first draft

internal/services/users/user_resource.go

@@ -209,6 +209,19 @@ func userResource() *schema.Resource {
 				ValidateFunc: validation.StringLenBetween(1, 256), // Currently the max length for AAD passwords is 256
 			},
 
+			"disable_strong_password": {
+				Description: "Whether the user is allowed weaker passwords than the default policy to be specified.",
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+			},
+			"disable_password_expiration": {
+				Description: "Whether the users password is exempt from expiring",
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+			},
+
 			"postal_code": {
 				Description: "The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code",
 				Type:        schema.TypeString,
@@ -385,6 +398,7 @@ func userResourceCreate(ctx context.Context, d *schema.ResourceData, meta interf
 		MobilePhone:             utils.NullableString(d.Get("mobile_phone").(string)),
 		OfficeLocation:          utils.NullableString(d.Get("office_location").(string)),
 		OtherMails:              tf.ExpandStringSlicePtr(d.Get("other_mails").(*schema.Set).List()),
+		PasswordPolicies:        expandUserPasswordPolicies(d),
 		PostalCode:              utils.NullableString(d.Get("postal_code").(string)),
 		PreferredLanguage:       utils.NullableString(d.Get("preferred_language").(string)),
 		ShowInAddressList:       utils.Bool(d.Get("show_in_address_list").(bool)),
@@ -445,6 +459,7 @@ func userResourceUpdate(ctx context.Context, d *schema.ResourceData, meta interf
 		MobilePhone:             utils.NullableString(d.Get("mobile_phone").(string)),
 		OfficeLocation:          utils.NullableString(d.Get("office_location").(string)),
 		OtherMails:              tf.ExpandStringSlicePtr(d.Get("other_mails").(*schema.Set).List()),
+		PasswordPolicies:        expandUserPasswordPolicies(d),
 		PostalCode:              utils.NullableString(d.Get("postal_code").(string)),
 		PreferredLanguage:       utils.NullableString(d.Get("preferred_language").(string)),
 		ShowInAddressList:       utils.Bool(d.Get("show_in_address_list").(bool)),
@@ -527,6 +542,7 @@ func userResourceRead(ctx context.Context, d *schema.ResourceData, meta interfac
 	tf.Set(d, "onpremises_sync_enabled", user.OnPremisesSyncEnabled)
 	tf.Set(d, "onpremises_user_principal_name", user.OnPremisesUserPrincipalName)
 	tf.Set(d, "other_mails", user.OtherMails)
+	flattenUserPasswordPolicies(user.PasswordPolicies, d)
 	tf.Set(d, "postal_code", user.PostalCode)
 	tf.Set(d, "preferred_language", user.PreferredLanguage)
 	tf.Set(d, "proxy_addresses", user.ProxyAddresses)
@@ -560,3 +576,42 @@ func userResourceDelete(ctx context.Context, d *schema.ResourceData, meta interf
 
 	return nil
 }
+
+func expandUserPasswordPolicies(d *schema.ResourceData) (result *string) {
+	result = utils.String("")
+
+	disable_strong_password := d.Get("disable_strong_password").(bool)
+	disable_password_expiration := d.Get("disable_password_expiration").(bool)
+
+	if disable_strong_password && (!disable_password_expiration) {
+		result = utils.String("DisableStrongPassword")
+	} else if (!disable_strong_password) && disable_password_expiration {
+		result = utils.String("DisablePasswordExpiration")
+	} else if disable_strong_password && disable_password_expiration {
+		result = utils.String("DisablePasswordExpiration, DisableStrongPassword")
+	}
+
+	return
+}
+
+func flattenUserPasswordPolicies(in *string, d *schema.ResourceData) {
+	if in == nil {
+		return
+	}
+
+	disable_strong_password := false
+	disable_password_expiration := false
+
+	switch *in {
+	case "DisableStrongPassword":
+		disable_strong_password = true
+	case "DisablePasswordExpiration":
+		disable_password_expiration = true
+	case "DisablePasswordExpiration, DisableStrongPassword":
+		disable_strong_password = true
+		disable_password_expiration = true
+	}
+
+	tf.Set(d, "disable_strong_password", disable_strong_password)
+	tf.Set(d, "disable_password_expiration", disable_password_expiration)
+}