diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e08c110..960329a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,7 +17,7 @@ jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           # Allow goreleaser to access older tag information.
           fetch-depth: 0
@@ -32,7 +32,7 @@ jobs:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0
+        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
         with:
           args: release --clean
         env:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index af0b6fe..e5b73f8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
           go-version-file: 'go.mod'
@@ -37,7 +37,7 @@ jobs:
   generate:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
           go-version-file: 'go.mod'
@@ -65,7 +65,7 @@ jobs:
           - '1.3.*'
           - '1.4.*'
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
           go-version-file: 'go.mod'
diff --git a/.gitignore b/.gitignore
index fd3ad8e..cf9e7a4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -33,3 +33,4 @@ website/vendor
 
 # Keep windows files with windows line endings
 *.winfile eol=crlf
+dev.auto.tfvars
diff --git a/docs/data-sources/account.md b/docs/data-sources/account.md
new file mode 100644
index 0000000..b534285
--- /dev/null
+++ b/docs/data-sources/account.md
@@ -0,0 +1,373 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_account Data Source - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_account (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `uuid` (String)
+
+### Optional
+
+- `additional` (List of String)
+
+### Read-Only
+
+- `account_permissions` (Attributes List) (see [below for nested schema](#nestedatt--account_permissions))
+- `active` (Boolean)
+- `active_login` (Boolean)
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `can_request_groups` (Boolean)
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--directory))
+- `directory_name` (String)
+- `directory_password_change_required` (Boolean)
+- `directory_rotating_password` (String)
+- `directory_type` (String)
+- `display_name` (String)
+- `email` (String)
+- `groups` (Attributes List) (see [below for nested schema](#nestedatt--groups))
+- `id_in_directory` (String)
+- `key_hub_password_change_required` (Boolean)
+- `last_active` (String)
+- `last_modified_at` (String)
+- `license_role` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `locale` (String)
+- `pending_recovery_requests` (Attributes) (see [below for nested schema](#nestedatt--pending_recovery_requests))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `reregistration_required` (Boolean)
+- `settings` (Attributes) (see [below for nested schema](#nestedatt--settings))
+- `stored_attributes` (Attributes) (see [below for nested schema](#nestedatt--stored_attributes))
+- `token_password_enabled` (Boolean)
+- `two_factor_status` (String)
+- `username` (String)
+- `valid_in_directory` (Boolean)
+- `validity` (String)
+- `vault` (Attributes) (see [below for nested schema](#nestedatt--vault))
+
+<a id="nestedatt--account_permissions"></a>
+### Nested Schema for `account_permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--directory"></a>
+### Nested Schema for `directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--directory--links"></a>
+### Nested Schema for `directory.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--directory--permissions"></a>
+### Nested Schema for `directory.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groups"></a>
+### Nested Schema for `groups`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `admin` (Boolean)
+- `end_date` (String)
+- `folder` (Attributes) (see [below for nested schema](#nestedatt--groups--folder))
+- `last_used` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--permissions))
+- `provisioning_end_time` (String)
+- `rights` (String)
+- `uuid` (String)
+- `visible_for_provisioning` (Boolean)
+
+<a id="nestedatt--groups--folder"></a>
+### Nested Schema for `groups.folder`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--folder--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--folder--permissions))
+
+<a id="nestedatt--groups--folder--links"></a>
+### Nested Schema for `groups.folder.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--folder--permissions"></a>
+### Nested Schema for `groups.folder.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groups--links"></a>
+### Nested Schema for `groups.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--permissions"></a>
+### Nested Schema for `groups.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--pending_recovery_requests"></a>
+### Nested Schema for `pending_recovery_requests`
+
+Read-Only:
+
+- `pending2fa_recovery_request` (Boolean)
+- `pending_password_recovery_request` (Boolean)
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--settings"></a>
+### Nested Schema for `settings`
+
+Read-Only:
+
+- `default_organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--settings--default_organizational_unit))
+- `directory_name` (String)
+- `directory_type` (String)
+- `in_groups` (Boolean)
+- `in_multiple_organizational_units` (Boolean)
+- `key_hub_admin` (Boolean)
+- `multiple_organizational_units_exist` (Boolean)
+- `password_mode` (String)
+- `ssh_public_key` (String)
+- `two_factor_authentication` (String)
+- `use_token_password` (Boolean)
+- `vault_status` (String)
+
+<a id="nestedatt--settings--default_organizational_unit"></a>
+### Nested Schema for `settings.default_organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--settings--default_organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--settings--default_organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--settings--default_organizational_unit--links"></a>
+### Nested Schema for `settings.default_organizational_unit.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--settings--default_organizational_unit--permissions"></a>
+### Nested Schema for `settings.default_organizational_unit.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--stored_attributes"></a>
+### Nested Schema for `stored_attributes`
+
+Read-Only:
+
+- `attributes` (Attributes List) (see [below for nested schema](#nestedatt--stored_attributes--attributes))
+
+<a id="nestedatt--stored_attributes--attributes"></a>
+### Nested Schema for `stored_attributes.attributes`
+
+Read-Only:
+
+- `name` (String)
+- `value` (String)
+
+
+
+<a id="nestedatt--vault"></a>
+### Nested Schema for `vault`
+
+Read-Only:
+
+- `access_available` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--vault--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--vault--permissions))
+- `records` (Attributes List) (see [below for nested schema](#nestedatt--vault--records))
+
+<a id="nestedatt--vault--links"></a>
+### Nested Schema for `vault.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--vault--permissions"></a>
+### Nested Schema for `vault.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--vault--records"></a>
+### Nested Schema for `vault.records`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `color` (String)
+- `derived` (Boolean)
+- `end_date` (String)
+- `filename` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--vault--records--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--vault--records--permissions))
+- `share_end_time` (String)
+- `types` (List of String)
+- `url` (String)
+- `username` (String)
+- `uuid` (String)
+- `warning_period` (String)
+
+<a id="nestedatt--vault--records--links"></a>
+### Nested Schema for `vault.records.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--vault--records--permissions"></a>
+### Nested Schema for `vault.records.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
diff --git a/docs/data-sources/certificate.md b/docs/data-sources/certificate.md
new file mode 100644
index 0000000..cb7334c
--- /dev/null
+++ b/docs/data-sources/certificate.md
@@ -0,0 +1,71 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_certificate Data Source - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_certificate (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `uuid` (String)
+
+### Optional
+
+- `additional` (List of String)
+
+### Read-Only
+
+- `alias` (String)
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `key_data` (List of String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `subject_dn` (String)
+- `type` (String)
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
diff --git a/docs/data-sources/client.md b/docs/data-sources/client.md
new file mode 100644
index 0000000..b77eb79
--- /dev/null
+++ b/docs/data-sources/client.md
@@ -0,0 +1,833 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_client Data Source - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_client (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `uuid` (String)
+
+### Optional
+
+- `additional` (List of String)
+
+### Read-Only
+
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `client_id` (String)
+- `groupclients` (Attributes List) (see [below for nested schema](#nestedatt--groupclients))
+- `groups` (Attributes List) (see [below for nested schema](#nestedatt--groups))
+- `last_modified_at` (String)
+- `ldap_client` (Attributes) (see [below for nested schema](#nestedatt--ldap_client))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `name` (String)
+- `o_auth2_client` (Attributes) (see [below for nested schema](#nestedatt--o_auth2_client))
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--owner))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `saml2_client` (Attributes) (see [below for nested schema](#nestedatt--saml2_client))
+- `scopes` (List of String)
+- `secret` (Attributes) (see [below for nested schema](#nestedatt--secret))
+- `sso_application` (Boolean)
+- `technical_administrator` (Attributes) (see [below for nested schema](#nestedatt--technical_administrator))
+- `tile` (Attributes) (see [below for nested schema](#nestedatt--tile))
+- `type` (String)
+- `vault_record_count` (Number)
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--groupclients"></a>
+### Nested Schema for `groupclients`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `activation_required` (Boolean)
+- `client` (Attributes) (see [below for nested schema](#nestedatt--groupclients--client))
+- `group` (Attributes) (see [below for nested schema](#nestedatt--groupclients--group))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groupclients--links))
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--groupclients--owner))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groupclients--permissions))
+- `technical_administrator` (Attributes) (see [below for nested schema](#nestedatt--groupclients--technical_administrator))
+
+<a id="nestedatt--groupclients--client"></a>
+### Nested Schema for `groupclients.client`
+
+Read-Only:
+
+- `client_id` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groupclients--client--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groupclients--client--permissions))
+- `scopes` (List of String)
+- `sso_application` (Boolean)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--groupclients--client--links"></a>
+### Nested Schema for `groupclients.client.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groupclients--client--permissions"></a>
+### Nested Schema for `groupclients.client.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groupclients--group"></a>
+### Nested Schema for `groupclients.group`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groupclients--group--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groupclients--group--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--groupclients--group--links"></a>
+### Nested Schema for `groupclients.group.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groupclients--group--permissions"></a>
+### Nested Schema for `groupclients.group.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groupclients--links"></a>
+### Nested Schema for `groupclients.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groupclients--owner"></a>
+### Nested Schema for `groupclients.owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groupclients--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groupclients--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--groupclients--owner--links"></a>
+### Nested Schema for `groupclients.owner.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groupclients--owner--permissions"></a>
+### Nested Schema for `groupclients.owner.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groupclients--permissions"></a>
+### Nested Schema for `groupclients.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groupclients--technical_administrator"></a>
+### Nested Schema for `groupclients.technical_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groupclients--technical_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groupclients--technical_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--groupclients--technical_administrator--links"></a>
+### Nested Schema for `groupclients.technical_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groupclients--technical_administrator--permissions"></a>
+### Nested Schema for `groupclients.technical_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--groups"></a>
+### Nested Schema for `groups`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `admin` (Boolean)
+- `application_administration` (Boolean)
+- `audit_config` (Attributes) (see [below for nested schema](#nestedatt--groups--audit_config))
+- `audit_requested` (Boolean)
+- `auditor` (Boolean)
+- `authorizing_group_auditing` (Attributes) (see [below for nested schema](#nestedatt--groups--authorizing_group_auditing))
+- `authorizing_group_delegation` (Attributes) (see [below for nested schema](#nestedatt--groups--authorizing_group_delegation))
+- `authorizing_group_membership` (Attributes) (see [below for nested schema](#nestedatt--groups--authorizing_group_membership))
+- `authorizing_group_provisioning` (Attributes) (see [below for nested schema](#nestedatt--groups--authorizing_group_provisioning))
+- `authorizing_group_types` (List of String)
+- `classification` (Attributes) (see [below for nested schema](#nestedatt--groups--classification))
+- `description` (String)
+- `extended_access` (String)
+- `hide_audit_trail` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--links))
+- `name` (String)
+- `nested_under` (Attributes) (see [below for nested schema](#nestedatt--groups--nested_under))
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--groups--organizational_unit))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--permissions))
+- `private_group` (Boolean)
+- `record_trail` (Boolean)
+- `rotating_password_required` (Boolean)
+- `single_managed` (Boolean)
+- `uuid` (String)
+- `vault_recovery` (String)
+- `vault_requires_activation` (Boolean)
+
+<a id="nestedatt--groups--audit_config"></a>
+### Nested Schema for `groups.audit_config`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--audit_config--links))
+- `months` (List of String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--audit_config--permissions))
+
+<a id="nestedatt--groups--audit_config--links"></a>
+### Nested Schema for `groups.audit_config.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--audit_config--permissions"></a>
+### Nested Schema for `groups.audit_config.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groups--authorizing_group_auditing"></a>
+### Nested Schema for `groups.authorizing_group_auditing`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--authorizing_group_auditing--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--authorizing_group_auditing--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--groups--authorizing_group_auditing--links"></a>
+### Nested Schema for `groups.authorizing_group_auditing.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--authorizing_group_auditing--permissions"></a>
+### Nested Schema for `groups.authorizing_group_auditing.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groups--authorizing_group_delegation"></a>
+### Nested Schema for `groups.authorizing_group_delegation`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--authorizing_group_delegation--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--authorizing_group_delegation--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--groups--authorizing_group_delegation--links"></a>
+### Nested Schema for `groups.authorizing_group_delegation.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--authorizing_group_delegation--permissions"></a>
+### Nested Schema for `groups.authorizing_group_delegation.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groups--authorizing_group_membership"></a>
+### Nested Schema for `groups.authorizing_group_membership`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--authorizing_group_membership--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--authorizing_group_membership--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--groups--authorizing_group_membership--links"></a>
+### Nested Schema for `groups.authorizing_group_membership.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--authorizing_group_membership--permissions"></a>
+### Nested Schema for `groups.authorizing_group_membership.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groups--authorizing_group_provisioning"></a>
+### Nested Schema for `groups.authorizing_group_provisioning`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--authorizing_group_provisioning--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--authorizing_group_provisioning--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--groups--authorizing_group_provisioning--links"></a>
+### Nested Schema for `groups.authorizing_group_provisioning.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--authorizing_group_provisioning--permissions"></a>
+### Nested Schema for `groups.authorizing_group_provisioning.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groups--classification"></a>
+### Nested Schema for `groups.classification`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--classification--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--classification--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--groups--classification--links"></a>
+### Nested Schema for `groups.classification.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--classification--permissions"></a>
+### Nested Schema for `groups.classification.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groups--links"></a>
+### Nested Schema for `groups.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--nested_under"></a>
+### Nested Schema for `groups.nested_under`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--nested_under--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--nested_under--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--groups--nested_under--links"></a>
+### Nested Schema for `groups.nested_under.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--nested_under--permissions"></a>
+### Nested Schema for `groups.nested_under.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groups--organizational_unit"></a>
+### Nested Schema for `groups.organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--groups--organizational_unit--links"></a>
+### Nested Schema for `groups.organizational_unit.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--organizational_unit--permissions"></a>
+### Nested Schema for `groups.organizational_unit.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groups--permissions"></a>
+### Nested Schema for `groups.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--ldap_client"></a>
+### Nested Schema for `ldap_client`
+
+Read-Only:
+
+- `bind_dn` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--ldap_client--client_certificate))
+- `share_secret_in_vault` (Boolean)
+- `shared_secret` (Attributes) (see [below for nested schema](#nestedatt--ldap_client--shared_secret))
+- `used_for_provisioning` (Boolean)
+
+<a id="nestedatt--ldap_client--client_certificate"></a>
+### Nested Schema for `ldap_client.client_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--ldap_client--client_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--ldap_client--client_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--ldap_client--client_certificate--links"></a>
+### Nested Schema for `ldap_client.client_certificate.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--ldap_client--client_certificate--permissions"></a>
+### Nested Schema for `ldap_client.client_certificate.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--ldap_client--shared_secret"></a>
+### Nested Schema for `ldap_client.shared_secret`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--ldap_client--shared_secret--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--ldap_client--shared_secret--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--ldap_client--shared_secret--links"></a>
+### Nested Schema for `ldap_client.shared_secret.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--ldap_client--shared_secret--permissions"></a>
+### Nested Schema for `ldap_client.shared_secret.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--o_auth2_client"></a>
+### Nested Schema for `o_auth2_client`
+
+Read-Only:
+
+- `account_permissions` (Attributes List) (see [below for nested schema](#nestedatt--o_auth2_client--account_permissions))
+- `attributes` (Map of String)
+- `callback_uri` (String)
+- `confidential` (Boolean)
+- `debug_mode` (Boolean)
+- `id_token_claims` (String)
+- `initiate_login_uri` (String)
+- `resource_uris` (String)
+- `share_secret_in_vault` (Boolean)
+- `shared_secret` (Attributes) (see [below for nested schema](#nestedatt--o_auth2_client--shared_secret))
+- `show_landing_page` (Boolean)
+- `use_client_credentials` (Boolean)
+
+<a id="nestedatt--o_auth2_client--account_permissions"></a>
+### Nested Schema for `o_auth2_client.account_permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--o_auth2_client--shared_secret"></a>
+### Nested Schema for `o_auth2_client.shared_secret`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--o_auth2_client--shared_secret--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--o_auth2_client--shared_secret--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--o_auth2_client--shared_secret--links"></a>
+### Nested Schema for `o_auth2_client.shared_secret.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--o_auth2_client--shared_secret--permissions"></a>
+### Nested Schema for `o_auth2_client.shared_secret.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owner"></a>
+### Nested Schema for `owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owner--links"></a>
+### Nested Schema for `owner.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owner--permissions"></a>
+### Nested Schema for `owner.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--saml2_client"></a>
+### Nested Schema for `saml2_client`
+
+Read-Only:
+
+- `attributes` (Map of String)
+- `metadata` (String)
+- `metadata_url` (String)
+- `subject_format` (String)
+
+
+<a id="nestedatt--secret"></a>
+### Nested Schema for `secret`
+
+Read-Only:
+
+- `generated_secret` (String)
+- `old_secret` (String)
+- `regenerate` (Boolean)
+
+
+<a id="nestedatt--technical_administrator"></a>
+### Nested Schema for `technical_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--technical_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--technical_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--technical_administrator--links"></a>
+### Nested Schema for `technical_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--technical_administrator--permissions"></a>
+### Nested Schema for `technical_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--tile"></a>
+### Nested Schema for `tile`
+
+Read-Only:
+
+- `uri` (String)
diff --git a/docs/data-sources/directory.md b/docs/data-sources/directory.md
new file mode 100644
index 0000000..610622f
--- /dev/null
+++ b/docs/data-sources/directory.md
@@ -0,0 +1,378 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_directory Data Source - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_directory (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `uuid` (String)
+
+### Optional
+
+- `additional` (List of String)
+
+### Read-Only
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `base_organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--base_organizational_unit))
+- `default_directory` (Boolean)
+- `helpdesk_group` (Attributes) (see [below for nested schema](#nestedatt--helpdesk_group))
+- `internal_directory` (Attributes) (see [below for nested schema](#nestedatt--internal_directory))
+- `l_d_a_p_directory` (Attributes) (see [below for nested schema](#nestedatt--l_d_a_p_directory))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `maintenance_directory` (Attributes) (see [below for nested schema](#nestedatt--maintenance_directory))
+- `markers` (Attributes) (see [below for nested schema](#nestedatt--markers))
+- `name` (String)
+- `o_id_c_directory` (Attributes) (see [below for nested schema](#nestedatt--o_id_c_directory))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `restrict2fa` (Boolean)
+- `rotating_password` (String)
+- `status` (Attributes) (see [below for nested schema](#nestedatt--status))
+- `type` (String)
+- `username_customizable` (Boolean)
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--base_organizational_unit"></a>
+### Nested Schema for `base_organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--base_organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--base_organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--base_organizational_unit--links"></a>
+### Nested Schema for `base_organizational_unit.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--base_organizational_unit--permissions"></a>
+### Nested Schema for `base_organizational_unit.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--helpdesk_group"></a>
+### Nested Schema for `helpdesk_group`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--helpdesk_group--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--helpdesk_group--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--helpdesk_group--links"></a>
+### Nested Schema for `helpdesk_group.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--helpdesk_group--permissions"></a>
+### Nested Schema for `helpdesk_group.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--internal_directory"></a>
+### Nested Schema for `internal_directory`
+
+Read-Only:
+
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--internal_directory--owner))
+
+<a id="nestedatt--internal_directory--owner"></a>
+### Nested Schema for `internal_directory.owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--internal_directory--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--internal_directory--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--internal_directory--owner--links"></a>
+### Nested Schema for `internal_directory.owner.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--internal_directory--owner--permissions"></a>
+### Nested Schema for `internal_directory.owner.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--l_d_a_p_directory"></a>
+### Nested Schema for `l_d_a_p_directory`
+
+Read-Only:
+
+- `attributes_to_store` (String)
+- `base_dn` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--l_d_a_p_directory--client_certificate))
+- `dialect` (String)
+- `failover_host` (String)
+- `failover_trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--l_d_a_p_directory--failover_trusted_certificate))
+- `host` (String)
+- `password_recovery` (String)
+- `port` (Number)
+- `search_bind_dn` (String)
+- `search_bind_password` (String)
+- `search_filter` (String)
+- `tls` (String)
+- `trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--l_d_a_p_directory--trusted_certificate))
+
+<a id="nestedatt--l_d_a_p_directory--client_certificate"></a>
+### Nested Schema for `l_d_a_p_directory.client_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--l_d_a_p_directory--client_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--l_d_a_p_directory--client_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--l_d_a_p_directory--client_certificate--links"></a>
+### Nested Schema for `l_d_a_p_directory.client_certificate.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--l_d_a_p_directory--client_certificate--permissions"></a>
+### Nested Schema for `l_d_a_p_directory.client_certificate.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--l_d_a_p_directory--failover_trusted_certificate"></a>
+### Nested Schema for `l_d_a_p_directory.failover_trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--l_d_a_p_directory--failover_trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--l_d_a_p_directory--failover_trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--l_d_a_p_directory--failover_trusted_certificate--links"></a>
+### Nested Schema for `l_d_a_p_directory.failover_trusted_certificate.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--l_d_a_p_directory--failover_trusted_certificate--permissions"></a>
+### Nested Schema for `l_d_a_p_directory.failover_trusted_certificate.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--l_d_a_p_directory--trusted_certificate"></a>
+### Nested Schema for `l_d_a_p_directory.trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--l_d_a_p_directory--trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--l_d_a_p_directory--trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--l_d_a_p_directory--trusted_certificate--links"></a>
+### Nested Schema for `l_d_a_p_directory.trusted_certificate.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--l_d_a_p_directory--trusted_certificate--permissions"></a>
+### Nested Schema for `l_d_a_p_directory.trusted_certificate.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--maintenance_directory"></a>
+### Nested Schema for `maintenance_directory`
+
+
+<a id="nestedatt--markers"></a>
+### Nested Schema for `markers`
+
+Read-Only:
+
+- `markers` (Attributes List) (see [below for nested schema](#nestedatt--markers--markers))
+
+<a id="nestedatt--markers--markers"></a>
+### Nested Schema for `markers.markers`
+
+Read-Only:
+
+- `level` (String)
+- `parameters` (Map of String)
+- `type` (String)
+
+
+
+<a id="nestedatt--o_id_c_directory"></a>
+### Nested Schema for `o_id_c_directory`
+
+Read-Only:
+
+- `acr_values` (String)
+- `attributes_to_store` (String)
+- `client_id` (String)
+- `client_secret` (String)
+- `domain_restriction` (String)
+- `enforces2fa` (Boolean)
+- `fully_resolved_issuer` (String)
+- `issuer` (String)
+- `logout_url` (String)
+- `send_login_hint` (Boolean)
+- `vendor_escaped` (String)
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--status"></a>
+### Nested Schema for `status`
+
+Read-Only:
+
+- `accounts` (Number)
+- `reason` (String)
+- `status` (String)
diff --git a/docs/data-sources/group.md b/docs/data-sources/group.md
new file mode 100644
index 0000000..8edfe7f
--- /dev/null
+++ b/docs/data-sources/group.md
@@ -0,0 +1,5385 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_group Data Source - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_group (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `uuid` (String)
+
+### Optional
+
+- `additional` (List of String)
+
+### Read-Only
+
+- `accounts` (Attributes List) (see [below for nested schema](#nestedatt--accounts))
+- `admin` (Boolean)
+- `administered_clients` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients))
+- `administered_systems` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems))
+- `admins` (Attributes List, Deprecated) (see [below for nested schema](#nestedatt--admins))
+- `application_administration` (Boolean)
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `audit_config` (Attributes) (see [below for nested schema](#nestedatt--audit_config))
+- `audit_requested` (Boolean)
+- `auditor` (Boolean)
+- `authorized_groups` (Attributes) (see [below for nested schema](#nestedatt--authorized_groups))
+- `authorizing_group_auditing` (Attributes) (see [below for nested schema](#nestedatt--authorizing_group_auditing))
+- `authorizing_group_delegation` (Attributes) (see [below for nested schema](#nestedatt--authorizing_group_delegation))
+- `authorizing_group_membership` (Attributes) (see [below for nested schema](#nestedatt--authorizing_group_membership))
+- `authorizing_group_provisioning` (Attributes) (see [below for nested schema](#nestedatt--authorizing_group_provisioning))
+- `authorizing_group_types` (List of String)
+- `classification` (Attributes) (see [below for nested schema](#nestedatt--classification))
+- `client_permissions` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions))
+- `clients` (Attributes List) (see [below for nested schema](#nestedatt--clients))
+- `content_administered_systems` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems))
+- `description` (String)
+- `extended_access` (String)
+- `groupauditinginfo` (Attributes) (see [below for nested schema](#nestedatt--groupauditinginfo))
+- `groupinfo` (Attributes) (see [below for nested schema](#nestedatt--groupinfo))
+- `helpdesk` (Attributes List) (see [below for nested schema](#nestedatt--helpdesk))
+- `hide_audit_trail` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `markers` (Attributes) (see [below for nested schema](#nestedatt--markers))
+- `myaccount` (Attributes) (see [below for nested schema](#nestedatt--myaccount))
+- `mydelegatedaccount` (Attributes) (see [below for nested schema](#nestedatt--mydelegatedaccount))
+- `name` (String)
+- `nested_groups` (Attributes List) (see [below for nested schema](#nestedatt--nested_groups))
+- `nested_under` (Attributes) (see [below for nested schema](#nestedatt--nested_under))
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--organizational_unit))
+- `owned_clients` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients))
+- `owned_directories` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories))
+- `owned_groups_on_system` (Attributes) (see [below for nested schema](#nestedatt--owned_groups_on_system))
+- `owned_organizational_units` (Attributes List) (see [below for nested schema](#nestedatt--owned_organizational_units))
+- `owned_systems` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `private_group` (Boolean)
+- `recent_audits` (Attributes List) (see [below for nested schema](#nestedatt--recent_audits))
+- `record_trail` (Boolean)
+- `requeststatus` (String)
+- `rotating_password_required` (Boolean)
+- `service_accounts` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts))
+- `single_managed` (Boolean)
+- `systems` (Attributes List) (see [below for nested schema](#nestedatt--systems))
+- `vault` (Attributes) (see [below for nested schema](#nestedatt--vault))
+- `vault_recovery` (String)
+- `vault_requires_activation` (Boolean)
+- `webhooks` (Attributes List) (see [below for nested schema](#nestedatt--webhooks))
+
+<a id="nestedatt--accounts"></a>
+### Nested Schema for `accounts`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--accounts--directory))
+- `disconnected_nested` (Boolean)
+- `display_name` (String)
+- `end_date` (String)
+- `last_active` (String)
+- `last_used` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--accounts--links))
+- `nested` (Boolean)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--accounts--permissions))
+- `provisioning_end_time` (String)
+- `rights` (String)
+- `two_factor_status` (String)
+- `username` (String)
+- `uuid` (String)
+- `validity` (String)
+- `visible_for_provisioning` (Boolean)
+
+<a id="nestedatt--accounts--directory"></a>
+### Nested Schema for `accounts.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--accounts--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--accounts--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--accounts--directory--links"></a>
+### Nested Schema for `accounts.directory.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--accounts--directory--permissions"></a>
+### Nested Schema for `accounts.directory.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--accounts--links"></a>
+### Nested Schema for `accounts.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--accounts--permissions"></a>
+### Nested Schema for `accounts.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--administered_clients"></a>
+### Nested Schema for `administered_clients`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `client_id` (String)
+- `last_modified_at` (String)
+- `ldap_client` (Attributes) (see [below for nested schema](#nestedatt--administered_clients--ldap_client))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--links))
+- `name` (String)
+- `o_auth2_client` (Attributes) (see [below for nested schema](#nestedatt--administered_clients--o_auth2_client))
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--administered_clients--owner))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--permissions))
+- `saml2_client` (Attributes) (see [below for nested schema](#nestedatt--administered_clients--saml2_client))
+- `scopes` (List of String)
+- `sso_application` (Boolean)
+- `technical_administrator` (Attributes) (see [below for nested schema](#nestedatt--administered_clients--technical_administrator))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_clients--ldap_client"></a>
+### Nested Schema for `administered_clients.ldap_client`
+
+Read-Only:
+
+- `bind_dn` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--administered_clients--ldap_client--client_certificate))
+- `share_secret_in_vault` (Boolean)
+- `shared_secret` (Attributes) (see [below for nested schema](#nestedatt--administered_clients--ldap_client--shared_secret))
+- `used_for_provisioning` (Boolean)
+
+<a id="nestedatt--administered_clients--ldap_client--client_certificate"></a>
+### Nested Schema for `administered_clients.ldap_client.client_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--ldap_client--client_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--ldap_client--client_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_clients--ldap_client--client_certificate--links"></a>
+### Nested Schema for `administered_clients.ldap_client.client_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_clients--ldap_client--client_certificate--permissions"></a>
+### Nested Schema for `administered_clients.ldap_client.client_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--administered_clients--ldap_client--shared_secret"></a>
+### Nested Schema for `administered_clients.ldap_client.shared_secret`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--ldap_client--shared_secret--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--ldap_client--shared_secret--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_clients--ldap_client--shared_secret--links"></a>
+### Nested Schema for `administered_clients.ldap_client.shared_secret.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_clients--ldap_client--shared_secret--permissions"></a>
+### Nested Schema for `administered_clients.ldap_client.shared_secret.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--administered_clients--links"></a>
+### Nested Schema for `administered_clients.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_clients--o_auth2_client"></a>
+### Nested Schema for `administered_clients.o_auth2_client`
+
+Read-Only:
+
+- `account_permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--o_auth2_client--account_permissions))
+- `attributes` (Map of String)
+- `callback_uri` (String)
+- `confidential` (Boolean)
+- `debug_mode` (Boolean)
+- `id_token_claims` (String)
+- `initiate_login_uri` (String)
+- `resource_uris` (String)
+- `share_secret_in_vault` (Boolean)
+- `shared_secret` (Attributes) (see [below for nested schema](#nestedatt--administered_clients--o_auth2_client--shared_secret))
+- `show_landing_page` (Boolean)
+- `use_client_credentials` (Boolean)
+
+<a id="nestedatt--administered_clients--o_auth2_client--account_permissions"></a>
+### Nested Schema for `administered_clients.o_auth2_client.account_permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_clients--o_auth2_client--shared_secret"></a>
+### Nested Schema for `administered_clients.o_auth2_client.shared_secret`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--o_auth2_client--shared_secret--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--o_auth2_client--shared_secret--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_clients--o_auth2_client--shared_secret--links"></a>
+### Nested Schema for `administered_clients.o_auth2_client.shared_secret.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_clients--o_auth2_client--shared_secret--permissions"></a>
+### Nested Schema for `administered_clients.o_auth2_client.shared_secret.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--administered_clients--owner"></a>
+### Nested Schema for `administered_clients.owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--administered_clients--owner--links"></a>
+### Nested Schema for `administered_clients.owner.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_clients--owner--permissions"></a>
+### Nested Schema for `administered_clients.owner.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--administered_clients--permissions"></a>
+### Nested Schema for `administered_clients.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_clients--saml2_client"></a>
+### Nested Schema for `administered_clients.saml2_client`
+
+Read-Only:
+
+- `attributes` (Map of String)
+- `metadata` (String)
+- `metadata_url` (String)
+- `subject_format` (String)
+
+
+<a id="nestedatt--administered_clients--technical_administrator"></a>
+### Nested Schema for `administered_clients.technical_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--technical_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--technical_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--administered_clients--technical_administrator--links"></a>
+### Nested Schema for `administered_clients.technical_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_clients--technical_administrator--permissions"></a>
+### Nested Schema for `administered_clients.technical_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--administered_systems"></a>
+### Nested Schema for `administered_systems`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `abstract_provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--abstract_provisioned_ldap))
+- `account_count` (Number)
+- `active` (Boolean)
+- `content_administrator` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--content_administrator))
+- `external_uuid` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--links))
+- `name` (String)
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--organizational_unit))
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--owner))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--permissions))
+- `provisioned_a_d` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_a_d))
+- `provisioned_azure_oidc_directory` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_azure_oidc_directory))
+- `provisioned_azure_sync_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_azure_sync_ldap_directory))
+- `provisioned_azure_tenant` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_azure_tenant))
+- `provisioned_internal_ldap` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_internal_ldap))
+- `provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap))
+- `provisioned_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap_directory))
+- `self_service_existing_groups` (Boolean)
+- `self_service_new_groups` (Boolean)
+- `self_service_service_accounts` (Boolean)
+- `should_destroy_unknown_accounts` (Boolean)
+- `technical_administrator` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--technical_administrator))
+- `type` (String)
+- `username_prefix` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--abstract_provisioned_ldap"></a>
+### Nested Schema for `administered_systems.abstract_provisioned_ldap`
+
+Read-Only:
+
+- `attributes` (Map of String)
+- `base_dn` (String)
+- `bind_dn` (String)
+- `bind_password` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--abstract_provisioned_ldap--client_certificate))
+- `failover_host` (String)
+- `failover_trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--abstract_provisioned_ldap--failover_trusted_certificate))
+- `group_dn` (String)
+- `host` (String)
+- `object_classes` (String)
+- `port` (Number)
+- `service_account_dn` (String)
+- `ssh_public_key_supported` (Boolean)
+- `tls` (String)
+- `trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--abstract_provisioned_ldap--trusted_certificate))
+- `user_dn` (String)
+
+<a id="nestedatt--administered_systems--abstract_provisioned_ldap--client_certificate"></a>
+### Nested Schema for `administered_systems.abstract_provisioned_ldap.client_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--abstract_provisioned_ldap--client_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--abstract_provisioned_ldap--client_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--abstract_provisioned_ldap--client_certificate--links"></a>
+### Nested Schema for `administered_systems.abstract_provisioned_ldap.client_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--abstract_provisioned_ldap--client_certificate--permissions"></a>
+### Nested Schema for `administered_systems.abstract_provisioned_ldap.client_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--administered_systems--abstract_provisioned_ldap--failover_trusted_certificate"></a>
+### Nested Schema for `administered_systems.abstract_provisioned_ldap.failover_trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--abstract_provisioned_ldap--failover_trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--abstract_provisioned_ldap--failover_trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--abstract_provisioned_ldap--failover_trusted_certificate--links"></a>
+### Nested Schema for `administered_systems.abstract_provisioned_ldap.failover_trusted_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--abstract_provisioned_ldap--failover_trusted_certificate--permissions"></a>
+### Nested Schema for `administered_systems.abstract_provisioned_ldap.failover_trusted_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--administered_systems--abstract_provisioned_ldap--trusted_certificate"></a>
+### Nested Schema for `administered_systems.abstract_provisioned_ldap.trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--abstract_provisioned_ldap--trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--abstract_provisioned_ldap--trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--abstract_provisioned_ldap--trusted_certificate--links"></a>
+### Nested Schema for `administered_systems.abstract_provisioned_ldap.trusted_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--abstract_provisioned_ldap--trusted_certificate--permissions"></a>
+### Nested Schema for `administered_systems.abstract_provisioned_ldap.trusted_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--administered_systems--content_administrator"></a>
+### Nested Schema for `administered_systems.content_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--content_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--content_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--content_administrator--links"></a>
+### Nested Schema for `administered_systems.content_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--content_administrator--permissions"></a>
+### Nested Schema for `administered_systems.content_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--administered_systems--links"></a>
+### Nested Schema for `administered_systems.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--organizational_unit"></a>
+### Nested Schema for `administered_systems.organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--organizational_unit--links"></a>
+### Nested Schema for `administered_systems.organizational_unit.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--organizational_unit--permissions"></a>
+### Nested Schema for `administered_systems.organizational_unit.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--administered_systems--owner"></a>
+### Nested Schema for `administered_systems.owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--owner--links"></a>
+### Nested Schema for `administered_systems.owner.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--owner--permissions"></a>
+### Nested Schema for `administered_systems.owner.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--administered_systems--permissions"></a>
+### Nested Schema for `administered_systems.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_a_d"></a>
+### Nested Schema for `administered_systems.provisioned_a_d`
+
+Read-Only:
+
+- `sam_account_name_scheme` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_azure_oidc_directory"></a>
+### Nested Schema for `administered_systems.provisioned_azure_oidc_directory`
+
+Read-Only:
+
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_azure_oidc_directory--directory))
+- `tenant` (String)
+
+<a id="nestedatt--administered_systems--provisioned_azure_oidc_directory--directory"></a>
+### Nested Schema for `administered_systems.provisioned_azure_oidc_directory.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_azure_oidc_directory--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_azure_oidc_directory--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--provisioned_azure_oidc_directory--directory--links"></a>
+### Nested Schema for `administered_systems.provisioned_azure_oidc_directory.directory.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_azure_oidc_directory--directory--permissions"></a>
+### Nested Schema for `administered_systems.provisioned_azure_oidc_directory.directory.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--administered_systems--provisioned_azure_sync_ldap_directory"></a>
+### Nested Schema for `administered_systems.provisioned_azure_sync_ldap_directory`
+
+Read-Only:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_azure_sync_ldap_directory--directory))
+- `tenant` (String)
+
+<a id="nestedatt--administered_systems--provisioned_azure_sync_ldap_directory--directory"></a>
+### Nested Schema for `administered_systems.provisioned_azure_sync_ldap_directory.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_azure_sync_ldap_directory--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_azure_sync_ldap_directory--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--provisioned_azure_sync_ldap_directory--directory--links"></a>
+### Nested Schema for `administered_systems.provisioned_azure_sync_ldap_directory.directory.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_azure_sync_ldap_directory--directory--permissions"></a>
+### Nested Schema for `administered_systems.provisioned_azure_sync_ldap_directory.directory.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--administered_systems--provisioned_azure_tenant"></a>
+### Nested Schema for `administered_systems.provisioned_azure_tenant`
+
+Read-Only:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `idp_domain` (String)
+- `tenant` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_internal_ldap"></a>
+### Nested Schema for `administered_systems.provisioned_internal_ldap`
+
+Read-Only:
+
+- `client` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_internal_ldap--client))
+
+<a id="nestedatt--administered_systems--provisioned_internal_ldap--client"></a>
+### Nested Schema for `administered_systems.provisioned_internal_ldap.client`
+
+Read-Only:
+
+- `bind_dn` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_internal_ldap--client--client_certificate))
+- `share_secret_in_vault` (Boolean)
+- `shared_secret` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_internal_ldap--client--shared_secret))
+- `used_for_provisioning` (Boolean)
+
+<a id="nestedatt--administered_systems--provisioned_internal_ldap--client--client_certificate"></a>
+### Nested Schema for `administered_systems.provisioned_internal_ldap.client.used_for_provisioning`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_internal_ldap--client--used_for_provisioning--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_internal_ldap--client--used_for_provisioning--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--provisioned_internal_ldap--client--used_for_provisioning--links"></a>
+### Nested Schema for `administered_systems.provisioned_internal_ldap.client.used_for_provisioning.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_internal_ldap--client--used_for_provisioning--permissions"></a>
+### Nested Schema for `administered_systems.provisioned_internal_ldap.client.used_for_provisioning.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--administered_systems--provisioned_internal_ldap--client--shared_secret"></a>
+### Nested Schema for `administered_systems.provisioned_internal_ldap.client.used_for_provisioning`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_internal_ldap--client--used_for_provisioning--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_internal_ldap--client--used_for_provisioning--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--provisioned_internal_ldap--client--used_for_provisioning--links"></a>
+### Nested Schema for `administered_systems.provisioned_internal_ldap.client.used_for_provisioning.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_internal_ldap--client--used_for_provisioning--permissions"></a>
+### Nested Schema for `administered_systems.provisioned_internal_ldap.client.used_for_provisioning.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+
+<a id="nestedatt--administered_systems--provisioned_ldap"></a>
+### Nested Schema for `administered_systems.provisioned_ldap`
+
+Read-Only:
+
+- `gid` (Number)
+- `hashing_scheme` (String)
+- `numbering` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap--numbering))
+
+<a id="nestedatt--administered_systems--provisioned_ldap--numbering"></a>
+### Nested Schema for `administered_systems.provisioned_ldap.numbering`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `account_count` (Number)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap--numbering--links))
+- `name` (String)
+- `next_uid` (Number)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap--numbering--permissions))
+
+<a id="nestedatt--administered_systems--provisioned_ldap--numbering--links"></a>
+### Nested Schema for `administered_systems.provisioned_ldap.numbering.permissions`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_ldap--numbering--permissions"></a>
+### Nested Schema for `administered_systems.provisioned_ldap.numbering.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--administered_systems--provisioned_ldap_directory"></a>
+### Nested Schema for `administered_systems.provisioned_ldap_directory`
+
+Read-Only:
+
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap_directory--directory))
+- `group_dn` (String)
+
+<a id="nestedatt--administered_systems--provisioned_ldap_directory--directory"></a>
+### Nested Schema for `administered_systems.provisioned_ldap_directory.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap_directory--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap_directory--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--provisioned_ldap_directory--directory--links"></a>
+### Nested Schema for `administered_systems.provisioned_ldap_directory.directory.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_ldap_directory--directory--permissions"></a>
+### Nested Schema for `administered_systems.provisioned_ldap_directory.directory.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--administered_systems--technical_administrator"></a>
