feat(domain): enable spn support (#286)

# 📥 Pull Request

## ❓ What are you trying to address

This pull request introduces support for Service Principal (SPN)
authentication for various domain-related resources and data sources.
The changes span across documentation updates, configuration files, and
test cases.

.changes/unreleased/changed-20250305-154933.yaml

@@ -0,0 +1,5 @@
+kind: changed
+body: SPN is now supported for Domain resources/data-sources
+time: 2025-03-05T15:49:33.2641607-08:00
+custom:
+  Issue: "286"

docs/data-sources/domain.md

@@ -5,7 +5,7 @@ subcategory: ""
 description: |-
   Get a Fabric Domain.
   Use this data source to get Domain https://learn.microsoft.com/fabric/governance/domains.
-  -> This item does not support Service Principal. Please use a User context authentication.
+  -> This item supports Service Principal authentication.
   ~> This data-source is in preview. To access it, you must explicitly enable the preview mode in the provider level configuration.
 ---
 
@@ -15,7 +15,7 @@ Get a Fabric Domain.
 
 Use this data source to get [Domain](https://learn.microsoft.com/fabric/governance/domains).
 
--> This item does not support Service Principal. Please use a User context authentication.
+-> This item supports Service Principal authentication.
 
 ~> This data-source is in **preview**. To access it, you must explicitly enable the `preview` mode in the provider level configuration.
 

docs/data-sources/domain_workspace_assignments.md

@@ -5,7 +5,7 @@ subcategory: ""
 description: |-
   List a Fabric Domain Workspace Assignments.
   Use this data source to list Domain Workspace Assignments https://learn.microsoft.com/fabric/governance/domains.
-  -> This item does not support Service Principal. Please use a User context authentication.
+  -> This item supports Service Principal authentication.
   ~> This data-source is in preview. To access it, you must explicitly enable the preview mode in the provider level configuration.
 ---
 
@@ -15,7 +15,7 @@ List a Fabric Domain Workspace Assignments.
 
 Use this data source to list [Domain Workspace Assignments](https://learn.microsoft.com/fabric/governance/domains).
 
--> This item does not support Service Principal. Please use a User context authentication.
+-> This item supports Service Principal authentication.
 
 ~> This data-source is in **preview**. To access it, you must explicitly enable the `preview` mode in the provider level configuration.
 

docs/data-sources/domains.md

@@ -5,7 +5,7 @@ subcategory: ""
 description: |-
   List a Fabric Domains.
   Use this data source to list Domains https://learn.microsoft.com/fabric/governance/domains.
-  -> This item does not support Service Principal. Please use a User context authentication.
+  -> This item supports Service Principal authentication.
 ---
 
 # fabric_domains (Data Source)
@@ -14,7 +14,7 @@ List a Fabric Domains.
 
 Use this data source to list [Domains](https://learn.microsoft.com/fabric/governance/domains).
 
--> This item does not support Service Principal. Please use a User context authentication.
+-> This item supports Service Principal authentication.
 
 ## Example Usage
 

docs/resources/domain.md

@@ -5,7 +5,7 @@ subcategory: ""
 description: |-
   Manage a Fabric Domain.
   Use this resource to manage Domain https://learn.microsoft.com/fabric/governance/domains.
-  -> This item does not support Service Principal. Please use a User context authentication.
+  -> This item supports Service Principal authentication.
   ~> This resource is in preview. To access it, you must explicitly enable the preview mode in the provider level configuration.
 ---
 
@@ -15,7 +15,7 @@ Manage a Fabric Domain.
 
 Use this resource to manage [Domain](https://learn.microsoft.com/fabric/governance/domains).
 
--> This item does not support Service Principal. Please use a User context authentication.
+-> This item supports Service Principal authentication.
 
 ~> This resource is in **preview**. To access it, you must explicitly enable the `preview` mode in the provider level configuration.
 

docs/resources/domain_role_assignments.md

@@ -5,7 +5,7 @@ subcategory: ""
 description: |-
   Manage a Fabric Domain Role Assignments.
   Use this resource to manage Domain Role Assignments https://learn.microsoft.com/fabric/governance/domains.
-  -> This item does not support Service Principal. Please use a User context authentication.
+  -> This item supports Service Principal authentication.
   ~> This resource is in preview. To access it, you must explicitly enable the preview mode in the provider level configuration.
 ---
 
@@ -15,7 +15,7 @@ Manage a Fabric Domain Role Assignments.
 
