v1.4.0

NOTES:

• bump github.com/hashicorp/terraform-plugin-framework-timeouts 0.4.1 => 0.5.0 (#968)
• bump github.com/hashicorp/terraform-plugin-go 0.25.0 => 0.26.0 (#971)
• bump github.com/hashicorp/terraform-plugin-mux 0.17.0 => 0.18.0 (#971)

FEATURES:

• New Data Source: pingone_custom_role (#965)
• New Data Source: pingone_custom_roles (#965)
• New Resource: pingone_custom_role (#965)

ENHANCEMENTS:

• data-source/role: Added support for retrieving the Advanced Identity Cloud Super Admin, Advanced Identity Cloud Tenant Admin, and Custom Roles Admin roles by name. (#969)
• data-source/trust_email_domain_ownership: Added support for the environment_dns_record field. (#969)

BUG FIXES:

• resource/pingone_verify_policy: Fixed the handling of otp default values in the email and phone property objects when verify set to DISABLED. (#967)

What's Changed

• Fixed the handling of otp default values in the email and phone property objects when verify set to DISABLED. by @mjspi in #967
• pingone_custom_role resource and data sources by @henryrecker-pingidentity in #965
• Disable DV tests 2025-01 by @patrickcping in #970
• Add environment_dns_record field to trust_email_domain_ownership data source and add missing types to role data source by @henryrecker-pingidentity in #969
• Bump github.com/hashicorp/terraform-plugin-framework-timeouts from 0.4.1 to 0.5.0 by @dependabot in #968
• Bump github.com/hashicorp/terraform-plugin-mux from 0.17.0 to 0.18.0 by @dependabot in #971

Full Changelog: v1.3.1...v1.4.0

v1.3.1

NOTES:

• bump golang.org/x/net 0.28.0 => 0.33.0 (#954)

What's Changed

• Update golang.org/x/net from v0.31.0 to v0.33.0 by @henryrecker-pingidentity in #954
• Bump github.com/golangci/golangci-lint from 1.62.2 to 1.63.4 in /tools by @dependabot in #955
• Update go-git tools dependency to v5.13.0 by @henryrecker-pingidentity in #956

New Contributors

• @henryrecker-pingidentity made their first contribution in #954

Full Changelog: v1.3.0...v1.3.1

v1.3.0

BREAKING CHANGES:

• resource/pingone_risk_predictor: To ensure correct composite predictor and Terraform behaviours, the predictor_composite.composition field has been removed and replaced with predictor_composite.compositions field. (#952)

NOTES:

• bump github.com/hashicorp/terraform-plugin-framework-validators 0.15.0 => 0.16.0 (#953)
• bump github.com/patrickcping/pingone-go-sdk-v2/management 0.44.0 => 0.45.0 (#953)
• bump github.com/patrickcping/pingone-go-sdk-v2/risk 0.17.0 => 0.18.0 (#953)
• bump github.com/patrickcping/pingone-go-sdk-v2 0.12.4 => 0.12.5 (#953)

ENHANCEMENTS:

• resource/pingone_alert_channel: Added support for the SUSPICIOUS_TRAFFIC alert type. (#953)
• resource/pingone_risk_predictor: Support multiple root level conditions for composite predictors. (#952)

BUG FIXES:

• resource/pingone_risk_predictor: Fix "Error when calling ReadOneRiskPredictor: data failed to match schemas in oneOf(RiskPredictorCompositeCondition)" when using IP range and IP comparison composite predictors. (#953)

What's Changed

• Bump github.com/katbyte/terrafmt from 0.5.4 to 0.5.5 in /tools by @dependabot in #948
• pingone_risk_predictor: Support multiple root level conditions for composite predictors by @patrickcping in #952
• Bump go modules 2024-12-18 by @patrickcping in #953

Full Changelog: v1.2.1...v1.3.0

v1.2.1

NOTES:

• bump github.com/hashicorp/terraform-plugin-sdk/v2 2.34.0 => 2.35.0 (#942)
• bump github.com/hashicorp/terraform-plugin-testing 1.10.0 => 1.11.0 (#943)
• bump golang.org/x/crypto 0.26.0 => 0.31.0 (#946)

BUG FIXES:

• resource/pingone_mfa_device_policy: Fixed "unexpected new value: .fido2: was null, but now cty.ObjectVal" when fido2 is applied, then removed from resource configuration. (#940)