+### Nested Schema for `administered_systems.technical_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--technical_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--technical_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--technical_administrator--links"></a>
+### Nested Schema for `administered_systems.technical_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--technical_administrator--permissions"></a>
+### Nested Schema for `administered_systems.technical_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--admins"></a>
+### Nested Schema for `admins`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--admins--directory))
+- `disconnected_nested` (Boolean)
+- `display_name` (String)
+- `end_date` (String)
+- `last_active` (String)
+- `last_used` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--admins--links))
+- `nested` (Boolean)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--admins--permissions))
+- `provisioning_end_time` (String)
+- `rights` (String)
+- `two_factor_status` (String)
+- `username` (String)
+- `uuid` (String)
+- `validity` (String)
+- `visible_for_provisioning` (Boolean)
+
+<a id="nestedatt--admins--directory"></a>
+### Nested Schema for `admins.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--admins--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--admins--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--admins--directory--links"></a>
+### Nested Schema for `admins.directory.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--admins--directory--permissions"></a>
+### Nested Schema for `admins.directory.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--admins--links"></a>
+### Nested Schema for `admins.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--admins--permissions"></a>
+### Nested Schema for `admins.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--audit_config"></a>
+### Nested Schema for `audit_config`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--audit_config--links))
+- `months` (List of String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--audit_config--permissions))
+
+<a id="nestedatt--audit_config--links"></a>
+### Nested Schema for `audit_config.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--audit_config--permissions"></a>
+### Nested Schema for `audit_config.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorized_groups"></a>
+### Nested Schema for `authorized_groups`
+
+Read-Only:
+
+- `group_count` (Number)
+- `items` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items))
+
+<a id="nestedatt--authorized_groups--items"></a>
+### Nested Schema for `authorized_groups.items`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `admin` (Boolean)
+- `application_administration` (Boolean)
+- `audit_config` (Attributes) (see [below for nested schema](#nestedatt--authorized_groups--items--audit_config))
+- `audit_requested` (Boolean)
+- `auditor` (Boolean)
+- `authorizing_group_auditing` (Attributes) (see [below for nested schema](#nestedatt--authorized_groups--items--authorizing_group_auditing))
+- `authorizing_group_delegation` (Attributes) (see [below for nested schema](#nestedatt--authorized_groups--items--authorizing_group_delegation))
+- `authorizing_group_membership` (Attributes) (see [below for nested schema](#nestedatt--authorized_groups--items--authorizing_group_membership))
+- `authorizing_group_provisioning` (Attributes) (see [below for nested schema](#nestedatt--authorized_groups--items--authorizing_group_provisioning))
+- `authorizing_group_types` (List of String)
+- `classification` (Attributes) (see [below for nested schema](#nestedatt--authorized_groups--items--classification))
+- `description` (String)
+- `extended_access` (String)
+- `hide_audit_trail` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--links))
+- `name` (String)
+- `nested_under` (Attributes) (see [below for nested schema](#nestedatt--authorized_groups--items--nested_under))
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--authorized_groups--items--organizational_unit))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--permissions))
+- `private_group` (Boolean)
+- `record_trail` (Boolean)
+- `rotating_password_required` (Boolean)
+- `single_managed` (Boolean)
+- `uuid` (String)
+- `vault_recovery` (String)
+- `vault_requires_activation` (Boolean)
+
+<a id="nestedatt--authorized_groups--items--audit_config"></a>
+### Nested Schema for `authorized_groups.items.audit_config`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--audit_config--links))
+- `months` (List of String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--audit_config--permissions))
+
+<a id="nestedatt--authorized_groups--items--audit_config--links"></a>
+### Nested Schema for `authorized_groups.items.audit_config.permissions`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorized_groups--items--audit_config--permissions"></a>
+### Nested Schema for `authorized_groups.items.audit_config.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorized_groups--items--authorizing_group_auditing"></a>
+### Nested Schema for `authorized_groups.items.authorizing_group_auditing`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--authorizing_group_auditing--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--authorizing_group_auditing--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--authorized_groups--items--authorizing_group_auditing--links"></a>
+### Nested Schema for `authorized_groups.items.authorizing_group_auditing.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorized_groups--items--authorizing_group_auditing--permissions"></a>
+### Nested Schema for `authorized_groups.items.authorizing_group_auditing.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorized_groups--items--authorizing_group_delegation"></a>
+### Nested Schema for `authorized_groups.items.authorizing_group_delegation`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--authorizing_group_delegation--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--authorizing_group_delegation--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--authorized_groups--items--authorizing_group_delegation--links"></a>
+### Nested Schema for `authorized_groups.items.authorizing_group_delegation.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorized_groups--items--authorizing_group_delegation--permissions"></a>
+### Nested Schema for `authorized_groups.items.authorizing_group_delegation.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorized_groups--items--authorizing_group_membership"></a>
+### Nested Schema for `authorized_groups.items.authorizing_group_membership`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--authorizing_group_membership--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--authorizing_group_membership--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--authorized_groups--items--authorizing_group_membership--links"></a>
+### Nested Schema for `authorized_groups.items.authorizing_group_membership.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorized_groups--items--authorizing_group_membership--permissions"></a>
+### Nested Schema for `authorized_groups.items.authorizing_group_membership.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorized_groups--items--authorizing_group_provisioning"></a>
+### Nested Schema for `authorized_groups.items.authorizing_group_provisioning`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--authorizing_group_provisioning--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--authorizing_group_provisioning--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--authorized_groups--items--authorizing_group_provisioning--links"></a>
+### Nested Schema for `authorized_groups.items.authorizing_group_provisioning.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorized_groups--items--authorizing_group_provisioning--permissions"></a>
+### Nested Schema for `authorized_groups.items.authorizing_group_provisioning.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorized_groups--items--classification"></a>
+### Nested Schema for `authorized_groups.items.classification`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--classification--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--classification--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--authorized_groups--items--classification--links"></a>
+### Nested Schema for `authorized_groups.items.classification.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorized_groups--items--classification--permissions"></a>
+### Nested Schema for `authorized_groups.items.classification.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorized_groups--items--links"></a>
+### Nested Schema for `authorized_groups.items.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorized_groups--items--nested_under"></a>
+### Nested Schema for `authorized_groups.items.nested_under`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--nested_under--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--nested_under--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--authorized_groups--items--nested_under--links"></a>
+### Nested Schema for `authorized_groups.items.nested_under.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorized_groups--items--nested_under--permissions"></a>
+### Nested Schema for `authorized_groups.items.nested_under.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorized_groups--items--organizational_unit"></a>
+### Nested Schema for `authorized_groups.items.organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--authorized_groups--items--organizational_unit--links"></a>
+### Nested Schema for `authorized_groups.items.organizational_unit.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorized_groups--items--organizational_unit--permissions"></a>
+### Nested Schema for `authorized_groups.items.organizational_unit.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorized_groups--items--permissions"></a>
+### Nested Schema for `authorized_groups.items.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--authorizing_group_auditing"></a>
+### Nested Schema for `authorizing_group_auditing`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorizing_group_auditing--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorizing_group_auditing--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--authorizing_group_auditing--links"></a>
+### Nested Schema for `authorizing_group_auditing.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorizing_group_auditing--permissions"></a>
+### Nested Schema for `authorizing_group_auditing.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorizing_group_delegation"></a>
+### Nested Schema for `authorizing_group_delegation`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorizing_group_delegation--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorizing_group_delegation--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--authorizing_group_delegation--links"></a>
+### Nested Schema for `authorizing_group_delegation.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorizing_group_delegation--permissions"></a>
+### Nested Schema for `authorizing_group_delegation.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorizing_group_membership"></a>
+### Nested Schema for `authorizing_group_membership`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorizing_group_membership--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorizing_group_membership--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--authorizing_group_membership--links"></a>
+### Nested Schema for `authorizing_group_membership.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorizing_group_membership--permissions"></a>
+### Nested Schema for `authorizing_group_membership.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorizing_group_provisioning"></a>
+### Nested Schema for `authorizing_group_provisioning`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorizing_group_provisioning--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorizing_group_provisioning--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--authorizing_group_provisioning--links"></a>
+### Nested Schema for `authorizing_group_provisioning.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorizing_group_provisioning--permissions"></a>
+### Nested Schema for `authorizing_group_provisioning.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--classification"></a>
+### Nested Schema for `classification`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--classification--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--classification--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--classification--links"></a>
+### Nested Schema for `classification.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--classification--permissions"></a>
+### Nested Schema for `classification.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--client_permissions"></a>
+### Nested Schema for `client_permissions`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `client` (Attributes) (see [below for nested schema](#nestedatt--client_permissions--client))
+- `for_group` (Attributes) (see [below for nested schema](#nestedatt--client_permissions--for_group))
+- `for_system` (Attributes) (see [below for nested schema](#nestedatt--client_permissions--for_system))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--permissions))
+- `value` (String)
+
+<a id="nestedatt--client_permissions--client"></a>
+### Nested Schema for `client_permissions.client`
+
+Read-Only:
+
+- `account_permissions` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--client--account_permissions))
+- `attributes` (Map of String)
+- `callback_uri` (String)
+- `confidential` (Boolean)
+- `debug_mode` (Boolean)
+- `id_token_claims` (String)
+- `initiate_login_uri` (String)
+- `resource_uris` (String)
+- `share_secret_in_vault` (Boolean)
+- `shared_secret` (Attributes) (see [below for nested schema](#nestedatt--client_permissions--client--shared_secret))
+- `show_landing_page` (Boolean)
+- `use_client_credentials` (Boolean)
+
+<a id="nestedatt--client_permissions--client--account_permissions"></a>
+### Nested Schema for `client_permissions.client.account_permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--client_permissions--client--shared_secret"></a>
+### Nested Schema for `client_permissions.client.shared_secret`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--client--shared_secret--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--client--shared_secret--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--client_permissions--client--shared_secret--links"></a>
+### Nested Schema for `client_permissions.client.shared_secret.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--client_permissions--client--shared_secret--permissions"></a>
+### Nested Schema for `client_permissions.client.shared_secret.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--client_permissions--for_group"></a>
+### Nested Schema for `client_permissions.for_group`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--for_group--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--for_group--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--client_permissions--for_group--links"></a>
+### Nested Schema for `client_permissions.for_group.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--client_permissions--for_group--permissions"></a>
+### Nested Schema for `client_permissions.for_group.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--client_permissions--for_system"></a>
+### Nested Schema for `client_permissions.for_system`
+
+Read-Only:
+
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--for_system--links))
+- `name` (String)
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--client_permissions--for_system--organizational_unit))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--for_system--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--client_permissions--for_system--links"></a>
+### Nested Schema for `client_permissions.for_system.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--client_permissions--for_system--organizational_unit"></a>
+### Nested Schema for `client_permissions.for_system.organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--for_system--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--for_system--organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--client_permissions--for_system--organizational_unit--links"></a>
+### Nested Schema for `client_permissions.for_system.organizational_unit.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--client_permissions--for_system--organizational_unit--permissions"></a>
+### Nested Schema for `client_permissions.for_system.organizational_unit.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--client_permissions--for_system--permissions"></a>
+### Nested Schema for `client_permissions.for_system.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--client_permissions--links"></a>
+### Nested Schema for `client_permissions.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--client_permissions--permissions"></a>
+### Nested Schema for `client_permissions.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--clients"></a>
+### Nested Schema for `clients`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `activation_required` (Boolean)
+- `client` (Attributes) (see [below for nested schema](#nestedatt--clients--client))
+- `group` (Attributes) (see [below for nested schema](#nestedatt--clients--group))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--clients--links))
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--clients--owner))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--clients--permissions))
+- `technical_administrator` (Attributes) (see [below for nested schema](#nestedatt--clients--technical_administrator))
+
+<a id="nestedatt--clients--client"></a>
+### Nested Schema for `clients.client`
+
+Read-Only:
+
+- `client_id` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--clients--client--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--clients--client--permissions))
+- `scopes` (List of String)
+- `sso_application` (Boolean)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--clients--client--links"></a>
+### Nested Schema for `clients.client.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--clients--client--permissions"></a>
+### Nested Schema for `clients.client.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--clients--group"></a>
+### Nested Schema for `clients.group`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--clients--group--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--clients--group--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--clients--group--links"></a>
+### Nested Schema for `clients.group.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--clients--group--permissions"></a>
+### Nested Schema for `clients.group.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--clients--links"></a>
+### Nested Schema for `clients.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--clients--owner"></a>
+### Nested Schema for `clients.owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--clients--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--clients--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--clients--owner--links"></a>
+### Nested Schema for `clients.owner.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--clients--owner--permissions"></a>
+### Nested Schema for `clients.owner.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--clients--permissions"></a>
+### Nested Schema for `clients.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--clients--technical_administrator"></a>
+### Nested Schema for `clients.technical_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--clients--technical_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--clients--technical_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--clients--technical_administrator--links"></a>
+### Nested Schema for `clients.technical_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--clients--technical_administrator--permissions"></a>
+### Nested Schema for `clients.technical_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--content_administered_systems"></a>
+### Nested Schema for `content_administered_systems`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `abstract_provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--abstract_provisioned_ldap))
+- `account_count` (Number)
+- `active` (Boolean)
+- `content_administrator` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--content_administrator))
+- `external_uuid` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--links))
+- `name` (String)
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--organizational_unit))
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--owner))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--permissions))
+- `provisioned_a_d` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_a_d))
+- `provisioned_azure_oidc_directory` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_azure_oidc_directory))
+- `provisioned_azure_sync_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_azure_sync_ldap_directory))
+- `provisioned_azure_tenant` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_azure_tenant))
+- `provisioned_internal_ldap` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_internal_ldap))
+- `provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap))
+- `provisioned_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap_directory))
+- `self_service_existing_groups` (Boolean)
+- `self_service_new_groups` (Boolean)
+- `self_service_service_accounts` (Boolean)
+- `should_destroy_unknown_accounts` (Boolean)
+- `technical_administrator` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--technical_administrator))
+- `type` (String)
+- `username_prefix` (String)
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--abstract_provisioned_ldap"></a>
+### Nested Schema for `content_administered_systems.abstract_provisioned_ldap`
+
+Read-Only:
+
+- `attributes` (Map of String)
+- `base_dn` (String)
+- `bind_dn` (String)
+- `bind_password` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--abstract_provisioned_ldap--client_certificate))
+- `failover_host` (String)
+- `failover_trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--abstract_provisioned_ldap--failover_trusted_certificate))
+- `group_dn` (String)
+- `host` (String)
+- `object_classes` (String)
+- `port` (Number)
+- `service_account_dn` (String)
+- `ssh_public_key_supported` (Boolean)
+- `tls` (String)
+- `trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--abstract_provisioned_ldap--trusted_certificate))
+- `user_dn` (String)
+
+<a id="nestedatt--content_administered_systems--abstract_provisioned_ldap--client_certificate"></a>
+### Nested Schema for `content_administered_systems.abstract_provisioned_ldap.client_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--abstract_provisioned_ldap--client_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--abstract_provisioned_ldap--client_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--abstract_provisioned_ldap--client_certificate--links"></a>
+### Nested Schema for `content_administered_systems.abstract_provisioned_ldap.client_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--abstract_provisioned_ldap--client_certificate--permissions"></a>
+### Nested Schema for `content_administered_systems.abstract_provisioned_ldap.client_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--content_administered_systems--abstract_provisioned_ldap--failover_trusted_certificate"></a>
+### Nested Schema for `content_administered_systems.abstract_provisioned_ldap.failover_trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--abstract_provisioned_ldap--failover_trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--abstract_provisioned_ldap--failover_trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--abstract_provisioned_ldap--failover_trusted_certificate--links"></a>
+### Nested Schema for `content_administered_systems.abstract_provisioned_ldap.failover_trusted_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--abstract_provisioned_ldap--failover_trusted_certificate--permissions"></a>
+### Nested Schema for `content_administered_systems.abstract_provisioned_ldap.failover_trusted_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--content_administered_systems--abstract_provisioned_ldap--trusted_certificate"></a>
+### Nested Schema for `content_administered_systems.abstract_provisioned_ldap.trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--abstract_provisioned_ldap--trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--abstract_provisioned_ldap--trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--abstract_provisioned_ldap--trusted_certificate--links"></a>
+### Nested Schema for `content_administered_systems.abstract_provisioned_ldap.trusted_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--abstract_provisioned_ldap--trusted_certificate--permissions"></a>
+### Nested Schema for `content_administered_systems.abstract_provisioned_ldap.trusted_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--content_administered_systems--content_administrator"></a>
+### Nested Schema for `content_administered_systems.content_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--content_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--content_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--content_administrator--links"></a>
+### Nested Schema for `content_administered_systems.content_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--content_administrator--permissions"></a>
+### Nested Schema for `content_administered_systems.content_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--content_administered_systems--links"></a>
+### Nested Schema for `content_administered_systems.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--organizational_unit"></a>
+### Nested Schema for `content_administered_systems.organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--organizational_unit--links"></a>
+### Nested Schema for `content_administered_systems.organizational_unit.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--organizational_unit--permissions"></a>
+### Nested Schema for `content_administered_systems.organizational_unit.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--content_administered_systems--owner"></a>
+### Nested Schema for `content_administered_systems.owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--owner--links"></a>
+### Nested Schema for `content_administered_systems.owner.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--owner--permissions"></a>
+### Nested Schema for `content_administered_systems.owner.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--content_administered_systems--permissions"></a>
+### Nested Schema for `content_administered_systems.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_a_d"></a>
+### Nested Schema for `content_administered_systems.provisioned_a_d`
+
+Read-Only:
+
+- `sam_account_name_scheme` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_azure_oidc_directory"></a>
+### Nested Schema for `content_administered_systems.provisioned_azure_oidc_directory`
+
+Read-Only:
+
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_azure_oidc_directory--directory))
+- `tenant` (String)
+
+<a id="nestedatt--content_administered_systems--provisioned_azure_oidc_directory--directory"></a>
+### Nested Schema for `content_administered_systems.provisioned_azure_oidc_directory.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_azure_oidc_directory--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_azure_oidc_directory--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--provisioned_azure_oidc_directory--directory--links"></a>
+### Nested Schema for `content_administered_systems.provisioned_azure_oidc_directory.directory.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_azure_oidc_directory--directory--permissions"></a>
+### Nested Schema for `content_administered_systems.provisioned_azure_oidc_directory.directory.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--content_administered_systems--provisioned_azure_sync_ldap_directory"></a>
+### Nested Schema for `content_administered_systems.provisioned_azure_sync_ldap_directory`
+
+Read-Only:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_azure_sync_ldap_directory--directory))
+- `tenant` (String)
+
+<a id="nestedatt--content_administered_systems--provisioned_azure_sync_ldap_directory--directory"></a>
+### Nested Schema for `content_administered_systems.provisioned_azure_sync_ldap_directory.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_azure_sync_ldap_directory--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_azure_sync_ldap_directory--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--provisioned_azure_sync_ldap_directory--directory--links"></a>
+### Nested Schema for `content_administered_systems.provisioned_azure_sync_ldap_directory.directory.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_azure_sync_ldap_directory--directory--permissions"></a>
+### Nested Schema for `content_administered_systems.provisioned_azure_sync_ldap_directory.directory.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--content_administered_systems--provisioned_azure_tenant"></a>
+### Nested Schema for `content_administered_systems.provisioned_azure_tenant`
+
+Read-Only:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `idp_domain` (String)
+- `tenant` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_internal_ldap"></a>
+### Nested Schema for `content_administered_systems.provisioned_internal_ldap`
+
+Read-Only:
+
+- `client` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_internal_ldap--client))
+
+<a id="nestedatt--content_administered_systems--provisioned_internal_ldap--client"></a>
+### Nested Schema for `content_administered_systems.provisioned_internal_ldap.client`
+
+Read-Only:
+
+- `bind_dn` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_internal_ldap--client--client_certificate))
+- `share_secret_in_vault` (Boolean)
+- `shared_secret` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_internal_ldap--client--shared_secret))
+- `used_for_provisioning` (Boolean)
+
+<a id="nestedatt--content_administered_systems--provisioned_internal_ldap--client--client_certificate"></a>
+### Nested Schema for `content_administered_systems.provisioned_internal_ldap.client.used_for_provisioning`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_internal_ldap--client--used_for_provisioning--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_internal_ldap--client--used_for_provisioning--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--provisioned_internal_ldap--client--used_for_provisioning--links"></a>
+### Nested Schema for `content_administered_systems.provisioned_internal_ldap.client.used_for_provisioning.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_internal_ldap--client--used_for_provisioning--permissions"></a>
+### Nested Schema for `content_administered_systems.provisioned_internal_ldap.client.used_for_provisioning.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--content_administered_systems--provisioned_internal_ldap--client--shared_secret"></a>
+### Nested Schema for `content_administered_systems.provisioned_internal_ldap.client.used_for_provisioning`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_internal_ldap--client--used_for_provisioning--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_internal_ldap--client--used_for_provisioning--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--provisioned_internal_ldap--client--used_for_provisioning--links"></a>
+### Nested Schema for `content_administered_systems.provisioned_internal_ldap.client.used_for_provisioning.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_internal_ldap--client--used_for_provisioning--permissions"></a>
+### Nested Schema for `content_administered_systems.provisioned_internal_ldap.client.used_for_provisioning.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap`
+
+Read-Only:
+
+- `gid` (Number)
+- `hashing_scheme` (String)
+- `numbering` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap--numbering))
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap--numbering"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap.numbering`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `account_count` (Number)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap--numbering--links))
+- `name` (String)
+- `next_uid` (Number)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap--numbering--permissions))
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap--numbering--links"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap.numbering.permissions`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap--numbering--permissions"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap.numbering.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap_directory"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap_directory`
+
+Read-Only:
+
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap_directory--directory))
+- `group_dn` (String)
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap_directory--directory"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap_directory.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap_directory--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap_directory--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap_directory--directory--links"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap_directory.directory.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap_directory--directory--permissions"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap_directory.directory.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--content_administered_systems--technical_administrator"></a>
+### Nested Schema for `content_administered_systems.technical_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--technical_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--technical_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--technical_administrator--links"></a>
+### Nested Schema for `content_administered_systems.technical_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--technical_administrator--permissions"></a>
+### Nested Schema for `content_administered_systems.technical_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--groupauditinginfo"></a>
+### Nested Schema for `groupauditinginfo`
+
+Read-Only:
+
+- `audit_due_date` (String)
+- `last_audit_date` (String)
+- `nr_accounts` (Number)
+- `nr_disabled_accounts` (Number)
+- `nr_disabled_managers` (Number)
+- `nr_expired_vault_records` (Number)
+- `nr_managers` (Number)
+- `nr_vault_records_with_end_date` (Number)
+
+
+<a id="nestedatt--groupinfo"></a>
+### Nested Schema for `groupinfo`
+
+Read-Only:
+
+- `nr_accounts` (Number)
+- `nr_accounts_with_vault` (Number)
+- `nr_audits` (Number)
+- `nr_clients` (Number)
+- `nr_provisioned_systems` (Number)
+- `nr_vault_records` (Number)
+
+
+<a id="nestedatt--helpdesk"></a>
+### Nested Schema for `helpdesk`
+
+Read-Only:
+
+- `domain_restriction` (String)
+- `fully_resolved_issuer` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--helpdesk--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--helpdesk--permissions))
+- `status` (Attributes) (see [below for nested schema](#nestedatt--helpdesk--status))
+- `type` (String)
+- `username_customizable` (Boolean)
+
+<a id="nestedatt--helpdesk--links"></a>
+### Nested Schema for `helpdesk.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--helpdesk--permissions"></a>
+### Nested Schema for `helpdesk.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--helpdesk--status"></a>
+### Nested Schema for `helpdesk.status`
+
+Read-Only:
+
+- `accounts` (Number)
+- `reason` (String)
+- `status` (String)
+
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--markers"></a>
+### Nested Schema for `markers`
+
+Read-Only:
+
+- `markers` (Attributes List) (see [below for nested schema](#nestedatt--markers--markers))
+
+<a id="nestedatt--markers--markers"></a>
+### Nested Schema for `markers.markers`
+
+Read-Only:
+
+- `level` (String)
+- `parameters` (Map of String)
+- `type` (String)
+
+
+
+<a id="nestedatt--myaccount"></a>
+### Nested Schema for `myaccount`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--myaccount--directory))
+- `disconnected_nested` (Boolean)
+- `display_name` (String)
+- `end_date` (String)
+- `last_active` (String)
+- `last_used` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--myaccount--links))
+- `nested` (Boolean)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--myaccount--permissions))
+- `provisioning_end_time` (String)
+- `rights` (String)
+- `two_factor_status` (String)
+- `username` (String)
+- `uuid` (String)
+- `validity` (String)
+- `visible_for_provisioning` (Boolean)
+
+<a id="nestedatt--myaccount--directory"></a>
+### Nested Schema for `myaccount.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--myaccount--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--myaccount--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--myaccount--directory--links"></a>
+### Nested Schema for `myaccount.directory.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--myaccount--directory--permissions"></a>
+### Nested Schema for `myaccount.directory.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--myaccount--links"></a>
+### Nested Schema for `myaccount.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--myaccount--permissions"></a>
+### Nested Schema for `myaccount.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--mydelegatedaccount"></a>
+### Nested Schema for `mydelegatedaccount`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--mydelegatedaccount--directory))
+- `disconnected_nested` (Boolean)
+- `display_name` (String)
+- `end_date` (String)
+- `last_active` (String)
+- `last_used` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--mydelegatedaccount--links))
+- `nested` (Boolean)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--mydelegatedaccount--permissions))
+- `provisioning_end_time` (String)
+- `rights` (String)
+- `two_factor_status` (String)
+- `username` (String)
+- `uuid` (String)
+- `validity` (String)
+- `visible_for_provisioning` (Boolean)
+
+<a id="nestedatt--mydelegatedaccount--directory"></a>
+### Nested Schema for `mydelegatedaccount.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--mydelegatedaccount--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--mydelegatedaccount--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--mydelegatedaccount--directory--links"></a>
+### Nested Schema for `mydelegatedaccount.directory.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--mydelegatedaccount--directory--permissions"></a>
+### Nested Schema for `mydelegatedaccount.directory.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--mydelegatedaccount--links"></a>
+### Nested Schema for `mydelegatedaccount.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--mydelegatedaccount--permissions"></a>
+### Nested Schema for `mydelegatedaccount.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--nested_groups"></a>
+### Nested Schema for `nested_groups`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--nested_groups--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--nested_groups--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--nested_groups--links"></a>
+### Nested Schema for `nested_groups.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--nested_groups--permissions"></a>
+### Nested Schema for `nested_groups.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--nested_under"></a>
+### Nested Schema for `nested_under`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--nested_under--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--nested_under--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--nested_under--links"></a>
+### Nested Schema for `nested_under.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--nested_under--permissions"></a>
+### Nested Schema for `nested_under.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--organizational_unit"></a>
+### Nested Schema for `organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--organizational_unit--links"></a>
+### Nested Schema for `organizational_unit.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--organizational_unit--permissions"></a>
+### Nested Schema for `organizational_unit.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_clients"></a>
+### Nested Schema for `owned_clients`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `client_id` (String)
+- `last_modified_at` (String)
+- `ldap_client` (Attributes) (see [below for nested schema](#nestedatt--owned_clients--ldap_client))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--links))
+- `name` (String)
+- `o_auth2_client` (Attributes) (see [below for nested schema](#nestedatt--owned_clients--o_auth2_client))
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--owned_clients--owner))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--permissions))
+- `saml2_client` (Attributes) (see [below for nested schema](#nestedatt--owned_clients--saml2_client))
+- `scopes` (List of String)
+- `sso_application` (Boolean)
+- `technical_administrator` (Attributes) (see [below for nested schema](#nestedatt--owned_clients--technical_administrator))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_clients--ldap_client"></a>
+### Nested Schema for `owned_clients.ldap_client`
+
+Read-Only:
+
+- `bind_dn` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--owned_clients--ldap_client--client_certificate))
+- `share_secret_in_vault` (Boolean)
+- `shared_secret` (Attributes) (see [below for nested schema](#nestedatt--owned_clients--ldap_client--shared_secret))
+- `used_for_provisioning` (Boolean)
+
+<a id="nestedatt--owned_clients--ldap_client--client_certificate"></a>
+### Nested Schema for `owned_clients.ldap_client.client_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--ldap_client--client_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--ldap_client--client_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_clients--ldap_client--client_certificate--links"></a>
+### Nested Schema for `owned_clients.ldap_client.client_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_clients--ldap_client--client_certificate--permissions"></a>
+### Nested Schema for `owned_clients.ldap_client.client_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_clients--ldap_client--shared_secret"></a>
+### Nested Schema for `owned_clients.ldap_client.shared_secret`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--ldap_client--shared_secret--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--ldap_client--shared_secret--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_clients--ldap_client--shared_secret--links"></a>
+### Nested Schema for `owned_clients.ldap_client.shared_secret.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_clients--ldap_client--shared_secret--permissions"></a>
+### Nested Schema for `owned_clients.ldap_client.shared_secret.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_clients--links"></a>
+### Nested Schema for `owned_clients.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_clients--o_auth2_client"></a>
+### Nested Schema for `owned_clients.o_auth2_client`
+
+Read-Only:
+
+- `account_permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--o_auth2_client--account_permissions))
+- `attributes` (Map of String)
+- `callback_uri` (String)
+- `confidential` (Boolean)
+- `debug_mode` (Boolean)
+- `id_token_claims` (String)
+- `initiate_login_uri` (String)
+- `resource_uris` (String)
+- `share_secret_in_vault` (Boolean)
+- `shared_secret` (Attributes) (see [below for nested schema](#nestedatt--owned_clients--o_auth2_client--shared_secret))
+- `show_landing_page` (Boolean)
+- `use_client_credentials` (Boolean)
+
+<a id="nestedatt--owned_clients--o_auth2_client--account_permissions"></a>
+### Nested Schema for `owned_clients.o_auth2_client.account_permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_clients--o_auth2_client--shared_secret"></a>
+### Nested Schema for `owned_clients.o_auth2_client.shared_secret`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--o_auth2_client--shared_secret--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--o_auth2_client--shared_secret--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_clients--o_auth2_client--shared_secret--links"></a>
+### Nested Schema for `owned_clients.o_auth2_client.shared_secret.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_clients--o_auth2_client--shared_secret--permissions"></a>
+### Nested Schema for `owned_clients.o_auth2_client.shared_secret.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_clients--owner"></a>
+### Nested Schema for `owned_clients.owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_clients--owner--links"></a>
+### Nested Schema for `owned_clients.owner.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_clients--owner--permissions"></a>
+### Nested Schema for `owned_clients.owner.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_clients--permissions"></a>
+### Nested Schema for `owned_clients.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_clients--saml2_client"></a>
+### Nested Schema for `owned_clients.saml2_client`
+
+Read-Only:
+
+- `attributes` (Map of String)
+- `metadata` (String)
+- `metadata_url` (String)
+- `subject_format` (String)
+
+
+<a id="nestedatt--owned_clients--technical_administrator"></a>
+### Nested Schema for `owned_clients.technical_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--technical_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--technical_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_clients--technical_administrator--links"></a>
+### Nested Schema for `owned_clients.technical_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_clients--technical_administrator--permissions"></a>
+### Nested Schema for `owned_clients.technical_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_directories"></a>
+### Nested Schema for `owned_directories`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `base_organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--base_organizational_unit))
+- `default_directory` (Boolean)
+- `helpdesk_group` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--helpdesk_group))
+- `internal_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--internal_directory))
+- `l_d_a_p_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--l_d_a_p_directory))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--links))
+- `maintenance_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--maintenance_directory))
+- `name` (String)
+- `o_id_c_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--o_id_c_directory))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--permissions))
+- `restrict2fa` (Boolean)
+- `rotating_password` (String)
+- `type` (String)
+- `username_customizable` (Boolean)
+- `uuid` (String)
+
+<a id="nestedatt--owned_directories--base_organizational_unit"></a>
+### Nested Schema for `owned_directories.base_organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--base_organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--base_organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_directories--base_organizational_unit--links"></a>
+### Nested Schema for `owned_directories.base_organizational_unit.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_directories--base_organizational_unit--permissions"></a>
+### Nested Schema for `owned_directories.base_organizational_unit.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_directories--helpdesk_group"></a>
+### Nested Schema for `owned_directories.helpdesk_group`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--helpdesk_group--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--helpdesk_group--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_directories--helpdesk_group--links"></a>
+### Nested Schema for `owned_directories.helpdesk_group.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_directories--helpdesk_group--permissions"></a>
+### Nested Schema for `owned_directories.helpdesk_group.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_directories--internal_directory"></a>
+### Nested Schema for `owned_directories.internal_directory`
+
+Read-Only:
+
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--internal_directory--owner))
+
+<a id="nestedatt--owned_directories--internal_directory--owner"></a>
+### Nested Schema for `owned_directories.internal_directory.owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--internal_directory--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--internal_directory--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_directories--internal_directory--owner--links"></a>
+### Nested Schema for `owned_directories.internal_directory.owner.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_directories--internal_directory--owner--permissions"></a>
+### Nested Schema for `owned_directories.internal_directory.owner.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_directories--l_d_a_p_directory"></a>
+### Nested Schema for `owned_directories.l_d_a_p_directory`
+
+Read-Only:
+
+- `attributes_to_store` (String)
+- `base_dn` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--l_d_a_p_directory--client_certificate))
+- `dialect` (String)
+- `failover_host` (String)
+- `failover_trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--l_d_a_p_directory--failover_trusted_certificate))
+- `host` (String)
+- `password_recovery` (String)
+- `port` (Number)
+- `search_bind_dn` (String)
+- `search_bind_password` (String)
+- `search_filter` (String)
+- `tls` (String)
+- `trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--l_d_a_p_directory--trusted_certificate))
+
+<a id="nestedatt--owned_directories--l_d_a_p_directory--client_certificate"></a>
+### Nested Schema for `owned_directories.l_d_a_p_directory.client_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--l_d_a_p_directory--client_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--l_d_a_p_directory--client_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_directories--l_d_a_p_directory--client_certificate--links"></a>
+### Nested Schema for `owned_directories.l_d_a_p_directory.client_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_directories--l_d_a_p_directory--client_certificate--permissions"></a>
+### Nested Schema for `owned_directories.l_d_a_p_directory.client_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_directories--l_d_a_p_directory--failover_trusted_certificate"></a>
+### Nested Schema for `owned_directories.l_d_a_p_directory.failover_trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--l_d_a_p_directory--failover_trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--l_d_a_p_directory--failover_trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_directories--l_d_a_p_directory--failover_trusted_certificate--links"></a>
+### Nested Schema for `owned_directories.l_d_a_p_directory.failover_trusted_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_directories--l_d_a_p_directory--failover_trusted_certificate--permissions"></a>
+### Nested Schema for `owned_directories.l_d_a_p_directory.failover_trusted_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_directories--l_d_a_p_directory--trusted_certificate"></a>
+### Nested Schema for `owned_directories.l_d_a_p_directory.trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--l_d_a_p_directory--trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--l_d_a_p_directory--trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_directories--l_d_a_p_directory--trusted_certificate--links"></a>
+### Nested Schema for `owned_directories.l_d_a_p_directory.trusted_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_directories--l_d_a_p_directory--trusted_certificate--permissions"></a>
+### Nested Schema for `owned_directories.l_d_a_p_directory.trusted_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_directories--links"></a>
+### Nested Schema for `owned_directories.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_directories--maintenance_directory"></a>
+### Nested Schema for `owned_directories.maintenance_directory`
+
+
+<a id="nestedatt--owned_directories--o_id_c_directory"></a>
+### Nested Schema for `owned_directories.o_id_c_directory`
+
+Read-Only:
+
+- `acr_values` (String)
+- `attributes_to_store` (String)
+- `client_id` (String)
+- `client_secret` (String)
+- `domain_restriction` (String)
+- `enforces2fa` (Boolean)
+- `fully_resolved_issuer` (String)
+- `issuer` (String)
+- `logout_url` (String)
+- `send_login_hint` (Boolean)
+- `vendor_escaped` (String)
+
+
+<a id="nestedatt--owned_directories--permissions"></a>
+### Nested Schema for `owned_directories.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_groups_on_system"></a>
+### Nested Schema for `owned_groups_on_system`
+
+Read-Only:
+
+- `items` (Attributes List) (see [below for nested schema](#nestedatt--owned_groups_on_system--items))
+- `unlinked_count` (Number)
+
+<a id="nestedatt--owned_groups_on_system--items"></a>
+### Nested Schema for `owned_groups_on_system.items`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `display_name` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_groups_on_system--items--links))
+- `name_in_system` (String)
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--owned_groups_on_system--items--owner))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_groups_on_system--items--permissions))
+- `short_name_in_system` (String)
+- `type` (String)
+
+<a id="nestedatt--owned_groups_on_system--items--links"></a>
+### Nested Schema for `owned_groups_on_system.items.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_groups_on_system--items--owner"></a>
+### Nested Schema for `owned_groups_on_system.items.owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_groups_on_system--items--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_groups_on_system--items--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_groups_on_system--items--owner--links"></a>
+### Nested Schema for `owned_groups_on_system.items.owner.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_groups_on_system--items--owner--permissions"></a>
+### Nested Schema for `owned_groups_on_system.items.owner.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_groups_on_system--items--permissions"></a>
+### Nested Schema for `owned_groups_on_system.items.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_organizational_units"></a>
+### Nested Schema for `owned_organizational_units`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `depth` (Number)
+- `description` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_organizational_units--links))
+- `name` (String)
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--owned_organizational_units--owner))
+- `parent` (Attributes) (see [below for nested schema](#nestedatt--owned_organizational_units--parent))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_organizational_units--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_organizational_units--links"></a>
+### Nested Schema for `owned_organizational_units.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_organizational_units--owner"></a>
+### Nested Schema for `owned_organizational_units.owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_organizational_units--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_organizational_units--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_organizational_units--owner--links"></a>
+### Nested Schema for `owned_organizational_units.owner.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_organizational_units--owner--permissions"></a>
+### Nested Schema for `owned_organizational_units.owner.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_organizational_units--parent"></a>
