diff --git a/docs/data-sources/graph_beta_device_and_app_management_assignment_filter b/docs/data-sources/graph_beta_device_and_app_management_assignment_filter
index 2f68af11..2d742b6f 100644
--- a/docs/data-sources/graph_beta_device_and_app_management_assignment_filter
+++ b/docs/data-sources/graph_beta_device_and_app_management_assignment_filter
@@ -12,38 +12,218 @@ The Microsoft 365 Intune assignment filter data source provides information abou
## Example Usage
```terraform
-# Output: Display information from the data source
-output "existing_filter_id" {
- value = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.existing_filter.id
+# Basic usage - looking up a single filter by display name
+data "microsoft365_graph_beta_device_and_app_management_assignment_filter" "by_name" {
+ display_name = "Filter | Android Enterprise Device Status Is Rooted"
}
-output "existing_filter_description" {
- value = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.existing_filter.description
+# Look up by ID
+data "microsoft365_graph_beta_device_and_app_management_assignment_filter" "windows_vdi" {
+ id = "00000000-0000-0000-0000-000000000001"
}
-output "existing_filter_platform" {
- value = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.existing_filter.platform
+# Example: Create new filter based on existing one (using name lookup)
+resource "microsoft365_graph_beta_device_and_app_management_assignment_filter" "clone_android" {
+ display_name = "Clone - Android Rooted Device Filter"
+ description = "Cloned from: ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.description}"
+
+ # Copy configuration from existing filter
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.rule
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.assignment_filter_management_type
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.role_scope_tags
+
+ timeouts = {
+ create = "10s"
+ read = "10s"
+ update = "10s"
+ delete = "10s"
+ }
+}
+
+# Output showing all available attributes
+output "filter_details" {
+ value = {
+ # Basic details
+ id = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.id
+ display_name = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.display_name
+ description = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.description
+
+ # Filter configuration
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.rule
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.assignment_filter_management_type
+
+ # Additional metadata
+ created_date_time = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.created_date_time
+ last_modified_date_time = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.last_modified_date_time
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.role_scope_tags
+ }
+}
+
+
+# Example: Create new filter based on Windows VDI filter (using ID lookup)
+resource "microsoft365_graph_beta_device_and_app_management_assignment_filter" "clone_windows_vdi" {
+ display_name = "Clone - Windows VDI Device Filter"
+ description = "Cloned from: ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.description}"
+
+ # Copy configuration from existing filter
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.role_scope_tags
+
+ timeouts = {
+ create = "10s"
+ read = "10s"
+ update = "10s"
+ delete = "10s"
+ }
}
-output "existing_filter_rule" {
- value = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.existing_filter.rule
+# Output showing Windows VDI filter attributes
+output "vdi_filter_details" {
+ value = {
+ # Basic details
+ id = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.id
+ display_name = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.display_name
+ description = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.description
+
+ # Filter configuration
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type
+
+ # Additional metadata
+ created_date_time = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.created_date_time
+ last_modified_date_time = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.last_modified_date_time
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.role_scope_tags
+ }
+}
+
+
+# Use Case 1: Filter Migration - Export multiple filters as JSON for documentation/migration
+output "all_filters_export" {
+ value = {
+ android_filter = {
+ name = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.display_name
+ config = {
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.rule
+ type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.assignment_filter_management_type
+ }
+ }
+ vdi_filter = {
+ name = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.display_name
+ config = {
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule
+ type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type
+ }
+ }
+ }
+}
+
+# Use Case 2: Create multiple environment-specific clones with prefix
+resource "microsoft365_graph_beta_device_and_app_management_assignment_filter" "prod_clone" {
+ display_name = "PROD - ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.display_name}"
+ description = "Production clone of: ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.description}"
+
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.role_scope_tags
+
+ timeouts = {
+ create = "10s"
+ read = "10s"
+ update = "10s"
+ delete = "10s"
+ }
+}
+
+resource "microsoft365_graph_beta_device_and_app_management_assignment_filter" "dev_clone" {
+ display_name = "DEV - ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.display_name}"
+ description = "Development clone of: ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.description}"
+
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.role_scope_tags
+
+ timeouts = {
+ create = "10s"
+ read = "10s"
+ update = "10s"
+ delete = "10s"
+ }
+}
+
+# Use Case 3: Create a modified clone with an enhanced rule
+resource "microsoft365_graph_beta_device_and_app_management_assignment_filter" "enhanced_vdi_filter" {
+ display_name = "Enhanced - ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.display_name}"
+ description = "Enhanced version with additional conditions"
+
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform
+ # Original rule with additional conditions
+ rule = "${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule} and (device.manufacturer -eq \"Microsoft\")"
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.role_scope_tags
+
+ timeouts = {
+ create = "10s"
+ read = "10s"
+ update = "10s"
+ delete = "10s"
+ }
+}
+
+# Use Case 4: Output comparing multiple filters
+output "filter_comparison" {
+ value = {
+ original_vs_enhanced = {
+ original_rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule
+ enhanced_rule = "${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule} and (device.manufacturer -eq \"Microsoft\")"
+ differences = {
+ platform_same = (
+ data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform ==
+ data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.platform
+ )
+ management_type_same = (
+ data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type ==
+ data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.assignment_filter_management_type
+ )
+ }
+ }
+ }
}
```
## Schema
-### Required
+### Optional
- `display_name` (String) The display name of the assignment filter.
+- `id` (String) The unique identifier of the assignment filter.
+- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
### Read-Only
- `assignment_filter_management_type` (String) Indicates filter is applied to either 'devices' or 'apps' management type.
- `created_date_time` (String) The creation time of the assignment filter.
- `description` (String) The description of the assignment filter.
-- `id` (String) The unique identifier of the assignment filter.
- `last_modified_date_time` (String) Last modified time of the assignment filter.
- `platform` (String) The Intune device management type (platform) for the assignment filter.
- `role_scope_tags` (List of String) Indicates role scope tags assigned for the assignment filter.
-- `rule` (String) Rule definition of the assignment filter.
\ No newline at end of file
+- `rule` (String) Rule definition of the assignment filter.
+
+
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+- `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+- `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
\ No newline at end of file
diff --git a/docs/data-sources/graph_beta_device_and_app_management_assignment_filter.md b/docs/data-sources/graph_beta_device_and_app_management_assignment_filter.md
index fdbb0a25..8e09387f 100644
--- a/docs/data-sources/graph_beta_device_and_app_management_assignment_filter.md
+++ b/docs/data-sources/graph_beta_device_and_app_management_assignment_filter.md
@@ -15,17 +15,28 @@ description: |-
## Schema
-### Required
+### Optional
- `display_name` (String) The display name of the assignment filter.
+- `id` (String) The unique identifier of the assignment filter.
+- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
### Read-Only
- `assignment_filter_management_type` (String) Indicates filter is applied to either 'devices' or 'apps' management type.
- `created_date_time` (String) The creation time of the assignment filter.
- `description` (String) The description of the assignment filter.
-- `id` (String) The unique identifier of the assignment filter.
- `last_modified_date_time` (String) Last modified time of the assignment filter.
- `platform` (String) The Intune device management type (platform) for the assignment filter.
- `role_scope_tags` (List of String) Indicates role scope tags assigned for the assignment filter.
- `rule` (String) Rule definition of the assignment filter.
+
+
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+- `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+- `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
diff --git a/docs/data-sources/graph_beta_device_and_app_management_role_scope_tag b/docs/data-sources/graph_beta_device_and_app_management_role_scope_tag
index 243c1fda..6c433a2f 100644
--- a/docs/data-sources/graph_beta_device_and_app_management_role_scope_tag
+++ b/docs/data-sources/graph_beta_device_and_app_management_role_scope_tag
@@ -12,21 +12,95 @@ The Microsoft 365 Intune role scope tag data source provides information about a
## Example Usage
```terraform
-# Output: Display information from the data source
-output "existing_role_scope_tag_id" {
- value = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.existing_role_scope_tag.id
+# Basic lookup examples
+# Look up by display name
+data "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "by_name" {
+ display_name = "Level1-Support"
}
-output "existing_role_scope_tag_description" {
- value = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.existing_role_scope_tag.description
+# Look up by ID
+data "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "by_id" {
+ id = "00000000-0000-0000-0000-000000000001"
}
-output "existing_role_scope_tag_platform" {
- value = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.existing_role_scope_tag.platform
+# Output showing role scope tag details
+output "role_scope_tag_details" {
+ value = {
+ # Basic details
+ id = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.by_name.id
+ display_name = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.by_name.display_name
+ description = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.by_name.description
+ is_built_in = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.by_name.is_built_in
+ }
}
-output "existing_role_scope_tag_rule" {
- value = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.existing_role_scope_tag.rule
+# Use Case 1: Create new tag based on existing one
+resource "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "clone" {
+ display_name = "Clone - ${data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.by_name.display_name}"
+ description = "Cloned from: ${data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.by_name.description}"
+
+ timeouts = {
+ create = "180s"
+ read = "180s"
+ update = "180s"
+ delete = "180s"
+ }
+}
+
+# Use Case 2: Conditional tag creation based on built-in status
+resource "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "conditional" {
+ count = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.by_name.is_built_in ? 0 : 1
+
+ display_name = "Custom - ${data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.by_name.display_name}"
+ description = "Custom version of non-built-in tag"
+
+ timeouts = {
+ create = "180s"
+ read = "180s"
+ update = "180s"
+ delete = "180s"
+ }
+}
+
+# Use Case 3: Look up multiple tags and compare
+data "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "level1" {
+ display_name = "Level1-Support"
+}
+
+data "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "level2" {
+ display_name = "Level2-Support"
+}
+
+output "support_tags_comparison" {
+ value = {
+ level1 = {
+ id = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.level1.id
+ display_name = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.level1.display_name
+ is_built_in = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.level1.is_built_in
+ }
+ level2 = {
+ id = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.level2.id
+ display_name = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.level2.display_name
+ is_built_in = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.level2.is_built_in
+ }
+ comparison = {
+ both_built_in = (
+ data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.level1.is_built_in &&
+ data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.level2.is_built_in
+ )
+ }
+ }
+}
+
+# Use Case 4: Create dynamic outputs based on tag properties
+output "tag_summary" {
+ value = {
+ tag_info = {
+ name = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.by_name.display_name
+ type = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.by_name.is_built_in ? "Built-in" : "Custom"
+ has_description = data.microsoft365_graph_beta_device_and_app_management_role_scope_tag.by_name.description != ""
+ }
+ }
}
```
@@ -37,8 +111,20 @@ output "existing_role_scope_tag_rule" {
- `display_name` (String) The display or friendly name of the Role Scope Tag.
