From 8214c7d765221dd0df7fe5eac494bfd20affb242 Mon Sep 17 00:00:00 2001
From: Theo Andresier <49570057+Threpio@users.noreply.github.com>
Date: Fri, 3 Nov 2023 10:33:42 +0100
Subject: [PATCH 1/2] Updated documentation to include second example

Incldued a second example which includes all of the possible allowed_combinations.
---
 .../authentication_strength_policy.md         | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/docs/resources/authentication_strength_policy.md b/docs/resources/authentication_strength_policy.md
index b297cdc45..e9a0fc085 100644
--- a/docs/resources/authentication_strength_policy.md
+++ b/docs/resources/authentication_strength_policy.md
@@ -25,6 +25,34 @@ resource "azuread_authentication_strength_policy" "example" {
     "password",
   ]
 }
+
+resource "azuread_authentication_strength_policy" "example2" {
+  display_name = "Example Authentication Strength Policy"
+  description  = "Policy for demo purposes with all possible combinations"
+  allowed_combinations = [
+    "fido2",
+    "password",
+    "deviceBasedPush",
+    "temporaryAccessPassOneTime",
+    "federatedMultiFactor",
+    "federatedSingleFactor",
+    "hardwareOath,federatedSingleFactor",
+    "microsoftAuthenticatorPush,federatedSingleFactor",
+    "password,hardwareOath",
+    "password,microsoftAuthenticatorPush",
+    "password,sms",
+    "password,softwareOath",
+    "password,voice",
+    "sms",
+    "sms,federatedSingleFactor",
+    "softwareOath,federatedSingleFactor",
+    "temporaryAccessPassMultiUse",
+    "voice,federatedSingleFactor",
+    "windowsHelloForBusiness",
+    "x509CertificateMultiFactor",
+    "x509CertificateSingleFactor",
+  ]
+}
 ```
 
 ## Argument Reference

From 411654371cda1078e73965f19f83e3c789f56d43 Mon Sep 17 00:00:00 2001
From: Tom Bamford <tom@bamford.io>
Date: Wed, 15 Nov 2023 12:41:24 +0000
Subject: [PATCH 2/2] refactor: move azuread_authentication_strength_policy to
 correct service package

---
 docs/resources/authentication_strength_policy.md    |  2 +-
 .../services/conditionalaccess/client/client.go     | 13 ++++---------
 .../conditional_access_policy_resource_test.go      | 12 +++++++++---
 internal/services/conditionalaccess/registration.go |  9 +++++----
 .../authentication_strength_policy_resource.go      | 11 +++++------
 .../authentication_strength_policy_resource_test.go |  4 ++--
 internal/services/policies/client/client.go         |  9 +++++++--
 internal/services/policies/registration.go          |  3 ++-
 8 files changed, 35 insertions(+), 28 deletions(-)
 rename internal/services/{conditionalaccess => policies}/authentication_strength_policy_resource.go (92%)
 rename internal/services/{conditionalaccess => policies}/authentication_strength_policy_resource_test.go (96%)

diff --git a/docs/resources/authentication_strength_policy.md b/docs/resources/authentication_strength_policy.md
index e9a0fc085..d62fe6cba 100644
--- a/docs/resources/authentication_strength_policy.md
+++ b/docs/resources/authentication_strength_policy.md
@@ -1,5 +1,5 @@
 ---
-subcategory: "Conditional Access"
+subcategory: "Policies"
 ---
 
 # Resource: azuread_authentication_strength_policy
diff --git a/internal/services/conditionalaccess/client/client.go b/internal/services/conditionalaccess/client/client.go
index c87004f26..fa29ce21e 100644
--- a/internal/services/conditionalaccess/client/client.go
+++ b/internal/services/conditionalaccess/client/client.go
@@ -9,9 +9,8 @@ import (
 )
 
 type Client struct {
-	NamedLocationsClient                 *msgraph.NamedLocationsClient
-	PoliciesClient                       *msgraph.ConditionalAccessPoliciesClient
-	AuthenticationStrengthPoliciesClient *msgraph.AuthenticationStrengthPoliciesClient
+	NamedLocationsClient *msgraph.NamedLocationsClient
+	PoliciesClient       *msgraph.ConditionalAccessPoliciesClient
 }
 
 func NewClient(o *common.ClientOptions) *Client {
@@ -21,12 +20,8 @@ func NewClient(o *common.ClientOptions) *Client {
 	policiesClient := msgraph.NewConditionalAccessPoliciesClient()
 	o.ConfigureClient(&policiesClient.BaseClient)
 
-	authenticationStrengthpoliciesClient := msgraph.NewAuthenticationStrengthPoliciesClient()
-	o.ConfigureClient(&authenticationStrengthpoliciesClient.BaseClient)
-
 	return &Client{
-		NamedLocationsClient:                 namedLocationsClient,
-		PoliciesClient:                       policiesClient,
-		AuthenticationStrengthPoliciesClient: authenticationStrengthpoliciesClient,