+### Nested Schema for `owned_organizational_units.parent`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_organizational_units--parent--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_organizational_units--parent--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_organizational_units--parent--links"></a>
+### Nested Schema for `owned_organizational_units.parent.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_organizational_units--parent--permissions"></a>
+### Nested Schema for `owned_organizational_units.parent.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_organizational_units--permissions"></a>
+### Nested Schema for `owned_organizational_units.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_systems"></a>
+### Nested Schema for `owned_systems`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `abstract_provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--abstract_provisioned_ldap))
+- `account_count` (Number)
+- `active` (Boolean)
+- `content_administrator` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--content_administrator))
+- `external_uuid` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--links))
+- `name` (String)
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--organizational_unit))
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--owner))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--permissions))
+- `provisioned_a_d` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_a_d))
+- `provisioned_azure_oidc_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_azure_oidc_directory))
+- `provisioned_azure_sync_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_azure_sync_ldap_directory))
+- `provisioned_azure_tenant` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_azure_tenant))
+- `provisioned_internal_ldap` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_internal_ldap))
+- `provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap))
+- `provisioned_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap_directory))
+- `self_service_existing_groups` (Boolean)
+- `self_service_new_groups` (Boolean)
+- `self_service_service_accounts` (Boolean)
+- `should_destroy_unknown_accounts` (Boolean)
+- `technical_administrator` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--technical_administrator))
+- `type` (String)
+- `username_prefix` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--abstract_provisioned_ldap"></a>
+### Nested Schema for `owned_systems.abstract_provisioned_ldap`
+
+Read-Only:
+
+- `attributes` (Map of String)
+- `base_dn` (String)
+- `bind_dn` (String)
+- `bind_password` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--abstract_provisioned_ldap--client_certificate))
+- `failover_host` (String)
+- `failover_trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--abstract_provisioned_ldap--failover_trusted_certificate))
+- `group_dn` (String)
+- `host` (String)
+- `object_classes` (String)
+- `port` (Number)
+- `service_account_dn` (String)
+- `ssh_public_key_supported` (Boolean)
+- `tls` (String)
+- `trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--abstract_provisioned_ldap--trusted_certificate))
+- `user_dn` (String)
+
+<a id="nestedatt--owned_systems--abstract_provisioned_ldap--client_certificate"></a>
+### Nested Schema for `owned_systems.abstract_provisioned_ldap.client_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--abstract_provisioned_ldap--client_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--abstract_provisioned_ldap--client_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--abstract_provisioned_ldap--client_certificate--links"></a>
+### Nested Schema for `owned_systems.abstract_provisioned_ldap.client_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--abstract_provisioned_ldap--client_certificate--permissions"></a>
+### Nested Schema for `owned_systems.abstract_provisioned_ldap.client_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_systems--abstract_provisioned_ldap--failover_trusted_certificate"></a>
+### Nested Schema for `owned_systems.abstract_provisioned_ldap.failover_trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--abstract_provisioned_ldap--failover_trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--abstract_provisioned_ldap--failover_trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--abstract_provisioned_ldap--failover_trusted_certificate--links"></a>
+### Nested Schema for `owned_systems.abstract_provisioned_ldap.failover_trusted_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--abstract_provisioned_ldap--failover_trusted_certificate--permissions"></a>
+### Nested Schema for `owned_systems.abstract_provisioned_ldap.failover_trusted_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_systems--abstract_provisioned_ldap--trusted_certificate"></a>
+### Nested Schema for `owned_systems.abstract_provisioned_ldap.trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--abstract_provisioned_ldap--trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--abstract_provisioned_ldap--trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--abstract_provisioned_ldap--trusted_certificate--links"></a>
+### Nested Schema for `owned_systems.abstract_provisioned_ldap.trusted_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--abstract_provisioned_ldap--trusted_certificate--permissions"></a>
+### Nested Schema for `owned_systems.abstract_provisioned_ldap.trusted_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_systems--content_administrator"></a>
+### Nested Schema for `owned_systems.content_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--content_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--content_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--content_administrator--links"></a>
+### Nested Schema for `owned_systems.content_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--content_administrator--permissions"></a>
+### Nested Schema for `owned_systems.content_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_systems--links"></a>
+### Nested Schema for `owned_systems.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--organizational_unit"></a>
+### Nested Schema for `owned_systems.organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--organizational_unit--links"></a>
+### Nested Schema for `owned_systems.organizational_unit.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--organizational_unit--permissions"></a>
+### Nested Schema for `owned_systems.organizational_unit.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_systems--owner"></a>
+### Nested Schema for `owned_systems.owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--owner--links"></a>
+### Nested Schema for `owned_systems.owner.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--owner--permissions"></a>
+### Nested Schema for `owned_systems.owner.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_systems--permissions"></a>
+### Nested Schema for `owned_systems.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_a_d"></a>
+### Nested Schema for `owned_systems.provisioned_a_d`
+
+Read-Only:
+
+- `sam_account_name_scheme` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_azure_oidc_directory"></a>
+### Nested Schema for `owned_systems.provisioned_azure_oidc_directory`
+
+Read-Only:
+
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_azure_oidc_directory--directory))
+- `tenant` (String)
+
+<a id="nestedatt--owned_systems--provisioned_azure_oidc_directory--directory"></a>
+### Nested Schema for `owned_systems.provisioned_azure_oidc_directory.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_azure_oidc_directory--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_azure_oidc_directory--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--provisioned_azure_oidc_directory--directory--links"></a>
+### Nested Schema for `owned_systems.provisioned_azure_oidc_directory.directory.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_azure_oidc_directory--directory--permissions"></a>
+### Nested Schema for `owned_systems.provisioned_azure_oidc_directory.directory.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_systems--provisioned_azure_sync_ldap_directory"></a>
+### Nested Schema for `owned_systems.provisioned_azure_sync_ldap_directory`
+
+Read-Only:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_azure_sync_ldap_directory--directory))
+- `tenant` (String)
+
+<a id="nestedatt--owned_systems--provisioned_azure_sync_ldap_directory--directory"></a>
+### Nested Schema for `owned_systems.provisioned_azure_sync_ldap_directory.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_azure_sync_ldap_directory--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_azure_sync_ldap_directory--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--provisioned_azure_sync_ldap_directory--directory--links"></a>
+### Nested Schema for `owned_systems.provisioned_azure_sync_ldap_directory.directory.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_azure_sync_ldap_directory--directory--permissions"></a>
+### Nested Schema for `owned_systems.provisioned_azure_sync_ldap_directory.directory.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_systems--provisioned_azure_tenant"></a>
+### Nested Schema for `owned_systems.provisioned_azure_tenant`
+
+Read-Only:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `idp_domain` (String)
+- `tenant` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_internal_ldap"></a>
+### Nested Schema for `owned_systems.provisioned_internal_ldap`
+
+Read-Only:
+
+- `client` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_internal_ldap--client))
+
+<a id="nestedatt--owned_systems--provisioned_internal_ldap--client"></a>
+### Nested Schema for `owned_systems.provisioned_internal_ldap.client`
+
+Read-Only:
+
+- `bind_dn` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_internal_ldap--client--client_certificate))
+- `share_secret_in_vault` (Boolean)
+- `shared_secret` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_internal_ldap--client--shared_secret))
+- `used_for_provisioning` (Boolean)
+
+<a id="nestedatt--owned_systems--provisioned_internal_ldap--client--client_certificate"></a>
+### Nested Schema for `owned_systems.provisioned_internal_ldap.client.used_for_provisioning`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_internal_ldap--client--used_for_provisioning--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_internal_ldap--client--used_for_provisioning--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--provisioned_internal_ldap--client--used_for_provisioning--links"></a>
+### Nested Schema for `owned_systems.provisioned_internal_ldap.client.used_for_provisioning.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_internal_ldap--client--used_for_provisioning--permissions"></a>
+### Nested Schema for `owned_systems.provisioned_internal_ldap.client.used_for_provisioning.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_systems--provisioned_internal_ldap--client--shared_secret"></a>
+### Nested Schema for `owned_systems.provisioned_internal_ldap.client.used_for_provisioning`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_internal_ldap--client--used_for_provisioning--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_internal_ldap--client--used_for_provisioning--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--provisioned_internal_ldap--client--used_for_provisioning--links"></a>
+### Nested Schema for `owned_systems.provisioned_internal_ldap.client.used_for_provisioning.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_internal_ldap--client--used_for_provisioning--permissions"></a>
+### Nested Schema for `owned_systems.provisioned_internal_ldap.client.used_for_provisioning.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+
+<a id="nestedatt--owned_systems--provisioned_ldap"></a>
+### Nested Schema for `owned_systems.provisioned_ldap`
+
+Read-Only:
+
+- `gid` (Number)
+- `hashing_scheme` (String)
+- `numbering` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap--numbering))
+
+<a id="nestedatt--owned_systems--provisioned_ldap--numbering"></a>
+### Nested Schema for `owned_systems.provisioned_ldap.numbering`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `account_count` (Number)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap--numbering--links))
+- `name` (String)
+- `next_uid` (Number)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap--numbering--permissions))
+
+<a id="nestedatt--owned_systems--provisioned_ldap--numbering--links"></a>
+### Nested Schema for `owned_systems.provisioned_ldap.numbering.permissions`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_ldap--numbering--permissions"></a>
+### Nested Schema for `owned_systems.provisioned_ldap.numbering.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_systems--provisioned_ldap_directory"></a>
+### Nested Schema for `owned_systems.provisioned_ldap_directory`
+
+Read-Only:
+
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap_directory--directory))
+- `group_dn` (String)
+
+<a id="nestedatt--owned_systems--provisioned_ldap_directory--directory"></a>
+### Nested Schema for `owned_systems.provisioned_ldap_directory.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap_directory--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap_directory--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--provisioned_ldap_directory--directory--links"></a>
+### Nested Schema for `owned_systems.provisioned_ldap_directory.directory.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_ldap_directory--directory--permissions"></a>
+### Nested Schema for `owned_systems.provisioned_ldap_directory.directory.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_systems--technical_administrator"></a>
+### Nested Schema for `owned_systems.technical_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--technical_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--technical_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--technical_administrator--links"></a>
+### Nested Schema for `owned_systems.technical_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--technical_administrator--permissions"></a>
+### Nested Schema for `owned_systems.technical_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--recent_audits"></a>
+### Nested Schema for `recent_audits`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `accounts` (Attributes List) (see [below for nested schema](#nestedatt--recent_audits--accounts))
+- `comment` (String)
+- `created_at` (String)
+- `created_by` (String)
+- `group_name` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--recent_audits--links))
+- `name_on_audit` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--recent_audits--permissions))
+- `reviewed_at` (String)
+- `reviewed_by` (String)
+- `status` (String)
+- `submitted_at` (String)
+- `submitted_by` (String)
+
+<a id="nestedatt--recent_audits--accounts"></a>
+### Nested Schema for `recent_audits.accounts`
+
+Read-Only:
+
+- `account_uuid` (String)
+- `account_valid` (Boolean)
+- `action` (String)
+- `comment` (String)
+- `disconnected_nested` (Boolean)
+- `display_name` (String)
+- `end_date` (String)
+- `last_active` (String)
+- `last_used` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--recent_audits--accounts--links))
+- `nested` (Boolean)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--recent_audits--accounts--permissions))
+- `rights` (String)
+- `username` (String)
+
+<a id="nestedatt--recent_audits--accounts--links"></a>
+### Nested Schema for `recent_audits.accounts.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--recent_audits--accounts--permissions"></a>
+### Nested Schema for `recent_audits.accounts.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--recent_audits--links"></a>
+### Nested Schema for `recent_audits.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--recent_audits--permissions"></a>
+### Nested Schema for `recent_audits.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--service_accounts"></a>
+### Nested Schema for `service_accounts`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `active` (Boolean)
+- `description` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--links))
+- `name` (String)
+- `password` (Attributes) (see [below for nested schema](#nestedatt--service_accounts--password))
+- `password_rotation` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--permissions))
+- `system` (Attributes) (see [below for nested schema](#nestedatt--service_accounts--system))
+- `technical_administrator` (Attributes) (see [below for nested schema](#nestedatt--service_accounts--technical_administrator))
+- `username` (String)
+- `uuid` (String)
+
+<a id="nestedatt--service_accounts--links"></a>
+### Nested Schema for `service_accounts.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--service_accounts--password"></a>
+### Nested Schema for `service_accounts.password`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--password--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--password--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--service_accounts--password--links"></a>
+### Nested Schema for `service_accounts.password.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--service_accounts--password--permissions"></a>
+### Nested Schema for `service_accounts.password.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--service_accounts--permissions"></a>
+### Nested Schema for `service_accounts.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--service_accounts--system"></a>
+### Nested Schema for `service_accounts.system`
+
+Read-Only:
+
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--system--links))
+- `name` (String)
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--service_accounts--system--organizational_unit))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--system--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--service_accounts--system--links"></a>
+### Nested Schema for `service_accounts.system.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--service_accounts--system--organizational_unit"></a>
+### Nested Schema for `service_accounts.system.organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--system--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--system--organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--service_accounts--system--organizational_unit--links"></a>
+### Nested Schema for `service_accounts.system.organizational_unit.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--service_accounts--system--organizational_unit--permissions"></a>
+### Nested Schema for `service_accounts.system.organizational_unit.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--service_accounts--system--permissions"></a>
+### Nested Schema for `service_accounts.system.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--service_accounts--technical_administrator"></a>
+### Nested Schema for `service_accounts.technical_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--technical_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--technical_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--service_accounts--technical_administrator--links"></a>
+### Nested Schema for `service_accounts.technical_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--service_accounts--technical_administrator--permissions"></a>
+### Nested Schema for `service_accounts.technical_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--systems"></a>
+### Nested Schema for `systems`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `activation_required` (Boolean)
+- `group` (Attributes) (see [below for nested schema](#nestedatt--systems--group))
+- `group_on_system` (Attributes) (see [below for nested schema](#nestedatt--systems--group_on_system))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--systems--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--systems--permissions))
+
+<a id="nestedatt--systems--group"></a>
+### Nested Schema for `systems.group`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--systems--group--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--systems--group--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--systems--group--links"></a>
+### Nested Schema for `systems.group.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--systems--group--permissions"></a>
+### Nested Schema for `systems.group.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--systems--group_on_system"></a>
+### Nested Schema for `systems.group_on_system`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `display_name` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--systems--group_on_system--links))
+- `name_in_system` (String)
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--systems--group_on_system--owner))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--systems--group_on_system--permissions))
+- `short_name_in_system` (String)
+- `type` (String)
+
+<a id="nestedatt--systems--group_on_system--links"></a>
+### Nested Schema for `systems.group_on_system.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--systems--group_on_system--owner"></a>
+### Nested Schema for `systems.group_on_system.owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--systems--group_on_system--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--systems--group_on_system--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--systems--group_on_system--owner--links"></a>
+### Nested Schema for `systems.group_on_system.owner.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--systems--group_on_system--owner--permissions"></a>
+### Nested Schema for `systems.group_on_system.owner.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--systems--group_on_system--permissions"></a>
+### Nested Schema for `systems.group_on_system.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--systems--links"></a>
+### Nested Schema for `systems.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--systems--permissions"></a>
+### Nested Schema for `systems.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--vault"></a>
+### Nested Schema for `vault`
+
+Read-Only:
+
+- `access_available` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--vault--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--vault--permissions))
+- `records` (Attributes List) (see [below for nested schema](#nestedatt--vault--records))
+
+<a id="nestedatt--vault--links"></a>
+### Nested Schema for `vault.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--vault--permissions"></a>
+### Nested Schema for `vault.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--vault--records"></a>
+### Nested Schema for `vault.records`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `color` (String)
+- `derived` (Boolean)
+- `end_date` (String)
+- `filename` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--vault--records--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--vault--records--permissions))
+- `share_end_time` (String)
+- `types` (List of String)
+- `url` (String)
+- `username` (String)
+- `uuid` (String)
+- `warning_period` (String)
+
+<a id="nestedatt--vault--records--links"></a>
+### Nested Schema for `vault.records.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--vault--records--permissions"></a>
+### Nested Schema for `vault.records.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--webhooks"></a>
+### Nested Schema for `webhooks`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `account` (Attributes) (see [below for nested schema](#nestedatt--webhooks--account))
+- `active` (Boolean)
+- `all_types` (Boolean)
+- `authentication_scheme` (String)
+- `basic_auth_password` (String)
+- `basic_auth_username` (String)
+- `bearer_token` (String)
+- `client` (Attributes) (see [below for nested schema](#nestedatt--webhooks--client))
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--webhooks--client_certificate))
+- `custom_header_name` (String)
+- `custom_header_value` (String)
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--webhooks--directory))
+- `group` (Attributes) (see [below for nested schema](#nestedatt--webhooks--group))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--permissions))
+- `system` (Attributes) (see [below for nested schema](#nestedatt--webhooks--system))
+- `tls` (String)
+- `trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--webhooks--trusted_certificate))
+- `types` (List of String)
+- `url` (String)
+- `uuid` (String)
+- `verbose_payloads` (Boolean)
+
+<a id="nestedatt--webhooks--account"></a>
+### Nested Schema for `webhooks.account`
+
+Read-Only:
+
+- `display_name` (String)
+- `last_active` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--account--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--account--permissions))
+- `username` (String)
+- `uuid` (String)
+- `validity` (String)
+
+<a id="nestedatt--webhooks--account--links"></a>
+### Nested Schema for `webhooks.account.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--webhooks--account--permissions"></a>
+### Nested Schema for `webhooks.account.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--webhooks--client"></a>
+### Nested Schema for `webhooks.client`
+
+Read-Only:
+
+- `client_id` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--client--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--client--permissions))
+- `scopes` (List of String)
+- `sso_application` (Boolean)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--webhooks--client--links"></a>
+### Nested Schema for `webhooks.client.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--webhooks--client--permissions"></a>
+### Nested Schema for `webhooks.client.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--webhooks--client_certificate"></a>
+### Nested Schema for `webhooks.client_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--client_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--client_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--webhooks--client_certificate--links"></a>
+### Nested Schema for `webhooks.client_certificate.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--webhooks--client_certificate--permissions"></a>
+### Nested Schema for `webhooks.client_certificate.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--webhooks--directory"></a>
+### Nested Schema for `webhooks.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--webhooks--directory--links"></a>
+### Nested Schema for `webhooks.directory.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--webhooks--directory--permissions"></a>
+### Nested Schema for `webhooks.directory.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--webhooks--group"></a>
+### Nested Schema for `webhooks.group`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--group--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--group--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--webhooks--group--links"></a>
+### Nested Schema for `webhooks.group.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--webhooks--group--permissions"></a>
+### Nested Schema for `webhooks.group.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--webhooks--links"></a>
+### Nested Schema for `webhooks.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--webhooks--permissions"></a>
+### Nested Schema for `webhooks.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--webhooks--system"></a>
+### Nested Schema for `webhooks.system`
+
+Read-Only:
+
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--system--links))
+- `name` (String)
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--webhooks--system--organizational_unit))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--system--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--webhooks--system--links"></a>
+### Nested Schema for `webhooks.system.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--webhooks--system--organizational_unit"></a>
+### Nested Schema for `webhooks.system.organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--system--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--system--organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--webhooks--system--organizational_unit--links"></a>
+### Nested Schema for `webhooks.system.organizational_unit.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--webhooks--system--organizational_unit--permissions"></a>
+### Nested Schema for `webhooks.system.organizational_unit.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--webhooks--system--permissions"></a>
+### Nested Schema for `webhooks.system.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--webhooks--trusted_certificate"></a>
+### Nested Schema for `webhooks.trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--webhooks--trusted_certificate--links"></a>
+### Nested Schema for `webhooks.trusted_certificate.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--webhooks--trusted_certificate--permissions"></a>
+### Nested Schema for `webhooks.trusted_certificate.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
diff --git a/docs/data-sources/groupclassification.md b/docs/data-sources/groupclassification.md
new file mode 100644
index 0000000..716b026
--- /dev/null
+++ b/docs/data-sources/groupclassification.md
@@ -0,0 +1,84 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_groupclassification Data Source - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_groupclassification (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `uuid` (String)
+
+### Optional
+
+- `additional` (List of String)
+
+### Read-Only
+
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `authorizing_group_auditing_required` (Boolean)
+- `authorizing_group_delegation_required` (Boolean)
+- `authorizing_group_membership_required` (Boolean)
+- `authorizing_group_provisioning_required` (Boolean)
+- `default_classification` (Boolean)
+- `description` (String)
+- `info` (Attributes) (see [below for nested schema](#nestedatt--info))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `maximum_audit_interval` (Number)
+- `minimum_nr_managers` (Number)
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `record_trail_required` (Boolean)
+- `required_months` (List of String)
+- `rotating_password_required` (Boolean)
+- `vault_requires_activation` (Boolean)
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--info"></a>
+### Nested Schema for `info`
+
+Read-Only:
+
+- `nr_groups` (Number)
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
diff --git a/docs/data-sources/organizationalunit.md b/docs/data-sources/organizationalunit.md
new file mode 100644
index 0000000..5709d14
--- /dev/null
+++ b/docs/data-sources/organizationalunit.md
@@ -0,0 +1,134 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_organizationalunit Data Source - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_organizationalunit (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `uuid` (String)
+
+### Optional
+
+- `additional` (List of String)
+
+### Read-Only
+
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `depth` (Number)
+- `description` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `name` (String)
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--owner))
+- `parent` (Attributes) (see [below for nested schema](#nestedatt--parent))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owner"></a>
+### Nested Schema for `owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owner--links"></a>
+### Nested Schema for `owner.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owner--permissions"></a>
+### Nested Schema for `owner.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--parent"></a>
+### Nested Schema for `parent`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--parent--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--parent--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--parent--links"></a>
+### Nested Schema for `parent.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--parent--permissions"></a>
+### Nested Schema for `parent.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
diff --git a/docs/data-sources/scaffolding_example.md b/docs/data-sources/scaffolding_example.md
deleted file mode 100644
index 9c9de1e..0000000
--- a/docs/data-sources/scaffolding_example.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "scaffolding_example Data Source - terraform-provider-scaffolding-framework"
-subcategory: ""
-description: |-
-  Example data source
----
-
-# scaffolding_example (Data Source)
-
-Example data source
-
-## Example Usage
-
-```terraform
-data "scaffolding_example" "example" {
-  configurable_attribute = "some-value"
-}
-```
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Optional
-
-- `configurable_attribute` (String) Example configurable attribute
-
-### Read-Only
-
-- `id` (String) Example identifier
diff --git a/docs/data-sources/serviceaccount.md b/docs/data-sources/serviceaccount.md
new file mode 100644
index 0000000..f0031a6
--- /dev/null
+++ b/docs/data-sources/serviceaccount.md
@@ -0,0 +1,264 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_serviceaccount Data Source - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_serviceaccount (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `uuid` (String)
+
+### Optional
+
+- `additional` (List of String)
+
+### Read-Only
+
+- `active` (Boolean)
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `description` (String)
+- `groups` (Attributes List) (see [below for nested schema](#nestedatt--groups))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `name` (String)
+- `password` (Attributes) (see [below for nested schema](#nestedatt--password))
+- `password_rotation` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `secret` (Attributes) (see [below for nested schema](#nestedatt--secret))
+- `system` (Attributes) (see [below for nested schema](#nestedatt--system))
+- `technical_administrator` (Attributes) (see [below for nested schema](#nestedatt--technical_administrator))
+- `username` (String)
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--groups"></a>
+### Nested Schema for `groups`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `display_name` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--links))
+- `name_in_system` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--permissions))
+- `short_name_in_system` (String)
+- `type` (String)
+
+<a id="nestedatt--groups--links"></a>
+### Nested Schema for `groups.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--permissions"></a>
+### Nested Schema for `groups.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--password"></a>
+### Nested Schema for `password`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--password--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--password--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--password--links"></a>
+### Nested Schema for `password.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--password--permissions"></a>
+### Nested Schema for `password.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--secret"></a>
+### Nested Schema for `secret`
+
+Read-Only:
+
+- `generated_secret` (String)
+- `old_secret` (String)
+- `regenerate` (Boolean)
+
+
+<a id="nestedatt--system"></a>
+### Nested Schema for `system`
+
+Required:
+
+- `uuid` (String)
+
+Read-Only:
+
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--system--links))
+- `name` (String)
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--system--organizational_unit))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--system--permissions))
+- `type` (String)
+
+<a id="nestedatt--system--links"></a>
+### Nested Schema for `system.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--system--organizational_unit"></a>
+### Nested Schema for `system.organizational_unit`
+
+Required:
+
+- `uuid` (String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--system--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--system--organizational_unit--permissions))
+
+<a id="nestedatt--system--organizational_unit--links"></a>
+### Nested Schema for `system.organizational_unit.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--system--organizational_unit--permissions"></a>
+### Nested Schema for `system.organizational_unit.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--system--permissions"></a>
+### Nested Schema for `system.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--technical_administrator"></a>
+### Nested Schema for `technical_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--technical_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--technical_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--technical_administrator--links"></a>
+### Nested Schema for `technical_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--technical_administrator--permissions"></a>
+### Nested Schema for `technical_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
diff --git a/docs/data-sources/system.md b/docs/data-sources/system.md
new file mode 100644
index 0000000..6d9bb70
--- /dev/null
+++ b/docs/data-sources/system.md
@@ -0,0 +1,965 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_system Data Source - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_system (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `uuid` (String)
+
+### Optional
+
+- `additional` (List of String)
+
+### Read-Only
+
+- `abstract_provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--abstract_provisioned_ldap))
+- `account` (Attributes) (see [below for nested schema](#nestedatt--account))
+- `account_count` (Number)
+- `active` (Boolean)
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `content_administrator` (Attributes) (see [below for nested schema](#nestedatt--content_administrator))
+- `external_uuid` (String)
+- `issued_permissions` (Attributes List) (see [below for nested schema](#nestedatt--issued_permissions))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `login_name` (String)
+- `management_permissions` (Attributes) (see [below for nested schema](#nestedatt--management_permissions))
+- `markers` (Attributes) (see [below for nested schema](#nestedatt--markers))
+- `name` (String)
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--organizational_unit))
+- `owner` (Attributes) (see [below for nested schema](#nestedatt--owner))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `provisioned_a_d` (Attributes) (see [below for nested schema](#nestedatt--provisioned_a_d))
+- `provisioned_azure_oidc_directory` (Attributes) (see [below for nested schema](#nestedatt--provisioned_azure_oidc_directory))
+- `provisioned_azure_sync_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--provisioned_azure_sync_ldap_directory))
+- `provisioned_azure_tenant` (Attributes) (see [below for nested schema](#nestedatt--provisioned_azure_tenant))
+- `provisioned_internal_ldap` (Attributes) (see [below for nested schema](#nestedatt--provisioned_internal_ldap))
+- `provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--provisioned_ldap))
+- `provisioned_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--provisioned_ldap_directory))
+- `self_service_existing_groups` (Boolean)
+- `self_service_new_groups` (Boolean)
+- `self_service_service_accounts` (Boolean)
+- `should_destroy_unknown_accounts` (Boolean)
+- `statistics` (Attributes) (see [below for nested schema](#nestedatt--statistics))
+- `supported_group_types` (Attributes) (see [below for nested schema](#nestedatt--supported_group_types))
+- `technical_administrator` (Attributes) (see [below for nested schema](#nestedatt--technical_administrator))
+- `type` (String)
+- `username_prefix` (String)
+
+<a id="nestedatt--abstract_provisioned_ldap"></a>
+### Nested Schema for `abstract_provisioned_ldap`
+
+Read-Only:
+
+- `attributes` (Map of String)
+- `base_dn` (String)
+- `bind_dn` (String)
+- `bind_password` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--abstract_provisioned_ldap--client_certificate))
+- `failover_host` (String)
+- `failover_trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--abstract_provisioned_ldap--failover_trusted_certificate))
+- `group_dn` (String)
+- `host` (String)
+- `object_classes` (String)
+- `port` (Number)
+- `service_account_dn` (String)
+- `ssh_public_key_supported` (Boolean)
+- `tls` (String)
+- `trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--abstract_provisioned_ldap--trusted_certificate))
+- `user_dn` (String)
+
+<a id="nestedatt--abstract_provisioned_ldap--client_certificate"></a>
+### Nested Schema for `abstract_provisioned_ldap.client_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--abstract_provisioned_ldap--client_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--abstract_provisioned_ldap--client_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--abstract_provisioned_ldap--client_certificate--links"></a>
+### Nested Schema for `abstract_provisioned_ldap.client_certificate.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--abstract_provisioned_ldap--client_certificate--permissions"></a>
+### Nested Schema for `abstract_provisioned_ldap.client_certificate.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--abstract_provisioned_ldap--failover_trusted_certificate"></a>
+### Nested Schema for `abstract_provisioned_ldap.failover_trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--abstract_provisioned_ldap--failover_trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--abstract_provisioned_ldap--failover_trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--abstract_provisioned_ldap--failover_trusted_certificate--links"></a>
+### Nested Schema for `abstract_provisioned_ldap.failover_trusted_certificate.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--abstract_provisioned_ldap--failover_trusted_certificate--permissions"></a>
+### Nested Schema for `abstract_provisioned_ldap.failover_trusted_certificate.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--abstract_provisioned_ldap--trusted_certificate"></a>
+### Nested Schema for `abstract_provisioned_ldap.trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--abstract_provisioned_ldap--trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--abstract_provisioned_ldap--trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--abstract_provisioned_ldap--trusted_certificate--links"></a>
+### Nested Schema for `abstract_provisioned_ldap.trusted_certificate.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--abstract_provisioned_ldap--trusted_certificate--permissions"></a>
+### Nested Schema for `abstract_provisioned_ldap.trusted_certificate.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--account"></a>
+### Nested Schema for `account`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `display_name` (String)
+- `last_active` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--account--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--account--permissions))
+- `uid` (Number)
+- `username` (String)
+- `uuid` (String)
+- `validity` (String)
+
+<a id="nestedatt--account--links"></a>
+### Nested Schema for `account.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--account--permissions"></a>
+### Nested Schema for `account.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--content_administrator"></a>
+### Nested Schema for `content_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--content_administrator--links"></a>
+### Nested Schema for `content_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administrator--permissions"></a>
+### Nested Schema for `content_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--issued_permissions"></a>
+### Nested Schema for `issued_permissions`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `client` (Attributes) (see [below for nested schema](#nestedatt--issued_permissions--client))
+- `for_group` (Attributes) (see [below for nested schema](#nestedatt--issued_permissions--for_group))
+- `for_system` (Attributes) (see [below for nested schema](#nestedatt--issued_permissions--for_system))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--issued_permissions--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--issued_permissions--permissions))
+- `value` (String)
+
+<a id="nestedatt--issued_permissions--client"></a>
+### Nested Schema for `issued_permissions.client`
+
+Read-Only:
+
+- `account_permissions` (Attributes List) (see [below for nested schema](#nestedatt--issued_permissions--client--account_permissions))
+- `attributes` (Map of String)
+- `callback_uri` (String)
+- `confidential` (Boolean)
+- `debug_mode` (Boolean)
+- `id_token_claims` (String)
+- `initiate_login_uri` (String)
+- `resource_uris` (String)
+- `share_secret_in_vault` (Boolean)
+- `shared_secret` (Attributes) (see [below for nested schema](#nestedatt--issued_permissions--client--shared_secret))
+- `show_landing_page` (Boolean)
+- `use_client_credentials` (Boolean)
+
+<a id="nestedatt--issued_permissions--client--account_permissions"></a>
+### Nested Schema for `issued_permissions.client.account_permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--issued_permissions--client--shared_secret"></a>
+### Nested Schema for `issued_permissions.client.shared_secret`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--issued_permissions--client--shared_secret--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--issued_permissions--client--shared_secret--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--issued_permissions--client--shared_secret--links"></a>
+### Nested Schema for `issued_permissions.client.shared_secret.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--issued_permissions--client--shared_secret--permissions"></a>
+### Nested Schema for `issued_permissions.client.shared_secret.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--issued_permissions--for_group"></a>
+### Nested Schema for `issued_permissions.for_group`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--issued_permissions--for_group--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--issued_permissions--for_group--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--issued_permissions--for_group--links"></a>
+### Nested Schema for `issued_permissions.for_group.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--issued_permissions--for_group--permissions"></a>
+### Nested Schema for `issued_permissions.for_group.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--issued_permissions--for_system"></a>
+### Nested Schema for `issued_permissions.for_system`
+
+Read-Only:
+
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--issued_permissions--for_system--links))
+- `name` (String)
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--issued_permissions--for_system--organizational_unit))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--issued_permissions--for_system--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--issued_permissions--for_system--links"></a>
+### Nested Schema for `issued_permissions.for_system.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--issued_permissions--for_system--organizational_unit"></a>
+### Nested Schema for `issued_permissions.for_system.organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--issued_permissions--for_system--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--issued_permissions--for_system--organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--issued_permissions--for_system--organizational_unit--links"></a>
+### Nested Schema for `issued_permissions.for_system.organizational_unit.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--issued_permissions--for_system--organizational_unit--permissions"></a>
+### Nested Schema for `issued_permissions.for_system.organizational_unit.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--issued_permissions--for_system--permissions"></a>
+### Nested Schema for `issued_permissions.for_system.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--issued_permissions--links"></a>
+### Nested Schema for `issued_permissions.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--issued_permissions--permissions"></a>
+### Nested Schema for `issued_permissions.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--management_permissions"></a>
+### Nested Schema for `management_permissions`
+
+Read-Only:
+
+- `create_new_groups_allowed` (Boolean)
+- `create_service_accounts_allowed` (Boolean)
+- `reuse_existing_groups_allowed` (Boolean)
+
+
+<a id="nestedatt--markers"></a>
+### Nested Schema for `markers`
+
+Read-Only:
+
+- `markers` (Attributes List) (see [below for nested schema](#nestedatt--markers--markers))
+
+<a id="nestedatt--markers--markers"></a>
+### Nested Schema for `markers.markers`
+
+Read-Only:
+
+- `level` (String)
+- `parameters` (Map of String)
+- `type` (String)
+
+
+
+<a id="nestedatt--organizational_unit"></a>
+### Nested Schema for `organizational_unit`
+
+Required:
+
+- `uuid` (String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--organizational_unit--permissions))
+
+<a id="nestedatt--organizational_unit--links"></a>
+### Nested Schema for `organizational_unit.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--organizational_unit--permissions"></a>
+### Nested Schema for `organizational_unit.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owner"></a>
+### Nested Schema for `owner`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owner--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owner--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owner--links"></a>
+### Nested Schema for `owner.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owner--permissions"></a>
+### Nested Schema for `owner.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--provisioned_a_d"></a>
+### Nested Schema for `provisioned_a_d`
+
+Read-Only:
+
+- `sam_account_name_scheme` (String)
+
+
+<a id="nestedatt--provisioned_azure_oidc_directory"></a>
+### Nested Schema for `provisioned_azure_oidc_directory`
+
+Read-Only:
+
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--provisioned_azure_oidc_directory--directory))
+- `tenant` (String)
+
+<a id="nestedatt--provisioned_azure_oidc_directory--directory"></a>
+### Nested Schema for `provisioned_azure_oidc_directory.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--provisioned_azure_oidc_directory--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--provisioned_azure_oidc_directory--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--provisioned_azure_oidc_directory--directory--links"></a>
+### Nested Schema for `provisioned_azure_oidc_directory.directory.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--provisioned_azure_oidc_directory--directory--permissions"></a>
+### Nested Schema for `provisioned_azure_oidc_directory.directory.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--provisioned_azure_sync_ldap_directory"></a>
+### Nested Schema for `provisioned_azure_sync_ldap_directory`
+
+Read-Only:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--provisioned_azure_sync_ldap_directory--directory))
+- `tenant` (String)
+
+<a id="nestedatt--provisioned_azure_sync_ldap_directory--directory"></a>
+### Nested Schema for `provisioned_azure_sync_ldap_directory.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--provisioned_azure_sync_ldap_directory--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--provisioned_azure_sync_ldap_directory--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--provisioned_azure_sync_ldap_directory--directory--links"></a>
+### Nested Schema for `provisioned_azure_sync_ldap_directory.directory.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--provisioned_azure_sync_ldap_directory--directory--permissions"></a>
+### Nested Schema for `provisioned_azure_sync_ldap_directory.directory.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--provisioned_azure_tenant"></a>
+### Nested Schema for `provisioned_azure_tenant`
+
+Read-Only:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `idp_domain` (String)
+- `tenant` (String)
+
+
+<a id="nestedatt--provisioned_internal_ldap"></a>
+### Nested Schema for `provisioned_internal_ldap`
+
+Read-Only:
+
+- `client` (Attributes) (see [below for nested schema](#nestedatt--provisioned_internal_ldap--client))
+
+<a id="nestedatt--provisioned_internal_ldap--client"></a>
+### Nested Schema for `provisioned_internal_ldap.client`
+
+Read-Only:
+
+- `bind_dn` (String)
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--provisioned_internal_ldap--client--client_certificate))
+- `share_secret_in_vault` (Boolean)
+- `shared_secret` (Attributes) (see [below for nested schema](#nestedatt--provisioned_internal_ldap--client--shared_secret))
+- `used_for_provisioning` (Boolean)
+
+<a id="nestedatt--provisioned_internal_ldap--client--client_certificate"></a>
+### Nested Schema for `provisioned_internal_ldap.client.client_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--provisioned_internal_ldap--client--client_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--provisioned_internal_ldap--client--client_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--provisioned_internal_ldap--client--client_certificate--links"></a>
+### Nested Schema for `provisioned_internal_ldap.client.client_certificate.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--provisioned_internal_ldap--client--client_certificate--permissions"></a>
+### Nested Schema for `provisioned_internal_ldap.client.client_certificate.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--provisioned_internal_ldap--client--shared_secret"></a>
+### Nested Schema for `provisioned_internal_ldap.client.shared_secret`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--provisioned_internal_ldap--client--shared_secret--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--provisioned_internal_ldap--client--shared_secret--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--provisioned_internal_ldap--client--shared_secret--links"></a>
+### Nested Schema for `provisioned_internal_ldap.client.shared_secret.uuid`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--provisioned_internal_ldap--client--shared_secret--permissions"></a>
+### Nested Schema for `provisioned_internal_ldap.client.shared_secret.uuid`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+
+<a id="nestedatt--provisioned_ldap"></a>
+### Nested Schema for `provisioned_ldap`
+
+Read-Only:
+
+- `gid` (Number)
+- `hashing_scheme` (String)
+- `numbering` (Attributes) (see [below for nested schema](#nestedatt--provisioned_ldap--numbering))
+
+<a id="nestedatt--provisioned_ldap--numbering"></a>
+### Nested Schema for `provisioned_ldap.numbering`
+
+Optional:
+
+- `additional` (List of String)
+
+Read-Only:
+
+- `account_count` (Number)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--provisioned_ldap--numbering--links))
+- `name` (String)
+- `next_uid` (Number)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--provisioned_ldap--numbering--permissions))
+
+<a id="nestedatt--provisioned_ldap--numbering--links"></a>
+### Nested Schema for `provisioned_ldap.numbering.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--provisioned_ldap--numbering--permissions"></a>
+### Nested Schema for `provisioned_ldap.numbering.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--provisioned_ldap_directory"></a>
+### Nested Schema for `provisioned_ldap_directory`
+
+Read-Only:
+
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--provisioned_ldap_directory--directory))
+- `group_dn` (String)
+
+<a id="nestedatt--provisioned_ldap_directory--directory"></a>
+### Nested Schema for `provisioned_ldap_directory.directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--provisioned_ldap_directory--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--provisioned_ldap_directory--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--provisioned_ldap_directory--directory--links"></a>
+### Nested Schema for `provisioned_ldap_directory.directory.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--provisioned_ldap_directory--directory--permissions"></a>
