration/plan-errors/pingfederate_idp_adapter.md new file mode 100644 index 00000000..51732b62 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingfederate_idp_adapter.md @@ -0,0 +1,78 @@ +# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_idp_adapter) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/idp_adapter#schema) + +## Missing Configuration for Required Attribute - Must set a configuration value for the configuration.sensitive_fields[Value({"name":"API Key","value":})].value attribute as the provider has marked it as required. + +**Cause**: The DaVinci adapter's API key is not exported from PingFederate to maintain tenant security. + +**Resolution**: Manual modification is required to set the `configuration.sensitive_fields` field to include an object with `name`=`API Key`, and `value` is the API key, in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingfederate_idp_adapter" "my_davinci_adapter" { + # ... other configuration parameters + + adapter_id = "myDaVinciAdapter" + + configuration = { + # ... other configuration parameters + + fields = [ + # ... other configuration parameters + + { + name = "API Request Timeout" + value = jsonencode(5000) + }, + { + name = "Additional Properties Attribute" + value = "additionalProperties" + }, + ] + sensitive_fields = [ + { + name = "API Key" + value = null # sensitive + }, + ] + } +} +``` + +After manual modification (The DaVinci API key is defined): +```hcl +resource "pingfederate_idp_adapter" "my_davinci_adapter" { + # ... other configuration parameters + + adapter_id = "myDaVinciAdapter" + + configuration = { + # ... other configuration parameters + + fields = [ + # ... other configuration parameters + + { + name = "API Request Timeout" + value = jsonencode(5000) + }, + { + name = "Additional Properties Attribute" + value = "additionalProperties" + }, + ] + sensitive_fields = [ + { + name = "API Key" + value = var.my_davinci_adapter_api_key + }, + ] + } +} +``` + + diff --git a/docs/exporting-configuration/plan-errors/pingfederate_kerberos_realm.md b/docs/exporting-configuration/plan-errors/pingfederate_kerberos_realm.md new file mode 100644 index 00000000..509fc1ab --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingfederate_kerberos_realm.md @@ -0,0 +1,37 @@ +# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_kerberos_realm) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/kerberos_realm#schema) + +## Invalid attribute configuration - kerberos_password is required when connection_type is set to "DIRECT". + +**Cause**: The Kerberos password is not exported from PingFederate to maintain tenant security. + +**Resolution**: Manual modification is required to set the `kerberos_password` field in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingfederate_kerberos_realm" "my_kerberos_realm" { + # ... other configuration parameters + + connection_type = "DIRECT" + kerberos_password = null # sensitive + kerberos_realm_name = "My Kerberos Realm" + kerberos_username = "myKerberos" +} +``` + +After manual modification (`kerberos_password` is defined): +```hcl +resource "pingfederate_kerberos_realm" "my_kerberos_realm" { + # ... other configuration parameters + + connection_type = "DIRECT" + kerberos_password = var.my_kerberos_realm_password + kerberos_realm_name = "My Kerberos Realm" + kerberos_username = "myKerberos" +} +``` + diff --git a/docs/exporting-configuration/plan-errors/pingfederate_oauth_access_token_manager.md b/docs/exporting-configuration/plan-errors/pingfederate_oauth_access_token_manager.md new file mode 100644 index 00000000..adec0d37 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingfederate_oauth_access_token_manager.md @@ -0,0 +1,113 @@ +# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_oauth_access_token_manager) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/oauth_access_token_manager#schema) + +## Missing Configuration for Required Attribute - Must set a configuration value for the configuration.tables[0].rows[0].sensitive_fields[Value({"name":"Key","value":})].value attribute as the provider has marked it as required. + +**Cause**: Symmetric key values are not exported from PingFederate to maintain tenant security. + +**Resolution**: Manual modification is required to set the `configuration.tables[0].rows[0].sensitive_fields` field to include an object with `name`=`Key`, and `value` is the symmetric key, in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingfederate_oauth_access_token_manager" "my_symmetric_key_app" { + # ... other configuration parameters + + configuration = { + fields = [ + # ... other configuration parameters + + { + name = "Active Symmetric Encryption Key ID" + value = "mykey" + }, + { + name = "Active Symmetric Key ID" + value = "mykey" + }, + ] + tables = [ + # ... other configuration parameters + + { + name = "Symmetric Keys" + rows = [ + { + default_row = false + fields = [ + { + name = "Encoding" + value = "b64u" + }, + { + name = "Key ID" + value = "mykey" + }, + ] + sensitive_fields = [ + { + name = "Key" + value = null # sensitive + }, + ] + }, + ] + }, + ] + } +} +``` + +After manual modification (The symmetric key is defined): +```hcl +resource "pingfederate_oauth_access_token_manager" "my_symmetric_key_app" { + # ... other configuration parameters + + configuration = { + fields = [ + # ... other configuration parameters + + { + name = "Active Symmetric Encryption Key ID" + value = "mykey" + }, + { + name = "Active Symmetric Key ID" + value = "mykey" + }, + ] + tables = [ + # ... other configuration parameters + + { + name = "Symmetric Keys" + rows = [ + { + default_row = false + fields = [ + { + name = "Encoding" + value = "b64u" + }, + { + name = "Key ID" + value = "mykey" + }, + ] + sensitive_fields = [ + { + name = "Key" + value = var.my_symmetric_key_mykey + }, + ] + }, + ] + }, + ] + } +} +``` + diff --git a/docs/exporting-configuration/plan-errors/pingfederate_oauth_client.md b/docs/exporting-configuration/plan-errors/pingfederate_oauth_client.md new file mode 100644 index 00000000..0f00b0a1 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingfederate_oauth_client.md @@ -0,0 +1,43 @@ +# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_oauth_client) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/oauth_client#schema) + +## Invalid attribute configuration - client_auth.secret must be defined when client_auth.type is configured to "SECRET" + +**Cause**: The OAuth client secret is not exported from PingFederate to maintain tenant security. + +**Resolution**: Manual modification is required to set the `client_auth.secret` field in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingfederate_oauth_client" "openid_connect_basic_client_profile" { + # ... other configuration parameters + + client_auth = { + # ... other configuration parameters + + secret = null # sensitive + type = "SECRET" + } + client_id = "ac_oic_client" +} +``` + +After manual modification (`client_auth.secret` is defined): +```hcl +resource "pingfederate_oauth_client" "openid_connect_basic_client_profile" { + # ... other configuration parameters + + client_auth = { + # ... other configuration parameters + + secret = var.my_oidc_client_secret + type = "SECRET" + } + client_id = "ac_oic_client" +} +``` + diff --git a/docs/exporting-configuration/plan-errors/pingfederate_password_credential_validator.md b/docs/exporting-configuration/plan-errors/pingfederate_password_credential_validator.md new file mode 100644 index 00000000..f694acc5 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingfederate_password_credential_validator.md @@ -0,0 +1,281 @@ +# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_password_credential_validator) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/password_credential_validator#schema) + +## Must set a configuration value for the configuration.tables[0].rows[*].sensitive_fields[Value({"name":"Confirm Password","value":})].value attribute as the provider has marked it as required + +**Cause**: Simple password credential validator password values are not exported from PingFederate to maintain tenant security. + +**Resolution**: Manual modification is required to set the `configuration.tables[0].rows[*].sensitive_fields` field to include an object with `name`=`Confirm Password`, and `value` is the simple password to use for that user, in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingfederate_password_credential_validator" "simple_username_password_credential_validator" { + # ... other configuration parameters + + configuration = { + # ... other configuration parameters + + tables = [ + { + name = "Users" + rows = [ + { + default_row = false + fields = [ + { + name = "Relax Password Requirements" + value = jsonencode(false) + }, + { + name = "Username" + value = "example" + }, + ] + sensitive_fields = [ + { + name = "Confirm Password" + value = null # sensitive + }, + { + name = "Password" + value = null # sensitive + }, + ] + }, + { + default_row = false + fields = [ + { + name = "Relax Password Requirements" + value = jsonencode(false) + }, + { + name = "Username" + value = "example2" + }, + ] + sensitive_fields = [ + { + name = "Confirm Password" + value = null # sensitive + }, + { + name = "Password" + value = null # sensitive + }, + ] + }, + ] + }, + ] + } +} +``` + +After manual modification (A password for each user is defined): +```hcl +resource "pingfederate_password_credential_validator" "simple_username_password_credential_validator" { + # ... other configuration parameters + + configuration = { + # ... other configuration parameters + + tables = [ + { + name = "Users" + rows = [ + { + default_row = false + fields = [ + { + name = "Relax Password Requirements" + value = jsonencode(false) + }, + { + name = "Username" + value = "example" + }, + ] + sensitive_fields = [ + { + name = "Confirm Password" + value = var.simple_pcv_example_password + }, + { + name = "Password" + value = var.simple_pcv_example_password + }, + ] + }, + { + default_row = false + fields = [ + { + name = "Relax Password Requirements" + value = jsonencode(false) + }, + { + name = "Username" + value = "example2" + }, + ] + sensitive_fields = [ + { + name = "Confirm Password" + value = var.simple_pcv_example2_password + }, + { + name = "Password" + value = var.simple_pcv_example2_password + }, + ] + }, + ] + }, + ] + } +} +``` + +## Must set a configuration value for the configuration.tables[0].rows[*].sensitive_fields[Value({"name":"Password","value":})].value attribute as the provider has marked it as required + +**Cause**: Simple password credential validator password values are not exported from PingFederate to maintain tenant security. + +**Resolution**: Manual modification is required to set the `configuration.tables[0].rows[*].sensitive_fields` field to include an object with `name`=`Password`, and `value` is the simple password to use for that user, in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingfederate_password_credential_validator" "simple_username_password_credential_validator" { + # ... other configuration parameters + + configuration = { + # ... other configuration parameters + + tables = [ + { + name = "Users" + rows = [ + { + default_row = false + fields = [ + { + name = "Relax Password Requirements" + value = jsonencode(false) + }, + { + name = "Username" + value = "example" + }, + ] + sensitive_fields = [ + { + name = "Confirm Password" + value = null # sensitive + }, + { + name = "Password" + value = null # sensitive + }, + ] + }, + { + default_row = false + fields = [ + { + name = "Relax Password Requirements" + value = jsonencode(false) + }, + { + name = "Username" + value = "example2" + }, + ] + sensitive_fields = [ + { + name = "Confirm Password" + value = null # sensitive + }, + { + name = "Password" + value = null # sensitive + }, + ] + }, + ] + }, + ] + } +} +``` + +After manual modification (A password for each user is defined): +```hcl +resource "pingfederate_password_credential_validator" "simple_username_password_credential_validator" { + # ... other configuration parameters + + configuration = { + # ... other configuration parameters + + tables = [ + { + name = "Users" + rows = [ + { + default_row = false + fields = [ + { + name = "Relax Password Requirements" + value = jsonencode(false) + }, + { + name = "Username" + value = "example" + }, + ] + sensitive_fields = [ + { + name = "Confirm Password" + value = var.simple_pcv_example_password + }, + { + name = "Password" + value = var.simple_pcv_example_password + }, + ] + }, + { + default_row = false + fields = [ + { + name = "Relax Password Requirements" + value = jsonencode(false) + }, + { + name = "Username" + value = "example2" + }, + ] + sensitive_fields = [ + { + name = "Confirm Password" + value = var.simple_pcv_example2_password + }, + { + name = "Password" + value = var.simple_pcv_example2_password + }, + ] + }, + ] + }, + ] + } +} +``` + diff --git a/docs/exporting-configuration/plan-errors/pingfederate_pingone_connection.md b/docs/exporting-configuration/plan-errors/pingfederate_pingone_connection.md new file mode 100644 index 00000000..bb567bb5 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingfederate_pingone_connection.md @@ -0,0 +1,34 @@ +# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_pingone_connection) + +**Documentation**: +- [Terraform Registry - PingFederate pingone_connection](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/pingone_connection#schema) +- [Terraform Registry - PingOne pingone_gateway_credential](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/gateway_credential) + +## Missing Configuration for Required Attribute - Must set a configuration value for the credential attribute as the provider has marked it as required + +**Cause**: The PingOne credential is not exported from PingFederate to maintain tenant security. + +**Resolution**: Manual modification is required to set the `credential` field in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingfederate_pingone_connection" "my_pingone_environment" { + # ... other configuration parameters + + credential = null # sensitive + name = "My PingOne Environment" +} +``` + +After manual modification (`credential` is defined): +```hcl +resource "pingfederate_pingone_connection" "my_pingone_environment" { + # ... other configuration parameters + + credential = var.pingone_credential # see pingone_gateway_credential in the PingOne Terraform provider + name = "My PingOne Environment" +} +``` + diff --git a/docs/exporting-configuration/plan-errors/pingfederate_server_settings.md b/docs/exporting-configuration/plan-errors/pingfederate_server_settings.md new file mode 100644 index 00000000..c03352e4 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingfederate_server_settings.md @@ -0,0 +1,22 @@ +# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_server_settings) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/pingfederate_server_settings#schema) + +## Invalid Attribute Value Length - TODO + +**Cause**: TODO. + +**Resolution**: Manual modification is required to set the `TODO` field in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +TODO +``` + +After manual modification: +```hcl +TODO +``` diff --git a/docs/exporting-configuration/plan-errors/pingone.md b/docs/exporting-configuration/plan-errors/pingone.md new file mode 100644 index 00000000..ebca5c99 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingone.md @@ -0,0 +1,27 @@ +# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors + +The following sections describe the actions that must be taken, per resource, to resolve `terraform plan` errors following configuration generation. + +If you encounter an error that is not documented, please [raise a new issue](https://github.com/pingidentity/pingcli/issues/new?title=Undocumented%20PingOne%20Config%20Generation%20Error). + +## General (Any Resource) + +### Reference to undeclared resource - A managed resource "[any]" "[any]" has not been declared in the root module + +**Cause**: Terraform configuration has been generated with syntax errors. This is an issue with the Terraform CLI. + +**Resolution**: Upgrade the Terraform CLI to the latest version available and re-generate the HCL configuration. + +## Resource Plan Errors + +- [pingone_application](pingone_application.md) +- [pingone_branding_theme](pingone_branding_theme.md) +- [pingone_certificate](pingone_certificate.md) +- [pingone_forms_recapcha_v2](pingone_forms_recapcha_v2.md) +- [pingone_gateway](pingone_gateway.md) +- [pingone_identity_provider](pingone_identity_provider.md) +- [pingone_mfa_application_push_credential](pingone_mfa_application_push_credential.md) +- [pingone_notification_settings_email](pingone_notification_settings_email.md) +- [pingone_phone_delivery_settings](pingone_phone_delivery_settings.md) +- [pingone_schema_attribute](pingone_schema_attribute.md) +- [pingone_sign_on_policy_action](pingone_sign_on_policy_action.md) \ No newline at end of file diff --git a/docs/exporting-configuration/plan-errors/pingone_application.md b/docs/exporting-configuration/plan-errors/pingone_application.md new file mode 100644 index 00000000..fb63e6c8 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingone_application.md @@ -0,0 +1,11 @@ +# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_application) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/application#nestedatt--saml_options) + +## Invalid Attribute Value Match - Attribute saml_options.type value must be one of: ["WEB_APP" "CUSTOM_APP"], got: "TEMPLATE_APP" + +**Cause**: Template applications are not supported in the PingOne provider version being used. + +**Resolution**: Upgrade the PingOne Terraform provider version. Further details can be found at https://github.com/pingidentity/terraform-provider-pingone/issues/841 + diff --git a/docs/exporting-configuration/plan-errors/pingone_branding_theme.md b/docs/exporting-configuration/plan-errors/pingone_branding_theme.md new file mode 100644 index 00000000..b9ef052b --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingone_branding_theme.md @@ -0,0 +1,39 @@ +# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_branding_theme) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/branding_theme#schema) + +## Invalid Attribute Combination - 2 attributes specified when one (and only one) of [background_color.