+		NamedLocationsClient: namedLocationsClient,
+		PoliciesClient:       policiesClient,
 	}
 }
diff --git a/internal/services/conditionalaccess/conditional_access_policy_resource_test.go b/internal/services/conditionalaccess/conditional_access_policy_resource_test.go
index 204cc3ff7..07ebc3a21 100644
--- a/internal/services/conditionalaccess/conditional_access_policy_resource_test.go
+++ b/internal/services/conditionalaccess/conditional_access_policy_resource_test.go
@@ -602,10 +602,16 @@ resource "azuread_conditional_access_policy" "test" {
 
 func (ConditionalAccessPolicyResource) authenticationStrengthPolicy(data acceptance.TestData) string {
 	return fmt.Sprintf(`
-%[1]s
+provider "azuread" {}
+
+resource "azuread_authentication_strength_policy" "test" {
+  display_name         = "acctestASP-%[1]d"
+  description          = "test"
+  allowed_combinations = ["password"]
+}
 
 resource "azuread_conditional_access_policy" "test" {
-  display_name = "acctest-CONPOLICY-%[2]d"
+  display_name = "acctest-CONPOLICY-%[1]d"
   state        = "disabled"
 
   conditions {
@@ -626,7 +632,7 @@ resource "azuread_conditional_access_policy" "test" {
     authentication_strength_policy_id = azuread_authentication_strength_policy.test.id
   }
 }
-`, AuthenticationStrengthPolicyResource{}.basic(data), data.RandomInteger)
+`, data.RandomInteger)
 }
 
 func (ConditionalAccessPolicyResource) guestsOrExternalUsersAllServiceProvidersIncluded(data acceptance.TestData) string {
diff --git a/internal/services/conditionalaccess/registration.go b/internal/services/conditionalaccess/registration.go
index 21f938f61..41e5b0966 100644
--- a/internal/services/conditionalaccess/registration.go
+++ b/internal/services/conditionalaccess/registration.go
@@ -3,7 +3,9 @@
 
 package conditionalaccess
 
-import "github.com/hashicorp/terraform-provider-azuread/internal/tf/pluginsdk"
+import (
+	"github.com/hashicorp/terraform-provider-azuread/internal/tf/pluginsdk"
+)
 
 type Registration struct{}
 
@@ -29,8 +31,7 @@ func (r Registration) SupportedDataSources() map[string]*pluginsdk.Resource {
 // SupportedResources returns the supported Resources supported by this Service
 func (r Registration) SupportedResources() map[string]*pluginsdk.Resource {
 	return map[string]*pluginsdk.Resource{
-		"azuread_authentication_strength_policy": authenticationStrengthPolicyResource(),
-		"azuread_named_location":                 namedLocationResource(),
-		"azuread_conditional_access_policy":      conditionalAccessPolicyResource(),
+		"azuread_named_location":            namedLocationResource(),
+		"azuread_conditional_access_policy": conditionalAccessPolicyResource(),
 	}
 }
diff --git a/internal/services/conditionalaccess/authentication_strength_policy_resource.go b/internal/services/policies/authentication_strength_policy_resource.go
similarity index 92%
rename from internal/services/conditionalaccess/authentication_strength_policy_resource.go
rename to internal/services/policies/authentication_strength_policy_resource.go
index 210aae5a3..842185f86 100644
--- a/internal/services/conditionalaccess/authentication_strength_policy_resource.go
+++ b/internal/services/policies/authentication_strength_policy_resource.go
@@ -1,7 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 
-package conditionalaccess
+package policies
 
 import (
 	"context"
@@ -71,7 +71,7 @@ func authenticationStrengthPolicyResource() *pluginsdk.Resource {
 }
 
 func authenticationStrengthPolicyCreate(ctx context.Context, d *pluginsdk.ResourceData, meta interface{}) diag.Diagnostics {
-	client := meta.(*clients.Client).ConditionalAccess.AuthenticationStrengthPoliciesClient
+	client := meta.(*clients.Client).Policies.AuthenticationStrengthPoliciesClient
 
 	properties := msgraph.AuthenticationStrengthPolicy{
 		DisplayName:         pointer.To(d.Get("display_name").(string)),
@@ -90,13 +90,12 @@ func authenticationStrengthPolicyCreate(ctx context.Context, d *pluginsdk.Resour
 }
 
 func authenticationStrengthPolicyUpdate(ctx context.Context, d *pluginsdk.ResourceData, meta interface{}) diag.Diagnostics {
-	client := meta.(*clients.Client).ConditionalAccess.AuthenticationStrengthPoliciesClient
+	client := meta.(*clients.Client).Policies.AuthenticationStrengthPoliciesClient
 
 	properties := msgraph.AuthenticationStrengthPolicy{
 		ID:          pointer.To(d.Id()),
 		DisplayName: pointer.To(d.Get("display_name").(string)),