+### Nested Schema for `provisioned_ldap_directory.directory.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--statistics"></a>
+### Nested Schema for `statistics`
+
+Read-Only:
+
+- `number_of_failed_calls` (Number)
+- `number_of_not_permitted_calls` (Number)
+- `number_of_successful_calls` (Number)
+- `state` (String)
+
+
+<a id="nestedatt--supported_group_types"></a>
+### Nested Schema for `supported_group_types`
+
+Read-Only:
+
+- `types` (List of String)
+
+
+<a id="nestedatt--technical_administrator"></a>
+### Nested Schema for `technical_administrator`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--technical_administrator--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--technical_administrator--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--technical_administrator--links"></a>
+### Nested Schema for `technical_administrator.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--technical_administrator--permissions"></a>
+### Nested Schema for `technical_administrator.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
diff --git a/docs/data-sources/vaultrecord.md b/docs/data-sources/vaultrecord.md
new file mode 100644
index 0000000..efe729e
--- /dev/null
+++ b/docs/data-sources/vaultrecord.md
@@ -0,0 +1,211 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_vaultrecord Data Source - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_vaultrecord (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `uuid` (String)
+
+### Optional
+
+- `additional` (List of String)
+
+### Read-Only
+
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `color` (String)
+- `derived` (Boolean)
+- `end_date` (String)
+- `filename` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `name` (String)
+- `parent` (Attributes) (see [below for nested schema](#nestedatt--parent))
+- `password_metadata` (Attributes) (see [below for nested schema](#nestedatt--password_metadata))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `secret` (Attributes) (see [below for nested schema](#nestedatt--secret))
+- `share_end_time` (String)
+- `share_summary` (Attributes) (see [below for nested schema](#nestedatt--share_summary))
+- `shares` (Attributes List) (see [below for nested schema](#nestedatt--shares))
+- `tile` (Attributes) (see [below for nested schema](#nestedatt--tile))
+- `types` (List of String)
+- `url` (String)
+- `username` (String)
+- `vaultholder` (Attributes) (see [below for nested schema](#nestedatt--vaultholder))
+- `warning_period` (String)
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--parent"></a>
+### Nested Schema for `parent`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--parent--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--parent--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--parent--links"></a>
+### Nested Schema for `parent.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--parent--permissions"></a>
+### Nested Schema for `parent.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--password_metadata"></a>
+### Nested Schema for `password_metadata`
+
+Read-Only:
+
+- `dictionary` (Boolean)
+- `duplicate` (Boolean)
+- `hash` (String)
+- `length` (Number)
+- `lower_count` (Number)
+- `number_count` (Number)
+- `special_count` (Number)
+- `strength` (Number)
+- `upper_count` (Number)
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--secret"></a>
+### Nested Schema for `secret`
+
+Read-Only:
+
+- `comment` (String)
+- `file` (String)
+- `password` (String)
+- `totp` (String)
+
+
+<a id="nestedatt--share_summary"></a>
+### Nested Schema for `share_summary`
+
+Read-Only:
+
+- `children` (Attributes List) (see [below for nested schema](#nestedatt--share_summary--children))
+- `parent` (Attributes) (see [below for nested schema](#nestedatt--share_summary--parent))
+
+<a id="nestedatt--share_summary--children"></a>
+### Nested Schema for `share_summary.children`
+
+Read-Only:
+
+- `name` (String)
+- `type` (String)
+
+
+<a id="nestedatt--share_summary--parent"></a>
+### Nested Schema for `share_summary.parent`
+
+Read-Only:
+
+- `name` (String)
+- `type` (String)
+
+
+
+<a id="nestedatt--shares"></a>
+### Nested Schema for `shares`
+
+Read-Only:
+
+- `color` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--shares--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--shares--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--shares--links"></a>
+### Nested Schema for `shares.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--shares--permissions"></a>
+### Nested Schema for `shares.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--tile"></a>
+### Nested Schema for `tile`
+
+
+<a id="nestedatt--vaultholder"></a>
+### Nested Schema for `vaultholder`
diff --git a/docs/data-sources/webhook.md b/docs/data-sources/webhook.md
new file mode 100644
index 0000000..9eace9d
--- /dev/null
+++ b/docs/data-sources/webhook.md
@@ -0,0 +1,373 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_webhook Data Source - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_webhook (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `uuid` (String)
+
+### Optional
+
+- `additional` (List of String)
+
+### Read-Only
+
+- `account` (Attributes) (see [below for nested schema](#nestedatt--account))
+- `active` (Boolean)
+- `all_types` (Boolean)
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `authentication_scheme` (String)
+- `basic_auth_password` (String)
+- `basic_auth_username` (String)
+- `bearer_token` (String)
+- `client` (Attributes) (see [below for nested schema](#nestedatt--client))
+- `client_certificate` (Attributes) (see [below for nested schema](#nestedatt--client_certificate))
+- `custom_header_name` (String)
+- `custom_header_value` (String)
+- `directory` (Attributes) (see [below for nested schema](#nestedatt--directory))
+- `group` (Attributes) (see [below for nested schema](#nestedatt--group))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `system` (Attributes) (see [below for nested schema](#nestedatt--system))
+- `tls` (String)
+- `trusted_certificate` (Attributes) (see [below for nested schema](#nestedatt--trusted_certificate))
+- `types` (List of String)
+- `url` (String)
+- `verbose_payloads` (Boolean)
+
+<a id="nestedatt--account"></a>
+### Nested Schema for `account`
+
+Read-Only:
+
+- `display_name` (String)
+- `last_active` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--account--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--account--permissions))
+- `username` (String)
+- `uuid` (String)
+- `validity` (String)
+
+<a id="nestedatt--account--links"></a>
+### Nested Schema for `account.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--account--permissions"></a>
+### Nested Schema for `account.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--client"></a>
+### Nested Schema for `client`
+
+Read-Only:
+
+- `client_id` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--client--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--client--permissions))
+- `scopes` (List of String)
+- `sso_application` (Boolean)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--client--links"></a>
+### Nested Schema for `client.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--client--permissions"></a>
+### Nested Schema for `client.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--client_certificate"></a>
+### Nested Schema for `client_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--client_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--client_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--client_certificate--links"></a>
+### Nested Schema for `client_certificate.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--client_certificate--permissions"></a>
+### Nested Schema for `client_certificate.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--directory"></a>
+### Nested Schema for `directory`
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--directory--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--directory--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--directory--links"></a>
+### Nested Schema for `directory.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--directory--permissions"></a>
+### Nested Schema for `directory.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--group"></a>
+### Nested Schema for `group`
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--group--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--group--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--group--links"></a>
+### Nested Schema for `group.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--group--permissions"></a>
+### Nested Schema for `group.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--system"></a>
+### Nested Schema for `system`
+
+Read-Only:
+
+- `active` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--system--links))
+- `name` (String)
+- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--system--organizational_unit))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--system--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--system--links"></a>
+### Nested Schema for `system.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--system--organizational_unit"></a>
+### Nested Schema for `system.organizational_unit`
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--system--organizational_unit--links))
+- `name` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--system--organizational_unit--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--system--organizational_unit--links"></a>
+### Nested Schema for `system.organizational_unit.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--system--organizational_unit--permissions"></a>
+### Nested Schema for `system.organizational_unit.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--system--permissions"></a>
+### Nested Schema for `system.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--trusted_certificate"></a>
+### Nested Schema for `trusted_certificate`
+
+Read-Only:
+
+- `alias` (String)
+- `certificate_data` (List of String)
+- `expiration` (String)
+- `fingerprint_sha1` (String)
+- `fingerprint_sha256` (String)
+- `global` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--trusted_certificate--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--trusted_certificate--permissions))
+- `subject_dn` (String)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--trusted_certificate--links"></a>
+### Nested Schema for `trusted_certificate.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--trusted_certificate--permissions"></a>
+### Nested Schema for `trusted_certificate.permissions`
+
+Read-Only:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
diff --git a/docs/index.md b/docs/index.md
index 8eecef4..f0c9a53 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,12 +1,12 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "scaffolding-framework Provider"
+page_title: "keyhubpreview Provider"
 subcategory: ""
 description: |-
   
 ---
 
-# scaffolding-framework Provider
+# keyhubpreview Provider
 
 
 
@@ -23,4 +23,6 @@ provider "scaffolding" {
 
 ### Optional
 
-- `endpoint` (String) Example provider attribute
+- `clientid` (String)
+- `clientsecret` (String, Sensitive)
+- `issuer` (String)
diff --git a/docs/resources/client_vaultrecord.md b/docs/resources/client_vaultrecord.md
new file mode 100644
index 0000000..6836e0c
--- /dev/null
+++ b/docs/resources/client_vaultrecord.md
@@ -0,0 +1,184 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_client_vaultrecord Resource - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_client_vaultrecord (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `client_application_uuid` (String)
+- `name` (String)
+
+### Optional
+
+- `color` (String)
+- `delete_tile` (Boolean)
+- `end_date` (String)
+- `filename` (String)
+- `secret` (Attributes) (see [below for nested schema](#nestedatt--secret))
+- `tile` (Attributes) (see [below for nested schema](#nestedatt--tile))
+- `url` (String)
+- `username` (String)
+- `warning_period` (String)
+
+### Read-Only
+
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `derived` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `parent_uuid` (String)
+- `password_metadata` (Attributes) (see [below for nested schema](#nestedatt--password_metadata))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `share_end_time` (String)
+- `share_summary` (Attributes) (see [below for nested schema](#nestedatt--share_summary))
+- `shares` (Attributes List) (see [below for nested schema](#nestedatt--shares))
+- `types` (List of String)
+- `uuid` (String)
+- `vaultholder` (Attributes) (see [below for nested schema](#nestedatt--vaultholder))
+
+<a id="nestedatt--secret"></a>
+### Nested Schema for `secret`
+
+Optional:
+
+- `comment` (String)
+- `file` (String)
+- `password` (String)
+- `totp` (String)
+- `write_totp` (Boolean)
+
+
+<a id="nestedatt--tile"></a>
+### Nested Schema for `tile`
+
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Optional:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--password_metadata"></a>
+### Nested Schema for `password_metadata`
+
+Optional:
+
+- `dictionary` (Boolean)
+- `duplicate` (Boolean)
+- `hash` (String)
+- `length` (Number)
+- `lower_count` (Number)
+- `number_count` (Number)
+- `special_count` (Number)
+- `strength` (Number)
+- `upper_count` (Number)
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--share_summary"></a>
+### Nested Schema for `share_summary`
+
+Optional:
+
+- `children` (Attributes List) (see [below for nested schema](#nestedatt--share_summary--children))
+- `parent` (Attributes) (see [below for nested schema](#nestedatt--share_summary--parent))
+
+<a id="nestedatt--share_summary--children"></a>
+### Nested Schema for `share_summary.children`
+
+Optional:
+
+- `name` (String)
+- `type` (String)
+
+
+<a id="nestedatt--share_summary--parent"></a>
+### Nested Schema for `share_summary.parent`
+
+Optional:
+
+- `name` (String)
+- `type` (String)
+
+
+
+<a id="nestedatt--shares"></a>
+### Nested Schema for `shares`
+
+Required:
+
+- `name` (String)
+
+Optional:
+
+- `color` (String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--shares--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--shares--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--shares--links"></a>
+### Nested Schema for `shares.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--shares--permissions"></a>
+### Nested Schema for `shares.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--vaultholder"></a>
+### Nested Schema for `vaultholder`
diff --git a/docs/resources/clientapplication.md b/docs/resources/clientapplication.md
new file mode 100644
index 0000000..9e4f42c
--- /dev/null
+++ b/docs/resources/clientapplication.md
@@ -0,0 +1,293 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_clientapplication Resource - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_clientapplication (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String)
+
+### Optional
+
+- `client_id` (String)
+- `delete_tile` (Boolean)
+- `groupclients` (Attributes List) (see [below for nested schema](#nestedatt--groupclients))
+- `ldap_client` (Attributes) (see [below for nested schema](#nestedatt--ldap_client))
+- `o_auth2_client` (Attributes) (see [below for nested schema](#nestedatt--o_auth2_client))
+- `owner_uuid` (String)
+- `saml2_client` (Attributes) (see [below for nested schema](#nestedatt--saml2_client))
+- `scopes` (List of String)
+- `secret` (Attributes) (see [below for nested schema](#nestedatt--secret))
+- `technical_administrator_uuid` (String)
+- `tile` (Attributes) (see [below for nested schema](#nestedatt--tile))
+
+### Read-Only
+
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `groups` (Attributes List) (see [below for nested schema](#nestedatt--groups))
+- `last_modified_at` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `sso_application` (Boolean)
+- `type` (String)
+- `uuid` (String)
+- `vault_record_count` (Number)
+
+<a id="nestedatt--groupclients"></a>
+### Nested Schema for `groupclients`
+
+Optional:
+
+- `activation_required` (Boolean)
+
+Read-Only:
+
+- `client_uuid` (String)
+- `group_uuid` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groupclients--links))
+- `owner_uuid` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groupclients--permissions))
+- `technical_administrator_uuid` (String)
+
+<a id="nestedatt--groupclients--links"></a>
+### Nested Schema for `groupclients.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groupclients--permissions"></a>
+### Nested Schema for `groupclients.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--ldap_client"></a>
+### Nested Schema for `ldap_client`
+
+Optional:
+
+- `client_certificate_uuid` (String)
+- `share_secret_in_vault` (Boolean)
+
+Read-Only:
+
+- `bind_dn` (String)
+- `shared_secret_uuid` (String)
+- `used_for_provisioning` (Boolean)
+
+
+<a id="nestedatt--o_auth2_client"></a>
+### Nested Schema for `o_auth2_client`
+
+Optional:
+
+- `attributes` (Map of String)
+- `callback_uri` (String)
+- `confidential` (Boolean)
+- `debug_mode` (Boolean)
+- `id_token_claims` (String)
+- `initiate_login_uri` (String)
+- `resource_uris` (String)
+- `share_secret_in_vault` (Boolean)
+- `show_landing_page` (Boolean)
+- `use_client_credentials` (Boolean)
+
+Read-Only:
+
+- `account_permissions` (Attributes List) (see [below for nested schema](#nestedatt--o_auth2_client--account_permissions))
+- `shared_secret_uuid` (String)
+
+<a id="nestedatt--o_auth2_client--account_permissions"></a>
+### Nested Schema for `o_auth2_client.account_permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--saml2_client"></a>
+### Nested Schema for `saml2_client`
+
+Required:
+
+- `subject_format` (String)
+
+Optional:
+
+- `attributes` (Map of String)
+- `metadata` (String)
+- `metadata_url` (String)
+
+
+<a id="nestedatt--secret"></a>
+### Nested Schema for `secret`
+
+Optional:
+
+- `generated_secret` (String)
+- `old_secret` (String)
+- `regenerate` (Boolean)
+
+
+<a id="nestedatt--tile"></a>
+### Nested Schema for `tile`
+
+Optional:
+
+- `uri` (String)
+
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Optional:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--groups"></a>
+### Nested Schema for `groups`
+
+Required:
+
+- `name` (String)
+
+Optional:
+
+- `application_administration` (Boolean)
+- `audit_config` (Attributes) (see [below for nested schema](#nestedatt--groups--audit_config))
+- `authorizing_group_auditing_uuid` (String)
+- `authorizing_group_delegation_uuid` (String)
+- `authorizing_group_membership_uuid` (String)
+- `authorizing_group_provisioning_uuid` (String)
+- `classification_uuid` (String)
+- `description` (String)
+- `extended_access` (String)
+- `hide_audit_trail` (Boolean)
+- `nested_under_uuid` (String)
+- `organizational_unit_uuid` (String)
+- `private_group` (Boolean)
+- `record_trail` (Boolean)
+- `rotating_password_required` (Boolean)
+- `single_managed` (Boolean)
+- `vault_recovery` (String)
+- `vault_requires_activation` (Boolean)
+
+Read-Only:
+
+- `admin` (Boolean)
+- `audit_requested` (Boolean)
+- `auditor` (Boolean)
+- `authorizing_group_types` (List of String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--groups--audit_config"></a>
+### Nested Schema for `groups.audit_config`
+
+Optional:
+
+- `months` (List of String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--audit_config--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--audit_config--permissions))
+
+<a id="nestedatt--groups--audit_config--links"></a>
+### Nested Schema for `groups.audit_config.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--audit_config--permissions"></a>
+### Nested Schema for `groups.audit_config.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groups--links"></a>
+### Nested Schema for `groups.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--permissions"></a>
+### Nested Schema for `groups.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
diff --git a/docs/resources/group.md b/docs/resources/group.md
new file mode 100644
index 0000000..d380cda
--- /dev/null
+++ b/docs/resources/group.md
@@ -0,0 +1,1893 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_group Resource - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_group (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String)
+
+### Optional
+
+- `accounts` (Attributes List) (see [below for nested schema](#nestedatt--accounts))
+- `admins` (Attributes List, Deprecated) (see [below for nested schema](#nestedatt--admins))
+- `application_administration` (Boolean)
+- `audit_config` (Attributes) (see [below for nested schema](#nestedatt--audit_config))
+- `authorizing_group_auditing_uuid` (String)
+- `authorizing_group_delegation_uuid` (String)
+- `authorizing_group_membership_uuid` (String)
+- `authorizing_group_provisioning_uuid` (String)
+- `classification_uuid` (String)
+- `client_permissions` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions))
+- `description` (String)
+- `extended_access` (String)
+- `hide_audit_trail` (Boolean)
+- `nested_under_uuid` (String)
+- `organizational_unit_uuid` (String)
+- `private_group` (Boolean)
+- `record_trail` (Boolean)
+- `rotating_password_required` (Boolean)
+- `single_managed` (Boolean)
+- `vault_recovery` (String)
+- `vault_requires_activation` (Boolean)
+
+### Read-Only
+
+- `admin` (Boolean)
+- `administered_clients` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients))
+- `administered_systems` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems))
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `audit_requested` (Boolean)
+- `auditor` (Boolean)
+- `authorized_groups` (Attributes) (see [below for nested schema](#nestedatt--authorized_groups))
+- `authorizing_group_types` (List of String)
+- `clients` (Attributes List) (see [below for nested schema](#nestedatt--clients))
+- `content_administered_systems` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems))
+- `groupauditinginfo` (Attributes) (see [below for nested schema](#nestedatt--groupauditinginfo))
+- `groupinfo` (Attributes) (see [below for nested schema](#nestedatt--groupinfo))
+- `helpdesk` (Attributes List) (see [below for nested schema](#nestedatt--helpdesk))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `markers` (Attributes) (see [below for nested schema](#nestedatt--markers))
+- `myaccount` (Attributes) (see [below for nested schema](#nestedatt--myaccount))
+- `mydelegatedaccount` (Attributes) (see [below for nested schema](#nestedatt--mydelegatedaccount))
+- `nested_groups` (Attributes List) (see [below for nested schema](#nestedatt--nested_groups))
+- `owned_clients` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients))
+- `owned_directories` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories))
+- `owned_groups_on_system` (Attributes) (see [below for nested schema](#nestedatt--owned_groups_on_system))
+- `owned_organizational_units` (Attributes List) (see [below for nested schema](#nestedatt--owned_organizational_units))
+- `owned_systems` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `recent_audits` (Attributes List) (see [below for nested schema](#nestedatt--recent_audits))
+- `requeststatus` (String)
+- `service_accounts` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts))
+- `systems` (Attributes List) (see [below for nested schema](#nestedatt--systems))
+- `uuid` (String)
+- `vault` (Attributes) (see [below for nested schema](#nestedatt--vault))
+- `webhooks` (Attributes List) (see [below for nested schema](#nestedatt--webhooks))
+
+<a id="nestedatt--accounts"></a>
+### Nested Schema for `accounts`
+
+Required:
+
+- `rights` (String)
+- `uuid` (String)
+
+Optional:
+
+- `end_date` (String)
+
+Read-Only:
+
+- `directory_uuid` (String)
+- `disconnected_nested` (Boolean)
+- `last_used` (String)
+- `nested` (Boolean)
+- `provisioning_end_time` (String)
+- `two_factor_status` (String)
+- `visible_for_provisioning` (Boolean)
+
+
+<a id="nestedatt--admins"></a>
+### Nested Schema for `admins`
+
+Required:
+
+- `rights` (String)
+- `uuid` (String)
+
+Optional:
+
+- `end_date` (String)
+
+Read-Only:
+
+- `directory_uuid` (String)
+- `disconnected_nested` (Boolean)
+- `last_used` (String)
+- `nested` (Boolean)
+- `provisioning_end_time` (String)
+- `two_factor_status` (String)
+- `visible_for_provisioning` (Boolean)
+
+
+<a id="nestedatt--audit_config"></a>
+### Nested Schema for `audit_config`
+
+Optional:
+
+- `months` (List of String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--audit_config--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--audit_config--permissions))
+
+<a id="nestedatt--audit_config--links"></a>
+### Nested Schema for `audit_config.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--audit_config--permissions"></a>
+### Nested Schema for `audit_config.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--client_permissions"></a>
+### Nested Schema for `client_permissions`
+
+Required:
+
+- `value` (String)
+
+Optional:
+
+- `client_uuid` (String)
+- `for_group_uuid` (String)
+- `for_system_uuid` (String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--client_permissions--permissions))
+
+<a id="nestedatt--client_permissions--links"></a>
+### Nested Schema for `client_permissions.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--client_permissions--permissions"></a>
+### Nested Schema for `client_permissions.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--administered_clients"></a>
+### Nested Schema for `administered_clients`
+
+Required:
+
+- `name` (String)
+
+Optional:
+
+- `client_id` (String)
+- `ldap_client` (Attributes) (see [below for nested schema](#nestedatt--administered_clients--ldap_client))
+- `o_auth2_client` (Attributes) (see [below for nested schema](#nestedatt--administered_clients--o_auth2_client))
+- `owner_uuid` (String)
+- `saml2_client` (Attributes) (see [below for nested schema](#nestedatt--administered_clients--saml2_client))
+- `scopes` (List of String)
+- `technical_administrator_uuid` (String)
+
+Read-Only:
+
+- `last_modified_at` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--permissions))
+- `sso_application` (Boolean)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_clients--ldap_client"></a>
+### Nested Schema for `administered_clients.ldap_client`
+
+Optional:
+
+- `client_certificate_uuid` (String)
+- `share_secret_in_vault` (Boolean)
+
+Read-Only:
+
+- `bind_dn` (String)
+- `shared_secret_uuid` (String)
+- `used_for_provisioning` (Boolean)
+
+
+<a id="nestedatt--administered_clients--o_auth2_client"></a>
+### Nested Schema for `administered_clients.o_auth2_client`
+
+Optional:
+
+- `attributes` (Map of String)
+- `callback_uri` (String)
+- `confidential` (Boolean)
+- `debug_mode` (Boolean)
+- `id_token_claims` (String)
+- `initiate_login_uri` (String)
+- `resource_uris` (String)
+- `share_secret_in_vault` (Boolean)
+- `show_landing_page` (Boolean)
+- `use_client_credentials` (Boolean)
+
+Read-Only:
+
+- `account_permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_clients--o_auth2_client--account_permissions))
+- `shared_secret_uuid` (String)
+
+<a id="nestedatt--administered_clients--o_auth2_client--account_permissions"></a>
+### Nested Schema for `administered_clients.o_auth2_client.account_permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--administered_clients--saml2_client"></a>
+### Nested Schema for `administered_clients.saml2_client`
+
+Required:
+
+- `subject_format` (String)
+
+Optional:
+
+- `attributes` (Map of String)
+- `metadata` (String)
+- `metadata_url` (String)
+
+
+<a id="nestedatt--administered_clients--links"></a>
+### Nested Schema for `administered_clients.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_clients--permissions"></a>
+### Nested Schema for `administered_clients.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--administered_systems"></a>
+### Nested Schema for `administered_systems`
+
+Required:
+
+- `content_administrator_uuid` (String)
+- `name` (String)
+- `owner_uuid` (String)
+- `technical_administrator_uuid` (String)
+
+Optional:
+
+- `abstract_provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--abstract_provisioned_ldap))
+- `active` (Boolean)
+- `organizational_unit_uuid` (String)
+- `provisioned_a_d` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_a_d))
+- `provisioned_azure_oidc_directory` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_azure_oidc_directory))
+- `provisioned_azure_sync_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_azure_sync_ldap_directory))
+- `provisioned_azure_tenant` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_azure_tenant))
+- `provisioned_internal_ldap` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_internal_ldap))
+- `provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap))
+- `provisioned_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap_directory))
+- `self_service_existing_groups` (Boolean)
+- `self_service_new_groups` (Boolean)
+- `self_service_service_accounts` (Boolean)
+- `should_destroy_unknown_accounts` (Boolean)
+- `username_prefix` (String)
+
+Read-Only:
+
+- `account_count` (Number)
+- `external_uuid` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--administered_systems--abstract_provisioned_ldap"></a>
+### Nested Schema for `administered_systems.abstract_provisioned_ldap`
+
+Required:
+
+- `base_dn` (String)
+- `host` (String)
+- `tls` (String)
+
+Optional:
+
+- `attributes` (Map of String)
+- `bind_dn` (String)
+- `bind_password` (String)
+- `client_certificate_uuid` (String)
+- `failover_host` (String)
+- `failover_trusted_certificate_uuid` (String)
+- `group_dn` (String)
+- `object_classes` (String)
+- `port` (Number)
+- `service_account_dn` (String)
+- `ssh_public_key_supported` (Boolean)
+- `trusted_certificate_uuid` (String)
+- `user_dn` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_a_d"></a>
+### Nested Schema for `administered_systems.provisioned_a_d`
+
+Required:
+
+- `sam_account_name_scheme` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_azure_oidc_directory"></a>
+### Nested Schema for `administered_systems.provisioned_azure_oidc_directory`
+
+Required:
+
+- `directory_uuid` (String)
+- `tenant` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_azure_sync_ldap_directory"></a>
+### Nested Schema for `administered_systems.provisioned_azure_sync_ldap_directory`
+
+Required:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `directory_uuid` (String)
+- `tenant` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_azure_tenant"></a>
+### Nested Schema for `administered_systems.provisioned_azure_tenant`
+
+Required:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `tenant` (String)
+
+Optional:
+
+- `idp_domain` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_internal_ldap"></a>
+### Nested Schema for `administered_systems.provisioned_internal_ldap`
+
+Optional:
+
+- `client_uuid` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_ldap"></a>
+### Nested Schema for `administered_systems.provisioned_ldap`
+
+Required:
+
+- `hashing_scheme` (String)
+- `numbering` (Attributes) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap--numbering))
+
+Optional:
+
+- `gid` (Number)
+
+<a id="nestedatt--administered_systems--provisioned_ldap--numbering"></a>
+### Nested Schema for `administered_systems.provisioned_ldap.numbering`
+
+Required:
+
+- `name` (String)
+
+Optional:
+
+- `next_uid` (Number)
+
+Read-Only:
+
+- `account_count` (Number)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap--numbering--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--administered_systems--provisioned_ldap--numbering--permissions))
+
+<a id="nestedatt--administered_systems--provisioned_ldap--numbering--links"></a>
+### Nested Schema for `administered_systems.provisioned_ldap.numbering.permissions`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--provisioned_ldap--numbering--permissions"></a>
+### Nested Schema for `administered_systems.provisioned_ldap.numbering.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--administered_systems--provisioned_ldap_directory"></a>
+### Nested Schema for `administered_systems.provisioned_ldap_directory`
+
+Required:
+
+- `directory_uuid` (String)
+- `group_dn` (String)
+
+
+<a id="nestedatt--administered_systems--links"></a>
+### Nested Schema for `administered_systems.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--administered_systems--permissions"></a>
+### Nested Schema for `administered_systems.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Optional:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--authorized_groups"></a>
+### Nested Schema for `authorized_groups`
+
+Optional:
+
+- `group_count` (Number)
+- `items` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items))
+
+<a id="nestedatt--authorized_groups--items"></a>
+### Nested Schema for `authorized_groups.items`
+
+Required:
+
+- `name` (String)
+
+Optional:
+
+- `application_administration` (Boolean)
+- `audit_config` (Attributes) (see [below for nested schema](#nestedatt--authorized_groups--items--audit_config))
+- `authorizing_group_auditing_uuid` (String)
+- `authorizing_group_delegation_uuid` (String)
+- `authorizing_group_membership_uuid` (String)
+- `authorizing_group_provisioning_uuid` (String)
+- `classification_uuid` (String)
+- `description` (String)
+- `extended_access` (String)
+- `hide_audit_trail` (Boolean)
+- `nested_under_uuid` (String)
+- `organizational_unit_uuid` (String)
+- `private_group` (Boolean)
+- `record_trail` (Boolean)
+- `rotating_password_required` (Boolean)
+- `single_managed` (Boolean)
+- `vault_recovery` (String)
+- `vault_requires_activation` (Boolean)
+
+Read-Only:
+
+- `admin` (Boolean)
+- `audit_requested` (Boolean)
+- `auditor` (Boolean)
+- `authorizing_group_types` (List of String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--authorized_groups--items--audit_config"></a>
+### Nested Schema for `authorized_groups.items.audit_config`
+
+Optional:
+
+- `months` (List of String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--audit_config--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--authorized_groups--items--audit_config--permissions))
+
+<a id="nestedatt--authorized_groups--items--audit_config--links"></a>
+### Nested Schema for `authorized_groups.items.audit_config.permissions`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorized_groups--items--audit_config--permissions"></a>
+### Nested Schema for `authorized_groups.items.audit_config.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--authorized_groups--items--links"></a>
+### Nested Schema for `authorized_groups.items.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--authorized_groups--items--permissions"></a>
+### Nested Schema for `authorized_groups.items.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--clients"></a>
+### Nested Schema for `clients`
+
+Optional:
+
+- `activation_required` (Boolean)
+
+Read-Only:
+
+- `client_uuid` (String)
+- `group_uuid` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--clients--links))
+- `owner_uuid` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--clients--permissions))
+- `technical_administrator_uuid` (String)
+
+<a id="nestedatt--clients--links"></a>
+### Nested Schema for `clients.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--clients--permissions"></a>
+### Nested Schema for `clients.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--content_administered_systems"></a>
+### Nested Schema for `content_administered_systems`
+
+Required:
+
+- `content_administrator_uuid` (String)
+- `name` (String)
+- `owner_uuid` (String)
+- `technical_administrator_uuid` (String)
+
+Optional:
+
+- `abstract_provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--abstract_provisioned_ldap))
+- `active` (Boolean)
+- `organizational_unit_uuid` (String)
+- `provisioned_a_d` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_a_d))
+- `provisioned_azure_oidc_directory` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_azure_oidc_directory))
+- `provisioned_azure_sync_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_azure_sync_ldap_directory))
+- `provisioned_azure_tenant` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_azure_tenant))
+- `provisioned_internal_ldap` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_internal_ldap))
+- `provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap))
+- `provisioned_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap_directory))
+- `self_service_existing_groups` (Boolean)
+- `self_service_new_groups` (Boolean)
+- `self_service_service_accounts` (Boolean)
+- `should_destroy_unknown_accounts` (Boolean)
+- `username_prefix` (String)
+
+Read-Only:
+
+- `account_count` (Number)
+- `external_uuid` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--content_administered_systems--abstract_provisioned_ldap"></a>
+### Nested Schema for `content_administered_systems.abstract_provisioned_ldap`
+
+Required:
+
+- `base_dn` (String)
+- `host` (String)
+- `tls` (String)
+
+Optional:
+
+- `attributes` (Map of String)
+- `bind_dn` (String)
+- `bind_password` (String)
+- `client_certificate_uuid` (String)
+- `failover_host` (String)
+- `failover_trusted_certificate_uuid` (String)
+- `group_dn` (String)
+- `object_classes` (String)
+- `port` (Number)
+- `service_account_dn` (String)
+- `ssh_public_key_supported` (Boolean)
+- `trusted_certificate_uuid` (String)
+- `user_dn` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_a_d"></a>
+### Nested Schema for `content_administered_systems.provisioned_a_d`
+
+Required:
+
+- `sam_account_name_scheme` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_azure_oidc_directory"></a>
+### Nested Schema for `content_administered_systems.provisioned_azure_oidc_directory`
+
+Required:
+
+- `directory_uuid` (String)
+- `tenant` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_azure_sync_ldap_directory"></a>
+### Nested Schema for `content_administered_systems.provisioned_azure_sync_ldap_directory`
+
+Required:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `directory_uuid` (String)
+- `tenant` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_azure_tenant"></a>
+### Nested Schema for `content_administered_systems.provisioned_azure_tenant`
+
+Required:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `tenant` (String)
+
+Optional:
+
+- `idp_domain` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_internal_ldap"></a>
+### Nested Schema for `content_administered_systems.provisioned_internal_ldap`
+
+Optional:
+
+- `client_uuid` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap`
+
+Required:
+
+- `hashing_scheme` (String)
+- `numbering` (Attributes) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap--numbering))
+
+Optional:
+
+- `gid` (Number)
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap--numbering"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap.numbering`
+
+Required:
+
+- `name` (String)
+
+Optional:
+
+- `next_uid` (Number)
+
+Read-Only:
+
+- `account_count` (Number)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap--numbering--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--content_administered_systems--provisioned_ldap--numbering--permissions))
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap--numbering--links"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap.numbering.permissions`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap--numbering--permissions"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap.numbering.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--content_administered_systems--provisioned_ldap_directory"></a>
+### Nested Schema for `content_administered_systems.provisioned_ldap_directory`
+
+Required:
+
+- `directory_uuid` (String)
+- `group_dn` (String)
+
+
+<a id="nestedatt--content_administered_systems--links"></a>
+### Nested Schema for `content_administered_systems.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--content_administered_systems--permissions"></a>
+### Nested Schema for `content_administered_systems.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--groupauditinginfo"></a>
+### Nested Schema for `groupauditinginfo`
+
+Optional:
+
+- `audit_due_date` (String)
+- `last_audit_date` (String)
+- `nr_accounts` (Number)
+- `nr_disabled_accounts` (Number)
+- `nr_disabled_managers` (Number)
+- `nr_expired_vault_records` (Number)
+- `nr_managers` (Number)
+- `nr_vault_records_with_end_date` (Number)
+
+
+<a id="nestedatt--groupinfo"></a>
+### Nested Schema for `groupinfo`
+
+Optional:
+
+- `nr_accounts` (Number)
+- `nr_accounts_with_vault` (Number)
+- `nr_audits` (Number)
+- `nr_clients` (Number)
+- `nr_provisioned_systems` (Number)
+- `nr_vault_records` (Number)
+
+
+<a id="nestedatt--helpdesk"></a>
+### Nested Schema for `helpdesk`
+
+Optional:
+
+- `domain_restriction` (String)
+- `fully_resolved_issuer` (String)
+- `name` (String)
+- `status` (Attributes) (see [below for nested schema](#nestedatt--helpdesk--status))
+- `type` (String)
+- `username_customizable` (Boolean)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--helpdesk--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--helpdesk--permissions))
+
+<a id="nestedatt--helpdesk--status"></a>
+### Nested Schema for `helpdesk.status`
+
+Optional:
+
+- `accounts` (Number)
+- `reason` (String)
+- `status` (String)
+
+
+<a id="nestedatt--helpdesk--links"></a>
+### Nested Schema for `helpdesk.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--helpdesk--permissions"></a>
+### Nested Schema for `helpdesk.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--markers"></a>
+### Nested Schema for `markers`
+
+Optional:
+
+- `markers` (Attributes List) (see [below for nested schema](#nestedatt--markers--markers))
+
+<a id="nestedatt--markers--markers"></a>
+### Nested Schema for `markers.markers`
+
+Optional:
+
+- `level` (String)
+- `parameters` (Map of String)
+- `type` (String)
+
+
+
+<a id="nestedatt--myaccount"></a>
+### Nested Schema for `myaccount`
+
+Required:
+
+- `rights` (String)
+- `uuid` (String)
+
+Optional:
+
+- `end_date` (String)
+
+Read-Only:
+
+- `directory_uuid` (String)
+- `disconnected_nested` (Boolean)
+- `last_used` (String)
+- `nested` (Boolean)
+- `provisioning_end_time` (String)
+- `two_factor_status` (String)
+- `visible_for_provisioning` (Boolean)
+
+
+<a id="nestedatt--mydelegatedaccount"></a>
+### Nested Schema for `mydelegatedaccount`
+
+Required:
+
+- `rights` (String)
+- `uuid` (String)
+
+Optional:
+
+- `end_date` (String)
+
+Read-Only:
+
+- `directory_uuid` (String)
+- `disconnected_nested` (Boolean)
+- `last_used` (String)
+- `nested` (Boolean)
+- `provisioning_end_time` (String)
+- `two_factor_status` (String)
+- `visible_for_provisioning` (Boolean)
+
+
+<a id="nestedatt--nested_groups"></a>
+### Nested Schema for `nested_groups`
+
+Required:
+
+- `name` (String)
+
+Read-Only:
+
+- `admin` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--nested_groups--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--nested_groups--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--nested_groups--links"></a>
+### Nested Schema for `nested_groups.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--nested_groups--permissions"></a>
+### Nested Schema for `nested_groups.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_clients"></a>
+### Nested Schema for `owned_clients`
+
+Required:
+
+- `name` (String)
+
+Optional:
+
+- `client_id` (String)
+- `ldap_client` (Attributes) (see [below for nested schema](#nestedatt--owned_clients--ldap_client))
+- `o_auth2_client` (Attributes) (see [below for nested schema](#nestedatt--owned_clients--o_auth2_client))
+- `owner_uuid` (String)
+- `saml2_client` (Attributes) (see [below for nested schema](#nestedatt--owned_clients--saml2_client))
+- `scopes` (List of String)
+- `technical_administrator_uuid` (String)
+
+Read-Only:
+
+- `last_modified_at` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--permissions))
+- `sso_application` (Boolean)
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_clients--ldap_client"></a>
+### Nested Schema for `owned_clients.ldap_client`
+
+Optional:
+
+- `client_certificate_uuid` (String)
+- `share_secret_in_vault` (Boolean)
+
+Read-Only:
+
+- `bind_dn` (String)
+- `shared_secret_uuid` (String)
+- `used_for_provisioning` (Boolean)
+
+
+<a id="nestedatt--owned_clients--o_auth2_client"></a>
+### Nested Schema for `owned_clients.o_auth2_client`
+
+Optional:
+
+- `attributes` (Map of String)
+- `callback_uri` (String)
+- `confidential` (Boolean)
+- `debug_mode` (Boolean)
+- `id_token_claims` (String)
+- `initiate_login_uri` (String)
+- `resource_uris` (String)
+- `share_secret_in_vault` (Boolean)
+- `show_landing_page` (Boolean)
+- `use_client_credentials` (Boolean)
+
+Read-Only:
+
+- `account_permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_clients--o_auth2_client--account_permissions))
+- `shared_secret_uuid` (String)
+
+<a id="nestedatt--owned_clients--o_auth2_client--account_permissions"></a>
+### Nested Schema for `owned_clients.o_auth2_client.account_permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_clients--saml2_client"></a>
+### Nested Schema for `owned_clients.saml2_client`
+
+Required:
+
+- `subject_format` (String)
+
+Optional:
+
+- `attributes` (Map of String)
+- `metadata` (String)
+- `metadata_url` (String)
+
+
+<a id="nestedatt--owned_clients--links"></a>
+### Nested Schema for `owned_clients.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_clients--permissions"></a>
+### Nested Schema for `owned_clients.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_directories"></a>
+### Nested Schema for `owned_directories`
+
+Required:
+
+- `base_organizational_unit_uuid` (String)
+- `name` (String)
+- `rotating_password` (String)
+
+Optional:
+
+- `active` (Boolean)
+- `default_directory` (Boolean)
+- `helpdesk_group_uuid` (String)
+- `internal_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--internal_directory))
+- `l_d_a_p_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--l_d_a_p_directory))
+- `maintenance_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--maintenance_directory))
+- `o_id_c_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_directories--o_id_c_directory))
+- `restrict2fa` (Boolean)
+- `username_customizable` (Boolean)
+
+Read-Only:
+
+- `account_validity_supported` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_directories--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_directories--internal_directory"></a>
+### Nested Schema for `owned_directories.internal_directory`
+
+Required:
+
+- `owner_uuid` (String)
+
+
+<a id="nestedatt--owned_directories--l_d_a_p_directory"></a>
+### Nested Schema for `owned_directories.l_d_a_p_directory`
+
+Required:
+
+- `base_dn` (String)
+- `host` (String)
+- `password_recovery` (String)
+- `tls` (String)
+
+Optional:
+
+- `attributes_to_store` (String)
+- `client_certificate_uuid` (String)
+- `dialect` (String)
+- `failover_host` (String)
+- `failover_trusted_certificate_uuid` (String)
+- `port` (Number)
+- `search_bind_dn` (String)
+- `search_bind_password` (String)
+- `search_filter` (String)
+- `trusted_certificate_uuid` (String)
+
+
+<a id="nestedatt--owned_directories--maintenance_directory"></a>
+### Nested Schema for `owned_directories.maintenance_directory`
+
+
+<a id="nestedatt--owned_directories--o_id_c_directory"></a>
+### Nested Schema for `owned_directories.o_id_c_directory`
+
+Required:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `issuer` (String)
+- `vendor_escaped` (String)
+
+Optional:
+
+- `acr_values` (String)
+- `attributes_to_store` (String)
+- `domain_restriction` (String)
+- `enforces2fa` (Boolean)
+- `logout_url` (String)
+- `send_login_hint` (Boolean)
+
+Read-Only:
+
+- `fully_resolved_issuer` (String)
+
+
+<a id="nestedatt--owned_directories--links"></a>
+### Nested Schema for `owned_directories.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_directories--permissions"></a>
+### Nested Schema for `owned_directories.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_groups_on_system"></a>
+### Nested Schema for `owned_groups_on_system`
+
+Optional:
+
+- `items` (Attributes List) (see [below for nested schema](#nestedatt--owned_groups_on_system--items))
+- `unlinked_count` (Number)
+
+<a id="nestedatt--owned_groups_on_system--items"></a>
+### Nested Schema for `owned_groups_on_system.items`
+
+Required:
+
+- `name_in_system` (String)
+- `owner_uuid` (String)
+- `type` (String)
+
+Optional:
+
+- `display_name` (String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_groups_on_system--items--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_groups_on_system--items--permissions))
+- `short_name_in_system` (String)
+
+<a id="nestedatt--owned_groups_on_system--items--links"></a>
+### Nested Schema for `owned_groups_on_system.items.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_groups_on_system--items--permissions"></a>
+### Nested Schema for `owned_groups_on_system.items.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_organizational_units"></a>
+### Nested Schema for `owned_organizational_units`
+
+Required:
+
+- `name` (String)
+- `owner_uuid` (String)
+
+Optional:
+
+- `description` (String)
+
+Read-Only:
+
+- `depth` (Number)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_organizational_units--links))
+- `parent_uuid` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_organizational_units--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--owned_organizational_units--links"></a>
+### Nested Schema for `owned_organizational_units.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_organizational_units--permissions"></a>
+### Nested Schema for `owned_organizational_units.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--owned_systems"></a>
+### Nested Schema for `owned_systems`
+
+Required:
+
+- `content_administrator_uuid` (String)
+- `name` (String)
+- `owner_uuid` (String)
+- `technical_administrator_uuid` (String)
+
+Optional:
+
+- `abstract_provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--abstract_provisioned_ldap))
+- `active` (Boolean)
+- `organizational_unit_uuid` (String)
+- `provisioned_a_d` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_a_d))
+- `provisioned_azure_oidc_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_azure_oidc_directory))
+- `provisioned_azure_sync_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_azure_sync_ldap_directory))
+- `provisioned_azure_tenant` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_azure_tenant))
+- `provisioned_internal_ldap` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_internal_ldap))
+- `provisioned_ldap` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap))
+- `provisioned_ldap_directory` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap_directory))
+- `self_service_existing_groups` (Boolean)
+- `self_service_new_groups` (Boolean)
+- `self_service_service_accounts` (Boolean)
+- `should_destroy_unknown_accounts` (Boolean)
+- `username_prefix` (String)
+
+Read-Only:
+
+- `account_count` (Number)
+- `external_uuid` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--permissions))
+- `type` (String)
+- `uuid` (String)
+
+<a id="nestedatt--owned_systems--abstract_provisioned_ldap"></a>
+### Nested Schema for `owned_systems.abstract_provisioned_ldap`
+
+Required:
+
+- `base_dn` (String)
+- `host` (String)
+- `tls` (String)
+
+Optional:
+
+- `attributes` (Map of String)
+- `bind_dn` (String)
+- `bind_password` (String)
+- `client_certificate_uuid` (String)
+- `failover_host` (String)
+- `failover_trusted_certificate_uuid` (String)
+- `group_dn` (String)
+- `object_classes` (String)
+- `port` (Number)
+- `service_account_dn` (String)
+- `ssh_public_key_supported` (Boolean)
+- `trusted_certificate_uuid` (String)
+- `user_dn` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_a_d"></a>
+### Nested Schema for `owned_systems.provisioned_a_d`
+
+Required:
+
+- `sam_account_name_scheme` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_azure_oidc_directory"></a>
+### Nested Schema for `owned_systems.provisioned_azure_oidc_directory`
+
+Required:
+
+- `directory_uuid` (String)
+- `tenant` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_azure_sync_ldap_directory"></a>
+### Nested Schema for `owned_systems.provisioned_azure_sync_ldap_directory`
+
+Required:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `directory_uuid` (String)
+- `tenant` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_azure_tenant"></a>
+### Nested Schema for `owned_systems.provisioned_azure_tenant`
+
+Required:
+
+- `client_id` (String)
+- `client_secret` (String)
+- `tenant` (String)
+
+Optional:
+
+- `idp_domain` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_internal_ldap"></a>
+### Nested Schema for `owned_systems.provisioned_internal_ldap`
+
+Optional:
+
+- `client_uuid` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_ldap"></a>
+### Nested Schema for `owned_systems.provisioned_ldap`
+
+Required:
+
+- `hashing_scheme` (String)
+- `numbering` (Attributes) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap--numbering))
+
+Optional:
+
+- `gid` (Number)
+
+<a id="nestedatt--owned_systems--provisioned_ldap--numbering"></a>
+### Nested Schema for `owned_systems.provisioned_ldap.numbering`
+
+Required:
+
+- `name` (String)
+
+Optional:
+
+- `next_uid` (Number)
+
+Read-Only:
+
+- `account_count` (Number)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap--numbering--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--owned_systems--provisioned_ldap--numbering--permissions))
+
+<a id="nestedatt--owned_systems--provisioned_ldap--numbering--links"></a>
+### Nested Schema for `owned_systems.provisioned_ldap.numbering.permissions`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--provisioned_ldap--numbering--permissions"></a>
+### Nested Schema for `owned_systems.provisioned_ldap.numbering.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+
+<a id="nestedatt--owned_systems--provisioned_ldap_directory"></a>
+### Nested Schema for `owned_systems.provisioned_ldap_directory`
+
+Required:
+
+- `directory_uuid` (String)
+- `group_dn` (String)
+
+
+<a id="nestedatt--owned_systems--links"></a>
+### Nested Schema for `owned_systems.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--owned_systems--permissions"></a>
+### Nested Schema for `owned_systems.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--recent_audits"></a>
+### Nested Schema for `recent_audits`
+
+Required:
+
+- `status` (String)
+
+Optional:
+
+- `accounts` (Attributes List) (see [below for nested schema](#nestedatt--recent_audits--accounts))
+- `comment` (String)
+
+Read-Only:
+
+- `created_at` (String)
+- `created_by` (String)
+- `group_name` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--recent_audits--links))
+- `name_on_audit` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--recent_audits--permissions))
+- `reviewed_at` (String)
+- `reviewed_by` (String)
+- `submitted_at` (String)
+- `submitted_by` (String)
+
+<a id="nestedatt--recent_audits--accounts"></a>
+### Nested Schema for `recent_audits.accounts`
+
+Optional:
+
+- `account_uuid` (String)
+- `action` (String)
+- `comment` (String)
+
+Read-Only:
+
+- `account_valid` (Boolean)
+- `disconnected_nested` (Boolean)
+- `display_name` (String)
+- `end_date` (String)
+- `last_active` (String)
+- `last_used` (String)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--recent_audits--accounts--links))
+- `nested` (Boolean)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--recent_audits--accounts--permissions))
+- `rights` (String)
+- `username` (String)
+
+<a id="nestedatt--recent_audits--accounts--links"></a>
+### Nested Schema for `recent_audits.accounts.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--recent_audits--accounts--permissions"></a>
+### Nested Schema for `recent_audits.accounts.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--recent_audits--links"></a>
+### Nested Schema for `recent_audits.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--recent_audits--permissions"></a>
+### Nested Schema for `recent_audits.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--service_accounts"></a>
