chore(docs): Update docs

docs/index.md

@@ -27,13 +27,13 @@ provider "boundary" {
 
 ### Required
 
-- **addr** (String) The base url of the Boundary API, e.g. "http://127.0.0.1:9200". If not set, it will be read from the "BOUNDARY_ADDR" env var.
+- `addr` (String) The base url of the Boundary API, e.g. "http://127.0.0.1:9200". If not set, it will be read from the "BOUNDARY_ADDR" env var.
 
 ### Optional
 
-- **auth_method_id** (String) The auth method ID e.g. ampw_1234567890
-- **password_auth_method_login_name** (String) The auth method login name for password-style auth methods
-- **password_auth_method_password** (String) The auth method password for password-style auth methods
-- **recovery_kms_hcl** (String) Can be a heredoc string or a path on disk. If set, the string/file will be parsed as HCL and used with the recovery KMS mechanism. While this is set, it will override any other authentication information; the KMS mechanism will always be used. See Boundary's KMS docs for examples: https://boundaryproject.io/docs/configuration/kms
-- **tls_insecure** (Boolean) When set to true, does not validate the Boundary API endpoint certificate
-- **token** (String) The Boundary token to use, as a string or path on disk containing just the string. If set, the token read here will be used in place of authenticating with the auth method specified in "auth_method_id", although the recovery KMS mechanism will still override this. Can also be set with the BOUNDARY_TOKEN environment variable.
+- `auth_method_id` (String) The auth method ID e.g. ampw_1234567890
+- `password_auth_method_login_name` (String) The auth method login name for password-style auth methods
+- `password_auth_method_password` (String) The auth method password for password-style auth methods
+- `recovery_kms_hcl` (String) Can be a heredoc string or a path on disk. If set, the string/file will be parsed as HCL and used with the recovery KMS mechanism. While this is set, it will override any other authentication information; the KMS mechanism will always be used. See Boundary's KMS docs for examples: https://boundaryproject.io/docs/configuration/kms
+- `tls_insecure` (Boolean) When set to true, does not validate the Boundary API endpoint certificate
+- `token` (String) The Boundary token to use, as a string or path on disk containing just the string. If set, the token read here will be used in place of authenticating with the auth method specified in "auth_method_id", although the recovery KMS mechanism will still override this. Can also be set with the BOUNDARY_TOKEN environment variable.

docs/resources/account.md

@@ -3,60 +3,32 @@
 page_title: "boundary_account Resource - terraform-provider-boundary"
 subcategory: ""
 description: |-
-  The account resource allows you to configure a Boundary account.
+  Deprecated: use resource_account_password instead.
 ---
 
 # boundary_account (Resource)
 
-The account resource allows you to configure a Boundary account.
+Deprecated: use `resource_account_password` instead.
 
-## Example Usage
 
-```terraform
-resource "boundary_scope" "org" {
-  name                     = "organization_one"
-  description              = "My first scope!"
-  scope_id                 = "global"
-  auto_create_admin_role   = true
-  auto_create_default_role = true
-}
-
-resource "boundary_auth_method" "password" {
-  scope_id = boundary_scope.org.id
-  type     = "password"
-}
-
-resource "boundary_account" "jeff" {
-  auth_method_id = boundary_auth_method.password.id
-  type           = "password"
-  login_name     = "jeff"
-  password       = "$uper$ecure"
-}
-```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Required
 
-- **auth_method_id** (String) The resource ID for the auth method.
-- **type** (String) The resource type.
+- `auth_method_id` (String) The resource ID for the auth method.
+- `type` (String) The resource type.
 
 ### Optional
 
-- **description** (String) The account description.
-- **login_name** (String, Deprecated) The login name for this account.
-- **name** (String) The account name. Defaults to the resource name.
-- **password** (String, Deprecated) The account password. Only set on create, changes will not be reflected when updating account.
+- `description` (String) The account description.
+- `login_name` (String) The login name for this account.
+- `name` (String) The account name. Defaults to the resource name.
+- `password` (String) The account password. Only set on create, changes will not be reflected when updating account.
 
 ### Read-Only
 
-- **id** (String) The ID of the account.
-
-## Import
+- `id` (String) The ID of the account.
 
-Import is supported using the following syntax:
 
-```shell
-terraform import boundary_account.foo <my-id>
-```

docs/resources/account_oidc.md

@@ -17,17 +17,17 @@ The account resource allows you to configure a Boundary account.
 
