Description

The import functionality for Group Policy resources (microsoft365_graph_beta_device_management_group_policy_text_value, microsoft365_graph_beta_device_management_group_policy_boolean_value, and microsoft365_graph_beta_device_management_group_policy_multi_text_value) does not work correctly. When attempting to import these resources, the provider fails with an error stating that policy_name, class_type, and category_path fields are required for auto-discovery, even though the resource exists in Intune.

This prevents users from importing existing Group Policy Administrative Template configurations into Terraform state.

Steps to Reproduce

1. Create a Group Policy configuration with presentation values in Intune (or use an existing one)
2. Attempt to import a group policy text value resource using Terraform import block:

import {
  to = microsoft365_graph_beta_device_management_group_policy_text_value.example
  id = "config-id/definition-value-id/presentation-value-id"
}

3. Run terraform plan

Expected Behavior

The import should:

1. Parse the composite ID (configID/definitionValueID/presentationValueID)
2. Fetch the resource from the Graph API
3. Populate all fields including policy_name, class_type, and category_path from the API response
4. Successfully import the resource into Terraform state

Actual Behavior

Import fails with error:

Error: Error resolving IDs during read
Could not resolve definition and presentation IDs for graph_beta_device_management_group_policy_text_value (HTTP 0): provide policy_name, class_type, and category_path for auto-discovery

The import function only sets the id field in state, leaving policy_name, class_type, and category_path as null. When the Read function is called after import, the resolver fails because these required metadata fields are missing.

Environment

• OS: Windows
• Terraform Version: 1.13.4
• Provider Version: 0.35.0-alpha (main branch)
• Graph API: Microsoft Graph Beta

Root Cause

The import function uses resource.ImportStatePassthroughID() which only sets the id field. The Read function then calls the GroupPolicyIDResolver which requires policy_name, class_type, and category_path to be present in state to resolve the definition and presentation template IDs. During import, these fields don't exist in state yet, causing the validation to fail.

Proposed Solution

Implement a composite ID import pattern with a helper function to fetch metadata from the API:

1. Update ImportState function to parse composite ID format: configID/definitionValueID/presentationValueID
2. Enhance Read function to detect import scenarios (when IDs exist but metadata is missing)
3. Add helper function populateMetadataFromAPI() that:
   • Fetches definition values with $expand=definition
   • Extracts policy_name (displayName), class_type, and category_path from the definition
   • Optionally fetches presentation template ID from presentation value
   • Populates these fields in the model before the resolver runs

This approach:

• Reuses existing Read logic
• Follows common Terraform provider patterns (AWS, Azure)
• Works with the Graph API's navigation properties correctly
• Maintains backward compatibility with normal CRUD operations

Files Affected

• internal/services/resources/device_management/graph_beta/group_policy_text_value/resource.go - ImportState function
• internal/services/resources/device_management/graph_beta/group_policy_text_value/crud.go - Read function enhancement
• internal/services/resources/device_management/graph_beta/group_policy_text_value/import.go - New helper function
• examples/resources/microsoft365_graph_beta_device_management_group_policy_text_value/import.sh - Updated documentation

Similar changes needed for:

• group_policy_boolean_value
• group_policy_multi_text_value