<.background_color,background_color.<.use_default_background,background_color.<.background_image] is required + +**Cause**: Due to a [Terraform configuration generation limitation](https://developer.hashicorp.com/terraform/language/import/generating-configuration#conflicting-resource-arguments), conflicting parameters are included in the generated HCL. + +**Resolution**: Manual modification is required to ensure only one of `background_color`, `use_default_background` or `background_image` is defined. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_branding_theme" "my_awesome_theme" { + # ... other configuration parameters + + background_color = null + background_image = { + href = "https://uploads.pingone.eu/environments/942b****-****-****-****-********985c/images/image.png" + id = "d4a1****-****-****-****-********ba9d" + } + use_default_background = false +} +``` + +After manual modification (`background_color` and `use_default_background` are removed): +```hcl +resource "pingone_branding_theme" "my_awesome_theme" { + # ... other configuration parameters + + background_image = { + href = "https://uploads.pingone.eu/environments/942b****-****-****-****-********985c/images/image.png" + id = "d4a1****-****-****-****-********ba9d" + } +} +``` + diff --git a/docs/exporting-configuration/plan-errors/pingone_certificate.md b/docs/exporting-configuration/plan-errors/pingone_certificate.md new file mode 100644 index 00000000..7ca68061 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingone_certificate.md @@ -0,0 +1,33 @@ +# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_certificate) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/certificate#schema) + +## Invalid combination of arguments - one of `pem_file,pkcs7_file_base64` must be specified + +**Cause**: Certificates are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set either `pem_file` or `pkcs7_file_base64` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_certificate" "my_awesome_cert" { + environment_id = "942b****-****-****-****-********985c" + pem_file = null + pkcs7_file_base64 = null + usage_type = "ENCRYPTION" +} +``` + +After manual modification (using PEM as an example, `pem_file` is defined): +```hcl +resource "pingone_certificate" "my_awesome_cert" { + environment_id = "942b****-****-****-****-********985c" + pem_file = file("../path/to/certificate.pem") + usage_type = "ENCRYPTION" +} +``` + + diff --git a/docs/exporting-configuration/plan-errors/pingone_forms_recapcha_v2.md b/docs/exporting-configuration/plan-errors/pingone_forms_recapcha_v2.md new file mode 100644 index 00000000..6b75143d --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingone_forms_recapcha_v2.md @@ -0,0 +1,30 @@ +# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_forms_recaptcha_v2) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/forms_recaptcha_v2#schema) + +## Missing Configuration for Required Attribute - Must set a configuration value for the secret_key attribute as the provider has marked it as required + +**Cause**: The reCaptcha v2 secret key is not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `secret_key` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_forms_recaptcha_v2" "my_awesome_recaptcha_configuration" { + environment_id = "942b****-****-****-****-********985c" + secret_key = null # sensitive + site_key = "6L****************-******************hp" +} +``` + +After manual modification (`secret_key` is defined): +```hcl +resource "pingone_forms_recaptcha_v2" "my_awesome_recaptcha_configuration" { + environment_id = "942b****-****-****-****-********985c" + secret_key = var.my_awesome_recaptcha_configuration_secret_key + site_key = "6L****************-******************hp" +} +``` diff --git a/docs/exporting-configuration/plan-errors/pingone_gateway.md b/docs/exporting-configuration/plan-errors/pingone_gateway.md new file mode 100644 index 00000000..de8d050d --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingone_gateway.md @@ -0,0 +1,96 @@ +# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_gateway) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/gateway#schema) + +## Invalid Attribute Combination - Attribute "bind_password" must be specified when "[bind_dn|connection_security|follow_referrals|servers|user_types|validate_tls_certificates|vendor]" is specified + +**Cause**: The LDAP bind password is not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `bind_password` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_gateway" "my_pingdirectory" { + # ... other configuration parameters + + bind_dn = "cn=administrator" + bind_password = null # sensitive + connection_security = "TLS" + follow_referrals = false + servers = ["my-directory:636"] + type = "LDAP" + user_types = { + # ... other configuration parameters + } + validate_tls_certificates = true + vendor = "PingDirectory" +} +``` + +After manual modification (`bind_password` is defined): +```hcl +resource "pingone_gateway" "my_pingdirectory" { + # ... other configuration parameters + + bind_dn = "cn=administrator" + bind_password = var.my_directory_pingdirectory_bind_dn + connection_security = "TLS" + follow_referrals = false + servers = ["my-directory:636"] + type = "LDAP" + user_types = { + # ... other configuration parameters + } + validate_tls_certificates = true + vendor = "PingDirectory" +} +``` + +## Missing required argument - The argument bind_password is required because type is configured as: "LDAP" + +**Cause**: The LDAP bind password is not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `bind_password` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_gateway" "my_pingdirectory" { + # ... other configuration parameters + + bind_dn = "cn=administrator" + bind_password = null # sensitive + connection_security = "TLS" + follow_referrals = false + servers = ["my-directory:636"] + type = "LDAP" + user_types = { + # ... other configuration parameters + } + validate_tls_certificates = true + vendor = "PingDirectory" +} +``` + +After manual modification (`bind_password` is defined): +```hcl +resource "pingone_gateway" "my_pingdirectory" { + # ... other configuration parameters + + bind_dn = "cn=administrator" + bind_password = var.my_directory_pingdirectory_bind_dn + connection_security = "TLS" + follow_referrals = false + servers = ["my-directory:636"] + type = "LDAP" + user_types = { + # ... other configuration parameters + } + validate_tls_certificates = true + vendor = "PingDirectory" +} +``` diff --git a/docs/exporting-configuration/plan-errors/pingone_identity_provider.md b/docs/exporting-configuration/plan-errors/pingone_identity_provider.md new file mode 100644 index 00000000..bfd0a4b8 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingone_identity_provider.md @@ -0,0 +1,368 @@ +# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_identity_provider) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/identity_provider#schema) + +## Missing Configuration for Required Attribute - Must set a configuration value for the amazon.client_secret attribute as the provider has marked it as required. + +**Cause**: Client secrets for external identity providers are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `amazon.client_secret` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_identity_provider" "amazon" { + # ... other configuration parameters + + amazon = { + client_id = "********" + client_secret = null # sensitive + } +} +``` + +After manual modification (`amazon.client_secret` is defined): +```hcl +resource "pingone_identity_provider" "amazon" { + # ... other configuration parameters + + amazon = { + client_id = "********" + client_secret = var.identity_provider_amazon_client_secret + } +} +``` + +## Missing Configuration for Required Attribute - Must set a configuration value for the apple.client_secret_signing_key attribute as the provider has marked it as required. + +**Cause**: Client secrets for external identity providers are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `apple.client_secret_signing_key` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_identity_provider" "apple" { + # ... other configuration parameters + + apple = { + client_id = "********" + client_secret_signing_key = null # sensitive + key_id = "********" + team_id = "********" + } +} +``` + +After manual modification (`apple.client_secret_signing_key` is defined): +```hcl +resource "pingone_identity_provider" "apple" { + # ... other configuration parameters + + apple = { + client_id = "********" + client_secret_signing_key = var.identity_provider_apple_client_secret + key_id = "********" + team_id = "********" + } +} +``` + +## Missing Configuration for Required Attribute - Must set a configuration value for the facebook.app_secret attribute as the provider has marked it as required. + +**Cause**: Client secrets for external identity providers are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `facebook.app_secret` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_identity_provider" "facebook" { + # ... other configuration parameters + + facebook = { + app_id = "********" + app_secret = null # sensitive + } +} +``` + +After manual modification (`facebook.app_secret` is defined): +```hcl +resource "pingone_identity_provider" "facebook" { + # ... other configuration parameters + + facebook = { + app_id = "********" + app_secret = var.identity_provider_facebook_app_secret + } +} +``` + +## Missing Configuration for Required Attribute - Must set a configuration value for the github.client_secret attribute as the provider has marked it as required. + +**Cause**: Client secrets for external identity providers are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `github.client_secret` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_identity_provider" "github" { + # ... other configuration parameters + + github = { + client_id = "********" + client_secret = null # sensitive + } +} +``` + +After manual modification (`github.client_secret` is defined): +```hcl +resource "pingone_identity_provider" "github" { + # ... other configuration parameters + + github = { + client_id = "********" + client_secret = var.identity_provider_github_client_secret + } +} +``` + +## Missing Configuration for Required Attribute - Must set a configuration value for the google.client_secret attribute as the provider has marked it as required. + +**Cause**: Client secrets for external identity providers are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `google.client_secret` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_identity_provider" "google" { + # ... other configuration parameters + + google = { + client_id = "********" + client_secret = null # sensitive + } +} +``` + +After manual modification (`google.client_secret` is defined): +```hcl +resource "pingone_identity_provider" "google" { + # ... other configuration parameters + + google = { + client_id = "********" + client_secret = var.identity_provider_google_client_secret + } +} +``` + +## Missing Configuration for Required Attribute - Must set a configuration value for the linkedin.client_secret attribute as the provider has marked it as required. + +**Cause**: Client secrets for external identity providers are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `linkedin.client_secret` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_identity_provider" "linkedin" { + # ... other configuration parameters + + linkedin = { + client_id = "********" + client_secret = null # sensitive + } +} +``` + +After manual modification (`linkedin.client_secret` is defined): +```hcl +resource "pingone_identity_provider" "linkedin" { + # ... other configuration parameters + + linkedin = { + client_id = "********" + client_secret = var.identity_provider_linkedin_client_secret + } +} +``` + +## Missing Configuration for Required Attribute - Must set a configuration value for the microsoft.client_secret attribute as the provider has marked it as required. + +**Cause**: Client secrets for external identity providers are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `microsoft.client_secret` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_identity_provider" "microsoft" { + # ... other configuration parameters + + microsoft = { + client_id = "********" + client_secret = null # sensitive + } +} +``` + +After manual modification (`microsoft.client_secret` is defined): +```hcl +resource "pingone_identity_provider" "microsoft" { + # ... other configuration parameters + + microsoft = { + client_id = "********" + client_secret = var.identity_provider_microsoft_client_secret + } +} +``` + +## Missing Configuration for Required Attribute - Must set a configuration value for the openid_connect.client_secret attribute as the provider has marked it as required. + +**Cause**: Client secrets for external identity providers are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `openid_connect.client_secret` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_identity_provider" "openid_connect" { + # ... other configuration parameters + + openid_connect = { + # ... other configuration parameters + + client_id = "********" + client_secret = null # sensitive + } +} +``` + +After manual modification (`openid_connect.client_secret` is defined): +```hcl +resource "pingone_identity_provider" "openid_connect" { + # ... other configuration parameters + + openid_connect = { + # ... other configuration parameters + + client_id = "********" + client_secret = var.identity_provider_openid_connect_client_secret + } +} +``` + +## Missing Configuration for Required Attribute - Must set a configuration value for the paypal.client_secret attribute as the provider has marked it as required. + +**Cause**: Client secrets for external identity providers are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `paypal.client_secret` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_identity_provider" "paypal" { + # ... other configuration parameters + + paypal = { + # ... other configuration parameters + + client_id = "********" + client_secret = null # sensitive + } +} +``` + +After manual modification (`paypal.client_secret` is defined): +```hcl +resource "pingone_identity_provider" "paypal" { + # ... other configuration parameters + + paypal = { + # ... other configuration parameters + + client_id = "********" + client_secret = var.identity_provider_paypal_client_secret + } +} +``` + +## Missing Configuration for Required Attribute - Must set a configuration value for the twitter.client_secret attribute as the provider has marked it as required. + +**Cause**: Client secrets for external identity providers are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `twitter.client_secret` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_identity_provider" "twitter" { + # ... other configuration parameters + + twitter = { + client_id = "********" + client_secret = null # sensitive + } +} +``` + +After manual modification (`twitter.client_secret` is defined): +```hcl +resource "pingone_identity_provider" "twitter" { + # ... other configuration parameters + + twitter = { + client_id = "********" + client_secret = var.identity_provider_twitter_client_secret + } +} +``` + +## Missing Configuration for Required Attribute - Must set a configuration value for the yahoo.client_secret attribute as the provider has marked it as required. + +**Cause**: Client secrets for external identity providers are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set `yahoo.client_secret` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_identity_provider" "yahoo" { + # ... other configuration parameters + + yahoo = { + client_id = "********" + client_secret = null # sensitive + } +} +``` + +After manual modification (`yahoo.client_secret` is defined): +```hcl +resource "pingone_identity_provider" "yahoo" { + # ... other configuration parameters + + yahoo = { + client_id = "********" + client_secret = var.identity_provider_yahoo_client_secret + } +} +``` diff --git a/docs/exporting-configuration/plan-errors/pingone_mfa_application_push_credential.md b/docs/exporting-configuration/plan-errors/pingone_mfa_application_push_credential.md new file mode 100644 index 00000000..dbf12ce9 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingone_mfa_application_push_credential.md @@ -0,0 +1,36 @@ +# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_mfa_application_push_credential) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/mfa_application_push_credential#schema) + +## Invalid Attribute Combination - No attribute specified when one (and only one) of [apns.<.fcm,apns.<.apns,apns.