Update implementation, tests and documentation to align with current …

…API (#314)

* Add "webauthn_config in "application" resource.

* Revise "webauthn_config in "application" resource.

* Update API Key resource and doc.

* Update Application resource and doc.

* Update idp_apple documentation.

* Update idp_external_jwt resource and doc.

* Update idp_google resource and doc.

* Update idp_linkedin documentation.

* Update idp_open_id_connect resource and doc.

* Update idp_saml_v2 resource and doc.

* Update idp_saml_v2 resource and doc.

* Update idp_saml_v2_Initiated resource and doc.

* Formatting.

* Update idp_steam resource and doc.

* Update key resource, tests and doc.

* Update Lambda resource, data source and docs.

* Update registration resource and doc.

* Update system_configuration resource and doc.

* Update tenant resource and doc Part 1.

* Update tenant resource and doc Part 2.

* Update themes resource and doc.

* Update user resource and doc.

* Update user action doc.

* Update webhook resource and doc.

* Update API Key val to include all endpoints.

* Updated documentation to fix minor typos.

* Updated to Go 1.23 and updated all deps to latest

* Documentation updates.

* Update Theme resource to remove source from update

* Update API Key documentation.

* Testing revisions.

* Update Lambda type change handling.

* Update Tenant default values.

* Implement App OAuth Scopes and User Group Members.

* Fix to handle manual UGM deletions.

* Implement App OAuth Scopes and User Group Mem DSs.

* Add and update all docs for validity and format.

* Minor default revision.

* Update CI and lint corrections.

* Update golangci-lint version.

* Fix linting issues.

* Further linting revisions.

* Correct suppressBlockDiff function.

* Further revision to suppressBlockDiff.

* Fix Basic User Test.

* Add lint exception.

* Remove verification_strategy default.

* Revert verification_strategy default.

* Add verification_strategy DiffSuppressFunc.

* Fix verification_strategy DiffSuppress lint issue.

* Update all gpsinsight naming to FusionAuth.

* Update README.md.

* Further README.md update.

.github/workflows/golangci-lint.yml

@@ -13,12 +13,12 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.20'
+          go-version: "1.23"
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: v1.58
+          version: v1.63.4
           # Optional: working directory, useful for monorepos
           # working-directory: somedir
           # Optional: golangci-lint command line arguments.

.github/workflows/release.yml

@@ -25,7 +25,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.20'
+          go-version: "1.23"
       - name: Import GPG key
         id: import_gpg
         uses: crazy-max/ghaction-import-gpg@v6

CONTRIBUTING.md

@@ -13,7 +13,7 @@ Contributing Guide
 3. Make sure tests work (and maybe add new ones!)
 3. Submit PR to this repo
 4. Upon merge, maintainer will create new git tag kicking off the build process.
-5. [Terraform Registry](https://registry.terraform.io/providers/gpsinsight/fusionauth/latest) will pick up the changes
+5. [Terraform Registry](https://registry.terraform.io/providers/FusionAuth/fusionauth/latest) will pick up the changes
 
 ```
 git tag v0.1.71
@@ -22,7 +22,7 @@ git push origin --tag
 
 ## Running tests
 
-The tests require 3 variables set in order to run. 
+The tests require 3 variables set in order to run.
 ```
 TF_ACC=true
 FA_DOMAIN=https://YOUR.fusionauth.io

README.md

@@ -2,16 +2,16 @@
 
 This provider is used for setting up [FusionAuth](https://fusionauth.io).
 
-For the rendered provider usage documentation, visit the [Terraform Registry](https://registry.terraform.io/providers/gpsinsight/fusionauth/latest/docs).
+For the rendered provider usage documentation, visit the [Terraform Registry](https://registry.terraform.io/providers/FusionAuth/fusionauth/latest/docs).
 
-## Please Read 
+## Please Read
 
 November 16th, 2023
 This Terraform Provider has moved to the [FusionAuth](https://github.com/FusionAuth) organization.
 
 FusionAuth would like to thank [GPS Insight](https://github.com/gpsinsight) for all of their efforts to build and maintain this provider for the past three years!
 
-The purpose of this change in ownership is to allow FusionAuth to be in a better position to manage pull requests, and work towards full parity with the FusionAuth API. 
+The purpose of this change in ownership is to allow FusionAuth to be in a better position to manage pull requests, and work towards full parity with the FusionAuth API.
 
