vmanilo · vmanilo · Oct 12, 2023 · Oct 12, 2023 · Oct 12, 2023 · Oct 12, 2023
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -124,7 +124,8 @@ jobs:
       fail-fast: false
       matrix:
         terraform:
-          - '1.3.*'
+          - '1.4.*'
+          - '1.5.*'
           - 'latest'
     steps:
 

diff --git a/docs/data-sources/user.md b/docs/data-sources/user.md
@@ -29,7 +29,6 @@ data "twingate_user" "foo" {
 
 - `email` (String) The email address of the User
 - `first_name` (String) The first name of the User
-- `is_admin` (Boolean, Deprecated) Indicates whether the User is an admin
 - `last_name` (String) The last name of the User
 - `role` (String) Indicates the User's role. Either ADMIN, DEVOPS, SUPPORT, or MEMBER
 - `type` (String) Indicates the User's type. Either MANUAL or SYNCED.
diff --git a/docs/data-sources/users.md b/docs/data-sources/users.md
@@ -32,7 +32,6 @@ Read-Only:
 - `email` (String) The email address of the User
 - `first_name` (String) The first name of the User
 - `id` (String) The ID of the User
-- `is_admin` (Boolean, Deprecated) Indicates whether the User is an admin
 - `last_name` (String) The last name of the User
 - `role` (String) Indicates the User's role. Either ADMIN, DEVOPS, SUPPORT, or MEMBER.
 - `type` (String) Indicates the User's type. Either MANUAL or SYNCED.
diff --git a/docs/guides/migration-v1-to-v2-guide.md b/docs/guides/migration-v1-to-v2-guide.md
@@ -0,0 +1,73 @@
+---
+subcategory: "migration"
+page_title: "v1 to v2 Migration Guide"
+description: |-
+This document covers how to migrate from v1 to v2 of the Twingate Terraform provider.
+---
+
+# Migration Guide
+j
+This guide covers how to migrate from v1 to v2 of the Twingate Terraform provider. Migration needs to be done for the following objects:
+- Resources
+    - `twingate_resource`
+- Data sources
+    - `twingate_user`
+    - `twingate_users`
+
+## Migrating Resources
+
+The `protocols` attribute in the `twingate_resource` Resource has been changed from a block to an object.
+
+In v1, the following was valid:
+
+```terraform
+resource "twingate_resource" "resource" {
+  name = "resource"
+  address = "internal.int"
+  remote_network_id = twingate_remote_network.aws_network.id
+
+  protocols {
+    allow_icmp = true
+    tcp {
+      policy = "RESTRICTED"
+      ports = ["80", "82-83"]
+    }
+    udp {
+      policy = "ALLOW_ALL"
+    }
+  }
+}
+```
+
+The `protocols`, `tcp` and `udp` attributes were blocks and not objects. In v2, these are now objects:
+
+```
+protocols {   ->   protocols = {
+tcp {         ->   tcp = {
+udp {         ->   udp = {
+```
+
+In v2, the above resource needs to be rewritten like this:
+
+```terraform
+resource "twingate_resource" "resource" {
+  name = "resource"
+  address = "internal.int"
+  remote_network_id = twingate_remote_network.aws_network.id
+
+  protocols = {
+    allow_icmp = true
+    tcp = {
+      policy = "RESTRICTED"
+      ports = ["80", "82-83"]
+    }
+    udp = {
+      policy = "ALLOW_ALL"
+    }
+  }
+}
+```
+
+## Migrating data sources
+
+The attribute `is_admin` has been removed from the `twingate_user` and `twingate_users` data sources. Similar information is now available via the [`role` attribute](https://registry.terraform.io/providers/Twingate/twingate/latest/docs/data-sources/users#role).
diff --git a/docs/resources/resource.md b/docs/resources/resource.md
@@ -41,13 +41,13 @@ resource "twingate_resource" "resource" {
 
   security_policy_id = data.twingate_security_policy.test_policy.id
 
-  protocols {
+  protocols = {
     allow_icmp = true
-    tcp  {
+    tcp = {
       policy = "RESTRICTED"
       ports = ["80", "82-83"]
     }
-    udp {
+    udp = {
       policy = "ALLOW_ALL"
     }
   }
@@ -72,14 +72,14 @@ resource "twingate_resource" "resource" {
 
