pingidentity · henryrecker-pingidentity · May 16, 2025 · Jun 6, 2025 · Jun 9, 2025 · Jun 9, 2025
@@ -0,0 +1,26 @@
+---
+page_title: "{{.Name}} {{.Type}} - {{.RenderedProviderName}}"
+subcategory: "DaVinci"
+description: |-
+{{ .Description | plainmarkdown | trimspace | prefixlines "  " }}
+---
+
+# {{.Name}} ({{.Type}})
+
+{{ .Description | trimspace }}
+
+{{ if .HasExample -}}
+## Example Usage
+
+{{ tffile (printf "%s%s%s" "examples/resources/" .Name "/resource.tf") }}
+{{- end }}
+
+{{ .SchemaMarkdown | trimspace }}
+
+{{ if .HasImport -}}
+## Import
+
+Import is supported using the following syntax, where attributes in `<>` brackets are replaced with the relevant ID.  For example, `<environment_id>` should be replaced with the ID of the environment to import from.
+
+{{ codefile "shell" (printf "%s%s%s" "examples/resources/" .Name "/import.sh") }}
+{{- end }}
@@ -0,0 +1 @@
+terraform import pingone_davinci_application.example <environment_id>/<application_id>
@@ -0,0 +1,44 @@
+resource "pingone_davinci_application" "my_awesome_application" {
+  environment_id = var.pingone_environment_id
+
+  name = "My Awesome Application"
+
+  oauth = {
+    grant_types                   = ["authorizationCode"]
+    scopes                        = ["openid", "profile"]
+    enforce_signed_request_openid = false
+    redirect_uris                 = ["https://auth.pingone.com/0000-0000-000/rp/callback/openid_connect"]
+  }
+}
+
+resource "pingone_davinci_application_flow_policy" "authentication_flow_policy" {
+  environment_id = var.pingone_environment_id
+  application_id = pingone_davinci_application.my_awesome_application.id
+
+  name   = "PingOne - Authentication"
+  status = "enabled"
+
+  flow_distributions = [
+    {
+      flow_id = pingone_davinci_flow.authentication.id
+      version = -1
+      weight  = 100
+    }
+  ]
+}
+
+resource "pingone_davinci_application_flow_policy" "registration_flow_policy" {
+  environment_id = var.pingone_environment_id
+  application_id = pingone_davinci_application.my_awesome_application.id
+
+  name   = "PingOne - Registration"
+  status = "enabled"
+
+  flow_distributions = [
+    {
+      flow_id = pingone_davinci_flow.registration.id
+      version = -1
+      weight  = 100
+    }
+  ]
+}
@@ -67,4 +67,4 @@ resource "pingone_davinci_connector_instance" "pingfederate_connector_example" {
       }
     }
   })
-}
+}
@@ -478,6 +478,9 @@ func ParseImportID(id string, components ...ImportComponent) (map[string]string,
 
 	i := 0
 	for _, v := range components {
+		if v.Regexp == nil {
+			return nil, fmt.Errorf("cannot parse import ID as component %d has no Regexp", i)
+		}
 		keys[i] = v.Label
 		regexpList[i] = v.Regexp.String()
 		i++

@@ -0,0 +1,201 @@
+// Copyright © 2025 Ping Identity Corporation
+
+//go:build beta
+
+package davinci
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/pingidentity/pingone-go-client/pingone"
+	"github.com/pingidentity/terraform-provider-pingone/internal/framework"
+)
+
+// Build the PUT client struct to be used after initial creation
+func (model *davinciApplicationResourceModel) buildClientStructPutAfterCreate(createResponse *pingone.DaVinciApplicationResponse) (*pingone.DaVinciApplicationReplaceRequest, diag.Diagnostics) {
+	result := &pingone.DaVinciApplicationReplaceRequest{}
+	var respDiags diag.Diagnostics
+	// First copy over values from the create response
+	result.ApiKeyEnabled = &createResponse.ApiKey.Enabled
+	var grantTypes []pingone.DaVinciApplicationReplaceRequestOAuthGrantType
+	for _, grantType := range createResponse.Oauth.GrantTypes {