- `id` (String) The unique identifier for the Role Scope Tag.
+- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
### Read-Only
+- `assignments` (Set of String) The list of group assignments for the Intune Role Scope Tag.
- `description` (String) Description of the Role Scope Tag.
-- `is_built_in` (Boolean) Indicates whether this is a built-in Role Scope Tag. This property is read-only.
\ No newline at end of file
+- `is_built_in` (Boolean) Indicates whether this is a built-in Role Scope Tag. This property is read-only.
+
+
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+- `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+- `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
\ No newline at end of file
diff --git a/docs/data-sources/graph_beta_device_and_app_management_role_scope_tag.md b/docs/data-sources/graph_beta_device_and_app_management_role_scope_tag.md
index 7a1df9f8..5952f5c7 100644
--- a/docs/data-sources/graph_beta_device_and_app_management_role_scope_tag.md
+++ b/docs/data-sources/graph_beta_device_and_app_management_role_scope_tag.md
@@ -19,8 +19,20 @@ Retrieves information about a Role Scope Tag in Microsoft Intune.
- `display_name` (String) The display or friendly name of the Role Scope Tag.
- `id` (String) The unique identifier for the Role Scope Tag.
+- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
### Read-Only
+- `assignments` (Set of String) The list of group assignments for the Intune Role Scope Tag.
- `description` (String) Description of the Role Scope Tag.
- `is_built_in` (Boolean) Indicates whether this is a built-in Role Scope Tag. This property is read-only.
+
+
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+- `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+- `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
diff --git a/docs/data-sources/graph_beta_device_and_app_management_windows_platform_script.md b/docs/data-sources/graph_beta_device_and_app_management_windows_platform_script.md
index 8589f436..b90503c6 100644
--- a/docs/data-sources/graph_beta_device_and_app_management_windows_platform_script.md
+++ b/docs/data-sources/graph_beta_device_and_app_management_windows_platform_script.md
@@ -3,32 +3,30 @@
page_title: "microsoft365_graph_beta_device_and_app_management_windows_platform_script Data Source - terraform-provider-microsoft365"
subcategory: ""
description: |-
- Retrieves information about a device management script.
+ Retrieves information about a windows platform script.
---
# microsoft365_graph_beta_device_and_app_management_windows_platform_script (Data Source)
-Retrieves information about a device management script.
+Retrieves information about a windows platform script.
## Schema
-### Required
+### Optional
-- `id` (String) Unique identifier for the device management script.
+- `assignments` (Attributes) The assignment configuration for this Windows Settings Catalog profile. (see [below for nested schema](#nestedatt--assignments))
+- `display_name` (String) Name of the windows platform script.
+- `id` (String) Unique identifier for the windows platform script.
+- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
### Read-Only
-- `assignments` (Attributes List) The assignments of the device management script. (see [below for nested schema](#nestedatt--assignments))
-- `created_date_time` (String) The date and time the device management script was created.
-- `description` (String) Description of the device management script.
-- `display_name` (String) Name of the device management script.
+- `description` (String) Description of the windows platform script.
- `enforce_signature_check` (Boolean) Indicate whether the script signature needs be checked.
- `file_name` (String) Script file name.
-- `group_assignments` (Attributes List) The group assignments of the device management script. (see [below for nested schema](#nestedatt--group_assignments))
-- `last_modified_date_time` (String) The date and time the device management script was last modified.
- `role_scope_tag_ids` (List of String) List of Scope Tag IDs for this PowerShellScript instance.
- `run_as_32_bit` (Boolean) A value indicating whether the PowerShell script should run as 32-bit.
- `run_as_account` (String) Indicates the type of execution context.
@@ -37,27 +35,20 @@ Retrieves information about a device management script.
### Nested Schema for `assignments`
-Read-Only:
+Optional:
-- `id` (String) Key of the device management script assignment entity.
-- `target` (Attributes) The target of the assignment. (see [below for nested schema](#nestedatt--assignments--target))
+- `all_devices` (Boolean) Specifies whether this assignment applies to all devices. When set to `true`, the assignment targets all devices in the organization.Can be used in conjuction with `all_users`.Can be used as an alternative to `include_groups`.Can be used in conjuction with `all_users` and `exclude_group_ids`.
+- `all_users` (Boolean) Specifies whether this assignment applies to all users. When set to `true`, the assignment targets all licensed users within the organization.Can be used in conjuction with `all_devices`.Can be used as an alternative to `include_groups`.Can be used in conjuction with `all_devices` and `exclude_group_ids`.
+- `exclude_group_ids` (Set of String) A set of group IDs to exclude from the assignment. These groups will not receive the assignment, even if they match other inclusion criteria.
+- `include_group_ids` (Set of String) A set of entra id group Id's to include in the assignment.
-
-### Nested Schema for `assignments.target`
-Read-Only:
+
+### Nested Schema for `timeouts`
-- `device_and_app_management_assignment_filter_id` (String) The Id of the filter for the target assignment.
-- `device_and_app_management_assignment_filter_type` (String) The type of filter of the target assignment.
-- `entra_object_id` (String) The ID of the Azure Active Directory object.
-- `target_type` (String) The target type of the assignment.
+Optional:
-
-
-
-### Nested Schema for `group_assignments`
-
-Read-Only:
-
-- `id` (String) Key of the device management script group assignment entity.
-- `target_group_id` (String) The Id of the Azure Active Directory group we are targeting the script to.
+- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+- `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+- `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
diff --git a/docs/resources/graph_beta_device_and_app_management_assignment_filter.md b/docs/resources/graph_beta_device_and_app_management_assignment_filter.md
index 3ef3e4bb..0583ea6b 100644
--- a/docs/resources/graph_beta_device_and_app_management_assignment_filter.md
+++ b/docs/resources/graph_beta_device_and_app_management_assignment_filter.md
@@ -15,11 +15,11 @@ Manages Assignment Filters in Microsoft Intune.
resource "microsoft365_graph_beta_device_and_app_management_assignment_filter" "example" {
display_name = "new filter"
description = "This is an example assignment filter"
- platform = "iOS"
+ platform = "iOS"
rule = "(device.manufacturer -eq \"thing\")"
assignment_filter_management_type = "devices"
- role_scope_tags = [8,9]
+ role_scope_tags = [8, 9]
timeouts = {
create = "10s"
diff --git a/docs/resources/graph_beta_device_and_app_management_macos_platform_script.md b/docs/resources/graph_beta_device_and_app_management_macos_platform_script.md
index 2550c9e0..121d9827 100644
--- a/docs/resources/graph_beta_device_and_app_management_macos_platform_script.md
+++ b/docs/resources/graph_beta_device_and_app_management_macos_platform_script.md
@@ -2,12 +2,12 @@
page_title: "microsoft365_graph_beta_device_and_app_management_macos_platform_script Resource - terraform-provider-microsoft365"
subcategory: "Intune: Device Platform Script"
description: |-
- Manages an Intune macOS platform script using the 'deviceShellScripts' Graph Beta API.
+ Manages an Intune macOS platform script using the 'MacOSPlatformScripts' Graph Beta API.
---
# microsoft365_graph_beta_device_and_app_management_macos_platform_script (Resource)
-Manages an Intune macOS platform script using the 'deviceShellScripts' Graph Beta API.
+Manages an Intune macOS platform script using the 'MacOSPlatformScripts' Graph Beta API.
## Example Usage
@@ -66,7 +66,7 @@ resource "microsoft365_graph_beta_device_and_app_management_macos_platform_scrip
### Required
-- `display_name` (String) Name of the device management script.
+- `display_name` (String) Name of the macOS Platform Script.
- `file_name` (String) Script file name.
- `run_as_account` (String) Indicates the type of execution context. Possible values are: `system`, `user`.
- `script_content` (String, Sensitive) The script content.
@@ -75,7 +75,7 @@ resource "microsoft365_graph_beta_device_and_app_management_macos_platform_scrip
- `assignments` (Attributes) The assignment configuration for this Windows Settings Catalog profile. (see [below for nested schema](#nestedatt--assignments))
- `block_execution_notifications` (Boolean) Does not notify the user a script is being executed.
-- `description` (String) Optional description for the device management script.
+- `description` (String) Optional description for the macOS Platform Script.
- `execution_frequency` (String) The interval for script to run in ISO 8601 duration format (e.g., PT1H for 1 hour, P1D for 1 day). If not defined the script will run once.
- `retry_count` (Number) Number of times for the script to be retried if it fails.
- `role_scope_tag_ids` (List of String) List of Scope Tag IDs for this PowerShellScript instance.
@@ -83,9 +83,9 @@ resource "microsoft365_graph_beta_device_and_app_management_macos_platform_scrip
### Read-Only
-- `created_date_time` (String) The date and time the device management script was created. This property is read-only.
-- `id` (String) Unique Identifier for the device management script.
-- `last_modified_date_time` (String) The date and time the device management script was last modified. This property is read-only.
+- `created_date_time` (String) The date and time the macOS Platform Script was created. This property is read-only.
+- `id` (String) Unique Identifier for the macOS Platform Script.
+- `last_modified_date_time` (String) The date and time the macOS Platform Script was last modified. This property is read-only.
### Nested Schema for `assignments`
diff --git a/docs/resources/graph_beta_device_and_app_management_role_scope_tag b/docs/resources/graph_beta_device_and_app_management_role_scope_tag
index 140d7ad1..6df00311 100644
--- a/docs/resources/graph_beta_device_and_app_management_role_scope_tag
+++ b/docs/resources/graph_beta_device_and_app_management_role_scope_tag
@@ -12,12 +12,14 @@ Manages Role Scope Tags in Microsoft Intune.
