Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

PingOne Terraform provider Version

v0.2.1

Terraform Version

N/a

Affected Resource(s)

• pingone_environment

Terraform Configuration Files

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue
terraform {
  required_providers {
    pingone = {
      source = "pingidentity/pingone"
      version = "0.2.1"
    }
  }
}

provider "pingone" {
  # Configuration options from environment vars
  client_id      = var.p1_us_adminClientId
  client_secret  = var.p1_us_adminClientSecret
  environment_id = var.p1_us_adminEnvId
  region         = var.p1_us_region
}

resource "pingone_environment" "my_environment" {
  name        = "DEV"
  description = "Development environment"
  type        = "SANDBOX"
  license_id  = var.p1_us_licenseId
  region      = var.p1_us_region

  default_population {
  }

  service {
    type = "SSO"
  }

  service {
    type = "MFA"
  }

  service {
    type = "DaVinci"
  }

}

Debug Output

Panic Output

pingone_environment.my_environment: Creating...
╷
│ Error: Request cancelled
│ 
│   with pingone_environment.my_environment,
│   on main.tf line 18, in resource "pingone_environment" "my_environment":
│   18: resource "pingone_environment" "my_environment" {
│ 
│ The plugin.(*GRPCProvider).ApplyResourceChange request was cancelled.
╵

Stack trace from the terraform-provider-pingone_v0.2.1 plugin:

panic: runtime error: index out of range [0] with length 0

goroutine 70 [running]:
github.com/pingidentity/terraform-provider-pingone/internal/service/base.resourcePingOneEnvironmentCreate({0x1cc4660, 0xc00010d440}, 0x0?, {0x19a2540?, 0xc00034b8c0})
        github.com/pingidentity/terraform-provider-pingone/internal/service/base/resource_environment.go:211 +0x1319
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0xc000123420, {0x1cc4698, 0xc0000b0ae0}, 0xd?, {0x19a2540, 0xc00034b8c0})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:707 +0x12e
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc000123420, {0x1cc4698, 0xc0000b0ae0}, 0xc0004aedd0, 0xc0003c4900, {0x19a2540, 0xc00034b8c0})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:837 +0xa7a
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc000111980, {0x1cc4698?, 0xc0000b09c0?}, 0xc0003c2320)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:1021 +0xe3c
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0xc0003fd180, {0x1cc4698?, 0xc0000b0180?}, 0xc0001d60e0)
        github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:818 +0x574
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x1b206c0?, 0xc0003fd180}, {0x1cc4698, 0xc0000b0180}, 0xc0001d6070, 0x0)
        github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:385 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc00042e000, {0x1cc7688, 0xc0002c4340}, 0xc0001c0120, 0xc000444b40, 0x22eb180, 0x0)
        google.golang.org/[email protected]/server.go:1295 +0xb0b
google.golang.org/grpc.(*Server).handleStream(0xc00042e000, {0x1cc7688, 0xc0002c4340}, 0xc0001c0120, 0x0)
        google.golang.org/[email protected]/server.go:1636 +0xa1b
google.golang.org/grpc.(*Server).serveStreams.func1.2()
        google.golang.org/[email protected]/server.go:932 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/[email protected]/server.go:930 +0x28a

Error: The terraform-provider-pingone_v0.2.1 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Expected Behavior

Environment applied

Actual Behavior

panic error

Steps to Reproduce

1. terraform apply

Important Factoids

The [0] index in the if statement of this code may not exist

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

New or Affected Resource(s)

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

• #0000

The P1 admin console pre-prepares an environment for a workforce context, including preparation for PingID. The provider is therefore limited to customer or custom context until resolved

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

In order to manage Workforce environments, the pingone_environment resource and datasource should support the solution computed attribute. This allows for conditional resource creation by the HCL developer.

New or Affected Resource(s)

• pingone_environment

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for applications (OIDC/OAuth2/SAML)

New or Affected Resource(s)

• pingone_application_attribute_mapping
• pingone_application_resource_grant (RS+DS)
• pingone_application_role_assignment
• pingone_application_secret (DS)

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support the default password policy on the population resource

New or Affected Resource(s)

• pingone_population

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for inbound federation

New or Affected Resource(s)

• pingone_identity_provider

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

New or Affected Resource(s)

• pingone_password_policy

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for authentication policies

New or Affected Resource(s)

• pingone_policy
• pingone_policy_rule

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for WebHook configuration

New or Affected Resource(s)

• pingone_webhook

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for agreements, languages and revisions

New or Affected Resource(s)

• pingone_agreement
• pingone_agreement_language

References

• https://apidocs.pingidentity.com/pingone/platform/v1/api/#agreement-management

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

PingOne Terraform provider Version

v0.3.0

Terraform Version

N/a

Affected Resource(s)