 ### Required
 
-- **auth_method_id** (String) The resource ID for the auth method.
+- `auth_method_id` (String) The resource ID for the auth method.
 
 ### Optional
 
-- **description** (String) The account description.
-- **issuer** (String) The OIDC issuer.
-- **name** (String) The account name. Defaults to the resource name.
-- **subject** (String) The OIDC subject.
+- `description` (String) The account description.
+- `issuer` (String) The OIDC issuer.
+- `name` (String) The account name. Defaults to the resource name.
+- `subject` (String) The OIDC subject.
 
 ### Read-Only
 
-- **id** (String) The ID of the account.
+- `id` (String) The ID of the account.
 
 

docs/resources/account_password.md

@@ -10,25 +10,53 @@ description: |-
 
 The account resource allows you to configure a Boundary account.
 
-
+## Example Usage
+
+```terraform
+resource "boundary_scope" "org" {
+  name                     = "organization_one"
+  description              = "My first scope!"
+  scope_id                 = "global"
+  auto_create_admin_role   = true
+  auto_create_default_role = true
+}
+
+resource "boundary_auth_method" "password" {
+  scope_id = boundary_scope.org.id
+  type     = "password"
+}
+
+resource "boundary_account_password" "jeff" {
+  auth_method_id = boundary_auth_method.password.id
+  type           = "password"
+  login_name     = "jeff"
+  password       = "$uper$ecure"
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Required
 
-- **auth_method_id** (String) The resource ID for the auth method.
-- **type** (String) The resource type.
+- `auth_method_id` (String) The resource ID for the auth method.
+- `type` (String) The resource type.
 
 ### Optional
 
-- **description** (String) The account description.
-- **login_name** (String, Deprecated) The login name for this account.
-- **name** (String) The account name. Defaults to the resource name.
-- **password** (String, Deprecated) The account password. Only set on create, changes will not be reflected when updating account.
+- `description` (String) The account description.
+- `login_name` (String) The login name for this account.
+- `name` (String) The account name. Defaults to the resource name.
+- `password` (String) The account password. Only set on create, changes will not be reflected when updating account.
 
 ### Read-Only
 
-- **id** (String) The ID of the account.
+- `id` (String) The ID of the account.
+
+## Import
 
+Import is supported using the following syntax:
 
+```shell
+terraform import boundary_account_password.foo <my-id>
+```

docs/resources/auth_method.md

@@ -32,19 +32,19 @@ resource "boundary_auth_method" "password" {
 
 ### Required
 
-- **scope_id** (String) The scope ID.
-- **type** (String) The resource type.
+- `scope_id` (String) The scope ID.
+- `type` (String) The resource type.
 
 ### Optional
 
-- **description** (String) The auth method description.
-- **min_login_name_length** (Number, Deprecated) The minimum login name length.
-- **min_password_length** (Number, Deprecated) The minimum password length.
-- **name** (String) The auth method name. Defaults to the resource name.
+- `description` (String) The auth method description.
+- `min_login_name_length` (Number, Deprecated) The minimum login name length.
+- `min_password_length` (Number, Deprecated) The minimum password length.
+- `name` (String) The auth method name. Defaults to the resource name.
 
 ### Read-Only
 
-- **id** (String) The ID of the account.
+- `id` (String) The ID of the account.
 
 ## Import
 

docs/resources/auth_method_oidc.md

@@ -17,31 +17,31 @@ The OIDC auth method resource allows you to configure a Boundary auth_method_oid
 
 ### Required
 
-- **scope_id** (String) The scope ID.
+- `scope_id` (String) The scope ID.
 
