minor fixes

Signed-off-by: Sivaanand Murugesan <[email protected]>

Author: SivaanandM

docs/resources/password_policy.md

@@ -48,7 +48,7 @@ resource "spectrocloud_password_policy" "policy_regex" {
 - `min_password_length` (Number) The minimum length required for the password. Enforces a stronger password policy by ensuring a minimum number of characters.  Default minimum length is `6`.
 - `min_special_characters` (Number) The minimum number of special characters (e.g., !, @, #, $, %) required in the password. This increases the password's security level by including symbols. Minimum special characters should be `1`.
 - `min_uppercase_letters` (Number) The minimum number of uppercase letters (A-Z) required in the password. Helps ensure password complexity with a mix of case-sensitive characters. Minimum length of upper case should be `1`.
-- `password_expiry_days` (Number) The number of days before the password expires. Must be between 1 and 1000 days. Defines how often passwords must be changed.  Default is `999` days for expiry.
+- `password_expiry_days` (Number) The number of days before the password expires. Must be between 1 and 1000 days. Defines how often passwords must be changed.  Default is `999` days for expiry. Conflicts with `min_password_length`, `min_uppercase_letters`, `min_digits`, `min_lowercase_letters`, `min_special_characters`
 - `password_regex` (String) A regular expression (regex) to define custom password patterns, such as enforcing specific characters or sequences in the password.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 

docs/resources/platform_setting.md

@@ -50,12 +50,12 @@ resource "spectrocloud_platform_setting" "platform_settings" {
 - `cluster_auto_remediation` (Boolean) Enables automatic remediation for unhealthy nodes in Palette-provisioned clusters by replacing them with new nodes. Disabling this feature prevents auto-remediation. Not applicable to `EKS`, `AKS`, or `TKE` clusters.
 - `context` (String) Defines the scope of the platform setting. Valid values are `project` or `tenant`. By default, it is set to `tenant`. If  the `project` context is specified, the project name will sourced from the provider configuration parameter [`project_name`](https://registry.terraform.io/providers/spectrocloud/spectrocloud/latest/docs#schema).
 - `enable_auto_remediation` (Boolean) Enables automatic remediation. set only with `project' context
-- `login_banner` (Block List, Max: 1) Configure a login banner that users must acknowledge before signing in. (see [below for nested schema](#nestedblock--login_banner))
-- `non_fips_addon_pack` (Boolean) Allows users in this tenant to use non-FIPS-compliant addon packs when creating cluster profiles. The `non_fips_addon_pack` only supported in palette vertex environment.
-- `non_fips_cluster_import` (Boolean) Allows users in this tenant to import clusters, but the imported clusters may not be FIPS-compliant.  The `non_fips_cluster_import` only supported in palette vertex environment.
-- `non_fips_features` (Boolean) Allows users in this tenant to access non-FIPS-compliant features such as backup, restore, and scans. The `non_fips_features` only supported in palette vertex environment.
+- `login_banner` (Block List, Max: 1) Configure a login banner that users must acknowledge before signing in. Allowed only for `tenant` context (see [below for nested schema](#nestedblock--login_banner))
+- `non_fips_addon_pack` (Boolean) Allows users in this tenant to use non-FIPS-compliant addon packs when creating cluster profiles. The `non_fips_addon_pack` only supported in palette vertex environment. Allowed only for `tenant` context
+- `non_fips_cluster_import` (Boolean) Allows users in this tenant to import clusters, but the imported clusters may not be FIPS-compliant.  The `non_fips_cluster_import` only supported in palette vertex environment. Allowed only for `tenant` context
+- `non_fips_features` (Boolean) Allows users in this tenant to access non-FIPS-compliant features such as backup, restore, and scans. The `non_fips_features` only supported in palette vertex environment. Allowed only for `tenant` context
 - `pause_agent_upgrades` (String) Controls automatic upgrades for Palette components and agents in clusters deployed under a tenant or project. Setting it to `lock` disables automatic upgrades, while `unlock` (default) allows automatic upgrades.
-- `session_timeout` (Number) Specifies the duration (in minutes) of inactivity before a user is automatically logged out. The default is 240 minutes allowed in Palette
+- `session_timeout` (Number) Specifies the duration (in minutes) of inactivity before a user is automatically logged out. The default is 240 minutes allowed in Palette. Allowed only for `tenant` context
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only

