From 2097f9d0ecff18116109fa5ca8b1611549a2e906 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Trond=20Jakob=20Sj=C3=B8vang?= Date: Tue, 24 Feb 2026 12:51:49 +0000 Subject: [PATCH 1/6] feat: add msgraph_endpoint provider field for national cloud support Add a new optional 'msgraph_endpoint' field to the provider configuration that allows users to specify the Microsoft Graph endpoint URL. This enables support for national/sovereign clouds (e.g. US Government, China). - Default value: https://graph.microsoft.com (global service) - Environment variable: ARM_MSGRAPH_ENDPOINT - The endpoint is propagated through the Option struct to the MSGraphClient - Token scope and host are derived from the configured endpoint - The @odata.id construction in resource collection move state uses the configured endpoint instead of a hardcoded URL - Acceptance test client reads the endpoint from ARM_MSGRAPH_ENDPOINT --- internal/acceptance/testclient.go | 12 +++++++++--- internal/clients/client.go | 3 ++- internal/clients/msgraph_client.go | 16 +++++++++++++--- internal/provider/provider.go | 16 ++++++++++++++++ internal/services/msgraph_resource.go | 2 +- 5 files changed, 41 insertions(+), 8 deletions(-) diff --git a/internal/acceptance/testclient.go b/internal/acceptance/testclient.go index 5d84251..ad8b672 100644 --- a/internal/acceptance/testclient.go +++ b/internal/acceptance/testclient.go @@ -116,10 +116,16 @@ func BuildTestClient() (*clients.Client, error) { return nil, fmt.Errorf("failed to obtain a credential: %v", err) } + msgraphEndpoint := os.Getenv("ARM_MSGRAPH_ENDPOINT") + if msgraphEndpoint == "" { + msgraphEndpoint = clients.DefaultMSGraphEndpoint + } + copt := &clients.Option{ - Cred: cred, - CloudCfg: cloudConfig, - TenantId: os.Getenv("ARM_TENANT_ID"), + Cred: cred, + CloudCfg: cloudConfig, + TenantId: os.Getenv("ARM_TENANT_ID"), + MSGraphEndpoint: msgraphEndpoint, } client := &clients.Client{} diff --git a/internal/clients/client.go b/internal/clients/client.go index 8fb802f..e501a30 100644 --- a/internal/clients/client.go +++ b/internal/clients/client.go @@ -27,6 +27,7 @@ type Option struct { CloudCfg cloud.Configuration CustomCorrelationRequestID string TenantId string + MSGraphEndpoint string } func (client *Client) Build(ctx context.Context, o *Option) error { @@ -86,7 +87,7 @@ func (client *Client) Build(ctx context.Context, o *Option) error { "$format", } - msgraphClient, err := NewMSGraphClient(o.Cred, &policy.ClientOptions{ + msgraphClient, err := NewMSGraphClient(o.MSGraphEndpoint, o.Cred, &policy.ClientOptions{ Logging: policy.LogOptions{ IncludeBody: false, AllowedHeaders: allowedHeaders, diff --git a/internal/clients/msgraph_client.go b/internal/clients/msgraph_client.go index 31f9d7e..0f80d7d 100644 --- a/internal/clients/msgraph_client.go +++ b/internal/clients/msgraph_client.go @@ -16,24 +16,34 @@ const ( nextLinkKey = "@odata.nextLink" ) +const DefaultMSGraphEndpoint = "https://graph.microsoft.com" + type MSGraphClient struct { host string pl runtime.Pipeline } -func NewMSGraphClient(credential azcore.TokenCredential, opt *policy.ClientOptions) (*MSGraphClient, error) { +// Host returns the Microsoft Graph endpoint base URL (e.g. "https://graph.microsoft.com"). +func (client *MSGraphClient) Host() string { + return client.host +} + +func NewMSGraphClient(endpoint string, credential azcore.TokenCredential, opt *policy.ClientOptions) (*MSGraphClient, error) { + if endpoint == "" { + endpoint = DefaultMSGraphEndpoint + } pl := runtime.NewPipeline(moduleName, moduleVersion, runtime.PipelineOptions{ AllowedHeaders: nil, AllowedQueryParameters: nil, APIVersion: runtime.APIVersionOptions{}, PerCall: nil, PerRetry: []policy.Policy{ - runtime.NewBearerTokenPolicy(credential, []string{"https://graph.microsoft.com/.default"}, nil), + runtime.NewBearerTokenPolicy(credential, []string{endpoint + "/.default"}, nil), }, Tracing: runtime.TracingOptions{}, }, opt) return &MSGraphClient{ - host: "https://graph.microsoft.com", + host: endpoint, pl: pl, }, nil } diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 3dbf502..8ed13c7 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -47,6 +47,7 @@ type MSGraphProviderModel struct { UsePowerShell types.Bool `tfsdk:"use_powershell"` UseMSI types.Bool `tfsdk:"use_msi"` UseAKSWorkloadIdentity types.Bool `tfsdk:"use_aks_workload_identity"` + MSGraphEndpoint types.String `tfsdk:"msgraph_endpoint"` PartnerID types.String `tfsdk:"partner_id"` CustomCorrelationRequestID types.String `tfsdk:"custom_correlation_request_id"` DisableCorrelationRequestID types.Bool `tfsdk:"disable_correlation_request_id"` @@ -227,6 +228,12 @@ func (p *MSGraphProvider) Schema(ctx context.Context, req provider.SchemaRequest MarkdownDescription: "Should AKS Workload Identity be used for Authentication? This can also be sourced from the `ARM_USE_AKS_WORKLOAD_IDENTITY` Environment Variable. Defaults to `false`. When set, `client_id`, `tenant_id` and `oidc_token_file_path` will be detected from the environment and do not need to be specified.", }, + // Microsoft Graph endpoint + "msgraph_endpoint": schema.StringAttribute{ + Optional: true, + MarkdownDescription: "The Microsoft Graph endpoint to use, including the scheme. This can also be sourced from the `ARM_MSGRAPH_ENDPOINT` environment variable. Defaults to `https://graph.microsoft.com`.", + }, + // Managed Tracking GUID for User-agent "partner_id": schema.StringAttribute{ Optional: true, @@ -418,6 +425,14 @@ func (p *MSGraphProvider) Configure(ctx context.Context, req provider.ConfigureR } } + if model.MSGraphEndpoint.IsNull() { + if v := os.Getenv("ARM_MSGRAPH_ENDPOINT"); v != "" { + model.MSGraphEndpoint = types.StringValue(v) + } else { + model.MSGraphEndpoint = types.StringValue("https://graph.microsoft.com") + } + } + option := azidentity.DefaultAzureCredentialOptions{ TenantID: model.TenantID.ValueString(), } @@ -435,6 +450,7 @@ func (p *MSGraphProvider) Configure(ctx context.Context, req provider.ConfigureR CustomCorrelationRequestID: model.CustomCorrelationRequestID.ValueString(), CloudCfg: cloud.Configuration{}, TenantId: model.TenantID.ValueString(), + MSGraphEndpoint: model.MSGraphEndpoint.ValueString(), } client := &clients.Client{} if err = client.Build(ctx, copt); err != nil { diff --git a/internal/services/msgraph_resource.go b/internal/services/msgraph_resource.go index e3fc5b7..2ab432f 100644 --- a/internal/services/msgraph_resource.go +++ b/internal/services/msgraph_resource.go @@ -435,7 +435,7 @@ func (r *MSGraphResource) Read(ctx context.Context, req resource.ReadRequest, re if v, _ := req.Private.GetKey(ctx, FlagMoveState); v != nil && string(v) == "true" { body := map[string]string{ - "@odata.id": fmt.Sprintf("https://graph.microsoft.com/v1.0/directoryObjects/%s", model.Id.ValueString()), + "@odata.id": fmt.Sprintf("%s/v1.0/directoryObjects/%s", r.client.Host(), model.Id.ValueString()), } data, err := json.Marshal(body) if err != nil { From 22bebbcf4f08120a1d411618277f4d16f4645ceb Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Feb 2026 13:06:28 +0000 Subject: [PATCH 2/6] Initial plan From 