 ### Optional
 
-- **account_claim_maps** (List of String) Account claim maps for the to_claim of sub.
-- **allowed_audiences** (List of String) Audiences for which the provider responses will be allowed
-- **api_url_prefix** (String) The API prefix to use when generating callback URLs for the provider. Should be set to an address at which the provider can reach back to the controller.
-- **callback_url** (String) The URL that should be provided to the IdP for callbacks.
-- **claims_scopes** (List of String) Claims scopes.
-- **client_id** (String) The client ID assigned to this auth method from the provider.
-- **client_secret** (String) The secret key assigned to this auth method from the provider. Once set, only the hash will be kept and the original value can be removed from configuration.
-- **client_secret_hmac** (String) The HMAC of the client secret returned by the Boundary controller, which is used for comparison after initial setting of the value.
-- **description** (String) The auth method description.
-- **disable_discovered_config_validation** (Boolean) Disables validation logic ensuring that the OIDC provider's information from its discovery endpoint matches the information here. The validation is only performed at create or update time.
-- **idp_ca_certs** (List of String) A list of CA certificates to trust when validating the IdP's token signatures.
-- **is_primary_for_scope** (Boolean) When true, makes this auth method the primary auth method for the scope in which it resides. The primary auth method for a scope means the the user will be automatically created when they login using an OIDC account.
-- **issuer** (String) The issuer corresponding to the provider, which must match the issuer field in generated tokens.
-- **max_age** (Number) The max age to provide to the provider, indicating how much time is allowed to have passed since the last authentication before the user is challenged again.
-- **name** (String) The auth method name. Defaults to the resource name.
-- **signing_algorithms** (List of String) Allowed signing algorithms for the provider's issued tokens.
-- **state** (String) Can be one of 'inactive', 'active-private', or 'active-public'. Currently automatically set to active-public.
-- **type** (String) The type of auth method; hardcoded.
+- `account_claim_maps` (List of String) Account claim maps for the to_claim of sub.
+- `allowed_audiences` (List of String) Audiences for which the provider responses will be allowed
+- `api_url_prefix` (String) The API prefix to use when generating callback URLs for the provider. Should be set to an address at which the provider can reach back to the controller.
+- `callback_url` (String) The URL that should be provided to the IdP for callbacks.
+- `claims_scopes` (List of String) Claims scopes.
+- `client_id` (String) The client ID assigned to this auth method from the provider.
+- `client_secret` (String) The secret key assigned to this auth method from the provider. Once set, only the hash will be kept and the original value can be removed from configuration.
+- `client_secret_hmac` (String) The HMAC of the client secret returned by the Boundary controller, which is used for comparison after initial setting of the value.
+- `description` (String) The auth method description.
+- `disable_discovered_config_validation` (Boolean) Disables validation logic ensuring that the OIDC provider's information from its discovery endpoint matches the information here. The validation is only performed at create or update time.
+- `idp_ca_certs` (List of String) A list of CA certificates to trust when validating the IdP's token signatures.
+- `is_primary_for_scope` (Boolean) When true, makes this auth method the primary auth method for the scope in which it resides. The primary auth method for a scope means the the user will be automatically created when they login using an OIDC account.
+- `issuer` (String) The issuer corresponding to the provider, which must match the issuer field in generated tokens.
+- `max_age` (Number) The max age to provide to the provider, indicating how much time is allowed to have passed since the last authentication before the user is challenged again.
+- `name` (String) The auth method name. Defaults to the resource name.
+- `signing_algorithms` (List of String) Allowed signing algorithms for the provider's issued tokens.
+- `state` (String) Can be one of 'inactive', 'active-private', or 'active-public'. Currently automatically set to active-public.
+- `type` (String) The type of auth method; hardcoded.
 
 ### Read-Only
 
-- **id** (String) The ID of the auth method.
+- `id` (String) The ID of the auth method.
 
 

docs/resources/auth_method_password.md

@@ -17,18 +17,18 @@ The auth method resource allows you to configure a Boundary auth_method_password
 
 ### Required
 
-- **scope_id** (String) The scope ID.
+- `scope_id` (String) The scope ID.
 
 ### Optional
 
-- **description** (String) The auth method description.
-- **min_login_name_length** (Number) The minimum login name length.
-- **min_password_length** (Number) The minimum password length.
-- **name** (String) The auth method name. Defaults to the resource name.
-- **type** (String) The resource type, hardcoded per resource
+- `description` (String) The auth method description.
+- `min_login_name_length` (Number) The minimum login name length.
+- `min_password_length` (Number) The minimum password length.
+- `name` (String) The auth method name. Defaults to the resource name.
+- `type` (String) The resource type, hardcoded per resource
 
 ### Read-Only
 
-- **id** (String) The ID of the account.
+- `id` (String) The ID of the account.
 
 

docs/resources/credential_library_vault.md

@@ -63,19 +63,19 @@ EOT
 
 ### Required
 
-- **credential_store_id** (String) The ID of the credential store that this library belongs to.
-- **path** (String) The path in Vault to request credentials from.
+- `credential_store_id` (String) The ID of the credential store that this library belongs to.
+- `path` (String) The path in Vault to request credentials from.
 