What's Changed

• mfa device policy resource - fido bug fix by @wesleymccollam in #940
• Bump github.com/golangci/golangci-lint from 1.62.0 to 1.62.2 in /tools by @dependabot in #945
• Bump github.com/hashicorp/terraform-plugin-docs from 0.20.0 to 0.20.1 in /tools by @dependabot in #944
• Bump golang.org/x/crypto from 0.29.0 to 0.31.0 in /tools by @dependabot in #947
• Bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.34.0 to 2.35.0 by @dependabot in #942
• Bump golang.org/x/crypto from 0.26.0 to 0.31.0 by @dependabot in #946
• Bump github.com/hashicorp/terraform-plugin-testing from 1.10.0 to 1.11.0 by @dependabot in #943

New Contributors

• @wesleymccollam made their first contribution in #940 🚀 🚀

Full Changelog: v1.2.0...v1.2.1

v1.2.0

NOTES:

• Corrected broken documentation bookmark references. (#931)
• Upgraded go version to 1.23 to align with the go release policy. (#931)
• bump github.com/hashicorp/terraform-plugin-framework-jsontypes 0.1.0 => 0.2.0 (#937)
• bump github.com/hashicorp/terraform-plugin-framework-validators 0.13.0 => 0.15.0 (#937)
• bump github.com/hashicorp/terraform-plugin-framework 1.11.0 => 1.13.0 (#937)
• bump github.com/hashicorp/terraform-plugin-go 0.23.0 => 0.25.0 (#937)
• bump github.com/hashicorp/terraform-plugin-mux 0.16.0 => 0.17.0 (#937)
• bump github.com/patrickcping/pingone-go-sdk-v2/authorize 0.6.0 => 0.7.0 (#932)
• bump github.com/patrickcping/pingone-go-sdk-v2/credentials 0.9.0 => 0.10.0 (#932)
• bump github.com/patrickcping/pingone-go-sdk-v2/management 0.43.0 => 0.44.0 (#932)
• bump github.com/patrickcping/pingone-go-sdk-v2/mfa 0.20.0 => 0.21.0 (#932)
• bump github.com/patrickcping/pingone-go-sdk-v2/risk 0.16.0 => 0.17.0 (#932)
• bump github.com/patrickcping/pingone-go-sdk-v2/verify 0.7.0 => 0.8.0 (#932)
• bump github.com/patrickcping/pingone-go-sdk-v2 0.12.3 => 0.12.4 (#932)

ENHANCEMENTS:

• data-source/pingone_application: Add session_not_on_or_after_duration field to SAML applications. (#934)
• resource/pingone_application: Add session_not_on_or_after_duration field to SAML applications. (#934)
• resource/pingone_mfa_device_policy: Added [email|sms|voice].otp.otp_length field to allow admins to specify the length of the OTP displayed to users for SMS, Voice or Email delivery methods. (#935)
• resource/pingone_mfa_device_policy: Added the totp.uri_parameters field to allow custom key:value pairs for authenticators that support otpauth URI parameters. (#936)
• resource/pingone_risk_predictor: Added the predictor_bot_detection.include_repeated_events_without_sdk field to choose whether to expand the range of bot activity that PingOne Protect can detect. (#939)
• resource/pingone_risk_predictor: Added the predictor_device.should_validate_payload_signature field to enforce requirement that the Signals SDK payload be provided as a signed JWT for suspicious device predictors. (#938)

BUG FIXES:

• Fixed potential "Cannot find .." errors in multiple resources and data sources when many configuration items of the same type exist in an environment (fix paged results). (#932)
• Fixed potential missing results in data sources that return multiple configuration items (fix paged results). (#932)

What's Changed

• Correct credential issuer not found test by @patrickcping in #909
• Bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 by @dependabot in #927
• Bump go version to 1.23.3 by @patrickcping in #931
• Uplift pingone sdk 2024-11 by @patrickcping in #932
• Change 64 bit data types to 32 bit to align with the API by @patrickcping in #933
• Add session_not_on_or_after_duration to SAML applications by @patrickcping in #934
• pingone_mfa_device_policy: Add [email|sms|voice].otp.otp_length field to allow admins to specify the length of the OTP displayed to users by @patrickcping in #935
• pingone_mfa_device_policy: Add the totp.uri_parameters field to allow custom key:value pairs for authenticators that support otpauth URI parameters by @patrickcping in #936
• Bump go modules 18 Nov 2024 by @patrickcping in #937
• resource/pingone_risk_predictor: Add the predictor_device.should_validate_payload_signature field by @patrickcping in #938
• pingone_risk_predictor: Add the predictor_bot_detection.include_repeated_events_without_sdk field by @patrickcping in #939