 ### Optional
 
-- `access` (Block List, Max: 1) Restrict access to certain groups or service accounts (see [below for nested schema](#nestedblock--access))
+- `access` (Block List) Restrict access to certain groups or service accounts (see [below for nested schema](#nestedblock--access))
 - `alias` (String) Set a DNS alias address for the Resource. Must be a DNS-valid name string.
 - `is_active` (Boolean) Set the resource as active or inactive. Default is `true`.
 - `is_authoritative` (Boolean) Determines whether assignments in the access block will override any existing assignments. Default is `true`. If set to `false`, assignments made outside of Terraform will be ignored.
-- `is_browser_shortcut_enabled` (Boolean) Controls whether an "Open in Browser" shortcut will be shown for this Resource in the Twingate Client.
-- `is_visible` (Boolean) Controls whether this Resource will be visible in the main Resource list in the Twingate Client.
-- `protocols` (Block List, Max: 1) Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed. (see [below for nested schema](#nestedblock--protocols))
-- `security_policy_id` (String) The ID of a `twingate_security_policy` to set as this Resource's Security Policy. Default is `Default Policy`
+- `is_browser_shortcut_enabled` (Boolean) Controls whether an "Open in Browser" shortcut will be shown for this Resource in the Twingate Client. Default is `false`.
+- `is_visible` (Boolean) Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is `true`.
+- `protocols` (Attributes) Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed. (see [below for nested schema](#nestedatt--protocols))
+- `security_policy_id` (String) The ID of a `twingate_security_policy` to set as this Resource's Security Policy. Default is `Default Policy`.
 
 ### Read-Only
 
@@ -94,40 +94,31 @@ Optional:
 - `service_account_ids` (Set of String) List of Service Account IDs that will have permission to access the Resource.
 
 
-<a id="nestedblock--protocols"></a>
+<a id="nestedatt--protocols"></a>
 ### Nested Schema for `protocols`
 
-Required:
-
-- `tcp` (Block List, Min: 1, Max: 1) (see [below for nested schema](#nestedblock--protocols--tcp))
-- `udp` (Block List, Min: 1, Max: 1) (see [below for nested schema](#nestedblock--protocols--udp))
-
 Optional:
 
 - `allow_icmp` (Boolean) Whether to allow ICMP (ping) traffic
+- `tcp` (Attributes) (see [below for nested schema](#nestedatt--protocols--tcp))
+- `udp` (Attributes) (see [below for nested schema](#nestedatt--protocols--udp))
 
-<a id="nestedblock--protocols--tcp"></a>
+<a id="nestedatt--protocols--tcp"></a>
 ### Nested Schema for `protocols.tcp`
 
-Required:
-
-- `policy` (String) Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
-
 Optional:
 
-- `ports` (List of String) List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
+- `policy` (String) Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
+- `ports` (Set of String) List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
 
 
-<a id="nestedblock--protocols--udp"></a>
+<a id="nestedatt--protocols--udp"></a>
 ### Nested Schema for `protocols.udp`
 
-Required:
-
-- `policy` (String) Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
-
 Optional:
 
-- `ports` (List of String) List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
+- `policy` (String) Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
+- `ports` (Set of String) List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
 
 ## Import
 

diff --git a/examples/resources/twingate_resource/resource.tf b/examples/resources/twingate_resource/resource.tf
@@ -26,13 +26,13 @@ resource "twingate_resource" "resource" {
 
   security_policy_id = data.twingate_security_policy.test_policy.id
 
-  protocols {
+  protocols = {
     allow_icmp = true
-    tcp  {
+    tcp = {
       policy = "RESTRICTED"
       ports = ["80", "82-83"]
     }
-    udp {
+    udp = {
       policy = "ALLOW_ALL"
     }
   }

diff --git a/go.mod b/go.mod
@@ -11,8 +11,6 @@ require (
 	github.com/hashicorp/terraform-plugin-framework v1.4.2
 	github.com/hashicorp/terraform-plugin-framework-validators v0.12.0
 	github.com/hashicorp/terraform-plugin-go v0.19.1
-	github.com/hashicorp/terraform-plugin-mux v0.12.0
-	github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0
 	github.com/hashicorp/terraform-plugin-testing v1.5.1
 	github.com/hasura/go-graphql-client v0.10.1
 	github.com/iancoleman/strcase v0.3.0
@@ -57,6 +55,7 @@ require (
 	github.com/hashicorp/terraform-exec v0.19.0 // indirect
 	github.com/hashicorp/terraform-json v0.17.1 // indirect
 	github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect
+	github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0 // indirect
 	github.com/hashicorp/terraform-registry-address v0.2.3 // indirect
 	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
 	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect

diff --git a/go.sum b/go.sum
@@ -158,8 +158,6 @@ github.com/hashicorp/terraform-plugin-go v0.19.1 h1:lf/jTGTeELcz5IIbn/94mJdmnTjR
 github.com/hashicorp/terraform-plugin-go v0.19.1/go.mod h1:5NMIS+DXkfacX6o5HCpswda5yjkSYfKzn1Nfl9l+qRs=
 github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0=
 github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow=
-github.com/hashicorp/terraform-plugin-mux v0.12.0 h1:TJlmeslQ11WlQtIFAfth0vXx+gSNgvMEng2Rn9z3WZY=
-github.com/hashicorp/terraform-plugin-mux v0.12.0/go.mod h1:8MR0AgmV+Q03DIjyrAKxXyYlq2EUnYBQP8gxAAA0zeM=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0 h1:X7vB6vn5tON2b49ILa4W7mFAsndeqJ7bZFOGbVO+0Cc=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0/go.mod h1:ydFcxbdj6klCqYEPkPvdvFKiNGKZLUs+896ODUXCyao=
 github.com/hashicorp/terraform-plugin-testing v1.5.1 h1:T4aQh9JAhmWo4+t1A7x+rnxAJHCDIYW9kXyo4sVO92c=

diff --git a/golangci.yml b/golangci.yml
@@ -22,6 +22,7 @@ linters-settings:
       - github.com/hashicorp/terraform-plugin-framework/datasource.DataSource
       - github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier.Set
       - github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier.Bool
+      - github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier.String
       - github.com/hashicorp/terraform-plugin-testing/plancheck.PlanCheck
   errcheck:
     check-type-assertions: false

diff --git a/main.go b/main.go
@@ -6,52 +6,27 @@ import (
 	"log"
 