+### Nested Schema for `service_accounts`
+
+Required:
+
+- `name` (String)
+- `password_rotation` (String)
+- `system_uuid` (String)
+
+Optional:
+
+- `active` (Boolean)
+- `description` (String)
+- `technical_administrator_uuid` (String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--links))
+- `password_uuid` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--permissions))
+- `username` (String)
+- `uuid` (String)
+
+<a id="nestedatt--service_accounts--links"></a>
+### Nested Schema for `service_accounts.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--service_accounts--permissions"></a>
+### Nested Schema for `service_accounts.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--systems"></a>
+### Nested Schema for `systems`
+
+Required:
+
+- `group_uuid` (String)
+
+Optional:
+
+- `activation_required` (Boolean)
+
+Read-Only:
+
+- `group_on_system` (Attributes) (see [below for nested schema](#nestedatt--systems--group_on_system))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--systems--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--systems--permissions))
+
+<a id="nestedatt--systems--group_on_system"></a>
+### Nested Schema for `systems.group_on_system`
+
+Required:
+
+- `name_in_system` (String)
+- `owner_uuid` (String)
+- `type` (String)
+
+Optional:
+
+- `display_name` (String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--systems--group_on_system--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--systems--group_on_system--permissions))
+- `short_name_in_system` (String)
+
+<a id="nestedatt--systems--group_on_system--links"></a>
+### Nested Schema for `systems.group_on_system.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--systems--group_on_system--permissions"></a>
+### Nested Schema for `systems.group_on_system.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--systems--links"></a>
+### Nested Schema for `systems.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--systems--permissions"></a>
+### Nested Schema for `systems.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--vault"></a>
+### Nested Schema for `vault`
+
+Optional:
+
+- `access_available` (Boolean)
+- `name` (String)
+- `records` (List of String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--vault--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--vault--permissions))
+
+<a id="nestedatt--vault--links"></a>
+### Nested Schema for `vault.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--vault--permissions"></a>
+### Nested Schema for `vault.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--webhooks"></a>
+### Nested Schema for `webhooks`
+
+Required:
+
+- `url` (String)
+
+Optional:
+
+- `account_uuid` (String)
+- `active` (Boolean)
+- `all_types` (Boolean)
+- `authentication_scheme` (String)
+- `basic_auth_password` (String)
+- `basic_auth_username` (String)
+- `bearer_token` (String)
+- `client_certificate_uuid` (String)
+- `client_uuid` (String)
+- `custom_header_name` (String)
+- `custom_header_value` (String)
+- `directory_uuid` (String)
+- `group_uuid` (String)
+- `name` (String)
+- `system_uuid` (String)
+- `tls` (String)
+- `trusted_certificate_uuid` (String)
+- `types` (List of String)
+- `verbose_payloads` (Boolean)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--webhooks--permissions))
+- `uuid` (String)
+
+<a id="nestedatt--webhooks--links"></a>
+### Nested Schema for `webhooks.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--webhooks--permissions"></a>
+### Nested Schema for `webhooks.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
diff --git a/docs/resources/group_vaultrecord.md b/docs/resources/group_vaultrecord.md
new file mode 100644
index 0000000..f886bab
--- /dev/null
+++ b/docs/resources/group_vaultrecord.md
@@ -0,0 +1,184 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_group_vaultrecord Resource - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_group_vaultrecord (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `group_uuid` (String)
+- `name` (String)
+
+### Optional
+
+- `color` (String)
+- `delete_tile` (Boolean)
+- `end_date` (String)
+- `filename` (String)
+- `secret` (Attributes) (see [below for nested schema](#nestedatt--secret))
+- `tile` (Attributes) (see [below for nested schema](#nestedatt--tile))
+- `url` (String)
+- `username` (String)
+- `warning_period` (String)
+
+### Read-Only
+
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `derived` (Boolean)
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `parent_uuid` (String)
+- `password_metadata` (Attributes) (see [below for nested schema](#nestedatt--password_metadata))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `share_end_time` (String)
+- `share_summary` (Attributes) (see [below for nested schema](#nestedatt--share_summary))
+- `shares` (Attributes List) (see [below for nested schema](#nestedatt--shares))
+- `types` (List of String)
+- `uuid` (String)
+- `vaultholder` (Attributes) (see [below for nested schema](#nestedatt--vaultholder))
+
+<a id="nestedatt--secret"></a>
+### Nested Schema for `secret`
+
+Optional:
+
+- `comment` (String)
+- `file` (String)
+- `password` (String)
+- `totp` (String)
+- `write_totp` (Boolean)
+
+
+<a id="nestedatt--tile"></a>
+### Nested Schema for `tile`
+
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Optional:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--password_metadata"></a>
+### Nested Schema for `password_metadata`
+
+Optional:
+
+- `dictionary` (Boolean)
+- `duplicate` (Boolean)
+- `hash` (String)
+- `length` (Number)
+- `lower_count` (Number)
+- `number_count` (Number)
+- `special_count` (Number)
+- `strength` (Number)
+- `upper_count` (Number)
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--share_summary"></a>
+### Nested Schema for `share_summary`
+
+Optional:
+
+- `children` (Attributes List) (see [below for nested schema](#nestedatt--share_summary--children))
+- `parent` (Attributes) (see [below for nested schema](#nestedatt--share_summary--parent))
+
+<a id="nestedatt--share_summary--children"></a>
+### Nested Schema for `share_summary.children`
+
+Optional:
+
+- `name` (String)
+- `type` (String)
+
+
+<a id="nestedatt--share_summary--parent"></a>
+### Nested Schema for `share_summary.parent`
+
+Optional:
+
+- `name` (String)
+- `type` (String)
+
+
+
+<a id="nestedatt--shares"></a>
+### Nested Schema for `shares`
+
+Required:
+
+- `name` (String)
+
+Optional:
+
+- `color` (String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--shares--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--shares--permissions))
+- `share_end_time` (String)
+- `uuid` (String)
+
+<a id="nestedatt--shares--links"></a>
+### Nested Schema for `shares.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--shares--permissions"></a>
+### Nested Schema for `shares.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--vaultholder"></a>
+### Nested Schema for `vaultholder`
diff --git a/docs/resources/grouponsystem.md b/docs/resources/grouponsystem.md
new file mode 100644
index 0000000..32b8694
--- /dev/null
+++ b/docs/resources/grouponsystem.md
@@ -0,0 +1,192 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_grouponsystem Resource - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_grouponsystem (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name_in_system` (String)
+- `owner_uuid` (String)
+- `provisioned_system_uuid` (String)
+- `type` (String)
+
+### Optional
+
+- `display_name` (String)
+- `provgroups` (Attributes List) (see [below for nested schema](#nestedatt--provgroups))
+- `service_accounts` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts))
+
+### Read-Only
+
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `short_name_in_system` (String)
+
+<a id="nestedatt--provgroups"></a>
+### Nested Schema for `provgroups`
+
+Required:
+
+- `group_uuid` (String)
+
+Optional:
+
+- `activation_required` (Boolean)
+
+Read-Only:
+
+- `group_on_system` (Attributes) (see [below for nested schema](#nestedatt--provgroups--group_on_system))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--provgroups--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--provgroups--permissions))
+
+<a id="nestedatt--provgroups--group_on_system"></a>
+### Nested Schema for `provgroups.group_on_system`
+
+Required:
+
+- `name_in_system` (String)
+- `owner_uuid` (String)
+- `type` (String)
+
+Optional:
+
+- `display_name` (String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--provgroups--group_on_system--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--provgroups--group_on_system--permissions))
+- `short_name_in_system` (String)
+
+<a id="nestedatt--provgroups--group_on_system--links"></a>
+### Nested Schema for `provgroups.group_on_system.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--provgroups--group_on_system--permissions"></a>
+### Nested Schema for `provgroups.group_on_system.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--provgroups--links"></a>
+### Nested Schema for `provgroups.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--provgroups--permissions"></a>
+### Nested Schema for `provgroups.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--service_accounts"></a>
+### Nested Schema for `service_accounts`
+
+Required:
+
+- `name` (String)
+- `system_uuid` (String)
+
+Optional:
+
+- `active` (Boolean)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts--permissions))
+- `username` (String)
+- `uuid` (String)
+
+<a id="nestedatt--service_accounts--links"></a>
+### Nested Schema for `service_accounts.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--service_accounts--permissions"></a>
+### Nested Schema for `service_accounts.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Optional:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
diff --git a/docs/resources/scaffolding_example.md b/docs/resources/scaffolding_example.md
deleted file mode 100644
index 47e77ed..0000000
--- a/docs/resources/scaffolding_example.md
+++ /dev/null
@@ -1,31 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "scaffolding_example Resource - terraform-provider-scaffolding-framework"
-subcategory: ""
-description: |-
-  Example resource
----
-
-# scaffolding_example (Resource)
-
-Example resource
-
-## Example Usage
-
-```terraform
-resource "scaffolding_example" "example" {
-  configurable_attribute = "some-value"
-}
-```
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Optional
-
-- `configurable_attribute` (String) Example configurable attribute
-- `defaulted` (String) Example configurable attribute with default value
-
-### Read-Only
-
-- `id` (String) Example identifier
diff --git a/docs/resources/serviceaccount.md b/docs/resources/serviceaccount.md
new file mode 100644
index 0000000..3b7deeb
--- /dev/null
+++ b/docs/resources/serviceaccount.md
@@ -0,0 +1,122 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "keyhubpreview_serviceaccount Resource - terraform-provider-keyhubpreview"
+subcategory: ""
+description: |-
+  
+---
+
+# keyhubpreview_serviceaccount (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String)
+- `password_rotation` (String)
+- `system_uuid` (String)
+
+### Optional
+
+- `active` (Boolean)
+- `description` (String)
+- `secret` (Attributes) (see [below for nested schema](#nestedatt--secret))
+- `technical_administrator_uuid` (String)
+
+### Read-Only
+
+- `audit` (Attributes) (see [below for nested schema](#nestedatt--audit))
+- `groups` (Attributes List) (see [below for nested schema](#nestedatt--groups))
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--links))
+- `password_uuid` (String)
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--permissions))
+- `username` (String)
+- `uuid` (String)
+
+<a id="nestedatt--secret"></a>
+### Nested Schema for `secret`
+
+Optional:
+
+- `generated_secret` (String)
+- `old_secret` (String)
+- `regenerate` (Boolean)
+
+
+<a id="nestedatt--audit"></a>
+### Nested Schema for `audit`
+
+Optional:
+
+- `created_at` (String)
+- `created_by` (String)
+- `last_modified_at` (String)
+- `last_modified_by` (String)
+
+
+<a id="nestedatt--groups"></a>
+### Nested Schema for `groups`
+
+Required:
+
+- `name_in_system` (String)
+- `type` (String)
+
+Optional:
+
+- `display_name` (String)
+
+Read-Only:
+
+- `links` (Attributes List) (see [below for nested schema](#nestedatt--groups--links))
+- `permissions` (Attributes List) (see [below for nested schema](#nestedatt--groups--permissions))
+- `short_name_in_system` (String)
+
+<a id="nestedatt--groups--links"></a>
+### Nested Schema for `groups.links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--groups--permissions"></a>
+### Nested Schema for `groups.permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
+
+
+
+<a id="nestedatt--links"></a>
+### Nested Schema for `links`
+
+Read-Only:
+
+- `href` (String)
+- `id` (Number)
+- `rel` (String)
+- `type_escaped` (String)
+
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Optional:
+
+- `full` (String)
+- `instances` (List of String)
+- `operations` (List of String)
+- `type_escaped` (String)
diff --git a/examples/provider-install-verification/main.tf b/examples/provider-install-verification/main.tf
index c175715..61853bd 100644
--- a/examples/provider-install-verification/main.tf
+++ b/examples/provider-install-verification/main.tf
@@ -1,18 +1,56 @@
 terraform {
   required_providers {
-    keyhub = {
-      source = "registry.terraform.io/hashicorp/keyhub-preview"
+    keyhubpreview = {
+      source = "registry.terraform.io/hashicorp/keyhubpreview"
     }
   }
 }
 
-provider "keyhub" {
+variable "keyhub_secret" {
+  type        = string
+  description = "Client secret on KeyHub"
+}
+
+variable "keyhub_secret_local" {
+  type        = string
+  description = "Client secret on KeyHub"
+}
+
+provider "keyhubpreview" {
+  #  issuer       = "https://keyhub.topicusonderwijs.nl"
+  #  clientid     = "3a5e82ad-3f0d-4a63-846b-4b3e431f1135"
   issuer       = "https://keyhub.localhost:8443"
   clientid     = "ebdf81ac-b02b-4335-9dc4-4a9bc4eb406d"
-  clientsecret = "o9n8b8j3TRk7A4eQfKEIDIoN-IUvRAlA3gGLUNW8"
+  clientsecret = var.keyhub_secret_local
 }
 
-data "keyhub_group" "testgroup" {
-  uuid = "c20a6ed4-1ae5-4a9f-91b5-2f56f5a1522f"
+resource "keyhubpreview_group" "terra" {
+  name = "Terraform"
+  accounts = [{
+    uuid   = "7ea6622b-f9d2-4e52-a799-217b26f88376"
+    rights = "MANAGER"
+  }]
+  client_permissions = [{
+    client_uuid = "ebdf81ac-b02b-4335-9dc4-4a9bc4eb406d"
+    value       = "GROUP_FULL_VAULT_ACCESS"
+  }]
 }
 
+resource "keyhubpreview_group_vaultrecord" "terrarecord" {
+  name       = "Terraform Record"
+  group_uuid = resource.keyhubpreview_group.terra.uuid
+  secret = {
+    password = "test3"
+  }
+}
+
+resource "keyhubpreview_grouponsystem" "terragos" {
+  provisioned_system_uuid = "47923975-b1af-47c8-bd7a-e52ebb4b9b84"
+  owner_uuid              = resource.keyhubpreview_group.terra.uuid
+  name_in_system          = "cn=terraform,ou=groups,ou=dev,dc=ad01,dc=keyhub,dc=s25,dc=topicus,dc=education"
+  type                    = "GROUP"
+  provgroups = [{
+    activation_required = "false"
+    group_uuid          = "c6c98d08-2cbf-45e9-937a-c5c0427348e2"
+  }]
+}
diff --git a/go.mod b/go.mod
index ee735c7..91fc726 100644
--- a/go.mod
+++ b/go.mod
@@ -1,89 +1,81 @@
-module github.com/topicuskeyhub/terraform-provider-keyhub-preview
+module github.com/topicuskeyhub/terraform-provider-keyhubpreview
 
-go 1.19
+go 1.20
 
 require (
+	github.com/google/uuid v1.4.0
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
-	github.com/hashicorp/terraform-plugin-framework v1.3.2
-	github.com/hashicorp/terraform-plugin-go v0.18.0
+	github.com/hashicorp/terraform-plugin-framework v1.4.2
+	github.com/hashicorp/terraform-plugin-framework-validators v0.12.0
 	github.com/hashicorp/terraform-plugin-log v0.9.0
-	github.com/hashicorp/terraform-plugin-testing v1.3.0
-	github.com/topicuskeyhub/sdk-go v0.0.0-20230718084110-056ed14fd2bc
+	github.com/microsoft/kiota-abstractions-go v1.3.1
+	github.com/topicuskeyhub/sdk-go v0.29.1-0.20231031163120-580c3f972b4d
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
 )
 
 require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.1.1 // indirect
-	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
-	github.com/agext/levenshtein v1.2.2 // indirect
-	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/Masterminds/semver/v3 v3.2.1 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
+	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/bgentry/speakeasy v0.1.0 // indirect
 	github.com/cjlapao/common-go v0.0.39 // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
-	github.com/fatih/color v1.13.0 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/fatih/color v1.15.0 // indirect
+	github.com/go-logr/logr v1.3.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/uuid v1.3.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
 	github.com/hashicorp/go-hclog v1.5.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.10 // indirect
+	github.com/hashicorp/go-plugin v1.5.2 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/hashicorp/hc-install v0.5.2 // indirect
-	github.com/hashicorp/hcl/v2 v2.17.0 // indirect
-	github.com/hashicorp/logutils v1.0.0 // indirect
-	github.com/hashicorp/terraform-exec v0.18.1 // indirect
+	github.com/hashicorp/hc-install v0.6.1 // indirect
+	github.com/hashicorp/terraform-exec v0.19.0 // indirect
 	github.com/hashicorp/terraform-json v0.17.1 // indirect
-	github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 // indirect
-	github.com/hashicorp/terraform-registry-address v0.2.1 // indirect
+	github.com/hashicorp/terraform-plugin-go v0.19.0 // indirect
+	github.com/hashicorp/terraform-registry-address v0.2.3 // indirect
 	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
-	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
-	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/hashicorp/yamux v0.1.1 // indirect
+	github.com/huandu/xstrings v1.4.0 // indirect
+	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
-	github.com/microsoft/kiota-abstractions-go v1.1.0 // indirect
-	github.com/microsoft/kiota-http-go v1.0.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/microsoft/kiota-http-go v1.1.0 // indirect
 	github.com/microsoft/kiota-serialization-json-go v1.0.4 // indirect
 	github.com/mitchellh/cli v1.1.5 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
-	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/oklog/run v1.0.0 // indirect
+	github.com/oklog/run v1.1.0 // indirect
 	github.com/posener/complete v1.2.3 // indirect
 	github.com/pquerna/cachecontrol v0.2.0 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
-	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
-	github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
+	github.com/std-uritemplate/std-uritemplate/go v0.0.46 // indirect
+	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
-	github.com/yosida95/uritemplate/v3 v3.0.2 // indirect
-	github.com/zclconf/go-cty v1.13.2 // indirect
-	go.opentelemetry.io/otel v1.16.0 // indirect
-	go.opentelemetry.io/otel/metric v1.16.0 // indirect
-	go.opentelemetry.io/otel/trace v1.16.0 // indirect
-	golang.org/x/crypto v0.11.0 // indirect
-	golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect
-	golang.org/x/mod v0.11.0 // indirect
-	golang.org/x/net v0.12.0 // indirect
-	golang.org/x/oauth2 v0.10.0 // indirect
-	golang.org/x/sys v0.10.0 // indirect
-	golang.org/x/text v0.11.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
-	google.golang.org/grpc v1.56.1 // indirect
+	github.com/zclconf/go-cty v1.14.1 // indirect
+	go.opentelemetry.io/otel v1.19.0 // indirect
+	go.opentelemetry.io/otel/metric v1.19.0 // indirect
+	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/mod v0.13.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/oauth2 v0.13.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
+	google.golang.org/grpc v1.59.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 7e28b78..7b6a993 100644
--- a/go.sum
+++ b/go.sum
@@ -1,62 +1,61 @@
+dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
+github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
-github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
-github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
-github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
-github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
-github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
+github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
+github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
+github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
+github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
+github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
-github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE=
-github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
-github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
-github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
-github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
+github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
+github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA=
+github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cjlapao/common-go v0.0.39 h1:bAAUrj2B9v0kMzbAOhzjSmiyDy+rd56r2sy7oEiQLlA=
 github.com/cjlapao/common-go v0.0.39/go.mod h1:M3dzazLjTjEtZJbbxoA5ZDiGCiHmpwqW9l4UWaddwOA=
-github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
 github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
 github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
+github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
-github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
-github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
-github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk=
+github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
+github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
+github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
+github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
+github.com/go-git/go-git/v5 v5.9.0 h1:cD9SFA7sHVRdJ7AYck1ZaAa/yeuBvGPxwXDL8cxrObY=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
-github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -65,63 +64,53 @@ github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuD
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI=
-github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs=
 github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
 github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.4.10 h1:xUbmA4jC6Dq163/fWcp8P3JuHilrHHMLNRxzGQJ9hNk=
-github.com/hashicorp/go-plugin v1.4.10/go.mod h1:6/1TEzT0eQznvI/gV2CM29DLSkAK/e58mUWKVsPaph0=
+github.com/hashicorp/go-plugin v1.5.2 h1:aWv8eimFqWlsEiMrYZdPYl+FdHaBJSN4AWwGWfT1G2Y=
+github.com/hashicorp/go-plugin v1.5.2/go.mod h1:w1sAEES3g3PuV/RzUrgow20W2uErMly84hhD3um1WL4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
 github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/hc-install v0.5.2 h1:SfwMFnEXVVirpwkDuSF5kymUOhrUxrTq3udEseZdOD0=
-github.com/hashicorp/hc-install v0.5.2/go.mod h1:9QISwe6newMWIfEiXpzuu1k9HAGtQYgnSH8H9T8wmoI=
-github.com/hashicorp/hcl/v2 v2.17.0 h1:z1XvSUyXd1HP10U4lrLg5e0JMVz6CPaJvAgxM0KNZVY=
-github.com/hashicorp/hcl/v2 v2.17.0/go.mod h1:gJyW2PTShkJqQBKpAmPO3yxMxIuoXkOF2TpqXzrQyx4=
-github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/terraform-exec v0.18.1 h1:LAbfDvNQU1l0NOQlTuudjczVhHj061fNX5H8XZxHlH4=
-github.com/hashicorp/terraform-exec v0.18.1/go.mod h1:58wg4IeuAJ6LVsLUeD2DWZZoc/bYi6dzhLHzxM41980=
+github.com/hashicorp/hc-install v0.6.1 h1:IGxShH7AVhPaSuSJpKtVi/EFORNjO+OYVJJrAtGG2mY=
+github.com/hashicorp/hc-install v0.6.1/go.mod h1:0fW3jpg+wraYSnFDJ6Rlie3RvLf1bIqVIkzoon4KoVE=
+github.com/hashicorp/terraform-exec v0.19.0 h1:FpqZ6n50Tk95mItTSS9BjeOVUb4eg81SpgVtZNNtFSM=
+github.com/hashicorp/terraform-exec v0.19.0/go.mod h1:tbxUpe3JKruE9Cuf65mycSIT8KiNPZ0FkuTE3H4urQg=
 github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA=
 github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o=
 github.com/hashicorp/terraform-plugin-docs v0.16.0 h1:UmxFr3AScl6Wged84jndJIfFccGyBZn52KtMNsS12dI=
 github.com/hashicorp/terraform-plugin-docs v0.16.0/go.mod h1:M3ZrlKBJAbPMtNOPwHicGi1c+hZUh7/g0ifT/z7TVfA=
-github.com/hashicorp/terraform-plugin-framework v1.3.2 h1:aQ6GSD0CTnvoALEWvKAkcH/d8jqSE0Qq56NYEhCexUs=
-github.com/hashicorp/terraform-plugin-framework v1.3.2/go.mod h1:oimsRAPJOYkZ4kY6xIGfR0PHjpHLDLaknzuptl6AvnY=
-github.com/hashicorp/terraform-plugin-go v0.18.0 h1:IwTkOS9cOW1ehLd/rG0y+u/TGLK9y6fGoBjXVUquzpE=
-github.com/hashicorp/terraform-plugin-go v0.18.0/go.mod h1:l7VK+2u5Kf2y+A+742GX0ouLut3gttudmvMgN0PA74Y=
+github.com/hashicorp/terraform-plugin-framework v1.4.2 h1:P7a7VP1GZbjc4rv921Xy5OckzhoiO3ig6SGxwelD2sI=
+github.com/hashicorp/terraform-plugin-framework v1.4.2/go.mod h1:GWl3InPFZi2wVQmdVnINPKys09s9mLmTZr95/ngLnbY=
+github.com/hashicorp/terraform-plugin-framework-validators v0.12.0 h1:HOjBuMbOEzl7snOdOoUfE2Jgeto6JOjLVQ39Ls2nksc=
+github.com/hashicorp/terraform-plugin-framework-validators v0.12.0/go.mod h1:jfHGE/gzjxYz6XoUwi/aYiiKrJDeutQNUtGQXkaHklg=
+github.com/hashicorp/terraform-plugin-go v0.19.0 h1:BuZx/6Cp+lkmiG0cOBk6Zps0Cb2tmqQpDM3iAtnhDQU=
+github.com/hashicorp/terraform-plugin-go v0.19.0/go.mod h1:EhRSkEPNoylLQntYsk5KrDHTZJh9HQoumZXbOGOXmec=
 github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0=
 github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow=
-github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 h1:G9WAfb8LHeCxu7Ae8nc1agZlQOSCUWsb610iAogBhCs=
-github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1/go.mod h1:xcOSYlRVdPLmDUoqPhO9fiO/YCN/l6MGYeTzGt5jgkQ=
-github.com/hashicorp/terraform-plugin-testing v1.3.0 h1:4Pn8fSspPCRUc5zRGPNZYc00VhQmQPEH6y6Pv4e/42M=
-github.com/hashicorp/terraform-plugin-testing v1.3.0/go.mod h1:mGOfGFTVIhP9buGPZyDQhmZFIO/Ig8E0Fo694UACr64=
-github.com/hashicorp/terraform-registry-address v0.2.1 h1:QuTf6oJ1+WSflJw6WYOHhLgwUiQ0FrROpHPYFtwTYWM=
-github.com/hashicorp/terraform-registry-address v0.2.1/go.mod h1:BSE9fIFzp0qWsJUUyGquo4ldV9k2n+psif6NYkBRS3Y=
+github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI=
+github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM=
 github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ=
 github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc=
-github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ=
-github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
+github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
+github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
+github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
-github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
+github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
+github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
-github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
+github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
@@ -130,12 +119,13 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/microsoft/kiota-abstractions-go v1.1.0 h1:X1aKlsYCRs/0RSChr/fbq4j/+kxRzbSY5GeWhtHQNYI=
-github.com/microsoft/kiota-abstractions-go v1.1.0/go.mod h1:RkxyZ5x87Njik7iVeQY9M2wtrrL1MJZcXiI/BxD/82g=
-github.com/microsoft/kiota-http-go v1.0.0 h1:F1hd6gMlLeEgH2CkRB7z13ow7LxMKMWEmms/t0VfS+k=
-github.com/microsoft/kiota-http-go v1.0.0/go.mod h1:eujxJliqodotsYepIc6ihhK+vXMMt5Q8YiSNL7+7M7U=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/microsoft/kiota-abstractions-go v1.3.1 h1:lZ4hLvU/HpnAkvjqIt/mL1ooZ0b/2RKuM2K65fl2/mY=
+github.com/microsoft/kiota-abstractions-go v1.3.1/go.mod h1:NRJnAFg8qqOoX/VQWTe3ZYmcIbLa20LNC+eTqO2j60U=
+github.com/microsoft/kiota-http-go v1.1.0 h1:L5I93EiNtlP/X6YzeTlhjWt7Q1DxzC9CmWSVtX3b0tE=
+github.com/microsoft/kiota-http-go v1.1.0/go.mod h1:zESUM6ovki9LEupqziCbxJ+FAYoF0dFDYZVpOkAfSLc=
 github.com/microsoft/kiota-serialization-json-go v1.0.4 h1:5TaISWwd2Me8clrK7SqNATo0tv9seOq59y4I5953egQ=
 github.com/microsoft/kiota-serialization-json-go v1.0.4/go.mod h1:rM4+FsAY+9AEpBsBzkFFis+b/LZLlNKKewuLwK9Q6Mg=
 github.com/mitchellh/cli v1.1.5 h1:OxRIeJXpAMztws/XHlN2vu6imG5Dpq+j61AzAX5fLng=
@@ -145,15 +135,11 @@ github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa1
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
 github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
-github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
-github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
-github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
+github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
+github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -162,17 +148,20 @@ github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXq
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/pquerna/cachecontrol v0.2.0 h1:vBXSNuE5MYP9IJ5kjsdo8uq+w41jSPgvba2DEnkRx9k=
 github.com/pquerna/cachecontrol v0.2.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI=
-github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
 github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0=
+github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
-github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
+github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
+github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
+github.com/std-uritemplate/std-uritemplate/go v0.0.46 h1:rWcEym/hz9YhPTXJELTXfrq48lTx69jNVhv+dOMmyZY=
+github.com/std-uritemplate/std-uritemplate/go v0.0.46/go.mod h1:Qov4Ay4U83j37XjgxMYevGJFLbnZ2o9cEOhGufBKgKY=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -180,44 +169,51 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/topicuskeyhub/sdk-go v0.0.0-20230718084110-056ed14fd2bc h1:8iYhDYMKsNYewFVgKwVa+kXzyDQnkim+LtwKNSKLFAU=
-github.com/topicuskeyhub/sdk-go v0.0.0-20230718084110-056ed14fd2bc/go.mod h1:wuT0Z03lIjUofzN5RiRQgmoOuw/HvgcAoEcr2KjLmW0=
-github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
-github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
-github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
+github.com/topicuskeyhub/sdk-go v0.29.1-0.20231031163120-580c3f972b4d h1:QUcCSysZOnwe7rr0Oyu4ikkRKWmuenJvnooCbR2ud/Y=
+github.com/topicuskeyhub/sdk-go v0.29.1-0.20231031163120-580c3f972b4d/go.mod h1:s8qOQieJ+9cm/2s0uxPySRH9YNFbln3Nb9J8/XNaWbM=
+github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8=
+github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
 github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
-github.com/yosida95/uritemplate/v3 v3.0.2 h1:Ed3Oyj9yrmi9087+NczuL5BwkIc4wvTb5zIM+UJPGz4=
-github.com/yosida95/uritemplate/v3 v3.0.2/go.mod h1:ILOh0sOhIJR3+L/8afwt/kE++YT040gmv5BQTMR2HP4=
-github.com/zclconf/go-cty v1.13.2 h1:4GvrUxe/QUDYuJKAav4EYqdM47/kZa672LwmXFmEKT0=
-github.com/zclconf/go-cty v1.13.2/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0=
-go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
-go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
-go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
-go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
-go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
-go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/zclconf/go-cty v1.14.1 h1:t9fyA35fwjjUMcmL5hLER+e/rEPqrbCK1/OSE4SI9KA=
+github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
+go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs=
+go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY=
+go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE=
+go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8=
+go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg=
+go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
-golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
-golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df h1:UA2aFVmmsIlefxMk29Dp2juaUSth8Pyn3Tq5Y5mJGME=
-golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
-golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
-golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
+golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
-golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
-golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
-golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
+golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -226,39 +222,53 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
-golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
-golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
-google.golang.org/grpc v1.56.1 h1:z0dNfjIl0VpaZ9iSVjA6daGatAYwPGstTjt5vkRMFkQ=
-google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 h1:AB/lmRny7e2pLhFEYIbl5qkDAUt2h0ZRO4wGPhZf+ik=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/internal/provider/datasource-account.go b/internal/provider/datasource-account.go
new file mode 100644
index 0000000..b691a90
--- /dev/null
+++ b/internal/provider/datasource-account.go
@@ -0,0 +1,103 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/account"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ datasource.DataSource              = &accountDataSource{}
+	_ datasource.DataSourceWithConfigure = &accountDataSource{}
+)
+
+func NewAccountDataSource() datasource.DataSource {
+	return &accountDataSource{}
+}
+
+type accountDataSource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (d *accountDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_account"
+	log.Printf("Registered data source %s", resp.TypeName)
+}
+
+func (d *accountDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: dataSourceSchemaAttrsAuthAccount(true),
+	}
+}
+
+func (d *accountDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *accountDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data authAccountDataDS
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Debug(ctx, "Reading account from Topicus KeyHub by UUID")
+	listValue, _ := data.Additional.ToListValue(ctx)
+	additional, _ := tfToSlice(listValue, func(val attr.Value, diags *diag.Diagnostics) string {
+		return val.(basetypes.StringValue).ValueString()
+	})
+	uuid := data.UUID.ValueString()
+
+	wrapper, err := d.client.Account().Get(ctx, &keyhubreq.AccountRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubreq.AccountRequestBuilderGetQueryParameters{
+			Uuid:       []string{uuid},
+			Additional: additional,
+		},
+	})
+
+	tkh, diags := findFirst[keyhubmodels.AuthAccountable](ctx, wrapper, "account", &uuid, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectDSAuthAccount(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	fillDataStructFromTFObjectDSAuthAccount(&data, tf)
+	data.Additional = listValue
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/provider/datasource-certificate.go b/internal/provider/datasource-certificate.go
new file mode 100644
index 0000000..c9eda70
--- /dev/null
+++ b/internal/provider/datasource-certificate.go
@@ -0,0 +1,103 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/certificate"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ datasource.DataSource              = &certificateDataSource{}
+	_ datasource.DataSourceWithConfigure = &certificateDataSource{}
+)
+
+func NewCertificateDataSource() datasource.DataSource {
+	return &certificateDataSource{}
+}
+
+type certificateDataSource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (d *certificateDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_certificate"
+	log.Printf("Registered data source %s", resp.TypeName)
+}
+
+func (d *certificateDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: dataSourceSchemaAttrsCertificateCertificate(true),
+	}
+}
+
+func (d *certificateDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *certificateDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data certificateCertificateDataDS
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Debug(ctx, "Reading certificate from Topicus KeyHub by UUID")
+	listValue, _ := data.Additional.ToListValue(ctx)
+	additional, _ := tfToSlice(listValue, func(val attr.Value, diags *diag.Diagnostics) string {
+		return val.(basetypes.StringValue).ValueString()
+	})
+	uuid := data.UUID.ValueString()
+
+	wrapper, err := d.client.Certificate().Get(ctx, &keyhubreq.CertificateRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubreq.CertificateRequestBuilderGetQueryParameters{
+			Uuid:       []string{uuid},
+			Additional: additional,
+		},
+	})
+
+	tkh, diags := findFirst[keyhubmodels.CertificateCertificateable](ctx, wrapper, "certificate", &uuid, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectDSCertificateCertificate(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	fillDataStructFromTFObjectDSCertificateCertificate(&data, tf)
+	data.Additional = listValue
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/provider/datasource-client.go b/internal/provider/datasource-client.go
new file mode 100644
index 0000000..eeb64cd
--- /dev/null
+++ b/internal/provider/datasource-client.go
@@ -0,0 +1,103 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/client"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ datasource.DataSource              = &clientDataSource{}
+	_ datasource.DataSourceWithConfigure = &clientDataSource{}
+)
+
+func NewClientDataSource() datasource.DataSource {
+	return &clientDataSource{}
+}
+
+type clientDataSource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (d *clientDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_client"
+	log.Printf("Registered data source %s", resp.TypeName)
+}
+
+func (d *clientDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: dataSourceSchemaAttrsClientClientApplication(true),
+	}
+}
+
+func (d *clientDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *clientDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data clientClientApplicationDataDS
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Debug(ctx, "Reading client from Topicus KeyHub by UUID")
+	listValue, _ := data.Additional.ToListValue(ctx)
+	additional, _ := tfToSlice(listValue, func(val attr.Value, diags *diag.Diagnostics) string {
+		return val.(basetypes.StringValue).ValueString()
+	})
+	uuid := data.UUID.ValueString()
+
+	wrapper, err := d.client.Client().Get(ctx, &keyhubreq.ClientRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubreq.ClientRequestBuilderGetQueryParameters{
+			Uuid:       []string{uuid},
+			Additional: additional,
+		},
+	})
+
+	tkh, diags := findFirst[keyhubmodels.ClientClientApplicationable](ctx, wrapper, "client", &uuid, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectDSClientClientApplication(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	fillDataStructFromTFObjectDSClientClientApplication(&data, tf)
+	data.Additional = listValue
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/provider/datasource-directory.go b/internal/provider/datasource-directory.go
new file mode 100644
index 0000000..d08af26
--- /dev/null
+++ b/internal/provider/datasource-directory.go
@@ -0,0 +1,103 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/directory"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ datasource.DataSource              = &directoryDataSource{}
+	_ datasource.DataSourceWithConfigure = &directoryDataSource{}
+)
+
+func NewDirectoryDataSource() datasource.DataSource {
+	return &directoryDataSource{}
+}
+
+type directoryDataSource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (d *directoryDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_directory"
+	log.Printf("Registered data source %s", resp.TypeName)
+}
+
+func (d *directoryDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: dataSourceSchemaAttrsDirectoryAccountDirectory(true),
+	}
+}
+
+func (d *directoryDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *directoryDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data directoryAccountDirectoryDataDS
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Debug(ctx, "Reading directory from Topicus KeyHub by UUID")
+	listValue, _ := data.Additional.ToListValue(ctx)
+	additional, _ := tfToSlice(listValue, func(val attr.Value, diags *diag.Diagnostics) string {
+		return val.(basetypes.StringValue).ValueString()
+	})
+	uuid := data.UUID.ValueString()
+
+	wrapper, err := d.client.Directory().Get(ctx, &keyhubreq.DirectoryRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubreq.DirectoryRequestBuilderGetQueryParameters{
+			Uuid:       []string{uuid},
+			Additional: additional,
+		},
+	})
+
+	tkh, diags := findFirst[keyhubmodels.DirectoryAccountDirectoryable](ctx, wrapper, "directory", &uuid, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectDSDirectoryAccountDirectory(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	fillDataStructFromTFObjectDSDirectoryAccountDirectory(&data, tf)
+	data.Additional = listValue
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/provider/datasource-group.go b/internal/provider/datasource-group.go
new file mode 100644
index 0000000..7a30cb4
--- /dev/null
+++ b/internal/provider/datasource-group.go
@@ -0,0 +1,103 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/group"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ datasource.DataSource              = &groupDataSource{}
+	_ datasource.DataSourceWithConfigure = &groupDataSource{}
+)
+
+func NewGroupDataSource() datasource.DataSource {
+	return &groupDataSource{}
+}
+
+type groupDataSource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (d *groupDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_group"
+	log.Printf("Registered data source %s", resp.TypeName)
+}
+
+func (d *groupDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: dataSourceSchemaAttrsGroupGroup(true),
+	}
+}
+
+func (d *groupDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *groupDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data groupGroupDataDS
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Debug(ctx, "Reading group from Topicus KeyHub by UUID")
+	listValue, _ := data.Additional.ToListValue(ctx)
+	additional, _ := tfToSlice(listValue, func(val attr.Value, diags *diag.Diagnostics) string {
+		return val.(basetypes.StringValue).ValueString()
+	})
+	uuid := data.UUID.ValueString()
+
+	wrapper, err := d.client.Group().Get(ctx, &keyhubreq.GroupRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubreq.GroupRequestBuilderGetQueryParameters{
+			Uuid:       []string{uuid},
+			Additional: additional,
+		},
+	})
+
+	tkh, diags := findFirst[keyhubmodels.GroupGroupable](ctx, wrapper, "group", &uuid, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectDSGroupGroup(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	fillDataStructFromTFObjectDSGroupGroup(&data, tf)
+	data.Additional = listValue
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/provider/datasource-groupclassification.go b/internal/provider/datasource-groupclassification.go
new file mode 100644
index 0000000..95d0d1f
--- /dev/null
+++ b/internal/provider/datasource-groupclassification.go
@@ -0,0 +1,103 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/groupclassification"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ datasource.DataSource              = &groupclassificationDataSource{}
+	_ datasource.DataSourceWithConfigure = &groupclassificationDataSource{}
+)
+
+func NewGroupclassificationDataSource() datasource.DataSource {
+	return &groupclassificationDataSource{}
+}
+
+type groupclassificationDataSource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (d *groupclassificationDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_groupclassification"
+	log.Printf("Registered data source %s", resp.TypeName)
+}
+
+func (d *groupclassificationDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: dataSourceSchemaAttrsGroupGroupClassification(true),
+	}
+}
+
+func (d *groupclassificationDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *groupclassificationDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data groupGroupClassificationDataDS
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Debug(ctx, "Reading groupclassification from Topicus KeyHub by UUID")
+	listValue, _ := data.Additional.ToListValue(ctx)
+	additional, _ := tfToSlice(listValue, func(val attr.Value, diags *diag.Diagnostics) string {
+		return val.(basetypes.StringValue).ValueString()
+	})
+	uuid := data.UUID.ValueString()
+
+	wrapper, err := d.client.Groupclassification().Get(ctx, &keyhubreq.GroupclassificationRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubreq.GroupclassificationRequestBuilderGetQueryParameters{
+			Uuid:       []string{uuid},
+			Additional: additional,
+		},
+	})
+
+	tkh, diags := findFirst[keyhubmodels.GroupGroupClassificationable](ctx, wrapper, "groupclassification", &uuid, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectDSGroupGroupClassification(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	fillDataStructFromTFObjectDSGroupGroupClassification(&data, tf)
+	data.Additional = listValue
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/provider/datasource-organizationalunit.go b/internal/provider/datasource-organizationalunit.go
new file mode 100644
index 0000000..04d96d6
--- /dev/null
+++ b/internal/provider/datasource-organizationalunit.go
@@ -0,0 +1,103 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/organizationalunit"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ datasource.DataSource              = &organizationalunitDataSource{}
+	_ datasource.DataSourceWithConfigure = &organizationalunitDataSource{}
+)
+
+func NewOrganizationalunitDataSource() datasource.DataSource {
+	return &organizationalunitDataSource{}
+}
+
+type organizationalunitDataSource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (d *organizationalunitDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_organizationalunit"
+	log.Printf("Registered data source %s", resp.TypeName)
+}
+
+func (d *organizationalunitDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: dataSourceSchemaAttrsOrganizationOrganizationalUnit(true),
+	}
+}
+
+func (d *organizationalunitDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *organizationalunitDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data organizationOrganizationalUnitDataDS
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Debug(ctx, "Reading organizationalunit from Topicus KeyHub by UUID")
+	listValue, _ := data.Additional.ToListValue(ctx)
+	additional, _ := tfToSlice(listValue, func(val attr.Value, diags *diag.Diagnostics) string {
+		return val.(basetypes.StringValue).ValueString()
+	})
+	uuid := data.UUID.ValueString()
+
+	wrapper, err := d.client.Organizationalunit().Get(ctx, &keyhubreq.OrganizationalunitRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubreq.OrganizationalunitRequestBuilderGetQueryParameters{
+			Uuid:       []string{uuid},
+			Additional: additional,
+		},
+	})
+
+	tkh, diags := findFirst[keyhubmodels.OrganizationOrganizationalUnitable](ctx, wrapper, "organizationalunit", &uuid, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectDSOrganizationOrganizationalUnit(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	fillDataStructFromTFObjectDSOrganizationOrganizationalUnit(&data, tf)
+	data.Additional = listValue
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/provider/datasource-serviceaccount.go b/internal/provider/datasource-serviceaccount.go
new file mode 100644
index 0000000..969177f
--- /dev/null
+++ b/internal/provider/datasource-serviceaccount.go
@@ -0,0 +1,103 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/serviceaccount"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ datasource.DataSource              = &serviceaccountDataSource{}
+	_ datasource.DataSourceWithConfigure = &serviceaccountDataSource{}
+)
+
+func NewServiceaccountDataSource() datasource.DataSource {
+	return &serviceaccountDataSource{}
+}
+
+type serviceaccountDataSource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (d *serviceaccountDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_serviceaccount"
+	log.Printf("Registered data source %s", resp.TypeName)
+}
+
+func (d *serviceaccountDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: dataSourceSchemaAttrsServiceaccountServiceAccount(true),
+	}
+}
+
+func (d *serviceaccountDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *serviceaccountDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data serviceaccountServiceAccountDataDS
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Debug(ctx, "Reading serviceaccount from Topicus KeyHub by UUID")
+	listValue, _ := data.Additional.ToListValue(ctx)
+	additional, _ := tfToSlice(listValue, func(val attr.Value, diags *diag.Diagnostics) string {
+		return val.(basetypes.StringValue).ValueString()
+	})
+	uuid := data.UUID.ValueString()
+
+	wrapper, err := d.client.Serviceaccount().Get(ctx, &keyhubreq.ServiceaccountRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubreq.ServiceaccountRequestBuilderGetQueryParameters{
+			Uuid:       []string{uuid},
+			Additional: additional,
+		},
+	})
+
+	tkh, diags := findFirst[keyhubmodels.ServiceaccountServiceAccountable](ctx, wrapper, "serviceaccount", &uuid, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectDSServiceaccountServiceAccount(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	fillDataStructFromTFObjectDSServiceaccountServiceAccount(&data, tf)
+	data.Additional = listValue
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/provider/datasource-system.go b/internal/provider/datasource-system.go
new file mode 100644
index 0000000..8170786
--- /dev/null
+++ b/internal/provider/datasource-system.go
@@ -0,0 +1,103 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/system"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ datasource.DataSource              = &systemDataSource{}
+	_ datasource.DataSourceWithConfigure = &systemDataSource{}
+)
+
+func NewSystemDataSource() datasource.DataSource {
+	return &systemDataSource{}
+}
+
+type systemDataSource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (d *systemDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_system"
+	log.Printf("Registered data source %s", resp.TypeName)
+}
+
+func (d *systemDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: dataSourceSchemaAttrsProvisioningProvisionedSystem(true),
+	}
+}
+
+func (d *systemDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *systemDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data provisioningProvisionedSystemDataDS
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Debug(ctx, "Reading system from Topicus KeyHub by UUID")
+	listValue, _ := data.Additional.ToListValue(ctx)
+	additional, _ := tfToSlice(listValue, func(val attr.Value, diags *diag.Diagnostics) string {
+		return val.(basetypes.StringValue).ValueString()
+	})
+	uuid := data.UUID.ValueString()
+
+	wrapper, err := d.client.System().Get(ctx, &keyhubreq.SystemRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubreq.SystemRequestBuilderGetQueryParameters{
+			Uuid:       []string{uuid},
+			Additional: additional,
+		},
+	})
+
+	tkh, diags := findFirst[keyhubmodels.ProvisioningProvisionedSystemable](ctx, wrapper, "system", &uuid, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectDSProvisioningProvisionedSystem(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	fillDataStructFromTFObjectDSProvisioningProvisionedSystem(&data, tf)
+	data.Additional = listValue
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/provider/datasource-vaultrecord.go b/internal/provider/datasource-vaultrecord.go
new file mode 100644
index 0000000..0573673
--- /dev/null
+++ b/internal/provider/datasource-vaultrecord.go
@@ -0,0 +1,103 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/vaultrecord"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ datasource.DataSource              = &vaultrecordDataSource{}
+	_ datasource.DataSourceWithConfigure = &vaultrecordDataSource{}
+)
+
+func NewVaultrecordDataSource() datasource.DataSource {
+	return &vaultrecordDataSource{}
+}
+
+type vaultrecordDataSource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (d *vaultrecordDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_vaultrecord"
+	log.Printf("Registered data source %s", resp.TypeName)
+}
+
+func (d *vaultrecordDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: dataSourceSchemaAttrsVaultVaultRecord(true),
+	}
+}
+
+func (d *vaultrecordDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *vaultrecordDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data vaultVaultRecordDataDS
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Debug(ctx, "Reading vaultrecord from Topicus KeyHub by UUID")
+	listValue, _ := data.Additional.ToListValue(ctx)
+	additional, _ := tfToSlice(listValue, func(val attr.Value, diags *diag.Diagnostics) string {
+		return val.(basetypes.StringValue).ValueString()
+	})
+	uuid := data.UUID.ValueString()
+
+	wrapper, err := d.client.Vaultrecord().Get(ctx, &keyhubreq.VaultrecordRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubreq.VaultrecordRequestBuilderGetQueryParameters{
+			Uuid:       []string{uuid},
+			Additional: additional,
+		},
+	})
+
+	tkh, diags := findFirst[keyhubmodels.VaultVaultRecordable](ctx, wrapper, "vaultrecord", &uuid, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectDSVaultVaultRecord(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	fillDataStructFromTFObjectDSVaultVaultRecord(&data, tf)
+	data.Additional = listValue
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/provider/datasource-webhook.go b/internal/provider/datasource-webhook.go
new file mode 100644
index 0000000..b5bd1a0
--- /dev/null
+++ b/internal/provider/datasource-webhook.go
@@ -0,0 +1,103 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/webhook"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ datasource.DataSource              = &webhookDataSource{}
+	_ datasource.DataSourceWithConfigure = &webhookDataSource{}
+)
+
+func NewWebhookDataSource() datasource.DataSource {
+	return &webhookDataSource{}
+}
+
+type webhookDataSource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (d *webhookDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_webhook"
+	log.Printf("Registered data source %s", resp.TypeName)
+}
+
+func (d *webhookDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: dataSourceSchemaAttrsWebhookWebhook(true),
+	}
+}
+
+func (d *webhookDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *webhookDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data webhookWebhookDataDS
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Debug(ctx, "Reading webhook from Topicus KeyHub by UUID")
+	listValue, _ := data.Additional.ToListValue(ctx)
+	additional, _ := tfToSlice(listValue, func(val attr.Value, diags *diag.Diagnostics) string {
+		return val.(basetypes.StringValue).ValueString()
+	})
+	uuid := data.UUID.ValueString()
+
+	wrapper, err := d.client.Webhook().Get(ctx, &keyhubreq.WebhookRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubreq.WebhookRequestBuilderGetQueryParameters{
+			Uuid:       []string{uuid},
+			Additional: additional,
+		},
+	})
+
+	tkh, diags := findFirst[keyhubmodels.WebhookWebhookable](ctx, wrapper, "webhook", &uuid, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectDSWebhookWebhook(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	fillDataStructFromTFObjectDSWebhookWebhook(&data, tf)
+	data.Additional = listValue
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/provider/example_resource.go b/internal/provider/example_resource.go
deleted file mode 100644
index af8c0fa..0000000
--- a/internal/provider/example_resource.go
+++ /dev/null
@@ -1,187 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package provider
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/hashicorp/terraform-plugin-framework/path"
-	"github.com/hashicorp/terraform-plugin-framework/resource"
-	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
-	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
-	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
-	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
-	"github.com/hashicorp/terraform-plugin-framework/types"
-	"github.com/hashicorp/terraform-plugin-log/tflog"
-)
-
-// Ensure provider defined types fully satisfy framework interfaces.
