hashicorp · manicminer · Jul 21, 2021 · Jun 30, 2021 · Jul 4, 2021 · Jul 4, 2021
@@ -34,7 +34,5 @@ linters:
 linters-settings:
   errcheck:
     ignore: github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema:ForceNew|Set,fmt:.*,io:Close
-  misspell:
-    locale: UK
   goimports:
-    local-prefixes: github.com/hashicorp/terraform-provider-azuread/azuread
+    local-prefixes: github.com/hashicorp/terraform-provider-azuread/azuread
@@ -98,7 +98,7 @@ todo:
 
 docs-lint:
 	@echo "==> Checking documentation spelling..."
-	@misspell -error -source=text -i hdinsight -locale UK docs/
+	@misspell -error -source=text -i hdinsight docs/
 	@echo "==> Checking documentation for errors..."
 	@tfproviderdocs check -provider-name=azuread -allowed-guide-subcategories="Authentication,Upgrade Guides" -enable-contents-check -require-schema-ordering -require-guide-subcategory -require-resource-subcategory
 	@sh -c "'$(CURDIR)/scripts/terrafmt-docs.sh'"

@@ -30,11 +30,25 @@ The following arguments are supported:
 
 The following attributes are exported:
 
+* `assignable_to_role` - Indicates whether this group can be assigned to an Azure Active Directory role.
+* `behaviors` - A list of behaviors for a Microsoft 365 group, such as `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details.
 * `description` - The optional description of the group.
 * `display_name` - The display name for the group.
 * `object_id` - The object ID of the group.
+* `mail` - The SMTP address for the group.
 * `mail_enabled` - Whether the group is mail-enabled.
-* `members` - The object IDs of the group members.
-* `owners` - The object IDs of the group owners.
+* `mail_nickname` - The mail alias for the group, unique in the organisation.
+* `members` - List of object IDs of the group members.
+* `onpremises_domain_name` - The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_netbios_name` - The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_sam_account_name` - The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_security_identifier` - The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_sync_enabled` - Whether this group is synchronised from an on-premises directory (`true`), no longer synchronised (`false`), or has never been synchronised (`null`).
+* `owners` - List of object IDs of the group owners.
+* `preferred_language` - The preferred language for a Microsoft 365 group, in ISO 639-1 notation.
+* `provisioning_options` - A list of provisioning options for a Microsoft 365 group, such as `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details.
+* `proxy_addresses` - List of email addresses for the group that direct to the same group mailbox.
 * `security_enabled` - Whether the group is a security group.
+* `theme` - The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. When no theme is set, the value is `null`.
 * `types` - A list of group types configured for the group. The only supported type is `Unified`, which specifies a Microsoft 365 group.
+* `visibility` - The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility.
@@ -29,21 +29,37 @@ The following arguments are supported:
 The following attributes are exported:
 
 * `account_enabled` - Whether or not the account is enabled.
+* `age_group` - The age group of the user. Supported values are `Adult`, `NotAdult` and `Minor`.
+* `business_phones` - A list of telephone numbers for the user.
 * `city` - The city in which the user is located.
 * `company_name` - The company name which the user is associated. This property can be useful for describing the company that an external user comes from.
+* `consent_provided_for_minor` - Whether consent has been obtained for minors. Supported values are `Granted`, `Denied` and `NotRequired`.
 * `country` - The country/region in which the user is located, e.g. `US` or `UK`.
+* `creation_type` - Indicates whether the user account was created as a regular school or work account (`null`), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`).
 * `department` - The name for the department in which the user works.
 * `display_name` - The display name of the user.
+* `employee_id` - The employee identifier assigned to the user by the organisation.
+* `external_user_state` - For an external user invited to the tenant, this property represents the invited user's invitation status. Possible values are `PendingAcceptance` or `Accepted`.
+* `fax_number` - The fax number of the user.
 * `given_name` - The given name (first name) of the user.
+* `im_addresses` - A list of instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user.
 * `job_title` - The user’s job title.
 * `mail_nickname` - The email alias of the user.
-* `mail` - The primary email address of the user.
+* `mail` - The SMTP address for the user.
 * `mobile_phone` - The primary cellular telephone number for the user.
 * `office_location` - The office location in the user's place of business.
+* `onpremises_distinguished_name` - The on-premises distinguished name (DN) of the user, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_domain_name` - The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.
 * `onpremises_immutable_id` - The value used to associate an on-premise Active Directory user account with their Azure AD user object.
 * `onpremises_sam_account_name` - The on-premise SAM account name of the user.
+* `onpremises_security_identifier` - The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_sync_enabled` - Whether this user is synchronised from an on-premises directory (`true`), no longer synchronised (`false`), or has never been synchronised (`null`).
 * `onpremises_user_principal_name` - The on-premise user principal name of the user.
+* `other_mails` - A list of additional email addresses for the user.
 * `postal_code` - The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code.
+* `preferred_language` - The user's preferred language, in ISO 639-1 notation.
+* `proxy_addresses` - List of email addresses for the user that direct to the same mailbox.
+* `show_in_address_list` - Whether or not the Outlook global address list should include this user.
 * `state` - The state or province in the user's address.
 * `street_address` - The street address of the user's place of business.
 * `surname` - The user's surname (family name or last name).

