fix: small issues

Author: henryde

.github/.copilot-instructions.md

@@ -131,6 +131,19 @@ This pattern ensures:
 - Implement proper authentication token refresh
 - Follow meshStack API conventions for CRUD operations
 
+### Data Structure Guidelines
+**Pointer and `omitempty` Usage:**
+- Only use pointers (`*type`) and `omitempty` JSON tags for fields that are **actually nullable** in the backend API
+- Non-nullable fields should use value types (e.g., `string`, `int64`, `bool`) without `omitempty`
+- This ensures proper validation and prevents sending incorrect null values to the API
+- Example:
+  ```go
+  type Resource struct {
+      RequiredField string  `json:"requiredField" tfsdk:"required_field"`           // Non-nullable
+      OptionalField *string `json:"optionalField,omitempty" tfsdk:"optional_field"` // Nullable in backend
+  }
+  ```
+
 ## Key Dependencies
 
 - **Terraform Plugin Framework**: Latest stable version for provider development

client/platform_config_aws.go

@@ -1,26 +1,26 @@
 package client
 
 type AwsPlatformConfig struct {
-	Region      *string               `json:"region,omitempty" tfsdk:"region"`
+	Region      string                `json:"region,omitempty" tfsdk:"region"`
 	Replication *AwsReplicationConfig `json:"replication,omitempty" tfsdk:"replication"`
 	Metering    *AwsMeteringConfig    `json:"metering,omitempty" tfsdk:"metering"`
 }
 
 type AwsReplicationConfig struct {
-	AccessConfig                                  *AwsAccessConfig            `json:"accessConfig,omitempty" tfsdk:"access_config"`
-	WaitForExternalAvm                            *bool                       `json:"waitForExternalAvm,omitempty" tfsdk:"wait_for_external_avm"`
-	AutomationAccountRole                         *string                     `json:"automationAccountRole,omitempty" tfsdk:"automation_account_role"`
+	AccessConfig                                  AwsAccessConfig             `json:"accessConfig" tfsdk:"access_config"`
+	WaitForExternalAvm                            bool                        `json:"waitForExternalAvm" tfsdk:"wait_for_external_avm"`
+	AutomationAccountRole                         string                      `json:"automationAccountRole" tfsdk:"automation_account_role"`
 	AutomationAccountExternalId                   *string                     `json:"automationAccountExternalId,omitempty" tfsdk:"automation_account_external_id"`
-	AccountAccessRole                             *string                     `json:"accountAccessRole,omitempty" tfsdk:"account_access_role"`
-	AccountAliasPattern                           *string                     `json:"accountAliasPattern,omitempty" tfsdk:"account_alias_pattern"`
-	EnforceAccountAlias                           *bool                       `json:"enforceAccountAlias,omitempty" tfsdk:"enforce_account_alias"`
-	AccountEmailPattern                           *string                     `json:"accountEmailPattern,omitempty" tfsdk:"account_email_pattern"`
+	AccountAccessRole                             string                      `json:"accountAccessRole" tfsdk:"account_access_role"`
+	AccountAliasPattern                           string                      `json:"accountAliasPattern" tfsdk:"account_alias_pattern"`
+	EnforceAccountAlias                           bool                        `json:"enforceAccountAlias" tfsdk:"enforce_account_alias"`
+	AccountEmailPattern                           string                      `json:"accountEmailPattern" tfsdk:"account_email_pattern"`
 	TenantTags                                    *MeshTenantTags             `json:"tenantTags,omitempty" tfsdk:"tenant_tags"`
 	AwsSso                                        *AwsSsoConfig               `json:"awsSso,omitempty" tfsdk:"aws_sso"`
 	EnrollmentConfiguration                       *AwsEnrollmentConfiguration `json:"enrollmentConfiguration,omitempty" tfsdk:"enrollment_configuration"`
-	SelfDowngradeAccessRole                       *bool                       `json:"selfDowngradeAccessRole,omitempty" tfsdk:"self_downgrade_access_role"`
-	SkipUserGroupPermissionCleanup                *bool                       `json:"skipUserGroupPermissionCleanup,omitempty" tfsdk:"skip_user_group_permission_cleanup"`
-	AllowHierarchicalOrganizationalUnitAssignment *bool                       `json:"allowHierarchicalOrganizationalUnitAssignment,omitempty" tfsdk:"allow_hierarchical_organizational_unit_assignment"`
+	SelfDowngradeAccessRole                       bool                        `json:"selfDowngradeAccessRole" tfsdk:"self_downgrade_access_role"`
+	SkipUserGroupPermissionCleanup                bool                        `json:"skipUserGroupPermissionCleanup" tfsdk:"skip_user_group_permission_cleanup"`
+	AllowHierarchicalOrganizationalUnitAssignment bool                        `json:"allowHierarchicalOrganizationalUnitAssignment" tfsdk:"allow_hierarchical_organizational_unit_assignment"`
 }
 
