feat: Add scm_device resource and data sources for device-to-folder management

[CrazyLegsCooper-Qumodity]

feat: Add scm_device resource and data sources for device-to-folder management

Problem

Azure vWAN-connected firewalls onboarded into Strata Cloud Manager appear under "All Firewalls" but cannot be moved into the correct folder hierarchy (e.g. "Azure Firewalls > Production Services") via Terraform. The SCM API supports device-to-folder assignment through its Devices PUT endpoint, and the SDK already had the Devices and DevicesPut model structs generated from the OpenAPI spec, but no API service was wired up — and the Terraform provider had no corresponding resource or data source.

Solution

New resource: scm_device — an adopt-and-manage resource that allows Terraform to manage an existing device's folder assignment, labels, snippets, description, and display name.

• Create adopts an existing device by updating it to the desired folder/labels/snippets (the device already exists in SCM — it was onboarded externally).
• Read retrieves the full device state from the API.
• Update changes the mutable fields (folder, description, display_name, labels, snippets) via the Devices PUT endpoint.
• Delete removes the device from Terraform state only — the physical device is NOT deleted from SCM.
• Import supported via device UUID.

New data sources:

• scm_device — look up a single device by UUID.
• scm_device_list — list devices with optional folder filter, limit, and offset.

Usage Example

# Move a firewall into the correct folder
resource "scm_device" "fw_prod" {
  id     = "device-uuid-here"
  folder = "Azure Firewalls/Production Services"
  labels = ["production", "vwan"]
}

# Look up a device
data "scm_device" "lookup" {
  id = "device-uuid-here"
}

# List all devices in a folder
data "scm_device_list" "prod_firewalls" {
  folder = "Azure Firewalls/Production Services"
}

Changes

Modified files:

• go.mod — added local replace directive for scm-go development (to be updated to module version before merge)
• internal/provider/config_setup/resources.go — registered NewDeviceResource
• internal/provider/config_setup/datasources.go — registered NewDeviceDataSource and NewDeviceListDataSource

New files:

• internal/models/config_setup/model_devices.go — Terraform schema model with resource, data source, and list data source schemas
• internal/models/config_setup/model_devices_test.go — schema validation tests (7 tests)
• internal/provider/config_setup/resource_device.go — scm_device resource implementation
• internal/provider/config_setup/resource_device_mappers.go — pack/unpack functions between TF model and SDK structs
• internal/provider/config_setup/resource_device_mappers_test.go — mapper unit tests (8 tests)
• internal/provider/config_setup/data_source_device.go — scm_device data source
• internal/provider/config_setup/data_source_device_list.go — scm_device_list data source

Companion PR

Depends on PaloAltoNetworks/scm-go#20 — must be merged and tagged before this PR can be finalized.

This PR depends on a corresponding change in the scm-go SDK (PaloAltoNetworks/scm-go#20) that adds the DevicesAPIService with ListDevices, GetDeviceByID, and UpdateDeviceByID methods. The go.mod replace directive should be updated to point to the published scm-go version once that SDK PR is merged and tagged.

Testing

• 15 unit tests pass (7 schema + 8 mapper tests)
• All tests run via go test ./internal/... -v
• SDK integration tests (in scm-go repo) cover the API endpoints against live SCM
• Full go build ./... compiles clean