## Example Usage
```terraform
-# Example of creating a basic role scope tag
+# Example of creating a basic role scope tag with a group assignment
resource "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "helpdesk" {
display_name = "Helpdesk Support Tag"
description = "Role scope tag for helpdesk support staff"
- timeouts ={
+ assignments = ["00000000-0000-0000-0000-000000000001"]
+
+ timeouts = {
create = "180s"
read = "180s"
update = "180s"
@@ -25,15 +27,29 @@ resource "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "hel
}
}
-# Example of creating multiple related role scope tags
+# Example of creating multiple related role scope tags with assignments
resource "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "it_support" {
display_name = "IT Support Tag"
description = "Role scope tag for IT support teams"
+
+ assignments = ["00000000-0000-0000-0000-000000000002"]
}
resource "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "device_management" {
display_name = "Device Management Tag"
description = "Role scope tag for device management teams"
+
+ assignments = [
+ "00000000-0000-0000-0000-000000000003",
+ "00000000-0000-0000-0000-000000000004"
+ ]
+
+ timeouts = {
+ create = "180s"
+ read = "180s"
+ update = "180s"
+ delete = "180s"
+ }
}
# Example showing data source usage to reference an existing role scope tag
@@ -41,20 +57,23 @@ data "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "existin
display_name = "Existing Tag"
}
-# Example of using variables with role scope tags
+# Example of using variables with role scope tags including assignments
variable "support_teams" {
type = list(object({
name = string
description = string
+ group_ids = list(string)
}))
default = [
{
name = "Level1-Support"
description = "First level support team scope"
+ group_ids = ["00000000-0000-0000-0000-000000000005"]
},
{
name = "Level2-Support"
description = "Second level support team scope"
+ group_ids = ["00000000-0000-0000-0000-000000000006", "00000000-0000-0000-0000-000000000007"]
}
]
}
@@ -65,6 +84,14 @@ resource "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "sup
display_name = each.value.name
description = each.value.description
+ assignments = each.value.group_ids
+
+ timeouts = {
+ create = "180s"
+ read = "180s"
+ update = "180s"
+ delete = "180s"
+ }
}
# Output examples
@@ -75,6 +102,29 @@ output "helpdesk_tag_id" {
output "all_support_team_ids" {
value = [for tag in microsoft365_graph_beta_device_and_app_management_role_scope_tag.support_teams : tag.id]
}
+
+# Example of a role scope tag with conditional assignments based on environment
+variable "environment" {
+ type = string
+ default = "production"
+}
+
+resource "microsoft365_graph_beta_device_and_app_management_role_scope_tag" "environment_specific" {
+ display_name = "Environment-Specific Support Tag"
+ description = "Role scope tag for ${var.environment} environment"
+
+ assignments = (var.environment == "production"
+ ? ["00000000-0000-0000-0000-000000000008"]
+ : ["00000000-0000-0000-0000-000000000009"]
+ )
+
+ timeouts = {
+ create = "180s"
+ read = "180s"
+ update = "180s"
+ delete = "180s"
+ }
+}
```
@@ -86,6 +136,7 @@ output "all_support_team_ids" {
### Optional
+- `assignments` (Set of String) The list of group assignments for the Intune Role Scope Tag.
- `description` (String) Description of the Role Scope Tag.
- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
diff --git a/docs/resources/graph_beta_device_and_app_management_role_scope_tag.md b/docs/resources/graph_beta_device_and_app_management_role_scope_tag.md
index 6ce71eee..57024cc5 100644
--- a/docs/resources/graph_beta_device_and_app_management_role_scope_tag.md
+++ b/docs/resources/graph_beta_device_and_app_management_role_scope_tag.md
@@ -21,6 +21,7 @@ Manages Role Scope Tags in Microsoft Intune.
### Optional
+- `assignments` (Set of String) The list of group assignments for the Intune Role Scope Tag.
- `description` (String) Description of the Role Scope Tag.
- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
diff --git a/docs/resources/graph_beta_device_and_app_management_windows_platform_script.md b/docs/resources/graph_beta_device_and_app_management_windows_platform_script.md
index 9c41e4ed..9ddfae35 100644
--- a/docs/resources/graph_beta_device_and_app_management_windows_platform_script.md
+++ b/docs/resources/graph_beta_device_and_app_management_windows_platform_script.md
@@ -60,7 +60,7 @@ resource "microsoft365_graph_beta_device_and_app_management_windows_platform_scr
### Required
-- `display_name` (String) Name of the device management script.
+- `display_name` (String) Name of the windows platform script.
- `file_name` (String) Script file name.
- `run_as_account` (String) Indicates the type of execution context. Possible values are: `system`, `user`.
- `script_content` (String, Sensitive) The script content.
@@ -68,7 +68,7 @@ resource "microsoft365_graph_beta_device_and_app_management_windows_platform_scr
### Optional
- `assignments` (Attributes) The assignment configuration for this Windows Settings Catalog profile. (see [below for nested schema](#nestedatt--assignments))
-- `description` (String) Optional description for the device management script.
+- `description` (String) Optional description for the windows platform script.
- `enforce_signature_check` (Boolean) Indicate whether the script signature needs be checked.
- `role_scope_tag_ids` (List of String) List of Scope Tag IDs for this PowerShellScript instance.
- `run_as_32_bit` (Boolean) A value indicating whether the PowerShell script should run as 32-bit.
@@ -76,7 +76,7 @@ resource "microsoft365_graph_beta_device_and_app_management_windows_platform_scr
### Read-Only
-- `id` (String) Unique Identifier for the device management script.
+- `id` (String) Unique Identifier for the windows platform script.
### Nested Schema for `assignments`
diff --git a/examples/microsoft365_graph_beta/microsoft365_graph_beta_device_and_app_management_assignment_filter/datasource.tf b/examples/microsoft365_graph_beta/microsoft365_graph_beta_device_and_app_management_assignment_filter/datasource.tf
index fe90a35b..0c143f90 100644
--- a/examples/microsoft365_graph_beta/microsoft365_graph_beta_device_and_app_management_assignment_filter/datasource.tf
+++ b/examples/microsoft365_graph_beta/microsoft365_graph_beta_device_and_app_management_assignment_filter/datasource.tf
@@ -1,16 +1,185 @@
-# Output: Display information from the data source
-output "existing_filter_id" {
- value = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.existing_filter.id
+# Basic usage - looking up a single filter by display name
+data "microsoft365_graph_beta_device_and_app_management_assignment_filter" "by_name" {
+ display_name = "Filter | Android Enterprise Device Status Is Rooted"
}
-output "existing_filter_description" {
- value = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.existing_filter.description
+# Look up by ID
+data "microsoft365_graph_beta_device_and_app_management_assignment_filter" "windows_vdi" {
+ id = "00000000-0000-0000-0000-000000000001"
}
-output "existing_filter_platform" {
- value = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.existing_filter.platform
+# Example: Create new filter based on existing one (using name lookup)
+resource "microsoft365_graph_beta_device_and_app_management_assignment_filter" "clone_android" {
+ display_name = "Clone - Android Rooted Device Filter"
+ description = "Cloned from: ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.description}"
+
+ # Copy configuration from existing filter
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.rule
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.assignment_filter_management_type
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.role_scope_tags
+
+ timeouts = {
+ create = "10s"
+ read = "10s"
+ update = "10s"
+ delete = "10s"
+ }
+}
+
+# Output showing all available attributes
+output "filter_details" {
+ value = {
+ # Basic details
+ id = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.id
+ display_name = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.display_name
+ description = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.description
+
+ # Filter configuration
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.rule
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.assignment_filter_management_type
+
+ # Additional metadata
+ created_date_time = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.created_date_time
+ last_modified_date_time = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.last_modified_date_time
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.role_scope_tags
+ }
+}
+
+
+# Example: Create new filter based on Windows VDI filter (using ID lookup)
+resource "microsoft365_graph_beta_device_and_app_management_assignment_filter" "clone_windows_vdi" {
+ display_name = "Clone - Windows VDI Device Filter"
+ description = "Cloned from: ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.description}"
+
+ # Copy configuration from existing filter
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.role_scope_tags
+
+ timeouts = {
+ create = "10s"
+ read = "10s"
+ update = "10s"
+ delete = "10s"
+ }
+}
+
+# Output showing Windows VDI filter attributes
+output "vdi_filter_details" {
+ value = {
+ # Basic details
+ id = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.id
+ display_name = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.display_name
+ description = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.description
+
+ # Filter configuration
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type
+
+ # Additional metadata
+ created_date_time = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.created_date_time
+ last_modified_date_time = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.last_modified_date_time
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.role_scope_tags
+ }
+}
+
+
+# Use Case 1: Filter Migration - Export multiple filters as JSON for documentation/migration
+output "all_filters_export" {
+ value = {
+ android_filter = {
+ name = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.display_name
+ config = {
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.rule
+ type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.assignment_filter_management_type
+ }
+ }
+ vdi_filter = {
+ name = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.display_name
+ config = {
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule
+ type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type
+ }
+ }
+ }
+}
+
+# Use Case 2: Create multiple environment-specific clones with prefix
+resource "microsoft365_graph_beta_device_and_app_management_assignment_filter" "prod_clone" {
+ display_name = "PROD - ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.display_name}"
+ description = "Production clone of: ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.description}"
+
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.role_scope_tags
+
+ timeouts = {
+ create = "10s"
+ read = "10s"
+ update = "10s"
+ delete = "10s"
+ }
+}
+
+resource "microsoft365_graph_beta_device_and_app_management_assignment_filter" "dev_clone" {
+ display_name = "DEV - ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.display_name}"
+ description = "Development clone of: ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.description}"
+
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform
+ rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.role_scope_tags
+
+ timeouts = {
+ create = "10s"
+ read = "10s"
+ update = "10s"
+ delete = "10s"
+ }
+}
+
+# Use Case 3: Create a modified clone with an enhanced rule
+resource "microsoft365_graph_beta_device_and_app_management_assignment_filter" "enhanced_vdi_filter" {
+ display_name = "Enhanced - ${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.display_name}"
+ description = "Enhanced version with additional conditions"
+
+ platform = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform
+ # Original rule with additional conditions
+ rule = "${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule} and (device.manufacturer -eq \"Microsoft\")"
+ assignment_filter_management_type = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type