@@ -23,6 +23,7 @@ resource "azuread_group" "example" {
 resource "azuread_group" "example" {
   display_name     = "example"
   mail_enabled     = true
+  mail_nickname    = "ExampleGroup"
   security_enabled = true
   types            = ["Unified"]
 }
@@ -52,14 +53,20 @@ resource "azuread_group" "example" {
 
 The following arguments are supported:
 
+* `assignable_to_role` - (Optional) Indicates whether this group can be assigned to an Azure Active Directory role. Can only be `true` for security-enabled groups. Changing this forces a new resource to be created.
+* `behaviors` - (Optional) A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
 * `description` - (Optional) The description for the group.
 * `display_name` - (Required) The display name for the group.
 * `mail_enabled` - (Optional) Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled.
+* `mail_nickname` - (Optional) The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created.
 * `members` - (Optional) A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals.
 * `owners` - (Optional) A set of owners who own this group. Supported object types are Users or Service Principals.
 * `prevent_duplicate_names` - (Optional) If `true`, will return an error if an existing group is found with the same name. Defaults to `false`.
+* `provisioning_options` - (Optional) A set of provisioning options for a Microsoft 365 group. The only supported value is `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details. Changing this forces a new resource to be created.
 * `security_enabled` - (Optional) Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled.
+* `theme` - (Optional) The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. By default, no theme is set.
 * `types` - (Optional) A set of group types to configure for the group. The only supported type is `Unified`, which specifies a Microsoft 365 group. Required when `mail_enabled` is true. Changing this forces a new resource to be created.
+* `visibility` - (Optional) The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility and this value must be set when the group is created. By default, security groups will receive `Private` visibility and Microsoft 365 groups will receive `Public` visibility.
 
 -> **Group Name Uniqueness** Group names are not unique within Azure Active Directory. Use the `prevent_duplicate_names` argument to check for existing groups if you want to avoid name collisions.
 
@@ -69,7 +76,15 @@ The following arguments are supported:
 
 In addition to all arguments above, the following attributes are exported:
 
+* `mail` - The SMTP address for the group.
 * `object_id` - The object ID of the group.
+* `onpremises_domain_name` - The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_netbios_name` - The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_sam_account_name` - The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_security_identifier` - The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_sync_enabled` - Whether this group is synchronised from an on-premises directory (`true`), no longer synchronised (`false`), or has never been synchronised (`null`).
+* `preferred_language` - The preferred language for a Microsoft 365 group, in ISO 639-1 notation.
+* `proxy_addresses` - List of email addresses for the group that direct to the same group mailbox.
 
 ## Import
 

@@ -22,20 +22,29 @@ resource "azuread_user" "example" {
 The following arguments are supported:
 
 * `account_enabled` - (Optional) Whether or not the account should be enabled.
+* `age_group` - (Optional) The age group of the user. Supported values are `Adult`, `NotAdult` and `Minor`. Omit this property or specify a blank string to unset.
+* `business_phones` - (Optional) A list of telephone numbers for the user. Only one number can be set for this property. Read-only for users synced with Azure AD Connect.
 * `city` - (Optional) The city in which the user is located.
 * `company_name` - (Optional) The company name which the user is associated. This property can be useful for describing the company that an external user comes from.
+* `consent_provided_for_minor` - (Optional) Whether consent has been obtained for minors. Supported values are `Granted`, `Denied` and `NotRequired`. Omit this property or specify a blank string to unset.
 * `country` - (Optional) The country/region in which the user is located, e.g. `US` or `UK`.
 * `department` - (Optional) The name for the department in which the user works.
 * `display_name` - (Required) The name to display in the address book for the user.
+* `employee_id` - (Optional) The employee identifier assigned to the user by the organisation.
+* `fax_number` - (Optional) The fax number of the user.
 * `force_password_change` - (Optional) Whether the user is forced to change the password during the next sign-in. Only takes effect when also changing the password. Defaults to `false`.
 * `given_name` - (Optional) The given name (first name) of the user.
 * `job_title` - (Optional) The user’s job title.
+* `mail` - (Optional) The SMTP address for the user. This property cannot be unset once specified.
 * `mail_nickname` - (Optional) The mail alias for the user. Defaults to the user name part of the user principal name (UPN).
 * `mobile_phone` - (Optional) The primary cellular telephone number for the user.
 * `office_location` - (Optional) The office location in the user's place of business.
 * `onpremises_immutable_id` - (Optional) The value used to associate an on-premise Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user's `user_principal_name` property when creating a new user account.
+* `other_mails` - (Optional) A list of additional email addresses for the user.
 * `password` - (Optional) The password for the user. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters. This property is required when creating a new user.
 * `postal_code` - (Optional) The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code.
+* `preferred_language` - (Optional) The user's preferred language, in ISO 639-1 notation.
+* `show_in_address_list` - (Optional) Whether or not the Outlook global address list should include this user. Defaults to `true`.
 * `state` - (Optional) The state or province in the user's address.
 * `street_address` - (Optional) The street address of the user's place of business.
 * `surname` - (Optional) The user's surname (family name or last name).
@@ -46,10 +55,17 @@ The following arguments are supported:
 