-var _ resource.Resource = &ExampleResource{}
-var _ resource.ResourceWithImportState = &ExampleResource{}
-
-func NewExampleResource() resource.Resource {
-	return &ExampleResource{}
-}
-
-// ExampleResource defines the resource implementation.
-type ExampleResource struct {
-	client *http.Client
-}
-
-// ExampleResourceModel describes the resource data model.
-type ExampleResourceModel struct {
-	ConfigurableAttribute types.String `tfsdk:"configurable_attribute"`
-	Defaulted             types.String `tfsdk:"defaulted"`
-	Id                    types.String `tfsdk:"id"`
-}
-
-func (r *ExampleResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
-	resp.TypeName = req.ProviderTypeName + "_example"
-}
-
-func (r *ExampleResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
-	resp.Schema = schema.Schema{
-		// This description is used by the documentation generator and the language server.
-		MarkdownDescription: "Example resource",
-
-		Attributes: map[string]schema.Attribute{
-			"configurable_attribute": schema.StringAttribute{
-				MarkdownDescription: "Example configurable attribute",
-				Optional:            true,
-			},
-			"defaulted": schema.StringAttribute{
-				MarkdownDescription: "Example configurable attribute with default value",
-				Optional:            true,
-				Computed:            true,
-				Default:             stringdefault.StaticString("example value when not configured"),
-			},
-			"id": schema.StringAttribute{
-				Computed:            true,
-				MarkdownDescription: "Example identifier",
-				PlanModifiers: []planmodifier.String{
-					stringplanmodifier.UseStateForUnknown(),
-				},
-			},
-		},
-	}
-}
-
-func (r *ExampleResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
-	// Prevent panic if the provider has not been configured.
-	if req.ProviderData == nil {
-		return
-	}
-
-	client, ok := req.ProviderData.(*http.Client)
-
-	if !ok {
-		resp.Diagnostics.AddError(
-			"Unexpected Resource Configure Type",
-			fmt.Sprintf("Expected *http.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData),
-		)
-
-		return
-	}
-
-	r.client = client
-}
-
-func (r *ExampleResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
-	var data *ExampleResourceModel
-
-	// Read Terraform plan data into the model
-	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
-
-	if resp.Diagnostics.HasError() {
-		return
-	}
-
-	// If applicable, this is a great opportunity to initialize any necessary
-	// provider client data and make a call using it.
-	// httpResp, err := r.client.Do(httpReq)
-	// if err != nil {
-	//     resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to create example, got error: %s", err))
-	//     return
-	// }
-
-	// For the purposes of this example code, hardcoding a response value to
-	// save into the Terraform state.
-	data.Id = types.StringValue("example-id")
-
-	// Write logs using the tflog package
-	// Documentation: https://terraform.io/plugin/log
-	tflog.Trace(ctx, "created a resource")
-
-	// Save data into Terraform state
-	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
-}
-
-func (r *ExampleResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
-	var data *ExampleResourceModel
-
-	// Read Terraform prior state data into the model
-	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
-
-	if resp.Diagnostics.HasError() {
-		return
-	}
-
-	// If applicable, this is a great opportunity to initialize any necessary
-	// provider client data and make a call using it.
-	// httpResp, err := r.client.Do(httpReq)
-	// if err != nil {
-	//     resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to read example, got error: %s", err))
-	//     return
-	// }
-
-	// Save updated data into Terraform state
-	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
-}
-
-func (r *ExampleResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
-	var data *ExampleResourceModel
-
-	// Read Terraform plan data into the model
-	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
-
-	if resp.Diagnostics.HasError() {
-		return
-	}
-
-	// If applicable, this is a great opportunity to initialize any necessary
-	// provider client data and make a call using it.
-	// httpResp, err := r.client.Do(httpReq)
-	// if err != nil {
-	//     resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to update example, got error: %s", err))
-	//     return
-	// }
-
-	// Save updated data into Terraform state
-	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
-}
-
-func (r *ExampleResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
-	var data *ExampleResourceModel
-
-	// Read Terraform prior state data into the model
-	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
-
-	if resp.Diagnostics.HasError() {
-		return
-	}
-
-	// If applicable, this is a great opportunity to initialize any necessary
-	// provider client data and make a call using it.
-	// httpResp, err := r.client.Do(httpReq)
-	// if err != nil {
-	//     resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to delete example, got error: %s", err))
-	//     return
-	// }
-}
-
-func (r *ExampleResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
-	resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp)
-}
diff --git a/internal/provider/example_resource_test.go b/internal/provider/example_resource_test.go
deleted file mode 100644
index c5464d0..0000000
--- a/internal/provider/example_resource_test.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package provider
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
-)
-
-func TestAccExampleResource(t *testing.T) {
-	resource.Test(t, resource.TestCase{
-		PreCheck:                 func() { testAccPreCheck(t) },
-		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
-		Steps: []resource.TestStep{
-			// Create and Read testing
-			{
-				Config: testAccExampleResourceConfig("one"),
-				Check: resource.ComposeAggregateTestCheckFunc(
-					resource.TestCheckResourceAttr("scaffolding_example.test", "configurable_attribute", "one"),
-					resource.TestCheckResourceAttr("scaffolding_example.test", "defaulted", "example value when not configured"),
-					resource.TestCheckResourceAttr("scaffolding_example.test", "id", "example-id"),
-				),
-			},
-			// ImportState testing
-			{
-				ResourceName:      "scaffolding_example.test",
-				ImportState:       true,
-				ImportStateVerify: true,
-				// This is not normally necessary, but is here because this
-				// example code does not have an actual upstream service.
-				// Once the Read method is able to refresh information from
-				// the upstream service, this can be removed.
-				ImportStateVerifyIgnore: []string{"configurable_attribute", "defaulted"},
-			},
-			// Update and Read testing
-			{
-				Config: testAccExampleResourceConfig("two"),
-				Check: resource.ComposeAggregateTestCheckFunc(
-					resource.TestCheckResourceAttr("scaffolding_example.test", "configurable_attribute", "two"),
-				),
-			},
-			// Delete testing automatically occurs in TestCase
-		},
-	})
-}
-
-func testAccExampleResourceConfig(configurableAttribute string) string {
-	return fmt.Sprintf(`
-resource "scaffolding_example" "test" {
-  configurable_attribute = %[1]q
-}
-`, configurableAttribute)
-}
diff --git a/internal/provider/full-data-struct-ds.go b/internal/provider/full-data-struct-ds.go
new file mode 100644
index 0000000..f159e75
--- /dev/null
+++ b/internal/provider/full-data-struct-ds.go
@@ -0,0 +1,1504 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+var auditInfoAttrTypesDS = objectAttrsTypeDSAuditInfo(false)
+var auditInfoAttrTypesDSRecurse = objectAttrsTypeDSAuditInfo(true)
+
+type auditInfoDataDS struct {
+	CreatedAt      types.String `tfsdk:"created_at"`
+	CreatedBy      types.String `tfsdk:"created_by"`
+	LastModifiedAt types.String `tfsdk:"last_modified_at"`
+	LastModifiedBy types.String `tfsdk:"last_modified_by"`
+}
+
+var generatedSecretAttrTypesDS = objectAttrsTypeDSGeneratedSecret(false)
+var generatedSecretAttrTypesDSRecurse = objectAttrsTypeDSGeneratedSecret(true)
+
+type generatedSecretDataDS struct {
+	GeneratedSecret types.String `tfsdk:"generated_secret"`
+	OldSecret       types.String `tfsdk:"old_secret"`
+	Regenerate      types.Bool   `tfsdk:"regenerate"`
+}
+
+var linkableAttrTypesDS = objectAttrsTypeDSLinkable(false)
+var linkableAttrTypesDSRecurse = objectAttrsTypeDSLinkable(true)
+
+type linkableDataDS struct {
+	Links       types.List `tfsdk:"links"`
+	Permissions types.List `tfsdk:"permissions"`
+}
+
+var nonLinkableAttrTypesDS = objectAttrsTypeDSNonLinkable(false)
+var nonLinkableAttrTypesDSRecurse = objectAttrsTypeDSNonLinkable(true)
+
+type nonLinkableDataDS struct {
+}
+
+var restLinkAttrTypesDS = objectAttrsTypeDSRestLink(false)
+var restLinkAttrTypesDSRecurse = objectAttrsTypeDSRestLink(true)
+
+type restLinkDataDS struct {
+	Href        types.String `tfsdk:"href"`
+	ID          types.Int64  `tfsdk:"id"`
+	Rel         types.String `tfsdk:"rel"`
+	TypeEscaped types.String `tfsdk:"type_escaped"`
+}
+
+var authAccountAttrTypesDS = objectAttrsTypeDSAuthAccount(false)
+var authAccountAttrTypesDSRecurse = objectAttrsTypeDSAuthAccount(true)
+
+type authAccountDataDS struct {
+	Links                           types.List   `tfsdk:"links"`
+	Permissions                     types.List   `tfsdk:"permissions"`
+	DisplayName                     types.String `tfsdk:"display_name"`
+	LastActive                      types.String `tfsdk:"last_active"`
+	Username                        types.String `tfsdk:"username"`
+	UUID                            types.String `tfsdk:"uuid"`
+	Validity                        types.String `tfsdk:"validity"`
+	Additional                      types.List   `tfsdk:"additional"`
+	AccountPermissions              types.List   `tfsdk:"account_permissions"`
+	Active                          types.Bool   `tfsdk:"active"`
+	ActiveLogin                     types.Bool   `tfsdk:"active_login" tkhao:"activeLogin"`
+	Audit                           types.Object `tfsdk:"audit" tkhao:"audit"`
+	Groups                          types.List   `tfsdk:"groups" tkhao:"groups"`
+	PendingRecoveryRequests         types.Object `tfsdk:"pending_recovery_requests" tkhao:"pendingRecoveryRequests"`
+	Settings                        types.Object `tfsdk:"settings" tkhao:"settings"`
+	StoredAttributes                types.Object `tfsdk:"stored_attributes" tkhao:"storedAttributes"`
+	Vault                           types.Object `tfsdk:"vault" tkhao:"vault"`
+	CanRequestGroups                types.Bool   `tfsdk:"can_request_groups"`
+	Directory                       types.Object `tfsdk:"directory"`
+	DirectoryName                   types.String `tfsdk:"directory_name"`
+	DirectoryPasswordChangeRequired types.Bool   `tfsdk:"directory_password_change_required"`
+	DirectoryRotatingPassword       types.String `tfsdk:"directory_rotating_password"`
+	DirectoryType                   types.String `tfsdk:"directory_type"`
+	Email                           types.String `tfsdk:"email"`
+	IDInDirectory                   types.String `tfsdk:"id_in_directory"`
+	KeyHubPasswordChangeRequired    types.Bool   `tfsdk:"key_hub_password_change_required"`
+	LastModifiedAt                  types.String `tfsdk:"last_modified_at"`
+	LicenseRole                     types.String `tfsdk:"license_role"`
+	Locale                          types.String `tfsdk:"locale"`
+	ReregistrationRequired          types.Bool   `tfsdk:"reregistration_required"`
+	TokenPasswordEnabled            types.Bool   `tfsdk:"token_password_enabled"`
+	TwoFactorStatus                 types.String `tfsdk:"two_factor_status"`
+	ValidInDirectory                types.Bool   `tfsdk:"valid_in_directory"`
+}
+
+var authAccountPrimerAttrTypesDS = objectAttrsTypeDSAuthAccountPrimer(false)
+var authAccountPrimerAttrTypesDSRecurse = objectAttrsTypeDSAuthAccountPrimer(true)
+
+type authAccountPrimerDataDS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	DisplayName types.String `tfsdk:"display_name"`
+	LastActive  types.String `tfsdk:"last_active"`
+	Username    types.String `tfsdk:"username"`
+	UUID        types.String `tfsdk:"uuid"`
+	Validity    types.String `tfsdk:"validity"`
+}
+
+var authAccountRecoveryStatusAttrTypesDS = objectAttrsTypeDSAuthAccountRecoveryStatus(false)
+var authAccountRecoveryStatusAttrTypesDSRecurse = objectAttrsTypeDSAuthAccountRecoveryStatus(true)
+
+type authAccountRecoveryStatusDataDS struct {
+	Pending2FARecoveryRequest      types.Bool `tfsdk:"pending2fa_recovery_request"`
+	PendingPasswordRecoveryRequest types.Bool `tfsdk:"pending_password_recovery_request"`
+}
+
+var authAccountSettingsAttrTypesDS = objectAttrsTypeDSAuthAccountSettings(false)
+var authAccountSettingsAttrTypesDSRecurse = objectAttrsTypeDSAuthAccountSettings(true)
+
+type authAccountSettingsDataDS struct {
+	DefaultOrganizationalUnit        types.Object `tfsdk:"default_organizational_unit"`
+	DirectoryName                    types.String `tfsdk:"directory_name"`
+	DirectoryType                    types.String `tfsdk:"directory_type"`
+	InGroups                         types.Bool   `tfsdk:"in_groups"`
+	InMultipleOrganizationalUnits    types.Bool   `tfsdk:"in_multiple_organizational_units"`
+	KeyHubAdmin                      types.Bool   `tfsdk:"key_hub_admin"`
+	MultipleOrganizationalUnitsExist types.Bool   `tfsdk:"multiple_organizational_units_exist"`
+	PasswordMode                     types.String `tfsdk:"password_mode"`
+	SshPublicKey                     types.String `tfsdk:"ssh_public_key"`
+	TwoFactorAuthentication          types.String `tfsdk:"two_factor_authentication"`
+	UseTokenPassword                 types.Bool   `tfsdk:"use_token_password"`
+	VaultStatus                      types.String `tfsdk:"vault_status"`
+}
+
+var authAccount_additionalObjectsAttrTypesDS = objectAttrsTypeDSAuthAccount_additionalObjects(false)
+var authAccount_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSAuthAccount_additionalObjects(true)
+
+type authAccount_additionalObjectsDataDS struct {
+	ActiveLogin             types.Bool   `tfsdk:"active_login"`
+	Audit                   types.Object `tfsdk:"audit"`
+	Groups                  types.List   `tfsdk:"groups"`
+	PendingRecoveryRequests types.Object `tfsdk:"pending_recovery_requests"`
+	Settings                types.Object `tfsdk:"settings"`
+	StoredAttributes        types.Object `tfsdk:"stored_attributes"`
+	Vault                   types.Object `tfsdk:"vault"`
+}
+
+var authPermissionAttrTypesDS = objectAttrsTypeDSAuthPermission(false)
+var authPermissionAttrTypesDSRecurse = objectAttrsTypeDSAuthPermission(true)
+
+type authPermissionDataDS struct {
+	Full        types.String `tfsdk:"full"`
+	Instances   types.List   `tfsdk:"instances"`
+	Operations  types.List   `tfsdk:"operations"`
+	TypeEscaped types.String `tfsdk:"type_escaped"`
+}
+
+var authStoredAccountAttributeAttrTypesDS = objectAttrsTypeDSAuthStoredAccountAttribute(false)
+var authStoredAccountAttributeAttrTypesDSRecurse = objectAttrsTypeDSAuthStoredAccountAttribute(true)
+
+type authStoredAccountAttributeDataDS struct {
+	Name  types.String `tfsdk:"name"`
+	Value types.String `tfsdk:"value"`
+}
+
+var authStoredAccountAttributesAttrTypesDS = objectAttrsTypeDSAuthStoredAccountAttributes(false)
+var authStoredAccountAttributesAttrTypesDSRecurse = objectAttrsTypeDSAuthStoredAccountAttributes(true)
+
+type authStoredAccountAttributesDataDS struct {
+	Attributes types.List `tfsdk:"attributes"`
+}
+
+var certificateCertificateAttrTypesDS = objectAttrsTypeDSCertificateCertificate(false)
+var certificateCertificateAttrTypesDSRecurse = objectAttrsTypeDSCertificateCertificate(true)
+
+type certificateCertificateDataDS struct {
+	Links                            types.List   `tfsdk:"links"`
+	Permissions                      types.List   `tfsdk:"permissions"`
+	Alias                            types.String `tfsdk:"alias"`
+	CertificateCertificatePrimerType types.String `tfsdk:"type"`
+	CertificateData                  types.List   `tfsdk:"certificate_data"`
+	Expiration                       types.String `tfsdk:"expiration"`
+	FingerprintSha1                  types.String `tfsdk:"fingerprint_sha1"`
+	FingerprintSha256                types.String `tfsdk:"fingerprint_sha256"`
+	Global                           types.Bool   `tfsdk:"global"`
+	SubjectDN                        types.String `tfsdk:"subject_dn"`
+	UUID                             types.String `tfsdk:"uuid"`
+	Additional                       types.List   `tfsdk:"additional"`
+	Audit                            types.Object `tfsdk:"audit" tkhao:"audit"`
+	KeyData                          types.List   `tfsdk:"key_data"`
+}
+
+var certificateCertificatePrimerAttrTypesDS = objectAttrsTypeDSCertificateCertificatePrimer(false)
+var certificateCertificatePrimerAttrTypesDSRecurse = objectAttrsTypeDSCertificateCertificatePrimer(true)
+
+type certificateCertificatePrimerDataDS struct {
+	Links                            types.List   `tfsdk:"links"`
+	Permissions                      types.List   `tfsdk:"permissions"`
+	Alias                            types.String `tfsdk:"alias"`
+	CertificateCertificatePrimerType types.String `tfsdk:"type"`
+	CertificateData                  types.List   `tfsdk:"certificate_data"`
+	Expiration                       types.String `tfsdk:"expiration"`
+	FingerprintSha1                  types.String `tfsdk:"fingerprint_sha1"`
+	FingerprintSha256                types.String `tfsdk:"fingerprint_sha256"`
+	Global                           types.Bool   `tfsdk:"global"`
+	SubjectDN                        types.String `tfsdk:"subject_dn"`
+	UUID                             types.String `tfsdk:"uuid"`
+}
+
+var certificateCertificate_additionalObjectsAttrTypesDS = objectAttrsTypeDSCertificateCertificate_additionalObjects(false)
+var certificateCertificate_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSCertificateCertificate_additionalObjects(true)
+
+type certificateCertificate_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var clientClientApplicationAttrTypesDS = objectAttrsTypeDSClientClientApplication(false)
+var clientClientApplicationAttrTypesDSRecurse = objectAttrsTypeDSClientClientApplication(true)
+
+type clientClientApplicationDataDS struct {
+	Links                             types.List   `tfsdk:"links"`
+	Permissions                       types.List   `tfsdk:"permissions"`
+	ClientClientApplicationPrimerType types.String `tfsdk:"type"`
+	ClientID                          types.String `tfsdk:"client_id"`
+	Name                              types.String `tfsdk:"name"`
+	Scopes                            types.List   `tfsdk:"scopes"`
+	SsoApplication                    types.Bool   `tfsdk:"sso_application"`
+	UUID                              types.String `tfsdk:"uuid"`
+	Additional                        types.List   `tfsdk:"additional"`
+	Audit                             types.Object `tfsdk:"audit" tkhao:"audit"`
+	Groupclients                      types.List   `tfsdk:"groupclients" tkhao:"groupclients"`
+	Groups                            types.List   `tfsdk:"groups" tkhao:"groups"`
+	Secret                            types.Object `tfsdk:"secret" tkhao:"secret"`
+	Tile                              types.Object `tfsdk:"tile" tkhao:"tile"`
+	VaultRecordCount                  types.Int64  `tfsdk:"vault_record_count" tkhao:"vaultRecordCount"`
+	LastModifiedAt                    types.String `tfsdk:"last_modified_at"`
+	Owner                             types.Object `tfsdk:"owner"`
+	TechnicalAdministrator            types.Object `tfsdk:"technical_administrator"`
+	LDAPClient                        types.Object `tfsdk:"ldap_client"`
+	OAuth2Client                      types.Object `tfsdk:"o_auth2_client"`
+	Saml2Client                       types.Object `tfsdk:"saml2_client"`
+}
+
+var clientClientApplicationLinkableWrapperAttrTypesDS = objectAttrsTypeDSClientClientApplicationLinkableWrapper(false)
+var clientClientApplicationLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSClientClientApplicationLinkableWrapper(true)
+
+type clientClientApplicationLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var clientClientApplicationPrimerAttrTypesDS = objectAttrsTypeDSClientClientApplicationPrimer(false)
+var clientClientApplicationPrimerAttrTypesDSRecurse = objectAttrsTypeDSClientClientApplicationPrimer(true)
+
+type clientClientApplicationPrimerDataDS struct {
+	Links                             types.List   `tfsdk:"links"`
+	Permissions                       types.List   `tfsdk:"permissions"`
+	ClientClientApplicationPrimerType types.String `tfsdk:"type"`
+	ClientID                          types.String `tfsdk:"client_id"`
+	Name                              types.String `tfsdk:"name"`
+	Scopes                            types.List   `tfsdk:"scopes"`
+	SsoApplication                    types.Bool   `tfsdk:"sso_application"`
+	UUID                              types.String `tfsdk:"uuid"`
+}
+
+var clientClientApplication_additionalObjectsAttrTypesDS = objectAttrsTypeDSClientClientApplication_additionalObjects(false)
+var clientClientApplication_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSClientClientApplication_additionalObjects(true)
+
+type clientClientApplication_additionalObjectsDataDS struct {
+	Audit            types.Object `tfsdk:"audit"`
+	Groupclients     types.List   `tfsdk:"groupclients"`
+	Groups           types.List   `tfsdk:"groups"`
+	Secret           types.Object `tfsdk:"secret"`
+	Tile             types.Object `tfsdk:"tile"`
+	VaultRecordCount types.Int64  `tfsdk:"vault_record_count"`
+}
+
+var clientLdapClientAttrTypesDS = objectAttrsTypeDSClientLdapClient(false)
+var clientLdapClientAttrTypesDSRecurse = objectAttrsTypeDSClientLdapClient(true)
+
+type clientLdapClientDataDS struct {
+	BindDN              types.String `tfsdk:"bind_dn"`
+	ClientCertificate   types.Object `tfsdk:"client_certificate"`
+	ShareSecretInVault  types.Bool   `tfsdk:"share_secret_in_vault"`
+	SharedSecret        types.Object `tfsdk:"shared_secret"`
+	UsedForProvisioning types.Bool   `tfsdk:"used_for_provisioning"`
+}
+
+var clientOAuth2ClientAttrTypesDS = objectAttrsTypeDSClientOAuth2Client(false)
+var clientOAuth2ClientAttrTypesDSRecurse = objectAttrsTypeDSClientOAuth2Client(true)
+
+type clientOAuth2ClientDataDS struct {
+	AccountPermissions   types.List   `tfsdk:"account_permissions"`
+	Attributes           types.Map    `tfsdk:"attributes"`
+	CallbackURI          types.String `tfsdk:"callback_uri"`
+	Confidential         types.Bool   `tfsdk:"confidential"`
+	DebugMode            types.Bool   `tfsdk:"debug_mode"`
+	IDTokenClaims        types.String `tfsdk:"id_token_claims"`
+	InitiateLoginURI     types.String `tfsdk:"initiate_login_uri"`
+	ResourceURIs         types.String `tfsdk:"resource_uris"`
+	ShareSecretInVault   types.Bool   `tfsdk:"share_secret_in_vault"`
+	SharedSecret         types.Object `tfsdk:"shared_secret"`
+	ShowLandingPage      types.Bool   `tfsdk:"show_landing_page"`
+	UseClientCredentials types.Bool   `tfsdk:"use_client_credentials"`
+}
+
+var clientOAuth2ClientPermissionAttrTypesDS = objectAttrsTypeDSClientOAuth2ClientPermission(false)
+var clientOAuth2ClientPermissionAttrTypesDSRecurse = objectAttrsTypeDSClientOAuth2ClientPermission(true)
+
+type clientOAuth2ClientPermissionDataDS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Additional  types.List   `tfsdk:"additional"`
+	Audit       types.Object `tfsdk:"audit" tkhao:"audit"`
+	ForGroup    types.Object `tfsdk:"for_group"`
+	ForSystem   types.Object `tfsdk:"for_system"`
+	Value       types.String `tfsdk:"value"`
+}
+
+var clientOAuth2ClientPermissionWithClientAttrTypesDS = objectAttrsTypeDSClientOAuth2ClientPermissionWithClient(false)
+var clientOAuth2ClientPermissionWithClientAttrTypesDSRecurse = objectAttrsTypeDSClientOAuth2ClientPermissionWithClient(true)
+
+type clientOAuth2ClientPermissionWithClientDataDS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Additional  types.List   `tfsdk:"additional"`
+	Audit       types.Object `tfsdk:"audit" tkhao:"audit"`
+	ForGroup    types.Object `tfsdk:"for_group"`
+	ForSystem   types.Object `tfsdk:"for_system"`
+	Value       types.String `tfsdk:"value"`
+	Client      types.Object `tfsdk:"client"`
+}
+
+var clientOAuth2ClientPermissionWithClientLinkableWrapperAttrTypesDS = objectAttrsTypeDSClientOAuth2ClientPermissionWithClientLinkableWrapper(false)
+var clientOAuth2ClientPermissionWithClientLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSClientOAuth2ClientPermissionWithClientLinkableWrapper(true)
+
+type clientOAuth2ClientPermissionWithClientLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var clientOAuth2ClientPermission_additionalObjectsAttrTypesDS = objectAttrsTypeDSClientOAuth2ClientPermission_additionalObjects(false)
+var clientOAuth2ClientPermission_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSClientOAuth2ClientPermission_additionalObjects(true)
+
+type clientOAuth2ClientPermission_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var clientSaml2ClientAttrTypesDS = objectAttrsTypeDSClientSaml2Client(false)
+var clientSaml2ClientAttrTypesDSRecurse = objectAttrsTypeDSClientSaml2Client(true)
+
+type clientSaml2ClientDataDS struct {
+	Attributes    types.Map    `tfsdk:"attributes"`
+	Metadata      types.String `tfsdk:"metadata"`
+	MetadataURL   types.String `tfsdk:"metadata_url"`
+	SubjectFormat types.String `tfsdk:"subject_format"`
+}
+
+var directoryAccountDirectoryAttrTypesDS = objectAttrsTypeDSDirectoryAccountDirectory(false)
+var directoryAccountDirectoryAttrTypesDSRecurse = objectAttrsTypeDSDirectoryAccountDirectory(true)
+
+type directoryAccountDirectoryDataDS struct {
+	Links                               types.List   `tfsdk:"links"`
+	Permissions                         types.List   `tfsdk:"permissions"`
+	AccountValiditySupported            types.Bool   `tfsdk:"account_validity_supported"`
+	Active                              types.Bool   `tfsdk:"active"`
+	DirectoryAccountDirectoryPrimerType types.String `tfsdk:"type"`
+	Name                                types.String `tfsdk:"name"`
+	UUID                                types.String `tfsdk:"uuid"`
+	Additional                          types.List   `tfsdk:"additional"`
+	Audit                               types.Object `tfsdk:"audit" tkhao:"audit"`
+	Markers                             types.Object `tfsdk:"markers" tkhao:"markers"`
+	Status                              types.Object `tfsdk:"status" tkhao:"status"`
+	BaseOrganizationalUnit              types.Object `tfsdk:"base_organizational_unit"`
+	DefaultDirectory                    types.Bool   `tfsdk:"default_directory"`
+	HelpdeskGroup                       types.Object `tfsdk:"helpdesk_group"`
+	Restrict2fa                         types.Bool   `tfsdk:"restrict2fa"`
+	RotatingPassword                    types.String `tfsdk:"rotating_password"`
+	UsernameCustomizable                types.Bool   `tfsdk:"username_customizable"`
+	InternalDirectory                   types.Object `tfsdk:"internal_directory"`
+	LDAPDirectory                       types.Object `tfsdk:"l_d_a_p_directory"`
+	MaintenanceDirectory                types.Object `tfsdk:"maintenance_directory"`
+	OIDCDirectory                       types.Object `tfsdk:"o_id_c_directory"`
+}
+
+var directoryAccountDirectoryLinkableWrapperAttrTypesDS = objectAttrsTypeDSDirectoryAccountDirectoryLinkableWrapper(false)
+var directoryAccountDirectoryLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSDirectoryAccountDirectoryLinkableWrapper(true)
+
+type directoryAccountDirectoryLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var directoryAccountDirectoryPrimerAttrTypesDS = objectAttrsTypeDSDirectoryAccountDirectoryPrimer(false)
+var directoryAccountDirectoryPrimerAttrTypesDSRecurse = objectAttrsTypeDSDirectoryAccountDirectoryPrimer(true)
+
+type directoryAccountDirectoryPrimerDataDS struct {
+	Links                               types.List   `tfsdk:"links"`
+	Permissions                         types.List   `tfsdk:"permissions"`
+	AccountValiditySupported            types.Bool   `tfsdk:"account_validity_supported"`
+	Active                              types.Bool   `tfsdk:"active"`
+	DirectoryAccountDirectoryPrimerType types.String `tfsdk:"type"`
+	Name                                types.String `tfsdk:"name"`
+	UUID                                types.String `tfsdk:"uuid"`
+}
+
+var directoryAccountDirectoryStatusReportAttrTypesDS = objectAttrsTypeDSDirectoryAccountDirectoryStatusReport(false)
+var directoryAccountDirectoryStatusReportAttrTypesDSRecurse = objectAttrsTypeDSDirectoryAccountDirectoryStatusReport(true)
+
+type directoryAccountDirectoryStatusReportDataDS struct {
+	Accounts types.Int64  `tfsdk:"accounts"`
+	Reason   types.String `tfsdk:"reason"`
+	Status   types.String `tfsdk:"status"`
+}
+
+var directoryAccountDirectorySummaryAttrTypesDS = objectAttrsTypeDSDirectoryAccountDirectorySummary(false)
+var directoryAccountDirectorySummaryAttrTypesDSRecurse = objectAttrsTypeDSDirectoryAccountDirectorySummary(true)
+
+type directoryAccountDirectorySummaryDataDS struct {
+	Links                                types.List   `tfsdk:"links"`
+	Permissions                          types.List   `tfsdk:"permissions"`
+	DirectoryAccountDirectorySummaryType types.String `tfsdk:"type"`
+	DomainRestriction                    types.String `tfsdk:"domain_restriction"`
+	FullyResolvedIssuer                  types.String `tfsdk:"fully_resolved_issuer"`
+	Name                                 types.String `tfsdk:"name"`
+	Status                               types.Object `tfsdk:"status"`
+	UsernameCustomizable                 types.Bool   `tfsdk:"username_customizable"`
+}
+
+var directoryAccountDirectorySummaryLinkableWrapperAttrTypesDS = objectAttrsTypeDSDirectoryAccountDirectorySummaryLinkableWrapper(false)
+var directoryAccountDirectorySummaryLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSDirectoryAccountDirectorySummaryLinkableWrapper(true)
+
+type directoryAccountDirectorySummaryLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var directoryAccountDirectory_additionalObjectsAttrTypesDS = objectAttrsTypeDSDirectoryAccountDirectory_additionalObjects(false)
+var directoryAccountDirectory_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSDirectoryAccountDirectory_additionalObjects(true)
+
+type directoryAccountDirectory_additionalObjectsDataDS struct {
+	Audit   types.Object `tfsdk:"audit"`
+	Markers types.Object `tfsdk:"markers"`
+	Status  types.Object `tfsdk:"status"`
+}
+
+var directoryInternalDirectoryAttrTypesDS = objectAttrsTypeDSDirectoryInternalDirectory(false)
+var directoryInternalDirectoryAttrTypesDSRecurse = objectAttrsTypeDSDirectoryInternalDirectory(true)
+
+type directoryInternalDirectoryDataDS struct {
+	Owner types.Object `tfsdk:"owner"`
+}
+
+var directoryLDAPDirectoryAttrTypesDS = objectAttrsTypeDSDirectoryLDAPDirectory(false)
+var directoryLDAPDirectoryAttrTypesDSRecurse = objectAttrsTypeDSDirectoryLDAPDirectory(true)
+
+type directoryLDAPDirectoryDataDS struct {
+	AttributesToStore          types.String `tfsdk:"attributes_to_store"`
+	BaseDN                     types.String `tfsdk:"base_dn"`
+	ClientCertificate          types.Object `tfsdk:"client_certificate"`
+	Dialect                    types.String `tfsdk:"dialect"`
+	FailoverHost               types.String `tfsdk:"failover_host"`
+	FailoverTrustedCertificate types.Object `tfsdk:"failover_trusted_certificate"`
+	Host                       types.String `tfsdk:"host"`
+	PasswordRecovery           types.String `tfsdk:"password_recovery"`
+	Port                       types.Int64  `tfsdk:"port"`
+	SearchBindDN               types.String `tfsdk:"search_bind_dn"`
+	SearchBindPassword         types.String `tfsdk:"search_bind_password"`
+	SearchFilter               types.String `tfsdk:"search_filter"`
+	TLS                        types.String `tfsdk:"tls"`
+	TrustedCertificate         types.Object `tfsdk:"trusted_certificate"`
+}
+
+var directoryMaintenanceDirectoryAttrTypesDS = objectAttrsTypeDSDirectoryMaintenanceDirectory(false)
+var directoryMaintenanceDirectoryAttrTypesDSRecurse = objectAttrsTypeDSDirectoryMaintenanceDirectory(true)
+
+type directoryMaintenanceDirectoryDataDS struct {
+}
+
+var directoryOIDCDirectoryAttrTypesDS = objectAttrsTypeDSDirectoryOIDCDirectory(false)
+var directoryOIDCDirectoryAttrTypesDSRecurse = objectAttrsTypeDSDirectoryOIDCDirectory(true)
+
+type directoryOIDCDirectoryDataDS struct {
+	AcrValues           types.String `tfsdk:"acr_values"`
+	AttributesToStore   types.String `tfsdk:"attributes_to_store"`
+	ClientID            types.String `tfsdk:"client_id"`
+	ClientSecret        types.String `tfsdk:"client_secret"`
+	DomainRestriction   types.String `tfsdk:"domain_restriction"`
+	Enforces2fa         types.Bool   `tfsdk:"enforces2fa"`
+	FullyResolvedIssuer types.String `tfsdk:"fully_resolved_issuer"`
+	Issuer              types.String `tfsdk:"issuer"`
+	LogoutURL           types.String `tfsdk:"logout_url"`
+	SendLoginHint       types.Bool   `tfsdk:"send_login_hint"`
+	VendorEscaped       types.String `tfsdk:"vendor_escaped"`
+}
+
+var groupAccountGroupAttrTypesDS = objectAttrsTypeDSGroupAccountGroup(false)
+var groupAccountGroupAttrTypesDSRecurse = objectAttrsTypeDSGroupAccountGroup(true)
+
+type groupAccountGroupDataDS struct {
+	Links                  types.List   `tfsdk:"links"`
+	Permissions            types.List   `tfsdk:"permissions"`
+	Admin                  types.Bool   `tfsdk:"admin"`
+	Name                   types.String `tfsdk:"name"`
+	UUID                   types.String `tfsdk:"uuid"`
+	Additional             types.List   `tfsdk:"additional"`
+	Audit                  types.Object `tfsdk:"audit" tkhao:"audit"`
+	Vault                  types.Object `tfsdk:"vault" tkhao:"vault"`
+	EndDate                types.String `tfsdk:"end_date"`
+	Folder                 types.Object `tfsdk:"folder"`
+	LastUsed               types.String `tfsdk:"last_used"`
+	ProvisioningEndTime    types.String `tfsdk:"provisioning_end_time"`
+	Rights                 types.String `tfsdk:"rights"`
+	VisibleForProvisioning types.Bool   `tfsdk:"visible_for_provisioning"`
+}
+
+var groupAccountGroupLinkableWrapperAttrTypesDS = objectAttrsTypeDSGroupAccountGroupLinkableWrapper(false)
+var groupAccountGroupLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSGroupAccountGroupLinkableWrapper(true)
+
+type groupAccountGroupLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupAccountGroup_additionalObjectsAttrTypesDS = objectAttrsTypeDSGroupAccountGroup_additionalObjects(false)
+var groupAccountGroup_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSGroupAccountGroup_additionalObjects(true)
+
+type groupAccountGroup_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+	Vault types.Object `tfsdk:"vault"`
+}
+
+var groupAuthorizedGroupsWrapperAttrTypesDS = objectAttrsTypeDSGroupAuthorizedGroupsWrapper(false)
+var groupAuthorizedGroupsWrapperAttrTypesDSRecurse = objectAttrsTypeDSGroupAuthorizedGroupsWrapper(true)
+
+type groupAuthorizedGroupsWrapperDataDS struct {
+	Items      types.List  `tfsdk:"items"`
+	GroupCount types.Int64 `tfsdk:"group_count"`
+}
+
+var groupGroupAttrTypesDS = objectAttrsTypeDSGroupGroup(false)
+var groupGroupAttrTypesDSRecurse = objectAttrsTypeDSGroupGroup(true)
+
+type groupGroupDataDS struct {
+	Links                        types.List   `tfsdk:"links"`
+	Permissions                  types.List   `tfsdk:"permissions"`
+	Admin                        types.Bool   `tfsdk:"admin"`
+	Name                         types.String `tfsdk:"name"`
+	UUID                         types.String `tfsdk:"uuid"`
+	Additional                   types.List   `tfsdk:"additional"`
+	Accounts                     types.List   `tfsdk:"accounts" tkhao:"accounts"`
+	AdministeredClients          types.List   `tfsdk:"administered_clients" tkhao:"administeredClients"`
+	AdministeredSystems          types.List   `tfsdk:"administered_systems" tkhao:"administeredSystems"`
+	Admins                       types.List   `tfsdk:"admins" tkhao:"admins"`
+	Audit                        types.Object `tfsdk:"audit" tkhao:"audit"`
+	AuthorizedGroups             types.Object `tfsdk:"authorized_groups" tkhao:"authorizedGroups"`
+	ClientPermissions            types.List   `tfsdk:"client_permissions" tkhao:"clientPermissions"`
+	Clients                      types.List   `tfsdk:"clients" tkhao:"clients"`
+	ContentAdministeredSystems   types.List   `tfsdk:"content_administered_systems" tkhao:"contentAdministeredSystems"`
+	Groupauditinginfo            types.Object `tfsdk:"groupauditinginfo" tkhao:"groupauditinginfo"`
+	Groupinfo                    types.Object `tfsdk:"groupinfo" tkhao:"groupinfo"`
+	Helpdesk                     types.List   `tfsdk:"helpdesk" tkhao:"helpdesk"`
+	Markers                      types.Object `tfsdk:"markers" tkhao:"markers"`
+	Myaccount                    types.Object `tfsdk:"myaccount" tkhao:"myaccount"`