Full Changelog: v1.1.1...v1.2.0

v1.1.1

NOTES:

• resource/pingone_environment: Align example HCL with best practice on creating blank/empty DaVinci service environments. (#907)
• resource/pingone_population_default: Suppress warning on creation where the default population for an environment cannot be found. (#906)
• bump github.com/hashicorp/terraform-plugin-framework-timetypes 0.4.0 => 0.5.0 (#908)
• bump github.com/hashicorp/terraform-plugin-framework 1.10.0 => 1.11.0 (#908)
• bump github.com/hashicorp/terraform-plugin-testing 1.9.0 => 1.10.0 (#908)

v1.1.0

• bump github.com/hashicorp/terraform-plugin-framework-timetypes 0.3.0 => 0.4.0 (#901)
• bump github.com/hashicorp/terraform-plugin-framework-validators 0.12.0 => 0.13.0 (#901)
• bump github.com/hashicorp/terraform-plugin-framework 1.9.0 => 1.10.0 (#901)
• bump github.com/hashicorp/terraform-plugin-testing 1.8.0 => 1.9.0 (#901)
• bump github.com/patrickcping/pingone-go-sdk-v2/management 0.42.0 => 0.43.0 (#901)
• bump github.com/patrickcping/pingone-go-sdk-v2/verify 0.6.0 => 0.7.0 (#901)
• bump github.com/patrickcping/pingone-go-sdk-v2 0.12.2 => 0.12.3 (#901)

ENHANCEMENTS:

• data_source/pingone_verify_policy: Added support for the fail_expired_id, provider_auto, provider_manual, and retry_attempts properties. (#888)
• resource/pingone_verify_policy: Added support for the fail_expired_id, provider_auto, provider_manual, and retry_attempts properties. (#888)

What's Changed

• Bump go modules 2024-08-02 by @patrickcping in #901
• Support new provider, retry and fail_expired_id properties in verify_policy configuration. by @mjspi in #888
• MFA APNS Correct acceptance test data by @patrickcping in #902

Full Changelog: v1.0.0...v1.1.0

v1.0.0

IMPORTANT The 1.0.0 release is the first release of the v1 major version. If having previously used the v0 release of the provider, please review the upgrade guide for details on how to adjust HCL to account for breaking changes to the Terraform schema.

BREAKING CHANGES:

• data_source/pingone_resource: Removed the client_secret attribute. Use the pingone_resource_secret resource or data source going forward. (#819)
• data-source/pingone_application: Changed the access_control_group_options attribute data type. (#682)
• data-source/pingone_application: Changed the external_link_options attribute data type. (#682)
• data-source/pingone_application: Changed the icon attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options.certificate_based_authentication attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options.cors_settings attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options.mobile_app.integrity_detection.cache_duration attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options.mobile_app.integrity_detection.google_play attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options.mobile_app.integrity_detection attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options.mobile_app attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options attribute data type. (#682)
• data-source/pingone_application: Changed the saml_options.cors_settings attribute data type. (#682)
• data-source/pingone_application: Changed the saml_options.idp_signing_key attribute data type. (#682)
• data-source/pingone_application: Changed the saml_options.sp_verification (#682)
• data-source/pingone_application: Changed the saml_options attribute data type. (#682)
• data-source/pingone_application: Removal of deprecated attribute saml_options.sp_verification_certificate_ids. Use the saml_options.sp_verification.certificate_ids attribute going forward. (#681)
• data-source/pingone_application: Removed oidc_options.client_secret. Use the pingone_application_secret resource or data source going forward. (#781)
• data-source/pingone_application: Renamed oidc_options.allow_wildcards_in_redirect_uris to oidc_options.allow_wildcard_in_redirect_uris to align with the API. (#887)
• data-source/pingone_application: Renamed oidc_options.token_endpoint_authn_method to oidc_options.token_endpoint_auth_method to align with the API. (#887)
• data-source/pingone_environment: Changed the service.bookmark parameter data type and renamed to services.bookmarks. (#665)
• data-source/pingone_environment: Changed the service parameter data type and renamed to services. (#665)
• data-source/pingone_flow_policies: Changed the data_filter parameter data type and renamed to data_filters. (#664)
• data-source/pingone_flow_policy: Changed the davinci_application and trigger computed attribute data types from list block to single object types. (#795)
• data-source/pingone_gateway: Changed the user_type data type from a set of objects to a map of objects and renamed to user_types. (#798)
• data-source/pingone_gateway: Renamed radius_client to radius_clients and changed data type from block set to set of objects. (#798)
• data-source/pingone_gateway: Renamed user_type.push_password_changes_to_ldap to user_types.allow_password_changes. (#798)
• data-source/pingone_gateway: Renamed user_type.user_migation.attribute_mapping to user_types.new_user_lookup.attribute_mappings and changed data type from block set to set of objects. (#798)
• data-source/pingone_gateway: Renamed user_type.user_migation to user_types.new_user_lookup and changed data type from block set to single object. (#798)
• data-source/pingone_gateway: Renamed user_type.user_migration.lookup_filter_pattern to user_types.new_user_lookup.ldap_filter_pattern. (#798)
• data-source/pingone_groups: Changed the data_filter parameter data type and renamed to data_filters. (#677)
• data-source/pingone_licenses: Changed the data_filter parameter data type and renamed to data_filters. (#730)
• data-source/pingone_organization: Removal of deprecated platform URL computed attributes. Consider using the PingOne Utilities module going forward. (#628)
• data-source/pingone_password_policy: Moved password_age.max to password_age_max. (#801)
• data-source/pingone_password_policy: Moved password_age.min to password_age_min. (#801)
• data-source/pingone_password_policy: Removed ineffectual bypass_policy. (#801)
• data-source/pingone_password_policy: Renamed account_lockout to lockout. (#801)
• data-source/pingone_password_policy: Renamed environment_default to default. (#801)
• data-source/pingone_password_policy: Renamed exclude_commonly_used_passwords to excludes_commonly_used_passwords. (#801)
• data-source/pingone_password_policy: Renamed exclude_profile_data to excludes_profile_data. (#801)
• data-source/pingone_password_policy: Renamed password_history to history. (#801)
• data-source/pingone_password_policy: Renamed password_length to length. (#801)
• data-source/pingone_populations: Changed the data_filter parameter data type and renamed to data_filters. (#664)
• data-source/pingone_resource_scope: Existing resource_id field made read only. Use resource_type and custom_resource_id instead. (#863)
• data-source/pingone_resource_scope: New resource_type field is a required field, and new custom_resource_id field is an optional field. The combination of these fields ensure the correct resource is selected without encountering issue. (#863)
• data-source/pingone_trusted_email_domain_dkim: Removed unnecessary id attribute. (#802)
• data-source/pingone_trusted_email_domain_dkim: Renamed region.token to regions.tokens. (#802)
• data-source/pingone_trusted_email_domain_dkim: Renamed region to regions. (#802)
• data-source/pingone_trusted_email_domain_ownership: Renamed region to regions. (#803)
• `...

v1.0.0-rc2

IMPORTANT This v1.0.0-rc2 release is a pre-release (candidate) build and is not stable for production use. The latest stable build for production use is v0.29. The documentation for v0.29 can be found here.

IMPORTANT This v1.0.0-rc2 release is a pre-release (candidate) build that contains breaking changes to the PingOne Terraform schema. This candidate build can be used prepare HCL for the upgrade from v0.* to v1.* of the provider. Please review the upgrade guide for details on handling breaking changes to the PingOne Terraform schema.

IMPORTANT This v1.0.0-rc2 release is a pre-release (candidate) build and can be used prepare HCL for the upgrade from v0.* to v1.* of the provider. If you find bugs in this build, please raise an issue to the provider maintainers.

BREAKING CHANGES:

• data_source/pingone_resource: Removed the client_secret attribute. Use the pingone_resource_secret resource or data source going forward. (#819)
• data-source/pingone_application: Changed the access_control_group_options attribute data type. (#682)
• data-source/pingone_application: Changed the external_link_options attribute data type. (#682)
• data-source/pingone_application: Changed the icon attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options.certificate_based_authentication attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options.cors_settings attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options.mobile_app.integrity_detection.cache_duration attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options.mobile_app.integrity_detection.google_play attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options.mobile_app.integrity_detection attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options.mobile_app attribute data type. (#682)
• data-source/pingone_application: Changed the oidc_options attribute data type. (#682)
• data-source/pingone_application: Changed the saml_options.cors_settings attribute data type. (#682)
• data-source/pingone_application: Changed the saml_options.idp_signing_key attribute data type. (#682)
• data-source/pingone_application: Changed the saml_options.sp_verification (#682)
• data-source/pingone_application: Changed the saml_options attribute data type. (#682)
• data-source/pingone_application: Removal of deprecated attribute saml_options.sp_verification_certificate_ids. Use the saml_options.sp_verification.certificate_ids attribute going forward. (#681)
• data-source/pingone_application: Removed oidc_options.client_id and oidc_options.client_secret. Use the pingone_application_secret resource or data source going forward. (#781)
• data-source/pingone_application: Renamed oidc_options.allow_wildcards_in_redirect_uris to oidc_options.allow_wildcard_in_redirect_uris to align with the API. (#887)
• data-source/pingone_application: Renamed oidc_options.token_endpoint_authn_method to oidc_options.token_endpoint_auth_method to align with the API. (#887)
• data-source/pingone_environment: Changed the service.bookmark parameter data type and renamed to services.bookmarks. (#665)
• data-source/pingone_environment: Changed the service parameter data type and renamed to services. (#665)
• data-source/pingone_flow_policies: Changed the data_filter parameter data type and renamed to data_filters. (#664)
• data-source/pingone_flow_policy: Changed the davinci_application and trigger computed attribute data types from list block to single object types. (#795)
• data-source/pingone_gateway: Changed the user_type data type from a set of objects to a map of objects and renamed to user_types. (#798)
• data-source/pingone_gateway: Renamed radius_client to radius_clients and changed data type from block set to set of objects. (#798)
• data-source/pingone_gateway: Renamed user_type.push_password_changes_to_ldap to user_types.allow_password_changes. (#798)
• data-source/pingone_gateway: Renamed user_type.user_migation.attribute_mapping to user_types.new_user_lookup.attribute_mappings and changed data type from block set to set of objects. (#798)
• data-source/pingone_gateway: Renamed user_type.user_migation to user_types.new_user_lookup and changed data type from block set to single object. (#798)
• data-source/pingone_gateway: Renamed user_type.user_migration.lookup_filter_pattern to user_types.new_user_lookup.ldap_filter_pattern. (#798)
• data-source/pingone_groups: Changed the data_filter parameter data type and renamed to data_filters. (#677)
• data-source/pingone_licenses: Changed the data_filter parameter data type and renamed to data_filters. (#730)
• data-source/pingone_organization: Removal of deprecated platform URL computed attributes. Consider using the PingOne Utilities module going forward. (#628)
• data-source/pingone_password_policy: Moved password_age.max to password_age_max. (#801)
• data-source/pingone_password_policy: Moved password_age.min to password_age_min. (#801)
• data-source/pingone_password_policy: Removed ineffectual bypass_policy. (#801)
• data-source/pingone_password_policy: Renamed account_lockout to lockout. (#801)
• data-source/pingone_password_policy: Renamed environment_default to default. (#801)
• data-source/pingone_password_policy: Renamed exclude_commonly_used_passwords to excludes_commonly_used_passwords. (#801)
• data-source/pingone_password_policy: Renamed exclude_profile_data to excludes_profile_data. (#801)
• data-source/pingone_password_policy: Renamed password_history to history. (#801)
• data-source/pingone_password_policy: Renamed password_length to length. (#801)
• data-source/pingone_populations: Changed the data_filter parameter data type and renamed to data_filters. (#664)
• data-source/pingone_resource_scope: Existing resource_id field made read only. Use resource_type and custom_resource_id instead. (#863)
• data-source/pingone_resource_scope: New resource_type field is a required field, and new custom_resource_id field is an optional field. The combination of the...

v0.29.2

NOTES:

• bump github.com/patrickcping/pingone-go-sdk-v2/authorize 0.5.0 => 0.6.0 (#871)
• bump github.com/patrickcping/pingone-go-sdk-v2/credentials 0.8.0 => 0.9.0 (#871)
• bump github.com/patrickcping/pingone-go-sdk-v2/management 0.41.0 => 0.42.0 (#871)
• bump github.com/patrickcping/pingone-go-sdk-v2/mfa 0.19.0 => 0.20.0 (#871)
• bump github.com/patrickcping/pingone-go-sdk-v2/risk 0.15.1 => 0.16.0 (#871)
• bump github.com/patrickcping/pingone-go-sdk-v2/verify 0.5.0 => 0.6.0 (#871)
• bump github.com/patrickcping/pingone-go-sdk-v2 0.12.1 => 0.12.2 (#871)

BUG FIXES:

• resource/pingone_gateway: Fixed error when configuring gateways that are generic LDAP v3 compliant directories, or OpenDJ Directory servers. (#871)

What's Changed

• Bump modules (v0.29.2) by @patrickcping in #871

Full Changelog: v0.29.1...v0.29.2