+		grantTypes = append(grantTypes, pingone.DaVinciApplicationReplaceRequestOAuthGrantType(grantType))
+	}
+	var scopes []pingone.DaVinciApplicationReplaceRequestOAuthScope
+	for _, scope := range createResponse.Oauth.Scopes {
+		scopes = append(scopes, pingone.DaVinciApplicationReplaceRequestOAuthScope(scope))
+	}
+	result.Oauth = &pingone.DaVinciApplicationReplaceRequestOAuth{
+		EnforceSignedRequestOpenid: createResponse.Oauth.EnforceSignedRequestOpenid,
+		GrantTypes:                 grantTypes,
+		LogoutUris:                 createResponse.Oauth.LogoutUris,
+		RedirectUris:               createResponse.Oauth.RedirectUris,
+		Scopes:                     scopes,
+		SpJwksOpenid:               createResponse.Oauth.SpJwksOpenid,
+		SpjwksUrl:                  createResponse.Oauth.SpjwksUrl,
+	}
+
+	// Then overwrite with anything specified in the plan model
+	result.Name = model.Name.ValueString()
+	if !model.ApiKey.IsNull() && !model.ApiKey.IsUnknown() {
+		if !model.ApiKey.Attributes()["enabled"].IsNull() && !model.ApiKey.Attributes()["enabled"].IsUnknown() {
+			result.ApiKeyEnabled = model.ApiKey.Attributes()["enabled"].(types.Bool).ValueBoolPointer()
+		}
+	}
+	if !model.Oauth.IsNull() && !model.Oauth.IsUnknown() {
+		oauthAttrs := model.Oauth.Attributes()
+		if !oauthAttrs["enforce_signed_request_openid"].IsNull() && !oauthAttrs["enforce_signed_request_openid"].IsUnknown() {
+			result.Oauth.EnforceSignedRequestOpenid = oauthAttrs["enforce_signed_request_openid"].(types.Bool).ValueBoolPointer()
+		}
+		if !oauthAttrs["grant_types"].IsNull() && !oauthAttrs["grant_types"].IsUnknown() {
+			result.Oauth.GrantTypes = []pingone.DaVinciApplicationReplaceRequestOAuthGrantType{}
+			for _, grantTypesElement := range oauthAttrs["grant_types"].(types.Set).Elements() {
+				var grantTypesValue pingone.DaVinciApplicationReplaceRequestOAuthGrantType
+				grantTypesEnumValue, err := pingone.NewDaVinciApplicationReplaceRequestOAuthGrantTypeFromValue(grantTypesElement.(types.String).ValueString())
+				if err != nil {
+					respDiags.AddAttributeError(
+						path.Root("grant_types"),
+						"Provided value is not valid",
+						fmt.Sprintf("The value provided for grant_types is not valid: %s", err.Error()),
+					)
+				} else {
+					grantTypesValue = *grantTypesEnumValue
+				}
+				result.Oauth.GrantTypes = append(result.Oauth.GrantTypes, grantTypesValue)
+			}
+		}
+		if !oauthAttrs["logout_uris"].IsNull() && !oauthAttrs["logout_uris"].IsUnknown() {
+			result.Oauth.LogoutUris = []string{}
+			for _, logoutUrisElement := range oauthAttrs["logout_uris"].(types.Set).Elements() {
+				result.Oauth.LogoutUris = append(result.Oauth.LogoutUris, logoutUrisElement.(types.String).ValueString())
+			}
+		}
+		if !oauthAttrs["redirect_uris"].IsNull() && !oauthAttrs["redirect_uris"].IsUnknown() {
+			result.Oauth.RedirectUris = []string{}
+			for _, redirectUrisElement := range oauthAttrs["redirect_uris"].(types.Set).Elements() {
+				result.Oauth.RedirectUris = append(result.Oauth.RedirectUris, redirectUrisElement.(types.String).ValueString())
+			}
+		}
+		if !oauthAttrs["scopes"].IsNull() && !oauthAttrs["scopes"].IsUnknown() {
+			result.Oauth.Scopes = []pingone.DaVinciApplicationReplaceRequestOAuthScope{}
+			for _, scopesElement := range oauthAttrs["scopes"].(types.Set).Elements() {
+				var scopesValue pingone.DaVinciApplicationReplaceRequestOAuthScope
+				scopesEnumValue, err := pingone.NewDaVinciApplicationReplaceRequestOAuthScopeFromValue(scopesElement.(types.String).ValueString())
+				if err != nil {
+					respDiags.AddAttributeError(
+						path.Root("scopes"),
+						"Provided value is not valid",
