bump go-azure-sdk version and fixup resources

Author: jackofallops

go.mod

@@ -3,14 +3,14 @@ module github.com/hashicorp/terraform-provider-azuread
 require (
 	github.com/google/go-cmp v0.7.0
 	github.com/hashicorp/go-azure-helpers v0.73.0
-	github.com/hashicorp/go-azure-sdk/microsoft-graph v0.20250513.1112057
-	github.com/hashicorp/go-azure-sdk/sdk v0.20250513.1112057
+	github.com/hashicorp/go-azure-sdk/microsoft-graph v0.20250617.1143239
+	github.com/hashicorp/go-azure-sdk/sdk v0.20250617.1143239
 	github.com/hashicorp/go-cty v1.5.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-uuid v1.0.3
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.36.1
 	github.com/hashicorp/terraform-plugin-testing v1.12.0
-	golang.org/x/text v0.25.0
+	golang.org/x/text v0.26.0
 )
 
 require (
@@ -49,11 +49,11 @@ require (
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/zclconf/go-cty v1.16.2 // indirect
-	golang.org/x/crypto v0.38.0 // indirect
-	golang.org/x/mod v0.24.0 // indirect
+	golang.org/x/crypto v0.39.0 // indirect
+	golang.org/x/mod v0.25.0 // indirect
 	golang.org/x/net v0.40.0 // indirect
 	golang.org/x/oauth2 v0.30.0 // indirect
-	golang.org/x/sync v0.14.0 // indirect
+	golang.org/x/sync v0.15.0 // indirect
 	golang.org/x/sys v0.33.0 // indirect
 	golang.org/x/tools v0.33.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect

go.sum

@@ -55,10 +55,10 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-azure-helpers v0.73.0 h1:J++NBrLzwv6U/hSXeC29pWOr+5S+xnoQWVT2r1XAexw=
 github.com/hashicorp/go-azure-helpers v0.73.0/go.mod h1:tAUWC+kwZQsuNAHEIlnbojMMcC6SWQb6W1HfIeluv1E=
-github.com/hashicorp/go-azure-sdk/microsoft-graph v0.20250513.1112057 h1:V6fG/+FkmIWqlLyTr8zkYxuGa1rshHfU7VbWPM6/zNQ=
-github.com/hashicorp/go-azure-sdk/microsoft-graph v0.20250513.1112057/go.mod h1:6kecvS+zhzvq+MY4XsVvTr9mWf0rWyxcBpxWkGZj9Xo=
-github.com/hashicorp/go-azure-sdk/sdk v0.20250513.1112057 h1:J5QEwqbMVV5qPl6uO/she/jX2zXqMD9IJ9VPywHlzKw=
-github.com/hashicorp/go-azure-sdk/sdk v0.20250513.1112057/go.mod h1:/LiVkre6Py4M8+xkSHgJieWkHWv03USdwg5x/zeX9Rc=
+github.com/hashicorp/go-azure-sdk/microsoft-graph v0.20250617.1143239 h1:V93fLAbLkZMMnmztUNHwesB8ZzDVirkAGAHKO/Jchg4=
+github.com/hashicorp/go-azure-sdk/microsoft-graph v0.20250617.1143239/go.mod h1:QS1gBLDh7nm3DOZncjE7YTJ2v0MiLksqEA8NYZldGFk=
+github.com/hashicorp/go-azure-sdk/sdk v0.20250617.1143239 h1:ZiMKt6HJirVjDJ+qCjVxuwQqPpFVtaJV3J3qMIKIEfA=
+github.com/hashicorp/go-azure-sdk/sdk v0.20250617.1143239/go.mod h1:eyNClZwQsa4Go51ScU9OYCE2EQvbNt8EjZ4eMxpQ1H8=
 github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
 github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
@@ -174,11 +174,11 @@ go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC
 go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
-golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
+golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
+golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
-golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
+golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
@@ -190,8 +190,8 @@ golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKl
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -213,8 +213,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
-golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=

internal/services/conditionalaccess/conditionalaccess.go

@@ -264,14 +264,18 @@ func flattenExternalTenants(in stable.ConditionalAccessExternalTenants) []interf
 		return []interface{}{}
 	}
 
-	externalTenants := in.ConditionalAccessExternalTenants()
-
-	return []interface{}{
-		map[string]interface{}{
-			"membership_kind": externalTenants.MembershipKind,
-			"members":         tf.FlattenStringSlicePtr(externalTenants.Members),
-		},
+	if ext, ok := in.(stable.ConditionalAccessEnumeratedExternalTenants); ok {
+		externalTenants := in.ConditionalAccessExternalTenants()
+
+		return []interface{}{
+			map[string]interface{}{
+				"membership_kind": externalTenants.MembershipKind,
+				"members":         tf.FlattenStringSlicePtr(ext.Members),
+			},
+		}
 	}
+
+	return []interface{}{}
 }
 
 func flattenCountryNamedLocation(in *stable.CountryNamedLocation) []interface{} {
@@ -552,13 +556,20 @@ func expandConditionalAccessSessionControls(in []interface{}) *stable.Conditiona
 
 	config := in[0].(map[string]interface{})
 
