dependenciess: - `go-azure-sdk` to version `v0.20250617.1143239` #1722

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Closed

jackofallops wants to merge 1 commit into main from deps/go-azure-sdk-v0.20250617.1143239

Member

jackofallops commented Jun 17, 2025

No description provided.


          bump go-azure-sdk version and fixup resources

c66bfaa

jackofallops requested a review from a team as a code owner

June 17, 2025 16:25

github-actions bot added dependencies feature/service-principals feature/conditional-access size/XL labels

Collaborator

sreallymatt commented Jun 17, 2025 •

edited

Loading

Test results:

Administrative Units:

App Role Assignments:

Conditional Access (new failures, will need to investigate):

Directory Objects:

Directory Roles:

Domains

Groups (new failed tests are flaky, low success rate on main):

Identity Governance:

Invitations:

Policies:

Service Principals:

Synchronization:

User Flows:

Users:

sreallymatt requested changes

View reviewed changes

Collaborator

sreallymatt left a comment

Hi @jackofallops, there are numerous test failures that seem to be related to the deletion of a workaround in Pandora (in this commit)

I've pointed out a few in this PR, but my assumption is all that were present in that workaround will need to be nullable for the resources to function as expected.

internal/services/conditionalaccess/conditionalaccess.go

    
              			"membership_kind": externalTenants.MembershipKind,

              			"members":         tf.FlattenStringSlicePtr(externalTenants.Members),

              		},

              	if ext, ok := in.(stable.ConditionalAccessEnumeratedExternalTenants); ok {

Collaborator

sreallymatt Jun 17, 2025

The addition of this type assertion is causing a diff if external_tenants.membership_kind = "all", this flatten func will need to be updated to set membership_kind when type is ConditionalAccessAllExternalTenants

internal/services/conditionalaccess/conditionalaccess.go

Comment on lines +559 to +562

    
              	result.ApplicationEnforcedRestrictions = &stable.ApplicationEnforcedRestrictionsSessionControl{

              		IsEnabled: nullable.Value(config["application_enforced_restrictions_enabled"].(bool)),

              	}

Collaborator

sreallymatt Jun 17, 2025

The changes from PR #1719 are being reverted in this PR, causing test failures

Suggested change

      
            	result.ApplicationEnforcedRestrictions = &stable.ApplicationEnforcedRestrictionsSessionControl{
          
            		IsEnabled: nullable.Value(config["application_enforced_restrictions_enabled"].(bool)),
          
            	}

internal/services/conditionalaccess/conditionalaccess.go

Comment on lines +570 to +572

    
              	DisableResilienceDefaults := config["disable_resilience_defaults"]

              	result.DisableResilienceDefaults = nullable.Value(DisableResilienceDefaults.(bool))

Collaborator

sreallymatt Jun 17, 2025

Same as above

Suggested change

      
            	DisableResilienceDefaults := config["disable_resilience_defaults"]
          
            	result.DisableResilienceDefaults = nullable.Value(DisableResilienceDefaults.(bool))

internal/services/conditionalaccess/conditionalaccess.go

    
              		signInFrequency.Type = pointer.To(stable.SigninFrequencyType(config["sign_in_frequency_period"].(string)))

              		signInFrequency.Value = nullable.Value(int64(frequencyValue))

              		// AuthenticationType and FrequencyInterval must be set to default values here

Collaborator

sreallymatt Jun 17, 2025

This was removed in #1719, not sure it should be added back?

Suggested change

// AuthenticationType and FrequencyInterval must be set to default values here

internal/services/conditionalaccess/conditionalaccess.go

    
              		signInFrequency.AuthenticationType = pointer.To(stable.SignInFrequencyAuthenticationType(authenticationType.(string)))

              	}

              	if interval, ok := config["sign_in_frequency_interval"]; ok && interval.(string) != "" {

Collaborator

sreallymatt Jun 17, 2025

Reverted #1719, I assume that was unintentional?