 Please continue to use and provide feedback on this provider as you have in the past, we are happy to accept pull requests.
 
@@ -25,6 +25,7 @@ Please continue to use and provide feedback on this provider as you have in the
 * API Key
 * application
 * application/{application_id}/role
+* application/{application_id}/scope
 * email
 * entity
 * entity grant
@@ -38,19 +39,20 @@ Please continue to use and provide feedback on this provider as you have in the
 * imported key
 * lambda
 * identity provider
-    - OpenID Connect
-    - Google
-    - Apple
-    - External JWT
-    - Facebook
-    - SAML v2
-    - Sony PSN
-    - Steam
-    - Twitch
-    - Xbox
+  * OpenID Connect
+  * Google
+  * Apple
+  * External JWT
+  * Facebook
+  * SAML v2
+  * Sony PSN
+  * Steam
+  * Twitch
+  * Xbox
 * themes
 * user
 * user action
+* user group membership
 * webhook
 * tenants
 
@@ -68,5 +70,6 @@ go test
 ## Known issues
 
 If you do not specify permissions when adding an API key, you will get a key created that has no permissions. See the following issues for more details.
-- https://github.com/gpsinsight/terraform-provider-fusionauth/issues/126
-- https://github.com/FusionAuth/fusionauth-issues/issues/1675
+
+* <https://github.com/FusionAuth/terraform-provider-fusionauth/issues/126>
+* <https://github.com/FusionAuth/fusionauth-issues/issues/1675>

docs/data-sources/application.md

@@ -12,4 +12,4 @@ data "fusionauth_application" "FusionAuth"{
 
 ## Argument Reference
 
-* `name` - (Required) The name of the Application.
+* `name` - (Required) The name of the Application.

docs/data-sources/application_oauth_scope.md

@@ -0,0 +1,32 @@
+# Application OAuth Scope Resource
+
+The Application OAuth Scope resource allows you to define the scopes that an application can request when using OAuth.
+
+[Application OAuth Scope API](https://fusionauth.io/docs/apis/scopes)
+
+## Example Usage
+
+```hcl
+data "fusionauth_application_oauth_scope" "this" {
+  application_id = data.fusionauth_application.this.id
+  name           = "data:read"
+}
+```
+
+## Argument Reference
+
+* `application_id` - (Required) ID of the application that this role is for.
+* `name` - (Required) The name of the Role.
+
+## Attributes Reference
+
+All of the argument attributes are also exported as result attributes.
+
+The following additional attributes are exported:
+
+* `data` - (Optional) An object that can hold any information about the OAuth Scope that should be persisted.
+* `default_consent_detail` - (Optional) "The default detail to display on the OAuth consent screen if one cannot be found in the theme.
+* `default_consent_message` - (Optional) The default message to display on the OAuth consent screen if one cannot be found in the theme.
+* `description` - (Optional) A description of the OAuth Scope. This is used for display purposes only.
+* `required` - (Optional) Determines if the OAuth Scope is required when requested in an OAuth workflow.
+* `scope_id` - (Optional) The Id to use for the new OAuth Scope. If not specified a secure random UUID will be generated.

docs/data-sources/application_role.md

@@ -16,4 +16,4 @@ data "fusionauth_application_role" "admin" {
 ## Argument Reference
 
 * `application_id` - (Required) ID of the application that this role is for.
-* `name` - (Required) The name of the Role.
+* `name` - (Required) The name of the Role.

docs/data-sources/email.md

@@ -20,12 +20,12 @@ data "fusionauth_email" "default_breached_password" {
 
 All the argument attributes are also exported as result attributes.
 
-* `id` - The Id of the Email Template.
 * `default_from_name` - The default From Name used when sending emails.
 * `default_html_template` - The default HTML Email Template.
 * `default_subject` - The default Subject used when sending emails.
 * `default_text_template` - The default Text Email Template.
 * `from_email` - The email address that this email will be sent from.
+* `id` - The Id of the Email Template.
 * `localized_from_names` - The From Name used when sending emails to users who speak other languages.
 * `localized_html_templates` - The HTML Email Template used when sending emails to users who speak other languages.
 * `localized_subjects` - The Subject used when sending emails to users who speak other languages.

docs/data-sources/form.md

@@ -23,12 +23,12 @@ All the argument attributes are also exported as result attributes.
 