<.hms] is required + +**Cause**: Push credential values are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set one of `apns`, `fcm`, or `hms` in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_mfa_application_push_credential" "my_awesome_push_credential" { + apns = null + application_id = "71f7****-****-****-****-********dcd7" + environment_id = "942b****-****-****-****-********985c" + fcm = null + hms = null +} +``` + +After manual modification (using APNS as an example, `apns.key`, `apns.team_id` and `apns.token_signing_key` are defined): +```hcl +resource "pingone_mfa_application_push_credential" "my_awesome_push_credential" { + apns = { + key = var.apns_key + team_id = var.apns_team_id + token_signing_key = var.apns_token_signing_key + } + application_id = "71f7****-****-****-****-********dcd7" + environment_id = "942b****-****-****-****-********985c" +} +``` diff --git a/docs/exporting-configuration/plan-errors/pingone_notification_settings_email.md b/docs/exporting-configuration/plan-errors/pingone_notification_settings_email.md new file mode 100644 index 00000000..f037bf9d --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingone_notification_settings_email.md @@ -0,0 +1,22 @@ +# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_notification_settings_email) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/notification_settings_email#schema) + +## Missing Configuration for Required Attribute - Must set a configuration value for the password attribute as the provider has marked it as required. + +**Cause**: Passwords for email servers are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set the `password` field in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +TODO +``` + +After manual modification: +```hcl +TODO +``` diff --git a/docs/exporting-configuration/plan-errors/pingone_phone_delivery_settings.md b/docs/exporting-configuration/plan-errors/pingone_phone_delivery_settings.md new file mode 100644 index 00000000..87be9c58 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingone_phone_delivery_settings.md @@ -0,0 +1,65 @@ +# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_phone_delivery_settings) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/phone_delivery_settings#password) + +## Missing required argument - The argument provider_custom.authentication.password is required because provider_custom.authentication.method is configured as: "BASIC" + +**Cause**: Password fields are not exported from PingOne to maintain tenant security. + +**Resolution**: Manual modification is required to set the `provider_custom.authentication.password` value in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_phone_delivery_settings" "my_awesome_phone_delivery_settings" { + # ... other configuration parameters + + provider_custom = { + # ... other configuration parameters + + authentication = { + auth_token = null # sensitive + method = "BASIC" + password = null # sensitive + username = "myusername" + } + } +} +``` + +After manual modification (`provider_custom.authentication.password` is defined): +```hcl +resource "pingone_phone_delivery_settings" "my_awesome_phone_delivery_settings" { + # ... other configuration parameters + + provider_custom = { + # ... other configuration parameters + + authentication = { + method = "BASIC" + password = var.my_phone_delivery_settings_password + username = "myusername" + } + } +} +``` + +## Missing Configuration for Required Attribute - TODO + +**Cause**: TODO + +**Resolution**: Manual modification is required to set the `TODO` value in the generated HCL. + +**Example**: + +Generated configuration: +```hcl +TODO +``` + +After manual modification: +```hcl +TODO +``` diff --git a/docs/exporting-configuration/plan-errors/pingone_schema_attribute.md b/docs/exporting-configuration/plan-errors/pingone_schema_attribute.md new file mode 100644 index 00000000..132e0f2c --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingone_schema_attribute.md @@ -0,0 +1,10 @@ +# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_schema_attribute) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/schema_attribute) + +## Data Loss Protection - This field is immutable and cannot be changed once defined + +**Cause**: Terraform is looking to make a replacement change to a schema attribute, which will cause data to be lost. Data loss protections are invoked. + +**Resolution**: Manual modification is required to remove the resources from the generated HCL, or ensure that state is synchronised with the target platform. diff --git a/docs/exporting-configuration/plan-errors/pingone_sign_on_policy_action.md b/docs/exporting-configuration/plan-errors/pingone_sign_on_policy_action.md new file mode 100644 index 00000000..273e3323 --- /dev/null +++ b/docs/exporting-configuration/plan-errors/pingone_sign_on_policy_action.md @@ -0,0 +1,546 @@ +# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_sign_on_policy_action) + +**Documentation**: +- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/sign_on_policy_action) + +## Conflicting configuration arguments - "conditions.0.anonymous_network_detected": conflicts with [identifier_first|login] + +**Cause**: Due to a [Terraform configuration generation limitation](https://developer.hashicorp.com/terraform/language/import/generating-configuration#conflicting-resource-arguments), conflicting parameters are included in the generated HCL. + +**Resolution**: Manual modification is required to remove the `conditions.0.anonymous_network_detected` value from the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + anonymous_network_detected = false + last_sign_on_older_than_seconds = 604800 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +After manual modification (`conditions.anonymous_network_detected` is removed): +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + last_sign_on_older_than_seconds = 604800 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +## Conflicting configuration arguments - "conditions.0.anonymous_network_detected_allowed_cidr": conflicts with [identifier_first|login] + +**Cause**: Due to a [Terraform configuration generation limitation](https://developer.hashicorp.com/terraform/language/import/generating-configuration#conflicting-resource-arguments), conflicting parameters are included in the generated HCL. + +**Resolution**: Manual modification is required to remove the `conditions.0.anonymous_network_detected_allowed_cidr` value from the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + anonymous_network_detected_allowed_cidr = [] + last_sign_on_older_than_seconds = 604800 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +After manual modification (`conditions.anonymous_network_detected_allowed_cidr` is removed): +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + last_sign_on_older_than_seconds = 604800 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +## Conflicting configuration arguments - "conditions.0.geovelocity_anomaly_detected": conflicts with [identifier_first|login] + +**Cause**: Due to a [Terraform configuration generation limitation](https://developer.hashicorp.com/terraform/language/import/generating-configuration#conflicting-resource-arguments), conflicting parameters are included in the generated HCL. + +**Resolution**: Manual modification is required to remove the `conditions.0.geovelocity_anomaly_detected` value from the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + geovelocity_anomaly_detected = false + last_sign_on_older_than_seconds = 604800 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +After manual modification (`conditions.geovelocity_anomaly_detected` is removed): +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + last_sign_on_older_than_seconds = 604800 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +## Conflicting configuration arguments - "conditions.0.ip_out_of_range_cidr": conflicts with [identifier_first|login] + +**Cause**: Due to a [Terraform configuration generation limitation](https://developer.hashicorp.com/terraform/language/import/generating-configuration#conflicting-resource-arguments), conflicting parameters are included in the generated HCL. + +**Resolution**: Manual modification is required to remove the `conditions.0.ip_out_of_range_cidr` value from the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + ip_out_of_range_cidr = [] + last_sign_on_older_than_seconds = 604800 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +After manual modification (`conditions.ip_out_of_range_cidr` is removed): +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + last_sign_on_older_than_seconds = 604800 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +## Conflicting configuration arguments - "conditions.0.ip_reputation_high_risk": conflicts with [identifier_first|login] + +**Cause**: Due to a [Terraform configuration generation limitation](https://developer.hashicorp.com/terraform/language/import/generating-configuration#conflicting-resource-arguments), conflicting parameters are included in the generated HCL. + +**Resolution**: Manual modification is required to remove the `conditions.0.ip_reputation_high_risk` value from the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + ip_reputation_high_risk = false + last_sign_on_older_than_seconds = 604800 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +After manual modification (`conditions.ip_reputation_high_risk` is removed): +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + last_sign_on_older_than_seconds = 604800 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +## Conflicting