Support clean DaVinci environments (#250)

* development in progress

* update index

* update `davinci_connection` schema

* fix `davinci_connection` bugs

* `connection` stability

* updates and corrections

* update docs

* remove panic outcomes

* applications resource (in progress testing)

* defer retry condition to SDK

* `application` in progress

* raise retry limit to 20

* final `application`

* flow policy - in progress

* flow policy docs

* `application_flow_policy` in progress

* update connection doc

* add ability to replace a connection name in flow import

* add connections docs

* `connections` data source

* update `connection`

* update `connections`

* changelog (pre-sdk uplift)

* docs update

* `application` doc update

* changelog update

* `applications` data source

* `connections` update

* terrafmt

* `connection` update

* `application` data source update

* documentation updates

* documentation updates

* flow test draft

* terrafmt

* adjust error responses

* framework inclusion, sdk updates

* update `davinci_connection`

* update `davinci_flow`

* updates to data models and `davinci_flow`

* flow difference calculation (1)

* flow difference calculation (2)

* obfuscate secrets in debug

* fix epoch data type issues

* update flow testing

* fix tests

* compute flow diffs WIP

* update flow diff

* bug fixes

* bug fixes

* update flow resource docs

* code optimisation

* defer auth retry logic to sdk

* fix testing issues on non-flow resources/datasources

* testing corrections `flow`

* bug fixes

* updated warning messages

* update P1 client user agent suffix

* code optimisation

* update go deps

* changelog

* lint issue fix

* bump module `github.com/samir-gandhi/davinci-client-go`

* lint corrections

* update connection reference docs

* update `dvgenerate` module

* update `flow_json` description

* update connection doc sorting

* bump `dvgenerate`

.changelog/250.txt

@@ -0,0 +1,191 @@
+```release-note:note
+bump `github.com/patrickcping/pingone-go-sdk-v2/management` 0.34.0 => 0.36.0
+```
+
+```release-note:note
+bump `github.com/samir-gandhi/davinci-client-go` 0.0.55 => 0.1.0
+```
+
+```release-note:note
+Provider updated thoughout to support environments that have been created without demo/bootstrapped configuration automatically applied.  Creation of environments without demo/bootstrapped configuration is best practice going forward.
+```
+
+```release-note:note
+Index documentation updated to reflect latest best practices for admin role requirements and creation of PingOne environments that do not have demo/bootstrapped configuration automatically applied.
+```
+
+```release-note:bug
+Fixed bug where resources may be created in the incorrect PingOne environment when multiple DaVinci environments are being configured in the same `apply` routine.
+```
+
+```release-note:note
+Added plugin mux factory and plugin framework (v6 protocol) provider to facilitate migration from SDKv2 (v5 protocol).
+```
+
+```release-note:note
+Code optimisations to remove unnecessary SDK retry logic.
+```
+
+```release-note:note
+Added regex validation for resource/data-source parameters that require platform IDs.
+```
+
+```release-note:bug
+Fixed intermittent `Unable to retrieve access_token within 60s for environment` error.
+```
+
+```release-note:note
+`data-source/davinci_applications`: Corrected documentation category.
+```
+
+```release-note:note
+`data-source/davinci_application`: Un-deprecate the `application_id` parameter, and deprecated the `id` parameter for the purpose of fetching an application by it's ID.  The `application_id` should be used going forward.
+```
+
+```release-note:note
+`data-source/davinci_application`: Deprecated the `user_portal` and `saml` block parameters as they are no longer used.  The parameters will be removed in the next major release.
+```
+
+```release-note:bug
+`data-source/davinci_applications`: Fixed bug where not all applications are returned for an environment due to eventual consistency considerations on environment creation.
+```
+
+```release-note:note
+`data-source/davinci_applications`: Deprecated the `user_portal` and `saml` block parameters as they are no longer used.  The parameters will be removed in the next major release.
+```
+
+```release-note:enhancement
+`data-source/davinci_applications`: Added a configurable timeout parameter and updated the default timeout to `20m` due to eventual consistency considerations on environment creation.
+```
+
+```release-note:bug
+`data-source/davinci_applications`: Fixed issue where not all connections are returned due to eventual consistency considerations on environment creation.
+```
+
+```release-note:enhancement
+`data-source/davinci_connection`: Added a new `connection_id` parameter and deprecated the `id` parameter for the purpose of fetching a connection by it's ID.  The `connection_id` should be used going forward.
+```
+
+```release-note:enhancement
+`data-source/davinci_connection`: Added a configurable timeout parameter and updated the default timeout to `20m` due to eventual consistency considerations on environment creation.
+```
+
+```release-note:bug
+`data-source/davinci_connection`: Fixed issue where a connection isn't returned due to eventual consistency considerations on environment creation.
+```
+
+```release-note:note