• pingone_application

Terraform Configuration Files

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

resource "pingone_application" "my_saml_app_with_key" {
  environment_id = pingone_environment.my_environment.id
			name = "Test SAML app with key"
			enabled = true

			saml_options {
				acs_urls = ["https://pingidentity.com"]
				assertion_duration = 3600
				sp_entity_id = "sp:entity:localhost2"
				nameid_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"

        idp_signing_key_id = var.my_key_id
			}
		}

Debug Output

N/a

Panic Output

N/a

Expected Behavior

IdP signing certificate set in the environment. No changes detected on immediate replan

Actual Behavior

IdP signing certificate not set (falls back to default). Changes detected on the replan

Steps to Reproduce

1. terraform apply
2. terraform plan

Important Factoids

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Getting started guide for the provider

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

PingOne Terraform provider Version

v0.2.0 onward

Terraform Version

All

Affected Resource(s)

• pingone_sign_on_policy
• pingone_sign_on_policy_action

Terraform Configuration Files

Step 1

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

resource "pingone_sign_on_policy" "my_policy_1fa" {
  environment_id = pingone_environment.my_environment.id

  name        = "foo_1fa"

}

resource "pingone_sign_on_policy_action" "my_policy_1fa_first_factor" {
  environment_id    = pingone_environment.my_environment.id
  sign_on_policy_id = pingone_sign_on_policy.my_policy_1fa.id

  priority = 1

  conditions {
    last_sign_on_older_than_seconds = 86400 // 24 hours
  }

  login {
    recovery_enabled = true
  }

}

Step 2

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

resource "pingone_sign_on_policy" "my_policy_1fa" {
  environment_id = pingone_environment.my_environment.id

  name        = "foo_1fa"

}

# resource "pingone_sign_on_policy_action" "my_policy_1fa_first_factor" {
#   environment_id    = pingone_environment.my_environment.id
#   sign_on_policy_id = pingone_sign_on_policy.my_policy_1fa.id

#   priority = 1

#   conditions {
#     last_sign_on_older_than_seconds = 86400 // 24 hours
#   }

#   login {
#     recovery_enabled = true
#   }

# }

Debug Output

Cannot delete last action from the sign-on policy %s.  The last remaining policy action is left in place but no longer managed by the provider. This warning can be safely ignored if the sign-on policy %s was also destroyed.

Panic Output

N/a

Expected Behavior

The final sign-on policy action is destroyed without warning.

Actual Behavior

The final sign-on policy action is destroyed with the above warning. The configuration remains in place but is no longer tracked in TF state.

This is because of an API level restriction that prevents removal of the last policy action from a defined sign-on policy. Also tracked internally on STAGING-16118

Workarounds

• Comment out (destroy) the associated pingone_sign_on_policy also and re-create as necessary. Removing the associated pingone_sign_on_policy resource will also remove all associated sign-on policy actions that are not tracked in TF state.
• Create a new pingone_sign_on_policy_action in TF HCL so it is managed in TF state. There will be one action tracked in TF state and one not tracked. The admin can log into the PingOne admin console and manually remove the untracked policy action from the policy.

Steps to Reproduce

Repeat for Steps 1 and 2

1. terraform apply

Important Factoids

N/a

References

• STAGING-16118
• https://apidocs.pingidentity.com/pingone/platform/v1/api/#sign-on-policy-actions

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for organisation data source

New or Affected Resource(s)

• pingone_organization

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue
data "pingone_organization" "example_by_name" {
  name = "internal_org_name_example"
}

References

• #0000

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for resources in P1

New or Affected Resource(s)

• pingone_resource (RS+DS)
• pingone_resource_scope (RS+DS)

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for custom key pairs

New or Affected Resource(s)

• pingone_key_pair

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Create support for user resources. Immediate need is to support acceptance testing (role assignments) but could be used for seeding users in a development environment

New or Affected Resource(s)

• pingone_user

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue
resource "pingone_user" "foo" {
	environment_id = "env-id-here"
	population_id = "population-id-here"
	username = "bar"
}

References

• #8 (needed for acceptance testing)

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

PingOne Terraform provider Version

v0.3.0

Terraform Version

N/a

Affected Resource(s)

• pingone_application_attribute_mapping
• pingone_application_resource_grant
• pingone_application_sign_on_policy_assignment
• pingone_identity_provider_attribute
• pingone_resource_scope
• pingone_schema_attribute
• pingone_sign_on_policy_action

Terraform Configuration Files

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

Debug Output

Panic Output

Expected Behavior

Successful import

Actual Behavior

invalid id... error

Steps to Reproduce

1. terraform import

Important Factoids

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Provide support for FIDO MFA policies