+	result.ApplicationEnforcedRestrictions = &stable.ApplicationEnforcedRestrictionsSessionControl{
+		IsEnabled: nullable.Value(config["application_enforced_restrictions_enabled"].(bool)),
+	}
+
 	if cloudAppSecurity := config["cloud_app_security_policy"]; cloudAppSecurity.(string) != "" {
 		result.CloudAppSecurity = &stable.CloudAppSecuritySessionControl{
 			IsEnabled:            nullable.Value(true),
 			CloudAppSecurityType: pointer.To(stable.CloudAppSecuritySessionControlType(cloudAppSecurity.(string))),
 		}
 	}
 
+	DisableResilienceDefaults := config["disable_resilience_defaults"]
+	result.DisableResilienceDefaults = nullable.Value(DisableResilienceDefaults.(bool))
+
 	if persistentBrowserMode := config["persistent_browser_mode"]; persistentBrowserMode.(string) != "" {
 		result.PersistentBrowser = &stable.PersistentBrowserSessionControl{
 			IsEnabled: nullable.Value(true),
@@ -572,6 +583,7 @@ func expandConditionalAccessSessionControls(in []interface{}) *stable.Conditiona
 		signInFrequency.Type = pointer.To(stable.SigninFrequencyType(config["sign_in_frequency_period"].(string)))
 		signInFrequency.Value = nullable.Value(int64(frequencyValue))
 
+		// AuthenticationType and FrequencyInterval must be set to default values here
 		signInFrequency.AuthenticationType = pointer.To(stable.SignInFrequencyAuthenticationType_PrimaryAndSecondaryAuthentication)
 		signInFrequency.FrequencyInterval = pointer.To(stable.SignInFrequencyInterval_TimeBased)
 	}
@@ -581,26 +593,9 @@ func expandConditionalAccessSessionControls(in []interface{}) *stable.Conditiona
 	}
 
 	if interval, ok := config["sign_in_frequency_interval"]; ok && interval.(string) != "" {
-		signInFrequency.IsEnabled = nullable.Value(true)
-		signInFrequency.AuthenticationType = pointer.To(stable.SignInFrequencyAuthenticationType_PrimaryAndSecondaryAuthentication)
-		if authType := config["sign_in_frequency_authentication_type"].(string); authType != "" {
-			signInFrequency.AuthenticationType = pointer.ToEnum[stable.SignInFrequencyAuthenticationType](authType)
-		}
 		signInFrequency.FrequencyInterval = pointer.To(stable.SignInFrequencyInterval(interval.(string)))
 	}
 
-	applicationEnforcedRestrictions := config["application_enforced_restrictions_enabled"].(bool)
-	if pointer.From(signInFrequency.FrequencyInterval) != stable.SignInFrequencyInterval_EveryTime { // application enforced restrictions are not allowed for everyTime sign-in frequency see https://github.com/hashicorp/terraform-provider-azuread/issues/1225
-		result.ApplicationEnforcedRestrictions = &stable.ApplicationEnforcedRestrictionsSessionControl{
-			IsEnabled: nullable.Value(applicationEnforcedRestrictions),
-		}
-	}
-
-	DisableResilienceDefaults := config["disable_resilience_defaults"].(bool)
-	if pointer.From(signInFrequency.FrequencyInterval) != stable.SignInFrequencyInterval_EveryTime { // disable resilience defaults are not allowed for everyTime sign-in frequency see https://github.com/hashicorp/terraform-provider-azuread/issues/1225
-		result.DisableResilienceDefaults = nullable.Value(DisableResilienceDefaults)
-	}
-
 	// API returns 400 error if signInFrequency is set with all default/zero values
 	if (signInFrequency.IsEnabled.GetOrZero()) ||
 		(signInFrequency.FrequencyInterval != nil && *signInFrequency.FrequencyInterval != stable.SignInFrequencyInterval_TimeBased) ||

internal/services/serviceprincipals/service_principal_delegated_permission_grant_resource.go

@@ -120,7 +120,7 @@ func servicePrincipalDelegatedPermissionGrantResourceCreate(ctx context.Context,
 	}
 
 	properties := stable.OAuth2PermissionGrant{
-		ClientId:   servicePrincipalId.ServicePrincipalId,
+		ClientId:   pointer.To(servicePrincipalId.ServicePrincipalId),
 		ResourceId: pointer.To(resourcePrincipalId.ServicePrincipalId),
 		Scope:      nullable.NoZero(strings.Join(tf.ExpandStringSlice(d.Get("claim_values").(*pluginsdk.Set).List()), " ")),
 	}