deploymenttheory · ShocOne · Dec 17, 2024 · Dec 17, 2024 · Dec 17, 2024 · Dec 17, 2024
@@ -45,7 +45,8 @@ jobs:
     - name: Generate tf docs
       run: |
         go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs
-        tfplugindocs generate --examples-dir examples
+        cd $GITHUB_WORKSPACE
+        tfplugindocs generate --examples-dir $GITHUB_WORKSPACE/examples
 
     - name: Check for changes in generated Go docs and formatted Terraform files
       id: go-gen-check

@@ -4,6 +4,12 @@ on:
   push:
     tags:
       - 'v*'
+  workflow_dispatch:
+    inputs:
+      release_version:
+        description: 'TF Provider Release version to publish'
+        required: true
+        default: 'v0.0.0'
 
 permissions:
   contents: write

@@ -213,7 +213,7 @@ terraform {
   required_providers {
     microsoft365 = {
       source  = "deploymenttheory/terraform-provider-microsoft365"
-      version = "~> 1.0.0"  
+      version = "~> 1.0.0"
     }
   }
 }
@@ -227,16 +227,16 @@ provider "microsoft365" {
   debug_mode       = var.debug_mode
 
   entra_id_options = {
-    client_id                     = var.client_id
-    client_secret                 = var.client_secret
-    client_certificate            = var.client_certificate
-    client_certificate_password   = var.client_certificate_password
-    send_certificate_chain        = var.send_certificate_chain
-    username                      = var.username
-    password                      = var.password
-    disable_instance_discovery    = var.disable_instance_discovery
-    additionally_allowed_tenants  = var.additionally_allowed_tenants
-    redirect_url                  = var.redirect_url
+    client_id                    = var.client_id
+    client_secret                = var.client_secret
+    client_certificate           = var.client_certificate
+    client_certificate_password  = var.client_certificate_password
+    send_certificate_chain       = var.send_certificate_chain
+    username                     = var.username
+    password                     = var.password
+    disable_instance_discovery   = var.disable_instance_discovery
+    additionally_allowed_tenants = var.additionally_allowed_tenants
+    redirect_url                 = var.redirect_url
   }
 
   client_options = {

@@ -115,6 +115,6 @@ Import is supported using the following syntax:
 ```shell
 # Using the provider-default project ID, the import ID is:
 # {resource_id}
-terraform terraform import microsoft365_graph_beta_device_and_app_management_device_shell_script.example device-shell-script-id
+terraform import microsoft365_graph_beta_device_and_app_management_device_shell_script.example device-shell-script-id
 ```
 
@@ -494,6 +494,6 @@ Import is supported using the following syntax:
 ```shell
 # Using the provider-default project ID, the import ID is:
 # {resource_id}
-terraform terraform import microsoft365_graph_beta_device_and_app_management_settings_catalog.example settings-catalog-id
+terraform import microsoft365_graph_beta_device_and_app_management_settings_catalog.example settings-catalog-id
 ```
 
@@ -106,6 +106,6 @@ Import is supported using the following syntax:
 ```shell
 # Using the provider-default project ID, the import ID is:
 # {resource_id}
-terraform terraform import microsoft365_graph_beta_device_and_app_management_device_management_script.example device-management-script-id
+terraform import microsoft365_graph_beta_device_and_app_management_device_management_script.example device-management-script-id
 ```
 
@@ -1,7 +1,6 @@
 ---
-# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "microsoft365_graph_beta_identity_and_access_conditional_access_policy Resource - terraform-provider-microsoft365"
-subcategory: ""
+subcategory: "Identity & Access: Conditional Access Policy"
 description: |-
 
 ---
@@ -10,7 +9,110 @@ description: |-
 
 
 
-
+## Example Usage
+
+```terraform
+resource "microsoft365_graph_beta_identity_and_access_conditional_access_policy" "example_policy" {
+  display_name = "test"
+  state        = "disabled"
+
+  conditions = {
+    applications = {
+      include_applications = ["All"]
+      exclude_applications = []
+      include_user_actions = []
+      application_filter   = null
+    }
+
+    users = {
+      include_users  = ["All"]
+      exclude_users  = ["11111111-1111-1111-1111-111111111111"]
+      include_groups = []
+      exclude_groups = ["11111111-1111-1111-1111-111111111111"]
+      exclude_roles = [
+        "11111111-1111-1111-1111-111111111111",
+        "11111111-1111-1111-1111-111111111111"
+      ]
+      exclude_guests_or_external_users = {
+        guest_or_external_user_types = ["b2bCollaborationGuest", "b2bCollaborationMember"]
+        external_tenants = {
+          membership_kind = "all"
+        }
+      }
+    }
+
+    platforms = {
+      include_platforms = ["iOS", "windows", "windowsPhone"]
+      exclude_platforms = []
+    }
+
+    locations = {
+      include_locations = [
+        "11111111-1111-1111-1111-111111111111",
+        "11111111-1111-1111-1111-111111111111"
+      ]
+      exclude_locations = []
+    }
+
+    client_app_types = ["browser", "mobileAppsAndDesktopClients", "exchangeActiveSync", "other"]
+
+    devices = {
+      device_filter = {
+        mode = "include"
+        rule = "device.deviceId -eq \"thing\""
+      }
+      include_devices = []
+      exclude_devices = []
+    }
+
+    user_risk_levels    = ["high"]
+    sign_in_risk_levels = ["none"]
+
+    authentication_flows = {
+      transfer_methods = ["deviceCodeFlow", "authenticationTransfer"]
+    }
+  }
+
+  grant_controls = {
+    operator          = "AND"
+    built_in_controls = ["mfa", "approvedApplication"]
+  }
+
+  session_controls = {
+    cloud_app_security = {
+      is_enabled              = true
+      cloud_app_security_type = "monitorOnly"
+    }
+
+    sign_in_frequency = {
+      is_enabled          = true
+      type                = "hours"
+      value               = 5
+      frequency_interval  = "timeBased"
+      authentication_type = "primaryAndSecondaryAuthentication"
+    }
+
+    persistent_browser = {
+      is_enabled = true
+      mode       = "always"
+    }
+
+    continuous_access_evaluation = {
+      mode = "strictLocation"
+    }
+
+    disable_resilience_defaults = true
+  }
+
+  # Optional: Define custom timeouts
+  timeouts = {
+    create = "30m"
+    read   = "10m"
+    update = "30m"
+    delete = "30m"
+  }
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
@@ -96,7 +198,7 @@ Optional:
 