+`data-source/davinci_connections`: Deprecated the `connections.company_id` parameter as it is a duplicate of the `environment_id` parameter.
+```
+
+```release-note:bug
+`data-source/davinci_connections`: Fixed the `connections.customer_id` attribute not being stored into state.
+```
+
+```release-note:enhancement
+`data-source/davinci_connections`: Added a configurable timeout parameter and updated the default timeout to `20m` due to eventual consistency considerations on environment creation.
+```
+
+```release-note:bug
+`resource/davinci_application`: Fixed inability to set `api_key_enabled`, `oauth.enabled` and `oauth.values.enabled` to `false`.
+```
+
+```release-note:bug
+`resource/davinci_application`: Fixed panic crash when defining an application with an `oauth` block, but without `oauth.values`.
+```
+
+```release-note:note
+`resource/davinci_application`: Deprecated the `user_portal` and `saml` parameters as they are no longer used.  The parameters will be removed in the next major version release.
+```
+
+```release-note:bug
+`resource/davinci_application_flow_policy`: Fixed inability to update the environment ID and application ID once created (resource now requires replacement).
+```
+
+```release-note:bug
+`resource/davinci_application_flow_policy`: Fixed error when specifying a flow policy without any `policy_flow` blocks.  The `policy_flow` block is now a required field.
+```
+
+```release-note:bug
+`resource/davinci_application_flow_policy`: Fixed error when specifying a flow policy without `policy_flow.name` or `policy_flow.version` parameters.  The `policy_flow.name` and `policy_flow.version` are now required fields.
+```
+
+```release-note:bug
+`resource/davinci_application_flow_policy`: Fixed inability to set `policy_flow.success_nodes`.
+```
+
+```release-note:enhancement
+`resource/davinci_application_flow_policy`: Added `policy_flow.allowed_ip_list` to be able to configure an allowed IP list for policy flows.
+```
+
+```release-note:bug
+`resource/davinci_connection`: Fixed inconsistent plan when specifying a property data type.
+```
+
+```release-note:bug
+`resource/davinci_connection`: Fixed inability to update the environment ID, connection name and ID once created (resource now requires replacement).
+```
+
+```release-note:bug
+`resource/davinci_connection`: Fixed `Error retrieving connectors / 7005` error in certain conditions.
+```
+
+```release-note:note
+`resource/davinci_connection`: When the `property.type` parameter is not set for a property object, the default is now set to `string`.
+```
+
+```release-note:enhancement
+`resource/davinci_flow`: Added the `connection_link.replace_import_connection_id` parameter to be able to replace the name of connectors with the specified connection ID in a flow import.
+```
+
+```release-note:enhancement
+`resource/davinci_flow`: Added the `subflow_link.replace_import_subflow_id` parameter to be able to replace the name of subflows with the specified subflow ID in a flow import.
+```
+
+```release-note:bug
+`resource/davinci_flow`: Fixed inability to update the environment ID after initial configuration (resource requires replacement).
+```
+
+```release-note:note
+`resource/davinci_flow`: Migrated to plugin framework.
+```
+
+```release-note:bug
+`resource/davinci_flow`: Corrected flow drift calculation errors, causing plan inconsistency.
+```
+
+```release-note:bug
+`resource/davinci_flow`: Corrected panic errors on flow drift calculation and connection/subflow re-mapping.
+```
+
+```release-note:note
+`resource/davinci_flow`: Updated warning messages when subflows and connectors are left unmapped.  Going forward, all subflows and connections in a flow should be mapped using the `connection_link` and `subflow_link` parameters.
+```
+
+```release-note:enhancement
+`resource/davinci_flow`: The `name` parameter is now an optional field, to be able to override the name of the flow on import.
+```
+
+```release-note:note
+`resource/davinci_flow`: The `deploy` parameter is now deprecated.  Deployment on import and update is now implicit.  This parameter will be removed in the next major release.
+```
+
+```release-note:enhancement
+`resource/davinci_flow`: Added the `description` parameter to be able to override the description of the flow on import.
+```
+
+```release-note:enhancement
+`resource/davinci_flow`: Added the `flow_configuration_json` and `flow_export_json` attributes to the resource.  `flow_configuration_json` is used to compute configuration changes and drift, while `flow_export_json` is used as a record of the resulting flow once imported to the target environment.
+```
+
+```release-note:breaking-change
+`resource/davinci_flow`: The `flow_json` parameter does not now represent the flow after import.  It now only represents the flow JSON payload from the source system.  When needing to use the resulting flow after import in the target environment, `flow_export_json` should be used.
+```
+
+```release-note:note
+`resource/davinci_flow`: The `flow_variables` computed attribute has changed data type.  Previously the attribute was a block type.  Going forward, the attribute is nested set type.  There are no changes expected to HCL to use the new data type.
+```
+
+```release-note:bug
+`resource/davinci_variable`: Fixed inability to update the environment ID once created (resource now requires replacement).
+```

