diff --git a/docs/index.md b/docs/index.md index dd0c0d6c..f74af795 100644 --- a/docs/index.md +++ b/docs/index.md @@ -6,7 +6,7 @@ description: |- # terraform-provider-microsoft365 Provider -The community Microsoft 365 provider allows managing environments and other resources within [Power Platform](https://powerplatform.microsoft.com/). +The community Microsoft 365 provider allows managing environments and other resources within [Microsoft 365](https://www.microsoft.com/en-gb/microsoft-365/products-apps-services). !> This code is made available as a public preview. Features are being actively developed and may have restricted or limited functionality. Future updates may introduce breaking changes, but we follow [Semantic Versioning](https://semver.org/) to help mitigate this. The software may contain bugs, errors, or other issues that could cause service interruption or data loss. We recommend backing up your data and testing in non-production environments. Your feedback is valuable to us, so please share any issues or suggestions you encounter via GitHub issues. @@ -192,7 +192,7 @@ The provider supports additional configuration options for client behavior, tele provider "microsoft365" { # ... authentication configuration ... - debug_mode = false # ENV: M365_DEBUG_MODE + debug_mode = false # ENV: M365_DEBUG_MODE telemetry_optout = false # ENV: M365_TELEMETRY_OPTOUT client_options = { @@ -270,7 +270,7 @@ variable "cloud" { variable "tenant_id" { description = "The M365 tenant ID for the Entra ID application. This ID uniquely identifies your Entra ID (EID) instance. It can be found in the Azure portal under Entra ID > Properties. Can also be set using the `M365_TENANT_ID` environment variable." type = string - default = "2fd6bb84-1234-abcd-9369-1235b25c1234" + default = "" } variable "auth_method" { diff --git a/docs/resources/graph_beta_device_and_app_management_assignment_filter.md b/docs/resources/graph_beta_device_and_app_management_assignment_filter.md index 82401c6c..2c4c3612 100644 --- a/docs/resources/graph_beta_device_and_app_management_assignment_filter.md +++ b/docs/resources/graph_beta_device_and_app_management_assignment_filter.md @@ -1,6 +1,6 @@ --- page_title: "microsoft365_graph_beta_device_and_app_management_assignment_filter Resource - terraform-provider-microsoft365" -subcategory: "Intune Assignment Filter" +subcategory: "Intune: Assignment Filter" description: |- Manages Assignment Filters in Microsoft Intune. --- diff --git a/docs/resources/graph_beta_device_and_app_management_macos_platform_script.md b/docs/resources/graph_beta_device_and_app_management_macos_platform_script.md index 04408f77..2550c9e0 100644 --- a/docs/resources/graph_beta_device_and_app_management_macos_platform_script.md +++ b/docs/resources/graph_beta_device_and_app_management_macos_platform_script.md @@ -1,6 +1,6 @@ --- page_title: "microsoft365_graph_beta_device_and_app_management_macos_platform_script Resource - terraform-provider-microsoft365" -subcategory: "Intune Device Management Script" +subcategory: "Intune: Device Platform Script" description: |- Manages an Intune macOS platform script using the 'deviceShellScripts' Graph Beta API. --- diff --git a/docs/resources/graph_beta_device_and_app_management_settings_catalog.md b/docs/resources/graph_beta_device_and_app_management_settings_catalog.md index b9096ecf..67abed0d 100644 --- a/docs/resources/graph_beta_device_and_app_management_settings_catalog.md +++ b/docs/resources/graph_beta_device_and_app_management_settings_catalog.md @@ -1,6 +1,6 @@ --- page_title: "microsoft365_graph_beta_device_and_app_management_settings_catalog Resource - terraform-provider-microsoft365" -subcategory: "Intune Settings Catalog" +subcategory: "Intune: Device Configuration" description: |- Manages a Settings Catalog policy in Microsoft Intune for Windows, macOS, iOS/iPadOS and Android. --- diff --git a/docs/resources/graph_beta_device_and_app_management_windows_platform_script.md b/docs/resources/graph_beta_device_and_app_management_windows_platform_script.md index 65758dc5..9c41e4ed 100644 --- a/docs/resources/graph_beta_device_and_app_management_windows_platform_script.md +++ b/docs/resources/graph_beta_device_and_app_management_windows_platform_script.md @@ -1,6 +1,6 @@ --- page_title: "microsoft365_graph_beta_device_and_app_management_windows_platform_script Resource - terraform-provider-microsoft365" -subcategory: "Intune Device Management Script" +subcategory: "Intune: Device Platform Script" description: |- Manages an Intune windows platform script using the 'deviceManagementScripts' Graph Beta API. --- diff --git a/internal/client/custom_get_request.go b/internal/client/custom_get_request.go deleted file mode 100644 index 6d40de32..00000000 --- a/internal/client/custom_get_request.go +++ /dev/null @@ -1,121 +0,0 @@ -package client - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - - "github.com/hashicorp/terraform-plugin-log/tflog" - abstractions "github.com/microsoft/kiota-abstractions-go" -) - -// CustomGetRequestConfig contains the configuration for a custom GET request -type CustomGetRequestConfig struct { - // The API version to use (beta or v1.0) - APIVersion GraphAPIVersion - // The base endpoint (e.g., "deviceManagement/configurationPolicies") - Endpoint string - // The endpoint suffix appended after the ID (e.g., "/settings"). Optional. - EndpointSuffix string - // The resource ID syntax format (e.g., "('id')" or "(id)") - ResourceIDPattern string - // The ID of the resource - ResourceID string - // Optional query parameters to include in the request - QueryParameters map[string]string -} - -// SendCustomGetRequestByResourceId performs a custom GET request using the Microsoft Graph SDK when the operation -// is not available in the generated SDK methods or when using raw json is easier to handle for response handling during stating operations. -// This function supports both Beta and V1.0 Graph API versions. -// -// e.g., GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies('191056b1-4c4a-4871-8518-162a105d011a')/settings -// -// The function handles: -// - Construction of the Graph API URL with proper formatting -// - Setting up the GET request with optional query parameters -// - Sending the request with proper authentication -// - Returning the raw JSON response -// -// Parameters: -// - ctx: The context for the request, which can be used for cancellation and timeout -// - adapter: The request adapter for sending the request -// - config: CustomGetRequestConfig containing: -// - APIVersion: The Graph API version to use (Beta or V1.0) -// - Endpoint: The resource endpoint path (e.g., "deviceManagement/configurationPolicies") -// - ResourceID: The ID of the resource to retrieve -// - QueryParameters: Optional query parameters for the request -// -// Returns: -// - json.RawMessage: The raw JSON response from the GET request -// - error: Returns nil if the request was successful, otherwise an error describing what went wrong -// -// Example Usage: -// -// config := CustomGetRequestConfig{ -// APIVersion: GraphAPIBeta, -// Endpoint: "deviceManagement/configurationPolicies('{id}')/settings", -// ResourceID: "d557c813-b8e5-4efc-b00e-9c0bd5fd10df", -// QueryParameters: map[string]string{ -// "$expand": "children", -// }, -// } -// -// response, err := SendCustomGetRequestByResourceId(ctx, adapter, config, factory, errorMappings) -// -// if err != nil { -// log.Fatalf("Error: %v", err) -// } -// -// fmt.Printf("Response: %+v\n", response) -func SendCustomGetRequestByResourceId(ctx context.Context, adapter abstractions.RequestAdapter, reqConfig CustomGetRequestConfig) (json.RawMessage, error) { - requestInfo := abstractions.NewRequestInformation() - requestInfo.Method = abstractions.GET - - // Build endpoint with ID syntax - idFormat := strings.ReplaceAll(reqConfig.ResourceIDPattern, "id", reqConfig.ResourceID) - endpoint := reqConfig.Endpoint + idFormat - if reqConfig.EndpointSuffix != "" { - endpoint += reqConfig.EndpointSuffix - } - - requestInfo.UrlTemplate = "{+baseurl}/" + endpoint - requestInfo.PathParameters = map[string]string{ - "baseurl": fmt.Sprintf("https://graph.microsoft.com/%s", reqConfig.APIVersion), - } - requestInfo.Headers.Add("Accept", "application/json") - - if reqConfig.QueryParameters != nil { - for key, value := range reqConfig.QueryParameters { - requestInfo.QueryParametersAny[key] = value - } - } - - nativeReq, err := adapter.ConvertToNativeRequest(ctx, requestInfo) - if err != nil { - return nil, fmt.Errorf("error converting to native request: %w", err) - } - - httpReq := nativeReq.(*http.Request) - client := &http.Client{} - - resp, err := client.Do(httpReq) - if err != nil { - return nil, fmt.Errorf("error executing request: %w", err) - } - defer resp.Body.Close() - - tflog.Debug(ctx, "Request URL", map[string]interface{}{ - "url": httpReq.URL.String(), - }) - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("error reading response: %w", err) - } - - return body, nil -} diff --git a/internal/client/graphcustom/get_request.go b/internal/client/graphcustom/get_request.go new file mode 100644 index 00000000..bd694e5e --- /dev/null +++ b/internal/client/graphcustom/get_request.go @@ -0,0 +1,204 @@ +package graphcustom + +import ( + "context" + "encoding/json" + "fmt" + "io" + "net/http" + + "github.com/hashicorp/terraform-plugin-log/tflog" + abstractions "github.com/microsoft/kiota-abstractions-go" +) + +// GetRequestConfig contains the configuration for a custom GET request +type GetRequestConfig struct { + // The API version to use (beta or v1.0) + APIVersion GraphAPIVersion + // The base endpoint (e.g., "deviceManagement/configurationPolicies") + Endpoint string + // The endpoint suffix appended after the ID (e.g., "/settings"). Optional. + EndpointSuffix string + // The resource ID syntax format (e.g., "('id')" or "(id)") + ResourceIDPattern string + // The ID of the resource + ResourceID string + // Optional query parameters to include in the request + QueryParameters map[string]string +} + +// ODataResponse represents the structure of an OData response +type ODataResponse struct { + // Value is the array of JSON messages returned by the request + Value []json.RawMessage `json:"value"` + // NextLink is the URL for the next page of results used by pagination + NextLink string `json:"@odata.nextLink,omitempty"` +} + +// GetRequestByResourceId performs a custom GET request using the Microsoft Graph SDK when the operation +// is not available in the generated SDK methods or when using raw json is easier to handle for response handling. +// This function supports both Beta and V1.0 Graph API versions and automatically handles OData pagination if present. +// +// e.g., GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies('191056b1-4c4a-4871-8518-162a105d011a')/settings +// +// The function handles: +// - Construction of the Graph API URL with proper formatting +// - Setting up the GET request with optional query parameters +// - Sending the request with proper authentication +// - Automatic pagination if the response is an OData response with a nextLink +// - Combining paginated results into a single response +// - Returning the raw JSON response +// +// Parameters: +// - ctx: The context for the request, which can be used for cancellation and timeout +// - adapter: The request adapter for sending the request +// - config: GetRequestConfig containing: +// - APIVersion: The Graph API version to use (Beta or V1.0) +// - Endpoint: The resource endpoint path (e.g., "/deviceManagement/configurationPolicies") +// - ResourceID: The ID of the resource to retrieve +// - ResourceIDPattern: The format for the resource ID (e.g., "('id')" or "(id)") +// - EndpointSuffix: Optional suffix to append after the resource ID (e.g., "/settings") +// - QueryParameters: Optional query parameters for the request +// +// Returns: +// - json.RawMessage: The raw JSON response from the GET request. For paginated responses, +// returns a combined response with all results in the "value" array +// - error: Returns nil if the request was successful, otherwise an error describing what went wrong +// +// Example Usage: +// +// config := GetRequestConfig{ +// APIVersion: GraphAPIBeta, +// Endpoint: "/deviceManagement/configurationPolicies", +// ResourceID: "d557c813-b8e5-4efc-b00e-9c0bd5fd10df", +// ResourceIDPattern: "('id')", +// EndpointSuffix: "/settings", +// QueryParameters: map[string]string{ +// "$expand": "children", +// }, +// } +// +// response, err := GetRequestByResourceId(ctx, adapter, config) +// if err != nil { +// log.Fatalf("Error: %v", err) +// } +// +// fmt.Printf("Response: %+v\n", response) +func GetRequestByResourceId(ctx context.Context, adapter abstractions.RequestAdapter, reqConfig GetRequestConfig) (json.RawMessage, error) { + + requestInfo := abstractions.NewRequestInformation() + requestInfo.Method = abstractions.GET + requestInfo.UrlTemplate = ByIDRequestUrlTemplate(reqConfig) + requestInfo.PathParameters = map[string]string{ + "baseurl": fmt.Sprintf("https://graph.microsoft.com/%s", reqConfig.APIVersion), + } + requestInfo.Headers.Add("Accept", "application/json") + + if reqConfig.QueryParameters != nil { + for key, value := range reqConfig.QueryParameters { + requestInfo.QueryParameters[key] = value + } + } + + // Make initial request + body, err := makeRequest(ctx, adapter, requestInfo) + if err != nil { + return nil, err + } + + // Try to parse as OData response to check for pagination + var firstResponse ODataResponse + if err := json.Unmarshal(body, &firstResponse); err != nil { + // Not an OData response, return the raw body + return body, nil + } + + // If no NextLink or no Value array, this isn't a paginated response + if firstResponse.NextLink == "" || firstResponse.Value == nil { + return body, nil + } + + // Handle pagination + var allResults []json.RawMessage + allResults = append(allResults, firstResponse.Value...) + nextLink := firstResponse.NextLink + + tflog.Debug(ctx, "Pagination detected, retrieving additional pages", map[string]interface{}{ + "itemsRetrieved": len(allResults), + }) + + for nextLink != "" { + requestInfo = abstractions.NewRequestInformation() + requestInfo.Method = abstractions.GET + requestInfo.UrlTemplate = nextLink + requestInfo.Headers.Add("Accept", "application/json") + + body, err = makeRequest(ctx, adapter, requestInfo) + if err != nil { + return nil, err + } + + var pageResponse ODataResponse + if err := json.Unmarshal(body, &pageResponse); err != nil { + return nil, fmt.Errorf("error parsing paginated response: %w", err) + } + + allResults = append(allResults, pageResponse.Value...) + nextLink = pageResponse.NextLink + + tflog.Debug(ctx, "Retrieved additional page", map[string]interface{}{ + "itemsRetrieved": len(allResults), + "hasNextPage": nextLink != "", + }) + } + + combinedResponse := map[string]interface{}{ + "value": allResults, + } + + return json.Marshal(combinedResponse) +} + +// makeRequest executes an HTTP request using the provided Kiota request adapter and request information. +// This helper function handles the conversion of Kiota's RequestInformation into a native HTTP request, +// executes the request, and returns the raw response body. +// +// Parameters: +// - ctx: The context for the request, which can be used for cancellation and timeout +// - adapter: The Kiota request adapter that converts RequestInformation to a native request +// - requestInfo: The Kiota RequestInformation containing the request configuration +// +// Returns: +// - []byte: The raw response body from the HTTP request +// - error: Returns nil if the request was successful, otherwise an error describing what went wrong +// +// The function performs the following steps: +// 1. Converts the Kiota RequestInformation to a native HTTP request +// 2. Executes the HTTP request using a standard http.Client +// 3. Reads and returns the complete response body +func makeRequest(ctx context.Context, adapter abstractions.RequestAdapter, requestInfo *abstractions.RequestInformation) ([]byte, error) { + nativeReq, err := adapter.ConvertToNativeRequest(ctx, requestInfo) + if err != nil { + return nil, fmt.Errorf("error converting to native HTTP request: %w", err) + } + + httpReq := nativeReq.