feat: add console API fallback for identity schema data sources

[KT-Doan]

Description

Add project_id attribute to ory_identity_schema and ory_identity_schemas data sources. When set (or when project_slug/project_api_key are not configured), schemas are read from the project config via the console API using only the workspace key.

This unblocks bootstrap workflows where a new project is created and its schemas need to be referenced in the same Terraform run, without requiring project-level API credentials.

Related Issues

Fixes #104

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update

Checklist

• I have read the CONTRIBUTING guide
• My code follows the existing code style
• I have added tests that prove my fix/feature works
• I have updated documentation as needed
• All new and existing tests pass (make test)
• I have run the linter (make format)

Testing

• Unit tests — extractSchemasFromProjectConfig and HasProjectClient (see internal/client/extract_schemas_test.go)
• Acceptance tests — TestAccIdentitySchemaDataSource_viaProjectID (see internal/datasources/identityschema/datasource_test.go)
• Manual testing — reproduced the error on v26.0.2, verified the fix resolves it:
  • v26.0.2: terraform plan fails with project API client not configured: project_slug and project_api_key are required
  • Fix branch: terraform plan succeeds, data source reads schema via console API using project_id

Screenshots/Output

Before (v26.0.2):

Error: Error Listing Identity Schemas
  listing identity schemas: project API client not configured: project_slug
  and project_api_key are required. Set them on the provider or pass them as
  resource-level attributes (project_slug, project_api_key)

After (fix branch):

  # data.ory_identity_schema.default will be read during apply
  <= data "ory_identity_schema" "default" {
      + id         = "preset://username"
      + project_id = (known after apply)
      + schema     = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

[Copilot]

Pull request overview

Adds a project_id override to the ory_identity_schema and ory_identity_schemas data sources to enable listing/lookup of identity schemas via the console API (workspace key) as a fallback when project API credentials aren’t available—primarily to support project bootstrap workflows (Fixes #104).

Changes:

• Add optional project_id attribute to both identity schema data sources and route schema retrieval through a console-API-based fallback when appropriate.
• Introduce client helpers to detect project client configuration and to extract schemas from project config (console API / GetProject) including base64 schema decoding.
• Add unit + acceptance test coverage and update docs/templates/examples to document the new bootstrap workflow.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
templates/data-sources/identity_schemas.md.tmpl	Docs template: add tip about project_id and console API fallback
templates/data-sources/identity_schema.md.tmpl	Docs template: add tip about project_id and console API fallback
internal/datasources/identityschemas/datasource.go	Add project_id input and console API fallback for listing schemas
internal/datasources/identityschema/datasource.go	Add project_id input and console API fallback for reading a schema by ID
internal/datasources/identityschema/testdata/with_project_id.tf.tmpl	Acceptance test fixture for lookup via project_id
internal/datasources/identityschema/datasource_test.go	Add acceptance test covering console API path via project_id
internal/client/extract_schemas_test.go	Unit tests for schema extraction + HasProjectClient
internal/client/client.go	Add HasProjectClient, console-API schema listing helper, and config schema extraction
internal/acctest/acctest.go	Add helper to retrieve shared acceptance test project ID
examples/data-sources/ory_identity_schema/data-source.tf	Add bootstrap example using project_id
docs/data-sources/identity_schemas.md	Generated docs updated for project_id
docs/data-sources/identity_schema.md	Generated docs updated for project_id and bootstrap example

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated 7 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This tip recommends using project_id (console API) but doesn’t mention an important behavioral difference: extractSchemasFromProjectConfig returns {} for non-base64:// schemas (e.g., presets like preset://username). That means the schema attribute may be an empty object when using this fallback. Consider documenting this limitation here so users don’t expect the full schema JSON for preset/URL-based entries.

[Copilot]

This tip recommends using project_id (console API) but doesn’t mention an important behavioral difference: extractSchemasFromProjectConfig returns {} for non-base64:// schemas (e.g., presets like preset://username). That means the schema attribute may be an empty object when using this fallback. Consider documenting this limitation here so users don’t expect the full schema JSON for preset/URL-based entries.