+ role_scope_tags = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.role_scope_tags
+
+ timeouts = {
+ create = "10s"
+ read = "10s"
+ update = "10s"
+ delete = "10s"
+ }
}
-output "existing_filter_rule" {
- value = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.existing_filter.rule
+# Use Case 4: Output comparing multiple filters
+output "filter_comparison" {
+ value = {
+ original_vs_enhanced = {
+ original_rule = data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule
+ enhanced_rule = "${data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.rule} and (device.manufacturer -eq \"Microsoft\")"
+ differences = {
+ platform_same = (
+ data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.platform ==
+ data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.platform
+ )
+ management_type_same = (
+ data.microsoft365_graph_beta_device_and_app_management_assignment_filter.windows_vdi.assignment_filter_management_type ==
+ data.microsoft365_graph_beta_device_and_app_management_assignment_filter.by_name.assignment_filter_management_type
+ )
+ }
+ }
+ }
}
\ No newline at end of file
diff --git a/examples/microsoft365_graph_beta/microsoft365_graph_beta_device_and_app_management_assignment_filter/resource.tf b/examples/microsoft365_graph_beta/microsoft365_graph_beta_device_and_app_management_assignment_filter/resource.tf
index 27418e36..4f767789 100644
--- a/examples/microsoft365_graph_beta/microsoft365_graph_beta_device_and_app_management_assignment_filter/resource.tf
+++ b/examples/microsoft365_graph_beta/microsoft365_graph_beta_device_and_app_management_assignment_filter/resource.tf
@@ -1,11 +1,11 @@
resource "microsoft365_graph_beta_device_and_app_management_assignment_filter" "example" {
display_name = "new filter"
description = "This is an example assignment filter"
- platform = "iOS"
+ platform = "iOS"
rule = "(device.manufacturer -eq \"thing\")"
assignment_filter_management_type = "devices"
- role_scope_tags = [8,9]
+ role_scope_tags = [8, 9]
timeouts = {
create = "10s"
diff --git a/examples/microsoft365_graph_beta/microsoft365_graph_beta_device_and_app_management_macos_platform_script/resource.tf b/examples/microsoft365_graph_beta/microsoft365_graph_beta_device_and_app_management_macos_platform_script/resource.tf
index 0769a466..4434e573 100644
--- a/examples/microsoft365_graph_beta/microsoft365_graph_beta_device_and_app_management_macos_platform_script/resource.tf
+++ b/examples/microsoft365_graph_beta/microsoft365_graph_beta_device_and_app_management_macos_platform_script/resource.tf
@@ -4,23 +4,23 @@ resource "microsoft365_graph_beta_device_and_app_management_macos_platform_scrip
# Required fields
display_name = "MacOS Shell Script"
description = "Example shell script for MacOS devices"
-
+
script_content = < 0 {
- respResource = roles[0]
- } else {
+ var foundFilter graphmodels.RoleScopeTagable
+ for _, filter := range result.GetValue() {
+ if *filter.GetDisplayName() == object.DisplayName.ValueString() {
+ foundFilter = filter
+ break
+ }
+ }
+
+ if foundFilter == nil {
resp.Diagnostics.AddError(
- "Role Scope Tag Not Found",
- fmt.Sprintf("No role scope tag found with display name: %s", object.DisplayName.ValueString()),
+ "Error Reading Role Scope Tag",
+ fmt.Sprintf("No Role Scope Tag found with display name: %s", object.DisplayName.ValueString()),
)
return
}
- } else {
- resp.Diagnostics.AddError(
- "Missing Required Field",
- "Either id or display_name must be provided",
- )
- return
- }
- if err != nil {
- errors.HandleGraphError(ctx, err, resp, "Read", d.ReadPermissions)
- return
+ resource.MapRemoteResourceStateToTerraform(ctx, &object, foundFilter)
}
- resource.MapRemoteResourceStateToTerraform(ctx, &object, respResource)
-
resp.Diagnostics.Append(resp.State.Set(ctx, &object)...)
if resp.Diagnostics.HasError() {
return
diff --git a/internal/datasources/device_and_app_management/beta/windows_platform_script/datasource.go b/internal/datasources/device_and_app_management/beta/windows_platform_script/datasource.go
index b79cb95c..fc437012 100644
--- a/internal/datasources/device_and_app_management/beta/windows_platform_script/datasource.go
+++ b/internal/datasources/device_and_app_management/beta/windows_platform_script/datasource.go
@@ -4,6 +4,7 @@ import (
"context"
"github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common"
+ commonschema "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/schema"
"github.com/hashicorp/terraform-plugin-framework/datasource"
"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
"github.com/hashicorp/terraform-plugin-framework/types"
@@ -44,104 +45,50 @@ func (r *WindowsPlatformScriptDataSource) Metadata(ctx context.Context, req data
func (d *WindowsPlatformScriptDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
resp.Schema = schema.Schema{
- Description: "Retrieves information about a device management script.",
+ MarkdownDescription: "Retrieves information about a windows platform script.",
Attributes: map[string]schema.Attribute{
"id": schema.StringAttribute{
- Description: "Unique identifier for the device management script.",
- Required: true,
+ MarkdownDescription: "Unique identifier for the windows platform script.",
+ Optional: true,
+ Computed: true,
},
"display_name": schema.StringAttribute{
- Description: "Name of the device management script.",
- Computed: true,
+ MarkdownDescription: "Name of the windows platform script.",
+ Optional: true,
+ Computed: true,
},
"description": schema.StringAttribute{
- Description: "Description of the device management script.",
- Computed: true,
- },
- "created_date_time": schema.StringAttribute{
- Description: "The date and time the device management script was created.",
- Computed: true,
- },
- "last_modified_date_time": schema.StringAttribute{
- Description: "The date and time the device management script was last modified.",
- Computed: true,
+ MarkdownDescription: "Description of the windows platform script.",
+ Computed: true,
},
"run_as_account": schema.StringAttribute{
- Description: "Indicates the type of execution context.",
- Computed: true,
+ MarkdownDescription: "Indicates the type of execution context.",
+ Computed: true,
},
"enforce_signature_check": schema.BoolAttribute{
- Description: "Indicate whether the script signature needs be checked.",
- Computed: true,
+ MarkdownDescription: "Indicate whether the script signature needs be checked.",
+ Computed: true,
},
"file_name": schema.StringAttribute{
- Description: "Script file name.",
- Computed: true,
+ MarkdownDescription: "Script file name.",
+ Computed: true,
},
"run_as_32_bit": schema.BoolAttribute{
- Description: "A value indicating whether the PowerShell script should run as 32-bit.",
- Computed: true,
+ MarkdownDescription: "A value indicating whether the PowerShell script should run as 32-bit.",
+ Computed: true,
},
"role_scope_tag_ids": schema.ListAttribute{
- Description: "List of Scope Tag IDs for this PowerShellScript instance.",
- Computed: true,
- ElementType: types.StringType,
+ MarkdownDescription: "List of Scope Tag IDs for this PowerShellScript instance.",
+ Computed: true,
+ ElementType: types.StringType,
},
"script_content": schema.StringAttribute{
- Description: "The script content.",
- Computed: true,
- Sensitive: true,
- },
- "assignments": schema.ListNestedAttribute{
- Description: "The assignments of the device management script.",
- Computed: true,
- NestedObject: schema.NestedAttributeObject{
- Attributes: map[string]schema.Attribute{
- "id": schema.StringAttribute{
- Description: "Key of the device management script assignment entity.",
- Computed: true,
- },
- "target": schema.SingleNestedAttribute{
- Description: "The target of the assignment.",
- Computed: true,
- Attributes: map[string]schema.Attribute{
- "device_and_app_management_assignment_filter_id": schema.StringAttribute{
- Description: "The Id of the filter for the target assignment.",
- Computed: true,
- },
- "device_and_app_management_assignment_filter_type": schema.StringAttribute{
- Description: "The type of filter of the target assignment.",
- Computed: true,
- },
- "target_type": schema.StringAttribute{
- Description: "The target type of the assignment.",
- Computed: true,
- },
- "entra_object_id": schema.StringAttribute{
- Description: "The ID of the Azure Active Directory object.",
- Computed: true,
- },
- },
- },
- },
- },
- },
- "group_assignments": schema.ListNestedAttribute{
- Description: "The group assignments of the device management script.",
- Computed: true,
- NestedObject: schema.NestedAttributeObject{
- Attributes: map[string]schema.Attribute{
- "id": schema.StringAttribute{
- Description: "Key of the device management script group assignment entity.",
- Computed: true,
- },
- "target_group_id": schema.StringAttribute{
- Description: "The Id of the Azure Active Directory group we are targeting the script to.",
- Computed: true,
- },
- },
- },
+ MarkdownDescription: "The script content.",
+ Computed: true,
+ Sensitive: true,
},
+ "assignments": commonschema.ScriptAssignmentsSchema(),
+ "timeouts": commonschema.Timeouts(ctx),
},
}
}
diff --git a/internal/datasources/device_and_app_management/beta/windows_platform_script/read.go b/internal/datasources/device_and_app_management/beta/windows_platform_script/read.go
index 6cb7ae0a..ef86b7fc 100644
--- a/internal/datasources/device_and_app_management/beta/windows_platform_script/read.go
+++ b/internal/datasources/device_and_app_management/beta/windows_platform_script/read.go
@@ -6,24 +6,60 @@ import (
"time"
"github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/crud"
- "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/errors"
resource "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/device_and_app_management/beta/windows_platform_script"
"github.com/hashicorp/terraform-plugin-framework/datasource"
"github.com/hashicorp/terraform-plugin-log/tflog"
+ graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
)
-// Read handles the Read operation for the WindowsPlatformScriptDataSource.
+// Read handles the Read operation for Windows Platform Script data sources.
+//
+// The function supports two methods of looking up a Windows Platform Script:
+// 1. By ID - Uses a direct API call to fetch the specific script
+// 2. By DisplayName - Lists all scripts and finds the matching one
+//
+// The function ensures that:
+// - Either ID or DisplayName is provided (but not both)
+// - The lookup method is optimized based on the provided identifier
+// - The remote state is properly mapped to the Terraform state
+//
+// The function will:
+// 1. Extract and validate the configuration
+// 2. Verify that exactly one identifier (ID or DisplayName) is provided
+// 3. Perform the appropriate API call based on the provided identifier
+// 4. Map the remote state to the Terraform state
+// 5. Handle any errors and return appropriate diagnostics
+//
+// If using ID:
+// - Makes a direct GET request to the specific resource endpoint
+// - Returns error if the ID is not found
+//
+// If using DisplayName:
+// - Retrieves all scripts and searches for matching display name
+// - Returns error if no matching script is found
func (d *WindowsPlatformScriptDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
var object resource.WindowsPlatformScriptResourceModel
- tflog.Debug(ctx, fmt.Sprintf("Starting Datasource Read method for: %s_%s", d.ProviderTypeName, d.TypeName))
-
resp.Diagnostics.Append(req.Config.Get(ctx, &object)...)
if resp.Diagnostics.HasError() {
return
}
- tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", d.ProviderTypeName, d.TypeName, object.ID.ValueString()))
+ // Validate that either ID or display_name is provided, but not both
+ if object.ID.IsNull() && object.DisplayName.IsNull() {
+ resp.Diagnostics.AddError(
+ "Invalid Configuration",
+ "Either id or display_name must be provided",
+ )
+ return
+ }
+ if !object.ID.IsNull() && !object.DisplayName.IsNull() {
+ resp.Diagnostics.AddError(
+ "Invalid Configuration",
+ "Only one of id or display_name should be provided, not both",
+ )
+ return
+ }
ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Read, resource.ReadTimeout*time.Second, &resp.Diagnostics)
if cancel == nil {
@@ -31,33 +67,88 @@ func (d *WindowsPlatformScriptDataSource) Read(ctx context.Context, req datasour
}
defer cancel()
- // Read base resource
- respResource, err := d.client.