(*http.Request) + client := &http.Client{} + + tflog.Debug(ctx, "Making request", map[string]interface{}{ + "url": httpReq.URL.String(), + }) + + resp, err := client.Do(httpReq) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return nil, err + } + + return body, nil +} diff --git a/internal/client/custom_post_request.go b/internal/client/graphcustom/post_request.go similarity index 78% rename from internal/client/custom_post_request.go rename to internal/client/graphcustom/post_request.go index ffdecf6b..df9c96d1 100644 --- a/internal/client/custom_post_request.go +++ b/internal/client/graphcustom/post_request.go @@ -1,4 +1,4 @@ -package client +package graphcustom import ( "context" @@ -8,11 +8,11 @@ import ( s "github.com/microsoft/kiota-abstractions-go/serialization" ) -// CustomPostRequestConfig contains the configuration for a custom POST request -type CustomPostRequestConfig struct { +// PostRequestConfig contains the configuration for a custom POST request +type PostRequestConfig struct { // The API version to use (beta or v1.0) APIVersion GraphAPIVersion - // The base endpoint (e.g., "deviceManagement/configurationPolicies") + // The base endpoint (e.g., "/deviceManagement/configurationPolicies") Endpoint string // The request body RequestBody s.Parsable @@ -20,14 +20,14 @@ type CustomPostRequestConfig struct { QueryParameters map[string]string } -// SendCustomPostRequest performs a custom POST request using the Microsoft Graph SDK when the operation +// PostRequest performs a custom POST request using the Microsoft Graph SDK when the operation // is not available in the generated SDK methods. This function supports both Beta and V1.0 Graph API versions // and returns the parsed response model. // // Parameters: // - ctx: The context for the request, which can be used for cancellation and timeout // - adapter: The RequestAdapter interface for making HTTP requests -// - config: CustomPostRequestConfig containing: +// - config: PostRequestConfig containing: // - APIVersion: The Graph API version to use (Beta or V1.0) // - Endpoint: The resource endpoint path // - RequestBody: The body of the POST request implementing serialization.Parsable @@ -38,10 +38,10 @@ type CustomPostRequestConfig struct { // Returns: // - s.Parsable: The parsed response model // - error: Any error that occurred during the request -func SendCustomPostRequest( +func PostRequest( ctx context.Context, adapter abstractions.RequestAdapter, - config CustomPostRequestConfig, + config PostRequestConfig, factory s.ParsableFactory, errorMappings abstractions.ErrorMappings, ) (s.Parsable, error) { @@ -68,22 +68,22 @@ func SendCustomPostRequest( // Send the request using the adapter's Send method result, err := adapter.Send(ctx, requestInfo, factory, errorMappings) if err != nil { - return nil, fmt.Errorf("error sending request: %v", err) + return nil, err } return result, nil } -// SendCustomPostRequestNoContent performs a custom POST request that doesn't expect a response body. +// PostRequestNoContent performs a custom POST request that doesn't expect a response body. // This is useful for operations that return 204 No Content. // -// Parameters are the same as SendCustomPostRequest except it doesn't take a responseModel parameter +// Parameters are the same as PostRequest except it doesn't take a responseModel parameter // and uses the SendNoContent method of the adapter. // // Returns: // - error: Returns nil if the request was successful (204 No Content received), // otherwise returns an error describing what went wrong -func SendCustomPostRequestNoContent(ctx context.Context, adapter abstractions.RequestAdapter, config CustomPostRequestConfig) error { +func PostRequestNoContent(ctx context.Context, adapter abstractions.RequestAdapter, config PostRequestConfig) error { requestInfo := abstractions.NewRequestInformation() requestInfo.Method = abstractions.POST requestInfo.UrlTemplate = "{+baseurl}/" + config.Endpoint @@ -106,7 +106,7 @@ func SendCustomPostRequestNoContent(ctx context.Context, adapter abstractions.Re // Use SendNoContent for requests that don't return a response body err = adapter.SendNoContent(ctx, requestInfo, nil) if err != nil { - return fmt.Errorf("error sending post request: %v", err) + return err } return nil diff --git a/internal/client/custom_put_request.go b/internal/client/graphcustom/put_request.go similarity index 79% rename from internal/client/custom_put_request.go rename to internal/client/graphcustom/put_request.go index 1f9fcc57..a24af713 100644 --- a/internal/client/custom_put_request.go +++ b/internal/client/graphcustom/put_request.go @@ -1,4 +1,4 @@ -package client +package graphcustom import ( "context" @@ -16,11 +16,11 @@ const ( GraphAPIV1 GraphAPIVersion = "v1.0" ) -// CustomPutRequestConfig contains the configuration for a custom PUT request -type CustomPutRequestConfig struct { +// PutRequestConfig contains the configuration for a custom PUT request +type PutRequestConfig struct { // The API version to use (beta or v1.0) APIVersion GraphAPIVersion - // The base endpoint (e.g., "deviceManagement/configurationPolicies") + // The base endpoint (e.g., "/deviceManagement/configurationPolicies") Endpoint string // The ID of the resource ResourceID string @@ -28,7 +28,12 @@ type CustomPutRequestConfig struct { RequestBody s.Parsable } -// SendCustomPutRequestByResourceId performs a custom PUT request using the Microsoft Graph SDK when the operation +type PutResponse struct { + StatusCode int + Error error +} + +// PutRequestByResourceId performs a custom PUT request using the Microsoft Graph SDK when the operation // is not available in the generated SDK methods. This function supports both Beta and V1.0 Graph API versions // and expects a 204 No Content response from the server on success. // @@ -61,11 +66,11 @@ type CustomPutRequestConfig struct { // ResourceID: "d557c813-b8e5-4efc-b00e-9c0bd5fd10df", // RequestBody: myRequestBody, // } -// err := SendCustomPutRequestByResourceId(ctx, clients, config) -func SendCustomPutRequestByResourceId(ctx context.Context, adapter abstractions.RequestAdapter, config CustomPutRequestConfig) error { +// err := PutRequestByResourceId(ctx, clients, config) +func PutRequestByResourceId(ctx context.Context, adapter abstractions.RequestAdapter, config PutRequestConfig) error { requestInfo := abstractions.NewRequestInformation() requestInfo.Method = abstractions.PUT - requestInfo.UrlTemplate = "{+baseurl}/" + config.Endpoint + "('{id}')" + requestInfo.UrlTemplate = "{+baseurl}" + config.Endpoint + "('{id}')" requestInfo.PathParameters = map[string]string{ "baseurl": fmt.Sprintf("https://graph.microsoft.com/%s", config.APIVersion), "id": config.ResourceID, @@ -78,7 +83,7 @@ func SendCustomPutRequestByResourceId(ctx context.Context, adapter abstractions. err = adapter.SendNoContent(ctx, requestInfo, nil) if err != nil { - return fmt.Errorf("error sending request: %v", err) + return err } return nil diff --git a/internal/client/graphcustom/url_templates.go b/internal/client/graphcustom/url_templates.go new file mode 100644 index 00000000..aa2c6a5d --- /dev/null +++ b/internal/client/graphcustom/url_templates.go @@ -0,0 +1,27 @@ +package graphcustom + +import "strings" + +// ByIDRequestUrlTemplate constructs a URL template for a single resource request using the provided configuration. +// The function combines the endpoint path with a resource ID and optional suffix to create a complete URL template. +// For example, if the config contains: +// - Endpoint: "/deviceManagement/configurationPolicies" +// - ResourceIDPattern: "('id')" +// - ResourceID: "12345" +// - EndpointSuffix: "/settings" +// +// The resulting template would be: "{+baseurl}/deviceManagement/configurationPolicies('12345')/settings" +// +// Parameters: +// - reqConfig: GetRequestConfig containing the endpoint path, resource ID pattern, actual ID, and optional suffix +// +// Returns: +// - string: The constructed URL template ready for use with the Kiota request adapter +func ByIDRequestUrlTemplate(reqConfig GetRequestConfig) string { + idFormat := strings.ReplaceAll(reqConfig.ResourceIDPattern, "id", reqConfig.ResourceID) + endpoint := reqConfig.Endpoint + idFormat + if reqConfig.EndpointSuffix != "" { + endpoint += reqConfig.EndpointSuffix + } + return "{+baseurl}" + endpoint +} diff --git a/internal/client/graphcustom/url_templates_test.go b/internal/client/graphcustom/url_templates_test.go new file mode 100644 index 00000000..5fa9c4f5 --- /dev/null +++ b/internal/client/graphcustom/url_templates_test.go @@ -0,0 +1,117 @@ +package graphcustom + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestByIDRequestUrlTemplate(t *testing.T) { + tests := []struct { + name string + config GetRequestConfig + expected string + }{ + { + name: "basic endpoint with ID pattern", + config: GetRequestConfig{ + Endpoint: "/deviceManagement/configurationPolicies", + ResourceIDPattern: "('id')", + ResourceID: "12345", + }, + expected: "{+baseurl}/deviceManagement/configurationPolicies('12345')", + }, + { + name: "endpoint with ID pattern and suffix", + config: GetRequestConfig{ + Endpoint: "/deviceManagement/configurationPolicies", + ResourceIDPattern: "('id')", + ResourceID: "12345", + EndpointSuffix: "/settings", + }, + expected: "{+baseurl}/deviceManagement/configurationPolicies('12345')/settings", + }, + { + name: "endpoint without leading slash", + config: GetRequestConfig{ + Endpoint: "deviceManagement/configurationPolicies", + ResourceIDPattern: "('id')", + ResourceID: "12345", + }, + expected: "{+baseurl}deviceManagement/configurationPolicies('12345')", + }, + { + name: "endpoint with different ID pattern format", + config: GetRequestConfig{ + Endpoint: "/users", + ResourceIDPattern: "(id)", + ResourceID: "user@contoso.com", + }, + expected: "{+baseurl}/users(user@contoso.com)", + }, + { + name: "complex ID with special characters", + config: GetRequestConfig{ + Endpoint: "/deviceManagement/configurationPolicies", + ResourceIDPattern: "('id')", + ResourceID: "12345-67890-abcdef", + }, + expected: "{+baseurl}/deviceManagement/configurationPolicies('12345-67890-abcdef')", + }, + { + name: "endpoint with multiple path segments and suffix", + config: GetRequestConfig{ + Endpoint: "/users/mailFolders/messages", + ResourceIDPattern: "('id')", + ResourceID: "ABC123", + EndpointSuffix: "/attachments", + }, + expected: "{+baseurl}/users/mailFolders/messages('ABC123')/attachments", + }, + { + name: "empty suffix", + config: GetRequestConfig{ + Endpoint: "/deviceManagement/configurationPolicies", + ResourceIDPattern: "('id')", + ResourceID: "12345", + EndpointSuffix: "", + }, + expected: "{+baseurl}/deviceManagement/configurationPolicies('12345')", + }, + { + name: "suffix without leading slash", + config: GetRequestConfig{ + Endpoint: "/deviceManagement/configurationPolicies", + ResourceIDPattern: "('id')", + ResourceID: "12345", + EndpointSuffix: "settings", + }, + expected: "{+baseurl}/deviceManagement/configurationPolicies('12345')settings", + }, + { + name: "GUID in resource ID", + config: GetRequestConfig{ + Endpoint: "/deviceManagement/configurationPolicies", + ResourceIDPattern: "('id')", + ResourceID: "d557c813-b8e5-4efc-b00e-9c0bd5fd10df", + }, + expected: "{+baseurl}/deviceManagement/configurationPolicies('d557c813-b8e5-4efc-b00e-9c0bd5fd10df')", + }, + { + name: "empty resource ID", + config: GetRequestConfig{ + Endpoint: "/deviceManagement/configurationPolicies", + ResourceIDPattern: "('id')", + ResourceID: "", + }, + expected: "{+baseurl}/deviceManagement/configurationPolicies('')", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := ByIDRequestUrlTemplate(tt.config) + assert.Equal(t, tt.expected, result, "URL template should match expected value") + }) + } +} diff --git a/internal/datasources/device_and_app_management/beta/assignment_filter/read.go b/internal/datasources/device_and_app_management/beta/assignment_filter/read.go index 22711270..e0a66da6 100644 --- a/internal/datasources/device_and_app_management/beta/assignment_filter/read.go +++ b/internal/datasources/device_and_app_management/beta/assignment_filter/read.go @@ -12,6 +12,7 @@ import ( betamodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models" ) +// Read handles the Read operation for the AssignmentFilterDataSource. func (d *AssignmentFilterDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { var state resource.AssignmentFilterResourceModel resp.Diagnostics.Append(req.Config.Get(ctx, &state)...) @@ -19,7 +20,7 @@ func (d *AssignmentFilterDataSource) Read(ctx context.Context, req datasource.Re return } - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, resource.ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/datasources/device_and_app_management/beta/windows_platform_script/read.go b/internal/datasources/device_and_app_management/beta/windows_platform_script/read.go index 10237cea..af348baf 100644 --- a/internal/datasources/device_and_app_management/beta/windows_platform_script/read.go +++ b/internal/datasources/device_and_app_management/beta/windows_platform_script/read.go @@ -17,6 +17,7 @@ var ( object resource.WindowsPlatformScriptResourceModel ) +// Read handles the Read operation for the WindowsPlatformScriptDataSource. func (d *WindowsPlatformScriptDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { tflog.Debug(ctx, fmt.Sprintf("Starting Read method for: %s_%s", d.ProviderTypeName, d.TypeName)) @@ -28,7 +29,7 @@ func (d *WindowsPlatformScriptDataSource) Read(ctx context.Context, req datasour tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", d.ProviderTypeName, d.TypeName, object.