+	Mydelegatedaccount           types.Object `tfsdk:"mydelegatedaccount" tkhao:"mydelegatedaccount"`
+	NestedGroups                 types.List   `tfsdk:"nested_groups" tkhao:"nestedGroups"`
+	OwnedClients                 types.List   `tfsdk:"owned_clients" tkhao:"ownedClients"`
+	OwnedDirectories             types.List   `tfsdk:"owned_directories" tkhao:"ownedDirectories"`
+	OwnedGroupsOnSystem          types.Object `tfsdk:"owned_groups_on_system" tkhao:"ownedGroupsOnSystem"`
+	OwnedOrganizationalUnits     types.List   `tfsdk:"owned_organizational_units" tkhao:"ownedOrganizationalUnits"`
+	OwnedSystems                 types.List   `tfsdk:"owned_systems" tkhao:"ownedSystems"`
+	RecentAudits                 types.List   `tfsdk:"recent_audits" tkhao:"recentAudits"`
+	Requeststatus                types.String `tfsdk:"requeststatus" tkhao:"requeststatus"`
+	ServiceAccounts              types.List   `tfsdk:"service_accounts" tkhao:"serviceAccounts"`
+	Systems                      types.List   `tfsdk:"systems" tkhao:"systems"`
+	Vault                        types.Object `tfsdk:"vault" tkhao:"vault"`
+	Webhooks                     types.List   `tfsdk:"webhooks" tkhao:"webhooks"`
+	ApplicationAdministration    types.Bool   `tfsdk:"application_administration"`
+	AuditConfig                  types.Object `tfsdk:"audit_config"`
+	AuditRequested               types.Bool   `tfsdk:"audit_requested"`
+	Auditor                      types.Bool   `tfsdk:"auditor"`
+	AuthorizingGroupAuditing     types.Object `tfsdk:"authorizing_group_auditing"`
+	AuthorizingGroupDelegation   types.Object `tfsdk:"authorizing_group_delegation"`
+	AuthorizingGroupMembership   types.Object `tfsdk:"authorizing_group_membership"`
+	AuthorizingGroupProvisioning types.Object `tfsdk:"authorizing_group_provisioning"`
+	AuthorizingGroupTypes        types.List   `tfsdk:"authorizing_group_types"`
+	Classification               types.Object `tfsdk:"classification"`
+	Description                  types.String `tfsdk:"description"`
+	ExtendedAccess               types.String `tfsdk:"extended_access"`
+	HideAuditTrail               types.Bool   `tfsdk:"hide_audit_trail"`
+	NestedUnder                  types.Object `tfsdk:"nested_under"`
+	OrganizationalUnit           types.Object `tfsdk:"organizational_unit"`
+	PrivateGroup                 types.Bool   `tfsdk:"private_group"`
+	RecordTrail                  types.Bool   `tfsdk:"record_trail"`
+	RotatingPasswordRequired     types.Bool   `tfsdk:"rotating_password_required"`
+	SingleManaged                types.Bool   `tfsdk:"single_managed"`
+	VaultRecovery                types.String `tfsdk:"vault_recovery"`
+	VaultRequiresActivation      types.Bool   `tfsdk:"vault_requires_activation"`
+}
+
+var groupGroupAccountAttrTypesDS = objectAttrsTypeDSGroupGroupAccount(false)
+var groupGroupAccountAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupAccount(true)
+
+type groupGroupAccountDataDS struct {
+	Links                  types.List   `tfsdk:"links"`
+	Permissions            types.List   `tfsdk:"permissions"`
+	DisplayName            types.String `tfsdk:"display_name"`
+	LastActive             types.String `tfsdk:"last_active"`
+	Username               types.String `tfsdk:"username"`
+	UUID                   types.String `tfsdk:"uuid"`
+	Validity               types.String `tfsdk:"validity"`
+	Additional             types.List   `tfsdk:"additional"`
+	Audit                  types.Object `tfsdk:"audit" tkhao:"audit"`
+	Directory              types.Object `tfsdk:"directory"`
+	DisconnectedNested     types.Bool   `tfsdk:"disconnected_nested"`
+	EndDate                types.String `tfsdk:"end_date"`
+	LastUsed               types.String `tfsdk:"last_used"`
+	Nested                 types.Bool   `tfsdk:"nested"`
+	ProvisioningEndTime    types.String `tfsdk:"provisioning_end_time"`
+	Rights                 types.String `tfsdk:"rights"`
+	TwoFactorStatus        types.String `tfsdk:"two_factor_status"`
+	VisibleForProvisioning types.Bool   `tfsdk:"visible_for_provisioning"`
+}
+
+var groupGroupAccountLinkableWrapperAttrTypesDS = objectAttrsTypeDSGroupGroupAccountLinkableWrapper(false)
+var groupGroupAccountLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupAccountLinkableWrapper(true)
+
+type groupGroupAccountLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupGroupAccount_additionalObjectsAttrTypesDS = objectAttrsTypeDSGroupGroupAccount_additionalObjects(false)
+var groupGroupAccount_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupAccount_additionalObjects(true)
+
+type groupGroupAccount_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var groupGroupAuditAttrTypesDS = objectAttrsTypeDSGroupGroupAudit(false)
+var groupGroupAuditAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupAudit(true)
+
+type groupGroupAuditDataDS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Additional  types.List   `tfsdk:"additional"`
+	Accounts    types.List   `tfsdk:"accounts"`
+	Audit       types.Object `tfsdk:"audit" tkhao:"audit"`
+	Comment     types.String `tfsdk:"comment"`
+	CreatedAt   types.String `tfsdk:"created_at"`
+	CreatedBy   types.String `tfsdk:"created_by"`
+	GroupName   types.String `tfsdk:"group_name"`
+	NameOnAudit types.String `tfsdk:"name_on_audit"`
+	ReviewedAt  types.String `tfsdk:"reviewed_at"`
+	ReviewedBy  types.String `tfsdk:"reviewed_by"`
+	Status      types.String `tfsdk:"status"`
+	SubmittedAt types.String `tfsdk:"submitted_at"`
+	SubmittedBy types.String `tfsdk:"submitted_by"`
+}
+
+var groupGroupAuditAccountAttrTypesDS = objectAttrsTypeDSGroupGroupAuditAccount(false)
+var groupGroupAuditAccountAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupAuditAccount(true)
+
+type groupGroupAuditAccountDataDS struct {
+	Links              types.List   `tfsdk:"links"`
+	Permissions        types.List   `tfsdk:"permissions"`
+	AccountUUID        types.String `tfsdk:"account_uuid"`
+	AccountValid       types.Bool   `tfsdk:"account_valid"`
+	Action             types.String `tfsdk:"action"`
+	Comment            types.String `tfsdk:"comment"`
+	DisconnectedNested types.Bool   `tfsdk:"disconnected_nested"`
+	DisplayName        types.String `tfsdk:"display_name"`
+	EndDate            types.String `tfsdk:"end_date"`
+	LastActive         types.String `tfsdk:"last_active"`
+	LastUsed           types.String `tfsdk:"last_used"`
+	Nested             types.Bool   `tfsdk:"nested"`
+	Rights             types.String `tfsdk:"rights"`
+	Username           types.String `tfsdk:"username"`
+}
+
+var groupGroupAuditConfigAttrTypesDS = objectAttrsTypeDSGroupGroupAuditConfig(false)
+var groupGroupAuditConfigAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupAuditConfig(true)
+
+type groupGroupAuditConfigDataDS struct {
+	Links       types.List `tfsdk:"links"`
+	Permissions types.List `tfsdk:"permissions"`
+	Months      types.List `tfsdk:"months"`
+}
+
+var groupGroupAuditLinkableWrapperAttrTypesDS = objectAttrsTypeDSGroupGroupAuditLinkableWrapper(false)
+var groupGroupAuditLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupAuditLinkableWrapper(true)
+
+type groupGroupAuditLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupGroupAudit_additionalObjectsAttrTypesDS = objectAttrsTypeDSGroupGroupAudit_additionalObjects(false)
+var groupGroupAudit_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupAudit_additionalObjects(true)
+
+type groupGroupAudit_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var groupGroupAuditingInfoAttrTypesDS = objectAttrsTypeDSGroupGroupAuditingInfo(false)
+var groupGroupAuditingInfoAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupAuditingInfo(true)
+
+type groupGroupAuditingInfoDataDS struct {
+	AuditDueDate              types.String `tfsdk:"audit_due_date"`
+	LastAuditDate             types.String `tfsdk:"last_audit_date"`
+	NrAccounts                types.Int64  `tfsdk:"nr_accounts"`
+	NrDisabledAccounts        types.Int64  `tfsdk:"nr_disabled_accounts"`
+	NrDisabledManagers        types.Int64  `tfsdk:"nr_disabled_managers"`
+	NrExpiredVaultRecords     types.Int64  `tfsdk:"nr_expired_vault_records"`
+	NrManagers                types.Int64  `tfsdk:"nr_managers"`
+	NrVaultRecordsWithEndDate types.Int64  `tfsdk:"nr_vault_records_with_end_date"`
+}
+
+var groupGroupClassificationAttrTypesDS = objectAttrsTypeDSGroupGroupClassification(false)
+var groupGroupClassificationAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupClassification(true)
+
+type groupGroupClassificationDataDS struct {
+	Links                                types.List   `tfsdk:"links"`
+	Permissions                          types.List   `tfsdk:"permissions"`
+	Name                                 types.String `tfsdk:"name"`
+	UUID                                 types.String `tfsdk:"uuid"`
+	Additional                           types.List   `tfsdk:"additional"`
+	Audit                                types.Object `tfsdk:"audit" tkhao:"audit"`
+	Info                                 types.Object `tfsdk:"info" tkhao:"info"`
+	AuthorizingGroupAuditingRequired     types.Bool   `tfsdk:"authorizing_group_auditing_required"`
+	AuthorizingGroupDelegationRequired   types.Bool   `tfsdk:"authorizing_group_delegation_required"`
+	AuthorizingGroupMembershipRequired   types.Bool   `tfsdk:"authorizing_group_membership_required"`
+	AuthorizingGroupProvisioningRequired types.Bool   `tfsdk:"authorizing_group_provisioning_required"`
+	DefaultClassification                types.Bool   `tfsdk:"default_classification"`
+	Description                          types.String `tfsdk:"description"`
+	MaximumAuditInterval                 types.Int64  `tfsdk:"maximum_audit_interval"`
+	MinimumNrManagers                    types.Int64  `tfsdk:"minimum_nr_managers"`
+	RecordTrailRequired                  types.Bool   `tfsdk:"record_trail_required"`
+	RequiredMonths                       types.List   `tfsdk:"required_months"`
+	RotatingPasswordRequired             types.Bool   `tfsdk:"rotating_password_required"`
+	VaultRequiresActivation              types.Bool   `tfsdk:"vault_requires_activation"`
+}
+
+var groupGroupClassificationInfoAttrTypesDS = objectAttrsTypeDSGroupGroupClassificationInfo(false)
+var groupGroupClassificationInfoAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupClassificationInfo(true)
+
+type groupGroupClassificationInfoDataDS struct {
+	NrGroups types.Int64 `tfsdk:"nr_groups"`
+}
+
+var groupGroupClassificationPrimerAttrTypesDS = objectAttrsTypeDSGroupGroupClassificationPrimer(false)
+var groupGroupClassificationPrimerAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupClassificationPrimer(true)
+
+type groupGroupClassificationPrimerDataDS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Name        types.String `tfsdk:"name"`
+	UUID        types.String `tfsdk:"uuid"`
+}
+
+var groupGroupClassification_additionalObjectsAttrTypesDS = objectAttrsTypeDSGroupGroupClassification_additionalObjects(false)
+var groupGroupClassification_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupClassification_additionalObjects(true)
+
+type groupGroupClassification_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+	Info  types.Object `tfsdk:"info"`
+}
+
+var groupGroupClientAttrTypesDS = objectAttrsTypeDSGroupGroupClient(false)
+var groupGroupClientAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupClient(true)
+
+type groupGroupClientDataDS struct {
+	Links                  types.List   `tfsdk:"links"`
+	Permissions            types.List   `tfsdk:"permissions"`
+	Additional             types.List   `tfsdk:"additional"`
+	ActivationRequired     types.Bool   `tfsdk:"activation_required"`
+	Audit                  types.Object `tfsdk:"audit" tkhao:"audit"`
+	Client                 types.Object `tfsdk:"client"`
+	Group                  types.Object `tfsdk:"group"`
+	Owner                  types.Object `tfsdk:"owner"`
+	TechnicalAdministrator types.Object `tfsdk:"technical_administrator"`
+}
+
+var groupGroupClientLinkableWrapperAttrTypesDS = objectAttrsTypeDSGroupGroupClientLinkableWrapper(false)
+var groupGroupClientLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupClientLinkableWrapper(true)
+
+type groupGroupClientLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupGroupClient_additionalObjectsAttrTypesDS = objectAttrsTypeDSGroupGroupClient_additionalObjects(false)
+var groupGroupClient_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupClient_additionalObjects(true)
+
+type groupGroupClient_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var groupGroupFolderAttrTypesDS = objectAttrsTypeDSGroupGroupFolder(false)
+var groupGroupFolderAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupFolder(true)
+
+type groupGroupFolderDataDS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Additional  types.List   `tfsdk:"additional"`
+	Audit       types.Object `tfsdk:"audit" tkhao:"audit"`
+	Name        types.String `tfsdk:"name"`
+}
+
+var groupGroupFolder_additionalObjectsAttrTypesDS = objectAttrsTypeDSGroupGroupFolder_additionalObjects(false)
+var groupGroupFolder_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupFolder_additionalObjects(true)
+
+type groupGroupFolder_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var groupGroupInfoAttrTypesDS = objectAttrsTypeDSGroupGroupInfo(false)
+var groupGroupInfoAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupInfo(true)
+
+type groupGroupInfoDataDS struct {
+	NrAccounts           types.Int64 `tfsdk:"nr_accounts"`
+	NrAccountsWithVault  types.Int64 `tfsdk:"nr_accounts_with_vault"`
+	NrAudits             types.Int64 `tfsdk:"nr_audits"`
+	NrClients            types.Int64 `tfsdk:"nr_clients"`
+	NrProvisionedSystems types.Int64 `tfsdk:"nr_provisioned_systems"`
+	NrVaultRecords       types.Int64 `tfsdk:"nr_vault_records"`
+}
+
+var groupGroupLinkableWrapperAttrTypesDS = objectAttrsTypeDSGroupGroupLinkableWrapper(false)
+var groupGroupLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupLinkableWrapper(true)
+
+type groupGroupLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupGroupPrimerAttrTypesDS = objectAttrsTypeDSGroupGroupPrimer(false)
+var groupGroupPrimerAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupPrimer(true)
+
+type groupGroupPrimerDataDS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Admin       types.Bool   `tfsdk:"admin"`
+	Name        types.String `tfsdk:"name"`
+	UUID        types.String `tfsdk:"uuid"`
+}
+
+var groupGroupPrimerLinkableWrapperAttrTypesDS = objectAttrsTypeDSGroupGroupPrimerLinkableWrapper(false)
+var groupGroupPrimerLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSGroupGroupPrimerLinkableWrapper(true)
+
+type groupGroupPrimerLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupGroup_additionalObjectsAttrTypesDS = objectAttrsTypeDSGroupGroup_additionalObjects(false)
+var groupGroup_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSGroupGroup_additionalObjects(true)
+
+type groupGroup_additionalObjectsDataDS struct {
+	Accounts                   types.List   `tfsdk:"accounts"`
+	AdministeredClients        types.List   `tfsdk:"administered_clients"`
+	AdministeredSystems        types.List   `tfsdk:"administered_systems"`
+	Admins                     types.List   `tfsdk:"admins"`
+	Audit                      types.Object `tfsdk:"audit"`
+	AuthorizedGroups           types.Object `tfsdk:"authorized_groups"`
+	ClientPermissions          types.List   `tfsdk:"client_permissions"`
+	Clients                    types.List   `tfsdk:"clients"`
+	ContentAdministeredSystems types.List   `tfsdk:"content_administered_systems"`
+	Groupauditinginfo          types.Object `tfsdk:"groupauditinginfo"`
+	Groupinfo                  types.Object `tfsdk:"groupinfo"`
+	Helpdesk                   types.List   `tfsdk:"helpdesk"`
+	Markers                    types.Object `tfsdk:"markers"`
+	Myaccount                  types.Object `tfsdk:"myaccount"`
+	Mydelegatedaccount         types.Object `tfsdk:"mydelegatedaccount"`
+	NestedGroups               types.List   `tfsdk:"nested_groups"`
+	OwnedClients               types.List   `tfsdk:"owned_clients"`
+	OwnedDirectories           types.List   `tfsdk:"owned_directories"`
+	OwnedGroupsOnSystem        types.Object `tfsdk:"owned_groups_on_system"`
+	OwnedOrganizationalUnits   types.List   `tfsdk:"owned_organizational_units"`
+	OwnedSystems               types.List   `tfsdk:"owned_systems"`
+	RecentAudits               types.List   `tfsdk:"recent_audits"`
+	Requeststatus              types.String `tfsdk:"requeststatus"`
+	ServiceAccounts            types.List   `tfsdk:"service_accounts"`
+	Systems                    types.List   `tfsdk:"systems"`
+	Vault                      types.Object `tfsdk:"vault"`
+	Webhooks                   types.List   `tfsdk:"webhooks"`
+}
+
+var groupProvisioningGroupAttrTypesDS = objectAttrsTypeDSGroupProvisioningGroup(false)
+var groupProvisioningGroupAttrTypesDSRecurse = objectAttrsTypeDSGroupProvisioningGroup(true)
+
+type groupProvisioningGroupDataDS struct {
+	Links              types.List   `tfsdk:"links"`
+	Permissions        types.List   `tfsdk:"permissions"`
+	Additional         types.List   `tfsdk:"additional"`
+	ActivationRequired types.Bool   `tfsdk:"activation_required"`
+	Audit              types.Object `tfsdk:"audit" tkhao:"audit"`
+	Group              types.Object `tfsdk:"group"`
+	GroupOnSystem      types.Object `tfsdk:"group_on_system"`
+}
+
+var groupProvisioningGroupLinkableWrapperAttrTypesDS = objectAttrsTypeDSGroupProvisioningGroupLinkableWrapper(false)
+var groupProvisioningGroupLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSGroupProvisioningGroupLinkableWrapper(true)
+
+type groupProvisioningGroupLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupProvisioningGroup_additionalObjectsAttrTypesDS = objectAttrsTypeDSGroupProvisioningGroup_additionalObjects(false)
+var groupProvisioningGroup_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSGroupProvisioningGroup_additionalObjects(true)
+
+type groupProvisioningGroup_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var launchpadSsoApplicationLaunchpadTileAttrTypesDS = objectAttrsTypeDSLaunchpadSsoApplicationLaunchpadTile(false)
+var launchpadSsoApplicationLaunchpadTileAttrTypesDSRecurse = objectAttrsTypeDSLaunchpadSsoApplicationLaunchpadTile(true)
+
+type launchpadSsoApplicationLaunchpadTileDataDS struct {
+	URI types.String `tfsdk:"uri"`
+}
+
+var launchpadVaultRecordLaunchpadTileAttrTypesDS = objectAttrsTypeDSLaunchpadVaultRecordLaunchpadTile(false)
+var launchpadVaultRecordLaunchpadTileAttrTypesDSRecurse = objectAttrsTypeDSLaunchpadVaultRecordLaunchpadTile(true)
+
+type launchpadVaultRecordLaunchpadTileDataDS struct {
+}
+
+var markItemMarkerAttrTypesDS = objectAttrsTypeDSMarkItemMarker(false)
+var markItemMarkerAttrTypesDSRecurse = objectAttrsTypeDSMarkItemMarker(true)
+
+type markItemMarkerDataDS struct {
+	Level              types.String `tfsdk:"level"`
+	MarkItemMarkerType types.String `tfsdk:"type"`
+	Parameters         types.Map    `tfsdk:"parameters"`
+}
+
+var markItemMarkersAttrTypesDS = objectAttrsTypeDSMarkItemMarkers(false)
+var markItemMarkersAttrTypesDSRecurse = objectAttrsTypeDSMarkItemMarkers(true)
+
+type markItemMarkersDataDS struct {
+	Markers types.List `tfsdk:"markers"`
+}
+
+var organizationOrganizationalUnitAttrTypesDS = objectAttrsTypeDSOrganizationOrganizationalUnit(false)
+var organizationOrganizationalUnitAttrTypesDSRecurse = objectAttrsTypeDSOrganizationOrganizationalUnit(true)
+
+type organizationOrganizationalUnitDataDS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Name        types.String `tfsdk:"name"`
+	UUID        types.String `tfsdk:"uuid"`
+	Additional  types.List   `tfsdk:"additional"`
+	Audit       types.Object `tfsdk:"audit" tkhao:"audit"`
+	Depth       types.Int64  `tfsdk:"depth"`
+	Description types.String `tfsdk:"description"`
+	Owner       types.Object `tfsdk:"owner"`
+	Parent      types.Object `tfsdk:"parent"`
+}
+
+var organizationOrganizationalUnitLinkableWrapperAttrTypesDS = objectAttrsTypeDSOrganizationOrganizationalUnitLinkableWrapper(false)
+var organizationOrganizationalUnitLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSOrganizationOrganizationalUnitLinkableWrapper(true)
+
+type organizationOrganizationalUnitLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var organizationOrganizationalUnitPrimerAttrTypesDS = objectAttrsTypeDSOrganizationOrganizationalUnitPrimer(false)
+var organizationOrganizationalUnitPrimerAttrTypesDSRecurse = objectAttrsTypeDSOrganizationOrganizationalUnitPrimer(true)
+
+type organizationOrganizationalUnitPrimerDataDS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Name        types.String `tfsdk:"name"`
+	UUID        types.String `tfsdk:"uuid"`
+}
+
+var organizationOrganizationalUnit_additionalObjectsAttrTypesDS = objectAttrsTypeDSOrganizationOrganizationalUnit_additionalObjects(false)
+var organizationOrganizationalUnit_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSOrganizationOrganizationalUnit_additionalObjects(true)
+
+type organizationOrganizationalUnit_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var provisioningAbstractProvisionedLDAPAttrTypesDS = objectAttrsTypeDSProvisioningAbstractProvisionedLDAP(false)
+var provisioningAbstractProvisionedLDAPAttrTypesDSRecurse = objectAttrsTypeDSProvisioningAbstractProvisionedLDAP(true)
+
+type provisioningAbstractProvisionedLDAPDataDS struct {
+	Attributes                 types.Map    `tfsdk:"attributes"`
+	BaseDN                     types.String `tfsdk:"base_dn"`
+	BindDN                     types.String `tfsdk:"bind_dn"`
+	BindPassword               types.String `tfsdk:"bind_password"`
+	ClientCertificate          types.Object `tfsdk:"client_certificate"`
+	FailoverHost               types.String `tfsdk:"failover_host"`
+	FailoverTrustedCertificate types.Object `tfsdk:"failover_trusted_certificate"`
+	GroupDN                    types.String `tfsdk:"group_dn"`
+	Host                       types.String `tfsdk:"host"`
+	ObjectClasses              types.String `tfsdk:"object_classes"`
+	Port                       types.Int64  `tfsdk:"port"`
+	ServiceAccountDN           types.String `tfsdk:"service_account_dn"`
+	SshPublicKeySupported      types.Bool   `tfsdk:"ssh_public_key_supported"`
+	TLS                        types.String `tfsdk:"tls"`
+	TrustedCertificate         types.Object `tfsdk:"trusted_certificate"`
+	UserDN                     types.String `tfsdk:"user_dn"`
+}
+
+var provisioningCircuitBreakerStatisticsAttrTypesDS = objectAttrsTypeDSProvisioningCircuitBreakerStatistics(false)
+var provisioningCircuitBreakerStatisticsAttrTypesDSRecurse = objectAttrsTypeDSProvisioningCircuitBreakerStatistics(true)
+
+type provisioningCircuitBreakerStatisticsDataDS struct {
+	NumberOfFailedCalls       types.Int64  `tfsdk:"number_of_failed_calls"`
+	NumberOfNotPermittedCalls types.Int64  `tfsdk:"number_of_not_permitted_calls"`
+	NumberOfSuccessfulCalls   types.Int64  `tfsdk:"number_of_successful_calls"`
+	State                     types.String `tfsdk:"state"`
+}
+
+var provisioningGroupOnSystemAttrTypesDS = objectAttrsTypeDSProvisioningGroupOnSystem(false)
+var provisioningGroupOnSystemAttrTypesDSRecurse = objectAttrsTypeDSProvisioningGroupOnSystem(true)
+
+type provisioningGroupOnSystemDataDS struct {
+	Links                               types.List   `tfsdk:"links"`
+	Permissions                         types.List   `tfsdk:"permissions"`
+	DisplayName                         types.String `tfsdk:"display_name"`
+	NameInSystem                        types.String `tfsdk:"name_in_system"`
+	ProvisioningGroupOnSystemPrimerType types.String `tfsdk:"type"`
+	ShortNameInSystem                   types.String `tfsdk:"short_name_in_system"`
+	Additional                          types.List   `tfsdk:"additional"`
+	Audit                               types.Object `tfsdk:"audit" tkhao:"audit"`
+	Provgroups                          types.List   `tfsdk:"provgroups" tkhao:"provgroups"`
+	ServiceAccounts                     types.List   `tfsdk:"service_accounts" tkhao:"serviceAccounts"`
+	Owner                               types.Object `tfsdk:"owner"`
+}
+
+var provisioningGroupOnSystemLinkableWrapperAttrTypesDS = objectAttrsTypeDSProvisioningGroupOnSystemLinkableWrapper(false)
+var provisioningGroupOnSystemLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSProvisioningGroupOnSystemLinkableWrapper(true)
+
+type provisioningGroupOnSystemLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var provisioningGroupOnSystemPrimerAttrTypesDS = objectAttrsTypeDSProvisioningGroupOnSystemPrimer(false)
+var provisioningGroupOnSystemPrimerAttrTypesDSRecurse = objectAttrsTypeDSProvisioningGroupOnSystemPrimer(true)
+
+type provisioningGroupOnSystemPrimerDataDS struct {
+	Links                               types.List   `tfsdk:"links"`
+	Permissions                         types.List   `tfsdk:"permissions"`
+	DisplayName                         types.String `tfsdk:"display_name"`
+	NameInSystem                        types.String `tfsdk:"name_in_system"`
+	ProvisioningGroupOnSystemPrimerType types.String `tfsdk:"type"`
+	ShortNameInSystem                   types.String `tfsdk:"short_name_in_system"`
+}
+
+var provisioningGroupOnSystemTypesAttrTypesDS = objectAttrsTypeDSProvisioningGroupOnSystemTypes(false)
+var provisioningGroupOnSystemTypesAttrTypesDSRecurse = objectAttrsTypeDSProvisioningGroupOnSystemTypes(true)
+
+type provisioningGroupOnSystemTypesDataDS struct {
+	Types types.List `tfsdk:"types"`
+}
+
+var provisioningGroupOnSystem_additionalObjectsAttrTypesDS = objectAttrsTypeDSProvisioningGroupOnSystem_additionalObjects(false)
+var provisioningGroupOnSystem_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSProvisioningGroupOnSystem_additionalObjects(true)
+
+type provisioningGroupOnSystem_additionalObjectsDataDS struct {
+	Audit           types.Object `tfsdk:"audit"`
+	Provgroups      types.List   `tfsdk:"provgroups"`
+	ServiceAccounts types.List   `tfsdk:"service_accounts"`
+}
+
+var provisioningOwnedGroupOnSystemsWrapperAttrTypesDS = objectAttrsTypeDSProvisioningOwnedGroupOnSystemsWrapper(false)
+var provisioningOwnedGroupOnSystemsWrapperAttrTypesDSRecurse = objectAttrsTypeDSProvisioningOwnedGroupOnSystemsWrapper(true)
+
+type provisioningOwnedGroupOnSystemsWrapperDataDS struct {
+	Items         types.List  `tfsdk:"items"`
+	UnlinkedCount types.Int64 `tfsdk:"unlinked_count"`
+}
+
+var provisioningProvisionNumberSequenceAttrTypesDS = objectAttrsTypeDSProvisioningProvisionNumberSequence(false)
+var provisioningProvisionNumberSequenceAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionNumberSequence(true)
+
+type provisioningProvisionNumberSequenceDataDS struct {
+	Links        types.List   `tfsdk:"links"`
+	Permissions  types.List   `tfsdk:"permissions"`
+	Additional   types.List   `tfsdk:"additional"`
+	AccountCount types.Int64  `tfsdk:"account_count"`
+	Audit        types.Object `tfsdk:"audit" tkhao:"audit"`
+	Systems      types.List   `tfsdk:"systems" tkhao:"systems"`
+	Name         types.String `tfsdk:"name"`
+	NextUID      types.Int64  `tfsdk:"next_uid"`
+}
+
+var provisioningProvisionNumberSequence_additionalObjectsAttrTypesDS = objectAttrsTypeDSProvisioningProvisionNumberSequence_additionalObjects(false)
+var provisioningProvisionNumberSequence_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionNumberSequence_additionalObjects(true)
+
+type provisioningProvisionNumberSequence_additionalObjectsDataDS struct {
+	Audit   types.Object `tfsdk:"audit"`
+	Systems types.List   `tfsdk:"systems"`
+}
+
+var provisioningProvisionedADAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedAD(false)
+var provisioningProvisionedADAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedAD(true)
+
+type provisioningProvisionedADDataDS struct {
+	SamAccountNameScheme types.String `tfsdk:"sam_account_name_scheme"`
+}
+
+var provisioningProvisionedAccountAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedAccount(false)
+var provisioningProvisionedAccountAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedAccount(true)
+
+type provisioningProvisionedAccountDataDS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	DisplayName types.String `tfsdk:"display_name"`
+	LastActive  types.String `tfsdk:"last_active"`
+	Username    types.String `tfsdk:"username"`
+	UUID        types.String `tfsdk:"uuid"`
+	Validity    types.String `tfsdk:"validity"`
+	Additional  types.List   `tfsdk:"additional"`
+	Audit       types.Object `tfsdk:"audit" tkhao:"audit"`
+	UID         types.Int64  `tfsdk:"uid"`
+}
+
+var provisioningProvisionedAccount_additionalObjectsAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedAccount_additionalObjects(false)
+var provisioningProvisionedAccount_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedAccount_additionalObjects(true)
+
+type provisioningProvisionedAccount_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var provisioningProvisionedAzureOIDCDirectoryAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedAzureOIDCDirectory(false)
+var provisioningProvisionedAzureOIDCDirectoryAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedAzureOIDCDirectory(true)
+
+type provisioningProvisionedAzureOIDCDirectoryDataDS struct {
+	Directory types.Object `tfsdk:"directory"`
+	Tenant    types.String `tfsdk:"tenant"`
+}
+
+var provisioningProvisionedAzureSyncLDAPDirectoryAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedAzureSyncLDAPDirectory(false)
+var provisioningProvisionedAzureSyncLDAPDirectoryAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedAzureSyncLDAPDirectory(true)
+
+type provisioningProvisionedAzureSyncLDAPDirectoryDataDS struct {
+	ClientID     types.String `tfsdk:"client_id"`
+	ClientSecret types.String `tfsdk:"client_secret"`
+	Directory    types.Object `tfsdk:"directory"`
+	Tenant       types.String `tfsdk:"tenant"`
+}
+
+var provisioningProvisionedAzureTenantAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedAzureTenant(false)
+var provisioningProvisionedAzureTenantAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedAzureTenant(true)
+
+type provisioningProvisionedAzureTenantDataDS struct {
+	ClientID     types.String `tfsdk:"client_id"`
+	ClientSecret types.String `tfsdk:"client_secret"`
+	IDpDomain    types.String `tfsdk:"idp_domain"`
+	Tenant       types.String `tfsdk:"tenant"`
+}
+
+var provisioningProvisionedInternalLDAPAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedInternalLDAP(false)
+var provisioningProvisionedInternalLDAPAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedInternalLDAP(true)
+
+type provisioningProvisionedInternalLDAPDataDS struct {
+	Client types.Object `tfsdk:"client"`
+}
+
+var provisioningProvisionedLDAPAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedLDAP(false)
+var provisioningProvisionedLDAPAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedLDAP(true)
+
+type provisioningProvisionedLDAPDataDS struct {
+	Gid           types.Int64  `tfsdk:"gid"`
+	HashingScheme types.String `tfsdk:"hashing_scheme"`
+	Numbering     types.Object `tfsdk:"numbering"`
+}
+
+var provisioningProvisionedLDAPDirectoryAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedLDAPDirectory(false)
+var provisioningProvisionedLDAPDirectoryAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedLDAPDirectory(true)
+
+type provisioningProvisionedLDAPDirectoryDataDS struct {
+	Directory types.Object `tfsdk:"directory"`
+	GroupDN   types.String `tfsdk:"group_dn"`
+}
+
+var provisioningProvisionedSystemAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedSystem(false)
+var provisioningProvisionedSystemAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedSystem(true)
+
+type provisioningProvisionedSystemDataDS struct {
+	Links                                   types.List   `tfsdk:"links"`
+	Permissions                             types.List   `tfsdk:"permissions"`
+	Active                                  types.Bool   `tfsdk:"active"`
+	Name                                    types.String `tfsdk:"name"`
+	OrganizationalUnit                      types.Object `tfsdk:"organizational_unit"`
+	ProvisioningProvisionedSystemPrimerType types.String `tfsdk:"type"`
+	UUID                                    types.String `tfsdk:"uuid"`
+	Additional                              types.List   `tfsdk:"additional"`
+	AccountCount                            types.Int64  `tfsdk:"account_count"`
+	Account                                 types.Object `tfsdk:"account" tkhao:"account"`
+	Audit                                   types.Object `tfsdk:"audit" tkhao:"audit"`
+	IssuedPermissions                       types.List   `tfsdk:"issued_permissions" tkhao:"issuedPermissions"`
+	LoginName                               types.String `tfsdk:"login_name" tkhao:"loginName"`
+	ManagementPermissions                   types.Object `tfsdk:"management_permissions" tkhao:"managementPermissions"`
+	Markers                                 types.Object `tfsdk:"markers" tkhao:"markers"`
+	Statistics                              types.Object `tfsdk:"statistics" tkhao:"statistics"`
+	SupportedGroupTypes                     types.Object `tfsdk:"supported_group_types" tkhao:"supportedGroupTypes"`
+	ContentAdministrator                    types.Object `tfsdk:"content_administrator"`
+	ExternalUUID                            types.String `tfsdk:"external_uuid"`
+	Owner                                   types.Object `tfsdk:"owner"`
+	SelfServiceExistingGroups               types.Bool   `tfsdk:"self_service_existing_groups"`
+	SelfServiceNewGroups                    types.Bool   `tfsdk:"self_service_new_groups"`
+	SelfServiceServiceAccounts              types.Bool   `tfsdk:"self_service_service_accounts"`
+	ShouldDestroyUnknownAccounts            types.Bool   `tfsdk:"should_destroy_unknown_accounts"`
+	TechnicalAdministrator                  types.Object `tfsdk:"technical_administrator"`
+	UsernamePrefix                          types.String `tfsdk:"username_prefix"`
+	AbstractProvisionedLDAP                 types.Object `tfsdk:"abstract_provisioned_ldap"`
+	ProvisionedAD                           types.Object `tfsdk:"provisioned_a_d"`
+	ProvisionedAzureOIDCDirectory           types.Object `tfsdk:"provisioned_azure_oidc_directory"`
+	ProvisionedAzureSyncLDAPDirectory       types.Object `tfsdk:"provisioned_azure_sync_ldap_directory"`
+	ProvisionedAzureTenant                  types.Object `tfsdk:"provisioned_azure_tenant"`
+	ProvisionedInternalLDAP                 types.Object `tfsdk:"provisioned_internal_ldap"`
+	ProvisionedLDAP                         types.Object `tfsdk:"provisioned_ldap"`
+	ProvisionedLDAPDirectory                types.Object `tfsdk:"provisioned_ldap_directory"`
+}
+
+var provisioningProvisionedSystemLinkableWrapperAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedSystemLinkableWrapper(false)
+var provisioningProvisionedSystemLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedSystemLinkableWrapper(true)
+
+type provisioningProvisionedSystemLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var provisioningProvisionedSystemPrimerAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedSystemPrimer(false)
+var provisioningProvisionedSystemPrimerAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedSystemPrimer(true)
+
+type provisioningProvisionedSystemPrimerDataDS struct {
+	Links                                   types.List   `tfsdk:"links"`
+	Permissions                             types.List   `tfsdk:"permissions"`
+	Active                                  types.Bool   `tfsdk:"active"`
+	Name                                    types.String `tfsdk:"name"`
+	OrganizationalUnit                      types.Object `tfsdk:"organizational_unit"`
+	ProvisioningProvisionedSystemPrimerType types.String `tfsdk:"type"`
+	UUID                                    types.String `tfsdk:"uuid"`
+}
+
+var provisioningProvisionedSystemPrimerLinkableWrapperAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedSystemPrimerLinkableWrapper(false)
+var provisioningProvisionedSystemPrimerLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedSystemPrimerLinkableWrapper(true)
+
+type provisioningProvisionedSystemPrimerLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var provisioningProvisionedSystem_additionalObjectsAttrTypesDS = objectAttrsTypeDSProvisioningProvisionedSystem_additionalObjects(false)
+var provisioningProvisionedSystem_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisionedSystem_additionalObjects(true)
+
+type provisioningProvisionedSystem_additionalObjectsDataDS struct {
+	Account               types.Object `tfsdk:"account"`
+	Audit                 types.Object `tfsdk:"audit"`
+	IssuedPermissions     types.List   `tfsdk:"issued_permissions"`
+	LoginName             types.String `tfsdk:"login_name"`
+	ManagementPermissions types.Object `tfsdk:"management_permissions"`
+	Markers               types.Object `tfsdk:"markers"`
+	Statistics            types.Object `tfsdk:"statistics"`