+						fmt.Sprintf("The value provided for scopes is not valid: %s", err.Error()),
+					)
+				} else {
+					scopesValue = *scopesEnumValue
+				}
+				result.Oauth.Scopes = append(result.Oauth.Scopes, scopesValue)
+			}
+		}
+		if !oauthAttrs["sp_jwks_openid"].IsNull() && !oauthAttrs["sp_jwks_openid"].IsUnknown() {
+			result.Oauth.SpJwksOpenid = oauthAttrs["sp_jwks_openid"].(types.String).ValueStringPointer()
+		}
+		if !oauthAttrs["sp_jwks_url"].IsNull() && !oauthAttrs["sp_jwks_url"].IsUnknown() {
+			result.Oauth.SpjwksUrl = oauthAttrs["sp_jwks_url"].(types.String).ValueStringPointer()
+		}
+	}
+
+	return result, respDiags
+}
+
+// Application Creates have to run a POST followed by a PUT to set fields other than name.
+func (r *davinciApplicationResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var data davinciApplicationResourceModel
+
+	if r.Client == nil {
+		resp.Diagnostics.AddError(
+			"Client not initialized",
+			"Expected the PingOne client, got nil.  Please report this issue to the provider maintainers.")
+		return
+	}
+
+	// Read Terraform plan data into the model
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Create API call logic
+	clientData, diags := data.buildClientStructPost()
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	environmentIdUuid, err := uuid.Parse(data.EnvironmentId.ValueString())
+	if err != nil {
+		resp.Diagnostics.AddAttributeError(
+			path.Root("environment_id"),
+			"Attribute Validation Error",
+			fmt.Sprintf("The value '%s' for attribute '%s' is not a valid UUID: %s", data.EnvironmentId.ValueString(), "EnvironmentId", err.Error()),
+		)
+		return
+	}
+	var createResponseData *pingone.DaVinciApplicationResponse
+	resp.Diagnostics.Append(framework.ParseResponse(
+		ctx,
+
+		func() (any, *http.Response, error) {
+			fO, fR, fErr := r.Client.DaVinciApplicationsApi.CreateDavinciApplication(ctx, environmentIdUuid).DaVinciApplicationCreateRequest(*clientData).Execute()
+			return framework.CheckEnvironmentExistsOnPermissionsError(ctx, r.Client, data.EnvironmentId.ValueString(), fO, fR, fErr)
+		},
+		"CreateDavinciApplication",
+		framework.DefaultCustomError,
+		framework.DefaultRetryable,
+		&createResponseData,
+	)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// In order to update fields, a second call to the PUT endpoint has to be made, because only name can be set on creation.
+	// Update API call logic
+	updateClientData, diags := data.buildClientStructPutAfterCreate(createResponseData)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	var responseData *pingone.DaVinciApplicationResponse
+	resp.Diagnostics.Append(framework.ParseResponse(
+		ctx,
+
+		func() (any, *http.Response, error) {
+			fO, fR, fErr := r.Client.DaVinciApplicationsApi.ReplaceDavinciApplicationById(ctx, environmentIdUuid, createResponseData.Id).DaVinciApplicationReplaceRequest(*updateClientData).Execute()
+			return framework.CheckEnvironmentExistsOnPermissionsError(ctx, r.Client, data.EnvironmentId.ValueString(), fO, fR, fErr)
+		},
+		"ReplaceDavinciApplicationById-Create",
+		framework.DefaultCustomError,
+		framework.DefaultRetryable,
+		&responseData,
+	)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Read update response into the model
+	resp.Diagnostics.Append(data.readClientResponse(responseData)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Save data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		terraform import pingone_davinci_application.example <environment_id>/<application_id>
-Original file line number
+Diff line change
@@ Expand Up @@
           }
         }
       })
-    }
+    }