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Read, resource.ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/datasources/device_and_app_management/v1.0/cloud_pc_device_image/read.go b/internal/datasources/device_and_app_management/v1.0/cloud_pc_device_image/read.go index 80214ff2..bb61d315 100644 --- a/internal/datasources/device_and_app_management/v1.0/cloud_pc_device_image/read.go +++ b/internal/datasources/device_and_app_management/v1.0/cloud_pc_device_image/read.go @@ -12,6 +12,7 @@ import ( models "github.com/microsoftgraph/msgraph-sdk-go/models" ) +// Read handles the Read operation for the CloudPcDeviceImageDataSource. func (d *CloudPcDeviceImageDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { var state resource.CloudPcDeviceImageResourceModel resp.Diagnostics.Append(req.Config.Get(ctx, &state)...) @@ -19,7 +20,7 @@ func (d *CloudPcDeviceImageDataSource) Read(ctx context.Context, req datasource. return } - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, resource.ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -27,7 +28,10 @@ func (d *CloudPcDeviceImageDataSource) Read(ctx context.Context, req datasource. tflog.Debug(ctx, fmt.Sprintf("Reading assignment filter with display name: %s", state.DisplayName.ValueString())) - filters := d.client.DeviceManagement().VirtualEndpoint().DeviceImages() + filters := d.client. + DeviceManagement(). + VirtualEndpoint(). + DeviceImages() result, err := filters.Get(ctx, nil) if err != nil { resp.Diagnostics.AddError( diff --git a/internal/provider/client_credential_factory.go b/internal/provider/client_credential_factory.go index 5004dd12..415e7f3d 100644 --- a/internal/provider/client_credential_factory.go +++ b/internal/provider/client_credential_factory.go @@ -38,7 +38,9 @@ func CredentialFactory(authMethod string) (CredentialStrategy, error) { } } -// obtainCredential is now a wrapper that uses the CredentialFactory and CredentialStrategy +// obtainCredential performs the necessary steps to obtain a TokenCredential based on the provider configuration. +// It uses the CredentialFactory and CredentialStrategy to create the appropriate credential type based on the authentication method +// defined within the provider configuraton. func obtainCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error) { tflog.Info(ctx, "Obtaining credential", map[string]interface{}{ "auth_method": config.AuthMethod.ValueString(), @@ -66,7 +68,7 @@ type CredentialStrategy interface { GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error) } -// ClientSecretStrategy implements CredentialStrategy for client secret authentication +// ClientSecretStrategy implements the credential strategy for client secret authentication type ClientSecretStrategy struct{} func (s *ClientSecretStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error) { @@ -87,7 +89,7 @@ func (s *ClientSecretStrategy) GetCredential(ctx context.Context, config *M365Pr }) } -// ClientCertificateStrategy implements CredentialStrategy for client certificate authentication +// ClientCertificateStrategy implements the credential strategy for client certificate authentication type ClientCertificateStrategy struct{} func (s *ClientCertificateStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error) { @@ -129,7 +131,7 @@ func (s *ClientCertificateStrategy) GetCredential(ctx context.Context, config *M }) } -// UsernamePasswordStrategy implements CredentialStrategy for username/password authentication +// UsernamePasswordStrategy implements the credential strategy for username/password authentication type UsernamePasswordStrategy struct{} func (s *UsernamePasswordStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error) { @@ -152,7 +154,7 @@ func (s *UsernamePasswordStrategy) GetCredential(ctx context.Context, config *M3 }) } -// DeviceCodeStrategy implements CredentialStrategy for device code authentication +// DeviceCodeStrategy implements the credential strategy for device code authentication type DeviceCodeStrategy struct{} func (s *DeviceCodeStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error) { @@ -178,7 +180,7 @@ func (s *DeviceCodeStrategy) GetCredential(ctx context.Context, config *M365Prov }) } -// InteractiveBrowserStrategy implements CredentialStrategy for interactive browser authentication +// InteractiveBrowserStrategy implements the credential strategy for interactive browser authentication type InteractiveBrowserStrategy struct{} func (s *InteractiveBrowserStrategy) GetCredential(ctx context.Context, config *M365ProviderModel, clientOptions policy.ClientOptions) (azcore.TokenCredential, error) { diff --git a/internal/resources/_resource_template/crud.go b/internal/resources/_resource_template/crud.go index c5ee6ade..19657ef0 100644 --- a/internal/resources/_resource_template/crud.go +++ b/internal/resources/_resource_template/crud.go @@ -30,7 +30,7 @@ func (r *ResourceTemplateResource) Create(ctx context.Context, req resource.Crea return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -80,7 +80,7 @@ func (r *ResourceTemplateResource) Read(ctx context.Context, req resource.ReadRe tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -118,7 +118,7 @@ func (r *ResourceTemplateResource) Update(ctx context.Context, req resource.Upda return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -163,7 +163,7 @@ func (r *ResourceTemplateResource) Delete(ctx context.Context, req resource.Dele return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/common/errors/error_handling.go b/internal/resources/common/errors/error_handling.go index f59df15d..a55a8a6f 100644 --- a/internal/resources/common/errors/error_handling.go +++ b/internal/resources/common/errors/error_handling.go @@ -26,6 +26,7 @@ type GraphErrorInfo struct { AdditionalData map[string]interface{} Headers *abstractions.ResponseHeaders RequestDetails string + RetryAfter string } // standardErrorDescriptions provides consistent error messaging across the provider @@ -85,6 +86,9 @@ func HandleGraphError(ctx context.Context, err error, resp interface{}, operatio case 401, 403: handlePermissionError(ctx, errorInfo, resp, operation, requiredPermissions) + case 429: + handleRateLimitError(ctx, errorInfo, resp) + default: // Handle all other cases addErrorToDiagnostics(ctx, resp, errorDesc.Summary, @@ -216,6 +220,27 @@ func handlePermissionError(ctx context.Context, errorInfo GraphErrorInfo, resp i addErrorToDiagnostics(ctx, resp, errorDesc.Summary, detail) } +// handleRateLimitError processes rate limit errors and adds retry information to the error message +func handleRateLimitError(ctx context.Context, errorInfo GraphErrorInfo, resp interface{}) GraphErrorInfo { + if headers := errorInfo.Headers; headers != nil { + retryValues := headers.Get("Retry-After") + if len(retryValues) > 0 { + errorInfo.RetryAfter = retryValues[0] + } + } + + tflog.Warn(ctx, "Rate limit exceeded", map[string]interface{}{ + "retry_after": errorInfo.RetryAfter, + "details": errorInfo.ErrorMessage, + }) + + errorDesc := getErrorDescription(429) + detail := constructErrorDetail(errorDesc.Detail, errorInfo.ErrorMessage) + addErrorToDiagnostics(ctx, resp, errorDesc.Summary, detail) + + return errorInfo +} + // addErrorToDiagnostics adds an error to the response diagnostics func addErrorToDiagnostics(ctx context.Context, resp interface{}, summary, detail string) { switch r := resp.(type) { diff --git a/internal/resources/common/normalize/settings_catalog.go b/internal/resources/common/normalize/settings_catalog.go new file mode 100644 index 00000000..434becdf --- /dev/null +++ b/internal/resources/common/normalize/settings_catalog.go @@ -0,0 +1,56 @@ +package normalize + +import ( + "fmt" + "reflect" +) + +// PreserveSecretSettings recursively searches through settings catalog HCL JSON structure for secret settings +// and preserves the value and valueState from the config settings. This is performed recursively throughout the JSON +// settings catalog and It returns an error if any unexpected data types or mismatches are encountered. +func PreserveSecretSettings(config, resp interface{}) error { + switch configV := config.(type) { + case map[string]interface{}: + respV, ok := resp.(map[string]interface{}) + if !ok { + return fmt.Errorf("expected map[string]interface{} in response, got %s", reflect.TypeOf(resp)) + } + + if odataType, ok := configV["@odata.type"].(string); ok && + odataType == "#microsoft.graph.deviceManagementConfigurationSecretSettingValue" { + if value, ok := configV["value"]; ok { + respV["value"] = value + } + if valueState, ok := configV["valueState"]; ok { + respV["valueState"] = valueState + } + return nil + } + + for k, v := range configV { + if respChild, ok := respV[k]; ok { + if err := PreserveSecretSettings(v, respChild); err != nil { + return fmt.Errorf("error in key %q: %w", k, err) + } + } + } + + case []interface{}: + respV, ok := resp.([]interface{}) + if !ok { + return fmt.Errorf("expected []interface{} in response, got %s", reflect.TypeOf(resp)) + } + for i := range configV { + if i < len(respV) { + if err := PreserveSecretSettings(configV[i], respV[i]); err != nil { + return fmt.Errorf("error in array index %d: %w", i, err) + } + } + } + + default: + return fmt.Errorf("unsupported type: %s", reflect.TypeOf(config)) + } + + return nil +} diff --git a/internal/resources/common/retry/retry_assignments.go b/internal/resources/common/retry/retry_assignments.go new file mode 100644 index 00000000..3eb20459 --- /dev/null +++ b/internal/resources/common/retry/retry_assignments.go @@ -0,0 +1,97 @@ +// REF: https://learn.microsoft.com/en-us/graph/throttling-limits#assignment-service-limits + +package retry + +import ( + "context" + "time" + + "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/errors" + "github.com/hashicorp/terraform-plugin-log/tflog" + "golang.org/x/exp/rand" +) + +// RetryableAssignmentOperation executes an assignment operation with specific rate limiting +func RetryableAssignmentOperation(ctx context.Context, operation string, fn func() error) error { + var attempt int + r := rand.New(rand.NewSource(uint64(time.Now().UnixNano()))) + + const ( + tenSecondLimit = 500 // requests per 10 seconds per app per tenant + hourlyLimit = 15000 // requests per hour per app per tenant + maxBackoff = 10 * time.Second + baseDelay = 3 * time.Second + ) + + for { + err := fn() + if err == nil { + return nil + } + + graphError := errors.GraphError(ctx, err) + if graphError.StatusCode != 429 { + return err + } + + // Parse throttle scope if available + var throttleScope ThrottleScope + if scope := graphError.Headers.Get("x-ms-throttle-scope"); len(scope) > 0 { + throttleScope = parseThrottleScope(scope[0]) + } + + // Get throttle information + var throttleInfo string + if info := graphError.Headers.Get("x-ms-throttle-information"); len(info) > 0 { + throttleInfo = info[0] + } + + // Use Retry-After if provided, otherwise use exponential backoff + var backoffDelay time.Duration + if graphError.RetryAfter != "" { + if seconds, err := time.ParseDuration(graphError.RetryAfter + "s"); err == nil { + backoffDelay = seconds + } + } + + if backoffDelay == 0 { + backoffDelay = baseDelay * time.Duration(1< maxBackoff { + backoffDelay = maxBackoff + } + } + + // Add jitter: randomly between 50-100% of calculated delay + jitterDelay := backoffDelay/2 + time.Duration(r.Int63n(int64(backoffDelay/2))) + attempt++ + + logDetails := map[string]interface{}{ + "operation": operation, + "attempt": attempt, + "delay_seconds": jitterDelay.Seconds(), + "status_code": graphError.StatusCode, + "rate_limit_10s": tenSecondLimit, + "rate_limit_1h": hourlyLimit, + } + + if throttleInfo != "" { + logDetails["throttle_reason"] = throttleInfo + } + if throttleScope != (ThrottleScope{}) { + logDetails["throttle_scope"] = throttleScope.Scope + logDetails["throttle_limit"] = throttleScope.Limit + } + + tflog.Info(ctx, "Microsoft Graph assignment rate limit encountered", logDetails) + + timer := time.NewTimer(jitterDelay) + defer timer.Stop() + + select { + case <-ctx.Done(): + return ctx.Err() + case <-timer.C: + continue + } + } +} diff --git a/internal/resources/common/retry/retry_global.go b/internal/resources/common/retry/retry_global.go new file mode 100644 index 00000000..9c348ceb --- /dev/null +++ b/internal/resources/common/retry/retry_global.go @@ -0,0 +1,114 @@ +// REF: https://learn.microsoft.com/en-us/graph/throttling + +package retry + +import ( + "context" + "strings" + "time" + + "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/errors" + "github.com/hashicorp/terraform-plugin-log/tflog" + "golang.org/x/exp/rand" +) + +// ThrottleScope represents the scope of throttling from x-ms-throttle-scope header +type ThrottleScope struct { + Scope string + Limit string + ApplicationID string + ResourceID string +} + +// parseThrottleScope parses the x-ms-throttle-scope header +func parseThrottleScope(scope string) ThrottleScope { + parts := strings.Split(scope, "/") + if len(parts) != 4 { + return ThrottleScope{} + } + return ThrottleScope{ + Scope: parts[0], + Limit: parts[1], + ApplicationID: parts[2], + ResourceID: parts[3], + } +} + +// RetryableOperation executes an operation with automatic retry on rate limit errors +func RetryableOperation(ctx context.Context, operation string, fn func() error) error { + var attempt int + r := rand.New(rand.NewSource(uint64(time.Now().UnixNano()))) + + for { + err := fn() + if err == nil { + return nil + } + + graphError := errors.GraphError(ctx, err) + if graphError.StatusCode != 429 { + return err + } + + // Parse throttle scope if available + var throttleScope ThrottleScope + if scope := graphError.Headers.Get("x-ms-throttle-scope"); len(scope) > 0 { + throttleScope = parseThrottleScope(scope[0]) + } + + // Get throttle information + var throttleInfo string + if info := graphError.Headers.Get("x-ms-throttle-information"); len(info) > 0 { + throttleInfo = info[0] + } + + const maxBackoff = 10 * time.Second + baseDelay := 2 * time.Second + + // Use Retry-After if provided, otherwise use exponential backoff + var backoffDelay time.Duration + if graphError.RetryAfter != "" { + if seconds, err := time.ParseDuration(graphError.RetryAfter + "s"); err == nil { + backoffDelay = seconds + } + } + + if backoffDelay == 0 { + backoffDelay = baseDelay * time.Duration(1< maxBackoff { + backoffDelay = maxBackoff + } + } + + // Add jitter: randomly between 50-100% of calculated delay + jitterDelay := backoffDelay/2 + time.Duration(r.Int63n(int64(backoffDelay/2))) + attempt++ + + logDetails := map[string]interface{}{ + "operation": operation, + "attempt": attempt, + "delay_seconds": jitterDelay.Seconds(), + "status_code": graphError.StatusCode, + } + + if throttleInfo != "" { + logDetails["throttle_reason"] = throttleInfo + } + if throttleScope != (ThrottleScope{}) { + logDetails["throttle_scope"] = throttleScope.Scope + logDetails["throttle_limit"] = throttleScope.Limit + } + + tflog.Info(ctx, "Microsoft Graph rate limit encountered", logDetails) + + timer := time.NewTimer(jitterDelay) + defer timer.Stop() + + select { + case <-ctx.Done(): + return ctx.Err() + case <-timer.C: + continue + } + } +} diff --git a/internal/resources/common/retry/retry_intune.go b/internal/resources/common/retry/retry_intune.go new file mode 100644 index 00000000..5d425f3f --- /dev/null +++ b/internal/resources/common/retry/retry_intune.go @@ -0,0 +1,121 @@ +// REF: https://learn.microsoft.com/en-us/graph/throttling-limits#intune-service-limits + +package retry + +import ( + "context" + "time" + + "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/errors" + "github.com/hashicorp/terraform-plugin-log/tflog" + "golang.org/x/exp/rand" +) + +// IntuneOperationType defines the type of Intune operation +type IntuneOperationType string + +const ( + IntuneWrite IntuneOperationType = "Write" // POST, PUT, DELETE, PATCH + IntuneRead IntuneOperationType = "Read" // GET and others +) + +// RetryableIntuneOperation executes an Intune operation with specific rate limiting +func RetryableIntuneOperation(ctx context.Context, operation string, opType IntuneOperationType, fn func() error) error { + var attempt int + r := rand.New(rand.NewSource(uint64(time.Now().UnixNano()))) + + const ( + // Write operations (POST, PUT, DELETE, PATCH) + writePerAppLimit = 100 // requests per 20 seconds + writeTenantLimit = 200 // requests per 20 seconds + + // General operations + generalPerAppLimit = 1000 // requests per 20 seconds + generalTenantLimit = 2000 // requests per 20 seconds + + maxBackoff = 10 * time.Second + baseDelay = 2 * time.Second + ) + + for { + err := fn() + if err == nil { + return nil + } + + graphError := errors.GraphError(ctx, err) + if graphError.StatusCode != 429 { + return err + } + + // Parse throttle scope if available + var throttleScope ThrottleScope + if scope := graphError.Headers.Get("x-ms-throttle-scope"); len(scope) > 0 { + throttleScope = parseThrottleScope(scope[0]) + } + + // Get throttle information + var throttleInfo string + if info := graphError.Headers.Get("x-ms-throttle-information"); len(info) > 0 { + throttleInfo = info[0] + } + + // Use Retry-After if provided, otherwise use exponential backoff + var backoffDelay time.Duration + if graphError.RetryAfter != "" { + if seconds, err := time.ParseDuration(graphError.RetryAfter + "s"); err == nil { + backoffDelay = seconds + } + } + + if backoffDelay == 0 { + backoffDelay = baseDelay * time.Duration(1< maxBackoff { + backoffDelay = maxBackoff + } + } + + // Add jitter: randomly between 50-100% of calculated delay + jitterDelay := backoffDelay/2 + time.Duration(r.Int63n(int64(backoffDelay/2))) + attempt++ + + // Enhanced logging with rate limit context + logDetails := map[string]interface{}{ + "operation": operation, + "attempt": attempt, + "delay_seconds": jitterDelay.Seconds(), + "status_code": graphError.StatusCode, + "operation_type": string(opType), + } + + if opType == IntuneWrite { + logDetails["rate_limit_per_app"] = writePerAppLimit + logDetails["rate_limit_tenant"] = writeTenantLimit + logDetails["window_seconds"] = 20 + } else { + logDetails["rate_limit_per_app"] = generalPerAppLimit + logDetails["rate_limit_tenant"] = generalTenantLimit + logDetails["window_seconds"] = 20 + } + + if throttleInfo != "" { + logDetails["throttle_reason"] = throttleInfo + } + if throttleScope != (ThrottleScope{}) { + logDetails["throttle_scope"] = throttleScope.Scope + logDetails["throttle_limit"] = throttleScope.Limit + } + + tflog.Info(ctx, "Intune service rate limit encountered", logDetails) + + timer := time.NewTimer(jitterDelay) + defer timer.Stop() + + select { + case <-ctx.Done(): + return ctx.Err() + case <-timer.C: + continue + } + } +} diff --git a/internal/resources/device_and_app_management/beta/assignment_filter/crud.go b/internal/resources/device_and_app_management/beta/assignment_filter/crud.go index 0f3308db..f6428bfc 100644 --- a/internal/resources/device_and_app_management/beta/assignment_filter/crud.go +++ b/internal/resources/device_and_app_management/beta/assignment_filter/crud.go @@ -23,7 +23,7 @@ func (r *AssignmentFilterResource) Create(ctx context.Context, req resource.Crea return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -73,7 +73,7 @@ func (r *AssignmentFilterResource) Read(ctx context.Context, req resource.ReadRe tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -111,7 +111,7 @@ func (r *AssignmentFilterResource) Update(ctx context.Context, req resource.Upda return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -156,7 +156,7 @@ func (r *AssignmentFilterResource) Delete(ctx context.Context, req resource.Dele return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/device_and_app_management/beta/assignment_filter/resource.go b/internal/resources/device_and_app_management/beta/assignment_filter/resource.go index 3c5aeb0d..92b4e487 100644 --- a/internal/resources/device_and_app_management/beta/assignment_filter/resource.go +++ b/internal/resources/device_and_app_management/beta/assignment_filter/resource.go @@ -18,7 +18,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_assignment_filter" + ResourceName = "graph_beta_device_and_app_management_assignment_filter" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/beta/browser_site/crud.go b/internal/resources/device_and_app_management/beta/browser_site/crud.go index 8a483eb7..cb44dee3 100644 --- a/internal/resources/device_and_app_management/beta/browser_site/crud.go +++ b/internal/resources/device_and_app_management/beta/browser_site/crud.go @@ -23,7 +23,7 @@ func (r *BrowserSiteResource) Create(ctx context.Context, req resource.CreateReq return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -84,7 +84,7 @@ func (r *BrowserSiteResource) Read(ctx context.Context, req resource.ReadRequest tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -128,7 +128,7 @@ func (r *BrowserSiteResource) Update(ctx context.Context, req resource.UpdateReq return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -179,7 +179,7 @@ func (r *BrowserSiteResource) Delete(ctx context.Context, req resource.DeleteReq return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/device_and_app_management/beta/browser_site/resource.go b/internal/resources/device_and_app_management/beta/browser_site/resource.go index 7d23dba5..adc876f1 100644 --- a/internal/resources/device_and_app_management/beta/browser_site/resource.go +++ b/internal/resources/device_and_app_management/beta/browser_site/resource.go @@ -15,7 +15,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_browser_site" + ResourceName = "graph_beta_device_and_app_management_browser_site" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/beta/browser_site_list/crud.go b/internal/resources/device_and_app_management/beta/browser_site_list/crud.go index 8c926d4c..b10320c0 100644 --- a/internal/resources/device_and_app_management/beta/browser_site_list/crud.go +++ b/internal/resources/device_and_app_management/beta/browser_site_list/crud.go @@ -23,7 +23,7 @@ func (r *BrowserSiteListResource) Create(ctx context.Context, req resource.Creat return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -74,7 +74,7 @@ func (r *BrowserSiteListResource) Read(ctx context.Context, req resource.ReadReq tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -114,7 +114,7 @@ func (r *BrowserSiteListResource) Update(ctx context.Context, req resource.Updat return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -161,7 +161,7 @@ func (r *BrowserSiteListResource) Delete(ctx context.Context, req resource.Delet return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/device_and_app_management/beta/browser_site_list/resource.go b/internal/resources/device_and_app_management/beta/browser_site_list/resource.go index 5d49a7d6..1616d3d4 100644 --- a/internal/resources/device_and_app_management/beta/browser_site_list/resource.go +++ b/internal/resources/device_and_app_management/beta/browser_site_list/resource.go @@ -17,7 +17,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_browser_site_list" + ResourceName = "graph_beta_device_and_app_management_browser_site_list" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/beta/endpoint_privilege_management/crud.go b/internal/resources/device_and_app_management/beta/endpoint_privilege_management/crud.go index 9404b253..17e72cdd 100644 --- a/internal/resources/device_and_app_management/beta/endpoint_privilege_management/crud.go +++ b/internal/resources/device_and_app_management/beta/endpoint_privilege_management/crud.go @@ -6,13 +6,12 @@ import ( "sync" "time" - "github.com/deploymenttheory/terraform-provider-microsoft365/internal/client" + "github.com/deploymenttheory/terraform-provider-microsoft365/internal/client/graphcustom" "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/crud" "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/errors" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" - msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go/devicemanagement" ) var ( @@ -23,17 +22,18 @@ var ( object EndpointPrivilegeManagementResourceModel ) -// Create handles the Create operation for Endpoint Privilege Management resources. +// Create handles the Create operation for Settings Catalog resources. // // - Retrieves the planned configuration from the create request // - Constructs the resource request body from the plan // - Sends POST request to create the base resource and settings // - Captures the new resource ID from the response // - Constructs and sends assignment configuration if specified -// - Maps the created resource state to Terraform -// - Updates the final state with all resource data +// - Sets initial state with planned values +// - Calls Read operation to fetch the latest state from the API +// - Updates the final state with the fresh data from the API // -// The function ensures that both the Endpoint Privilege Management profile and its assignments +// The function ensures that both the settings catalog profile and its assignments // (if specified) are created properly. The settings must be defined during creation // as they are required for a successful deployment, while assignments are optional. func (r *EndpointPrivilegeManagementResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { @@ -98,60 +98,30 @@ func (r *EndpointPrivilegeManagementResource) Create(ctx context.Context, req re } } - respResource, err := r.client. - DeviceManagement(). - ConfigurationPolicies(). - ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - Get(context.Background(), nil) - - if err != nil { - errors.HandleGraphError(ctx, err, resp, "Create", r.WritePermissions) - return - } - MapRemoteResourceStateToTerraform(ctx, &object, respResource) - - respSettings, err := r.client. - DeviceManagement(). - ConfigurationPolicies(). - ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - Settings(). - Get(context.Background(), &msgraphsdk.ConfigurationPoliciesItemSettingsRequestBuilderGetRequestConfiguration{ - QueryParameters: &msgraphsdk.ConfigurationPoliciesItemSettingsRequestBuilderGetQueryParameters{ - Expand: []string{""}, - }, - }) - - if err != nil { - errors.HandleGraphError(ctx, err, resp, "Create - Settings Fetch", r.ReadPermissions) + resp.Diagnostics.Append(resp.State.Set(ctx, &object)...) + if resp.Diagnostics.HasError() { return } - settingsList := respSettings.GetValue() - MapRemoteSettingsStateToTerraform(ctx, &object, settingsList) - - respAssignments, err := r.client. - DeviceManagement(). - ConfigurationPolicies(). - ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - Assignments(). - Get(context.Background(), nil) - - if err != nil { - errors.HandleGraphError(ctx, err, resp, "Create - Assignments Fetch", r.ReadPermissions) - return + readResp := &resource.ReadResponse{ + State: resp.State, } + r.Read(ctx, resource.ReadRequest{ + State: resp.State, + ProviderMeta: req.ProviderMeta, + }, readResp) - MapRemoteAssignmentStateToTerraform(ctx, &object, respAssignments) - - resp.Diagnostics.Append(resp.State.Set(ctx, &object)...) + resp.Diagnostics.Append(readResp.Diagnostics...) if resp.Diagnostics.HasError() { return } - tflog.Debug(ctx, fmt.Sprintf("Finished Create Method: %s_%s", r.ProviderTypeName, r.TypeName)) + resp.State = readResp.State + + tflog.Debug(ctx, fmt.Sprintf("Finished Update Method: %s_%s", r.ProviderTypeName, r.TypeName)) } -// Read handles the Read operation for Endpoint Privilege Management resources. +// Read handles the Read operation for Settings Catalog resources. // // - Retrieves the current state from the read request // - Gets the base resource details from the API @@ -160,7 +130,6 @@ func (r *EndpointPrivilegeManagementResource) Create(ctx context.Context, req re // - Maps the settings configuration to Terraform state // - Gets the assignments configuration from the API // - Maps the assignments configuration to Terraform state -// - Updates the final Terraform state with all mapped data // // The function ensures that all components (base resource, settings, and assignments) // are properly read and mapped into the Terraform state, providing a complete view @@ -195,27 +164,29 @@ func (r *EndpointPrivilegeManagementResource) Read(ctx context.Context, req reso MapRemoteResourceStateToTerraform(ctx, &object, respResource) - // Retrieve settings from the response - respSettings, err := r.client. - DeviceManagement(). - ConfigurationPolicies(). - ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - Settings(). - Get(context.Background(), &msgraphsdk.ConfigurationPoliciesItemSettingsRequestBuilderGetRequestConfiguration{ - QueryParameters: &msgraphsdk.ConfigurationPoliciesItemSettingsRequestBuilderGetQueryParameters{ - Expand: []string{""}, // Expand all related settings - }, - }) + settingsConfig := graphcustom.GetRequestConfig{ + APIVersion: graphcustom.GraphAPIBeta, + Endpoint: r.ResourcePath, + EndpointSuffix: "/settings", + ResourceIDPattern: "('id')", + ResourceID: object.ID.ValueString(), + QueryParameters: map[string]string{ + "$expand": "children", + }, + } + + respSettings, err := graphcustom.GetRequestByResourceId( + ctx, + r.client.GetAdapter(), + settingsConfig, + ) if err != nil { - errors.HandleGraphError(ctx, err, resp, "Read", r.ReadPermissions) + errors.HandleGraphError(ctx, err, resp, "Create - Settings Fetch", r.ReadPermissions) return } - // Extract the list of settings from the collection response - settingsList := respSettings.GetValue() - - MapRemoteSettingsStateToTerraform(ctx, &object, settingsList) + MapRemoteSettingsStateToTerraform(ctx, &object, respSettings) respAssignments, err := r.client. DeviceManagement(). @@ -239,7 +210,7 @@ func (r *EndpointPrivilegeManagementResource) Read(ctx context.Context, req reso tflog.Debug(ctx, fmt.Sprintf("Finished Read Method: %s_%s", r.ProviderTypeName, r.TypeName)) } -// Update handles the Update operation for Endpoint Privilege Management resources. +// Update handles the Update operation for Settings Catalog resources. // // - Retrieves the planned changes from the update request // - Constructs the resource request body from the plan @@ -276,14 +247,14 @@ func (r *EndpointPrivilegeManagementResource) Update(ctx context.Context, req re return } - putRequest := client.CustomPutRequestConfig{ - APIVersion: client.GraphAPIBeta, - Endpoint: "deviceManagement/configurationPolicies", + putRequest := graphcustom.PutRequestConfig{ + APIVersion: graphcustom.GraphAPIBeta, + Endpoint: r.ResourcePath, ResourceID: object.ID.ValueString(), RequestBody: requestBody, } - err = client.SendCustomPutRequestByResourceId(ctx, r.client.GetAdapter(), putRequest) + err = graphcustom.PutRequestByResourceId(ctx, r.client.GetAdapter(), putRequest) if err != nil { errors.HandleGraphError(ctx, err, resp, "Update", r.ReadPermissions) return @@ -333,7 +304,7 @@ func (r *EndpointPrivilegeManagementResource) Update(ctx context.Context, req re tflog.Debug(ctx, fmt.Sprintf("Finished Update Method: %s_%s", r.ProviderTypeName, r.TypeName)) } -// Delete handles the Delete operation for Endpoint Privilege Management resources. +// Delete handles the Delete operation for Settings Catalog resources. // // - Retrieves the current state from the delete request // - Validates the state data and timeout configuration diff --git a/internal/resources/device_and_app_management/beta/endpoint_privilege_management/resource.go b/internal/resources/device_and_app_management/beta/endpoint_privilege_management/resource.go index 64e09946..000c717d 100644 --- a/internal/resources/device_and_app_management/beta/endpoint_privilege_management/resource.go +++ b/internal/resources/device_and_app_management/beta/endpoint_privilege_management/resource.go @@ -12,7 +12,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_privilege_management_elevations" + ResourceName = "graph_beta_device_and_app_management_privilege_management_elevations" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/beta/endpoint_privilege_management/state_settings.go b/internal/resources/device_and_app_management/beta/endpoint_privilege_management/state_settings.go index af4a8cb9..b36a1e39 100644 --- a/internal/resources/device_and_app_management/beta/endpoint_privilege_management/state_settings.go +++ b/internal/resources/device_and_app_management/beta/endpoint_privilege_management/state_settings.go @@ -2,18 +2,70 @@ package graphBetaEndpointPrivilegeManagement import ( "context" + "encoding/json" + "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/normalize" + "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" - graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models" ) -func MapRemoteSettingsStateToTerraform(ctx context.Context, data *EndpointPrivilegeManagementResourceModel, remoteSettings []graphmodels.DeviceManagementConfigurationSettingable) { - if remoteSettings == nil { - tflog.Debug(ctx, "Remote settings are nil") +// MapRemoteSettingsStateToTerraform maps the remote settings catalog settings state to the Terraform state +// taking the raw json from a custom GET request, normalizing the content and then stating. The stating logic: +// 1. Parses the original HCL settings to preserve secret values and states +// 2. Parses the raw response and extracts the settings content +// 3. Structures the content under settingsDetails like the PUT request +// 4. Recursively preserves secret setting values and states from the original HCL config +// 5. Converts the structured content to JSON and normalizes it alphabetically +// 6. States the normalized JSON in the Terraform state +func MapRemoteSettingsStateToTerraform(ctx context.Context, data *EndpointPrivilegeManagementResourceModel, resp []byte) { + var configSettings map[string]interface{} + if err := json.Unmarshal([]byte(data.Settings.ValueString()), &configSettings); err != nil { + tflog.Error(ctx, "Failed to unmarshal config settings", map[string]interface{}{"error": err.Error()}) return } - tflog.Debug(ctx, "Starting to map settings state to Terraform state") + var rawResponse map[string]interface{} + if err := json.Unmarshal(resp, &rawResponse); err != nil { + var arrayResponse []interface{} + if err := json.Unmarshal(resp, &arrayResponse); err != nil { + tflog.Error(ctx, "Failed to unmarshal settings response", map[string]interface{}{"error": err.Error()}) + return + } + rawResponse = map[string]interface{}{"value": arrayResponse} + } + + var settingsContent interface{} + if value, ok := rawResponse["value"]; ok { + settingsContent = value + } else if details, ok := rawResponse["settingsDetails"]; ok { + settingsContent = details + } else { + settingsContent = rawResponse + } + + structuredContent := map[string]interface{}{ + "settingsDetails": settingsContent, + } + + if err := normalize.PreserveSecretSettings(configSettings, structuredContent); err != nil { + tflog.Error(ctx, "Error stating settings catalog secret settings from HCL", map[string]interface{}{"error": err.Error()}) + return + } + + jsonBytes, err := json.Marshal(structuredContent) + if err != nil { + tflog.Error(ctx, "Failed to marshal JSON structured content during preparation for normalization", map[string]interface{}{"error": err.Error()}) + return + } + + normalizedJSON, err := normalize.JSONAlphabetically(string(jsonBytes)) + if err != nil { + tflog.Error(ctx, "Failed to normalize settings catalog JSON alphabetically", map[string]interface{}{"error": err.Error()}) + return + } + + tflog.Debug(ctx, "Original settings", map[string]interface{}{"settings": string(resp)}) + tflog.Debug(ctx, "Normalized settings", map[string]interface{}{"settings": normalizedJSON}) - tflog.Debug(ctx, "Finished mapping settings state to Terraform state") + data.Settings = types.StringValue(normalizedJSON) } diff --git a/internal/resources/device_and_app_management/beta/linux_platform_script/resource.go b/internal/resources/device_and_app_management/beta/linux_platform_script/resource.go index 7abaaf91..3b2112fc 100644 --- a/internal/resources/device_and_app_management/beta/linux_platform_script/resource.go +++ b/internal/resources/device_and_app_management/beta/linux_platform_script/resource.go @@ -13,7 +13,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_linux_platform_script" + ResourceName = "graph_beta_device_and_app_management_linux_platform_script" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) // var ( diff --git a/internal/resources/device_and_app_management/beta/m365_apps_installation_options/crud.go b/internal/resources/device_and_app_management/beta/m365_apps_installation_options/crud.go index 4add3748..d19cd4c0 100644 --- a/internal/resources/device_and_app_management/beta/m365_apps_installation_options/crud.go +++ b/internal/resources/device_and_app_management/beta/m365_apps_installation_options/crud.go @@ -23,7 +23,7 @@ func (r *M365AppsInstallationOptionsResource) Create(ctx context.Context, req re return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -74,7 +74,7 @@ func (r *M365AppsInstallationOptionsResource) Read(ctx context.Context, req reso tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -112,7 +112,7 @@ func (r *M365AppsInstallationOptionsResource) Update(ctx context.Context, req re return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/device_and_app_management/beta/m365_apps_installation_options/resource.go b/internal/resources/device_and_app_management/beta/m365_apps_installation_options/resource.go index 6d0940ff..28a42c7f 100644 --- a/internal/resources/device_and_app_management/beta/m365_apps_installation_options/resource.go +++ b/internal/resources/device_and_app_management/beta/m365_apps_installation_options/resource.go @@ -15,7 +15,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_m365_apps_installation_options" + ResourceName = "graph_beta_device_and_app_management_m365_apps_installation_options" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/beta/macos_pkg_app/crud.go b/internal/resources/device_and_app_management/beta/macos_pkg_app/crud.go index bf60306a..4f9f83eb 100644 --- a/internal/resources/device_and_app_management/beta/macos_pkg_app/crud.go +++ b/internal/resources/device_and_app_management/beta/macos_pkg_app/crud.go @@ -24,7 +24,7 @@ func (r *MacOSPkgAppResource) Create(ctx context.Context, req resource.CreateReq return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -82,7 +82,7 @@ func (r *MacOSPkgAppResource) Read(ctx context.Context, req resource.ReadRequest tflog.Debug(ctx, fmt.Sprintf("Reading macOS PKG app with ID: %s", state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -128,7 +128,7 @@ func (r *MacOSPkgAppResource) Update(ctx context.Context, req resource.UpdateReq return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -184,7 +184,7 @@ func (r *MacOSPkgAppResource) Delete(ctx context.Context, req resource.DeleteReq return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/device_and_app_management/beta/macos_pkg_app/resource.go b/internal/resources/device_and_app_management/beta/macos_pkg_app/resource.go index 2a20b24b..00e6dcdf 100644 --- a/internal/resources/device_and_app_management/beta/macos_pkg_app/resource.go +++ b/internal/resources/device_and_app_management/beta/macos_pkg_app/resource.go @@ -13,7 +13,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_macos_pkg_app" + ResourceName = "graph_beta_device_and_app_management_macos_pkg_app" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/beta/macos_platform_script/resource.go b/internal/resources/device_and_app_management/beta/macos_platform_script/resource.go index bce04aa9..f8d95f1e 100644 --- a/internal/resources/device_and_app_management/beta/macos_platform_script/resource.go +++ b/internal/resources/device_and_app_management/beta/macos_platform_script/resource.go @@ -16,7 +16,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_macos_platform_script" + ResourceName = "graph_beta_device_and_app_management_macos_platform_script" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/beta/mobile_app_assignment/crud.go b/internal/resources/device_and_app_management/beta/mobile_app_assignment/crud.go index f4292667..f728ae38 100644 --- a/internal/resources/device_and_app_management/beta/mobile_app_assignment/crud.go +++ b/internal/resources/device_and_app_management/beta/mobile_app_assignment/crud.go @@ -25,7 +25,7 @@ func (r *MobileAppAssignmentResource) Create(ctx context.Context, req resource.C return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -78,7 +78,7 @@ func (r *MobileAppAssignmentResource) Read(ctx context.Context, req resource.Rea tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -137,7 +137,7 @@ func (r *MobileAppAssignmentResource) Update(ctx context.Context, req resource.U return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -186,7 +186,7 @@ func (r *MobileAppAssignmentResource) Delete(ctx context.Context, req resource.D return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/device_and_app_management/beta/mobile_app_assignment/resource.go b/internal/resources/device_and_app_management/beta/mobile_app_assignment/resource.go index e7658dfd..25122774 100644 --- a/internal/resources/device_and_app_management/beta/mobile_app_assignment/resource.go +++ b/internal/resources/device_and_app_management/beta/mobile_app_assignment/resource.go @@ -14,7 +14,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_mobile_app_assignment" + ResourceName = "graph_beta_device_and_app_management_mobile_app_assignment" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/beta/role_definition/crud.go b/internal/resources/device_and_app_management/beta/role_definition/crud.go index ac674291..14ebb556 100644 --- a/internal/resources/device_and_app_management/beta/role_definition/crud.go +++ b/internal/resources/device_and_app_management/beta/role_definition/crud.go @@ -23,7 +23,7 @@ func (r *RoleDefinitionResource) Create(ctx context.Context, req resource.Create return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -72,7 +72,7 @@ func (r *RoleDefinitionResource) Read(ctx context.Context, req resource.ReadRequ tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -110,7 +110,7 @@ func (r *RoleDefinitionResource) Update(ctx context.Context, req resource.Update return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -156,7 +156,7 @@ func (r *RoleDefinitionResource) Delete(ctx context.Context, req resource.Delete return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/device_and_app_management/beta/role_definition/resource.go b/internal/resources/device_and_app_management/beta/role_definition/resource.go index 1aaf462b..9db44404 100644 --- a/internal/resources/device_and_app_management/beta/role_definition/resource.go +++ b/internal/resources/device_and_app_management/beta/role_definition/resource.go @@ -13,7 +13,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_role_definition" + ResourceName = "graph_beta_device_and_app_management_role_definition" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/beta/settings_catalog/crud.go b/internal/resources/device_and_app_management/beta/settings_catalog/crud.go index b3682acd..1254652f 100644 --- a/internal/resources/device_and_app_management/beta/settings_catalog/crud.go +++ b/internal/resources/device_and_app_management/beta/settings_catalog/crud.go @@ -3,25 +3,17 @@ package graphBetaSettingsCatalog import ( "context" "fmt" - "sync" "time" - "github.com/deploymenttheory/terraform-provider-microsoft365/internal/client" + "github.com/deploymenttheory/terraform-provider-microsoft365/internal/client/graphcustom" "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/crud" "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/errors" + "github.com/deploymenttheory/terraform-provider-microsoft365/internal/resources/common/retry" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" ) -var ( - // mutex needed to lock Create requests during parallel runs to avoid overwhelming api and resulting in stating issues - mu sync.Mutex - - // object is the resource model for the Endpoint Privilege Management resource - object SettingsCatalogProfileResourceModel -) - // Create handles the Create operation for Settings Catalog resources. // // - Retrieves the planned configuration from the create request @@ -29,16 +21,15 @@ var ( // - Sends POST request to create the base resource and settings // - Captures the new resource ID from the response // - Constructs and sends assignment configuration if specified -// - Maps the created resource state to Terraform -// - Updates the final state with all resource data +// - Sets initial state with planned values +// - Calls Read operation to fetch the latest state from the API +// - Updates the final state with the fresh data from the API // // The function ensures that both the settings catalog profile and its assignments // (if specified) are created properly. The settings must be defined during creation // as they are required for a successful deployment, while assignments are optional. func (r *SettingsCatalogResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { - - mu.Lock() - defer mu.Unlock() + var object SettingsCatalogProfileResourceModel tflog.Debug(ctx, fmt.Sprintf("Starting creation of resource: %s_%s", r.ProviderTypeName, r.TypeName)) @@ -47,7 +38,7 @@ func (r *SettingsCatalogResource) Create(ctx context.Context, req resource.Creat return } - ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -62,17 +53,21 @@ func (r *SettingsCatalogResource) Create(ctx context.Context, req resource.Creat return } - requestResource, err := r.client. - DeviceManagement(). - ConfigurationPolicies(). - Post(context.Background(), requestBody, nil) + err = retry.RetryableIntuneOperation(ctx, "create resource", retry.IntuneWrite, func() error { + var opErr error + requestBody, opErr = r.client. + DeviceManagement(). + ConfigurationPolicies(). + Post(ctx, requestBody, nil) + return opErr + }) if err != nil { errors.HandleGraphError(ctx, err, resp, "Create", r.WritePermissions) return } - object.ID = types.StringValue(*requestResource.GetId()) + object.ID = types.StringValue(*requestBody.GetId()) if object.Assignments != nil { requestAssignment, err := constructAssignment(ctx, &object) @@ -84,12 +79,15 @@ func (r *SettingsCatalogResource) Create(ctx context.Context, req resource.Creat return } - _, err = r.client. - DeviceManagement(). - ConfigurationPolicies(). - ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - Assign(). - Post(ctx, requestAssignment, nil) + err = retry.RetryableAssignmentOperation(ctx, "create assignment", func() error { + _, err := r.client. + DeviceManagement(). + ConfigurationPolicies(). + ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). + Assign(). + Post(ctx, requestAssignment, nil) + return err + }) if err != nil { errors.HandleGraphError(ctx, err, resp, "Create", r.WritePermissions) @@ -97,80 +95,26 @@ func (r *SettingsCatalogResource) Create(ctx context.Context, req resource.Creat } } - respResource, err := r.client. - DeviceManagement(). - ConfigurationPolicies(). - ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - Get(context.Background(), nil) - - if err != nil { - errors.HandleGraphError(ctx, err, resp, "Create", r.WritePermissions) - return - } - MapRemoteResourceStateToTerraform(ctx, &object, respResource) - - // respSettings, err := r.client. - // DeviceManagement(). - // ConfigurationPolicies(). - // ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - // Settings(). - // Get(context.Background(), &msgraphsdk.ConfigurationPoliciesItemSettingsRequestBuilderGetRequestConfiguration{ - // QueryParameters: &msgraphsdk.ConfigurationPoliciesItemSettingsRequestBuilderGetQueryParameters{ - // Expand: []string{""}, - // }, - // }) - - // if err != nil { - // errors.HandleGraphError(ctx, err, resp, "Create - Settings Fetch", r.ReadPermissions) - // return - // } - - // settingsList := respSettings.GetValue() - // MapRemoteSettingsStateToTerraform(ctx, &object, settingsList) - - settingsConfig := client.CustomGetRequestConfig{ - APIVersion: client.GraphAPIBeta, - Endpoint: "deviceManagement/configurationPolicies", - EndpointSuffix: "/settings", - ResourceIDPattern: "('id')", - ResourceID: object.ID.ValueString(), - QueryParameters: map[string]string{ - "$expand": "children", - }, - } - - respSettings, err := client.SendCustomGetRequestByResourceId( - ctx, - r.client.GetAdapter(), - settingsConfig, - ) - - if err != nil { - errors.HandleGraphError(ctx, err, resp, "Create - Settings Fetch", r.ReadPermissions) + resp.Diagnostics.Append(resp.State.Set(ctx, &object)...) + if resp.Diagnostics.HasError() { return } - MapRemoteSettingsStateToTerraform(ctx, &object, respSettings) - - respAssignments, err := r.client. - DeviceManagement(). - ConfigurationPolicies(). - ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - Assignments(). - Get(context.Background(), nil) - - if err != nil { - errors.HandleGraphError(ctx, err, resp, "Create - Assignments Fetch", r.ReadPermissions) - return + readResp := &resource.ReadResponse{ + State: resp.State, } + r.Read(ctx, resource.ReadRequest{ + State: resp.State, + ProviderMeta: req.ProviderMeta, + }, readResp) - MapRemoteAssignmentStateToTerraform(ctx, &object, respAssignments) - - resp.Diagnostics.Append(resp.State.Set(ctx, &object)...) + resp.Diagnostics.Append(readResp.Diagnostics...) if resp.Diagnostics.HasError() { return } + resp.State = readResp.State + tflog.Debug(ctx, fmt.Sprintf("Finished Create Method: %s_%s", r.ProviderTypeName, r.TypeName)) } @@ -188,6 +132,7 @@ func (r *SettingsCatalogResource) Create(ctx context.Context, req resource.Creat // are properly read and mapped into the Terraform state, providing a complete view // of the resource's current configuration on the server. func (r *SettingsCatalogResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var object SettingsCatalogProfileResourceModel tflog.Debug(ctx, fmt.Sprintf("Starting Read method for: %s_%s", r.ProviderTypeName, r.TypeName)) @@ -198,50 +143,33 @@ func (r *SettingsCatalogResource) Read(ctx context.Context, req resource.ReadReq tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, object.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } defer cancel() - respResource, err := r.client. - DeviceManagement(). - ConfigurationPolicies(). - ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - Get(ctx, nil) + err := retry.RetryableIntuneOperation(ctx, "read resource", retry.IntuneRead, func() error { + respResource, err := r.client. + DeviceManagement(). + ConfigurationPolicies(). + ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). + Get(ctx, nil) + if err != nil { + return err + } + MapRemoteResourceStateToTerraform(ctx, &object, respResource) + return nil + }) if err != nil { errors.HandleGraphError(ctx, err, resp, "Read", r.ReadPermissions) return } - MapRemoteResourceStateToTerraform(ctx, &object, respResource) - - // // Retrieve settings from the response - // respSettings, err := r.client. - // DeviceManagement(). - // ConfigurationPolicies(). - // ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - // Settings(). - // Get(context.Background(), &msgraphsdk.ConfigurationPoliciesItemSettingsRequestBuilderGetRequestConfiguration{ - // QueryParameters: &msgraphsdk.ConfigurationPoliciesItemSettingsRequestBuilderGetQueryParameters{ - // Expand: []string{""}, // Expand all related settings - // }, - // }) - - // if err != nil { - // errors.HandleGraphError(ctx, err, resp, "Read", r.ReadPermissions) - // return - // } - - // // Extract the list of settings from the collection response - // settingsList := respSettings.GetValue() - - // MapRemoteSettingsStateToTerraform(ctx, &object, settingsList) - - settingsConfig := client.CustomGetRequestConfig{ - APIVersion: client.GraphAPIBeta, - Endpoint: "deviceManagement/configurationPolicies", + settingsConfig := graphcustom.GetRequestConfig{ + APIVersion: graphcustom.GraphAPIBeta, + Endpoint: r.ResourcePath, EndpointSuffix: "/settings", ResourceIDPattern: "('id')", ResourceID: object.ID.ValueString(), @@ -250,33 +178,43 @@ func (r *SettingsCatalogResource) Read(ctx context.Context, req resource.ReadReq }, } - respSettings, err := client.SendCustomGetRequestByResourceId( - ctx, - r.client.GetAdapter(), - settingsConfig, - ) + err = retry.RetryableIntuneOperation(ctx, "read resource", retry.IntuneRead, func() error { + respSettings, err := graphcustom.GetRequestByResourceId( + ctx, + r.client.GetAdapter(), + settingsConfig, + ) + if err != nil { + return err + } + MapRemoteSettingsStateToTerraform(ctx, &object, respSettings) + return nil + }) if err != nil { - errors.HandleGraphError(ctx, err, resp, "Create - Settings Fetch", r.ReadPermissions) + errors.HandleGraphError(ctx, err, resp, "Read", r.ReadPermissions) return } - MapRemoteSettingsStateToTerraform(ctx, &object, respSettings) - - respAssignments, err := r.client. - DeviceManagement(). - ConfigurationPolicies(). - ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - Assignments(). - Get(context.Background(), nil) + err = retry.RetryableAssignmentOperation(ctx, "read resource", func() error { + respAssignments, err := r.client. + DeviceManagement(). + ConfigurationPolicies(). + ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). + Assignments(). + Get(ctx, nil) + if err != nil { + return err + } + MapRemoteAssignmentStateToTerraform(ctx, &object, respAssignments) + return nil + }) if err != nil { errors.HandleGraphError(ctx, err, resp, "Read", r.ReadPermissions) return } - MapRemoteAssignmentStateToTerraform(ctx, &object, respAssignments) - resp.Diagnostics.Append(resp.State.Set(ctx, &object)...) if resp.Diagnostics.HasError() { return @@ -299,6 +237,7 @@ func (r *SettingsCatalogResource) Read(ctx context.Context, req resource.ReadReq // The function ensures that both the settings and assignments are updated atomically, // and the final state reflects the actual state of the resource on the server. func (r *SettingsCatalogResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var object SettingsCatalogProfileResourceModel tflog.Debug(ctx, fmt.Sprintf("Starting Update of resource: %s_%s", r.ProviderTypeName, r.TypeName)) @@ -307,7 +246,7 @@ func (r *SettingsCatalogResource) Update(ctx context.Context, req resource.Updat return } - ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -322,14 +261,18 @@ func (r *SettingsCatalogResource) Update(ctx context.Context, req resource.Updat return } - putRequest := client.CustomPutRequestConfig{ - APIVersion: client.GraphAPIBeta, - Endpoint: "deviceManagement/configurationPolicies", + putRequest := graphcustom.PutRequestConfig{ + APIVersion: graphcustom.GraphAPIBeta, + Endpoint: r.ResourcePath, ResourceID: object.ID.ValueString(), RequestBody: requestBody, } - err = client.SendCustomPutRequestByResourceId(ctx, r.client.GetAdapter(), putRequest) + // Use retryableOperation for main resource update + err = retry.RetryableIntuneOperation(ctx, "update resource", retry.IntuneWrite, func() error { + return graphcustom.PutRequestByResourceId(ctx, r.client.GetAdapter(), putRequest) + }) + if err != nil { errors.HandleGraphError(ctx, err, resp, "Update", r.ReadPermissions) return @@ -344,12 +287,16 @@ func (r *SettingsCatalogResource) Update(ctx context.Context, req resource.Updat return } - _, err = r.client. - DeviceManagement(). - ConfigurationPolicies(). - ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - Assign(). - Post(ctx, requestAssignment, nil) + // Use retryableAssignmentOperation for assignment update + err = retry.RetryableAssignmentOperation(ctx, "update assignment", func() error { + _, err := r.client. + DeviceManagement(). + ConfigurationPolicies(). + ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). + Assign(). + Post(ctx, requestAssignment, nil) + return err + }) if err != nil { errors.HandleGraphError(ctx, err, resp, "Update", r.WritePermissions) @@ -388,6 +335,7 @@ func (r *SettingsCatalogResource) Update(ctx context.Context, req resource.Updat // // All assignments and settings associated with the resource are automatically removed as part of the deletion. func (r *SettingsCatalogResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var object SettingsCatalogProfileResourceModel tflog.Debug(ctx, fmt.Sprintf("Starting deletion of resource: %s_%s", r.ProviderTypeName, r.TypeName)) @@ -396,17 +344,19 @@ func (r *SettingsCatalogResource) Delete(ctx context.Context, req resource.Delet return } - ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, object.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } defer cancel() - err := r.client. - DeviceManagement(). - ConfigurationPolicies(). - ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). - Delete(ctx, nil) + err := retry.RetryableIntuneOperation(ctx, "delete resource", retry.IntuneWrite, func() error { + return r.client. + DeviceManagement(). + ConfigurationPolicies(). + ByDeviceManagementConfigurationPolicyId(object.ID.ValueString()). + Delete(ctx, nil) + }) if err != nil { errors.HandleGraphError(ctx, err, resp, "Delete", r.ReadPermissions) diff --git a/internal/resources/device_and_app_management/beta/settings_catalog/model.go b/internal/resources/device_and_app_management/beta/settings_catalog/model.go index 756909a5..b8e5e542 100644 --- a/internal/resources/device_and_app_management/beta/settings_catalog/model.go +++ b/internal/resources/device_and_app_management/beta/settings_catalog/model.go @@ -15,12 +15,12 @@ type SettingsCatalogProfileResourceModel struct { Description types.String `tfsdk:"description"` Platforms types.String `tfsdk:"platforms"` Technologies []types.String `tfsdk:"technologies"` - SettingsCount types.Int64 `tfsdk:"settings_count"` RoleScopeTagIds []types.String `tfsdk:"role_scope_tag_ids"` + SettingsCount types.Int64 `tfsdk:"settings_count"` + IsAssigned types.Bool `tfsdk:"is_assigned"` LastModifiedDateTime types.String `tfsdk:"last_modified_date_time"` CreatedDateTime types.String `tfsdk:"created_date_time"` Settings types.String `tfsdk:"settings"` - IsAssigned types.Bool `tfsdk:"is_assigned"` Assignments *sharedmodels.SettingsCatalogSettingsAssignmentResourceModel `tfsdk:"assignments"` Timeouts timeouts.Value `tfsdk:"timeouts"` } @@ -244,246 +244,3 @@ var DeviceConfigV2GraphServiceModel struct { } `json:"settingInstance"` } `json:"settingsDetails"` } - -// DeviceConfigV2GraphServiceModel is a struct that represents the JSON structure of settings catalog settings. -// This struct is used to unmarshal the settings JSON string into a structured format. -// It represents windows, macOS, and iOS settings settings catalog settings. -// var DeviceConfigV2GraphServiceModel struct { -// SettingsDetails []struct { -// ID string `json:"id"` -// SettingInstance struct { -// ODataType string `json:"@odata.type"` -// SettingDefinitionId string `json:"settingDefinitionId"` - -// // For choice settings -// ChoiceSettingValue *struct { -// Children []struct { -// ODataType string `json:"@odata.type"` -// SettingDefinitionId string `json:"settingDefinitionId"` -// SettingInstanceTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingInstanceTemplateReference"` - -// // For SimpleSettingCollectionValue within Choice children -// SimpleSettingCollectionValue []struct { -// ODataType string `json:"@odata.type"` -// Value string `json:"value"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"simpleSettingCollectionValue,omitempty"` - -// // For GroupSettingCollectionValue within Choice children -// GroupSettingCollectionValue []struct { -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// Children []struct { -// SimpleSettingValue *struct { -// ODataType string `json:"@odata.type"` -// Value interface{} `json:"value"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"simpleSettingValue,omitempty"` -// ODataType string `json:"@odata.type"` -// SettingDefinitionId string `json:"settingDefinitionId"` -// SettingInstanceTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingInstanceTemplateReference"` -// } `json:"children"` -// } `json:"groupSettingCollectionValue,omitempty"` - -// // For simple settings within choice children -// SimpleSettingValue *struct { -// ODataType string `json:"@odata.type"` -// Value interface{} `json:"value"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"simpleSettingValue,omitempty"` - -// // For nested choice settings within choice children -// ChoiceSettingValue *struct { -// Value string `json:"value"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// Children []struct { -// ODataType string `json:"@odata.type"` -// SettingDefinitionId string `json:"settingDefinitionId"` -// } `json:"children"` -// } `json:"choiceSettingValue,omitempty"` -// } `json:"children"` - -// Value string `json:"value"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"choiceSettingValue,omitempty"` - -// // For choice setting collections -// ChoiceSettingCollectionValue []struct { -// Children []struct { -// ODataType string `json:"@odata.type"` -// SettingDefinitionId string `json:"settingDefinitionId"` - -// // For nested simple settings within choice setting collection -// SimpleSettingValue *struct { -// ODataType string `json:"@odata.type"` -// Value interface{} `json:"value"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"simpleSettingValue,omitempty"` - -// // For nested simple setting collection within choice setting collection -// SimpleSettingCollectionValue []struct { -// ODataType string `json:"@odata.type"` -// Value string `json:"value"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"simpleSettingCollectionValue,omitempty"` - -// SettingInstanceTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingInstanceTemplateReference"` -// } `json:"children"` - -// Value string `json:"value"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"choiceSettingCollectionValue,omitempty"` - -// // For group setting collections (Level 1) -// GroupSettingCollectionValue []struct { -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// Children []struct { -// ODataType string `json:"@odata.type"` -// SettingDefinitionId string `json:"settingDefinitionId"` - -// // For nested group setting collections within group setting collection (Level 2) -// GroupSettingCollectionValue []struct { -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// Children []struct { -// ODataType string `json:"@odata.type"` -// SettingDefinitionId string `json:"settingDefinitionId"` -// SettingInstanceTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingInstanceTemplateReference"` - -// // For nested group setting collections within group setting collection within group setting collection (Level 3) -// GroupSettingCollectionValue []struct { -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// Children []struct { -// ODataType string `json:"@odata.type"` -// SettingDefinitionId string `json:"settingDefinitionId"` -// SettingInstanceTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingInstanceTemplateReference"` - -// // For nested choice settings within group setting collection within group setting collection within group setting collection (Level 4) -// ChoiceSettingValue *struct { -// Value string `json:"value"` -// Children []struct { -// ODataType string `json:"@odata.type"` -// SettingDefinitionId string `json:"settingDefinitionId"` -// SettingInstanceTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingInstanceTemplateReference,omitempty"` - -// // For nested simple settings within choice settings within group setting collection within group setting collection within group setting collection (Level 5) -// SimpleSettingValue *struct { -// ODataType string `json:"@odata.type"` -// Value interface{} `json:"value"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"simpleSettingValue,omitempty"` -// } `json:"children"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"choiceSettingValue,omitempty"` - -// // For simple settings within group setting collection within group setting collection within group setting collection (Level 4) -// SimpleSettingValue *struct { -// ODataType string `json:"@odata.type"` -// Value interface{} `json:"value"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"simpleSettingValue,omitempty"` - -// // For simple settings collection within group setting collection within group setting collection within group setting collection (Level 4) -// SimpleSettingCollectionValue []struct { -// ODataType string `json:"@odata.type"` -// Value string `json:"value"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"simpleSettingCollectionValue,omitempty"` -// } `json:"children"` -// } `json:"groupSettingCollectionValue,omitempty"` - -// // For nested simple settings within group setting collection within group setting collection (Level 3) -// SimpleSettingValue *struct { -// ODataType string `json:"@odata.type"` -// Value interface{} `json:"value"` -// ValueState string `json:"valueState,omitempty"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"simpleSettingValue,omitempty"` - -// // For nested simple setting collections within group setting collection within group setting collection (Level 3) -// SimpleSettingCollectionValue []struct { -// ODataType string `json:"@odata.type"` -// Value string `json:"value"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"simpleSettingCollectionValue,omitempty"` - -// // For nested choice settings within group setting collection within group setting collection (Level 3) -// ChoiceSettingValue *struct { -// Value string `json:"value"` -// Children []struct { -// ODataType string `json:"@odata.type"` -// SettingDefinitionId string `json:"settingDefinitionId"` -// // For nested simple setting within choice settings within group setting collection within group setting collection (Level 4) -// SimpleSettingValue *struct { -// ODataType string `json:"@odata.type"` -// Value interface{} `json:"value"` -// ValueState string `json:"valueState,omitempty"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"simpleSettingValue,omitempty"` -// } `json:"children"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"choiceSettingValue,omitempty"` -// } `json:"children"` -// } `json:"groupSettingCollectionValue,omitempty"` - -// // For nested simple settings (string, integer, secret) within group setting collection (Level 2) -// SimpleSettingValue *struct { -// ODataType string `json:"@odata.type"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// Value interface{} `json:"value"` -// ValueState string `json:"valueState,omitempty"` -// } `json:"simpleSettingValue,omitempty"` - -// // For nested choice settings within group setting collection (Level 2) -// ChoiceSettingValue *struct { -// Value string `json:"value"` -// Children []struct { -// ODataType string `json:"@odata.type"` -// SettingDefinitionId string `json:"settingDefinitionId"` -// SettingInstanceTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingInstanceTemplateReference"` - -// SimpleSettingValue *struct { -// ODataType string `json:"@odata.type"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// Value interface{} `json:"value"` -// } `json:"simpleSettingValue,omitempty"` - -// ChoiceSettingValue *struct { -// Children []struct { -// ODataType string `json:"@odata.type"` -// SettingDefinitionId string `json:"settingDefinitionId"` -// } `json:"children"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// Value string `json:"value"` -// } `json:"choiceSettingValue,omitempty"` -// } `json:"children"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// } `json:"choiceSettingValue,omitempty"` - -// // For nested simple setting collections within group setting collection (Level 2) -// SimpleSettingCollectionValue []struct { -// ODataType string `json:"@odata.type"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// Value string `json:"value"` -// } `json:"simpleSettingCollectionValue,omitempty"` - -// SettingInstanceTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingInstanceTemplateReference"` -// } `json:"children"` -// } `json:"groupSettingCollectionValue,omitempty"` - -// // For simple settings -// SimpleSettingValue *struct { -// ODataType string `json:"@odata.type"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// Value interface{} `json:"value"` -// } `json:"simpleSettingValue,omitempty"` - -// // For simple collection settings -// SimpleSettingCollectionValue []struct { -// ODataType string `json:"@odata.type"` -// SettingValueTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingValueTemplateReference"` -// Value string `json:"value"` -// } `json:"simpleSettingCollectionValue,omitempty"` - -// SettingInstanceTemplateReference graphmodels.DeviceManagementConfigurationSettingValueTemplateReferenceable `json:"settingInstanceTemplateReference"` -// } `json:"settingInstance"` -// } `json:"settingsDetails"` -// } diff --git a/internal/resources/device_and_app_management/beta/settings_catalog/resource_v7.go b/internal/resources/device_and_app_management/beta/settings_catalog/resource.go similarity index 98% rename from internal/resources/device_and_app_management/beta/settings_catalog/resource_v7.go rename to internal/resources/device_and_app_management/beta/settings_catalog/resource.go index 2f98ed9e..b1d0ac27 100644 --- a/internal/resources/device_and_app_management/beta/settings_catalog/resource_v7.go +++ b/internal/resources/device_and_app_management/beta/settings_catalog/resource.go @@ -19,7 +19,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_settings_catalog" + ResourceName = "graph_beta_device_and_app_management_settings_catalog" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/beta/settings_catalog/state_base_resource.go b/internal/resources/device_and_app_management/beta/settings_catalog/state_base_resource.go index 61331bde..2e89dfca 100644 --- a/internal/resources/device_and_app_management/beta/settings_catalog/state_base_resource.go +++ b/internal/resources/device_and_app_management/beta/settings_catalog/state_base_resource.go @@ -23,11 +23,11 @@ func MapRemoteResourceStateToTerraform(ctx context.Context, data *SettingsCatalo data.ID = types.StringValue(state.StringPtrToString(remoteResource.GetId())) data.Name = types.StringValue(state.StringPtrToString(remoteResource.GetName())) data.Description = types.StringValue(state.StringPtrToString(remoteResource.GetDescription())) + data.RoleScopeTagIds = state.SliceToTypeStringSlice(remoteResource.GetRoleScopeTagIds()) + data.IsAssigned = state.BoolPtrToTypeBool(remoteResource.GetIsAssigned()) data.CreatedDateTime = state.TimeToString(remoteResource.GetCreatedDateTime()) data.LastModifiedDateTime = state.TimeToString(remoteResource.GetLastModifiedDateTime()) data.SettingsCount = state.Int32PtrToTypeInt64(remoteResource.GetSettingCount()) - data.RoleScopeTagIds = state.SliceToTypeStringSlice(remoteResource.GetRoleScopeTagIds()) - data.IsAssigned = state.BoolPtrToTypeBool(remoteResource.GetIsAssigned()) if platforms := remoteResource.GetPlatforms(); platforms != nil { data.Platforms = state.EnumPtrToTypeString(platforms) diff --git a/internal/resources/device_and_app_management/beta/settings_catalog/state_settings.go b/internal/resources/device_and_app_management/beta/settings_catalog/state_settings.go index 885d5259..44a88eeb 100644 --- a/internal/resources/device_and_app_management/beta/settings_catalog/state_settings.go +++ b/internal/resources/device_and_app_management/beta/settings_catalog/state_settings.go @@ -47,17 +47,20 @@ func MapRemoteSettingsStateToTerraform(ctx context.Context, data *SettingsCatalo "settingsDetails": settingsContent, } - preserveSecretSettings(configSettings, structuredContent) + if err := normalize.PreserveSecretSettings(configSettings, structuredContent); err != nil { + tflog.Error(ctx, "Error stating settings catalog secret settings from HCL", map[string]interface{}{"error": err.Error()}) + return + } jsonBytes, err := json.Marshal(structuredContent) if err != nil { - tflog.Error(ctx, "Failed to marshal structured content", map[string]interface{}{"error": err.Error()}) + tflog.Error(ctx, "Failed to marshal JSON structured content during preparation for normalization", map[string]interface{}{"error": err.Error()}) return } normalizedJSON, err := normalize.JSONAlphabetically(string(jsonBytes)) if err != nil { - tflog.Error(ctx, "Failed to normalize JSON alphabetically", map[string]interface{}{"error": err.Error()}) + tflog.Error(ctx, "Failed to normalize settings catalog JSON alphabetically", map[string]interface{}{"error": err.Error()}) return } @@ -66,44 +69,3 @@ func MapRemoteSettingsStateToTerraform(ctx context.Context, data *SettingsCatalo data.Settings = types.StringValue(normalizedJSON) } - -// preserveSecretSettings recursively searches through settings catalog HCL JSON structure for secret settings -// and preserves the value and valueState from the config settings. This is used to ensure that secret values -// within the state match the original config settings and do not cause unnecessary updates. -func preserveSecretSettings(config, resp interface{}) { - switch configV := config.(type) { - case map[string]interface{}: - respV, ok := resp.(map[string]interface{}) - if !ok { - return - } - - if odataType, ok := configV["@odata.type"].(string); ok && - odataType == "#microsoft.graph.deviceManagementConfigurationSecretSettingValue" { - if value, ok := configV["value"]; ok { - respV["value"] = value - } - if valueState, ok := configV["valueState"]; ok { - respV["valueState"] = valueState - } - return - } - - for k, v := range configV { - if respChild, ok := respV[k]; ok { - preserveSecretSettings(v, respChild) - } - } - - case []interface{}: - respV, ok := resp.