- DeviceManagement().
- DeviceManagementScripts().
- ByDeviceManagementScriptId(object.ID.ValueString()).
- Get(ctx, nil)
+ if !object.ID.IsNull() {
+ // Direct lookup by ID
+ respResource, err := d.client.
+ DeviceManagement().
+ DeviceManagementScripts().
+ ByDeviceManagementScriptId(object.ID.ValueString()).
+ Get(ctx, nil)
+ if err != nil {
+ resp.Diagnostics.AddError(
+ "Error Reading Windows Platform Script",
+ fmt.Sprintf("Could not read Windows Platform Script ID %s: %s", object.ID.ValueString(), err),
+ )
+ return
+ }
- if err != nil {
- errors.HandleGraphError(ctx, err, resp, "Read", d.ReadPermissions)
- return
- }
+ resource.MapRemoteResourceStateToTerraform(ctx, &object, respResource)
- resource.MapRemoteResourceStateToTerraform(ctx, &object, respResource)
+ // Get assignments for the script
+ respAssignments, err := d.client.
+ DeviceManagement().
+ DeviceManagementScripts().
+ ByDeviceManagementScriptId(object.ID.ValueString()).
+ Assignments().
+ Get(ctx, nil)
+ if err != nil {
+ resp.Diagnostics.AddError(
+ "Error Reading Windows Platform Script Assignments",
+ fmt.Sprintf("Could not read assignments for script ID %s: %s", object.ID.ValueString(), err),
+ )
+ return
+ }
- respAssignments, err := d.client.
- DeviceManagement().
- DeviceManagementScripts().
- ByDeviceManagementScriptId(object.ID.ValueString()).
- Assignments().
- Get(ctx, nil)
+ resource.MapRemoteAssignmentStateToTerraform(ctx, &object, respAssignments)
+ } else {
+ // Lookup by display name
+ result, err := d.client.
+ DeviceManagement().
+ DeviceManagementScripts().
+ Get(ctx, nil)
+ if err != nil {
+ resp.Diagnostics.AddError(
+ "Error Reading Windows Platform Scripts",
+ fmt.Sprintf("Could not read Windows Platform Scripts: %s", err),
+ )
+ return
+ }
- if err != nil {
- errors.HandleGraphError(ctx, err, resp, "Read", d.ReadPermissions)
- return
- }
+ var foundScript graphmodels.DeviceManagementScriptable
+ for _, script := range result.GetValue() {
+ if *script.GetDisplayName() == object.DisplayName.ValueString() {
+ foundScript = script
+ break
+ }
+ }
+
+ if foundScript == nil {
+ resp.Diagnostics.AddError(
+ "Error Reading Windows Platform Script",
+ fmt.Sprintf("No Windows Platform Script found with display name: %s", object.DisplayName.ValueString()),
+ )
+ return
+ }
- resource.MapRemoteAssignmentStateToTerraform(ctx, &object, respAssignments)
+ resource.MapRemoteResourceStateToTerraform(ctx, &object, foundScript)
+
+ // Get assignments for the found script
+ respAssignments, err := d.client.
+ DeviceManagement().
+ DeviceManagementScripts().
+ ByDeviceManagementScriptId(*foundScript.GetId()).
+ Assignments().
+ Get(ctx, nil)
+ if err != nil {
+ resp.Diagnostics.AddError(
+ "Error Reading Windows Platform Script Assignments",
+ fmt.Sprintf("Could not read assignments for script: %s", err),
+ )
+ return
+ }
+
+ resource.MapRemoteAssignmentStateToTerraform(ctx, &object, respAssignments)
+ }
resp.Diagnostics.Append(resp.State.Set(ctx, &object)...)
if resp.Diagnostics.HasError() {
diff --git a/internal/provider/resources.go b/internal/provider/resources.go
index e218f835..889a8c9e 100644
--- a/internal/provider/resources.go
+++ b/internal/provider/resources.go
@@ -46,7 +46,7 @@ func (p *M365Provider) Resources(ctx context.Context) []func() resource.Resource
graphBetaDeviceAndAppManagementBrowserSite.NewBrowserSiteResource,
graphBetaDeviceAndAppManagementBrowserSiteList.NewBrowserSiteListResource,
graphBetaDeviceAndAppManagementEndpointPrivilegeManagement.NewEndpointPrivilegeManagementResource,
- graphBetaDeviceAndAppManagementmacOSPlatformScript.NewDeviceShellScriptResource,
+ graphBetaDeviceAndAppManagementmacOSPlatformScript.NewMacOSPlatformScriptResource,
graphBetaDeviceAndAppManagementM365AppsInstallationOptions.NewM365AppsInstallationOptionsResource,
graphBetaDeviceAndAppManagementMobileAppAssignment.NewMobileAppAssignmentResource,
graphBetaDeviceAndAppManagementSettingsCatalog.NewSettingsCatalogResource,
diff --git a/internal/resources/device_and_app_management/beta/assignment_filter/crud.go b/internal/resources/device_and_app_management/beta/assignment_filter/crud.go
index f6428bfc..0fb613e7 100644
--- a/internal/resources/device_and_app_management/beta/assignment_filter/crud.go
+++ b/internal/resources/device_and_app_management/beta/assignment_filter/crud.go
@@ -10,26 +10,37 @@ import (
"github.com/hashicorp/terraform-plugin-framework/resource"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/hashicorp/terraform-plugin-log/tflog"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
)
-// Create handles the Create operation.
+// Create handles the Create operation for Assignment filter resources.
+//
+// - Retrieves the planned configuration from the create request
+// - Constructs the resource request body from the plan
+// - Sends POST request to create the base resource and settings
+// - Sets initial state with planned values
+// - Calls Read operation to fetch the latest state from the API with retry
+// - Updates the final state with the fresh data from the API
func (r *AssignmentFilterResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
- var plan AssignmentFilterResourceModel
+ var object AssignmentFilterResourceModel
tflog.Debug(ctx, fmt.Sprintf("Starting creation of resource: %s_%s", r.ProviderTypeName, r.TypeName))
- resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...)
+ resp.Diagnostics.Append(req.Plan.Get(ctx, &object)...)
if resp.Diagnostics.HasError() {
return
}
- ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics)
+ ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics)
if cancel == nil {
return
}
defer cancel()
- requestBody, err := constructResource(ctx, &plan)
+ deadline, _ := ctx.Deadline()
+ retryTimeout := time.Until(deadline) - time.Second
+
+ requestBody, err := constructResource(ctx, &object)
if err != nil {
resp.Diagnostics.AddError(
"Error constructing resource",
@@ -38,7 +49,7 @@ func (r *AssignmentFilterResource) Create(ctx context.Context, req resource.Crea
return
}
- resource, err := r.client.
+ baseResource, err := r.client.
DeviceManagement().
AssignmentFilters().
Post(ctx, requestBody, nil)
@@ -48,32 +59,57 @@ func (r *AssignmentFilterResource) Create(ctx context.Context, req resource.Crea
return
}
- plan.ID = types.StringValue(*resource.GetId())
-
- MapRemoteStateToTerraform(ctx, &plan, resource)
+ object.ID = types.StringValue(*baseResource.GetId())
- resp.Diagnostics.Append(resp.State.Set(ctx, &plan)...)
+ resp.Diagnostics.Append(resp.State.Set(ctx, &object)...)
if resp.Diagnostics.HasError() {
return
}
+ err = retry.RetryContext(ctx, retryTimeout, func() *retry.RetryError {
+ readResp := &resource.ReadResponse{State: resp.State}
+ r.Read(ctx, resource.ReadRequest{
+ State: resp.State,
+ ProviderMeta: req.ProviderMeta,
+ }, readResp)
+
+ if readResp.Diagnostics.HasError() {
+ return retry.NonRetryableError(fmt.Errorf("error reading resource state after Create Method: %s", readResp.Diagnostics.Errors()))
+ }
+
+ resp.State = readResp.State
+ return nil
+ })
+
+ if err != nil {
+ resp.Diagnostics.AddError(
+ "Error waiting for resource creation",
+ fmt.Sprintf("Failed to verify resource creation: %s", err),
+ )
+ return
+ }
tflog.Debug(ctx, fmt.Sprintf("Finished Create Method: %s_%s", r.ProviderTypeName, r.TypeName))
}
-// Read handles the Read operation.
+// Read handles the Read operation for Assignment Filter resources.
+//
+// - Retrieves the current state from the read request
+// - Gets the base resource details from the API
+// - Maps the base resource details to Terraform state
func (r *AssignmentFilterResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
- var state AssignmentFilterResourceModel
+ var object AssignmentFilterResourceModel
+
tflog.Debug(ctx, fmt.Sprintf("Starting Read method for: %s_%s", r.ProviderTypeName, r.TypeName))
- resp.Diagnostics.Append(req.State.Get(ctx, &state)...)
+ resp.Diagnostics.Append(req.State.Get(ctx, &object)...)
if resp.Diagnostics.HasError() {
return
}
- tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString()))
+ tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, object.ID.ValueString()))
- ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics)
+ ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics)
if cancel == nil {
return
}
@@ -82,7 +118,7 @@ func (r *AssignmentFilterResource) Read(ctx context.Context, req resource.ReadRe
resource, err := r.client.
DeviceManagement().
AssignmentFilters().