docs/data-sources/application.md

@@ -13,8 +13,8 @@ description: |-
 
 ```terraform
 data "davinci_application" "by_app_id" {
-  application_id = var.application_id
   environment_id = var.environment_id
+  application_id = var.application_id
 }
 
 output "davinci_app_one_key" {
@@ -27,26 +27,26 @@ output "davinci_app_one_key" {
 
 ### Required
 
-- `environment_id` (String) PingOne environment id
+- `environment_id` (String) The ID of the PingOne environment to create the DaVinci application. Must be a valid PingOne resource ID.
 
 ### Optional
 
-- `application_id` (String) DEPRECATED: Use field 'id'. id of the application to retrieve.
-- `id` (String) id of the application to retrieve.
+- `application_id` (String) The ID of the application to retrieve.
+- `id` (String) The ID of the application.  Use of this parameter to fetch the application data is deprecated, use the `application_id` parameter instead.
 
 ### Read-Only
 
-- `api_key_enabled` (Boolean) Enabled by default in UI
-- `api_keys` (Map of String) Appplication Api Key
-- `created_date` (Number) Resource creation date
-- `customer_id` (String) Internal used field
-- `metadata` (Map of String) Appplication Metadata
-- `name` (String) Application name
-- `oauth` (Set of Object) OIDC configuration (see [below for nested schema](#nestedatt--oauth))
+- `api_key_enabled` (Boolean) A boolean that specifies whether the API key is enabled for the application.
+- `api_keys` (Map of String) A map of strings that represents the application's API Key.
+- `created_date` (Number) Resource creation date as epoch.
+- `customer_id` (String) An ID that represents the customer tenant.
+- `metadata` (Map of String) Application Metadata.
+- `name` (String) The application name.
+- `oauth` (Set of Object) A single list item specifying OIDC/OAuth 2.0 configuration. (see [below for nested schema](#nestedatt--oauth))
 - `policy` (Set of Object) Flow Policy Configuration (see [below for nested schema](#nestedatt--policy))
-- `saml` (Set of Object) SAML configuration (see [below for nested schema](#nestedatt--saml))
-- `user_pools` (Map of String) Internal read only field.
-- `user_portal` (Set of Object) This is deprecated in the UI and will be removed in a future release. (see [below for nested schema](#nestedatt--user_portal))
+- `saml` (Set of Object, Deprecated) **Deprecation notice**: SAML configuration is now deprecated in the service and will be removed in the next major release.  A single list item that specifies SAML configuration. (see [below for nested schema](#nestedatt--saml))
+- `user_pools` (Map of String) Application User Pools.
+- `user_portal` (Set of Object, Deprecated) **Deprecation notice** This is now deprecated in the service and will be removed from the provider in the next major release.  A single object that describes user portal settings. (see [below for nested schema](#nestedatt--user_portal))
 
 <a id="nestedatt--oauth"></a>
 ### Nested Schema for `oauth`

docs/data-sources/applications.md

@@ -1,6 +1,6 @@
 ---
 page_title: "davinci_applications Data Source - terraform-provider-davinci"
-subcategory: "Connection"
+subcategory: "Application"
 description: |-
   
 ---
@@ -12,27 +12,35 @@ description: |-
 ## Example Usage
 