 Use this resource to manage [Domain Role Assignments](https://learn.microsoft.com/fabric/governance/domains).
 
--> This item does not support Service Principal. Please use a User context authentication.
+-> This item supports Service Principal authentication.
 
 ~> This resource is in **preview**. To access it, you must explicitly enable the `preview` mode in the provider level configuration.
 

docs/resources/domain_workspace_assignments.md

@@ -5,7 +5,7 @@ subcategory: ""
 description: |-
   Manage a Fabric Domain Workspace Assignments.
   Use this resource to manage Domain Workspace Assignments https://learn.microsoft.com/fabric/governance/domains.
-  -> This item does not support Service Principal. Please use a User context authentication.
+  -> This item supports Service Principal authentication.
   ~> This resource is in preview. To access it, you must explicitly enable the preview mode in the provider level configuration.
 ---
 
@@ -15,7 +15,7 @@ Manage a Fabric Domain Workspace Assignments.
 
 Use this resource to manage [Domain Workspace Assignments](https://learn.microsoft.com/fabric/governance/domains).
 
--> This item does not support Service Principal. Please use a User context authentication.
+-> This item supports Service Principal authentication.
 
 ~> This resource is in **preview**. To access it, you must explicitly enable the `preview` mode in the provider level configuration.
 

internal/services/domain/base.go

@@ -12,7 +12,7 @@ const (
 	ItemTFName                       = "domain"
 	ItemsName                        = "Domains"
 	ItemsTFName                      = "domains"
-	ItemDocsSPNSupport               = common.DocsSPNNotSupported
+	ItemDocsSPNSupport               = common.DocsSPNSupported
 	ItemDocsURL                      = "https://learn.microsoft.com/fabric/governance/domains"
 	DomainWorkspaceAssignmentsName   = "Domain Workspace Assignments"
 	DomainWorkspaceAssignmentsTFName = "domain_workspace_assignments"

internal/services/domain/data_domain.go

@@ -98,13 +98,8 @@ func (d *dataSourceDomain) Configure(_ context.Context, req datasource.Configure
 	d.pConfigData = pConfigData
 	d.client = fabadmin.NewClientFactoryWithClient(*pConfigData.FabricClient).NewDomainsClient()
 
-	diags := fabricitem.IsPreviewMode(d.Name, d.IsPreview, d.pConfigData.Preview)
-	if diags != nil {
-		resp.Diagnostics.Append(diags...)
-
-		if diags.HasError() {
-			return
-		}
+	if resp.Diagnostics.Append(fabricitem.IsPreviewMode(d.Name, d.IsPreview, d.pConfigData.Preview)...); resp.Diagnostics.HasError() {
+		return
 	}
 }
 

internal/services/domain/data_domain_workspace_assignments.go

@@ -99,13 +99,8 @@ func (d *dataSourceDomainWorkspaceAssignments) Configure(_ context.Context, req
 	d.pConfigData = pConfigData
 	d.client = fabadmin.NewClientFactoryWithClient(*pConfigData.FabricClient).NewDomainsClient()
 
-	diags := fabricitem.IsPreviewMode(d.Name, d.IsPreview, d.pConfigData.Preview)
-	if diags != nil {
-		resp.Diagnostics.Append(diags...)
-
-		if diags.HasError() {
-			return
-		}
+	if resp.Diagnostics.Append(fabricitem.IsPreviewMode(d.Name, d.IsPreview, d.pConfigData.Preview)...); resp.Diagnostics.HasError() {
+		return
 	}
 }
 

internal/services/domain/data_domains.go

@@ -110,13 +110,8 @@ func (d *dataSourceDomains) Configure(_ context.Context, req datasource.Configur
 	d.pConfigData = pConfigData
 	d.client = fabadmin.NewClientFactoryWithClient(*pConfigData.FabricClient).NewDomainsClient()
 