configuration arguments - "conditions.0.last_sign_on_older_than_seconds_mfa": conflicts with [identifier_first|login] + +**Cause**: Due to a [Terraform configuration generation limitation](https://developer.hashicorp.com/terraform/language/import/generating-configuration#conflicting-resource-arguments), conflicting parameters are included in the generated HCL. + +**Resolution**: Manual modification is required to remove the `conditions.0.last_sign_on_older_than_seconds_mfa` value from the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + last_sign_on_older_than_seconds = 604800 + last_sign_on_older_than_seconds_mfa = 0 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +After manual modification (`conditions.last_sign_on_older_than_seconds_mfa` is removed): +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + last_sign_on_older_than_seconds = 604800 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +## Conflicting configuration arguments - "conditions.0.last_sign_on_older_than_seconds": conflicts with conditions.0.last_sign_on_older_than_seconds_mfa + +**Cause**: Due to a [Terraform configuration generation limitation](https://developer.hashicorp.com/terraform/language/import/generating-configuration#conflicting-resource-arguments), conflicting parameters are included in the generated HCL. + +**Resolution**: Manual modification is required to ensure only one of `conditions.0.last_sign_on_older_than_seconds` or `conditions.0.last_sign_on_older_than_seconds_mfa` is set in the generated configuration. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + last_sign_on_older_than_seconds = 604800 + last_sign_on_older_than_seconds_mfa = 0 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +After manual modification (`conditions.last_sign_on_older_than_seconds_mfa` is removed): +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_identifier_first_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + last_sign_on_older_than_seconds = 604800 + } + + identifier_first { + # ... other configuration parameters + + recovery_enabled = true + discovery_rule { + attribute_contains_text = "@pingidentity.com" + identity_provider_id = "ad3a****-****-****-****-********ef83" + } + } +} +``` + +## Conflicting configuration arguments - "enforce_lockout_for_identity_providers": conflicts with [mfa|progressive_profiling] + +**Cause**: Due to a [Terraform configuration generation limitation](https://developer.hashicorp.com/terraform/language/import/generating-configuration#conflicting-resource-arguments), conflicting parameters are included in the generated HCL. + +**Resolution**: Manual modification is required to remove the `enforce_lockout_for_identity_providers` value from the generated HCL. + +**Example**: + +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_progressive_profiling_action" { + # ... other configuration parameters + + enforce_lockout_for_identity_providers = false + + progressive_profiling { + # ... other configuration parameters + + prompt_text = "For the best experience, we need a couple things from you." + } +} +``` + +After manual modification (`enforce_lockout_for_identity_providers` is removed): +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_progressive_profiling_action" { + # ... other configuration parameters + + progressive_profiling { + # ... other configuration parameters + + prompt_text = "For the best experience, we need a couple things from you." + } +} +``` + +## Conflicting configuration arguments - "registration_confirm_user_attributes": conflicts with [mfa|progressive_profiling] + +**Cause**: Due to a [Terraform configuration generation limitation](https://developer.hashicorp.com/terraform/language/import/generating-configuration#conflicting-resource-arguments), conflicting parameters are included in the generated HCL. + +**Resolution**: Manual modification is required to remove the `registration_confirm_user_attributes` value from the generated HCL. + +**Example**: + +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_progressive_profiling_action" { + # ... other configuration parameters + + registration_confirm_user_attributes = false + + progressive_profiling { + # ... other configuration parameters + + prompt_text = "For the best experience, we need a couple things from you." + } +} +``` + +After manual modification (`registration_confirm_user_attributes` is removed): +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_progressive_profiling_action" { + # ... other configuration parameters + + progressive_profiling { + # ... other configuration parameters + + prompt_text = "For the best experience, we need a couple things from you." + } +} +``` + +## Conflicting configuration arguments - "social_provider_ids": conflicts with [mfa|progressive_profiling] + +**Cause**: Due to a [Terraform configuration generation limitation](https://developer.hashicorp.com/terraform/language/import/generating-configuration#conflicting-resource-arguments), conflicting parameters are included in the generated HCL. + +**Resolution**: Manual modification is required to remove the `social_provider_ids` value from the generated HCL. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_progressive_profiling_action" { + # ... other configuration parameters + + social_provider_ids = [] + + progressive_profiling { + # ... other configuration parameters + + prompt_text = "For the best experience, we need a couple things from you." + } +} +``` + +After manual modification (`social_provider_ids` is removed): +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_progressive_profiling_action" { + # ... other configuration parameters + + progressive_profiling { + # ... other configuration parameters + + prompt_text = "For the best experience, we need a couple things from you." + } +} +``` + +## expected last_sign_on_older_than_seconds_mfa to be at least (1), got 0 + +**Cause**: The `last_sign_on_older_than_seconds_mfa` value is not set in PingOne, and has been exported incorrectly as `0`. + +**Resolution**: Manual modification is required to remove the `last_sign_on_older_than_seconds_mfa` value from the generated HCL, or define a new value greater than `0`. + +**Example**: + +Generated configuration: +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_progressive_profiling_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + anonymous_network_detected = true + geovelocity_anomaly_detected = true + ip_reputation_high_risk = true + last_sign_on_older_than_seconds_mfa = 0 + } + mfa { + # ... other configuration parameters + + device_sign_on_policy_id = "7266****-****-****-****-********a5a9" + no_device_mode = "BLOCK" + } +} +``` + +After manual modification (`last_sign_on_older_than_seconds_mfa` is removed): +```hcl +resource "pingone_sign_on_policy_action" "my_awesome_progressive_profiling_action" { + # ... other configuration parameters + + conditions { + # ... other configuration parameters + + anonymous_network_detected = true + geovelocity_anomaly_detected = true + ip_reputation_high_risk = true + } + mfa { + # ... other configuration parameters + + device_sign_on_policy_id = "7266****-****-****-****-********a5a9" + no_device_mode = "BLOCK" + } +} +``` From f1bc5b62232b8e7c2306f68e3062874f12c14509 Mon Sep 17 00:00:00 2001 From: Patrick Cowland Date: Thu, 17 Oct 2024 14:50:41 +0100 Subject: [PATCH 2/3] updates following review --- .../plan-errors/pingfederate.md | 3 +- .../pingfederate_certificate_ca.md | 2 +- .../plan-errors/pingfederate_data_store.md | 2 +- .../plan-errors/pingfederate_idp_adapter.md | 2 +- .../pingfederate_kerberos_realm.md | 2 +- ...pingfederate_oauth_access_token_manager.md | 2 +- .../plan-errors/pingfederate_oauth_client.md | 2 +- ...gfederate_password_credential_validator.md | 2 +- .../pingfederate_pingone_connection.md | 29 +++++++++++++++++-- .../pingfederate_server_settings.md | 22 -------------- .../plan-errors/pingone.md | 2 +- .../plan-errors/pingone_application.md | 2 +- .../plan-errors/pingone_branding_theme.md | 2 +- .../plan-errors/pingone_certificate.md | 2 +- .../plan-errors/pingone_forms_recapcha_v2.md | 2 +- .../plan-errors/pingone_gateway.md | 2 +- .../plan-errors/pingone_identity_provider.md | 2 +- ...pingone_mfa_application_push_credential.md | 2 +- .../pingone_notification_settings_email.md | 20 ++++++++++--- .../pingone_phone_delivery_settings.md | 20 +------------ .../plan-errors/pingone_schema_attribute.md | 2 +- .../pingone_sign_on_policy_action.md | 2 +- 22 files changed, 61 insertions(+), 67 deletions(-) delete mode 100644 docs/exporting-configuration/plan-errors/pingfederate_server_settings.md diff --git a/docs/exporting-configuration/plan-errors/pingfederate.md b/docs/exporting-configuration/plan-errors/pingfederate.md index c436ad95..97c7972a 100644 --- a/docs/exporting-configuration/plan-errors/pingfederate.md +++ b/docs/exporting-configuration/plan-errors/pingfederate.