Merge pull request #33 from ory/docs/fix-documentation-accuracy

docs: fix documentation accuracy across all resources

Author: KT-Doan

.githooks/pre-commit

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Pre-commit hook for terraform-provider-orynetwork
+# Pre-commit hook for terraform-provider-ory
 
 set -e
 

.gitignore

@@ -1,5 +1,5 @@
 # Binaries
-terraform-provider-orynetwork
+terraform-provider-ory
 *.exe
 *.dll
 *.so

.golangci.yml

@@ -77,7 +77,7 @@ formatters:
       simplify: true
     goimports:
       local-prefixes:
-        - github.com/ory/terraform-provider-orynetwork
+        - github.com/ory/terraform-provider-ory
 
 output:
   show-stats: true

CONTRIBUTING.md

@@ -14,8 +14,8 @@ Thank you for your interest in contributing to the Ory Terraform Provider!
 
 ```bash
 # Clone the repository
-git clone https://github.com/ory/terraform-provider-orynetwork.git
-cd terraform-provider-orynetwork
+git clone https://github.com/ory/terraform-provider-ory.git
+cd terraform-provider-ory
 
 # Install development tools and set up git hooks
 make tools
@@ -106,7 +106,7 @@ package myresource_test
 import (
     "testing"
     "github.com/hashicorp/terraform-plugin-testing/helper/resource"
-    "github.com/ory/terraform-provider-orynetwork/internal/acctest"
+    "github.com/ory/terraform-provider-ory/internal/acctest"
 )
 
 func TestAccMyResource_basic(t *testing.T) {
@@ -171,7 +171,7 @@ To use a locally built provider, create a `~/.terraformrc` file:
 ```hcl
 provider_installation {
   dev_overrides {
-    "ory/terraform-provider-orynetwork" = "/path/to/terraform-provider-orynetwork"
+    "ory/terraform-provider-ory" = "/path/to/terraform-provider-ory"
   }
   direct {}
 }

Makefile

@@ -1,5 +1,5 @@
-# Terraform Provider Ory Network
-# ==============================
+# Terraform Provider Ory
+# ======================
 #
 # Development and testing Makefile
 #
@@ -12,8 +12,8 @@
 #   ORY_PROJECT_API_URL   - Project API URL template (default: https://%s.projects.oryapis.com)
 
 SHELL := /bin/bash -o pipefail
-BINARY_NAME := terraform-provider-orynetwork
-INSTALL_DIR := ~/.terraform.d/plugins/registry.terraform.io/ory/orynetwork/0.0.1/$(shell go env GOOS)_$(shell go env GOARCH)
+BINARY_NAME := terraform-provider-ory
+INSTALL_DIR := ~/.terraform.d/plugins/registry.terraform.io/ory/ory/0.0.1/$(shell go env GOOS)_$(shell go env GOARCH)
 
 # Platform detection for tool downloads
 OS := $(shell uname -s | tr '[:upper:]' '[:lower:]')

README.md

@@ -1,7 +1,7 @@
 # Terraform Provider for Ory Network
 
-[![Go Reference](https://pkg.go.dev/badge/github.com/ory/terraform-provider-orynetwork.svg)](https://pkg.go.dev/github.com/ory/terraform-provider-orynetwork)
-[![Go Report Card](https://goreportcard.com/badge/github.com/ory/terraform-provider-orynetwork)](https://goreportcard.com/report/github.com/ory/terraform-provider-orynetwork)
+[![Go Reference](https://pkg.go.dev/badge/github.com/ory/terraform-provider-ory.svg)](https://pkg.go.dev/github.com/ory/terraform-provider-ory)
+[![Go Report Card](https://goreportcard.com/badge/github.com/ory/terraform-provider-ory)](https://goreportcard.com/report/github.com/ory/terraform-provider-ory)
 
 > **Special Thanks**
 > Shoutout to [Jason Hernandez](https://github.com/jasonhernandez) and the [Materialize](https://materialize.com/) team for creating the initial version of this provider! Also see [NOTICE.md](./NOTICE.md)
@@ -39,7 +39,7 @@ A Terraform provider for managing [Ory Network](https://www.ory.sh/) resources u
 terraform {
   required_providers {
     ory = {
-      source  = "ory/orynetwork"
+      source  = "ory/ory"
       version = "~> 0.1"
     }
   }
@@ -49,9 +49,9 @@ terraform {
 ### From Source
 
 ```bash
-git clone https://github.com/ory/terraform-provider-orynetwork.git
-cd terraform-provider-orynetwork
-go build -o terraform-provider-orynetwork
+git clone https://github.com/ory/terraform-provider-ory.git
+cd terraform-provider-ory
+go build -o terraform-provider-ory
 ```
 
 Then configure Terraform to use the local provider:
@@ -60,7 +60,7 @@ Then configure Terraform to use the local provider:
 # ~/.terraformrc
 provider_installation {
   dev_overrides {
-    "ory/orynetwork" = "/path/to/terraform-provider-orynetwork"
+    "ory/ory" = "/path/to/terraform-provider-ory"
   }
   direct {}
 }
@@ -101,7 +101,7 @@ provider "ory" {
 terraform {
   required_providers {
     ory = {
-      source = "ory/orynetwork"
+      source = "ory/ory"
     }
   }
 }
@@ -288,7 +288,7 @@ resource "ory_email_template" "recovery" {
 ### Building
 
 ```bash
-go build -o terraform-provider-orynetwork
+go build -o terraform-provider-ory
 ```
 
 ### Testing

docs/data-sources/project.md

@@ -1,5 +1,4 @@
 ---
-# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "ory_project Data Source - ory"
 subcategory: ""
 description: |-
@@ -10,6 +9,8 @@ description: |-
 
 Fetches information about an Ory project.
 