New or Affected Resource(s)

• pingone_mfa_fido_policy

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

• https://apidocs.pingidentity.com/pingone/platform/v1/api/#fido-policies

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

PingOne Terraform provider Version

v0.2.0

Terraform Version

N/a

Affected Resource(s)

• pingone_application_resource_grant

Terraform Configuration Files

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue
resource "pingone_application_resource_grant" "my_spa_app_1" {
 	environment_id = pingone_environment.my_environment.id
	application_id = pingone_application.my_spa_app.id

	resource_id = "88cfdf17-40........" // openid

	scopes = [
		"5ea5d8c8-d1........", // profile
    "f85d1f17-85.........", // address
		"add3e071-c8......." // email
	]
}

Debug Output

Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # pingone_application_resource_grant.my_spa_app_1 will be updated in-place
  ~ resource "pingone_application_resource_grant" "my_spa_app_1" {
        id             = "512895b9-31........"
      ~ scopes         = [
            "5ea5d8c8-d1...........",
          - "add3e071-c8.........",
            "f85d1f17-85...........",
          + "add3e071-c8..........",
        ]
        # (3 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Values in position 2 and 4 are equal.

Panic Output

N/a

Expected Behavior

No changes as result of the plan. The ordering should not make a difference.

Actual Behavior

Change detected, the order of the ID numbers matters.

Steps to Reproduce

1. terraform apply

Important Factoids

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for certificates in PingOne

New or Affected Resource(s)

• pingone_certificate (resource)
• pingone_certificate_export (datasource)
• pingone_certificate_signing_request (datasource)
• pingone_certificate_signing_response (resource)

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

• https://apidocs.pingidentity.com/pingone/platform/v1/api/#certificate-management

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The pingone_environment resource requires a license ID as a required attribute. The PingOne console does not expose the license ID in the UI. The primary expected use of the datasource is to be able to retrieve a license ID by providing the license name, to use in the pingone_environment resource.

New or Affected Resource(s)

• pingone_license

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

data "pingone_license" "example_by_name" {
  environment_id = var.environment_id

  name = "ADMIN"
}

data "pingone_license" "example_by_id" {
  environment_id = var.environment_id

  license_id = var.license_id
}

References

• https://apidocs.pingidentity.com/pingone/platform/v1/api/#licenses

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Affected Resource(s)

Please list the resources as a list, for example:

• All

Terraform Configuration Files

CICD runs: *.test.go files

Debug Output

Please provide your debug output with TF_LOG=DEBUG enabled on your terraform plan or terraform apply

Panic Output

If Terraform produced a panic, please provide your debug output from the GO panic

Expected Behavior

What should have happened?

Successful CICD - the provider should implement the resource.Retry(/* ... */) or stateConf.WaitForState() method under rate limiting conditions

Actual Behavior

What actually happened?

Forbidden error and failed CICD, due to rate limiting under parallel builds/testing

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. CICD run

Important Factoids

Are there anything you'd like to share about the general setup of your PingOne account? Please do not include sensitive information or account data

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

• GH-1234

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

PingOne Terraform provider Version

v0.1.0

Terraform Version

N/a

Affected Resource(s)

• pingone_environment

Terraform Configuration Files

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

terraform {
  required_providers {
    pingone = {
      source  = "pingidentity/pingone"
      version = "~> 0.1"
    }
  }
}

provider "pingone" {
  client_id      = var.client_id
  client_secret  = var.client_secret
  environment_id = var.environment_id
  region         = var.region

  force_delete_production_type = false
}

resource "pingone_environment" "my_environment" {
  name        = var.release_env_name
  description = "Created by Terraform"
  type        = "SANDBOX"
  license_id  = var.license_id

  default_population {
    name        = "My Population"
    description = "My new population for users"
  }

  service {
    type = "SSO"
  }

  service {
    type        = "PingFederate"
    console_url = "https://my-pingfederate-console.example.com/pingfederate"
  }
}

Debug Output

Error: Error when calling `EnvironmentsApi.CreateEnvironmentActiveLicense``: PING_ONE_DAVINCI is not a valid EnumProductType
│ 
│   with pingone_environment.my_environment,
│   on main.tf line 19, in resource "pingone_environment" "my_environment":
│   19: resource "pingone_environment" "my_environment" {
│ 
│ Full HTTP response: {}

Panic Output

Expected Behavior

Actual Behavior

Steps to Reproduce

1. terraform apply

Important Factoids

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

PingOne Terraform provider Version

0.1.0

Terraform Version

Terraform v1.2.6

Affected Resource(s)