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors +# Terraform Configuration Generation - PingFederate Plan Errors The following sections describe the actions that must be taken, per resource, to resolve `terraform plan` errors following configuration generation. @@ -22,4 +22,3 @@ If you encounter an error that is not documented, please [raise a new issue](htt - [pingfederate_oauth_client](pingfederate_oauth_client.md) - [pingfederate_password_credential_validator](pingfederate_password_credential_validator.md) - [pingfederate_pingone_connection](pingfederate_pingone_connection.md) -- [pingfederate_server_settings](pingfederate_server_settings.md) diff --git a/docs/exporting-configuration/plan-errors/pingfederate_certificate_ca.md b/docs/exporting-configuration/plan-errors/pingfederate_certificate_ca.md index bd7c3ef9..ac90db83 100644 --- a/docs/exporting-configuration/plan-errors/pingfederate_certificate_ca.md +++ b/docs/exporting-configuration/plan-errors/pingfederate_certificate_ca.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_certificate_ca) +# Terraform Configuration Generation - PingFederate Plan Errors (pingfederate_certificate_ca) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/certificate_ca#schema) diff --git a/docs/exporting-configuration/plan-errors/pingfederate_data_store.md b/docs/exporting-configuration/plan-errors/pingfederate_data_store.md index 3c46b00e..ec70bf99 100644 --- a/docs/exporting-configuration/plan-errors/pingfederate_data_store.md +++ b/docs/exporting-configuration/plan-errors/pingfederate_data_store.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_data_store) +# Terraform Configuration Generation - PingFederate Plan Errors (pingfederate_data_store) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/data_store#nestedatt--ldap_data_store) diff --git a/docs/exporting-configuration/plan-errors/pingfederate_idp_adapter.md b/docs/exporting-configuration/plan-errors/pingfederate_idp_adapter.md index 51732b62..1abfc726 100644 --- a/docs/exporting-configuration/plan-errors/pingfederate_idp_adapter.md +++ b/docs/exporting-configuration/plan-errors/pingfederate_idp_adapter.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_idp_adapter) +# Terraform Configuration Generation - PingFederate Plan Errors (pingfederate_idp_adapter) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/idp_adapter#schema) diff --git a/docs/exporting-configuration/plan-errors/pingfederate_kerberos_realm.md b/docs/exporting-configuration/plan-errors/pingfederate_kerberos_realm.md index 509fc1ab..0562ca0e 100644 --- a/docs/exporting-configuration/plan-errors/pingfederate_kerberos_realm.md +++ b/docs/exporting-configuration/plan-errors/pingfederate_kerberos_realm.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_kerberos_realm) +# Terraform Configuration Generation - PingFederate Plan Errors (pingfederate_kerberos_realm) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/kerberos_realm#schema) diff --git a/docs/exporting-configuration/plan-errors/pingfederate_oauth_access_token_manager.md b/docs/exporting-configuration/plan-errors/pingfederate_oauth_access_token_manager.md index adec0d37..8a84522c 100644 --- a/docs/exporting-configuration/plan-errors/pingfederate_oauth_access_token_manager.md +++ b/docs/exporting-configuration/plan-errors/pingfederate_oauth_access_token_manager.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_oauth_access_token_manager) +# Terraform Configuration Generation - PingFederate Plan Errors (pingfederate_oauth_access_token_manager) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/oauth_access_token_manager#schema) diff --git a/docs/exporting-configuration/plan-errors/pingfederate_oauth_client.md b/docs/exporting-configuration/plan-errors/pingfederate_oauth_client.md index 0f00b0a1..b3b96538 100644 --- a/docs/exporting-configuration/plan-errors/pingfederate_oauth_client.md +++ b/docs/exporting-configuration/plan-errors/pingfederate_oauth_client.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_oauth_client) +# Terraform Configuration Generation - PingFederate Plan Errors (pingfederate_oauth_client) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/oauth_client#schema) diff --git a/docs/exporting-configuration/plan-errors/pingfederate_password_credential_validator.md b/docs/exporting-configuration/plan-errors/pingfederate_password_credential_validator.md index f694acc5..9107539a 100644 --- a/docs/exporting-configuration/plan-errors/pingfederate_password_credential_validator.md +++ b/docs/exporting-configuration/plan-errors/pingfederate_password_credential_validator.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_password_credential_validator) +# Terraform Configuration Generation - PingFederate Plan Errors (pingfederate_password_credential_validator) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/password_credential_validator#schema) diff --git a/docs/exporting-configuration/plan-errors/pingfederate_pingone_connection.md b/docs/exporting-configuration/plan-errors/pingfederate_pingone_connection.md index bb567bb5..bd245e18 100644 --- a/docs/exporting-configuration/plan-errors/pingfederate_pingone_connection.md +++ b/docs/exporting-configuration/plan-errors/pingfederate_pingone_connection.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_pingone_connection) +# Terraform Configuration Generation - PingFederate Plan Errors (pingfederate_pingone_connection) **Documentation**: - [Terraform Registry - PingFederate pingone_connection](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/pingone_connection#schema) @@ -22,12 +22,35 @@ resource "pingfederate_pingone_connection" "my_pingone_environment" { } ``` -After manual modification (`credential` is defined): +After manual modification, using a variable (`credential` is defined): ```hcl resource "pingfederate_pingone_connection" "my_pingone_environment" { # ... other configuration parameters - credential = var.pingone_credential # see pingone_gateway_credential in the PingOne Terraform provider + credential = var.pingone_credential + name = "My PingOne Environment" +} +``` + +After manual modification, using the PingOne Terraform provider (`credential` is defined): +```hcl +resource "pingone_gateway" "my_awesome_pingfederate_gateway" { + environment_id = pingone_environment.my_environment.id + name = "Advanced Services SSO" + enabled = true + + type = "PING_FEDERATE" +} + +resource "pingone_gateway_credential" "foo" { + environment_id = pingone_environment.my_environment.id + gateway_id = pingone_gateway.my_awesome_pingfederate_gateway.id +} + +resource "pingfederate_pingone_connection" "my_pingone_environment" { + # ... other configuration parameters + + credential = pingone_gateway_credential.foo.credential name = "My PingOne Environment" } ``` diff --git a/docs/exporting-configuration/plan-errors/pingfederate_server_settings.md b/docs/exporting-configuration/plan-errors/pingfederate_server_settings.md deleted file mode 100644 index c03352e4..00000000 --- a/docs/exporting-configuration/plan-errors/pingfederate_server_settings.md +++ /dev/null @@ -1,22 +0,0 @@ -# Ping CLI - Exporting Platform Configuration - PingFederate Plan Errors (pingfederate_server_settings) - -**Documentation**: -- [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingfederate/latest/docs/resources/pingfederate_server_settings#schema) - -## Invalid Attribute Value Length - TODO - -**Cause**: TODO. - -**Resolution**: Manual modification is required to set the `TODO` field in the generated HCL. - -**Example**: - -Generated configuration: -```hcl -TODO -``` - -After manual modification: -```hcl -TODO -``` diff --git a/docs/exporting-configuration/plan-errors/pingone.md b/docs/exporting-configuration/plan-errors/pingone.md index ebca5c99..1110d2a9 100644 --- a/docs/exporting-configuration/plan-errors/pingone.md +++ b/docs/exporting-configuration/plan-errors/pingone.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors +# Terraform Configuration Generation - PingOne Plan Errors The following sections describe the actions that must be taken, per resource, to resolve `terraform plan` errors following configuration generation. diff --git a/docs/exporting-configuration/plan-errors/pingone_application.md b/docs/exporting-configuration/plan-errors/pingone_application.md index fb63e6c8..0655cf54 100644 --- a/docs/exporting-configuration/plan-errors/pingone_application.md +++ b/docs/exporting-configuration/plan-errors/pingone_application.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_application) +# Terraform Configuration Generation - PingOne Plan Errors (pingone_application) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/application#nestedatt--saml_options) diff --git a/docs/exporting-configuration/plan-errors/pingone_branding_theme.md b/docs/exporting-configuration/plan-errors/pingone_branding_theme.md index b9ef052b..0eef1400 100644 --- a/docs/exporting-configuration/plan-errors/pingone_branding_theme.md +++ b/docs/exporting-configuration/plan-errors/pingone_branding_theme.