 Required:
 
-- `guest_or_external_user_types` (String) Indicates internal guests or external user types. Possible values are: none, internalGuest, b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, otherExternalUser, serviceProvider, unknownFutureValue.
+- `guest_or_external_user_types` (List of String) Indicates internal guests or external user types. Possible values are: none, internalGuest, b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, otherExternalUser, serviceProvider, unknownFutureValue.
 
 Optional:
 
@@ -116,7 +218,7 @@ Required:
 
 Required:
 
-- `guest_or_external_user_types` (String) Indicates internal guests or external user types. Possible values are: none, internalGuest, b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, otherExternalUser, serviceProvider, unknownFutureValue.
+- `guest_or_external_user_types` (List of String) Indicates internal guests or external user types. Possible values are: none, internalGuest, b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, otherExternalUser, serviceProvider, unknownFutureValue.
 
 Optional:
 
@@ -137,7 +239,7 @@ Required:
 
 Optional:
 
-- `transfer_methods` (String) Represents the transfer methods in scope for the policy. The possible values are: none, deviceCodeFlow, authenticationTransfer, unknownFutureValue.
+- `transfer_methods` (List of String) Represents the transfer methods in scope for the policy. The possible values are: none, deviceCodeFlow, authenticationTransfer, unknownFutureValue.
 
 
 <a id="nestedatt--conditions--client_applications"></a>
@@ -174,9 +276,7 @@ Optional:
 Optional:
 
 - `device_filter` (Attributes) Filter that defines the dynamic-device-syntax rule to include/exclude devices. A filter can use device properties (such as extension attributes) to include/exclude them. Cannot be set if includeDevices or excludeDevices is set. (see [below for nested schema](#nestedatt--conditions--devices--device_filter))
-- `exclude_device_states` (List of String, Deprecated) (Deprecated) States excluded from the scope of the policy. Possible values: 'Compliant', 'DomainJoined'.
 - `exclude_devices` (List of String) States excluded from the scope of the policy. Possible values: 'Compliant', 'DomainJoined'. Cannot be set if deviceFilter is set.
-- `include_device_states` (List of String, Deprecated) (Deprecated) States in the scope of the policy. 'All' is the only allowed value.
 - `include_devices` (List of String) States in the scope of the policy. 'All' is the only allowed value. Cannot be set if deviceFilter is set.
 
 <a id="nestedatt--conditions--devices--device_filter"></a>
@@ -321,3 +421,13 @@ Optional:
 - `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
 - `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
 - `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Using the provider-default project ID, the import ID is:
+# {resource_id}
+terraform import microsoft365_graph_beta_identity_and_access_conditional_access_policy.example conditional-access-policy-id
+```
@@ -1,4 +1,4 @@
 # Using the provider-default project ID, the import ID is:
 # {resource_id}
-terraform terraform import microsoft365_graph_beta_device_and_app_management_device_shell_script.example device-shell-script-id
+terraform import microsoft365_graph_beta_device_and_app_management_device_shell_script.example device-shell-script-id
 
@@ -1,4 +1,4 @@
 # Using the provider-default project ID, the import ID is:
 # {resource_id}
-terraform terraform import microsoft365_graph_beta_device_and_app_management_settings_catalog.example settings-catalog-id
+terraform import microsoft365_graph_beta_device_and_app_management_settings_catalog.example settings-catalog-id
 
@@ -1,4 +1,4 @@
 # Using the provider-default project ID, the import ID is:
 # {resource_id}
-terraform terraform import microsoft365_graph_beta_device_and_app_management_device_management_script.example device-management-script-id
+terraform import microsoft365_graph_beta_device_and_app_management_device_management_script.example device-management-script-id
 
@@ -0,0 +1,4 @@
+# Using the provider-default project ID, the import ID is:
+# {resource_id}
+terraform import microsoft365_graph_beta_identity_and_access_conditional_access_policy.example conditional-access-policy-id
+