• pingone_environment
• pingone_population

Terraform Configuration Files

terraform {
  required_providers {
    pingone = {
      source = "pingidentity/pingone"
      version = "0.1.0"
    }
  }
}

provider "pingone" {
  client_id      = var.client_id
  client_secret  = var.client_secret
  environment_id = var.environment_id
  region         = var.region

  force_delete_production_type = false
}

resource "pingone_environment" "my_ping" {
  name        = "TF AUTO"
  description = "My autogen env"
  type        = "SANDBOX"
  license_id  = var.license_id

  default_population {
    name        = "Initial Population"
    description = "My new population for users"
  }

  service {
    type = "SSO"
  }
  service {
    type = "MFA"
  }
  service {
    type = "Risk"
  }
  service {
    type = "Authorize"
  }
  # service {
  #   type = "DaVinci"
  # }
}

Debug Output

ubuntu@ip-172-31-9-218:~/projects/trials$ export TF_LOG=DEBUG
ubuntu@ip-172-31-9-218:~/projects/trials$ terraform apply
2022-08-05T16:37:55.525Z [INFO]  Terraform version: 1.2.6
2022-08-05T16:37:55.525Z [DEBUG] using github.com/hashicorp/go-tfe v1.0.0
2022-08-05T16:37:55.525Z [DEBUG] using github.com/hashicorp/hcl/v2 v2.12.0
2022-08-05T16:37:55.525Z [DEBUG] using github.com/hashicorp/terraform-config-inspect v0.0.0-20210209133302-4fd17a0faac2
2022-08-05T16:37:55.525Z [DEBUG] using github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734
2022-08-05T16:37:55.525Z [DEBUG] using github.com/zclconf/go-cty v1.10.0
2022-08-05T16:37:55.525Z [INFO]  Go runtime version: go1.18.1
2022-08-05T16:37:55.525Z [INFO]  CLI args: []string{"terraform", "apply"}
2022-08-05T16:37:55.525Z [DEBUG] Attempting to open CLI config file: /home/ubuntu/.terraformrc
2022-08-05T16:37:55.525Z [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2022-08-05T16:37:55.525Z [DEBUG] checking for credentials in "/home/ubuntu/.terraform.d/plugins"
2022-08-05T16:37:55.525Z [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2022-08-05T16:37:55.525Z [DEBUG] will search for provider plugins in /home/ubuntu/.terraform.d/plugins
2022-08-05T16:37:55.525Z [DEBUG] ignoring non-existing provider search directory /home/ubuntu/.local/share/terraform/plugins
2022-08-05T16:37:55.525Z [DEBUG] ignoring non-existing provider search directory /usr/local/share/terraform/plugins
2022-08-05T16:37:55.525Z [DEBUG] ignoring non-existing provider search directory /usr/share/terraform/plugins
2022-08-05T16:37:55.525Z [DEBUG] ignoring non-existing provider search directory /var/lib/snapd/desktop/terraform/plugins
2022-08-05T16:37:55.526Z [INFO]  CLI command args: []string{"apply"}
2022-08-05T16:37:55.527Z [DEBUG] New state was assigned lineage "ddce4cd9-6f80-d483-15bd-062f7c5ccaaf"
2022-08-05T16:37:55.595Z [DEBUG] checking for provisioner in "."
2022-08-05T16:37:55.598Z [DEBUG] checking for provisioner in "/usr/bin"
2022-08-05T16:37:55.598Z [DEBUG] checking for provisioner in "/home/ubuntu/.terraform.d/plugins"
2022-08-05T16:37:55.599Z [INFO]  backend/local: starting Apply operation
2022-08-05T16:37:55.600Z [DEBUG] created provider logger: level=debug
2022-08-05T16:37:55.601Z [INFO]  provider: configuring client automatic mTLS
2022-08-05T16:37:55.623Z [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0 args=[.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0]
2022-08-05T16:37:55.624Z [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0 pid=71499
2022-08-05T16:37:55.624Z [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0
2022-08-05T16:37:55.631Z [INFO]  provider.terraform-provider-pingone_v0.1.0: configuring server automatic mTLS: timestamp=2022-08-05T16:37:55.631Z
2022-08-05T16:37:55.654Z [DEBUG] provider: using plugin: version=5
2022-08-05T16:37:55.654Z [DEBUG] provider.terraform-provider-pingone_v0.1.0: plugin address: address=/tmp/plugin2907873417 network=unix timestamp=2022-08-05T16:37:55.654Z