- ByDeviceAndAppManagementAssignmentFilterId(state.ID.ValueString()).
+ ByDeviceAndAppManagementAssignmentFilterId(object.ID.ValueString()).
Get(ctx, nil)
if err != nil {
@@ -90,9 +126,9 @@ func (r *AssignmentFilterResource) Read(ctx context.Context, req resource.ReadRe
return
}
- MapRemoteStateToTerraform(ctx, &state, resource)
+ MapRemoteStateToTerraform(ctx, &object, resource)
- resp.Diagnostics.Append(resp.State.Set(ctx, &state)...)
+ resp.Diagnostics.Append(resp.State.Set(ctx, &object)...)
if resp.Diagnostics.HasError() {
return
}
@@ -102,22 +138,25 @@ func (r *AssignmentFilterResource) Read(ctx context.Context, req resource.ReadRe
// Update handles the Update operation.
func (r *AssignmentFilterResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
- var plan AssignmentFilterResourceModel
+ var object AssignmentFilterResourceModel
tflog.Debug(ctx, fmt.Sprintf("Starting Update of resource: %s_%s", r.ProviderTypeName, r.TypeName))
- resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...)
+ resp.Diagnostics.Append(req.Plan.Get(ctx, &object)...)
if resp.Diagnostics.HasError() {
return
}
- ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics)
+ ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics)
if cancel == nil {
return
}
defer cancel()
- requestBody, err := constructResource(ctx, &plan)
+ deadline, _ := ctx.Deadline()
+ retryTimeout := time.Until(deadline) - time.Second
+
+ requestBody, err := constructResource(ctx, &object)
if err != nil {
resp.Diagnostics.AddError(
"Error constructing resource for update method",
@@ -129,7 +168,7 @@ func (r *AssignmentFilterResource) Update(ctx context.Context, req resource.Upda
_, err = r.client.
DeviceManagement().
AssignmentFilters().
- ByDeviceAndAppManagementAssignmentFilterId(plan.ID.ValueString()).
+ ByDeviceAndAppManagementAssignmentFilterId(object.ID.ValueString()).
Patch(ctx, requestBody, nil)
if err != nil {
@@ -137,26 +176,49 @@ func (r *AssignmentFilterResource) Update(ctx context.Context, req resource.Upda
return
}
- resp.Diagnostics.Append(resp.State.Set(ctx, &plan)...)
- if resp.Diagnostics.HasError() {
+ err = retry.RetryContext(ctx, retryTimeout, func() *retry.RetryError {
+ readResp := &resource.ReadResponse{State: resp.State}
+ r.Read(ctx, resource.ReadRequest{
+ State: resp.State,
+ ProviderMeta: req.ProviderMeta,
+ }, readResp)
+
+ if readResp.Diagnostics.HasError() {
+ return retry.NonRetryableError(fmt.Errorf("error reading resource state after Update Method: %s", readResp.Diagnostics.Errors()))
+ }
+
+ resp.State = readResp.State
+ return nil
+ })
+
+ if err != nil {
+ resp.Diagnostics.AddError(
+ "Error waiting for resource update",
+ fmt.Sprintf("Failed to verify resource update: %s", err),
+ )
return
}
tflog.Debug(ctx, fmt.Sprintf("Finished Update Method: %s_%s", r.ProviderTypeName, r.TypeName))
}
-// Delete handles the Delete operation.
+// Delete handles the Delete operation for Assignment Filter resources.
+//
+// - Retrieves the current state from the delete request
+// - Validates the state data and timeout configuration
+// - Sends DELETE request to remove the resource from the API
+// - Cleans up by removing the resource from Terraform state
func (r *AssignmentFilterResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
- var data AssignmentFilterResourceModel
+ var object AssignmentFilterResourceModel
tflog.Debug(ctx, fmt.Sprintf("Starting deletion of resource: %s_%s", r.ProviderTypeName, r.TypeName))
- resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+ resp.Diagnostics.Append(req.State.Get(ctx, &object)...)
if resp.Diagnostics.HasError() {
return
}
- ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics)
+ ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics)
if cancel == nil {
return
}
@@ -165,7 +227,7 @@ func (r *AssignmentFilterResource) Delete(ctx context.Context, req resource.Dele
err := r.client.
DeviceManagement().
AssignmentFilters().
- ByDeviceAndAppManagementAssignmentFilterId(data.ID.ValueString()).
+ ByDeviceAndAppManagementAssignmentFilterId(object.ID.ValueString()).
Delete(ctx, nil)
if err != nil {
diff --git a/internal/resources/device_and_app_management/beta/macos_platform_script/construct_assignment.go b/internal/resources/device_and_app_management/beta/macos_platform_script/construct_assignment.go
index 6fc7691c..f013c616 100644
--- a/internal/resources/device_and_app_management/beta/macos_platform_script/construct_assignment.go
+++ b/internal/resources/device_and_app_management/beta/macos_platform_script/construct_assignment.go
@@ -1,4 +1,4 @@
-package graphBetaDeviceShellScript
+package graphBetaMacOSPlatformScript
import (
"context"
@@ -12,7 +12,7 @@ import (
)
// constructAssignment constructs and returns a ConfigurationPoliciesItemAssignPostRequestBody
-func constructAssignment(ctx context.Context, data *DeviceShellScriptResourceModel) (devicemanagement.DeviceManagementScriptsItemAssignPostRequestBodyable, error) {
+func constructAssignment(ctx context.Context, data *MacOSPlatformScriptResourceModel) (devicemanagement.DeviceManagementScriptsItemAssignPostRequestBodyable, error) {
if data.Assignments == nil {
return nil, fmt.Errorf("assignments configuration block is required even if empty. Minimum config requires all_devices and all_users booleans to be set to false")
}
diff --git a/internal/resources/device_and_app_management/beta/macos_platform_script/construct_resource.go b/internal/resources/device_and_app_management/beta/macos_platform_script/construct_resource.go
index 39b10046..81a03e00 100644
--- a/internal/resources/device_and_app_management/beta/macos_platform_script/construct_resource.go
+++ b/internal/resources/device_and_app_management/beta/macos_platform_script/construct_resource.go
@@ -1,5 +1,5 @@
// Main entry point to construct the intune windows device management script resource for the Terraform provider.
-package graphBetaDeviceShellScript
+package graphBetaMacOSPlatformScript
import (
"context"
@@ -12,7 +12,7 @@ import (
)
// Main entry point to construct the intune windows device management script resource for the Terraform provider.
-func constructResource(ctx context.Context, data *DeviceShellScriptResourceModel) (graphmodels.DeviceShellScriptable, error) {
+func constructResource(ctx context.Context, data *MacOSPlatformScriptResourceModel) (graphmodels.DeviceShellScriptable, error) {
tflog.Debug(ctx, fmt.Sprintf("Constructing %s resource from model", ResourceName))
requestBody := graphmodels.NewDeviceShellScript()
diff --git a/internal/resources/device_and_app_management/beta/macos_platform_script/crud.go b/internal/resources/device_and_app_management/beta/macos_platform_script/crud.go
index 47b8ea77..ec7abecf 100644
--- a/internal/resources/device_and_app_management/beta/macos_platform_script/crud.go
+++ b/internal/resources/device_and_app_management/beta/macos_platform_script/crud.go
@@ -1,9 +1,8 @@
-package graphBetaDeviceShellScript
+package graphBetaMacOSPlatformScript
import (
"context"
"fmt"
- "sync"
"time"
"github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/crud"
@@ -11,21 +10,13 @@ import (
"github.com/hashicorp/terraform-plugin-framework/resource"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/hashicorp/terraform-plugin-log/tflog"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
"github.com/microsoftgraph/msgraph-beta-sdk-go/devicemanagement"
)
-var (
- // mutex needed to lock Create requests during parallel runs to avoid overwhelming api and resulting in stating issues
- mu sync.Mutex
-
- // object is the resource model for the device management script resource
- object DeviceShellScriptResourceModel
-)
-
// Create handles the Create operation.
-func (r *DeviceShellScriptResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
- mu.Lock()
- defer mu.Unlock()
+func (r *MacOSPlatformScriptResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+ var object MacOSPlatformScriptResourceModel
tflog.Debug(ctx, fmt.Sprintf("Starting creation of resource: %s_%s", r.ProviderTypeName, r.TypeName))
@@ -40,6 +31,9 @@ func (r *DeviceShellScriptResource) Create(ctx context.Context, req resource.Cre
}
defer cancel()
+ deadline, _ := ctx.Deadline()
+ retryTimeout := time.Until(deadline) - time.Second
+
requestBody, err := constructResource(ctx, &object)
if err != nil {
resp.Diagnostics.AddError(
@@ -49,8 +43,7 @@ func (r *DeviceShellScriptResource) Create(ctx context.Context, req resource.Cre
return
}
- // create resource
- requestResource, err := r.client.
+ createdResource, err := r.client.
DeviceManagement().
DeviceShellScripts().
Post(ctx, requestBody, nil)
@@ -60,25 +53,30 @@ func (r *DeviceShellScriptResource) Create(ctx context.Context, req resource.Cre
return
}
- object.ID = types.StringValue(*requestResource.GetId())
+ object.ID = types.StringValue(*createdResource.GetId())
- // create assignments
if object.Assignments != nil {
requestAssignment, err := constructAssignment(ctx, &object)
if err != nil {
resp.Diagnostics.AddError(
- "Error constructing assignment for create method",
+ "Error constructing assignment for Create Method",
fmt.Sprintf("Could not construct assignment: %s_%s: %s", r.ProviderTypeName, r.TypeName, err.Error()),
)
return
}
- err = r.client.
- DeviceManagement().
- DeviceShellScripts().
- ByDeviceShellScriptId(object.ID.ValueString()).
- Assign().
- Post(ctx, requestAssignment, nil)
+ err = retry.RetryContext(ctx, retryTimeout, func() *retry.RetryError {
+ err := r.client.
+ DeviceManagement().
+ DeviceShellScripts().
+ ByDeviceShellScriptId(object.ID.ValueString()).
+ Assign().
+ Post(ctx, requestAssignment, nil)
+ if err != nil {
+ return retry.RetryableError(fmt.Errorf("failed to create assignment: %s", err))
+ }
+ return nil
+ })
if err != nil {
errors.HandleGraphError(ctx, err, resp, "Create", r.WritePermissions)
@@ -86,29 +84,33 @@ func (r *DeviceShellScriptResource) Create(ctx context.Context, req resource.Cre
}
}
- // resource and assignments are found within the same call
- respResource, err := r.client.