 ### Optional
 
-- **description** (String) The Vault credential library description.
-- **http_method** (String) The HTTP method the library uses when requesting credentials from Vault. Defaults to 'GET'
-- **http_request_body** (String) The body of the HTTP request the library sends to Vault when requesting credentials. Only valid if `http_method` is set to `POST`.
-- **name** (String) The Vault credential library name. Defaults to the resource name.
+- `description` (String) The Vault credential library description.
+- `http_method` (String) The HTTP method the library uses when requesting credentials from Vault. Defaults to 'GET'
+- `http_request_body` (String) The body of the HTTP request the library sends to Vault when requesting credentials. Only valid if `http_method` is set to `POST`.
+- `name` (String) The Vault credential library name. Defaults to the resource name.
 
 ### Read-Only
 
-- **id** (String) The ID of the Vault credential library.
+- `id` (String) The ID of the Vault credential library.
 
 ## Import
 

docs/resources/credential_store_vault.md

@@ -42,26 +42,26 @@ resource "boundary_credential_store_vault" "example" {
 
 ### Required
 
-- **address** (String) The address to Vault server. This should be a complete URL such as 'https://127.0.0.1:8200'
-- **scope_id** (String) The scope for this credential store.
-- **token** (String, Sensitive) A token used for accessing Vault.
+- `address` (String) The address to Vault server. This should be a complete URL such as 'https://127.0.0.1:8200'
+- `scope_id` (String) The scope for this credential store.
+- `token` (String, Sensitive) A token used for accessing Vault.
 
 ### Optional
 
-- **ca_cert** (String) A PEM-encoded CA certificate to verify the Vault server's TLS certificate.
-- **client_certificate** (String) A PEM-encoded client certificate to use for TLS authentication to the Vault server.
-- **client_certificate_key** (String, Sensitive) A PEM-encoded private key matching the client certificate from 'client_certificate'.
-- **description** (String) The Vault credential store description.
-- **name** (String) The Vault credential store name. Defaults to the resource name.
-- **namespace** (String) The namespace within Vault to use.
-- **tls_server_name** (String) Name to use as the SNI host when connecting to Vault via TLS.
-- **tls_skip_verify** (Boolean) Whether or not to skip TLS verification.
+- `ca_cert` (String) A PEM-encoded CA certificate to verify the Vault server's TLS certificate.
+- `client_certificate` (String) A PEM-encoded client certificate to use for TLS authentication to the Vault server.
+- `client_certificate_key` (String, Sensitive) A PEM-encoded private key matching the client certificate from 'client_certificate'.
+- `description` (String) The Vault credential store description.
+- `name` (String) The Vault credential store name. Defaults to the resource name.
+- `namespace` (String) The namespace within Vault to use.
+- `tls_server_name` (String) Name to use as the SNI host when connecting to Vault via TLS.
+- `tls_skip_verify` (Boolean) Whether or not to skip TLS verification.
 
 ### Read-Only
 
-- **client_certificate_key_hmac** (String) The Vault client certificate key hmac.
-- **id** (String) The ID of the Vault credential store.
-- **token_hmac** (String) The Vault token hmac.
+- `client_certificate_key_hmac` (String) The Vault client certificate key hmac.
+- `id` (String) The ID of the Vault credential store.
+- `token_hmac` (String) The Vault token hmac.
 
 ## Import
 

docs/resources/group.md

@@ -69,17 +69,17 @@ resource "boundary_group" "example" {
 
 ### Required
 
-- **scope_id** (String) The scope ID in which the resource is created. Defaults to the provider's `default_scope` if unset.
+- `scope_id` (String) The scope ID in which the resource is created. Defaults to the provider's `default_scope` if unset.
 
 ### Optional
 
-- **description** (String) The group description.
-- **member_ids** (Set of String) Resource IDs for group members, these are most likely boundary users.
-- **name** (String) The group name. Defaults to the resource name.
+- `description` (String) The group description.
+- `member_ids` (Set of String) Resource IDs for group members, these are most likely boundary users.
+- `name` (String) The group name. Defaults to the resource name.
 
 ### Read-Only
 
-- **id** (String) The ID of the group.
+- `id` (String) The ID of the group.
 
 ## Import