adding some fixes

Author: KT-Doan

README.md

@@ -39,7 +39,7 @@ A Terraform provider for managing [Ory Network](https://www.ory.sh/) resources u
 terraform {
   required_providers {
     ory = {
-      source  = "ory/terraform-provider-orynetwork"
+      source  = "ory/orynetwork"
       version = "~> 0.1"
     }
   }
@@ -60,7 +60,7 @@ Then configure Terraform to use the local provider:
 # ~/.terraformrc
 provider_installation {
   dev_overrides {
-    "ory/terraform-provider-orynetwork" = "/path/to/terraform-provider-orynetwork"
+    "ory/orynetwork" = "/path/to/terraform-provider-orynetwork"
   }
   direct {}
 }
@@ -101,7 +101,7 @@ provider "ory" {
 terraform {
   required_providers {
     ory = {
-      source = "ory/terraform-provider-orynetwork"
+      source = "ory/orynetwork"
     }
   }
 }

docs/index.md

@@ -1,19 +1,7 @@
 ---
-# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "ory Provider"
 description: |-
-  The Ory provider enables Terraform to manage Ory Network https://www.ory.sh/ resources.
-  Authentication
-  Ory Network uses two types of API keys:
-  Workspace API Key (ory_wak_...): For organizations, projects, and workspace managementProject API Key (ory_pat_...): For identities, OAuth2 clients, and sessions
-  Configure via environment variables or provider block:
-  
-  provider "ory" {
-    workspace_api_key = var.ory_workspace_key  # or ORY_WORKSPACE_API_KEY env var
-    project_api_key   = var.ory_project_key    # or ORY_PROJECT_API_KEY env var
-    project_id        = var.ory_project_id     # or ORY_PROJECT_ID env var
-    project_slug      = var.ory_project_slug   # or ORY_PROJECT_SLUG env var
-  }
+  The Ory provider enables Terraform to manage Ory Network resources.
 ---
 
 # ory Provider
@@ -24,20 +12,38 @@ The Ory provider enables Terraform to manage [Ory Network](https://www.ory.sh/)
 
 Ory Network uses two types of API keys:
 
-1. **Workspace API Key** (`ory_wak_...`): For organizations, projects, and workspace management
-2. **Project API Key** (`ory_pat_...`): For identities, OAuth2 clients, and sessions
+| API Key Type | Prefix | Used For |
+|--------------|--------|----------|
+| **Workspace API Key** | `ory_wak_...` | Projects, organizations, workspace management, project config, actions |
+| **Project API Key** | `ory_pat_...` | Identities, OAuth2 clients, relationships |
+
+## Configuration Options
 
-Configure via environment variables or provider block:
+```bash
+export ORY_WORKSPACE_API_KEY="ory_wak_..."
+export ORY_WORKSPACE_ID="..."           # Required for creating new projects
+export ORY_PROJECT_API_KEY="ory_pat_..."
+export ORY_PROJECT_ID="..."
+export ORY_PROJECT_SLUG="..."
+```
 
 ```hcl
-provider "ory" {
-  workspace_api_key = var.ory_workspace_key  # or ORY_WORKSPACE_API_KEY env var
-  project_api_key   = var.ory_project_key    # or ORY_PROJECT_API_KEY env var
-  project_id        = var.ory_project_id     # or ORY_PROJECT_ID env var
-  project_slug      = var.ory_project_slug   # or ORY_PROJECT_SLUG env var
-}
+provider "ory" {}  # Picks up from ORY_* environment variables
 ```
 