 		Description: pointer.To(d.Get("description").(string)),
-		// AllowedCombinations: tf.ExpandStringSlicePtr(d.Get("allowed_combinations").(*pluginsdk.Set).List()),
 	}
 
 	_, err := client.Update(ctx, properties)
@@ -116,7 +115,7 @@ func authenticationStrengthPolicyUpdate(ctx context.Context, d *pluginsdk.Resour
 }
 
 func authenticationStrengthPolicyRead(ctx context.Context, d *pluginsdk.ResourceData, meta interface{}) diag.Diagnostics {
-	client := meta.(*clients.Client).ConditionalAccess.AuthenticationStrengthPoliciesClient
+	client := meta.(*clients.Client).Policies.AuthenticationStrengthPoliciesClient
 
 	authenticationStrengthPolicy, status, err := client.Get(ctx, d.Id(), odata.Query{})
 	if err != nil {
@@ -139,7 +138,7 @@ func authenticationStrengthPolicyRead(ctx context.Context, d *pluginsdk.Resource
 }
 
 func authenticationStrengthPolicyDelete(ctx context.Context, d *pluginsdk.ResourceData, meta interface{}) diag.Diagnostics {
-	client := meta.(*clients.Client).ConditionalAccess.AuthenticationStrengthPoliciesClient
+	client := meta.(*clients.Client).Policies.AuthenticationStrengthPoliciesClient
 	authenticationStrengthPolicyId := d.Id()
 
 	if _, status, err := client.Get(ctx, authenticationStrengthPolicyId, odata.Query{}); err != nil {
diff --git a/internal/services/conditionalaccess/authentication_strength_policy_resource_test.go b/internal/services/policies/authentication_strength_policy_resource_test.go
similarity index 96%
rename from internal/services/conditionalaccess/authentication_strength_policy_resource_test.go
rename to internal/services/policies/authentication_strength_policy_resource_test.go
index b741d5e42..1e054be8e 100644
--- a/internal/services/conditionalaccess/authentication_strength_policy_resource_test.go
+++ b/internal/services/policies/authentication_strength_policy_resource_test.go
@@ -1,7 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 
-package conditionalaccess_test
+package policies_test
 
 import (
 	"context"
@@ -81,7 +81,7 @@ func TestAccAuthenticationStrengthPolicy_update(t *testing.T) {
 func (r AuthenticationStrengthPolicyResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
 	var id *string
 
-	authstrengthpolicy, status, err := client.ConditionalAccess.AuthenticationStrengthPoliciesClient.Get(ctx, state.ID, odata.Query{})
+	authstrengthpolicy, status, err := client.Policies.AuthenticationStrengthPoliciesClient.Get(ctx, state.ID, odata.Query{})
 	if err != nil {
 		if status == http.StatusNotFound {
 			return nil, fmt.Errorf("Authentication Strength Policy with ID %q does not exist", state.ID)
diff --git a/internal/services/policies/client/client.go b/internal/services/policies/client/client.go
index 189ae2d3a..66d24f537 100644
--- a/internal/services/policies/client/client.go
+++ b/internal/services/policies/client/client.go
@@ -9,14 +9,19 @@ import (
 )
 
 type Client struct {
-	ClaimsMappingPolicyClient *msgraph.ClaimsMappingPolicyClient
+	AuthenticationStrengthPoliciesClient *msgraph.AuthenticationStrengthPoliciesClient
+	ClaimsMappingPolicyClient            *msgraph.ClaimsMappingPolicyClient
 }
 
 func NewClient(o *common.ClientOptions) *Client {
+	authenticationStrengthpoliciesClient := msgraph.NewAuthenticationStrengthPoliciesClient()
+	o.ConfigureClient(&authenticationStrengthpoliciesClient.BaseClient)
+
 	claimsMappingPolicyClient := msgraph.NewClaimsMappingPolicyClient()
 	o.ConfigureClient(&claimsMappingPolicyClient.BaseClient)
 
 	return &Client{
-		ClaimsMappingPolicyClient: claimsMappingPolicyClient,
+		AuthenticationStrengthPoliciesClient: authenticationStrengthpoliciesClient,
+		ClaimsMappingPolicyClient:            claimsMappingPolicyClient,
 	}
 }
diff --git a/internal/services/policies/registration.go b/internal/services/policies/registration.go
index 2e0f30431..977ba2999 100644
--- a/internal/services/policies/registration.go
+++ b/internal/services/policies/registration.go
@@ -27,6 +27,7 @@ func (r Registration) SupportedDataSources() map[string]*pluginsdk.Resource {
 // SupportedResources returns the supported Resources supported by this Service
 func (r Registration) SupportedResources() map[string]*pluginsdk.Resource {
 	return map[string]*pluginsdk.Resource{
-		"azuread_claims_mapping_policy": claimsMappingPolicyResource(),
+		"azuread_authentication_strength_policy": authenticationStrengthPolicyResource(),
+		"azuread_claims_mapping_policy":          claimsMappingPolicyResource(),
 	}
 }