0bb10bad0900bb53731ad12111e219c8d42a054f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Feb 2026 13:08:04 +0000 Subject: [PATCH 3/6] docs: add msgraph_endpoint to provider documentation Co-authored-by: sjovang <326647+sjovang@users.noreply.github.com> --- docs/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/index.md b/docs/index.md index 4c09752..85a7e88 100644 --- a/docs/index.md +++ b/docs/index.md @@ -64,6 +64,7 @@ provider "msgraph" { - `custom_correlation_request_id` (String) The value of the `x-ms-correlation-request-id` header, otherwise an auto-generated UUID will be used. This can also be sourced from the `ARM_CORRELATION_REQUEST_ID` environment variable. - `disable_correlation_request_id` (Boolean) This will disable the x-ms-correlation-request-id header. - `disable_terraform_partner_id` (Boolean) Disable sending the Terraform Partner ID if a custom `partner_id` isn't specified, which allows Microsoft to better understand the usage of Terraform. The Partner ID does not give HashiCorp any direct access to usage information. This can also be sourced from the `ARM_DISABLE_TERRAFORM_PARTNER_ID` environment variable. Defaults to `false`. +- `msgraph_endpoint` (String) The Microsoft Graph endpoint to use, including the scheme. This can also be sourced from the `ARM_MSGRAPH_ENDPOINT` environment variable. Defaults to `https://graph.microsoft.com`. - `oidc_azure_service_connection_id` (String) The Azure Pipelines Service Connection ID to use for authentication. This can also be sourced from the `ARM_OIDC_AZURE_SERVICE_CONNECTION_ID` environment variable. - `oidc_request_token` (String) The bearer token for the request to the OIDC provider. This can also be sourced from the `ARM_OIDC_REQUEST_TOKEN` or `ACTIONS_ID_TOKEN_REQUEST_TOKEN` Environment Variables. - `oidc_request_url` (String) The URL for the OIDC provider from which to request an ID token. This can also be sourced from the `ARM_OIDC_REQUEST_URL` or `ACTIONS_ID_TOKEN_REQUEST_URL` Environment Variables. From 78dad39243458fcfea1c55244e7fd26723265144 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Feb 2026 13:12:23 +0000 Subject: [PATCH 4/6] Initial plan From 4a93fea855742d8e04955e3b584aacd26a23f5c8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Feb 2026 13:17:21 +0000 Subject: [PATCH 5/6] feat: add validation for msgraph_endpoint to only accept valid MS Graph endpoint URLs Co-authored-by: sjovang <326647+sjovang@users.noreply.github.com> --- docs/index.md | 2 +- internal/provider/provider.go | 26 ++++++++++++++++++++++++-- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/docs/index.md b/docs/index.md index 85a7e88..6a5bc34 100644 --- a/docs/index.md +++ b/docs/index.md @@ -64,7 +64,7 @@ provider "msgraph" { - `custom_correlation_request_id` (String) The value of the `x-ms-correlation-request-id` header, otherwise an auto-generated UUID will be used. This can also be sourced from the `ARM_CORRELATION_REQUEST_ID` environment variable. - `disable_correlation_request_id` (Boolean) This will disable the x-ms-correlation-request-id header. - `disable_terraform_partner_id` (Boolean) Disable sending the Terraform Partner ID if a custom `partner_id` isn't specified, which allows Microsoft to better understand the usage of Terraform. The Partner ID does not give HashiCorp any direct access to usage information. This can also be sourced from the `ARM_DISABLE_TERRAFORM_PARTNER_ID` environment variable. Defaults to `false`. -- `msgraph_endpoint` (String) The Microsoft Graph endpoint to use, including the scheme. This can also be sourced from the `ARM_MSGRAPH_ENDPOINT` environment variable. Defaults to `https://graph.microsoft.com`. +- `msgraph_endpoint` (String) The Microsoft Graph endpoint to use, including the scheme. This can also be sourced from the `ARM_MSGRAPH_ENDPOINT` environment variable. Defaults to `https://graph.microsoft.com`. Valid values are `https://graph.microsoft.com` (global), `https://graph.microsoft.us` (US Government L4), `https://dod-graph.microsoft.us` (US Government L5/DOD), and `https://microsoftgraph.chinacloudapi.cn` (China). - `oidc_azure_service_connection_id` (String) The Azure Pipelines Service Connection ID to use for authentication. This can also be sourced from the `ARM_OIDC_AZURE_SERVICE_CONNECTION_ID` environment variable. - `oidc_request_token` (String) The bearer token for the request to the OIDC provider. This can also be sourced from the `ARM_OIDC_REQUEST_TOKEN` or `ACTIONS_ID_TOKEN_REQUEST_TOKEN` Environment Variables. - `oidc_request_url` (String) The URL for the OIDC provider from which to request an ID token. This can also be sourced from the `ARM_OIDC_REQUEST_URL` or `ACTIONS_ID_TOKEN_REQUEST_URL` Environment Variables. diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 8ed13c7..7c5f174 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -26,6 +26,13 @@ import ( var _ provider.Provider = &MSGraphProvider{} +var validMSGraphEndpoints = []string{ + "https://graph.microsoft.com", + "https://graph.microsoft.us", + "https://dod-graph.microsoft.us", + "https://microsoftgraph.chinacloudapi.cn", +} + type MSGraphProvider struct{} type MSGraphProviderModel struct { @@ -230,8 +237,11 @@ func (p *MSGraphProvider) Schema(ctx context.Context, req provider.SchemaRequest // Microsoft Graph endpoint "msgraph_endpoint": schema.StringAttribute{ - Optional: true, - MarkdownDescription: "The Microsoft Graph endpoint to use, including the scheme. This can also be sourced from the `ARM_MSGRAPH_ENDPOINT` environment variable. Defaults to `https://graph.microsoft.com`.", + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf(validMSGraphEndpoints...), + }, + MarkdownDescription: "The Microsoft Graph endpoint to use, including the scheme. This can also be sourced from the `ARM_MSGRAPH_ENDPOINT` environment variable. Defaults to `https://graph.microsoft.com`. Valid values are `https://graph.microsoft.com` (global), `https://graph.microsoft.us` (US Government L4), `https://dod-graph.microsoft.us` (US Government L5/DOD), and `https://microsoftgraph.chinacloudapi.cn` (China).", }, // Managed Tracking GUID for User-agent @@ -427,6 +437,18 @@ func (p *MSGraphProvider) Configure(ctx context.Context, req provider.ConfigureR if model.MSGraphEndpoint.IsNull() { if v := os.Getenv("ARM_MSGRAPH_ENDPOINT"); v != "" { + valid := false + for _, endpoint := range validMSGraphEndpoints { + if v == endpoint { + valid = true + break + } + } + if !valid { + resp.Diagnostics.AddError("Invalid `msgraph_endpoint` value", + fmt.Sprintf("The value %q provided via ARM_MSGRAPH_ENDPOINT is not a valid Microsoft Graph endpoint. Valid values are: https://graph.microsoft.com, https://graph.microsoft.us, https://dod-graph.microsoft.us, https://microsoftgraph.chinacloudapi.cn", v)) + return + } model.MSGraphEndpoint = types.StringValue(v) } else { model.MSGraphEndpoint = types.StringValue("https://graph.microsoft.com") From d7692906e7f95568c22b2f09d6d720ee53a83a92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Trond=20Jakob=20Sj=C3=B8vang?