 The following additional attributes are exported:
 
-* `id` - The unique Id of the Form.
 * `data` - An object that can hold any information about the Form that should be persisted.
+* `id` - The unique Id of the Form.
 * `name` - The unique name of the Form.
 * `steps` - An ordered list of objects containing one or more Form Fields.
 * `type` - The form type. The possible values are:
-    * `registration` - This form will be used for self service registration.
-    * `adminRegistration` - This form be used to customize the add and edit User Registration form in the FusionAuth UI.
-    * `adminUser` - This form can be used to customize the add and edit User form in the FusionAuth UI.
-    * `selfServiceUser` - This form will be used to for self service user management.
+  * `adminRegistration` - This form be used to customize the add and edit User Registration form in the FusionAuth UI.
+  * `adminUser` - This form can be used to customize the add and edit User form in the FusionAuth UI.
+  * `registration` - This form will be used for self service registration.
+  * `selfServiceUser` - This form will be used to for self service user management.

docs/data-sources/form_field.md

@@ -23,13 +23,13 @@ All the argument attributes are also exported as result attributes.
 
 The following additional attributes are exported:
 
-- `id` - The unique Id of the Form Field.
 - `confirm` - Determines if the user input should be confirmed by requiring the value to be entered twice.
 - consent_id
 - control
 - `data` - An object that can hold any information about the Form Field that should be persisted.
 - description
 - key
+- `id` - The unique Id of the Form Field.
 - `name` - The unique name of the Form Field.
 - `options` - A list of options that are applied to checkbox, radio, or select controls.
 - `required` - Determines if a value is required to complete the form.

docs/data-sources/idp.md

@@ -14,4 +14,4 @@ data "fusionauth_idp" "FusionAuth"{
 ## Argument Reference
 
 * `name` - (Optional) The name of the identity provider. This is only used for display purposes. Will be the type for types: `Apple`, `Facebook`, `Google`, `HYPR`, `Twitter`
-* `type` - (Optional) The type of the identity provider.
+* `type` - (Optional) The type of the identity provider.

docs/data-sources/lambda.md

@@ -15,33 +15,39 @@ data "fusionauth_lambda" "default_google_reconcile" {
 
 ## Argument Reference
 
-* `id`   - (Optional) The ID of the Lambda. At least one of `id` or `name` must be specified.
 * `name` - (Optional) The name of the Lambda. At least one of `id` or `name` must be specified.
+* `id`   - (Optional) The ID of the Lambda. At least one of `id` or `name` must be specified.
 * `type` - (Required) The Lambda type. The possible values are:
-    - `JWTPopulate`
-    - `OpenIDReconcile`
-    - `SAMLv2Reconcile`
-    - `SAMLv2Populate`
-    - `AppleReconcile`
-    - `ExternalJWTReconcile`
-    - `FacebookReconcile`
-    - `GoogleReconcile`
-    - `HYPRReconcile`
-    - `TwitterReconcile`
-    - `LDAPConnectorReconcile`
-    - `LinkedInReconcile`
-    - `EpicGamesReconcile`
-    - `NintendoReconcile`
-    - `SonyPSNReconcile`
-    - `SteamReconcile`
-    - `TwitchReconcile`
-    - `XboxReconcile`
-    - `SelfServiceRegistrationValidation`
-    - `ClientCredentialsJWTPopulate`
+  * `AppleReconcile`
+  * `ClientCredentialsJWTPopulate`
+  * `EpicGamesReconcile`
+  * `ExternalJWTReconcile`
+  * `FacebookReconcile`
+  * `GoogleReconcile`
+  * `HYPRReconcile`
+  * `JWTPopulate`
+  * `LDAPConnectorReconcile`
+  * `LinkedInReconcile`
+  * `LoginValidation`
+  * `NintendoReconcile`
+  * `OpenIDReconcile`
+  * `SAMLv2Populate`
+  * `SAMLv2Reconcile`
+  * `SCIMServerGroupRequestConverter`
+  * `SCIMServerGroupResponseConverter`
+  * `SCIMServerUserRequestConverter`
+  * `SCIMServerUserResponseConverter`
+  * `SelfServiceRegistrationValidation`
+  * `SonyPSNReconcile`
+  * `SteamReconcile`
+  * `TwitchReconcile`
+  * `TwitterReconcile`
+  * `UserInfoPopulate`
+  * `XboxReconcile`
 
 ## Attributes Reference
 
-All of the argument attributes are also exported as result attributes. 
+All of the argument attributes are also exported as result attributes.
 