2022-08-05T16:37:55.687Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-08-05T16:37:55.688Z [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0 pid=71499
2022-08-05T16:37:55.688Z [DEBUG] provider: plugin exited
2022-08-05T16:37:55.689Z [DEBUG] Building and walking validate graph
2022-08-05T16:37:55.689Z [DEBUG] ProviderTransformer: "pingone_environment.my_ping" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/pingidentity/pingone"]
2022-08-05T16:37:55.689Z [DEBUG] ReferenceTransformer: "var.license_id" references: []
2022-08-05T16:37:55.689Z [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/pingidentity/pingone\"]" references: [var.environment_id var.region var.client_id var.client_secret]
2022-08-05T16:37:55.689Z [DEBUG] ReferenceTransformer: "pingone_environment.my_ping" references: [var.license_id]
2022-08-05T16:37:55.689Z [DEBUG] ReferenceTransformer: "var.client_id" references: []
2022-08-05T16:37:55.689Z [DEBUG] ReferenceTransformer: "var.client_secret" references: []
2022-08-05T16:37:55.689Z [DEBUG] ReferenceTransformer: "var.environment_id" references: []
2022-08-05T16:37:55.689Z [DEBUG] ReferenceTransformer: "var.region" references: []
2022-08-05T16:37:55.690Z [DEBUG] Starting graph walk: walkValidate
2022-08-05T16:37:55.690Z [DEBUG] created provider logger: level=debug
2022-08-05T16:37:55.690Z [INFO]  provider: configuring client automatic mTLS
2022-08-05T16:37:55.713Z [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0 args=[.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0]
2022-08-05T16:37:55.713Z [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0 pid=71509
2022-08-05T16:37:55.713Z [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0
2022-08-05T16:37:55.721Z [INFO]  provider.terraform-provider-pingone_v0.1.0: configuring server automatic mTLS: timestamp=2022-08-05T16:37:55.720Z
2022-08-05T16:37:55.744Z [DEBUG] provider: using plugin: version=5
2022-08-05T16:37:55.744Z [DEBUG] provider.terraform-provider-pingone_v0.1.0: plugin address: address=/tmp/plugin1973235005 network=unix timestamp=2022-08-05T16:37:55.744Z
2022-08-05T16:37:55.783Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-08-05T16:37:55.784Z [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0 pid=71509
2022-08-05T16:37:55.784Z [DEBUG] provider: plugin exited
2022-08-05T16:37:55.784Z [INFO]  backend/local: apply calling Plan
2022-08-05T16:37:55.784Z [DEBUG] Building and walking plan graph for NormalMode
2022-08-05T16:37:55.784Z [DEBUG] ProviderTransformer: "pingone_environment.my_ping (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/pingidentity/pingone"]
2022-08-05T16:37:55.785Z [DEBUG] ReferenceTransformer: "pingone_environment.my_ping (expand)" references: [var.license_id]
2022-08-05T16:37:55.785Z [DEBUG] ReferenceTransformer: "var.client_id" references: []
2022-08-05T16:37:55.785Z [DEBUG] ReferenceTransformer: "var.client_secret" references: []
2022-08-05T16:37:55.785Z [DEBUG] ReferenceTransformer: "var.environment_id" references: []
2022-08-05T16:37:55.785Z [DEBUG] ReferenceTransformer: "var.region" references: []
2022-08-05T16:37:55.785Z [DEBUG] ReferenceTransformer: "var.license_id" references: []
2022-08-05T16:37:55.785Z [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/pingidentity/pingone\"]" references: [var.region var.client_id var.client_secret var.environment_id]
2022-08-05T16:37:55.785Z [DEBUG] Starting graph walk: walkPlan
2022-08-05T16:37:55.785Z [DEBUG] created provider logger: level=debug
2022-08-05T16:37:55.785Z [INFO]  provider: configuring client automatic mTLS
2022-08-05T16:37:55.808Z [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0 args=[.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0]
2022-08-05T16:37:55.808Z [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0 pid=71518
2022-08-05T16:37:55.808Z [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0
2022-08-05T16:37:55.816Z [INFO]  provider.terraform-provider-pingone_v0.1.0: configuring server automatic mTLS: timestamp=2022-08-05T16:37:55.816Z
