Updated documentation for new and exist resources

README.md

@@ -18,7 +18,7 @@
 
 ## Requirements
 -	[Terraform](https://www.terraform.io/downloads.html) >=0.13.x
--	[Go](https://golang.org/doc/install) 1.22.x (for building the provider plugin)
+-	[Go](https://golang.org/doc/install) 1.22.x (to build the provider plugin)
 
 ## Building The Provider
 
@@ -39,7 +39,7 @@ terraform {
   required_providers {
     pritunl = {
       source  = "disc/pritunl"
-      version = "0.1.13"
+      version = "0.2.0"
     }
   }
 }

docs/data-sources/host.md

@@ -17,10 +17,19 @@ Use this data source to get information about the Pritunl hosts.
 
 ### Required
 
-- **hostname** (String) Hostname
+- `hostname` (String) Hostname
 
 ### Read-Only
 
-- **id** (String) The ID of this resource.
-
-
+- `availability_group` (String) Availability group for host. Replicated servers will only be replicated to a group of hosts in the same availability group"
+- `id` (String) The ID of this resource.
+- `link_addr` (String) IP address or domain used when linked servers connect to a linked server on this host
+- `local_addr` (String) Local network address for server
+- `local_addr6` (String) Local IPv6 network address for server
+- `name` (String) Name of host
+- `public_addr` (String) Public IP address or domain name of the host
+- `public_addr6` (String) Public IPv6 address or domain name of the host
+- `routed_subnet6` (String) IPv6 subnet that is routed to the host
+- `routed_subnet6_wg` (String) IPv6 WG subnet that is routed to the host
+- `status` (String) Status of host
+- `sync_address` (String) IP address or domain used by users when syncing configuration. This is needed when using a load balancer.

docs/data-sources/hosts.md

@@ -0,0 +1,40 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "pritunl_hosts Data Source - terraform-provider-pritunl"
+subcategory: ""
+description: |-
+  Use this data source to get a list of the Pritunl hosts.
+---
+
+# pritunl_hosts (Data Source)
+
+Use this data source to get a list of the Pritunl hosts.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `hosts` (List of Object) A list of the Pritunl hosts resources. (see [below for nested schema](#nestedatt--hosts))
+- `id` (String) The ID of this resource.
+
+<a id="nestedatt--hosts"></a>
+### Nested Schema for `hosts`
+
+Read-Only:
+
+- `availability_group` (String)
+- `hostname` (String)
+- `id` (String)
+- `link_addr` (String)
+- `local_addr` (String)
+- `local_addr6` (String)
+- `name` (String)
+- `public_addr` (String)
+- `public_addr6` (String)
+- `routed_subnet6` (String)
+- `routed_subnet6_wg` (String)
+- `status` (String)
+- `sync_address` (String)

docs/index.md

@@ -8,6 +8,8 @@ description: |-
 
 # Pritunl Provider
 
+
+
 ## Example Usage
 
 ```terraform
@@ -63,6 +65,14 @@ resource "pritunl_server" "test" {
     comment = "Private network #2"
     nat     = false
   }
+
+  route {
+    network = "10.3.0.0/32"
+    comment = "Private network #3"
+    nat     = false
+    net_gateway = true
+  }
+
 }
 ```
 
@@ -71,8 +81,8 @@ resource "pritunl_server" "test" {
 
 ### Optional
 
-- **insecure** (Boolean)
-- **secret** (String)
-- **token** (String)
-- **url** (String)
-- **connection_check** (Boolean)
+- `connection_check` (Boolean)
+- `insecure` (Boolean)
+- `secret` (String)
+- `token` (String)
+- `url` (String)

docs/resources/organization.md

@@ -8,15 +8,17 @@ description: |-
 
 # pritunl_organization (Resource)
 
+The organization resource allows managing information about a particular Pritunl organization.
+
+
+
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Required
 
-- **name** (String) The name of the resource, also acts as it's unique ID
-
-### Optional
-
-- **id** (String) The ID of this resource.
+- `name` (String) The name of the resource, also acts as it's unique ID
 
+### Read-Only
 
+- `id` (String) The ID of this resource.

docs/resources/server.md

@@ -8,70 +8,76 @@ description: |-
 
 # pritunl_server (Resource)
 
+The organization resource allows managing information about a particular Pritunl server.
+
+
+
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Required
 
-- **name** (String) The name of the server
+- `name` (String) The name of the server
 