 type AwsAccessConfig struct {
@@ -31,8 +31,8 @@ type AwsAccessConfig struct {
 }
 
 type AwsServiceUserConfig struct {
-	AccessKey string  `json:"accessKey" tfsdk:"access_key"`
-	SecretKey *string `json:"secretKey,omitempty" tfsdk:"secret_key"`
+	AccessKey string `json:"accessKey" tfsdk:"access_key"`
+	SecretKey string `json:"secretKey" tfsdk:"secret_key"`
 }
 
 type AwsWorkloadIdentityConfig struct {
@@ -43,9 +43,9 @@ type AwsSsoConfig struct {
 	ScimEndpoint     string              `json:"scimEndpoint" tfsdk:"scim_endpoint"`
 	Arn              string              `json:"arn" tfsdk:"arn"`
 	GroupNamePattern string              `json:"groupNamePattern" tfsdk:"group_name_pattern"`
-	SsoAccessToken   *string             `json:"ssoAccessToken,omitempty" tfsdk:"sso_access_token"`
+	SsoAccessToken   string              `json:"ssoAccessToken" tfsdk:"sso_access_token"`
 	AwsRoleMappings  []AwsSsoRoleMapping `json:"awsRoleMappings" tfsdk:"aws_role_mappings"`
-	SignInUrl        *string             `json:"signInUrl,omitempty" tfsdk:"sign_in_url"`
+	SignInUrl        string              `json:"signInUrl" tfsdk:"sign_in_url"`
 }
 
 type AwsSsoRoleMapping struct {

client/platform_config_kubernetes.go

@@ -9,7 +9,7 @@ type KubernetesPlatformConfig struct {
 
 type KubernetesReplicationConfig struct {
 	ClientConfig         KubernetesClientConfig `json:"clientConfig" tfsdk:"client_config"`
-	NamespaceNamePattern string                 `json:"namespaceNamePattern,omitempty" tfsdk:"namespace_name_pattern"`
+	NamespaceNamePattern string                 `json:"namespaceNamePattern" tfsdk:"namespace_name_pattern"`
 }
 
 type KubernetesClientConfig struct {

client/platform_config_openshift.go

@@ -8,25 +8,20 @@ type OpenShiftPlatformConfig struct {
 }
 
 type OpenShiftReplicationConfig struct {
-	ClientConfig                *OpenShiftClientConfig         `json:"clientConfig,omitempty" tfsdk:"client_config"`
+	ClientConfig                KubernetesClientConfig         `json:"clientConfig" tfsdk:"client_config"`
 	WebConsoleUrl               *string                        `json:"webConsoleUrl,omitempty" tfsdk:"web_console_url"`
-	ProjectNamePattern          *string                        `json:"projectNamePattern,omitempty" tfsdk:"project_name_pattern"`
-	EnableTemplateInstantiation *bool                          `json:"enableTemplateInstantiation,omitempty" tfsdk:"enable_template_instantiation"`
-	OpenShiftRoleMappings       []OpenShiftPlatformRoleMapping `json:"openshiftRoleMappings,omitempty" tfsdk:"openshift_role_mappings"`
-	IdentityProviderName        *string                        `json:"identityProviderName,omitempty" tfsdk:"identity_provider_name"`
+	ProjectNamePattern          string                         `json:"projectNamePattern" tfsdk:"project_name_pattern"`
+	EnableTemplateInstantiation bool                           `json:"enableTemplateInstantiation" tfsdk:"enable_template_instantiation"`
+	OpenShiftRoleMappings       []OpenShiftPlatformRoleMapping `json:"openshiftRoleMappings" tfsdk:"openshift_role_mappings"`
+	IdentityProviderName        string                         `json:"identityProviderName" tfsdk:"identity_provider_name"`
 	TenantTags                  *MeshTenantTags                `json:"tenantTags,omitempty" tfsdk:"tenant_tags"`
 }
 
-type OpenShiftClientConfig struct {
-	AccessToken *string `json:"accessToken,omitempty" tfsdk:"access_token"`
-}
-
 type OpenShiftMeteringConfig struct {
-	ClientConfig *OpenShiftClientConfig                `json:"clientConfig,omitempty" tfsdk:"client_config"`
-	Processing   *MeshPlatformMeteringProcessingConfig `json:"processing,omitempty" tfsdk:"processing"`
+	ClientConfig KubernetesClientConfig               `json:"clientConfig" tfsdk:"client_config"`
+	Processing   MeshPlatformMeteringProcessingConfig `json:"processing" tfsdk:"processing"`
 }
 