+This data source retrieves basic metadata about a project. It can look up the project configured in the provider, or a specific project by ID.
+
 ## Example Usage
 
 ```terraform
@@ -34,6 +35,12 @@ data "ory_project" "other" {
 }
 ```
 
+## ID Fallback Behavior
+
+If `id` is not specified, the data source uses the `project_id` from the provider configuration. If neither is available, the read will fail with an error.
+
+~> **Note:** This data source only returns basic project metadata (name, slug, state, workspace). It does not include the project's `environment`, `home_region`, or detailed configuration. Use `ory_project_config` to manage project settings.
+
 <!-- schema generated by tfplugindocs -->
 ## Schema
 

docs/index.md

@@ -37,7 +37,7 @@ export ORY_PROJECT_SLUG="..."
 terraform {
   required_providers {
     ory = {
-      source = "ory/orynetwork"
+      source = "ory/ory"
     }
   }
 }
@@ -53,7 +53,7 @@ Define variables and pass values via `terraform.tfvars` or `-var` flags:
 terraform {
   required_providers {
     ory = {
-      source = "ory/orynetwork"
+      source = "ory/ory"
     }
   }
 }

docs/resources/email_template.md

@@ -9,6 +9,8 @@ description: |-
 
 Manages an Ory Network email template.
 
+Email templates use [Go template syntax](https://pkg.go.dev/text/template) for variable substitution. HTML bodies use `html/template` (auto-escaping) and plaintext bodies use `text/template`. [Sprig template functions](http://masterminds.github.io/sprig/) are available, except date, random, OS, and network functions.
+
 ## Template Types
 
 | Template Type | UI Name | Description |
@@ -28,6 +30,31 @@ Manages an Ory Network email template.
 
 **Note:** The "_invalid" templates are sent when a code has expired or is incorrect. The non-code variants (recovery_valid, verification_valid) are for legacy link-based flows.
 