= Date: Wed, 25 Feb 2026 20:17:09 +0100 Subject: [PATCH 6/6] rename msgraph_endpoint to environment and make configuration more consistent with terraform-provider-azuread --- docs/index.md | 2 +- internal/acceptance/testclient.go | 25 ++++++++++-------- internal/clients/client.go | 4 +-- internal/clients/msgraph_client.go | 23 ++++++++++++++-- internal/provider/provider.go | 42 ++++++++++++++++-------------- 5 files changed, 61 insertions(+), 35 deletions(-) diff --git a/docs/index.md b/docs/index.md index 6a5bc34..d20ff6a 100644 --- a/docs/index.md +++ b/docs/index.md @@ -64,7 +64,7 @@ provider "msgraph" { - `custom_correlation_request_id` (String) The value of the `x-ms-correlation-request-id` header, otherwise an auto-generated UUID will be used. This can also be sourced from the `ARM_CORRELATION_REQUEST_ID` environment variable. - `disable_correlation_request_id` (Boolean) This will disable the x-ms-correlation-request-id header. - `disable_terraform_partner_id` (Boolean) Disable sending the Terraform Partner ID if a custom `partner_id` isn't specified, which allows Microsoft to better understand the usage of Terraform. The Partner ID does not give HashiCorp any direct access to usage information. This can also be sourced from the `ARM_DISABLE_TERRAFORM_PARTNER_ID` environment variable. Defaults to `false`. -- `msgraph_endpoint` (String) The Microsoft Graph endpoint to use, including the scheme. This can also be sourced from the `ARM_MSGRAPH_ENDPOINT` environment variable. Defaults to `https://graph.microsoft.com`. Valid values are `https://graph.microsoft.com` (global), `https://graph.microsoft.us` (US Government L4), `https://dod-graph.microsoft.us` (US Government L5/DOD), and `https://microsoftgraph.chinacloudapi.cn` (China). +- `environment` (String) The cloud environment which should be used. Possible values are: `global` (also `public`), `usgovernmentl4` (also `usgovernment`), `usgovernmentl5` (also `dod`), and `china`. Defaults to `global`. This can also be sourced from the `ARM_ENVIRONMENT` environment variable. - `oidc_azure_service_connection_id` (String) The Azure Pipelines Service Connection ID to use for authentication. This can also be sourced from the `ARM_OIDC_AZURE_SERVICE_CONNECTION_ID` environment variable. - `oidc_request_token` (String) The bearer token for the request to the OIDC provider. This can also be sourced from the `ARM_OIDC_REQUEST_TOKEN` or `ACTIONS_ID_TOKEN_REQUEST_TOKEN` Environment Variables. - `oidc_request_url` (String) The URL for the OIDC provider from which to request an ID token. This can also be sourced from the `ARM_OIDC_REQUEST_URL` or `ACTIONS_ID_TOKEN_REQUEST_URL` Environment Variables. diff --git a/internal/acceptance/testclient.go b/internal/acceptance/testclient.go index ad8b672..8e9f88a 100644 --- a/internal/acceptance/testclient.go +++ b/internal/acceptance/testclient.go @@ -26,15 +26,23 @@ func BuildTestClient() (*clients.Client, error) { if _client == nil { var cloudConfig cloud.Configuration env := os.Getenv("ARM_ENVIRONMENT") + var environment string switch strings.ToLower(env) { - case "public": + case "public", "global", "": cloudConfig = cloud.AzurePublic - case "usgovernment": + environment = "global" + case "usgovernment", "usgovernmentl4": cloudConfig = cloud.AzureGovernment + environment = "usgovernmentl4" + case "usgovernmentl5", "dod": + cloudConfig = cloud.AzureGovernment + environment = "usgovernmentl5" case "china": cloudConfig = cloud.AzureChina + environment = "china" default: cloudConfig = cloud.AzurePublic + environment = "global" } model := provider.MSGraphProviderModel{} @@ -116,16 +124,11 @@ func BuildTestClient() (*clients.Client, error) { return