2022-08-05T16:37:55.839Z [DEBUG] provider: using plugin: version=5
2022-08-05T16:37:55.839Z [DEBUG] provider.terraform-provider-pingone_v0.1.0: plugin address: address=/tmp/plugin1934091960 network=unix timestamp=2022-08-05T16:37:55.839Z
2022-08-05T16:37:55.874Z [INFO]  provider.terraform-provider-pingone_v0.1.0: 2022/08/05 16:37:55 [INFO] Getting token from https://auth.pingone.com: timestamp=2022-08-05T16:37:55.874Z
2022-08-05T16:37:56.040Z [INFO]  provider.terraform-provider-pingone_v0.1.0: 2022/08/05 16:37:56 [INFO] Token retrieved: timestamp=2022-08-05T16:37:56.040Z
2022-08-05T16:37:56.040Z [INFO]  provider.terraform-provider-pingone_v0.1.0: 2022/08/05 16:37:56 [INFO] PingOne Management Client initialised: timestamp=2022-08-05T16:37:56.040Z
2022-08-05T16:37:56.040Z [INFO]  provider.terraform-provider-pingone_v0.1.0: 2022/08/05 16:37:56 [INFO] PingOne MFA Client initialised: timestamp=2022-08-05T16:37:56.040Z
2022-08-05T16:37:56.040Z [INFO]  provider.terraform-provider-pingone_v0.1.0: 2022/08/05 16:37:56 [INFO] PingOne Risk Client initialised: timestamp=2022-08-05T16:37:56.040Z
2022-08-05T16:37:56.040Z [INFO]  provider.terraform-provider-pingone_v0.1.0: 2022/08/05 16:37:56 [INFO] PingOne Client configured: timestamp=2022-08-05T16:37:56.040Z
2022-08-05T16:37:56.041Z [INFO]  ReferenceTransformer: reference not found: "var.license_id"
2022-08-05T16:37:56.041Z [DEBUG] ReferenceTransformer: "pingone_environment.my_ping" references: []
pingone_environment.my_ping: Refreshing state... [id=bf45bbc8-9cde-4f99-b00e-10a29af4a70c]
2022-08-05T16:37:56.374Z [WARN]  Provider "registry.terraform.io/pingidentity/pingone" produced an invalid plan for pingone_environment.my_ping, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .service[0].console_url: planned value cty.StringVal("") for a non-computed attribute
      - .service[1].console_url: planned value cty.StringVal("") for a non-computed attribute
      - .service[2].console_url: planned value cty.StringVal("") for a non-computed attribute
      - .service[3].console_url: planned value cty.StringVal("") for a non-computed attribute
      - .service[4].console_url: planned value cty.StringVal("") for a non-computed attribute
2022-08-05T16:37:56.377Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-08-05T16:37:56.378Z [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/pingidentity/pingone/0.1.0/linux_amd64/terraform-provider-pingone_v0.1.0 pid=71518
2022-08-05T16:37:56.378Z [DEBUG] provider: plugin exited
2022-08-05T16:37:56.378Z [DEBUG] building apply graph to check for errors
2022-08-05T16:37:56.379Z [DEBUG] ProviderTransformer: "pingone_environment.my_ping" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/pingidentity/pingone"]
2022-08-05T16:37:56.379Z [DEBUG] ProviderTransformer: "pingone_environment.my_ping (destroy)" (*terraform.NodeDestroyResourceInstance) needs provider["registry.terraform.io/pingidentity/pingone"]
2022-08-05T16:37:56.379Z [DEBUG] ProviderTransformer: "pingone_environment.my_ping (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/pingidentity/pingone"]
2022-08-05T16:37:56.379Z [DEBUG] ReferenceTransformer: "var.region" references: []
2022-08-05T16:37:56.379Z [DEBUG] ReferenceTransformer: "var.client_id" references: []
2022-08-05T16:37:56.379Z [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/pingidentity/pingone\"]" references: [var.client_secret var.environment_id var.region var.client_id]
2022-08-05T16:37:56.379Z [DEBUG] ReferenceTransformer: "pingone_environment.my_ping (expand)" references: []
2022-08-05T16:37:56.379Z [DEBUG] ReferenceTransformer: "var.environment_id" references: []
2022-08-05T16:37:56.379Z [DEBUG] ReferenceTransformer: "pingone_environment.my_ping" references: [var.license_id]
2022-08-05T16:37:56.379Z [DEBUG] ReferenceTransformer: "var.client_secret" references: []
2022-08-05T16:37:56.379Z [DEBUG] ReferenceTransformer: "var.license_id" references: []