-
 type OpenShiftPlatformRoleMapping struct {
 	MeshProjectRoleRef MeshProjectRoleRefV2 `json:"projectRoleRef" tfsdk:"project_role_ref"`
 	OpenShiftRole      string               `json:"openshiftRole" tfsdk:"openshift_role"`

internal/modifiers/platformtypemodifier/validate_single_platform.go

@@ -44,16 +44,16 @@ func (v singlePlatformValidator) PlanModifyObject(ctx context.Context, req planm
 	if len(configuredPlatforms) > 1 {
 		resp.Diagnostics.AddError(
 			"Multiple Platform Configurations",
-			fmt.Sprintf("Only one platform configuration can be specified within "+
-				"platform_properties, but found: %v. Please specify only one platform "+
+			fmt.Sprintf("Only one platform configuration can be specified,"+
+				"but found: %v. Please specify only one platform "+
 				"configuration.", configuredPlatforms),
 		)
 	}
 
 	if len(configuredPlatforms) == 0 {
 		resp.Diagnostics.AddError(
 			"No Platform Configuration",
-			"At least one platform configuration must be specified within platform_properties. "+
+			"At least one platform configuration must be specified. "+
 				"Please specify one of: aws, aks, azure, azurerg, gcp, kubernetes, openshift.",
 		)
 	}

internal/provider/landingzone_resource.go

@@ -225,7 +225,7 @@ func awsPlatformConfigSchema() schema.Attribute {
 				Required:            true,
 				NestedObject: schema.NestedAttributeObject{
 					Attributes: map[string]schema.Attribute{
-						"project_role_ref": meshProjectRoleAttribute(),
+						"project_role_ref": meshProjectRoleAttribute(false),
 						"platform_role": schema.StringAttribute{
 							MarkdownDescription: "The AWS platform role",
 							Required:            true,
@@ -254,7 +254,7 @@ func aksPlatformConfigSchema() schema.Attribute {
 				Required: true,
 				NestedObject: schema.NestedAttributeObject{
 					Attributes: map[string]schema.Attribute{
-						"project_role_ref": meshProjectRoleAttribute(),
+						"project_role_ref": meshProjectRoleAttribute(false),
 						"platform_roles": schema.ListAttribute{
 							MarkdownDescription: "List of AKS platform roles to assign to the meshProject role.",
 							ElementType:         types.StringType,
@@ -284,7 +284,7 @@ func azurePlatformConfigSchema() schema.Attribute {
 				Required: true,
 				NestedObject: schema.NestedAttributeObject{
 					Attributes: map[string]schema.Attribute{
-						"project_role_ref": meshProjectRoleAttribute(),
+						"project_role_ref": meshProjectRoleAttribute(false),
 						"azure_group_suffix": schema.StringAttribute{
 							MarkdownDescription: "The given role name will be injected into the" +
 								" group name via the group naming pattern configured on the" +
@@ -336,7 +336,7 @@ func gcpPlatformConfigSchema() schema.Attribute {
 				Required: true,
 				NestedObject: schema.NestedAttributeObject{
 					Attributes: map[string]schema.Attribute{
-						"project_role_ref": meshProjectRoleAttribute(),
+						"project_role_ref": meshProjectRoleAttribute(false),
 						"platform_roles": schema.ListAttribute{
 							MarkdownDescription: "Can be empty. List of GCP IAM roles to assign to the meshProject role.",
 							ElementType:         types.StringType,
@@ -367,7 +367,7 @@ func azureRgPlatformConfigSchema() schema.Attribute {
 				Required: true,
 				NestedObject: schema.NestedAttributeObject{
 					Attributes: map[string]schema.Attribute{
-						"project_role_ref": meshProjectRoleAttribute(),
+						"project_role_ref": meshProjectRoleAttribute(false),
 						"azure_group_suffix": schema.StringAttribute{
 							MarkdownDescription: "The given role name will be injected into the" +
 								" group name via the group naming pattern configured on the" +
@@ -410,7 +410,7 @@ func kubernetesPlatformConfigSchema() schema.Attribute {
 				Required:            true,
 				NestedObject: schema.NestedAttributeObject{
 					Attributes: map[string]schema.Attribute{
-						"project_role_ref": meshProjectRoleAttribute(),
+						"project_role_ref": meshProjectRoleAttribute(false),
 						"platform_roles": schema.ListAttribute{
 							MarkdownDescription: "Roles need to be mapped from the meshRole to" +
 								" the Cluster Role. You can use both built in roles like 'editor' or custom roles that you setup in the Kubernetes Cluster" +

