identity_governance: Updates access_package_resource_package_association to handle MS Graph resource ID changes

[philband]

Community Note

• Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

This PR fixes the issue describes in #1828
MS Graph changed the format of the id of the accessPackageResourceRoleScope resource.
Previously it was a composited id, with format {accessPackageResourceRole_id}_{accessPackageResourceScope_id}, now a new UUID was introduced for the base resource accessPackageResourceRoleScope.

The change adds a fallback that triggers when a resource with the ID from the state cannot be found. The fallback then attempts to instead find the resource using the parts of the previous composite id. If sucessful it updates the state with the new, corrected id.

For deletion currently the Graph API seems even more broken: It only accepts IDs in the old format, returns HTTP/400 on attempts to delete with the new ID. Therefore I also added a fallback there which attempts to delete with the old ID format if the regular request fails.

Changes to existing Resource / Data Source

• I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
• I have written new tests for my resource or datasource changes & updated any relevant documentation.
• I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
• (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

• My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

As this is a pure MS Graph backend change, I don't see how it should be testable.

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

• azuread_access_package_resource_package_association - fix Graph backend ID format changes [identity_governance: Updates access_package_resource_package_association to handle MS Graph resource ID changes #1830]

This is a (please select all that apply):

• Bug Fix
• New Feature (ie adding a service, resource, or data source)
• Enhancement
• Breaking Change

Related Issue(s)

Fixes #1828

Rollback Plan

If a change needs to be reverted, we will publish an updated version of the provider.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

[hcoberdalhoff]

Tested and works in my env.