Merge remote-tracking branch 'upstream/main' into fix/update-acctests-v2

.github/workflows/ci.yml

@@ -7,7 +7,7 @@ on:
   pull_request:
     branches:
       - main
-      - fix/update-acctests
+      - "hotfix/**"
     paths-ignore:
        - 'README.md'
 
@@ -16,7 +16,7 @@ on:
       - 'README.md'
     branches:
       - main
-      - fix/update-acctests
+      - fix/update-acctests-v2
 
 # Ensures only 1 action runs per PR and previous is canceled on new trigger
 concurrency:
@@ -126,7 +126,8 @@ jobs:
       fail-fast: false
       matrix:
         terraform:
-          - '1.3.*'
+          - '1.4.*'
+          - '1.5.*'
           - 'latest'
     steps:
 

docs/data-sources/user.md

@@ -29,7 +29,6 @@ data "twingate_user" "foo" {
 
 - `email` (String) The email address of the User
 - `first_name` (String) The first name of the User
-- `is_admin` (Boolean, Deprecated) Indicates whether the User is an admin
 - `last_name` (String) The last name of the User
 - `role` (String) Indicates the User's role. Either ADMIN, DEVOPS, SUPPORT, or MEMBER
 - `type` (String) Indicates the User's type. Either MANUAL or SYNCED.

docs/data-sources/users.md

@@ -32,7 +32,6 @@ Read-Only:
 - `email` (String) The email address of the User
 - `first_name` (String) The first name of the User
 - `id` (String) The ID of the User
-- `is_admin` (Boolean, Deprecated) Indicates whether the User is an admin
 - `last_name` (String) The last name of the User
 - `role` (String) Indicates the User's role. Either ADMIN, DEVOPS, SUPPORT, or MEMBER.
 - `type` (String) Indicates the User's type. Either MANUAL or SYNCED.

docs/guides/migration-v1-to-v2-guide.md

@@ -0,0 +1,73 @@
+---
+subcategory: "migration"
+page_title: "v1 to v2 Migration Guide"
+description: |-
+This document covers how to migrate from v1 to v2 of the Twingate Terraform provider.
+---
+
+# Migration Guide
+j
+This guide covers how to migrate from v1 to v2 of the Twingate Terraform provider. Migration needs to be done for the following objects:
+- Resources
+    - `twingate_resource`
+- Data sources
+    - `twingate_user`
+    - `twingate_users`
+
+## Migrating Resources
+
+The `protocols` attribute in the `twingate_resource` Resource has been changed from a block to an object.
+
+In v1, the following was valid:
+
+```terraform
+resource "twingate_resource" "resource" {
+  name = "resource"
+  address = "internal.int"
+  remote_network_id = twingate_remote_network.aws_network.id
+
+  protocols {
+    allow_icmp = true
+    tcp {
+      policy = "RESTRICTED"
+      ports = ["80", "82-83"]
+    }
+    udp {
+      policy = "ALLOW_ALL"
+    }
+  }
+}
+```
+
+The `protocols`, `tcp` and `udp` attributes were blocks and not objects. In v2, these are now objects:
+
+```
+protocols {   ->   protocols = {
+tcp {         ->   tcp = {
+udp {         ->   udp = {
+```
+
+In v2, the above resource needs to be rewritten like this:
+
+```terraform
+resource "twingate_resource" "resource" {
+  name = "resource"
+  address = "internal.int"
+  remote_network_id = twingate_remote_network.aws_network.id
+
+  protocols = {
+    allow_icmp = true
+    tcp = {
+      policy = "RESTRICTED"
+      ports = ["80", "82-83"]
+    }
+    udp = {
+      policy = "ALLOW_ALL"
+    }
+  }
+}
+```
+
+## Migrating data sources
+
+The attribute `is_admin` has been removed from the `twingate_user` and `twingate_users` data sources. Similar information is now available via the [`role` attribute](https://registry.terraform.io/providers/Twingate/twingate/latest/docs/data-sources/users#role).

docs/resources/resource.md

@@ -30,18 +30,24 @@ resource "twingate_service_account" "github_actions_prod" {
   name = "Github Actions PROD"
 }
 
+data "twingate_security_policy" "test_policy" {
+  name = "Test Policy"
+}
+
 resource "twingate_resource" "resource" {
   name = "network"
   address = "internal.int"
   remote_network_id = twingate_remote_network.aws_network.id
 