 In addition to all arguments above, the following attributes are exported:
 
-* `mail` - The primary email address of the user.
+* `creation_type` - Indicates whether the user account was created as a regular school or work account (`null`), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`).
+* `external_user_state` - For an external user invited to the tenant, this property represents the invited user's invitation status. Possible values are `PendingAcceptance` or `Accepted`.
+* `im_addresses` - A list of instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user.
 * `object_id` - The object ID of the user.
+* `onpremises_distinguished_name` - The on-premises distinguished name (DN) of the user, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_domain_name` - The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.
 * `onpremises_sam_account_name` - The on-premise SAM account name of the user.
+* `onpremises_security_identifier` - The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_sync_enabled` - Whether this user is synchronised from an on-premises directory (`true`), no longer synchronised (`false`), or has never been synchronised (`null`).
 * `onpremises_user_principal_name` - The on-premise user principal name of the user.
+* `proxy_addresses` - List of email addresses for the user that direct to the same mailbox.
 * `user_type` - The user type in the directory. Possible values are `Guest` or `Member`.
 
 ## Import

@@ -20,13 +20,14 @@ require (
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.6.1
 	github.com/hashicorp/yamux v0.0.0-20210316155119-a95892c5f864 // indirect
 	github.com/klauspost/compress v1.12.2 // indirect
-	github.com/manicminer/hamilton v0.20.0
+	github.com/manicminer/hamilton v0.21.0
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.4.1 // indirect
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/ulikunitz/xz v0.5.10 // indirect
 	github.com/zclconf/go-cty v1.8.3 // indirect
+	golang.org/x/text v0.3.6
 	google.golang.org/api v0.47.0 // indirect
 	google.golang.org/genproto v0.0.0-20210518161634-ec7691c0a37d // indirect
 )

@@ -281,8 +281,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/manicminer/hamilton v0.20.0 h1:3FmCr3vKtkBSTkhawtVKgyzQNeWZftVHQhgh/GASUI8=
-github.com/manicminer/hamilton v0.20.0/go.mod h1:y0lB5Ey1UesBkFa9NAtybwWPoN4v1SbY1Chp3OqGtN4=
+github.com/manicminer/hamilton v0.21.0 h1:TsvOK9GkUQVVostAuWA6b67kI7TW7TdGVDDFCe2baac=
+github.com/manicminer/hamilton v0.21.0/go.mod h1:y0lB5Ey1UesBkFa9NAtybwWPoN4v1SbY1Chp3OqGtN4=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=

@@ -100,7 +100,7 @@ func KeyCredentialForResource(d *schema.ResourceData) (*msgraph.KeyCredential, e
 
 	credential := msgraph.KeyCredential{
 		KeyId:       utils.String(keyId),
-		Type:        msgraph.KeyCredentialType(keyType),
+		Type:        keyType,
 		Usage:       msgraph.KeyCredentialUsageVerify,
 		Key:         utils.String(encodedValue),
 		EndDateTime: &endDate,

@@ -210,7 +210,7 @@ func applicationCertificateResourceRead(ctx context.Context, d *schema.ResourceD
 
 	tf.Set(d, "application_object_id", id.ObjectId)
 	tf.Set(d, "key_id", id.KeyId)
-	tf.Set(d, "type", string(credential.Type))
+	tf.Set(d, "type", credential.Type)
 
 	startDate := ""
 	if v := credential.StartDateTime; v != nil {