 ### Optional
 
-- **allowed_devices** (String) Device types permitted to connect to server.
-- **bind_address** (String) Network address for the private network that will be created for clients. This network cannot conflict with any existing local networks
-- **block_outside_dns** (Boolean) Block outside DNS on Windows clients.
-- **cipher** (String) The cipher for the server
-- **debug** (Boolean) Show server debugging information in output.
-- **dh_param_bits** (Number) Size of DH parameters
-- **dns_mapping** (Boolean) Map the vpn clients ip address to the .vpn domain such as example_user.example_org.vpn This will conflict with the DNS port if systemd-resolve is running.
-- **dns_servers** (List of String) Enter list of groups to allow connections from. Names are case sensitive. If empty all groups will able to connect
-- **groups** (List of String) Enter list of groups to allow connections from. Names are case sensitive. If empty all groups will able to connect
-- **hash** (String) The hash for the server
-- **host_ids** (List of String) The list of attached hosts to the server
-- **id** (String) The ID of this resource.
-- **inactive_timeout** (Number) Disconnects users after the specified number of seconds of inactivity..
-- **inter_client** (Boolean) Enable inter-client routing across hosts.
-- **ipv6** (Boolean) Enables IPv6 on server, requires IPv6 network interface
-- **link_ping_interval** (Number) Time in between pings used when multiple users have the same network link to failover to another user when one network link fails.
-- **link_ping_timeout** (Number) Optional, ping timeout used when multiple users have the same network link to failover to another user when one network link fails..
-- **max_clients** (Number) Maximum number of clients connected to a server or to each server replica.
-- **max_devices** (Number) Maximum number of devices per client connected to a server.
-- **mss_fix** (Number) MSS fix value
-- **multi_device** (Boolean) Allow users to connect with multiple devices concurrently.
-- **network** (String) Network address for the private network that will be created for clients. This network cannot conflict with any existing local networks
-- **network_end** (String) Ending network address for the bridged VPN client IP addresses. Must be in the subnet of the server network.
-- **network_mode** (String) Sets network mode. Bridged mode is not recommended using it will impact performance and client support will be limited.
-- **network_start** (String) Starting network address for the bridged VPN client IP addresses. Must be in the subnet of the server network.
-- **network_wg** (String) Network address for the private network that will be created for clients. This network cannot conflict with any existing local networks
-- **organization_ids** (List of String) The list of attached organizations to the server.
-- **sso_auth** (Boolean) Require client to authenticate with single sign-on provider on each connection using web browser. Requires client to have access to Pritunl web server port and running updated Pritunl Client. Single sign-on provider must already be configured for this feature to work properly.
-- **otp_auth** (Boolean) Enables two-step authentication using Google Authenticator. Verification code is entered as the user password when connecting
-- **device_auth** (Boolean) Require administrator to approve every client device using TPM or Apple Secure Enclave
-- **dynamic_firewall** (Boolean) Block VPN server ports by default and open port for client IP address after authenticating with HTTPS request
-- **ping_interval** (Number) Interval to ping client
-- **ping_timeout** (Number) Timeout for client ping. Must be greater then ping interval
-- **port** (Number) The port for the server
-- **port_wg** (Number) Network address for the private network that will be created for clients. This network cannot conflict with any existing local networks
-- **pre_connect_msg** (String) Messages that will be shown after connect to the server
-- **protocol** (String) The protocol for the server
-- **replica_count** (Number) Replicate server across multiple hosts.
-- **restrict_routes** (Boolean) Prevent traffic from networks not specified in the servers routes from being tunneled over the vpn.
-- **route** (Block List) The list of attached routes to the server (see [below for nested schema](#nestedblock--route))
-- **search_domain** (String) DNS search domain for clients. Separate multiple search domains by a comma.
-- **session_timeout** (Number) Disconnects users after the specified number of seconds.
-- **status** (String) The status of the server