 	"github.com/Twingate/terraform-provider-twingate/twingate"
-	twingateV2 "github.com/Twingate/terraform-provider-twingate/twingate/v2"
-	"github.com/hashicorp/terraform-plugin-go/tfprotov6"
-	"github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server"
-
 	"github.com/hashicorp/terraform-plugin-framework/providerserver"
-	"github.com/hashicorp/terraform-plugin-mux/tf5to6server"
-	"github.com/hashicorp/terraform-plugin-mux/tf6muxserver"
 )
 
 var (
 	version = "dev"
 )
 
+const registry = "registry.terraform.io/Twingate/twingate"
+
 func main() {
 	var debug bool
 
 	flag.BoolVar(&debug, "debug", false, "set to true to run the provider with support for debuggers")
 	flag.Parse()
 
-	ctx := context.Background()
-	upgradedSdkProvider, err := tf5to6server.UpgradeServer(ctx, twingate.Provider(version).GRPCProvider)
-	if err != nil {
-		log.Fatal(err)
-	}
-	providers := []func() tfprotov6.ProviderServer{
-		func() tfprotov6.ProviderServer {
-			return upgradedSdkProvider
+	err := providerserver.Serve(context.Background(), twingate.New(version),
+		providerserver.ServeOpts{
+			Debug:           debug,
+			Address:         registry,
+			ProtocolVersion: 6,
 		},
-		providerserver.NewProtocol6(twingateV2.New(version)()),
-	}
-
-	muxServer, err := tf6muxserver.NewMuxServer(ctx, providers...)
-
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	var serveOpts []tf6server.ServeOpt
-	if debug {
-		serveOpts = append(serveOpts, tf6server.WithManagedDebug())
-	}
-
-	err = tf6server.Serve(
-		"registry.terraform.io/Twingate/twingate",
-		muxServer.ProviderServer,
-		serveOpts...,
 	)
 
 	if err != nil {

diff --git a/templates/guides/migration-v1-to-v2-guide.md.tmpl b/templates/guides/migration-v1-to-v2-guide.md.tmpl
@@ -0,0 +1,73 @@
+---
+subcategory: "migration"
+page_title: "v1 to v2 Migration Guide"
+description: |-
+This document covers how to migrate from v1 to v2 of the Twingate Terraform provider.
+---
+
+# Migration Guide
+j
+This guide covers how to migrate from v1 to v2 of the Twingate Terraform provider. Migration needs to be done for the following objects:
+- Resources
+    - `twingate_resource`
+- Data sources
+    - `twingate_user`
+    - `twingate_users`
+
+## Migrating Resources
+
+The `protocols` attribute in the `twingate_resource` Resource has been changed from a block to an object.
+
+In v1, the following was valid:
+
+```terraform
+resource "twingate_resource" "resource" {
+  name = "resource"
+  address = "internal.int"
+  remote_network_id = twingate_remote_network.aws_network.id
+
+  protocols {
+    allow_icmp = true
+    tcp {
+      policy = "RESTRICTED"
+      ports = ["80", "82-83"]
+    }
+    udp {
+      policy = "ALLOW_ALL"
+    }
+  }
+}
+```
+
+The `protocols`, `tcp` and `udp` attributes were blocks and not objects. In v2, these are now objects:
+
+```
+protocols {   ->   protocols = {
+tcp {         ->   tcp = {
+udp {         ->   udp = {
+```
+
+In v2, the above resource needs to be rewritten like this:
+
+```terraform
+resource "twingate_resource" "resource" {
+  name = "resource"
+  address = "internal.int"
+  remote_network_id = twingate_remote_network.aws_network.id
+
+  protocols = {
+    allow_icmp = true
+    tcp = {
+      policy = "RESTRICTED"
+      ports = ["80", "82-83"]
+    }
+    udp = {
+      policy = "ALLOW_ALL"
+    }
+  }
+}
+```
+
+## Migrating data sources
+
+The attribute `is_admin` has been removed from the `twingate_user` and `twingate_users` data sources. Similar information is now available via the [`role` attribute](https://registry.terraform.io/providers/Twingate/twingate/latest/docs/data-sources/users#role).
-Original file line number
+Diff line change
@@ Expand Up / @@ -124,7 +124,8 @@ jobs: @@
           fail-fast: false
           matrix:
             terraform:
-              - '1.3.*'
+              - '1.4.*'
+              - '1.5.*'
               - 'latest'
         steps:
@@ Expand Down @@