 ```terraform
-data "davinci_applications" "all" {
+data "davinci_applications" "all_applications" {
   environment_id = var.environment_id
 }
-
-output "davinci_applications" {
-  value = data.davinci_applications.all.applications
-}
 ```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Required
 
-- `environment_id` (String) PingOne environment id
+- `environment_id` (String) The ID of the PingOne environment to retrieve applications from. Must be a valid PingOne resource ID.
+
+### Optional
+
+- `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
 
-- `applications` (Set of Object) List of applications in the environment. (see [below for nested schema](#nestedatt--applications))
+- `applications` (Set of Object) A set of applications retrieved from the environment. (see [below for nested schema](#nestedatt--applications))
 - `id` (String) The ID of this resource.
 
+<a id="nestedblock--timeouts"></a>
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `read` (String)
+
+
 <a id="nestedatt--applications"></a>
 ### Nested Schema for `applications`
 

docs/data-sources/connection.md

@@ -12,15 +12,15 @@ description: |-
 ## Example Usage
 
 ```terraform
-data "davinci_connection" "http_by_name" {
+data "davinci_connection" "example_by_name" {
   environment_id = var.pingone_environment_id
-  name           = "Http"
+
+  name = "Http"
 }
 
-data "davinci_connection" "http_by_id" {
+data "davinci_connection" "example_by_id" {
   environment_id = var.pingone_environment_id
-  // This will filter output to only include connections using the "httpConnector" type. 
-  // Helpful for validation that only one of a certain type exists.
+
   id = "867ed4363b2bc21c860085ad2baa817d"
 }
 ```
@@ -30,19 +30,29 @@ data "davinci_connection" "http_by_id" {
 
 ### Required
 
-- `environment_id` (String) PingOne environment id
+- `environment_id` (String) The ID of the PingOne environment to retrieve a connection from. Must be a valid PingOne resource ID.
 
 ### Optional
 
-- `id` (String) ID of the connection to retrieve. Either id or name must be specified.
-- `name` (String) Name of the connection to retrieve. Either id or name must be specified.
+- `connection_id` (String) A string that specifies the ID of the connection to retrieve. Either `connection_id` or `name` must be specified.
+- `id` (String) A string that specifies the ID of the connection to retrieve.  This field is deprecated for retrieving the connection and will be made read only in a future release, use `connection_id` instead.
+- `name` (String) A string that specifies the name of the connection to retrieve. Either `id` or `name` must be specified.
+- `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
 
-- `connector_id` (String) DaVinci internal connector type. Only found via API read response (e.g Http Connector is 'httpConnector')
-- `created_date` (Number) Resource creation date as epoch.
-- `customer_id` (String) Internal DaVinci id. Should not be set by user.
-- `property` (Set of Object) Connection configuration (see [below for nested schema](#nestedatt--property))
+- `connector_id` (String) The DaVinci internal connector type ID, which can be found in the [DaVinci Connection Definitions](../../resources/connection#davinci-connection-definitions) documentation.
+- `created_date` (Number) Resource creation date as epoch timestamp.
+- `customer_id` (String) An ID that represents the customer tenant.
+- `property` (Set of Object) Connection properties. These are specific to the connector type configured in `connector_id`. See the [DaVinci Connection Definitions](#davinci-connection-definitions) document to find the appropriate property name/value pairs for the connection. (see [below for nested schema](#nestedatt--property))
+
+<a id="nestedblock--timeouts"></a>
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `read` (String)
+
 
 <a id="nestedatt--property"></a>
 ### Nested Schema for `property`