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_branding_theme) +# Terraform Configuration Generation - PingOne Plan Errors (pingone_branding_theme) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/branding_theme#schema) diff --git a/docs/exporting-configuration/plan-errors/pingone_certificate.md b/docs/exporting-configuration/plan-errors/pingone_certificate.md index 7ca68061..1372ba1c 100644 --- a/docs/exporting-configuration/plan-errors/pingone_certificate.md +++ b/docs/exporting-configuration/plan-errors/pingone_certificate.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_certificate) +# Terraform Configuration Generation - PingOne Plan Errors (pingone_certificate) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/certificate#schema) diff --git a/docs/exporting-configuration/plan-errors/pingone_forms_recapcha_v2.md b/docs/exporting-configuration/plan-errors/pingone_forms_recapcha_v2.md index 6b75143d..8c8d226f 100644 --- a/docs/exporting-configuration/plan-errors/pingone_forms_recapcha_v2.md +++ b/docs/exporting-configuration/plan-errors/pingone_forms_recapcha_v2.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_forms_recaptcha_v2) +# Terraform Configuration Generation - PingOne Plan Errors (pingone_forms_recaptcha_v2) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/forms_recaptcha_v2#schema) diff --git a/docs/exporting-configuration/plan-errors/pingone_gateway.md b/docs/exporting-configuration/plan-errors/pingone_gateway.md index de8d050d..a3cd5849 100644 --- a/docs/exporting-configuration/plan-errors/pingone_gateway.md +++ b/docs/exporting-configuration/plan-errors/pingone_gateway.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_gateway) +# Terraform Configuration Generation - PingOne Plan Errors (pingone_gateway) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/gateway#schema) diff --git a/docs/exporting-configuration/plan-errors/pingone_identity_provider.md b/docs/exporting-configuration/plan-errors/pingone_identity_provider.md index bfd0a4b8..5a6991ba 100644 --- a/docs/exporting-configuration/plan-errors/pingone_identity_provider.md +++ b/docs/exporting-configuration/plan-errors/pingone_identity_provider.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_identity_provider) +# Terraform Configuration Generation - PingOne Plan Errors (pingone_identity_provider) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/identity_provider#schema) diff --git a/docs/exporting-configuration/plan-errors/pingone_mfa_application_push_credential.md b/docs/exporting-configuration/plan-errors/pingone_mfa_application_push_credential.md index dbf12ce9..19c32a02 100644 --- a/docs/exporting-configuration/plan-errors/pingone_mfa_application_push_credential.md +++ b/docs/exporting-configuration/plan-errors/pingone_mfa_application_push_credential.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_mfa_application_push_credential) +# Terraform Configuration Generation - PingOne Plan Errors (pingone_mfa_application_push_credential) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/mfa_application_push_credential#schema) diff --git a/docs/exporting-configuration/plan-errors/pingone_notification_settings_email.md b/docs/exporting-configuration/plan-errors/pingone_notification_settings_email.md index f037bf9d..2b609edb 100644 --- a/docs/exporting-configuration/plan-errors/pingone_notification_settings_email.md +++ b/docs/exporting-configuration/plan-errors/pingone_notification_settings_email.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_notification_settings_email) +# Terraform Configuration Generation - PingOne Plan Errors (pingone_notification_settings_email) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/notification_settings_email#schema) @@ -13,10 +13,22 @@ Generated configuration: ```hcl -TODO +resource "pingone_notification_settings_email" "pingone_notification_settings_email" { + # ... other configuration parameters + + host = "smtp-example.bxretail.org" + password = null # sensitive + username = "test" +} ``` -After manual modification: +After manual modification (`password` is defined): ```hcl -TODO +resource "pingone_notification_settings_email" "pingone_notification_settings_email" { + # ... other configuration parameters + + host = "smtp-example.bxretail.org" + password = var.pingone_notification_settings_email_password + username = "test" +} ``` diff --git a/docs/exporting-configuration/plan-errors/pingone_phone_delivery_settings.md b/docs/exporting-configuration/plan-errors/pingone_phone_delivery_settings.md index 87be9c58..4e374ebf 100644 --- a/docs/exporting-configuration/plan-errors/pingone_phone_delivery_settings.md +++ b/docs/exporting-configuration/plan-errors/pingone_phone_delivery_settings.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_phone_delivery_settings) +# Terraform Configuration Generation - PingOne Plan Errors (pingone_phone_delivery_settings) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/phone_delivery_settings#password) @@ -45,21 +45,3 @@ resource "pingone_phone_delivery_settings" "my_awesome_phone_delivery_settings" } } ``` - -## Missing Configuration for Required Attribute - TODO - -**Cause**: TODO - -**Resolution**: Manual modification is required to set the `TODO` value in the generated HCL. - -**Example**: - -Generated configuration: -```hcl -TODO -``` - -After manual modification: -```hcl -TODO -``` diff --git a/docs/exporting-configuration/plan-errors/pingone_schema_attribute.md b/docs/exporting-configuration/plan-errors/pingone_schema_attribute.md index 132e0f2c..9daa15fb 100644 --- a/docs/exporting-configuration/plan-errors/pingone_schema_attribute.md +++ b/docs/exporting-configuration/plan-errors/pingone_schema_attribute.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_schema_attribute) +# Terraform Configuration Generation - PingOne Plan Errors (pingone_schema_attribute) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/schema_attribute) diff --git a/docs/exporting-configuration/plan-errors/pingone_sign_on_policy_action.md b/docs/exporting-configuration/plan-errors/pingone_sign_on_policy_action.md index 273e3323..48afa20c 100644 --- a/docs/exporting-configuration/plan-errors/pingone_sign_on_policy_action.md +++ b/docs/exporting-configuration/plan-errors/pingone_sign_on_policy_action.md @@ -1,4 +1,4 @@ -# Ping CLI - Exporting Platform Configuration - PingOne Plan Errors (pingone_sign_on_policy_action) +# Terraform Configuration Generation - PingOne Plan Errors (pingone_sign_on_policy_action) **Documentation**: - [Terraform Registry](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/sign_on_policy_action) From 9e3333b2a662bc09774a7b9a05693ae667cd7cf3 Mon Sep 17 00:00:00 2001 From: Patrick Cowland Date: Thu, 17 Oct 2024 14:58:58 +0100 Subject: [PATCH 3/3] update readme --- docs/exporting-configuration/README.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/exporting-configuration/README.md b/docs/exporting-configuration/README.md index b4c388ff..2d2a4cc8 100644 --- a/docs/exporting-configuration/README.md +++ b/docs/exporting-configuration/README.md @@ -2,9 +2,15 @@ ## Resolving Terraform Plan Errors -The following documents describe the actions that must be taken, per provider, to resolve `terraform plan` errors following configuration generation. +When generating Terraform HCL configuration, errors on `terraform plan` are expected. Reasons for plan errors include: + +- Certain field values are not retrievable from the Ping system. This might be because values are sensitive (secret) and are not retrievable to maintain tenant security. In these cases, manual adjustment is needed to ensure these values are defined in generated HCL. +- Ambiguity in the retrieved configuration from the Ping system. In these cases, the intention of the configuration cannot be accurately determined and requires manual correction. +- Limitations with Terraform's `terraform plan --generate-config-out` command action. Limitations are described in further detail on Terraform's developer documentation, [Generating Configuration](https://developer.hashicorp.com/terraform/language/import/generating-configuration) + +The following documents describe the actions that must be taken, per provider, to resolve the various `terraform plan` errors following configuration generation. - [PingFederate Terraform Provider](./plan-errors/pingfederate.md) - [PingOne Terraform Provider](./plan-errors/pingone.md) -If you encounter an error that is not documented, please [raise a new issue](https://github.com/pingidentity/pingcli/issues/new?title=Undocumented%20Config%20Generation%20Error). \ No newline at end of file +If you encounter an error that is not documented, please [raise a new issue](https://github.com/pingidentity/pingcli/issues/new?title=Undocumented%20Config%20Generation%20Error).