([]interface{}) - if !ok { - return - } - for i := range configV { - if i < len(respV) { - preserveSecretSettings(configV[i], respV[i]) - } - } - } -} diff --git a/internal/resources/device_and_app_management/beta/win32_lob_app/resource.go b/internal/resources/device_and_app_management/beta/win32_lob_app/resource.go index 8e005a99..d6a1d613 100644 --- a/internal/resources/device_and_app_management/beta/win32_lob_app/resource.go +++ b/internal/resources/device_and_app_management/beta/win32_lob_app/resource.go @@ -15,7 +15,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_win32_lob_app" + ResourceName = "graph_beta_device_and_app_management_win32_lob_app" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/beta/windows_platform_script/resource.go b/internal/resources/device_and_app_management/beta/windows_platform_script/resource.go index e304d49c..77d6e844 100644 --- a/internal/resources/device_and_app_management/beta/windows_platform_script/resource.go +++ b/internal/resources/device_and_app_management/beta/windows_platform_script/resource.go @@ -15,7 +15,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_windows_platform_script" + ResourceName = "graph_beta_device_and_app_management_windows_platform_script" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/beta/winget_app/crud.go b/internal/resources/device_and_app_management/beta/winget_app/crud.go index a987d64a..416a463b 100644 --- a/internal/resources/device_and_app_management/beta/winget_app/crud.go +++ b/internal/resources/device_and_app_management/beta/winget_app/crud.go @@ -24,7 +24,7 @@ func (r *WinGetAppResource) Create(ctx context.Context, req resource.CreateReque return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -83,7 +83,7 @@ func (r *WinGetAppResource) Read(ctx context.Context, req resource.ReadRequest, tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -140,7 +140,7 @@ func (r *WinGetAppResource) Update(ctx context.Context, req resource.UpdateReque return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -209,7 +209,7 @@ func (r *WinGetAppResource) Delete(ctx context.Context, req resource.DeleteReque return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/device_and_app_management/beta/winget_app/resource.go b/internal/resources/device_and_app_management/beta/winget_app/resource.go index 299e7888..bf82c1e5 100644 --- a/internal/resources/device_and_app_management/beta/winget_app/resource.go +++ b/internal/resources/device_and_app_management/beta/winget_app/resource.go @@ -17,7 +17,11 @@ import ( ) const ( - ResourceName = "graph_beta_device_and_app_management_win_get_app" + ResourceName = "graph_beta_device_and_app_management_win_get_app" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/v1.0/cloud_pc_device_image/crud.go b/internal/resources/device_and_app_management/v1.0/cloud_pc_device_image/crud.go index c6abbcf9..92cf85cd 100644 --- a/internal/resources/device_and_app_management/v1.0/cloud_pc_device_image/crud.go +++ b/internal/resources/device_and_app_management/v1.0/cloud_pc_device_image/crud.go @@ -23,7 +23,7 @@ func (r *CloudPcDeviceImageResource) Create(ctx context.Context, req resource.Cr return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -74,7 +74,7 @@ func (r *CloudPcDeviceImageResource) Read(ctx context.Context, req resource.Read tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -113,7 +113,7 @@ func (r *CloudPcDeviceImageResource) Update(ctx context.Context, req resource.Up return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -159,7 +159,7 @@ func (r *CloudPcDeviceImageResource) Delete(ctx context.Context, req resource.De return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/device_and_app_management/v1.0/cloud_pc_device_image/resource.go b/internal/resources/device_and_app_management/v1.0/cloud_pc_device_image/resource.go index 184d0c27..a317a7bb 100644 --- a/internal/resources/device_and_app_management/v1.0/cloud_pc_device_image/resource.go +++ b/internal/resources/device_and_app_management/v1.0/cloud_pc_device_image/resource.go @@ -16,7 +16,11 @@ import ( ) const ( - ResourceName = "graph_device_and_app_management_cloud_pc_device_image" + ResourceName = "graph_device_and_app_management_cloud_pc_device_image" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/v1.0/cloud_pc_provisioning_policy/crud.go b/internal/resources/device_and_app_management/v1.0/cloud_pc_provisioning_policy/crud.go index 2f6fe3a9..a9b5cc83 100644 --- a/internal/resources/device_and_app_management/v1.0/cloud_pc_provisioning_policy/crud.go +++ b/internal/resources/device_and_app_management/v1.0/cloud_pc_provisioning_policy/crud.go @@ -23,7 +23,7 @@ func (r *CloudPcProvisioningPolicyResource) Create(ctx context.Context, req reso return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -74,7 +74,7 @@ func (r *CloudPcProvisioningPolicyResource) Read(ctx context.Context, req resour tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -113,7 +113,7 @@ func (r *CloudPcProvisioningPolicyResource) Update(ctx context.Context, req reso return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -159,7 +159,7 @@ func (r *CloudPcProvisioningPolicyResource) Delete(ctx context.Context, req reso return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/device_and_app_management/v1.0/cloud_pc_provisioning_policy/resource.go b/internal/resources/device_and_app_management/v1.0/cloud_pc_provisioning_policy/resource.go index e8a1602c..c10723de 100644 --- a/internal/resources/device_and_app_management/v1.0/cloud_pc_provisioning_policy/resource.go +++ b/internal/resources/device_and_app_management/v1.0/cloud_pc_provisioning_policy/resource.go @@ -16,7 +16,11 @@ import ( ) const ( - ResourceName = "graph_device_and_app_management_cloud_pc_provisioning_policy" + ResourceName = "graph_device_and_app_management_cloud_pc_provisioning_policy" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/v1.0/cloud_pc_user_setting/crud.go b/internal/resources/device_and_app_management/v1.0/cloud_pc_user_setting/crud.go index f8c45b57..0b19998f 100644 --- a/internal/resources/device_and_app_management/v1.0/cloud_pc_user_setting/crud.go +++ b/internal/resources/device_and_app_management/v1.0/cloud_pc_user_setting/crud.go @@ -23,7 +23,7 @@ func (r *CloudPcUserSettingResource) Create(ctx context.Context, req resource.Cr return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -74,7 +74,7 @@ func (r *CloudPcUserSettingResource) Read(ctx context.Context, req resource.Read tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -113,7 +113,7 @@ func (r *CloudPcUserSettingResource) Update(ctx context.Context, req resource.Up return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -159,7 +159,7 @@ func (r *CloudPcUserSettingResource) Delete(ctx context.Context, req resource.De return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/device_and_app_management/v1.0/cloud_pc_user_setting/resource.go b/internal/resources/device_and_app_management/v1.0/cloud_pc_user_setting/resource.go index 58c25e1e..db2dc3f5 100644 --- a/internal/resources/device_and_app_management/v1.0/cloud_pc_user_setting/resource.go +++ b/internal/resources/device_and_app_management/v1.0/cloud_pc_user_setting/resource.go @@ -15,7 +15,11 @@ import ( ) const ( - ResourceName = "graph_device_and_app_management_cloud_pc_user_setting" + ResourceName = "graph_device_and_app_management_cloud_pc_user_setting" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/device_and_app_management/v1.0/role_definition/crud.go b/internal/resources/device_and_app_management/v1.0/role_definition/crud.go index c6025c6a..149c25f8 100644 --- a/internal/resources/device_and_app_management/v1.0/role_definition/crud.go +++ b/internal/resources/device_and_app_management/v1.0/role_definition/crud.go @@ -23,7 +23,7 @@ func (r *RoleDefinitionResource) Create(ctx context.Context, req resource.Create return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -72,7 +72,7 @@ func (r *RoleDefinitionResource) Read(ctx context.Context, req resource.ReadRequ tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -111,7 +111,7 @@ func (r *RoleDefinitionResource) Update(ctx context.Context, req resource.Update return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -158,7 +158,7 @@ func (r *RoleDefinitionResource) Delete(ctx context.Context, req resource.Delete return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/device_and_app_management/v1.0/role_definition/resource.go b/internal/resources/device_and_app_management/v1.0/role_definition/resource.go index f351c76d..6c45388b 100644 --- a/internal/resources/device_and_app_management/v1.0/role_definition/resource.go +++ b/internal/resources/device_and_app_management/v1.0/role_definition/resource.go @@ -13,7 +13,11 @@ import ( ) const ( - ResourceName = "graph_device_and_app_management_role_definition" + ResourceName = "graph_device_and_app_management_role_definition" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/internal/resources/identity_and_access/beta/conditional_access_policy/crud.go b/internal/resources/identity_and_access/beta/conditional_access_policy/crud.go index 6baa33b5..2265ee45 100644 --- a/internal/resources/identity_and_access/beta/conditional_access_policy/crud.go +++ b/internal/resources/identity_and_access/beta/conditional_access_policy/crud.go @@ -23,7 +23,7 @@ func (r *ConditionalAccessPolicyResource) Create(ctx context.Context, req resour return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Create, CreateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -74,7 +74,7 @@ func (r *ConditionalAccessPolicyResource) Read(ctx context.Context, req resource tflog.Debug(ctx, fmt.Sprintf("Reading %s_%s with ID: %s", r.ProviderTypeName, r.TypeName, state.ID.ValueString())) - ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, state.Timeouts.Read, ReadTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -113,7 +113,7 @@ func (r *ConditionalAccessPolicyResource) Update(ctx context.Context, req resour return } - ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, plan.Timeouts.Update, UpdateTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } @@ -161,7 +161,7 @@ func (r *ConditionalAccessPolicyResource) Delete(ctx context.Context, req resour return } - ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, 30*time.Second, &resp.Diagnostics) + ctx, cancel := crud.HandleTimeout(ctx, data.Timeouts.Delete, DeleteTimeout*time.Second, &resp.Diagnostics) if cancel == nil { return } diff --git a/internal/resources/identity_and_access/beta/conditional_access_policy/resource.go b/internal/resources/identity_and_access/beta/conditional_access_policy/resource.go index ebaf9db8..e26d735c 100644 --- a/internal/resources/identity_and_access/beta/conditional_access_policy/resource.go +++ b/internal/resources/identity_and_access/beta/conditional_access_policy/resource.go @@ -19,7 +19,11 @@ import ( ) const ( - ResourceName = "graph_beta_identity_and_access_conditional_access_policy" + ResourceName = "graph_beta_identity_and_access_conditional_access_policy" + CreateTimeout = 180 + UpdateTimeout = 180 + ReadTimeout = 180 + DeleteTimeout = 180 ) var ( diff --git a/scripts/DeleteAllSettingsCatalogConfigurationsByNamePrefix.ps1 b/scripts/DeleteAllSettingsCatalogConfigurationsByNamePrefix.ps1 new file mode 100644 index 00000000..fec4f48e --- /dev/null +++ b/scripts/DeleteAllSettingsCatalogConfigurationsByNamePrefix.ps1 @@ -0,0 +1,130 @@ +[CmdletBinding()] +param ( + [Parameter(Mandatory=$true, + HelpMessage="Specify the Entra ID tenant ID (Directory ID) where the application is registered")] + [ValidateNotNullOrEmpty()] + [string]$TenantId, + + [Parameter(Mandatory=$true, + HelpMessage="Specify the application (client) ID of the Entra ID app registration")] + [ValidateNotNullOrEmpty()] + [string]$ClientId, + + [Parameter(Mandatory=$true, + HelpMessage="Specify the client secret of the Entra ID app registration")] + [ValidateNotNullOrEmpty()] + [string]$ClientSecret, + + [Parameter(Mandatory=$true, + HelpMessage="Specify the settings catalog name prefix to match for deletion (e.g., 'test_collection-')")] + [ValidateNotNullOrEmpty()] + [string]$SettingsCatalogNamePrefix +) + +# Helper function to retrieve all pages of items +function Get-Paginated { + param ( + [Parameter(Mandatory=$true)] + [string]$InitialUri + ) + + $allItems = @() + $currentUri = $InitialUri + + do { + $response = Invoke-MgGraphRequest -Method GET -Uri $currentUri + + if ($response.value) { + $allItems += $response.value + } + + # Get the next page URL if it exists + $currentUri = $response.'@odata.nextLink' + } while ($currentUri) + + return $allItems +} + +# Helper function to get all settings catalog policies +function Get-AllSettingsCatalogPolicies { + try { + $policiesUri = "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies" + return Get-Paginated -InitialUri $policiesUri + } + catch { + Write-Error "Error retrieving settings catalog policies: $_" + return $null + } +} + +# Helper function to delete a settings catalog policy +function Remove-SettingsCatalogPolicy { + param ( + [Parameter(Mandatory=$true)] + [string]$PolicyId, + [string]$PolicyName + ) + + try { + $policyUri = "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies/$PolicyId" + Invoke-MgGraphRequest -Method DELETE -Uri $policyUri + Write-Host "Successfully deleted policy: $PolicyName (ID: $PolicyId)" + return $true + } + catch { + Write-Error "Error deleting policy $PolicyName (ID: $PolicyId): $_" + return $false + } +} + +# Script Setup +Import-Module Microsoft.Graph.Authentication + +$secureClientSecret = ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force +$clientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ClientId, $secureClientSecret + +Write-Host "Connecting to Microsoft Graph..." +Connect-MgGraph -ClientSecretCredential $clientSecretCredential -TenantId $TenantId + +# Get all settings catalog policies +Write-Host "Retrieving all settings catalog policies..." +$allPolicies = Get-AllSettingsCatalogPolicies + +if ($null -ne $allPolicies) { + # Filter policies by name prefix + $matchingPolicies = $allPolicies | Where-Object { $_.name -like "$SettingsCatalogNamePrefix*" } + + if ($matchingPolicies.Count -gt 0) { + Write-Host "`nFound $($matchingPolicies.Count) policies matching prefix '$SettingsCatalogNamePrefix'" + + # Confirm before deletion + $confirmation = Read-Host "Do you want to proceed with deletion? (Y/N)" + if ($confirmation -eq 'Y') { + $deletedCount = 0 + $failedCount = 0 + + foreach ($policy in $matchingPolicies) { + Write-Host "`nDeleting policy: $($policy.name)..." + $result = Remove-SettingsCatalogPolicy -PolicyId $policy.id -PolicyName $policy.name + if ($result) { + $deletedCount++ + } else { + $failedCount++ + } + } + + Write-Host "`nDeletion complete:" + Write-Host "Successfully deleted: $deletedCount" + Write-Host "Failed to delete: $failedCount" + } else { + Write-Host "Operation cancelled by user." + } + } else { + Write-Host "No policies found matching prefix '$SettingsCatalogNamePrefix'" + } +} else { + Write-Host "No settings catalog policies found or error occurred." +} + +Disconnect-MgGraph +Write-Host "Disconnected from Microsoft Graph." \ No newline at end of file