go.mod

@@ -1,6 +1,8 @@
 module github.com/spectrocloud/terraform-provider-spectrocloud
 
-go 1.23.8
+go 1.23.10
+
+toolchain go1.24.0
 
 require (
 	github.com/Masterminds/semver/v3 v3.1.1
@@ -11,7 +13,7 @@ require (
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0
 	github.com/robfig/cron v1.2.0
-	github.com/spectrocloud/palette-sdk-go v0.0.0-20250609000517-b8c846462a23
+	github.com/spectrocloud/palette-sdk-go v0.0.0-20250613174329-bb4a896f985c
 	github.com/stretchr/testify v1.10.0
 	gotest.tools v2.2.0+incompatible
 	k8s.io/api v0.23.5

go.sum

@@ -597,8 +597,8 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spectrocloud/palette-sdk-go v0.0.0-20250609000517-b8c846462a23 h1:zOML/YwK2glLhECgsAaDzhCa2UnT+L+rC6P8sVUeabY=
-github.com/spectrocloud/palette-sdk-go v0.0.0-20250609000517-b8c846462a23/go.mod h1:3/NvYC0TKTbjvnyfaNj+A5r3nVhwDJ26B3PF86RZ/cc=
+github.com/spectrocloud/palette-sdk-go v0.0.0-20250613174329-bb4a896f985c h1:iKoY+a/T3+ZVmrnQgyDiOvBt/FAI2TmcFXOYl83bgQQ=
+github.com/spectrocloud/palette-sdk-go v0.0.0-20250613174329-bb4a896f985c/go.mod h1:wIt8g7I7cmcQvTo5ktwhSF0/bWq6uRdxGBs9dwTpleU=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=

spectrocloud/common_test.go

@@ -26,7 +26,7 @@ import (
 
 const (
 	negativeHost  = "127.0.0.1:8888"
-	host          = "127.0.0.1:8080"
+	host          = "127.0.0.1:8088"
 	trace         = false
 	retryAttempts = 10
 	apiKey        = "12345"
@@ -127,7 +127,7 @@ func checkMockServerHealth() error {
 
 	for i := 0; i < maxRetries; i++ {
 		// Create a new HTTP request
-		req, err := http.NewRequest("GET", "https://127.0.0.1:8080/v1/health", nil)
+		req, err := http.NewRequest("GET", "https://127.0.0.1:8088/v1/health", nil)
 		if err != nil {
 			return err
 		}
@@ -172,7 +172,7 @@ func setup() error {
 		return err
 	}
 
-	fmt.Printf("\033[1;36m%s\033[0m", "> Started Mock Api Server at https://127.0.0.1:8080 & https://127.0.0.1:8888 \n")
+	fmt.Printf("\033[1;36m%s\033[0m", "> Started Mock Api Server at https://127.0.0.1:8088 & https://127.0.0.1:8888 \n")
 	unitTestMockAPIClient, _ = unitTestProviderConfigure(ctx)
 	unitTestMockAPINegativeClient, _ = unitTestNegativeCaseProviderConfigure(ctx)
 	fmt.Printf("\033[1;36m%s\033[0m", "> Setup completed \n")

spectrocloud/provider_test.go

@@ -63,7 +63,7 @@ func prepareBaseProviderConfig() *schema.ResourceData {
 	}
 
 	d := basSchema.TestResourceData()
-	_ = d.Set("host", "127.0.0.1:8080")
+	_ = d.Set("host", "127.0.0.1:8088")
 	_ = d.Set("project_name", "Default")
 	_ = d.Set("ignore_insecure_tls_error", true)
 	_ = d.Set("api_key", "12345")