nil, fmt.Errorf("failed to obtain a credential: %v", err) } - msgraphEndpoint := os.Getenv("ARM_MSGRAPH_ENDPOINT") - if msgraphEndpoint == "" { - msgraphEndpoint = clients.DefaultMSGraphEndpoint - } - copt := &clients.Option{ - Cred: cred, - CloudCfg: cloudConfig, - TenantId: os.Getenv("ARM_TENANT_ID"), - MSGraphEndpoint: msgraphEndpoint, + Cred: cred, + CloudCfg: cloudConfig, + TenantId: os.Getenv("ARM_TENANT_ID"), + Environment: environment, } client := &clients.Client{} diff --git a/internal/clients/client.go b/internal/clients/client.go index e501a30..5e87cea 100644 --- a/internal/clients/client.go +++ b/internal/clients/client.go @@ -27,7 +27,7 @@ type Option struct { CloudCfg cloud.Configuration CustomCorrelationRequestID string TenantId string - MSGraphEndpoint string + Environment string } func (client *Client) Build(ctx context.Context, o *Option) error { @@ -87,7 +87,7 @@ func (client *Client) Build(ctx context.Context, o *Option) error { "$format", } - msgraphClient, err := NewMSGraphClient(o.MSGraphEndpoint, o.Cred, &policy.ClientOptions{ + msgraphClient, err := NewMSGraphClient(MSGraphEndpointForEnvironment(o.Environment), o.Cred, &policy.ClientOptions{ Logging: policy.LogOptions{ IncludeBody: false, AllowedHeaders: allowedHeaders, diff --git a/internal/clients/msgraph_client.go b/internal/clients/msgraph_client.go index 0f80d7d..0f5e348 100644 --- a/internal/clients/msgraph_client.go +++ b/internal/clients/msgraph_client.go @@ -16,7 +16,26 @@ const ( nextLinkKey = "@odata.nextLink" ) -const DefaultMSGraphEndpoint = "https://graph.microsoft.com" +const DefaultEnvironment = "global" + +// EnvironmentEndpoints maps environment names to their Microsoft Graph endpoint URLs. +var EnvironmentEndpoints = map[string]string{ + "global": "https://graph.microsoft.com", + "public": "https://graph.microsoft.com", + "usgovernmentl4": "https://graph.microsoft.us", + "usgovernment": "https://graph.microsoft.us", + "usgovernmentl5": "https://dod-graph.microsoft.us", + "dod": "https://dod-graph.microsoft.us", + "china": "https://microsoftgraph.chinacloudapi.cn", +} + +// MSGraphEndpointForEnvironment returns the Microsoft Graph endpoint URL for the given environment name. +func MSGraphEndpointForEnvironment(env string) string { + if endpoint, ok := EnvironmentEndpoints[env]; ok { + return endpoint + } + return EnvironmentEndpoints[DefaultEnvironment] +} type MSGraphClient struct { host string @@ -30,7 +49,7 @@ func (client *MSGraphClient) Host() string { func NewMSGraphClient(endpoint string, credential azcore.TokenCredential, opt *policy.ClientOptions) (*MSGraphClient, error) { if endpoint == "" { - endpoint = DefaultMSGraphEndpoint + endpoint = EnvironmentEndpoints[DefaultEnvironment] } pl := runtime.NewPipeline(moduleName, moduleVersion, runtime.PipelineOptions{ AllowedHeaders: nil, diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 7c5f174..cfd20ac 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -26,11 +26,14 @@ import ( var _ provider.Provider = &MSGraphProvider{} -var validMSGraphEndpoints = []string{ - "https://graph.microsoft.com", - "https://graph.microsoft.us", - "https://dod-graph.microsoft.us", - "https://microsoftgraph.chinacloudapi.cn", +var validEnvironments = []string{ + "global", + "public", + "usgovernmentl4", + "usgovernment", + "usgovernmentl5", + "dod", + "china", } type MSGraphProvider struct{} @@ -54,7 +57,7 @@ type MSGraphProviderModel struct { UsePowerShell types.Bool `tfsdk:"use_powershell"` UseMSI types.Bool `tfsdk:"use_msi"` UseAKSWorkloadIdentity types.Bool `tfsdk:"use_aks_workload_identity"` - MSGraphEndpoint types.String `tfsdk:"msgraph_endpoint"` + Environment types.String `tfsdk:"environment"` PartnerID types.String `tfsdk:"partner_id"` CustomCorrelationRequestID types.String `tfsdk:"custom_correlation_request_id"` DisableCorrelationRequestID types.Bool `tfsdk:"disable_correlation_request_id"` @@ -235,13 +238,13 @@ func (p *MSGraphProvider) Schema(ctx context.Context, req provider.SchemaRequest MarkdownDescription: "Should AKS Workload Identity be used for Authentication? This can also be sourced from the `ARM_USE_AKS_WORKLOAD_IDENTITY` Environment Variable. Defaults to `false`. When set, `client_id`, `tenant_id` and `oidc_token_file_path` will be detected from the environment and do not need to be specified.", }, - // Microsoft Graph endpoint - "msgraph_endpoint": schema.StringAttribute{ + // Cloud environment + "environment": schema.StringAttribute{ Optional: true, Validators: []validator.String{ - stringvalidator.OneOf(validMSGraphEndpoints...), + stringvalidator.OneOf(validEnvironments...), }, - MarkdownDescription: "The Microsoft Graph endpoint to use, including the scheme. This can also be sourced from the `ARM_MSGRAPH_ENDPOINT` environment variable. Defaults to `https://graph.microsoft.com`. Valid values are `https://graph.microsoft.com` (global), `https://graph.microsoft.us` (US Government L4), `https://dod-graph.microsoft.us` (US Government L5/DOD), and `https://microsoftgraph.chinacloudapi.cn` (China).", + MarkdownDescription: "The cloud environment which should be used. Possible values are: `global` (also `public`), `usgovernmentl4` (also `usgovernment`), `usgovernmentl5` (also `dod`), and `china`. Defaults to `global`. This can also be sourced from the `ARM_ENVIRONMENT` environment variable.", }, // Managed Tracking GUID for User-agent @@ -435,23 +438,24 @@ func (p *MSGraphProvider) Configure(ctx context.Context, req provider.ConfigureR } } - if model.MSGraphEndpoint.IsNull() { - if v := os.Getenv("ARM_MSGRAPH_ENDPOINT"); v != "" { + if model.Environment.IsNull() { + if v := os.Getenv("ARM_ENVIRONMENT"); v != "" { + v = strings.ToLower(v) valid := false - for _, endpoint := range validMSGraphEndpoints { - if v == endpoint { + for _, env := range validEnvironments { + if v == env { valid = true break } } if !valid { - resp.Diagnostics.AddError("Invalid `msgraph_endpoint` value", - fmt.Sprintf("The value %q provided via ARM_MSGRAPH_ENDPOINT is not a valid Microsoft Graph endpoint. Valid values are: https://graph.microsoft.com, https://graph.microsoft.us, https://dod-graph.microsoft.us, https://microsoftgraph.chinacloudapi.cn", v)) + resp.Diagnostics.AddError("Invalid `environment` value", + fmt.Sprintf("The value %q provided via ARM_ENVIRONMENT is not a valid environment. Valid values are: global (also public), usgovernmentl4 (also usgovernment), usgovernmentl5 (also dod), china", v)) return } - model.MSGraphEndpoint = types.StringValue(v) + model.Environment = types.StringValue(v) } else { - model.MSGraphEndpoint = types.StringValue("https://graph.microsoft.com") + model.Environment = types.StringValue(clients.DefaultEnvironment) } } @@ -472,7 +476,7 @@ func (p *MSGraphProvider) Configure(ctx context.Context, req provider.ConfigureR CustomCorrelationRequestID: model.CustomCorrelationRequestID.ValueString(), CloudCfg: cloud.Configuration{}, TenantId: model.TenantID.ValueString(), - MSGraphEndpoint: model.MSGraphEndpoint.ValueString(), + Environment: model.Environment.ValueString(), } client := &clients.Client{} if err = client.Build(ctx, copt); err != nil {