-- **vxlan** (Boolean) Use VXLan for routing client-to-client traffic with replicated servers.
+- `allowed_devices` (String) Device types permitted to connect to server.
+- `bind_address` (String) Network address for the private network that will be created for clients. This network cannot conflict with any existing local networks
+- `block_outside_dns` (Boolean) Block outside DNS on Windows clients.
+- `cipher` (String) The cipher for the server
+- `debug` (Boolean) Show server debugging information in output.
+- `device_auth` (Boolean) Require administrator to approve every client device using TPM or Apple Secure Enclave
+- `dh_param_bits` (Number) Size of DH parameters
+- `dns_mapping` (Boolean) Map the vpn clients ip address to the .vpn domain such as example_user.example_org.vpn This will conflict with the DNS port if systemd-resolve is running.
+- `dns_servers` (List of String) Enter list of DNS servers applied on the client
+- `dynamic_firewall` (Boolean) Block VPN server ports by default and open port for client IP address after authenticating with HTTPS request
+- `groups` (List of String) Enter list of groups to allow connections from. Names are case sensitive. If empty all groups will able to connect
+- `hash` (String) The hash for the server
+- `host_ids` (List of String) The list of attached hosts to the server
+- `inactive_timeout` (Number) Disconnects users after the specified number of seconds of inactivity.
+- `inter_client` (Boolean) Enable inter-client routing across hosts.
+- `ipv6` (Boolean) Enables IPv6 on server, requires IPv6 network interface
+- `link_ping_interval` (Number) Time in between pings used when multiple users have the same network link to failover to another user when one network link fails.
+- `link_ping_timeout` (Number) Optional, ping timeout used when multiple users have the same network link to failover to another user when one network link fails..
+- `max_clients` (Number) Maximum number of clients connected to a server or to each server replica.
+- `max_devices` (Number) Maximum number of devices per client connected to a server.
+- `mss_fix` (Number) MSS fix value
+- `multi_device` (Boolean) Allow users to connect with multiple devices concurrently.
+- `network` (String) Network address for the private network that will be created for clients. This network cannot conflict with any existing local networks
+- `network_end` (String) Ending network address for the bridged VPN client IP addresses. Must be in the subnet of the server network.
+- `network_mode` (String) Sets network mode. Bridged mode is not recommended using it will impact performance and client support will be limited.
+- `network_start` (String) Starting network address for the bridged VPN client IP addresses. Must be in the subnet of the server network.
+- `network_wg` (String) Network address for the private network that will be created for clients. This network cannot conflict with any existing local networks
+- `organization_ids` (List of String) The list of attached organizations to the server.
+- `otp_auth` (Boolean) Enables two-step authentication using Google Authenticator. Verification code is entered as the user password when connecting
+- `ping_interval` (Number) Interval to ping client
+- `ping_timeout` (Number) Timeout for client ping. Must be greater then ping interval
+- `port` (Number) The port for the server
+- `port_wg` (Number) Network address for the private network that will be created for clients. This network cannot conflict with any existing local networks
+- `pre_connect_msg` (String) Messages that will be shown after connect to the server
+- `protocol` (String) The protocol for the server
+- `replica_count` (Number) Replicate server across multiple hosts.
+- `restrict_routes` (Boolean) Prevent traffic from networks not specified in the servers routes from being tunneled over the vpn.
+- `route` (Block List) The list of attached routes to the server (see [below for nested schema](#nestedblock--route))
+- `search_domain` (String) DNS search domain for clients. Separate multiple search domains by a comma.
+- `session_timeout` (Number) Disconnect users after the specified number of seconds.
+- `sso_auth` (Boolean) Require client to authenticate with single sign-on provider on each connection using web browser. Requires client to have access to Pritunl web server port and running updated Pritunl Client. Single sign-on provider must already be configured for this feature to work properly
+- `status` (String) The status of the server
+- `vxlan` (Boolean) Use VXLan for routing client-to-client traffic with replicated servers.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
 