spectrocloud/resource_password_policy.go

@@ -3,11 +3,12 @@ package spectrocloud
 import (
 	"context"
 	"fmt"
+	"time"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/spectrocloud/palette-sdk-go/api/models"
-	"time"
 )
 
 func resourcePasswordPolicy() *schema.Resource {
@@ -19,6 +20,7 @@ func resourcePasswordPolicy() *schema.Resource {
 		Importer: &schema.ResourceImporter{
 			StateContext: resourcePasswordPolicyImport,
 		},
+		// CustomizeDiff: resourcePasswordPolicyCustomizeDiff,
 
 		Timeouts: &schema.ResourceTimeout{
 			Create: schema.DefaultTimeout(10 * time.Minute),
@@ -28,20 +30,17 @@ func resourcePasswordPolicy() *schema.Resource {
 		SchemaVersion: 2,
 		Schema: map[string]*schema.Schema{
 			"password_regex": {
-				Type:     schema.TypeString,
-				Optional: true,
-				Default:  "",
-				ConflictsWith: []string{"min_password_length", "min_uppercase_letters",
-					"min_digits", "min_lowercase_letters", "min_special_characters"},
-				RequiredWith: []string{"password_expiry_days", "first_reminder_days"},
-				Description:  "A regular expression (regex) to define custom password patterns, such as enforcing specific characters or sequences in the password.",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "A regular expression (regex) to define custom password patterns, such as enforcing specific characters or sequences in the password.",
 			},
 			"password_expiry_days": {
 				Type:         schema.TypeInt,
 				Optional:     true,
 				Default:      999,
 				ValidateFunc: validation.IntBetween(1, 1000),
-				Description:  "The number of days before the password expires. Must be between 1 and 1000 days. Defines how often passwords must be changed.  Default is `999` days for expiry.",
+				Description:  "The number of days before the password expires. Must be between 1 and 1000 days. Defines how often passwords must be changed.  Default is `999` days for expiry. Conflicts with `min_password_length`, `min_uppercase_letters`, `min_digits`, `min_lowercase_letters`, `min_special_characters`",
 			},
 			"first_reminder_days": {
 				Type:        schema.TypeInt,
@@ -78,6 +77,38 @@ func resourcePasswordPolicy() *schema.Resource {
 	}
 }
 
+// enable validation in later part of the code
+// func resourcePasswordPolicyCustomizeDiff(ctx context.Context, diff *schema.ResourceDiff, v interface{}) error {
+// 	passwordRegex := diff.Get("password_regex").(string)
+
+// 	// If password_regex is set, check that the individual password requirements are not set
+// 	if passwordRegex != "" {
+// 		conflictingFields := []string{
+// 			"min_password_length",
+// 			"min_uppercase_letters",
+// 			"min_digits",
+// 			"min_lowercase_letters",
+// 			"min_special_characters",
+// 		}
+
+// 		for _, field := range conflictingFields {
+// 			if val := diff.Get(field); val != nil && val != 0 {
+// 				return fmt.Errorf("password_regex cannot be used together with %s. Use either password_regex for custom patterns or the individual minimum requirements", field)
+// 			}
+// 		}
+
+// 		// When using password_regex, password_expiry_days and first_reminder_days are required
+// 		if diff.Get("password_expiry_days").(int) == 0 {
+// 			return fmt.Errorf("password_expiry_days is required when using password_regex")
+// 		}
+// 		if diff.Get("first_reminder_days").(int) == 0 {
+// 			return fmt.Errorf("first_reminder_days is required when using password_regex")
+// 		}
+// 	}
+
+// 	return nil
+// }
+
 func toPasswordPolicy(d *schema.ResourceData) (*models.V1TenantPasswordPolicyEntity, error) {
 	if d.Get("password_regex").(string) != "" {
 		return &models.V1TenantPasswordPolicyEntity{