Suggested change

      
            	if interval, ok := config["sign_in_frequency_interval"]; ok && interval.(string) != "" {
          
            	if interval, ok := config["sign_in_frequency_interval"]; ok && interval.(string) != "" {
          
            	signInFrequency.IsEnabled = nullable.Value(true)
          
            		signInFrequency.AuthenticationType = pointer.To(stable.SignInFrequencyAuthenticationType_PrimaryAndSecondaryAuthentication)
          
            		if authType := config["sign_in_frequency_authentication_type"].(string); authType != "" {
          
            			signInFrequency.AuthenticationType = pointer.ToEnum[stable.SignInFrequencyAuthenticationType](authType)
          
            		}

internal/services/conditionalaccess/conditionalaccess.go

Comment on lines -592 to -603

    
              	applicationEnforcedRestrictions := config["application_enforced_restrictions_enabled"].(bool)

              	if pointer.From(signInFrequency.FrequencyInterval) != stable.SignInFrequencyInterval_EveryTime { // application enforced restrictions are not allowed for everyTime sign-in frequency see https://github.com/hashicorp/terraform-provider-azuread/issues/1225

              		result.ApplicationEnforcedRestrictions = &stable.ApplicationEnforcedRestrictionsSessionControl{

              			IsEnabled: nullable.Value(applicationEnforcedRestrictions),

              		}

              	}

              	DisableResilienceDefaults := config["disable_resilience_defaults"].(bool)

              	if pointer.From(signInFrequency.FrequencyInterval) != stable.SignInFrequencyInterval_EveryTime { // disable resilience defaults are not allowed for everyTime sign-in frequency see https://github.com/hashicorp/terraform-provider-azuread/issues/1225

              		result.DisableResilienceDefaults = nullable.Value(DisableResilienceDefaults)

              	}

Collaborator

sreallymatt Jun 17, 2025

Unintentionally removed?

...m/hashicorp/go-azure-sdk/microsoft-graph/common-types/stable/model_conditionalaccessusers.go

    
            @@ -20,7 +20,7 @@ type ConditionalAccessUsers struct {
          
              	IncludeGroups *[]string `json:"includeGroups,omitempty"`

              	// Internal guests or external users included in the policy scope. Optionally populated.

              	IncludeGuestsOrExternalUsers *ConditionalAccessGuestsOrExternalUsers `json:"includeGuestsOrExternalUsers"`

              	IncludeGuestsOrExternalUsers *ConditionalAccessGuestsOrExternalUsers `json:"includeGuestsOrExternalUsers,omitempty"`

Collaborator

sreallymatt Jun 17, 2025

This change is problematic and causing test failures

TestAccConditionalAccessPolicy_guestsOrExternalUsers with error:

unexpected status 400 (400 Bad Request) with error: BadRequest: 1119: Users
assignment value 'None', 'All' or 'GuestsOrExternalUsers' cannot be combined
with guestOrExternalUsers. Please remove one of the assignment and try again.
For examples, please see API documentation at
https://docs.microsoft.com/en-us/graph/api/conditionalaccesspolicy-update?view=graph-rest-1.0.

At first glance my assumption is that it will need to be nullable

...m/hashicorp/go-azure-sdk/microsoft-graph/common-types/stable/model_conditionalaccessusers.go

    
            @@ -8,7 +8,7 @@ type ConditionalAccessUsers struct {
          
              	ExcludeGroups *[]string `json:"excludeGroups,omitempty"`

              	// Internal guests or external users excluded from the policy scope. Optionally populated.

              	ExcludeGuestsOrExternalUsers *ConditionalAccessGuestsOrExternalUsers `json:"excludeGuestsOrExternalUsers"`

              	ExcludeGuestsOrExternalUsers *ConditionalAccessGuestsOrExternalUsers `json:"excludeGuestsOrExternalUsers,omitempty"`

Collaborator

sreallymatt Jun 17, 2025

While I didn't see a test failure related to this property, my assumption is that the behaviour is likely the same as IncludeGuestsOrExternalUsers and that this will need to be nullable

...corp/go-azure-sdk/microsoft-graph/common-types/stable/model_conditionalaccessconditionset.go

    
              	// Insider risk levels included in the policy. The possible values are: minor, moderate, elevated, unknownFutureValue.

              	InsiderRiskLevels *ConditionalAccessInsiderRiskLevels `json:"insiderRiskLevels,omitempty"`

              	// Locations included in and excluded from the policy.

              	Locations *ConditionalAccessLocations `json:"locations"`

              	Locations *ConditionalAccessLocations `json:"locations,omitempty"`

Collaborator

sreallymatt Jun 17, 2025

This needs to be nullable, causing a test failure for TestAccConditionalAccessPolicy_includedUserActions

github-actions bot added the waiting-response label

Member Author

jackofallops commented Jun 18, 2025

Closing as updated/fixed version on the way.

jackofallops closed this

github-actions bot removed the waiting-response label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies feature/conditional-access feature/service-principals size/XL