- DeviceManagement().
- DeviceShellScripts().
- ByDeviceShellScriptId(object.ID.ValueString()).
- Get(context.Background(), &devicemanagement.DeviceShellScriptsDeviceShellScriptItemRequestBuilderGetRequestConfiguration{
- QueryParameters: &devicemanagement.DeviceShellScriptsDeviceShellScriptItemRequestBuilderGetQueryParameters{
- Expand: []string{"assignments"},
- },
- })
-
- if err != nil {
- errors.HandleGraphError(ctx, err, resp, "Create", r.WritePermissions)
+ resp.Diagnostics.Append(resp.State.Set(ctx, &object)...)
+ if resp.Diagnostics.HasError() {
return
}
- MapRemoteResourceStateToTerraform(ctx, &object, respResource)
+ err = retry.RetryContext(ctx, retryTimeout, func() *retry.RetryError {
+ readResp := &resource.ReadResponse{State: resp.State}
+ r.Read(ctx, resource.ReadRequest{
+ State: resp.State,
+ ProviderMeta: req.ProviderMeta,
+ }, readResp)
- resp.Diagnostics.Append(resp.State.Set(ctx, &object)...)
- if resp.Diagnostics.HasError() {
+ if readResp.Diagnostics.HasError() {
+ return retry.NonRetryableError(fmt.Errorf("error reading resource state after Create Method: %s", readResp.Diagnostics.Errors()))
+ }
+
+ resp.State = readResp.State
+ return nil
+ })
+
+ if err != nil {
+ resp.Diagnostics.AddError(
+ "Error waiting for resource creation",
+ fmt.Sprintf("Failed to verify resource creation: %s", err),
+ )
return
}
-
tflog.Debug(ctx, fmt.Sprintf("Finished Create Method: %s_%s", r.ProviderTypeName, r.TypeName))
}
@@ -121,7 +123,9 @@ func (r *DeviceShellScriptResource) Create(ctx context.Context, req resource.Cre
// The function ensures all components are properly read and mapped into the
// Terraform state in a single API call, providing a complete view of the
// resource's current configuration on the server.
-func (r *DeviceShellScriptResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+func (r *MacOSPlatformScriptResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+ var object MacOSPlatformScriptResourceModel
+
tflog.Debug(ctx, fmt.Sprintf("Starting Read method for: %s_%s", r.ProviderTypeName, r.TypeName))
resp.Diagnostics.Append(req.State.Get(ctx, &object)...)
@@ -175,11 +179,12 @@ func (r *DeviceShellScriptResource) Read(ctx context.Context, req resource.ReadR
// through PATCH operations for the base resource, while assignments are handled through
// a separate POST operation to the assign endpoint. This allows for atomic updates
// of both the script properties and its assignments.
-func (r *DeviceShellScriptResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+func (r *MacOSPlatformScriptResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+ var object MacOSPlatformScriptResourceModel
+
tflog.Debug(ctx, fmt.Sprintf("Starting Update of resource: %s_%s", r.ProviderTypeName, r.TypeName))
- var state DeviceShellScriptResourceModel
- resp.Diagnostics.Append(req.State.Get(ctx, &state)...)
+ resp.Diagnostics.Append(req.State.Get(ctx, &object)...)
if resp.Diagnostics.HasError() {
return
}
@@ -195,6 +200,9 @@ func (r *DeviceShellScriptResource) Update(ctx context.Context, req resource.Upd
}
defer cancel()
+ deadline, _ := ctx.Deadline()
+ retryTimeout := time.Until(deadline) - time.Second
+
requestBody, err := constructResource(ctx, &object)
if err != nil {
resp.Diagnostics.AddError(
@@ -207,7 +215,7 @@ func (r *DeviceShellScriptResource) Update(ctx context.Context, req resource.Upd
_, err = r.client.
DeviceManagement().
DeviceShellScripts().
- ByDeviceShellScriptId(state.ID.ValueString()).
+ ByDeviceShellScriptId(object.ID.ValueString()).
Patch(ctx, requestBody, nil)
if err != nil {
@@ -228,7 +236,7 @@ func (r *DeviceShellScriptResource) Update(ctx context.Context, req resource.Upd
err = r.client.
DeviceManagement().
DeviceShellScripts().
- ByDeviceShellScriptId(state.ID.ValueString()).
+ ByDeviceShellScriptId(object.ID.ValueString()).
Assign().
Post(ctx, requestAssignment, nil)
@@ -238,25 +246,26 @@ func (r *DeviceShellScriptResource) Update(ctx context.Context, req resource.Upd
}
}
- respResource, err := r.client.
- DeviceManagement().
- DeviceShellScripts().
- ByDeviceShellScriptId(state.ID.ValueString()).
- Get(ctx, &devicemanagement.DeviceShellScriptsDeviceShellScriptItemRequestBuilderGetRequestConfiguration{
- QueryParameters: &devicemanagement.DeviceShellScriptsDeviceShellScriptItemRequestBuilderGetQueryParameters{
- Expand: []string{"assignments"},
- },
- })
+ err = retry.RetryContext(ctx, retryTimeout, func() *retry.RetryError {
+ readResp := &resource.ReadResponse{State: resp.State}
+ r.Read(ctx, resource.ReadRequest{
+ State: resp.State,
+ ProviderMeta: req.ProviderMeta,
+ }, readResp)
- if err != nil {
- errors.HandleGraphError(ctx, err, resp, "Update - Get", r.WritePermissions)
- return
- }
+ if readResp.Diagnostics.HasError() {
+ return retry.NonRetryableError(fmt.Errorf("error reading resource state after Update Method: %s", readResp.Diagnostics.Errors()))
+ }
- MapRemoteResourceStateToTerraform(ctx, &object, respResource)
+ resp.State = readResp.State
+ return nil
+ })
- resp.Diagnostics.Append(resp.State.Set(ctx, &object)...)
- if resp.Diagnostics.HasError() {
+ if err != nil {
+ resp.Diagnostics.AddError(
+ "Error waiting for resource update",
+ fmt.Sprintf("Failed to verify resource update: %s", err),
+ )
return
}
@@ -271,7 +280,8 @@ func (r *DeviceShellScriptResource) Update(ctx context.Context, req resource.Upd
// - Cleans up by removing the resource from Terraform state
//
// All assignments and settings associated with the resource are automatically removed as part of the deletion.
-func (r *DeviceShellScriptResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+func (r *MacOSPlatformScriptResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+ var object MacOSPlatformScriptResourceModel
tflog.Debug(ctx, fmt.Sprintf("Starting deletion of resource: %s_%s", r.ProviderTypeName, r.TypeName))
diff --git a/internal/resources/device_and_app_management/beta/macos_platform_script/model.go b/internal/resources/device_and_app_management/beta/macos_platform_script/model.go
index d4a49dc2..7425eccc 100644
--- a/internal/resources/device_and_app_management/beta/macos_platform_script/model.go
+++ b/internal/resources/device_and_app_management/beta/macos_platform_script/model.go
@@ -1,6 +1,6 @@
-// https://learn.microsoft.com/en-us/graph/api/resources/intune-devices-deviceshellscript?view=graph-rest-beta
+// https://learn.microsoft.com/en-us/graph/api/resources/intune-devices-MacOSPlatformScript?view=graph-rest-beta
-package graphBetaDeviceShellScript
+package graphBetaMacOSPlatformScript
import (
sharedmodels "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/shared_models/graph_beta/device_and_app_management"
@@ -8,7 +8,7 @@ import (
"github.com/hashicorp/terraform-plugin-framework/types"
)
-type DeviceShellScriptResourceModel struct {
+type MacOSPlatformScriptResourceModel struct {
ID types.String `tfsdk:"id"`
DisplayName types.String `tfsdk:"display_name"`
Description types.String `tfsdk:"description"`
diff --git a/internal/resources/device_and_app_management/beta/macos_platform_script/modify_plan.go b/internal/resources/device_and_app_management/beta/macos_platform_script/modify_plan.go
index dfe2845d..629de6f6 100644
--- a/internal/resources/device_and_app_management/beta/macos_platform_script/modify_plan.go
+++ b/internal/resources/device_and_app_management/beta/macos_platform_script/modify_plan.go
@@ -1,4 +1,4 @@
-package graphBetaDeviceShellScript
+package graphBetaMacOSPlatformScript
import (
"context"
@@ -8,7 +8,7 @@ import (
)
// ModifyPlan handles plan modification for diff suppression
-func (r *DeviceShellScriptResource) ModifyPlan(ctx context.Context, req resource.ModifyPlanRequest, resp *resource.ModifyPlanResponse) {
+func (r *MacOSPlatformScriptResource) ModifyPlan(ctx context.Context, req resource.ModifyPlanRequest, resp *resource.ModifyPlanResponse) {
if req.State.Raw.IsNull() || req.Plan.Raw.IsNull() {
return
}
diff --git a/internal/resources/device_and_app_management/beta/macos_platform_script/resource.go b/internal/resources/device_and_app_management/beta/macos_platform_script/resource.go
index f8d95f1e..b9c5a60d 100644
--- a/internal/resources/device_and_app_management/beta/macos_platform_script/resource.go
+++ b/internal/resources/device_and_app_management/beta/macos_platform_script/resource.go
@@ -1,4 +1,4 @@
-package graphBetaDeviceShellScript
+package graphBetaMacOSPlatformScript
import (
"context"
@@ -25,20 +25,20 @@ const (
var (
// Basic resource interface (CRUD operations)
- _ resource.Resource = &DeviceShellScriptResource{}
+ _ resource.Resource = &MacOSPlatformScriptResource{}
// Allows the resource to be configured with the provider client
- _ resource.ResourceWithConfigure = &DeviceShellScriptResource{}
+ _ resource.ResourceWithConfigure = &MacOSPlatformScriptResource{}
// Enables import functionality
- _ resource.ResourceWithImportState = &DeviceShellScriptResource{}
+ _ resource.ResourceWithImportState = &MacOSPlatformScriptResource{}
// Enables plan modification/diff suppression
- _ resource.ResourceWithModifyPlan = &DeviceShellScriptResource{}
+ _ resource.ResourceWithModifyPlan = &MacOSPlatformScriptResource{}
)
-func NewDeviceShellScriptResource() resource.Resource {
- return &DeviceShellScriptResource{
+func NewMacOSPlatformScriptResource() resource.Resource {
+ return &MacOSPlatformScriptResource{
ReadPermissions: []string{
"DeviceManagementConfiguration.Read.All",
"DeviceManagementManagedDevices.Read.All",
@@ -47,11 +47,11 @@ func NewDeviceShellScriptResource() resource.Resource {
"DeviceManagementManagedDevices.ReadWrite.All",
"DeviceManagementConfiguration.ReadWrite.All",
},
- ResourcePath: "/deviceManagement/deviceShellScripts",
+ ResourcePath: "/deviceManagement/MacOSPlatformScripts",
}
}
-type DeviceShellScriptResource struct {
+type MacOSPlatformScriptResource struct {
client *msgraphbetasdk.GraphServiceClient
ProviderTypeName string
TypeName string
@@ -61,34 +61,34 @@ type DeviceShellScriptResource struct {
}
// Metadata returns the resource type name.