spectrocloud/resource_platform_setting.go

@@ -3,11 +3,12 @@ package spectrocloud
 import (
 	"context"
 	"fmt"
+	"time"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/spectrocloud/palette-sdk-go/api/models"
-	"time"
 )
 
 func resourcePlatformSetting() *schema.Resource {
@@ -38,7 +39,7 @@ func resourcePlatformSetting() *schema.Resource {
 			"session_timeout": {
 				Type:        schema.TypeInt,
 				Optional:    true,
-				Description: "Specifies the duration (in minutes) of inactivity before a user is automatically logged out. The default is 240 minutes allowed in Palette",
+				Description: "Specifies the duration (in minutes) of inactivity before a user is automatically logged out. The default is 240 minutes allowed in Palette. Allowed only for `tenant` context",
 			},
 			"pause_agent_upgrades": {
 				Type:         schema.TypeString,
@@ -64,23 +65,23 @@ func resourcePlatformSetting() *schema.Resource {
 			"non_fips_addon_pack": {
 				Type:        schema.TypeBool,
 				Optional:    true,
-				Description: "Allows users in this tenant to use non-FIPS-compliant addon packs when creating cluster profiles. The `non_fips_addon_pack` only supported in palette vertex environment.",
+				Description: "Allows users in this tenant to use non-FIPS-compliant addon packs when creating cluster profiles. The `non_fips_addon_pack` only supported in palette vertex environment. Allowed only for `tenant` context",
 			},
 			"non_fips_features": {
 				Type:        schema.TypeBool,
 				Optional:    true,
-				Description: "Allows users in this tenant to access non-FIPS-compliant features such as backup, restore, and scans. The `non_fips_features` only supported in palette vertex environment.",
+				Description: "Allows users in this tenant to access non-FIPS-compliant features such as backup, restore, and scans. The `non_fips_features` only supported in palette vertex environment. Allowed only for `tenant` context",
 			},
 			"non_fips_cluster_import": {
 				Type:        schema.TypeBool,
 				Optional:    true,
-				Description: "Allows users in this tenant to import clusters, but the imported clusters may not be FIPS-compliant.  The `non_fips_cluster_import` only supported in palette vertex environment.",
+				Description: "Allows users in this tenant to import clusters, but the imported clusters may not be FIPS-compliant.  The `non_fips_cluster_import` only supported in palette vertex environment. Allowed only for `tenant` context",
 			},
 			"login_banner": {
 				Type:        schema.TypeList,
 				MaxItems:    1,
 				Optional:    true,
-				Description: "Configure a login banner that users must acknowledge before signing in.",
+				Description: "Configure a login banner that users must acknowledge before signing in. Allowed only for `tenant` context",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"title": {
@@ -97,24 +98,25 @@ func resourcePlatformSetting() *schema.Resource {
 				},
 			},
 		},
-		CustomizeDiff: validateContextDependencies,
+		// CustomizeDiff: validateContextDependencies,
 	}
 }
 
-func validateContextDependencies(ctx context.Context, d *schema.ResourceDiff, meta interface{}) error {
-	contextVal := d.Get("context").(string)
-
-	if contextVal == "project" {
-		disallowedFields := []string{"session_timeout", "login_banner", "non_fips_addon_pack", "non_fips_features", "non_fips_cluster_import"}
-
-		for _, field := range disallowedFields {
-			if _, exists := d.GetOk(field); exists {
-				return fmt.Errorf("attribute %q is not allowed when context is set to 'project'", field)
-			}
-		}
-	}
-	return nil
-}
+// disabled for now as it is not working as expected in crossplane
+// func validateContextDependencies(ctx context.Context, d *schema.ResourceDiff, meta interface{}) error {
+// 	contextVal := d.Get("context").(string)
+
+// 	if contextVal == "project" {
+// 		disallowedFields := []string{"session_timeout", "login_banner", "non_fips_addon_pack", "non_fips_features", "non_fips_cluster_import"}
+
+// 		for _, field := range disallowedFields {
+// 			if _, exists := d.GetOk(field); exists {
+// 				return fmt.Errorf("attribute %q is not allowed when context is set to 'project'", field)
+// 			}
+// 		}
+// 	}
+// 	return nil
+// }
 