-  protocols {
+  security_policy_id = data.twingate_security_policy.test_policy.id
+
+  protocols = {
     allow_icmp = true
-    tcp  {
+    tcp = {
       policy = "RESTRICTED"
       ports = ["80", "82-83"]
     }
-    udp {
+    udp = {
       policy = "ALLOW_ALL"
     }
   }
@@ -50,6 +56,8 @@ resource "twingate_resource" "resource" {
     group_ids = [twingate_group.aws.id]
     service_account_ids = [twingate_service_account.github_actions_prod.id]
   }
+
+  is_active = true
 }
 ```
 
@@ -64,12 +72,14 @@ resource "twingate_resource" "resource" {
 
 ### Optional
 
-- `access` (Block List, Max: 1) Restrict access to certain groups or service accounts (see [below for nested schema](#nestedblock--access))
+- `access` (Block List) Restrict access to certain groups or service accounts (see [below for nested schema](#nestedblock--access))
 - `alias` (String) Set a DNS alias address for the Resource. Must be a DNS-valid name string.
+- `is_active` (Boolean) Set the resource as active or inactive. Default is `true`.
 - `is_authoritative` (Boolean) Determines whether assignments in the access block will override any existing assignments. Default is `true`. If set to `false`, assignments made outside of Terraform will be ignored.
-- `is_browser_shortcut_enabled` (Boolean) Controls whether an "Open in Browser" shortcut will be shown for this Resource in the Twingate Client.
-- `is_visible` (Boolean) Controls whether this Resource will be visible in the main Resource list in the Twingate Client.
-- `protocols` (Block List, Max: 1) Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed. (see [below for nested schema](#nestedblock--protocols))
+- `is_browser_shortcut_enabled` (Boolean) Controls whether an "Open in Browser" shortcut will be shown for this Resource in the Twingate Client. Default is `false`.
+- `is_visible` (Boolean) Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is `true`.
+- `protocols` (Attributes) Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed. (see [below for nested schema](#nestedatt--protocols))
+- `security_policy_id` (String) The ID of a `twingate_security_policy` to set as this Resource's Security Policy. Default is `Default Policy`.
 
 ### Read-Only
 
@@ -84,40 +94,31 @@ Optional:
 - `service_account_ids` (Set of String) List of Service Account IDs that will have permission to access the Resource.
 
 
-<a id="nestedblock--protocols"></a>
+<a id="nestedatt--protocols"></a>
 ### Nested Schema for `protocols`
 
-Required:
-
-- `tcp` (Block List, Min: 1, Max: 1) (see [below for nested schema](#nestedblock--protocols--tcp))
-- `udp` (Block List, Min: 1, Max: 1) (see [below for nested schema](#nestedblock--protocols--udp))
-
 Optional:
 
 - `allow_icmp` (Boolean) Whether to allow ICMP (ping) traffic
+- `tcp` (Attributes) (see [below for nested schema](#nestedatt--protocols--tcp))
+- `udp` (Attributes) (see [below for nested schema](#nestedatt--protocols--udp))
 
-<a id="nestedblock--protocols--tcp"></a>
+<a id="nestedatt--protocols--tcp"></a>
 ### Nested Schema for `protocols.tcp`
 
-Required:
-
-- `policy` (String) Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
-
 Optional:
 
-- `ports` (List of String) List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
+- `policy` (String) Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
+- `ports` (Set of String) List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
 
 
-<a id="nestedblock--protocols--udp"></a>
+<a id="nestedatt--protocols--udp"></a>
 ### Nested Schema for `protocols.udp`
 
-Required:
-
-- `policy` (String) Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
-
 Optional:
 
-- `ports` (List of String) List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
+- `policy` (String) Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
+- `ports` (Set of String) List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
 
 ## Import
 

examples/resources/twingate_resource/resource.tf

@@ -15,18 +15,24 @@ resource "twingate_service_account" "github_actions_prod" {
   name = "Github Actions PROD"
 }
 
+data "twingate_security_policy" "test_policy" {
+  name = "Test Policy"
+}
+
 resource "twingate_resource" "resource" {
   name = "network"
   address = "internal.int"
   remote_network_id = twingate_remote_network.aws_network.id
 
-  protocols {
+  security_policy_id = data.twingate_security_policy.test_policy.id
+
+  protocols = {
     allow_icmp = true
-    tcp  {
+    tcp = {
       policy = "RESTRICTED"
       ports = ["80", "82-83"]
     }
-    udp {
+    udp = {
       policy = "ALLOW_ALL"
     }
   }
@@ -35,5 +41,7 @@ resource "twingate_resource" "resource" {
     group_ids = [twingate_group.aws.id]