-func (r *DeviceShellScriptResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+func (r *MacOSPlatformScriptResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
resp.TypeName = req.ProviderTypeName + "_" + ResourceName
}
// Configure sets the client for the resource.
-func (r *DeviceShellScriptResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+func (r *MacOSPlatformScriptResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
r.client = common.SetGraphBetaClientForResource(ctx, req, resp, r.TypeName)
}
// ImportState imports the resource state.
-func (r *DeviceShellScriptResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+func (r *MacOSPlatformScriptResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp)
}
-func (r *DeviceShellScriptResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+func (r *MacOSPlatformScriptResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
resp.Schema = schema.Schema{
- Description: "Manages an Intune macOS platform script using the 'deviceShellScripts' Graph Beta API.",
+ Description: "Manages an Intune macOS platform script using the 'MacOSPlatformScripts' Graph Beta API.",
Attributes: map[string]schema.Attribute{
"id": schema.StringAttribute{
- Description: "Unique Identifier for the device management script.",
+ Description: "Unique Identifier for the macOS Platform Script.",
Computed: true,
},
"display_name": schema.StringAttribute{
- Description: "Name of the device management script.",
+ Description: "Name of the macOS Platform Script.",
Required: true,
},
"description": schema.StringAttribute{
- Description: "Optional description for the device management script.",
+ Description: "Optional description for the macOS Platform Script.",
Optional: true,
},
"script_content": schema.StringAttribute{
@@ -97,11 +97,11 @@ func (r *DeviceShellScriptResource) Schema(ctx context.Context, req resource.Sch
Sensitive: true,
},
"created_date_time": schema.StringAttribute{
- Description: "The date and time the device management script was created. This property is read-only.",
+ Description: "The date and time the macOS Platform Script was created. This property is read-only.",
Computed: true,
},
"last_modified_date_time": schema.StringAttribute{
- Description: "The date and time the device management script was last modified. This property is read-only.",
+ Description: "The date and time the macOS Platform Script was last modified. This property is read-only.",
Computed: true,
},
"run_as_account": schema.StringAttribute{
diff --git a/internal/resources/device_and_app_management/beta/macos_platform_script/state_assignment.go b/internal/resources/device_and_app_management/beta/macos_platform_script/state_assignment.go
index 816f68e8..24800a05 100644
--- a/internal/resources/device_and_app_management/beta/macos_platform_script/state_assignment.go
+++ b/internal/resources/device_and_app_management/beta/macos_platform_script/state_assignment.go
@@ -1,4 +1,4 @@
-package graphBetaDeviceShellScript
+package graphBetaMacOSPlatformScript
import (
"context"
@@ -11,7 +11,7 @@ import (
)
// MapRemoteAssignmentStateToTerraform maps the remote policy assignment state to the Terraform state
-func MapRemoteAssignmentStateToTerraform(ctx context.Context, data *DeviceShellScriptResourceModel, assignmentsResponse models.DeviceManagementScriptAssignmentCollectionResponseable) {
+func MapRemoteAssignmentStateToTerraform(ctx context.Context, data *MacOSPlatformScriptResourceModel, assignmentsResponse models.DeviceManagementScriptAssignmentCollectionResponseable) {
if assignmentsResponse == nil {
tflog.Debug(ctx, "Assignments response is nil")
return
diff --git a/internal/resources/device_and_app_management/beta/macos_platform_script/state_base_resource.go b/internal/resources/device_and_app_management/beta/macos_platform_script/state_base_resource.go
index 7de09a32..9caf251e 100644
--- a/internal/resources/device_and_app_management/beta/macos_platform_script/state_base_resource.go
+++ b/internal/resources/device_and_app_management/beta/macos_platform_script/state_base_resource.go
@@ -1,5 +1,5 @@
// MapRemoteResourceStateToTerraform states the base properties of a SettingsCatalogProfileResourceModel to a Terraform state
-package graphBetaDeviceShellScript
+package graphBetaMacOSPlatformScript
import (
"context"
@@ -12,8 +12,8 @@ import (
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
)
-// MapRemoteResourceStateToTerraform maps the base properties of a DeviceShellScriptResourceModel to a Terraform state.
-func MapRemoteResourceStateToTerraform(ctx context.Context, data *DeviceShellScriptResourceModel, remoteResource graphmodels.DeviceShellScriptable) {
+// MapRemoteResourceStateToTerraform maps the base properties of a MacOSPlatformScriptResourceModel to a Terraform state.
+func MapRemoteResourceStateToTerraform(ctx context.Context, data *MacOSPlatformScriptResourceModel, remoteResource graphmodels.DeviceShellScriptable) {
if remoteResource == nil {
tflog.Debug(ctx, "Remote resource is nil")
return
diff --git a/internal/resources/device_and_app_management/beta/macos_platform_script/validate_assignment.go b/internal/resources/device_and_app_management/beta/macos_platform_script/validate_assignment.go
index 16d4701e..162b8263 100644
--- a/internal/resources/device_and_app_management/beta/macos_platform_script/validate_assignment.go
+++ b/internal/resources/device_and_app_management/beta/macos_platform_script/validate_assignment.go
@@ -1,4 +1,4 @@
-package graphBetaDeviceShellScript
+package graphBetaMacOSPlatformScript
import (
"fmt"
diff --git a/internal/resources/device_and_app_management/beta/role_scope_tag/crud.go b/internal/resources/device_and_app_management/beta/role_scope_tag/crud.go
index 158d910e..a1ad2171 100644
--- a/internal/resources/device_and_app_management/beta/role_scope_tag/crud.go
+++ b/internal/resources/device_and_app_management/beta/role_scope_tag/crud.go
@@ -92,6 +92,11 @@ func (r *RoleScopeTagResource) Create(ctx context.Context, req resource.CreateRe
}
}
+ resp.Diagnostics.Append(resp.State.Set(ctx, &object)...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
err = retry.RetryContext(ctx, retryTimeout, func() *retry.RetryError {
readResp := &resource.ReadResponse{State: resp.State}
r.Read(ctx, resource.ReadRequest{
diff --git a/internal/resources/device_and_app_management/beta/role_scope_tag/state_assignment.go b/internal/resources/device_and_app_management/beta/role_scope_tag/state_assignment.go
index 8eb72938..9ae1df13 100644
--- a/internal/resources/device_and_app_management/beta/role_scope_tag/state_assignment.go
+++ b/internal/resources/device_and_app_management/beta/role_scope_tag/state_assignment.go
@@ -12,17 +12,17 @@ import (
// MapRemoteAssignmentStateToTerraform maps the assignment remote state to the Terraform model
func MapRemoteAssignmentStateToTerraform(ctx context.Context, terraform *RoleScopeTagResourceModel, assignmentsResponse graphmodels.RoleScopeTagAutoAssignmentCollectionResponseable) {
if assignmentsResponse == nil {
- terraform.Assignments = nil
+ terraform.Assignments = make([]types.String, 0)
return
}
assignments := assignmentsResponse.GetValue()
if assignments == nil {
- terraform.Assignments = nil
+ terraform.Assignments = make([]types.String, 0)
return
}
- var groupIDs []types.String
+ groupIDs := make([]types.String, 0)
for _, assignment := range assignments {
target := assignment.GetTarget()
if target == nil {
diff --git a/internal/resources/device_and_app_management/beta/role_scope_tag/state_base_resource.go b/internal/resources/device_and_app_management/beta/role_scope_tag/state_base_resource.go
index 7e1407db..e61b85c5 100644
--- a/internal/resources/device_and_app_management/beta/role_scope_tag/state_base_resource.go
+++ b/internal/resources/device_and_app_management/beta/role_scope_tag/state_base_resource.go
@@ -13,6 +13,12 @@ import (
func MapRemoteResourceStateToTerraform(ctx context.Context, data *RoleScopeTagResourceModel, remoteResource graphmodels.RoleScopeTagable) {
if remoteResource == nil {
tflog.Debug(ctx, "Remote resource is nil")
+ // Initialize with empty/default values
+ data.ID = types.StringNull()
+ data.DisplayName = types.StringNull()
+ data.Description = types.StringNull()
+ data.IsBuiltIn = types.BoolNull()
+ data.Assignments = make([]types.String, 0)
return
}
diff --git a/internal/resources/device_and_app_management/beta/windows_platform_script/resource.go b/internal/resources/device_and_app_management/beta/windows_platform_script/resource.go
index 77d6e844..fff78762 100644
--- a/internal/resources/device_and_app_management/beta/windows_platform_script/resource.go
+++ b/internal/resources/device_and_app_management/beta/windows_platform_script/resource.go
@@ -79,15 +79,15 @@ func (r *WindowsPlatformScriptResource) Schema(ctx context.Context, req resource
Description: "Manages an Intune windows platform script using the 'deviceManagementScripts' Graph Beta API.",
Attributes: map[string]schema.Attribute{
"id": schema.StringAttribute{
- Description: "Unique Identifier for the device management script.",
+ Description: "Unique Identifier for the windows platform script.",
Computed: true,
},
"display_name": schema.StringAttribute{
- Description: "Name of the device management script.",
+ Description: "Name of the windows platform script.",
Required: true,
},
"description": schema.StringAttribute{
- Description: "Optional description for the device management script.",
+ Description: "Optional description for the windows platform script.",
Optional: true,
},
"script_content": schema.StringAttribute{