Terraform used the selected providers to generate the following
execution plan. Resource actions are indicated with the following
symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # pingone_environment.my_ping must be replaced
-/+ resource "pingone_environment" "my_ping" {
      ~ default_population_id = "52113246-3fe1-498b-a271-ddc7d4e30c44" -> (known after apply)
      ~ id                    = "bf45bbc8-9cde-4f99-b00e-10a29af4a70c" -> (known after apply)
        name                  = "TF AUTO"
      - region                = "NorthAmerica" -> null # forces replacement
        # (3 unchanged attributes hidden)

      ~ service {
            # (1 unchanged attribute hidden)
        }
      ~ service {
            # (1 unchanged attribute hidden)
        }
      ~ service {
            # (1 unchanged attribute hidden)
        }
      ~ service {
            # (1 unchanged attribute hidden)
        }
      ~ service {
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 0 to change, 1 to destroy.
2022-08-05T16:37:56.381Z [DEBUG] command: asking for input: "\nDo you want to perform these actions?"

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

Panic Output

Expected Behavior

Actual Behavior

Steps to Reproduce

1. Start with N number of services in "pingone_environment" resource.
2. terraform apply: plan = 1 to add
3. Add or remove a service
4. terraform apply: plan = 1 to add, 1 to destroy.

Important Factoids

References

• GH-1234

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for MFA settings

New or Affected Resource(s)

• pingone_mfa_settings_override

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

• https://apidocs.pingidentity.com/pingone/platform/v1/api/#mfa-settings

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

To be able to manage workforce style environments with PingID, the pingone_sign_on_policy_action resource should support the PingID action.

New or Affected Resource(s)

• pingone_sign_on_policy_action

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue
resource "pingone_sign_on_policy_action" "pingid" {
  environment_id    = pingone_environment.my_environment.id
  sign_on_policy_id = pingone_sign_on_policy.my_policy.id

  priority = 1

  pingid {}

}

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Provide support for the callback_url attribute for OIDC identity provider resources. The attribute is not included in the API schema and should be calculated based on region, environment ID in the OOTB URL, or custom domain if set

New or Affected Resource(s)

• pingone_identity_provider

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Provide support for the PingFederate gateway for hybrid deployments

New or Affected Resource(s)

• pingone_gateway
• pingone_gateway_credential
• pingone_gateway_role_assignment

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Add community contribution guidelines

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

PingOne Terraform provider Version

v0.2.0 (unreleased on main branch)

Terraform Version

Affected Resource(s)

• pingone_application

Terraform Configuration Files

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

Debug Output

resource_application_test.go:723: Step 1/3 error: Check failed: Check 24/29 error: pingone_application.vcgxvnvvsk: Attribute 'oidc_options.0.client_secret' didn't match "[a-zA-Z0-9-~_]{10,}", got ""

Panic Output

Expected Behavior

Acceptance test should pass

Actual Behavior

very intermittent failure to populate the oidc_options.0.client_secret attribute. race condition

Steps to Reproduce

1. terraform apply

Important Factoids

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support attribute schemas

New or Affected Resource(s)

• pingone_schema (DS)
• pingone_schema_attribute (RS)

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Replace time.sleep with proper state change monitoring on pingone_environment creation

New or Affected Resource(s)

pingone_environment

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

PingOne Terraform provider Version

v0.1.1 / v0.2.0

Terraform Version

Affected Resource(s)

• All

Terraform Configuration Files

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue
terraform {
  required_providers {
    pingone = {
      source = "pingidentity/pingone"
      version = "0.1.1"
    }
  }
}

provider "pingone" {
  # Configuration options from environment vars
  client_id      = var.p1_adminClientId
  client_secret  = var.p1_adminClientSecret
  environment_id = var.p1_adminEnvId
  region         = "Europe"
}

resource "pingone_environment" "my_environment" {
  name        = "DEV"
  description = "Development environment"
  type        = "SANDBOX"
  license_id  = var.p1_licenseId

  default_population {
  }

  service {
    type = "SSO"
  }

  service {
    type = "MFA"
  }

  service {
    type = "DaVinci"
  }

}

data "pingone_role" "identity_data_admin" {
  name = "Identity Data Admin"
}

resource "pingone_role_assignment_user" "user_role_assignment" {
  environment_id = pingone_environment.my_environment.id // will error as the user_id should be in the admin env
  user_id        = var.p1_orgAdminUserId
  role_id        = data.pingone_role.identity_data_admin.id

  scope_environment_id = pingone_environment.my_environment.id
}

Debug Output

│ Warning: Cannot decode error response: <nil>
│ 
│   with pingone_role_assignment_user.user_role_assignment,
│   on main.tf line 45, in resource "pingone_role_assignment_user" "user_role_assignment":
│   45: resource "pingone_role_assignment_user" "user_role_assignment" {
│ 
│ Full HTTP response: {}
│ 
╵
╷
│ Error: Error when calling `UsersUserRoleAssignmentsApi.CreateUserRoleAssignment``: 404 Not Found
│ 
│   with pingone_role_assignment_user.user_role_assignment,
│   on main.tf line 45, in resource "pingone_role_assignment_user" "user_role_assignment":
│   45: resource "pingone_role_assignment_user" "user_role_assignment" {
│ 
│ Full HTTP response: {}
│ 

Panic Output

Expected Behavior

• More explanation in the error as to the problem.
• Decoded full error response

Actual Behavior

Steps to Reproduce

1. terraform apply

Important Factoids

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for modification of the default or system applications, delivered when an environment is created:

• PingOne Admin Console
• PingOne Application Portal
• PingOne Self Service - MyAccount

The intention is to provide an 'override' interface to these applications, as they cannot be managed through pure CRUD.