+## Which Credentials Do You Need?
+
+| Resource | Required Credentials |
+|----------|---------------------|
+| `ory_project`, `ory_workspace` | `workspace_api_key`, `workspace_id` |
+| `ory_organization` | `workspace_api_key`, `project_id` |
+| `ory_project_config`, `ory_action`, `ory_social_provider`, `ory_email_template` | `workspace_api_key`, `project_id` |
+| `ory_identity`, `ory_oauth2_client`, `ory_relationship` | `project_api_key`, `project_slug` |
+
+## Import Requirements
+
+When importing existing resources, ensure you have the appropriate credentials configured **before** running `terraform import`.
+
 ## Example Usage
 
 ```terraform
@@ -55,6 +61,9 @@ provider "ory" {
   # Workspace API key for project/organization management
   workspace_api_key = var.ory_workspace_api_key # or set ORY_WORKSPACE_API_KEY env var
 
+  # Workspace ID (required for creating new projects)
+  workspace_id = var.ory_workspace_id # or set ORY_WORKSPACE_ID env var
+
   # Project API key for identity/OAuth2 operations
   project_api_key = var.ory_project_api_key # or set ORY_PROJECT_API_KEY env var
 
@@ -77,22 +86,32 @@ variable "ory_workspace_api_key" {
   type        = string
   sensitive   = true
   description = "Ory Workspace API Key (ory_wak_...)"
+  default     = null
+}
+
+variable "ory_workspace_id" {
+  type        = string
+  description = "Ory Workspace ID (UUID)"
+  default     = null
 }
 
 variable "ory_project_api_key" {
   type        = string
   sensitive   = true
   description = "Ory Project API Key (ory_pat_...)"
+  default     = null
 }
 
 variable "ory_project_id" {
   type        = string
   description = "Ory Project ID (UUID)"
+  default     = null
 }
 
 variable "ory_project_slug" {
   type        = string
   description = "Ory Project Slug (e.g., vibrant-moore-abc123)"
+  default     = null
 }
 ```
 

docs/resources/action.md

@@ -1,5 +1,4 @@
 ---
-# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "ory_action Resource - ory"
 subcategory: ""
 description: |-
@@ -10,6 +9,8 @@ description: |-
 
 Manages an Ory Action (webhook) for identity flows.
 
+Actions allow you to trigger webhooks at specific points in identity flows (login, registration, recovery, settings, verification).
+
 ## Example Usage
 
 ```terraform
@@ -58,6 +59,69 @@ resource "ory_action" "sync_verified" {
 }
 ```
 
+## Authentication Methods
+
+The `auth_method` attribute specifies which authentication method triggers the webhook. This corresponds to the "Next" modal in the Ory Console UI when creating an action.
+
+| Value | Description | UI Equivalent |
+|-------|-------------|---------------|
+| `password` | Password-based authentication (default) | "Password" |
+| `oidc` | Social/OIDC authentication (Google, GitHub, etc.) | "Social Sign-In" |
+| `code` | One-time code (magic link, OTP) | "Code" |
+| `webauthn` | Hardware security keys | "WebAuthn" |
+| `passkey` | Passkey authentication | "Passkey" |
+| `totp` | Time-based one-time password | "TOTP" |
+| `lookup_secret` | Recovery/backup codes | "Backup Codes" |
+
+~> **Note:** `auth_method` is only used for `timing = "after"` webhooks. For `timing = "before"` hooks, the webhook runs before any authentication method.
+
+## Import
+
+Actions use different import formats depending on timing:
+
+**For "after" timing (post-hooks):**
+```shell
+terraform import ory_action.welcome_email "project_id:flow:after:auth_method:url"
+```
+
+**For "before" timing (pre-hooks):**
+```shell
+terraform import ory_action.validate_login "project_id:flow:before:url"
+```
+
+### Examples
+
+```shell
+# Import a post-registration password webhook
+terraform import ory_action.welcome \
+  "550e8400-e29b-41d4-a716-446655440000:registration:after:password:https://api.example.com/webhooks/welcome"
+
+# Import a post-login social (OIDC) webhook
+terraform import ory_action.social_login \
+  "550e8400-e29b-41d4-a716-446655440000:login:after:oidc:https://api.example.com/webhooks/social"
+
+# Import a pre-login validation webhook (no auth_method needed)
+terraform import ory_action.validate \
+  "550e8400-e29b-41d4-a716-446655440000:login:before:https://api.example.com/webhooks/validate"
+```
+
+### Finding Import Values from Ory Console
+
+1. **project_id**: Settings → General → Project ID
+2. **flow**: The flow type (login, registration, recovery, settings, verification)
+3. **timing**: "before" or "after"
+4. **auth_method** (for "after" only): password, oidc, code, webauthn, passkey, totp, lookup_secret
+5. **url**: The exact webhook URL - must match exactly including protocol and trailing slashes
+
+### Troubleshooting Import Errors
+
+If you see "Cannot import non-existent remote object", the import will show a warning listing webhooks found at that location. This helps you find the correct URL and auth_method.
+
+Common issues:
+- **URL mismatch**: URLs must match exactly, including `https://` and any trailing `/`
+- **Wrong auth_method**: UI-created actions default to "password" if you didn't explicitly select one
+- **Wrong timing**: Check if the webhook is a pre-hook (before) or post-hook (after)
+
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
@@ -69,7 +133,7 @@ resource "ory_action" "sync_verified" {
 