 The following additional attributes are exported:
 

docs/data-sources/user_group_membership.md

@@ -0,0 +1,26 @@
+# User Group Membership Resource
+
+[User Group Membership API](https://fusionauth.io/docs/apis/groups#request-5)
+
+## Example Usage
+
+```hcl
+data "fusionauth_user_group_membership" "this" {
+  group_id = fusionauth_group.this.id
+  user_id  = fusionauth_user.this.id
+}
+```
+
+## Argument Reference
+
+* `group_id` - (Required) The Id of the Group of this membership.
+* `user_id` - (Required) "The Id of the User of this membership.
+
+## Attributes Reference
+
+All of the argument attributes are also exported as result attributes.
+
+The following additional attributes are exported:
+
+* `data` - (Optional) An object that can hold any information about the User for this membership that should be persisted.
+* `membership_id` - (Optional) The Id of the User Group Membership. If not provided, a random UUID will be generated.

docs/resources/api_key.md

@@ -2,7 +2,6 @@
 
 The FusionAuth APIs are primarily secured using API keys. This API can only be accessed using an API key that is set as a keyManager. In order to retrieve, update or delete an API key, an API key with equal or greater permissions must be used. A "tenant-scoped" API key can retrieve, create, update or delete an API key for the same tenant. This page describes APIs that are used to manage API keys.
 
-
 [API Key](https://fusionauth.io/docs/v1/tech/apis/api-keys/)
 
 ## Example Usage
@@ -25,16 +24,16 @@ resource "fusionauth_api_key" "example" {
 
 ## Argument Reference
 
-* `tenant_id` - (Optional) The unique Id of the Tenant. This value is required if the key is meant to be tenant scoped. Tenant scoped keys can only be used to access users and other tenant scoped objects for the specified tenant. This value is read-only once the key is created.
-* `key_id` - (Optional) The Id to use for the new Form. If not specified a secure random UUID will be generated.
-* `key` - (Optional) API key string. When you create an API key the key is defaulted to a secure random value but the API key is simply a string, so you may call it super-secret-key if you’d like. However a long and random value makes a good API key in that it is unique and difficult to guess.
 * `description` - (Optional) Description of the key.
+* `expiration_instant` - (Optional) The expiration instant of this API key. Using an expired API key for API Authentication will result in a 401 response code.
 * `ip_access_control_list_id` - (Optional) The Id of the IP Access Control List limiting access to this API key.
-* `permissions_endpoints` - (Required) The unique Id of the private key downloaded from Apple and imported into Key Master that will be used to sign the client secret.
-* `lambda_reconcile_id` - (Optional) Endpoint permissions for this key. Each key of the object is an endpoint, with the value being an array of the HTTP methods which can be used against the endpoint. An Empty permissions_endpoints object mean that this is a super key that authorizes this key for all the endpoints.
-    - `endpoint` - (Optional)
-    - `delete` - (Optional) HTTP DELETE Verb.
-    - `get` - (Optional) HTTP GET Verb.
-    - `patch` - (Optional) HTTP PATCH Verb
-    - `post` - (Optional) HTTP POST Verb
-    - `put` - (Optional) HTTP PUT Verb
+* `key` - (Optional) API key string. When you create an API key the key is defaulted to a secure random value but the API key is simply a string, so you may call it super-secret-key if you’d like. However a long and random value makes a good API key in that it is unique and difficult to guess.
+* `key_id` - (Optional) The Id to use for the new Form. If not specified a secure random UUID will be generated.
+* `permissions_endpoints` - (Optional) Endpoint permissions for this key. Each key of the object is an endpoint, with the value being an array of the HTTP methods which can be used against the endpoint. An Empty permissions_endpoints object mean that this is a super key that authorizes this key for all the endpoints.
+  * `endpoint` - (Optional)
+    * `delete` - (Optional) HTTP DELETE Verb.
+    * `get` - (Optional) HTTP GET Verb.
+    * `patch` - (Optional) HTTP PATCH Verb
+    * `post` - (Optional) HTTP POST Verb
+    * `put` - (Optional) HTTP PUT Verb
+* `tenant_id` - (Optional) The unique Id of the Tenant. This value is required if the key is meant to be tenant scoped. Tenant scoped keys can only be used to access users and other tenant scoped objects for the specified tenant. This value is read-only once the key is created.