New or Affected Resource(s)

• pingone_system_application

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

PingOne Terraform provider Version

Terraform Version

Affected Resource(s)

• pingone_application

Terraform Configuration Files

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue
resource "pingone_application" "my_native_app" {
  environment_id = pingone_environment.my_environment.id
			name = "Test Native app"
			enabled = true

			oidc_options {
				type                        = "NATIVE_APP"
				grant_types                 = ["CLIENT_CREDENTIALS"]
				token_endpoint_authn_method = "CLIENT_SECRET_BASIC"
			}
		}

Debug Output

pingone_application.my_native_app: Modifying... [id=d7133b26-8b6d-4cf7-b7fc-f3372118f083]
╷
│ Error: Error when calling `ApplicationsApplicationsApi.UpdateApplication``: 400 Bad Request
│ 
│   with pingone_application.my_native_app,
│   on main.tf line 277, in resource "pingone_application" "my_native_app":
│  277: resource "pingone_application" "my_native_app" {
│ 
│ Full HTTP response: {{
│   "id" : "2788d1bc-ac68-48a8-ade9-25ba169f6f64",
│   "code" : "INVALID_DATA",
│   "message" : "Once specified, refreshTokenDuration cannot be nullified",
│   "details" : [ {
│     "code" : "INVALID_VALUE",
│     "target" : "refreshTokenDuration",
│     "message" : "Once specified, refreshTokenDuration cannot be nullified"
│   } ]
│ }}

Panic Output

Expected Behavior

Resource modified, no error

Actual Behavior

Error from internal API restriction

Steps to Reproduce

1. terraform apply
2. Login to P1 Console
3. Change name to something else
4. terraform apply

Important Factoids

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Currently the provider will fail creation/update of resources when a retryable error occurs. If these are identified, the provider should retry the call based on an exponential (limited) time backoff

New or Affected Resource(s)

• All

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for SSO based gateways

New or Affected Resource(s)

• pingone_ldap_gateway
• pingone_pingfederate_gateway

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

• #0000

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Provide support for adding custom claims to an OpenID Connect scope (API changelog 26/08/22)

New or Affected Resource(s)

• pingone_resource_scope

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

• https://apidocs.pingidentity.com/pingone/platform/v1/api/#resource-scopes
• https://apidocs.pingidentity.com/pingone/platform/v1/api/#changelog

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support custom email domains, alongside custom domains

New or Affected Resource(s)

• pingone_email_domain

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Provide support for MFA device policies, such that they can be managed alongside the pingone_sign_on_policy_action resource when invoking MFA

New or Affected Resource(s)

• pingone_device_authentication_policy

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

• https://apidocs.pingidentity.com/pingone/platform/v1/api/#device-authentication-policies

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

From P1 API changelog:

7/14/2022 The platform now includes PingFederate admin roles, allowing admins to SSO from PingOne into PingFederate with the appropriate permissions for their role. See Roles.

New or Affected Resource(s)

• pingone_role
• pingone_role_assignment_user

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

• https://apidocs.pingidentity.com/pingone/platform/v1/api/#changelog
• https://apidocs.pingidentity.com/pingone/platform/v1/api/#roles

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support custom domains

New or Affected Resource(s)

• pingone_custom_domain

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support the LDAP gateway, including kerberos authentication

New or Affected Resource(s)

• pingone_gateway

Potential Terraform Configuration

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for nested group memberships

New or Affected Resource(s)

• pingone_group

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for outbound provisioning

• #604
• #605
• #606
• #607
• #608
• #609

References

Propagation Revisions
Propagation Plans
Propagation Stores
Propagation Store Metadata
Propagation Rules
Propagation Mappings

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

PingOne Terraform provider Version

n/a

Terraform Version

1.2

Affected Resource(s)

• pingone_environment

Terraform Configuration Files

# Copy-paste your PingOne related Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

# Remember to replace any account/customer sensitive information in the configuration before submitting the issue

Debug Output

Error: Error when calling `EnvironmentsApi.CreateEnvironmentActiveLicense``: 400 Bad Request

Panic Output

Expected Behavior

Complete CI test

Actual Behavior

Failed CI test (likely failed provider AP region code)

Steps to Reproduce

1. terraform apply

Important Factoids

References

• https://github.com/pingidentity/terraform-provider-pingone/runs/7372530931?check_suite_focus=true