     service_account_ids = [twingate_service_account.github_actions_prod.id]
   }
+
+  is_active = true
 }
 

go.mod

@@ -5,16 +5,14 @@ go 1.21
 require (
 	github.com/client9/misspell v0.3.4
 	github.com/google/go-cmp v0.6.0
-	github.com/hashicorp/go-retryablehttp v0.7.4
+	github.com/hashicorp/go-retryablehttp v0.7.5
 	github.com/hashicorp/go-uuid v1.0.3
-	github.com/hashicorp/terraform-plugin-docs v0.16.0
-	github.com/hashicorp/terraform-plugin-framework v1.4.2
+	github.com/hashicorp/terraform-plugin-docs v0.17.0
+	github.com/hashicorp/terraform-plugin-framework v1.5.0
 	github.com/hashicorp/terraform-plugin-framework-validators v0.12.0
-	github.com/hashicorp/terraform-plugin-go v0.19.0
-	github.com/hashicorp/terraform-plugin-mux v0.12.0
-	github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0
-	github.com/hashicorp/terraform-plugin-testing v1.5.1
-	github.com/hasura/go-graphql-client v0.10.0
+	github.com/hashicorp/terraform-plugin-go v0.20.0
+	github.com/hashicorp/terraform-plugin-testing v1.6.0
+	github.com/hasura/go-graphql-client v0.10.2
 	github.com/iancoleman/strcase v0.3.0
 	github.com/jarcoal/httpmock v1.3.1
 	github.com/mattn/goveralls v0.0.12
@@ -24,48 +22,50 @@ require (
 )
 
 require (
+	github.com/Kunde21/markdownfmt/v3 v3.1.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.1.1 // indirect
-	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
+	github.com/Masterminds/semver/v3 v3.2.0 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
 	github.com/agext/levenshtein v1.2.2 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/bgentry/speakeasy v0.1.0 // indirect
 	github.com/bitfield/gotestdox v0.2.1 // indirect
 	github.com/ccojocar/zxcvbn-go v1.0.1 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dnephin/pflag v1.0.7 // indirect
-	github.com/fatih/color v1.15.0 // indirect
+	github.com/fatih/color v1.16.0 // indirect
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.3.1 // indirect
+	github.com/google/uuid v1.5.0 // indirect
 	github.com/gookit/color v1.5.4 // indirect
+	github.com/hashicorp/cli v1.1.6 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
 	github.com/hashicorp/go-hclog v1.5.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.5.1 // indirect
+	github.com/hashicorp/go-plugin v1.6.0 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/hashicorp/hc-install v0.6.0 // indirect
-	github.com/hashicorp/hcl/v2 v2.18.0 // indirect
+	github.com/hashicorp/hc-install v0.6.2 // indirect
+	github.com/hashicorp/hcl/v2 v2.19.1 // indirect
 	github.com/hashicorp/logutils v1.0.0 // indirect
-	github.com/hashicorp/terraform-exec v0.19.0 // indirect
-	github.com/hashicorp/terraform-json v0.17.1 // indirect
+	github.com/hashicorp/terraform-exec v0.20.0 // indirect
+	github.com/hashicorp/terraform-json v0.20.0 // indirect
 	github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect
-	github.com/hashicorp/terraform-registry-address v0.2.2 // indirect
+	github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0 // indirect
+	github.com/hashicorp/terraform-registry-address v0.2.3 // indirect
 	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
-	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
+	github.com/hashicorp/yamux v0.1.1 // indirect
+	github.com/huandu/xstrings v1.3.3 // indirect
 	github.com/imdario/mergo v0.3.15 // indirect
-	github.com/klauspost/compress v1.16.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
-	github.com/mitchellh/cli v1.1.5 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
@@ -78,24 +78,26 @@ require (
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
-	github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
+	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
-	github.com/zclconf/go-cty v1.14.0 // indirect
-	golang.org/x/crypto v0.14.0 // indirect
+	github.com/yuin/goldmark v1.6.0 // indirect
+	github.com/yuin/goldmark-meta v1.1.0 // indirect
+	github.com/zclconf/go-cty v1.14.1 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
 	golang.org/x/exp v0.0.0-20230809150735-7b3493d9a819 // indirect
-	golang.org/x/mod v0.13.0 // indirect
-	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/net v0.19.0 // indirect
 	golang.org/x/sync v0.4.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/term v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect
-	google.golang.org/grpc v1.57.1 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect
+	google.golang.org/grpc v1.60.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v2 v2.3.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	nhooyr.io/websocket v1.8.7 // indirect
+	nhooyr.io/websocket v1.8.10 // indirect
 )