 func updatePlatformSettings(d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	platformSettingContext := d.Get("context").(string)

spectrocloud/resource_sso.go

@@ -4,14 +4,15 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
+	"regexp"
+	"strings"
+	"time"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/spectrocloud/palette-sdk-go/api/models"
 	"github.com/spectrocloud/palette-sdk-go/client"
-	"regexp"
-	"strings"
-	"time"
 )
 
 func resourceSSO() *schema.Resource {
@@ -336,7 +337,7 @@ func resourceSSO() *schema.Resource {
 				},
 			},
 		},
-		CustomizeDiff: customDiffValidation,
+		// CustomizeDiff: customDiffValidation,
 	}
 }
 
@@ -594,39 +595,40 @@ func resourceSSODelete(ctx context.Context, d *schema.ResourceData, m interface{
 	return diags
 }
 
-func customDiffValidation(ctx context.Context, d *schema.ResourceDiff, v interface{}) error {
-	ssoAuthType, ok := d.GetOk("sso_auth_type")
-	if !ok {
-		return nil // No validation needed if not set
-	}
-
-	authType := ssoAuthType.(string)
-	_, samlExists := d.GetOk("saml")
-	_, oidcExists := d.GetOk("oidc")
-
-	switch authType {
-	case "none":
-		if samlExists || oidcExists {
-			return fmt.Errorf("sso_auth_type is set to 'none', so 'saml' and 'oidc' should not be defined")
-		}
-	case "saml":
-		if oidcExists {
-			return fmt.Errorf("sso_auth_type is set to 'saml', so 'oidc' should not be defined")
-		}
-		if !samlExists {
-			return fmt.Errorf("sso_auth_type is set to 'saml', so 'saml' should be defined")
-		}
-	case "oidc":
-		if samlExists {
-			return fmt.Errorf("sso_auth_type is set to 'oidc', so 'saml' should not be defined")
-		}
-		if !oidcExists {
-			return fmt.Errorf("sso_auth_type is set to 'oidc', so 'oidc' should be defined")
-		}
-	}
-
-	return nil
-}
+// disabled for now as it is not working as expected in crossplane
+// func customDiffValidation(ctx context.Context, d *schema.ResourceDiff, v interface{}) error {
+// 	ssoAuthType, ok := d.GetOk("sso_auth_type")
+// 	if !ok {
+// 		return nil // No validation needed if not set
+// 	}
+
+// 	authType := ssoAuthType.(string)
+// 	_, samlExists := d.GetOk("saml")
+// 	_, oidcExists := d.GetOk("oidc")
+
+// 	switch authType {
+// 	case "none":
+// 		if samlExists || oidcExists {
+// 			return fmt.Errorf("sso_auth_type is set to 'none', so 'saml' and 'oidc' should not be defined")
+// 		}
+// 	case "saml":
+// 		if oidcExists {
+// 			return fmt.Errorf("sso_auth_type is set to 'saml', so 'oidc' should not be defined")
+// 		}
+// 		if !samlExists {
+// 			return fmt.Errorf("sso_auth_type is set to 'saml', so 'saml' should be defined")
+// 		}
+// 	case "oidc":
+// 		if samlExists {
+// 			return fmt.Errorf("sso_auth_type is set to 'oidc', so 'saml' should not be defined")
+// 		}
+// 		if !oidcExists {
+// 			return fmt.Errorf("sso_auth_type is set to 'oidc', so 'oidc' should be defined")
+// 		}
+// 	}
+
+// 	return nil
+// }
 
 func toStringSlice(input []interface{}) []string {
 	result := make([]string, len(input))