internal/provider/platform_data_source.go

@@ -167,7 +167,7 @@ func (d *platformDataSource) Schema(_ context.Context, _ datasource.SchemaReques
 					},
 					"quota_definitions": schema.ListAttribute{
 						MarkdownDescription: "List of quota definitions for the platform.",
-						Required:            true,
+						Computed:            true,
 						Sensitive:           false,
 						ElementType: types.ObjectType{
 							AttrTypes: map[string]attr.Type{
@@ -679,15 +679,15 @@ func awsReplicationConfigDataSourceSchema() schema.Attribute {
 						Computed:            true,
 						NestedObject: schema.NestedAttributeObject{
 							Attributes: map[string]schema.Attribute{
-								"project_role_ref": meshProjectRoleAttribute(),
+								"project_role_ref": meshProjectRoleAttribute(true),
 								"aws_role": schema.StringAttribute{
 									MarkdownDescription: "The AWS role name",
 									Computed:            true,
 								},
 								"permission_set_arns": schema.ListAttribute{
 									MarkdownDescription: "List of permission set ARNs associated with this role mapping",
 									ElementType:         types.StringType,
-									Optional:            true,
+									Computed:            true,
 								},
 							},
 						},
@@ -843,8 +843,7 @@ func azureReplicationConfigDataSourceSchema() schema.Attribute {
 				Computed:            true,
 				Attributes: map[string]schema.Attribute{
 					"redirect_url": schema.StringAttribute{
-						MarkdownDescription: "This is the URL that Azure's consent experience redirects users to after they accept their invitation.",
-						Computed:            true,
+						Computed: true,
 					},
 					"send_azure_invitation_mail": schema.BoolAttribute{
 						MarkdownDescription: "When true, meshStack instructs Azure to send out Invitation mails to invited users. These mails allow users to redeem their invitation to the AAD tenant only using email and Azure Portal.",
@@ -873,7 +872,7 @@ func azureReplicationConfigDataSourceSchema() schema.Attribute {
 				Computed:            true,
 				NestedObject: schema.NestedAttributeObject{
 					Attributes: map[string]schema.Attribute{
-						"project_role_ref": meshProjectRoleAttribute(),
+						"project_role_ref": meshProjectRoleAttribute(true),
 						"azure_role": schema.SingleNestedAttribute{
 							MarkdownDescription: "The Azure role definition.",
 							Computed:            true,
@@ -937,8 +936,6 @@ func azureReplicationConfigDataSourceSchema() schema.Attribute {
 	}
 }
 
-// TODO continue here.
-
 func azureRgReplicationConfigDataSourceSchema() schema.Attribute {
 	return schema.SingleNestedAttribute{
 		MarkdownDescription: "Azure Resource Group-specific replication configuration for the platform.",
@@ -1111,7 +1108,7 @@ func gcpReplicationConfigDataSourceSchema() schema.Attribute {
 				Computed:            true,
 				NestedObject: schema.NestedAttributeObject{
 					Attributes: map[string]schema.Attribute{
-						"project_role_ref": meshProjectRoleAttribute(),
+						"project_role_ref": meshProjectRoleAttribute(true),
 						"gcp_role": schema.StringAttribute{
 							MarkdownDescription: "The GCP IAM role",
 							Computed:            true,
@@ -1208,13 +1205,10 @@ func kubernetesMeteringConfigDataSourceSchema() schema.Attribute {
 		Computed:            true,
 		Attributes: map[string]schema.Attribute{
 			"client_config": kubernetesClientConfigDataSourceSchema("Client configuration for Kubernetes metering"),
-			"processing":    meteringProcessingConfigDataSourceSchema(),
 		},
 	}
 }
 
-// TODO continue here.
-
 func openShiftReplicationConfigDataSourceSchema() schema.Attribute {
 	return schema.SingleNestedAttribute{
 		MarkdownDescription: "Replication configuration for OpenShift (optional, but required for replication)",
@@ -1238,7 +1232,7 @@ func openShiftReplicationConfigDataSourceSchema() schema.Attribute {
 				Computed:            true,
 				NestedObject: schema.NestedAttributeObject{
 					Attributes: map[string]schema.Attribute{
-						"project_role_ref": meshProjectRoleAttribute(),
+						"project_role_ref": meshProjectRoleAttribute(true),
 						"openshift_role": schema.StringAttribute{
 							MarkdownDescription: "The OpenShift role name",
 							Computed:            true,