-	diags := fabricitem.IsPreviewMode(d.Name, d.IsPreview, d.pConfigData.Preview)
-	if diags != nil {
-		resp.Diagnostics.Append(diags...)
-
-		if diags.HasError() {
-			return
-		}
+	if resp.Diagnostics.Append(fabricitem.IsPreviewMode(d.Name, d.IsPreview, d.pConfigData.Preview)...); resp.Diagnostics.HasError() {
+		return
 	}
 }
 

internal/services/domain/resource_domain.go

@@ -130,13 +130,8 @@ func (r *resourceDomain) Configure(_ context.Context, req resource.ConfigureRequ
 	r.pConfigData = pConfigData
 	r.client = fabadmin.NewClientFactoryWithClient(*pConfigData.FabricClient).NewDomainsClient()
 
-	diags := fabricitem.IsPreviewMode(r.Name, r.IsPreview, r.pConfigData.Preview)
-	if diags != nil {
-		resp.Diagnostics.Append(diags...)
-
-		if diags.HasError() {
-			return
-		}
+	if resp.Diagnostics.Append(fabricitem.IsPreviewMode(r.Name, r.IsPreview, r.pConfigData.Preview)...); resp.Diagnostics.HasError() {
+		return
 	}
 }
 

internal/services/domain/resource_domain_role_assignments.go

@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/hashicorp/terraform-plugin-framework-timeouts/resource/timeouts"
 	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
@@ -17,6 +18,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	fabadmin "github.com/microsoft/fabric-sdk-go/fabric/admin"
+	fabcore "github.com/microsoft/fabric-sdk-go/fabric/core"
 	supertypes "github.com/orange-cloudavenue/terraform-plugin-framework-supertypes"
 
 	"github.com/microsoft/terraform-provider-fabric/internal/common"
@@ -131,13 +133,8 @@ func (r *resourceDomainRoleAssignments) Configure(_ context.Context, req resourc
 	r.pConfigData = pConfigData
 	r.client = fabadmin.NewClientFactoryWithClient(*pConfigData.FabricClient).NewDomainsClient()
 
-	diags := fabricitem.IsPreviewMode(r.Name, r.IsPreview, r.pConfigData.Preview)
-	if diags != nil {
-		resp.Diagnostics.Append(diags...)
-
-		if diags.HasError() {
-			return
-		}
+	if resp.Diagnostics.Append(fabricitem.IsPreviewMode(r.Name, r.IsPreview, r.pConfigData.Preview)...); resp.Diagnostics.HasError() {
+		return
 	}
 }
 
@@ -335,10 +332,30 @@ func (r *resourceDomainRoleAssignments) Delete(ctx context.Context, req resource
 	}
 
 	_, err := r.client.RoleAssignmentsBulkUnassign(ctx, state.DomainID.ValueString(), reqDelete.DomainRoleUnassignmentRequest, nil)
-	if resp.Diagnostics.Append(utils.GetDiagsFromError(ctx, err, utils.OperationDelete, nil)...); resp.Diagnostics.HasError() {
+	diags = utils.GetDiagsFromError(ctx, err, utils.OperationDelete, fabcore.ErrDomain.DomainSpecificUsersScopeCannotBeEmptyError)
+
+	if diags.HasError() && !utils.IsErr(diags, fabcore.ErrDomain.DomainSpecificUsersScopeCannotBeEmptyError) {
+		resp.Diagnostics.Append(diags...)
+
 		return
 	}
 
+	if diags.HasError() && utils.IsErr(diags, fabcore.ErrDomain.DomainSpecificUsersScopeCannotBeEmptyError) {
+		_, err := r.client.UpdateDomain(ctx, state.DomainID.ValueString(), fabadmin.UpdateDomainRequest{
+			ContributorsScope: to.Ptr(fabadmin.ContributorsScopeTypeAllTenant),
+		}, nil)
+		if resp.Diagnostics.Append(utils.GetDiagsFromError(ctx, err, utils.OperationDelete, nil)...); resp.Diagnostics.HasError() {
+			return
+		}
+
+		_, err = r.client.UpdateDomain(ctx, state.DomainID.ValueString(), fabadmin.UpdateDomainRequest{
+			ContributorsScope: to.Ptr(fabadmin.ContributorsScopeTypeSpecificUsersAndGroups),
+		}, nil)
+		if resp.Diagnostics.Append(utils.GetDiagsFromError(ctx, err, utils.OperationDelete, nil)...); resp.Diagnostics.HasError() {
+			return
+		}
+	}
+
 	resp.State.RemoveResource(ctx)
 
 	tflog.Debug(ctx, "DELETE", map[string]any{