 ### Optional
 
-- `auth_method` (String) Authentication method to hook into (password, oidc, code, webauthn, passkey, totp, lookup_secret). Required for 'after' timing.
+- `auth_method` (String) Authentication method to hook into. This corresponds to the 'Next' step in the Ory Console UI when creating an action. Valid values: `password` (default), `oidc` (social login), `code` (magic link/OTP), `webauthn`, `passkey`, `totp`, `lookup_secret`. Only used for `timing = "after"` webhooks.
 - `body` (String) Jsonnet template for the request body.
 - `can_interrupt` (Boolean) Allow webhook to interrupt/block the flow (default: false).
 - `method` (String) HTTP method (default: POST).

docs/resources/project.md

@@ -1,22 +1,8 @@
 ---
-# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "ory_project Resource - ory"
 subcategory: ""
 description: |-
   Manages an Ory Network project.
-  Projects are the top-level resource in Ory Network. Each project has its own
-  identity service, OAuth2 server, and configuration.
-  Example Usage
-  
-  resource "ory_project" "main" {
-    name        = "My Application"
-    environment = "prod"
-  }
-  
-  Import
-  Projects can be imported using their ID:
-  
-  terraform import ory_project.main <project-id>
 ---
 
 # ory_project (Resource)
@@ -28,13 +14,49 @@ identity service, OAuth2 server, and configuration.
 
 ## Example Usage
 
-```hcl
-resource "ory_project" "main" {
-  name        = "My Application"
+```terraform
+# Create a production project
+resource "ory_project" "production" {
+  name        = "My Application - Production"
   environment = "prod"
 }
+
+# Create a staging project
+resource "ory_project" "staging" {
+  name        = "My Application - Staging"
+  environment = "stage"
+}
+
+# Create a development project (note: no B2B Organizations support)
+resource "ory_project" "dev" {
+  name        = "My Application - Development"
+  environment = "dev"
+}
+
+# Output the project details
+output "production_project_id" {
+  value = ory_project.production.id
+}
+
+output "production_project_slug" {
+  description = "Use this for ORY_PROJECT_SLUG"
+  value       = ory_project.production.slug
+}
 ```
 
+## Environment Types
+
+The `environment` attribute determines which features are available:
+
+| Environment | Description | B2B Organizations |
+|-------------|-------------|-------------------|
+| `prod` | Production environment with full features | Supported |
+| `stage` | Staging environment for testing | Supported |
+| `dev` | Development environment with limited features | **Not supported** |
+
+~> **Important:** If you plan to use `ory_organization` resources, you must use `prod` or `stage` environment.
+The `dev` environment does not support B2B features.
+
 ## Import
 
 Projects can be imported using their ID:
@@ -43,21 +65,31 @@ Projects can be imported using their ID:
 terraform import ory_project.main <project-id>
 ```
 
+After import, you can reference the computed outputs:
 
+```hcl
+output "project_slug" {
+  value = ory_project.main.slug
+}
+
+output "project_state" {
+  value = ory_project.main.state
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Required
 
-- `name` (String) The name of the project.
+- `name` (String) The display name of the project. This is shown in the Ory Console.
 
 ### Optional
 
-- `environment` (String) The environment type: prod, stage, or dev.
+- `environment` (String) The environment type. Must be one of: `prod` (production), `stage` (staging), or `dev` (development). Defaults to `prod`. **Cannot be changed after creation** - changing this will force a new resource. Note: `dev` environment does not support B2B Organizations.
 
 ### Read-Only
 
-- `id` (String) The unique identifier of the project.
-- `slug` (String) The project slug (e.g., 'vibrant-moore-abc123').
-- `state` (String) The project state (e.g., 'running').
+- `id` (String) The unique identifier of the project (UUID format).
+- `slug` (String) The project slug (e.g., `vibrant-moore-abc123`). This is auto-generated by Ory and used in API URLs. Use this value for `ORY_PROJECT_SLUG` or `project_slug` in provider configuration.
+- `state` (String) The project state. Typically `running` for active projects.