 <a id="nestedblock--route"></a>
 ### Nested Schema for `route`
 
 Required:
 
-- **network** (String) Network address with subnet to route
+- `network` (String) Network address with subnet to route
 
 Optional:
 
-- **comment** (String) Comment for route
-- **nat** (Boolean) NAT vpn traffic destined to this network
-
-
+- `comment` (String) Comment for route
+- `nat` (Boolean) NAT vpn traffic destined to this network
+- `net_gateway` (Boolean) Net Gateway vpn traffic destined to this network

docs/resources/user.md

@@ -8,27 +8,32 @@ description: |-
 
 # pritunl_user (Resource)
 
+The organization resource allows managing information about a particular Pritunl user.
+
+
+
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Required
 
-- **name** (String) The name of the user.
-- **organization_id** (String) The organizations that user belongs to.
+- `name` (String) The name of the user.
+- `organization_id` (String) The organizations that user belongs to.
 
 ### Optional
 
-- **auth_type** (String) User authentication type. This will determine how the user authenticates. This should be set automatically when the user authenticates with single sign-on.
-- **bypass_secondary** (Boolean) Bypass secondary authentication such as the PIN and two-factor authentication. Use for server users that can't provide a two-factor code.
-- **client_to_client** (Boolean) Only allow this client to communicate with other clients. Access to routed networks will be blocked.
-- **disabled** (Boolean) Shows if user is disabled
-- **dns_servers** (List of String) Dns server with port to forward sub-domain dns requests coming from this users domain. Multiple dns servers may be separated by a comma.
-- **dns_suffix** (String) The suffix to use when forwarding dns requests. The full dns request will be the combination of the sub-domain of the users dns name suffixed by the dns suffix.
-- **email** (String) User email address.
-- **groups** (List of String) Enter list of groups to allow connections from. Names are case sensitive. If empty all groups will able to connect.
-- **id** (String) The ID of this resource.
-- **mac_addresses** (List of String) Comma separated list of MAC addresses client is allowed to connect from. The validity of the MAC address provided by the VPN client cannot be verified.
-- **network_links** (List of String) Network address with cidr subnet. This will provision access to a clients local network to the attached vpn servers and other clients. Multiple networks may be separated by a comma. Router must have a static route to VPN virtual network through client.
-- **port_forwarding** (List of Map of String) Comma seperated list of ports to forward using format source_port:dest_port/protocol or start_port-end_port/protocol. Such as 80, 80/tcp, 80:8000/tcp, 1000-2000/udp.
-
-
+- `auth_type` (String) User authentication type. This will determine how the user authenticates. This should be set automatically when the user authenticates with single sign-on.
+- `bypass_secondary` (Boolean) Bypass secondary authentication such as the PIN and two-factor authentication. Use for server users that can't provide a two-factor code.
+- `client_to_client` (Boolean) Only allow this client to communicate with other clients. Access to routed networks will be blocked.
+- `disabled` (Boolean) Shows if user is disabled
+- `dns_servers` (List of String) Dns server with port to forward sub-domain dns requests coming from this users domain. Multiple dns servers may be separated by a comma.
+- `dns_suffix` (String) The suffix to use when forwarding dns requests. The full dns request will be the combination of the sub-domain of the users dns name suffixed by the dns suffix.
+- `email` (String) User email address.
+- `groups` (List of String) Enter list of groups to allow connections from. Names are case sensitive. If empty all groups will able to connect.
+- `mac_addresses` (List of String) Comma separated list of MAC addresses client is allowed to connect from. The validity of the MAC address provided by the VPN client cannot be verified.
+- `network_links` (List of String) Network address with cidr subnet. This will provision access to a clients local network to the attached vpn servers and other clients. Multiple networks may be separated by a comma. Router must have a static route to VPN virtual network through client.
+- `port_forwarding` (List of Map of String) Comma seperated list of ports to forward using format source_port:dest_port/protocol or start_port-end_port/protocol. Such as 80, 80/tcp, 80:8000/tcp, 1000-2000/udp.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.

examples/provider/provider.tf

@@ -55,7 +55,7 @@ resource "pritunl_server" "test" {
 
   route {
     network = "10.3.0.0/32"
-    comment = "Private network #2"
+    comment = "Private network #3"
     nat     = false
     net_gateway = true
   }

internal/provider/resource_organization.go

@@ -9,6 +9,7 @@ import (
 
 func resourceOrganization() *schema.Resource {
 	return &schema.Resource{
+		Description: "The organization resource allows managing information about a particular Pritunl organization.",
 		Schema: map[string]*schema.Schema{
 			"name": {
 				Type:        schema.TypeString,

internal/provider/resource_server.go

@@ -15,6 +15,7 @@ import (
 
 func resourceServer() *schema.Resource {
 	return &schema.Resource{
+		Description: "The organization resource allows managing information about a particular Pritunl server.",
 		Schema: map[string]*schema.Schema{
 			"name": {
 				Type:        schema.TypeString,

internal/provider/resource_user.go

@@ -12,6 +12,7 @@ import (
 
 func resourceUser() *schema.Resource {
 	return &schema.Resource{
+		Description: "The organization resource allows managing information about a particular Pritunl user.",
 		Schema: map[string]*schema.Schema{
 			"name": {
 				Type:        schema.TypeString,