+## Template Variables
+
+Each template type has access to different variables:
+
+| Template | Available Variables |
+|----------|-------------------|
+| `recovery_code_valid` | `.To`, `.RecoveryCode`, `.Identity`, `.ExpiresInMinutes` |
+| `recovery_code_invalid` | `.To` |
+| `verification_code_valid` | `.To`, `.VerificationCode`, `.VerificationURL`, `.Identity`, `.ExpiresInMinutes` |
+| `verification_code_invalid` | `.To` |
+| `login_code_valid` | `.To`, `.LoginCode`, `.Identity`, `.ExpiresInMinutes` |
+| `login_code_invalid` | `.To` |
+| `registration_code_valid` | `.To`, `.RegistrationCode`, `.Traits`, `.ExpiresInMinutes` |
+| `registration_code_invalid` | `.To` |
+| `recovery_valid` | `.To`, `.RecoveryURL`, `.Identity`, `.ExpiresInMinutes` |
+| `verification_valid` | `.To`, `.VerificationURL`, `.Identity`, `.ExpiresInMinutes` |
+
+The `.Identity` object provides access to `.Identity.traits` and `.Identity.metadata_public`.
+
+## Important Behaviors
+
+- **Destroying resets to defaults:** Deleting this resource resets the template to Ory's built-in default template. It does not leave a blank template.
+- **Base64 encoding is automatic:** You provide raw template content; the provider handles base64 encoding internally.
+- **Subject is optional:** If not specified, Ory uses a default subject line.
+
 ## Example Usage
 
 ```terraform

docs/resources/identity.md

@@ -1,78 +1,15 @@
 ---
-# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "ory_identity Resource - ory"
 subcategory: ""
 description: |-
   Manages an Ory Network identity (user).
-  Identities represent users in your application. Each identity has traits
-  (profile data) defined by an identity schema.
-  Required Provider Configuration
-  This resource requires the following provider configuration:
-  
-  provider "ory" {
-    project_api_key = var.ory_project_api_key  # or ORY_PROJECT_API_KEY env var
-    project_slug    = var.ory_project_slug     # or ORY_PROJECT_SLUG env var
-  }
-  
-  Or via environment variables:
-  
-  export ORY_PROJECT_API_KEY="ory_pat_..."
-  export ORY_PROJECT_SLUG="your-project-slug"
-  
-  Schema ID
-  The schema_id attribute specifies which identity schema defines the structure of the identity's traits:
-  Use the default schema: Most projects have a default schema (often named default)Reference a Terraform-managed schema: ory_identity_schema.customer.idUse a preset (must be enabled first): preset://email or preset://username
-  ~> Note: Preset schemas must be enabled in your Ory project before use. If you get a 500 error with a preset, it may not be enabled. Check your project's identity schema settings or use a custom schema.
-  Example Usage
-  
-  # Identity using the default schema
-  resource "ory_identity" "user" {
-    schema_id = "default"
-  
-    traits = jsonencode({
-      email = "user@example.com"
-    })
-  }
-  
-  # Identity with password
-  resource "ory_identity" "user_with_password" {
-    schema_id = "default"
-  
-    traits = jsonencode({
-      email = "user@example.com"
-    })
-  
-    password = var.user_password  # Use a variable, never hardcode
-  
-    metadata_public = jsonencode({
-      role = "user"
-    })
-  }
-  
-  # Identity using a custom Terraform-managed schema
-  resource "ory_identity" "customer" {
-    schema_id = ory_identity_schema.customer.id
-  
-    traits = jsonencode({
-      email = "customer@example.com"
-    })
-  }
-  
-  Import
-  Identities can be imported using their ID:
-  
-  terraform import ory_identity.user <identity-id>
-  
-  Note: If the identity is deleted outside of Terraform (e.g., via UI or API),
-  the next terraform plan will detect this and remove it from state.
 ---
 
 # ory_identity (Resource)
 
 Manages an Ory Network identity (user).
 
-Identities represent users in your application. Each identity has traits
-(profile data) defined by an identity schema.
+Identities represent users in your application. Each identity has traits (profile data) defined by an identity schema.
 
 ## Required Provider Configuration
 
@@ -94,61 +31,24 @@ export ORY_PROJECT_SLUG="your-project-slug"
 
 ## Schema ID
 
-The `schema_id` attribute specifies which identity schema defines the structure of the identity's traits:
+The `schema_id` attribute specifies which identity schema defines the structure of the identity's traits.
 
-- **Use the default schema**: Most projects have a default schema (often named `default`)
-- **Reference a Terraform-managed schema**: `ory_identity_schema.customer.id`
-- **Use a preset** (must be enabled first): `preset://email` or `preset://username`
+~> **Important:** The value of `schema_id` must match a schema that exists in your project. Using a schema ID that doesn't exist (including `"default"` on projects that don't have a schema named "default") will result in an HTTP 500 error.
 
-~> **Note:** Preset schemas must be enabled in your Ory project before use. If you get a 500 error with a preset, it may not be enabled. Check your project's identity schema settings or use a custom schema.
+**How to find your project's schema IDs:**
 
-## Example Usage
-
-```hcl
-# Identity using the default schema
-resource "ory_identity" "user" {
-  schema_id = "default"
-
-  traits = jsonencode({
-    email = "user@example.com"
-  })
-}
-
-# Identity with password
-resource "ory_identity" "user_with_password" {
-  schema_id = "default"
-
-  traits = jsonencode({
-    email = "user@example.com"
-  })
-
-  password = var.user_password  # Use a variable, never hardcode
-
-  metadata_public = jsonencode({
-    role = "user"
-  })
-}
-
-# Identity using a custom Terraform-managed schema
-resource "ory_identity" "customer" {
-  schema_id = ory_identity_schema.customer.id
-
-  traits = jsonencode({
-    email = "customer@example.com"
-  })
-}
-```
+1. **Ory Console:** Go to your project > Identity Schema to see configured schemas
+2. **API:** `GET /projects/<project-id>` and check `services.identity.config.identity.schemas`
+3. **Terraform:** Use `ory_identity_schema` resources and reference their IDs
 
-## Import
+**Common schema ID values:**
 
-Identities can be imported using their ID:
-
-```shell
-terraform import ory_identity.user <identity-id>
-```
-
-**Note**: If the identity is deleted outside of Terraform (e.g., via UI or API),
-the next `terraform plan` will detect this and remove it from state.
+| Schema ID | Description |
+|-----------|-------------|
+| `preset://email` | Built-in email schema (most common default for new projects) |
+| `preset://username` | Built-in username schema |
+| `default` | Only valid if your project has a schema explicitly named "default" |
+| Custom IDs | e.g., `customer_v1` - if created via `ory_identity_schema` or Console |
 
 ## Example Usage
 
@@ -196,6 +96,21 @@ variable "user_password" {
 }
 ```
 
+## Important Behaviors
+
+- **Password is write-only:** The `password` attribute is not returned on read and cannot be imported. It is only used during creation and updates.
+- **External deletion detection:** If an identity is deleted outside of Terraform (via UI or API), the next `terraform plan` will detect the 404 and remove it from state automatically.
+- **Traits must match schema:** The JSON structure of `traits` must match the identity schema definition. Mismatched traits will cause API errors.
+- **Metadata visibility:** `metadata_public` is visible to the identity owner. `metadata_admin` is only visible via the admin API and is marked sensitive in Terraform.
+
+## Import
+
+```shell
+terraform import ory_identity.user <identity-id>
+```
+
+~> **Note:** Imported identities will not have `password` in state since it is write-only.
+
 <!-- schema generated by tfplugindocs -->
 ## Schema