+	SupportedGroupTypes   types.Object `tfsdk:"supported_group_types"`
+}
+
+var provisioningProvisioningManagementPermissionsAttrTypesDS = objectAttrsTypeDSProvisioningProvisioningManagementPermissions(false)
+var provisioningProvisioningManagementPermissionsAttrTypesDSRecurse = objectAttrsTypeDSProvisioningProvisioningManagementPermissions(true)
+
+type provisioningProvisioningManagementPermissionsDataDS struct {
+	CreateNewGroupsAllowed       types.Bool `tfsdk:"create_new_groups_allowed"`
+	CreateServiceAccountsAllowed types.Bool `tfsdk:"create_service_accounts_allowed"`
+	ReuseExistingGroupsAllowed   types.Bool `tfsdk:"reuse_existing_groups_allowed"`
+}
+
+var serviceaccountServiceAccountAttrTypesDS = objectAttrsTypeDSServiceaccountServiceAccount(false)
+var serviceaccountServiceAccountAttrTypesDSRecurse = objectAttrsTypeDSServiceaccountServiceAccount(true)
+
+type serviceaccountServiceAccountDataDS struct {
+	Links                  types.List   `tfsdk:"links"`
+	Permissions            types.List   `tfsdk:"permissions"`
+	Active                 types.Bool   `tfsdk:"active"`
+	Name                   types.String `tfsdk:"name"`
+	System                 types.Object `tfsdk:"system"`
+	Username               types.String `tfsdk:"username"`
+	UUID                   types.String `tfsdk:"uuid"`
+	Additional             types.List   `tfsdk:"additional"`
+	Audit                  types.Object `tfsdk:"audit" tkhao:"audit"`
+	Groups                 types.List   `tfsdk:"groups" tkhao:"groups"`
+	Secret                 types.Object `tfsdk:"secret" tkhao:"secret"`
+	Description            types.String `tfsdk:"description"`
+	Password               types.Object `tfsdk:"password"`
+	PasswordRotation       types.String `tfsdk:"password_rotation"`
+	TechnicalAdministrator types.Object `tfsdk:"technical_administrator"`
+}
+
+var serviceaccountServiceAccountGroupAttrTypesDS = objectAttrsTypeDSServiceaccountServiceAccountGroup(false)
+var serviceaccountServiceAccountGroupAttrTypesDSRecurse = objectAttrsTypeDSServiceaccountServiceAccountGroup(true)
+
+type serviceaccountServiceAccountGroupDataDS struct {
+	Links                               types.List   `tfsdk:"links"`
+	Permissions                         types.List   `tfsdk:"permissions"`
+	DisplayName                         types.String `tfsdk:"display_name"`
+	NameInSystem                        types.String `tfsdk:"name_in_system"`
+	ProvisioningGroupOnSystemPrimerType types.String `tfsdk:"type"`
+	ShortNameInSystem                   types.String `tfsdk:"short_name_in_system"`
+	Additional                          types.List   `tfsdk:"additional"`
+	Audit                               types.Object `tfsdk:"audit" tkhao:"audit"`
+}
+
+var serviceaccountServiceAccountGroupLinkableWrapperAttrTypesDS = objectAttrsTypeDSServiceaccountServiceAccountGroupLinkableWrapper(false)
+var serviceaccountServiceAccountGroupLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSServiceaccountServiceAccountGroupLinkableWrapper(true)
+
+type serviceaccountServiceAccountGroupLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var serviceaccountServiceAccountGroup_additionalObjectsAttrTypesDS = objectAttrsTypeDSServiceaccountServiceAccountGroup_additionalObjects(false)
+var serviceaccountServiceAccountGroup_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSServiceaccountServiceAccountGroup_additionalObjects(true)
+
+type serviceaccountServiceAccountGroup_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var serviceaccountServiceAccountLinkableWrapperAttrTypesDS = objectAttrsTypeDSServiceaccountServiceAccountLinkableWrapper(false)
+var serviceaccountServiceAccountLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSServiceaccountServiceAccountLinkableWrapper(true)
+
+type serviceaccountServiceAccountLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var serviceaccountServiceAccountPrimerAttrTypesDS = objectAttrsTypeDSServiceaccountServiceAccountPrimer(false)
+var serviceaccountServiceAccountPrimerAttrTypesDSRecurse = objectAttrsTypeDSServiceaccountServiceAccountPrimer(true)
+
+type serviceaccountServiceAccountPrimerDataDS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Active      types.Bool   `tfsdk:"active"`
+	Name        types.String `tfsdk:"name"`
+	System      types.Object `tfsdk:"system"`
+	Username    types.String `tfsdk:"username"`
+	UUID        types.String `tfsdk:"uuid"`
+}
+
+var serviceaccountServiceAccountPrimerLinkableWrapperAttrTypesDS = objectAttrsTypeDSServiceaccountServiceAccountPrimerLinkableWrapper(false)
+var serviceaccountServiceAccountPrimerLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSServiceaccountServiceAccountPrimerLinkableWrapper(true)
+
+type serviceaccountServiceAccountPrimerLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var serviceaccountServiceAccount_additionalObjectsAttrTypesDS = objectAttrsTypeDSServiceaccountServiceAccount_additionalObjects(false)
+var serviceaccountServiceAccount_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSServiceaccountServiceAccount_additionalObjects(true)
+
+type serviceaccountServiceAccount_additionalObjectsDataDS struct {
+	Audit  types.Object `tfsdk:"audit"`
+	Groups types.List   `tfsdk:"groups"`
+	Secret types.Object `tfsdk:"secret"`
+}
+
+var vaultPasswordMetadataAttrTypesDS = objectAttrsTypeDSVaultPasswordMetadata(false)
+var vaultPasswordMetadataAttrTypesDSRecurse = objectAttrsTypeDSVaultPasswordMetadata(true)
+
+type vaultPasswordMetadataDataDS struct {
+	Dictionary   types.Bool   `tfsdk:"dictionary"`
+	Duplicate    types.Bool   `tfsdk:"duplicate"`
+	Hash         types.String `tfsdk:"hash"`
+	Length       types.Int64  `tfsdk:"length"`
+	LowerCount   types.Int64  `tfsdk:"lower_count"`
+	NumberCount  types.Int64  `tfsdk:"number_count"`
+	SpecialCount types.Int64  `tfsdk:"special_count"`
+	Strength     types.Int64  `tfsdk:"strength"`
+	UpperCount   types.Int64  `tfsdk:"upper_count"`
+}
+
+var vaultVaultAttrTypesDS = objectAttrsTypeDSVaultVault(false)
+var vaultVaultAttrTypesDSRecurse = objectAttrsTypeDSVaultVault(true)
+
+type vaultVaultDataDS struct {
+	Links           types.List   `tfsdk:"links"`
+	Permissions     types.List   `tfsdk:"permissions"`
+	AccessAvailable types.Bool   `tfsdk:"access_available"`
+	Name            types.String `tfsdk:"name"`
+	Records         types.List   `tfsdk:"records"`
+}
+
+var vaultVaultHolderAttrTypesDS = objectAttrsTypeDSVaultVaultHolder(false)
+var vaultVaultHolderAttrTypesDSRecurse = objectAttrsTypeDSVaultVaultHolder(true)
+
+type vaultVaultHolderDataDS struct {
+}
+
+var vaultVaultRecordAttrTypesDS = objectAttrsTypeDSVaultVaultRecord(false)
+var vaultVaultRecordAttrTypesDSRecurse = objectAttrsTypeDSVaultVaultRecord(true)
+
+type vaultVaultRecordDataDS struct {
+	Links            types.List   `tfsdk:"links"`
+	Permissions      types.List   `tfsdk:"permissions"`
+	Color            types.String `tfsdk:"color"`
+	Name             types.String `tfsdk:"name"`
+	ShareEndTime     types.String `tfsdk:"share_end_time"`
+	UUID             types.String `tfsdk:"uuid"`
+	Additional       types.List   `tfsdk:"additional"`
+	Audit            types.Object `tfsdk:"audit" tkhao:"audit"`
+	Parent           types.Object `tfsdk:"parent" tkhao:"parent"`
+	PasswordMetadata types.Object `tfsdk:"password_metadata" tkhao:"passwordMetadata"`
+	Secret           types.Object `tfsdk:"secret" tkhao:"secret"`
+	ShareSummary     types.Object `tfsdk:"share_summary" tkhao:"shareSummary"`
+	Shares           types.List   `tfsdk:"shares" tkhao:"shares"`
+	Tile             types.Object `tfsdk:"tile" tkhao:"tile"`
+	Vaultholder      types.Object `tfsdk:"vaultholder" tkhao:"vaultholder"`
+	Derived          types.Bool   `tfsdk:"derived"`
+	EndDate          types.String `tfsdk:"end_date"`
+	Filename         types.String `tfsdk:"filename"`
+	Types            types.List   `tfsdk:"types"`
+	URL              types.String `tfsdk:"url"`
+	Username         types.String `tfsdk:"username"`
+	WarningPeriod    types.String `tfsdk:"warning_period"`
+}
+
+var vaultVaultRecordPrimerAttrTypesDS = objectAttrsTypeDSVaultVaultRecordPrimer(false)
+var vaultVaultRecordPrimerAttrTypesDSRecurse = objectAttrsTypeDSVaultVaultRecordPrimer(true)
+
+type vaultVaultRecordPrimerDataDS struct {
+	Links        types.List   `tfsdk:"links"`
+	Permissions  types.List   `tfsdk:"permissions"`
+	Color        types.String `tfsdk:"color"`
+	Name         types.String `tfsdk:"name"`
+	ShareEndTime types.String `tfsdk:"share_end_time"`
+	UUID         types.String `tfsdk:"uuid"`
+}
+
+var vaultVaultRecordPrimerLinkableWrapperAttrTypesDS = objectAttrsTypeDSVaultVaultRecordPrimerLinkableWrapper(false)
+var vaultVaultRecordPrimerLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSVaultVaultRecordPrimerLinkableWrapper(true)
+
+type vaultVaultRecordPrimerLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var vaultVaultRecordSecretsAttrTypesDS = objectAttrsTypeDSVaultVaultRecordSecrets(false)
+var vaultVaultRecordSecretsAttrTypesDSRecurse = objectAttrsTypeDSVaultVaultRecordSecrets(true)
+
+type vaultVaultRecordSecretsDataDS struct {
+	Comment  types.String `tfsdk:"comment"`
+	File     types.String `tfsdk:"file"`
+	Password types.String `tfsdk:"password"`
+	Totp     types.String `tfsdk:"totp"`
+}
+
+var vaultVaultRecordShareAttrTypesDS = objectAttrsTypeDSVaultVaultRecordShare(false)
+var vaultVaultRecordShareAttrTypesDSRecurse = objectAttrsTypeDSVaultVaultRecordShare(true)
+
+type vaultVaultRecordShareDataDS struct {
+	Name                      types.String `tfsdk:"name"`
+	VaultVaultRecordShareType types.String `tfsdk:"type"`
+}
+
+var vaultVaultRecordShareSummaryAttrTypesDS = objectAttrsTypeDSVaultVaultRecordShareSummary(false)
+var vaultVaultRecordShareSummaryAttrTypesDSRecurse = objectAttrsTypeDSVaultVaultRecordShareSummary(true)
+
+type vaultVaultRecordShareSummaryDataDS struct {
+	Children types.List   `tfsdk:"children"`
+	Parent   types.Object `tfsdk:"parent"`
+}
+
+var vaultVaultRecord_additionalObjectsAttrTypesDS = objectAttrsTypeDSVaultVaultRecord_additionalObjects(false)
+var vaultVaultRecord_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSVaultVaultRecord_additionalObjects(true)
+
+type vaultVaultRecord_additionalObjectsDataDS struct {
+	Audit            types.Object `tfsdk:"audit"`
+	Parent           types.Object `tfsdk:"parent"`
+	PasswordMetadata types.Object `tfsdk:"password_metadata"`
+	Secret           types.Object `tfsdk:"secret"`
+	ShareSummary     types.Object `tfsdk:"share_summary"`
+	Shares           types.List   `tfsdk:"shares"`
+	Tile             types.Object `tfsdk:"tile"`
+	Vaultholder      types.Object `tfsdk:"vaultholder"`
+}
+
+var webhookWebhookAttrTypesDS = objectAttrsTypeDSWebhookWebhook(false)
+var webhookWebhookAttrTypesDSRecurse = objectAttrsTypeDSWebhookWebhook(true)
+
+type webhookWebhookDataDS struct {
+	Links                types.List   `tfsdk:"links"`
+	Permissions          types.List   `tfsdk:"permissions"`
+	Additional           types.List   `tfsdk:"additional"`
+	Account              types.Object `tfsdk:"account"`
+	Active               types.Bool   `tfsdk:"active"`
+	Audit                types.Object `tfsdk:"audit" tkhao:"audit"`
+	AllTypes             types.Bool   `tfsdk:"all_types"`
+	AuthenticationScheme types.String `tfsdk:"authentication_scheme"`
+	BasicAuthPassword    types.String `tfsdk:"basic_auth_password"`
+	BasicAuthUsername    types.String `tfsdk:"basic_auth_username"`
+	BearerToken          types.String `tfsdk:"bearer_token"`
+	Client               types.Object `tfsdk:"client"`
+	ClientCertificate    types.Object `tfsdk:"client_certificate"`
+	CustomHeaderName     types.String `tfsdk:"custom_header_name"`
+	CustomHeaderValue    types.String `tfsdk:"custom_header_value"`
+	Directory            types.Object `tfsdk:"directory"`
+	Group                types.Object `tfsdk:"group"`
+	Name                 types.String `tfsdk:"name"`
+	System               types.Object `tfsdk:"system"`
+	TLS                  types.String `tfsdk:"tls"`
+	TrustedCertificate   types.Object `tfsdk:"trusted_certificate"`
+	Types                types.List   `tfsdk:"types"`
+	URL                  types.String `tfsdk:"url"`
+	UUID                 types.String `tfsdk:"uuid"`
+	VerbosePayloads      types.Bool   `tfsdk:"verbose_payloads"`
+}
+
+var webhookWebhookLinkableWrapperAttrTypesDS = objectAttrsTypeDSWebhookWebhookLinkableWrapper(false)
+var webhookWebhookLinkableWrapperAttrTypesDSRecurse = objectAttrsTypeDSWebhookWebhookLinkableWrapper(true)
+
+type webhookWebhookLinkableWrapperDataDS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var webhookWebhook_additionalObjectsAttrTypesDS = objectAttrsTypeDSWebhookWebhook_additionalObjects(false)
+var webhookWebhook_additionalObjectsAttrTypesDSRecurse = objectAttrsTypeDSWebhookWebhook_additionalObjects(true)
+
+type webhookWebhook_additionalObjectsDataDS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
diff --git a/internal/provider/full-data-struct-rs.go b/internal/provider/full-data-struct-rs.go
new file mode 100644
index 0000000..8986d17
--- /dev/null
+++ b/internal/provider/full-data-struct-rs.go
@@ -0,0 +1,1350 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+var auditInfoAttrTypesRS = objectAttrsTypeRSAuditInfo(false)
+var auditInfoAttrTypesRSRecurse = objectAttrsTypeRSAuditInfo(true)
+
+type auditInfoDataRS struct {
+	CreatedAt      types.String `tfsdk:"created_at"`
+	CreatedBy      types.String `tfsdk:"created_by"`
+	LastModifiedAt types.String `tfsdk:"last_modified_at"`
+	LastModifiedBy types.String `tfsdk:"last_modified_by"`
+}
+
+var generatedSecretAttrTypesRS = objectAttrsTypeRSGeneratedSecret(false)
+var generatedSecretAttrTypesRSRecurse = objectAttrsTypeRSGeneratedSecret(true)
+
+type generatedSecretDataRS struct {
+	GeneratedSecret types.String `tfsdk:"generated_secret"`
+	OldSecret       types.String `tfsdk:"old_secret"`
+	Regenerate      types.Bool   `tfsdk:"regenerate"`
+}
+
+var linkableAttrTypesRS = objectAttrsTypeRSLinkable(false)
+var linkableAttrTypesRSRecurse = objectAttrsTypeRSLinkable(true)
+
+type linkableDataRS struct {
+	Links       types.List `tfsdk:"links"`
+	Permissions types.List `tfsdk:"permissions"`
+}
+
+var nonLinkableAttrTypesRS = objectAttrsTypeRSNonLinkable(false)
+var nonLinkableAttrTypesRSRecurse = objectAttrsTypeRSNonLinkable(true)
+
+type nonLinkableDataRS struct {
+}
+
+var restLinkAttrTypesRS = objectAttrsTypeRSRestLink(false)
+var restLinkAttrTypesRSRecurse = objectAttrsTypeRSRestLink(true)
+
+type restLinkDataRS struct {
+	Href        types.String `tfsdk:"href"`
+	ID          types.Int64  `tfsdk:"id"`
+	Rel         types.String `tfsdk:"rel"`
+	TypeEscaped types.String `tfsdk:"type_escaped"`
+}
+
+var authAccountPrimerAttrTypesRS = objectAttrsTypeRSAuthAccountPrimer(false)
+var authAccountPrimerAttrTypesRSRecurse = objectAttrsTypeRSAuthAccountPrimer(true)
+
+type authAccountPrimerDataRS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	DisplayName types.String `tfsdk:"display_name"`
+	LastActive  types.String `tfsdk:"last_active"`
+	Username    types.String `tfsdk:"username"`
+	UUID        types.String `tfsdk:"uuid"`
+	Validity    types.String `tfsdk:"validity"`
+}
+
+var authPermissionAttrTypesRS = objectAttrsTypeRSAuthPermission(false)
+var authPermissionAttrTypesRSRecurse = objectAttrsTypeRSAuthPermission(true)
+
+type authPermissionDataRS struct {
+	Full        types.String `tfsdk:"full"`
+	Instances   types.List   `tfsdk:"instances"`
+	Operations  types.List   `tfsdk:"operations"`
+	TypeEscaped types.String `tfsdk:"type_escaped"`
+}
+
+var certificateCertificatePrimerAttrTypesRS = objectAttrsTypeRSCertificateCertificatePrimer(false)
+var certificateCertificatePrimerAttrTypesRSRecurse = objectAttrsTypeRSCertificateCertificatePrimer(true)
+
+type certificateCertificatePrimerDataRS struct {
+	Links                            types.List   `tfsdk:"links"`
+	Permissions                      types.List   `tfsdk:"permissions"`
+	Alias                            types.String `tfsdk:"alias"`
+	CertificateCertificatePrimerType types.String `tfsdk:"type"`
+	CertificateData                  types.List   `tfsdk:"certificate_data"`
+	Expiration                       types.String `tfsdk:"expiration"`
+	FingerprintSha1                  types.String `tfsdk:"fingerprint_sha1"`
+	FingerprintSha256                types.String `tfsdk:"fingerprint_sha256"`
+	Global                           types.Bool   `tfsdk:"global"`
+	SubjectDN                        types.String `tfsdk:"subject_dn"`
+	UUID                             types.String `tfsdk:"uuid"`
+}
+
+var clientApplicationVaultVaultRecordAttrTypesRS = objectAttrsTypeRSClientApplicationVaultVaultRecord(false)
+var clientApplicationVaultVaultRecordAttrTypesRSRecurse = objectAttrsTypeRSClientApplicationVaultVaultRecord(true)
+
+type clientApplicationVaultVaultRecordDataRS struct {
+	ClientApplicationUUID types.String `tfsdk:"client_application_uuid"`
+	Links                 types.List   `tfsdk:"links"`
+	Permissions           types.List   `tfsdk:"permissions"`
+	Color                 types.String `tfsdk:"color"`
+	Name                  types.String `tfsdk:"name"`
+	ShareEndTime          types.String `tfsdk:"share_end_time"`
+	UUID                  types.String `tfsdk:"uuid"`
+	Audit                 types.Object `tfsdk:"audit" tkhao:"audit"`
+	DeleteTile            types.Bool   `tfsdk:"delete_tile" tkhao:"deleteTile"`
+	ParentUUID            types.String `tfsdk:"parent_uuid" tkhao:"parent"`
+	PasswordMetadata      types.Object `tfsdk:"password_metadata" tkhao:"passwordMetadata"`
+	Secret                types.Object `tfsdk:"secret" tkhao:"secret"`
+	ShareSummary          types.Object `tfsdk:"share_summary" tkhao:"shareSummary"`
+	Shares                types.List   `tfsdk:"shares" tkhao:"shares"`
+	Tile                  types.Object `tfsdk:"tile" tkhao:"tile"`
+	Vaultholder           types.Object `tfsdk:"vaultholder" tkhao:"vaultholder"`
+	Derived               types.Bool   `tfsdk:"derived"`
+	EndDate               types.String `tfsdk:"end_date"`
+	Filename              types.String `tfsdk:"filename"`
+	Types                 types.List   `tfsdk:"types"`
+	URL                   types.String `tfsdk:"url"`
+	Username              types.String `tfsdk:"username"`
+	WarningPeriod         types.String `tfsdk:"warning_period"`
+}
+
+var clientClientApplicationAttrTypesRS = objectAttrsTypeRSClientClientApplication(false)
+var clientClientApplicationAttrTypesRSRecurse = objectAttrsTypeRSClientClientApplication(true)
+
+type clientClientApplicationDataRS struct {
+	Links                             types.List   `tfsdk:"links"`
+	Permissions                       types.List   `tfsdk:"permissions"`
+	ClientClientApplicationPrimerType types.String `tfsdk:"type"`
+	ClientID                          types.String `tfsdk:"client_id"`
+	Name                              types.String `tfsdk:"name"`
+	Scopes                            types.List   `tfsdk:"scopes"`
+	SsoApplication                    types.Bool   `tfsdk:"sso_application"`
+	UUID                              types.String `tfsdk:"uuid"`
+	Audit                             types.Object `tfsdk:"audit" tkhao:"audit"`
+	DeleteTile                        types.Bool   `tfsdk:"delete_tile" tkhao:"deleteTile"`
+	Groupclients                      types.List   `tfsdk:"groupclients" tkhao:"groupclients"`
+	Groups                            types.List   `tfsdk:"groups" tkhao:"groups"`
+	Secret                            types.Object `tfsdk:"secret" tkhao:"secret"`
+	Tile                              types.Object `tfsdk:"tile" tkhao:"tile"`
+	VaultRecordCount                  types.Int64  `tfsdk:"vault_record_count" tkhao:"vaultRecordCount"`
+	LastModifiedAt                    types.String `tfsdk:"last_modified_at"`
+	OwnerUUID                         types.String `tfsdk:"owner_uuid"`
+	TechnicalAdministratorUUID        types.String `tfsdk:"technical_administrator_uuid"`
+	LDAPClient                        types.Object `tfsdk:"ldap_client"`
+	OAuth2Client                      types.Object `tfsdk:"o_auth2_client"`
+	Saml2Client                       types.Object `tfsdk:"saml2_client"`
+}
+
+var clientClientApplicationLinkableWrapperAttrTypesRS = objectAttrsTypeRSClientClientApplicationLinkableWrapper(false)
+var clientClientApplicationLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSClientClientApplicationLinkableWrapper(true)
+
+type clientClientApplicationLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var clientClientApplicationPrimerAttrTypesRS = objectAttrsTypeRSClientClientApplicationPrimer(false)
+var clientClientApplicationPrimerAttrTypesRSRecurse = objectAttrsTypeRSClientClientApplicationPrimer(true)
+
+type clientClientApplicationPrimerDataRS struct {
+	Links                             types.List   `tfsdk:"links"`
+	Permissions                       types.List   `tfsdk:"permissions"`
+	ClientClientApplicationPrimerType types.String `tfsdk:"type"`
+	ClientID                          types.String `tfsdk:"client_id"`
+	Name                              types.String `tfsdk:"name"`
+	Scopes                            types.List   `tfsdk:"scopes"`
+	SsoApplication                    types.Bool   `tfsdk:"sso_application"`
+	UUID                              types.String `tfsdk:"uuid"`
+}
+
+var clientClientApplication_additionalObjectsAttrTypesRS = objectAttrsTypeRSClientClientApplication_additionalObjects(false)
+var clientClientApplication_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSClientClientApplication_additionalObjects(true)
+
+type clientClientApplication_additionalObjectsDataRS struct {
+	Audit            types.Object `tfsdk:"audit"`
+	DeleteTile       types.Bool   `tfsdk:"delete_tile"`
+	Groupclients     types.List   `tfsdk:"groupclients"`
+	Groups           types.List   `tfsdk:"groups"`
+	Secret           types.Object `tfsdk:"secret"`
+	Tile             types.Object `tfsdk:"tile"`
+	VaultRecordCount types.Int64  `tfsdk:"vault_record_count"`
+}
+
+var clientLdapClientAttrTypesRS = objectAttrsTypeRSClientLdapClient(false)
+var clientLdapClientAttrTypesRSRecurse = objectAttrsTypeRSClientLdapClient(true)
+
+type clientLdapClientDataRS struct {
+	BindDN                types.String `tfsdk:"bind_dn"`
+	ClientCertificateUUID types.String `tfsdk:"client_certificate_uuid"`
+	ShareSecretInVault    types.Bool   `tfsdk:"share_secret_in_vault"`
+	SharedSecretUUID      types.String `tfsdk:"shared_secret_uuid"`
+	UsedForProvisioning   types.Bool   `tfsdk:"used_for_provisioning"`
+}
+
+var clientOAuth2ClientAttrTypesRS = objectAttrsTypeRSClientOAuth2Client(false)
+var clientOAuth2ClientAttrTypesRSRecurse = objectAttrsTypeRSClientOAuth2Client(true)
+
+type clientOAuth2ClientDataRS struct {
+	AccountPermissions   types.List   `tfsdk:"account_permissions"`
+	Attributes           types.Map    `tfsdk:"attributes"`
+	CallbackURI          types.String `tfsdk:"callback_uri"`
+	Confidential         types.Bool   `tfsdk:"confidential"`
+	DebugMode            types.Bool   `tfsdk:"debug_mode"`
+	IDTokenClaims        types.String `tfsdk:"id_token_claims"`
+	InitiateLoginURI     types.String `tfsdk:"initiate_login_uri"`
+	ResourceURIs         types.String `tfsdk:"resource_uris"`
+	ShareSecretInVault   types.Bool   `tfsdk:"share_secret_in_vault"`
+	SharedSecretUUID     types.String `tfsdk:"shared_secret_uuid"`
+	ShowLandingPage      types.Bool   `tfsdk:"show_landing_page"`
+	UseClientCredentials types.Bool   `tfsdk:"use_client_credentials"`
+}
+
+var clientOAuth2ClientPermissionAttrTypesRS = objectAttrsTypeRSClientOAuth2ClientPermission(false)
+var clientOAuth2ClientPermissionAttrTypesRSRecurse = objectAttrsTypeRSClientOAuth2ClientPermission(true)
+
+type clientOAuth2ClientPermissionDataRS struct {
+	Links         types.List   `tfsdk:"links"`
+	Permissions   types.List   `tfsdk:"permissions"`
+	Audit         types.Object `tfsdk:"audit" tkhao:"audit"`
+	ForGroupUUID  types.String `tfsdk:"for_group_uuid"`
+	ForSystemUUID types.String `tfsdk:"for_system_uuid"`
+	Value         types.String `tfsdk:"value"`
+}
+
+var clientOAuth2ClientPermissionWithClientAttrTypesRS = objectAttrsTypeRSClientOAuth2ClientPermissionWithClient(false)
+var clientOAuth2ClientPermissionWithClientAttrTypesRSRecurse = objectAttrsTypeRSClientOAuth2ClientPermissionWithClient(true)
+
+type clientOAuth2ClientPermissionWithClientDataRS struct {
+	Links         types.List   `tfsdk:"links"`
+	Permissions   types.List   `tfsdk:"permissions"`
+	Audit         types.Object `tfsdk:"audit" tkhao:"audit"`
+	ForGroupUUID  types.String `tfsdk:"for_group_uuid"`
+	ForSystemUUID types.String `tfsdk:"for_system_uuid"`
+	Value         types.String `tfsdk:"value"`
+	ClientUUID    types.String `tfsdk:"client_uuid"`
+}
+
+var clientOAuth2ClientPermissionWithClientLinkableWrapperAttrTypesRS = objectAttrsTypeRSClientOAuth2ClientPermissionWithClientLinkableWrapper(false)
+var clientOAuth2ClientPermissionWithClientLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSClientOAuth2ClientPermissionWithClientLinkableWrapper(true)
+
+type clientOAuth2ClientPermissionWithClientLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var clientOAuth2ClientPermission_additionalObjectsAttrTypesRS = objectAttrsTypeRSClientOAuth2ClientPermission_additionalObjects(false)
+var clientOAuth2ClientPermission_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSClientOAuth2ClientPermission_additionalObjects(true)
+
+type clientOAuth2ClientPermission_additionalObjectsDataRS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var clientSaml2ClientAttrTypesRS = objectAttrsTypeRSClientSaml2Client(false)
+var clientSaml2ClientAttrTypesRSRecurse = objectAttrsTypeRSClientSaml2Client(true)
+
+type clientSaml2ClientDataRS struct {
+	Attributes    types.Map    `tfsdk:"attributes"`
+	Metadata      types.String `tfsdk:"metadata"`
+	MetadataURL   types.String `tfsdk:"metadata_url"`
+	SubjectFormat types.String `tfsdk:"subject_format"`
+}
+
+var directoryAccountDirectoryAttrTypesRS = objectAttrsTypeRSDirectoryAccountDirectory(false)
+var directoryAccountDirectoryAttrTypesRSRecurse = objectAttrsTypeRSDirectoryAccountDirectory(true)
+
+type directoryAccountDirectoryDataRS struct {
+	Links                               types.List   `tfsdk:"links"`
+	Permissions                         types.List   `tfsdk:"permissions"`
+	AccountValiditySupported            types.Bool   `tfsdk:"account_validity_supported"`
+	Active                              types.Bool   `tfsdk:"active"`
+	DirectoryAccountDirectoryPrimerType types.String `tfsdk:"type"`
+	Name                                types.String `tfsdk:"name"`
+	UUID                                types.String `tfsdk:"uuid"`
+	Audit                               types.Object `tfsdk:"audit" tkhao:"audit"`
+	Markers                             types.Object `tfsdk:"markers" tkhao:"markers"`
+	Status                              types.Object `tfsdk:"status" tkhao:"status"`
+	BaseOrganizationalUnitUUID          types.String `tfsdk:"base_organizational_unit_uuid"`
+	DefaultDirectory                    types.Bool   `tfsdk:"default_directory"`
+	HelpdeskGroupUUID                   types.String `tfsdk:"helpdesk_group_uuid"`
+	Restrict2fa                         types.Bool   `tfsdk:"restrict2fa"`
+	RotatingPassword                    types.String `tfsdk:"rotating_password"`
+	UsernameCustomizable                types.Bool   `tfsdk:"username_customizable"`
+	InternalDirectory                   types.Object `tfsdk:"internal_directory"`
+	LDAPDirectory                       types.Object `tfsdk:"l_d_a_p_directory"`
+	MaintenanceDirectory                types.Object `tfsdk:"maintenance_directory"`
+	OIDCDirectory                       types.Object `tfsdk:"o_id_c_directory"`
+}
+
+var directoryAccountDirectoryLinkableWrapperAttrTypesRS = objectAttrsTypeRSDirectoryAccountDirectoryLinkableWrapper(false)
+var directoryAccountDirectoryLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSDirectoryAccountDirectoryLinkableWrapper(true)
+
+type directoryAccountDirectoryLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var directoryAccountDirectoryPrimerAttrTypesRS = objectAttrsTypeRSDirectoryAccountDirectoryPrimer(false)
+var directoryAccountDirectoryPrimerAttrTypesRSRecurse = objectAttrsTypeRSDirectoryAccountDirectoryPrimer(true)
+
+type directoryAccountDirectoryPrimerDataRS struct {
+	Links                               types.List   `tfsdk:"links"`
+	Permissions                         types.List   `tfsdk:"permissions"`
+	AccountValiditySupported            types.Bool   `tfsdk:"account_validity_supported"`
+	Active                              types.Bool   `tfsdk:"active"`
+	DirectoryAccountDirectoryPrimerType types.String `tfsdk:"type"`
+	Name                                types.String `tfsdk:"name"`
+	UUID                                types.String `tfsdk:"uuid"`
+}
+
+var directoryAccountDirectoryStatusReportAttrTypesRS = objectAttrsTypeRSDirectoryAccountDirectoryStatusReport(false)
+var directoryAccountDirectoryStatusReportAttrTypesRSRecurse = objectAttrsTypeRSDirectoryAccountDirectoryStatusReport(true)
+
+type directoryAccountDirectoryStatusReportDataRS struct {
+	Accounts types.Int64  `tfsdk:"accounts"`
+	Reason   types.String `tfsdk:"reason"`
+	Status   types.String `tfsdk:"status"`
+}
+
+var directoryAccountDirectorySummaryAttrTypesRS = objectAttrsTypeRSDirectoryAccountDirectorySummary(false)
+var directoryAccountDirectorySummaryAttrTypesRSRecurse = objectAttrsTypeRSDirectoryAccountDirectorySummary(true)
+
+type directoryAccountDirectorySummaryDataRS struct {
+	Links                                types.List   `tfsdk:"links"`
+	Permissions                          types.List   `tfsdk:"permissions"`
+	DirectoryAccountDirectorySummaryType types.String `tfsdk:"type"`
+	DomainRestriction                    types.String `tfsdk:"domain_restriction"`
+	FullyResolvedIssuer                  types.String `tfsdk:"fully_resolved_issuer"`
+	Name                                 types.String `tfsdk:"name"`
+	Status                               types.Object `tfsdk:"status"`
+	UsernameCustomizable                 types.Bool   `tfsdk:"username_customizable"`
+}
+
+var directoryAccountDirectorySummaryLinkableWrapperAttrTypesRS = objectAttrsTypeRSDirectoryAccountDirectorySummaryLinkableWrapper(false)
+var directoryAccountDirectorySummaryLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSDirectoryAccountDirectorySummaryLinkableWrapper(true)
+
+type directoryAccountDirectorySummaryLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var directoryAccountDirectory_additionalObjectsAttrTypesRS = objectAttrsTypeRSDirectoryAccountDirectory_additionalObjects(false)
+var directoryAccountDirectory_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSDirectoryAccountDirectory_additionalObjects(true)
+
+type directoryAccountDirectory_additionalObjectsDataRS struct {
+	Audit   types.Object `tfsdk:"audit"`
+	Markers types.Object `tfsdk:"markers"`
+	Status  types.Object `tfsdk:"status"`
+}
+
+var directoryInternalDirectoryAttrTypesRS = objectAttrsTypeRSDirectoryInternalDirectory(false)
+var directoryInternalDirectoryAttrTypesRSRecurse = objectAttrsTypeRSDirectoryInternalDirectory(true)
+
+type directoryInternalDirectoryDataRS struct {
+	OwnerUUID types.String `tfsdk:"owner_uuid"`
+}
+
+var directoryLDAPDirectoryAttrTypesRS = objectAttrsTypeRSDirectoryLDAPDirectory(false)
+var directoryLDAPDirectoryAttrTypesRSRecurse = objectAttrsTypeRSDirectoryLDAPDirectory(true)
+
+type directoryLDAPDirectoryDataRS struct {
+	AttributesToStore              types.String `tfsdk:"attributes_to_store"`
+	BaseDN                         types.String `tfsdk:"base_dn"`
+	ClientCertificateUUID          types.String `tfsdk:"client_certificate_uuid"`
+	Dialect                        types.String `tfsdk:"dialect"`
+	FailoverHost                   types.String `tfsdk:"failover_host"`
+	FailoverTrustedCertificateUUID types.String `tfsdk:"failover_trusted_certificate_uuid"`
+	Host                           types.String `tfsdk:"host"`
+	PasswordRecovery               types.String `tfsdk:"password_recovery"`
+	Port                           types.Int64  `tfsdk:"port"`
+	SearchBindDN                   types.String `tfsdk:"search_bind_dn"`
+	SearchBindPassword             types.String `tfsdk:"search_bind_password"`
+	SearchFilter                   types.String `tfsdk:"search_filter"`
+	TLS                            types.String `tfsdk:"tls"`
+	TrustedCertificateUUID         types.String `tfsdk:"trusted_certificate_uuid"`
+}
+
+var directoryMaintenanceDirectoryAttrTypesRS = objectAttrsTypeRSDirectoryMaintenanceDirectory(false)
+var directoryMaintenanceDirectoryAttrTypesRSRecurse = objectAttrsTypeRSDirectoryMaintenanceDirectory(true)
+
+type directoryMaintenanceDirectoryDataRS struct {
+}
+
+var directoryOIDCDirectoryAttrTypesRS = objectAttrsTypeRSDirectoryOIDCDirectory(false)
+var directoryOIDCDirectoryAttrTypesRSRecurse = objectAttrsTypeRSDirectoryOIDCDirectory(true)
+
+type directoryOIDCDirectoryDataRS struct {
+	AcrValues           types.String `tfsdk:"acr_values"`
+	AttributesToStore   types.String `tfsdk:"attributes_to_store"`
+	ClientID            types.String `tfsdk:"client_id"`
+	ClientSecret        types.String `tfsdk:"client_secret"`
+	DomainRestriction   types.String `tfsdk:"domain_restriction"`
+	Enforces2fa         types.Bool   `tfsdk:"enforces2fa"`
+	FullyResolvedIssuer types.String `tfsdk:"fully_resolved_issuer"`
+	Issuer              types.String `tfsdk:"issuer"`
+	LogoutURL           types.String `tfsdk:"logout_url"`
+	SendLoginHint       types.Bool   `tfsdk:"send_login_hint"`
+	VendorEscaped       types.String `tfsdk:"vendor_escaped"`
+}
+
+var groupAuthorizedGroupsWrapperAttrTypesRS = objectAttrsTypeRSGroupAuthorizedGroupsWrapper(false)
+var groupAuthorizedGroupsWrapperAttrTypesRSRecurse = objectAttrsTypeRSGroupAuthorizedGroupsWrapper(true)
+
+type groupAuthorizedGroupsWrapperDataRS struct {
+	Items      types.List  `tfsdk:"items"`
+	GroupCount types.Int64 `tfsdk:"group_count"`
+}
+
+var groupGroupAttrTypesRS = objectAttrsTypeRSGroupGroup(false)
+var groupGroupAttrTypesRSRecurse = objectAttrsTypeRSGroupGroup(true)
+
+type groupGroupDataRS struct {
+	Links                            types.List   `tfsdk:"links"`
+	Permissions                      types.List   `tfsdk:"permissions"`
+	Admin                            types.Bool   `tfsdk:"admin"`
+	Name                             types.String `tfsdk:"name"`
+	UUID                             types.String `tfsdk:"uuid"`
+	Accounts                         types.List   `tfsdk:"accounts" tkhao:"accounts"`
+	AdministeredClients              types.List   `tfsdk:"administered_clients" tkhao:"administeredClients"`
+	AdministeredSystems              types.List   `tfsdk:"administered_systems" tkhao:"administeredSystems"`
+	Admins                           types.List   `tfsdk:"admins" tkhao:"admins"`
+	Audit                            types.Object `tfsdk:"audit" tkhao:"audit"`
+	AuthorizedGroups                 types.Object `tfsdk:"authorized_groups" tkhao:"authorizedGroups"`
+	ClientPermissions                types.List   `tfsdk:"client_permissions" tkhao:"clientPermissions"`
+	Clients                          types.List   `tfsdk:"clients" tkhao:"clients"`
+	ContentAdministeredSystems       types.List   `tfsdk:"content_administered_systems" tkhao:"contentAdministeredSystems"`
+	Groupauditinginfo                types.Object `tfsdk:"groupauditinginfo" tkhao:"groupauditinginfo"`
+	Groupinfo                        types.Object `tfsdk:"groupinfo" tkhao:"groupinfo"`
+	Helpdesk                         types.List   `tfsdk:"helpdesk" tkhao:"helpdesk"`
+	Markers                          types.Object `tfsdk:"markers" tkhao:"markers"`
+	Myaccount                        types.Object `tfsdk:"myaccount" tkhao:"myaccount"`
+	Mydelegatedaccount               types.Object `tfsdk:"mydelegatedaccount" tkhao:"mydelegatedaccount"`
+	NestedGroups                     types.List   `tfsdk:"nested_groups" tkhao:"nestedGroups"`
+	OwnedClients                     types.List   `tfsdk:"owned_clients" tkhao:"ownedClients"`
+	OwnedDirectories                 types.List   `tfsdk:"owned_directories" tkhao:"ownedDirectories"`
+	OwnedGroupsOnSystem              types.Object `tfsdk:"owned_groups_on_system" tkhao:"ownedGroupsOnSystem"`
+	OwnedOrganizationalUnits         types.List   `tfsdk:"owned_organizational_units" tkhao:"ownedOrganizationalUnits"`
+	OwnedSystems                     types.List   `tfsdk:"owned_systems" tkhao:"ownedSystems"`
+	RecentAudits                     types.List   `tfsdk:"recent_audits" tkhao:"recentAudits"`
+	Requeststatus                    types.String `tfsdk:"requeststatus" tkhao:"requeststatus"`
+	ServiceAccounts                  types.List   `tfsdk:"service_accounts" tkhao:"serviceAccounts"`
+	Systems                          types.List   `tfsdk:"systems" tkhao:"systems"`
+	Vault                            types.Object `tfsdk:"vault" tkhao:"vault"`
+	Webhooks                         types.List   `tfsdk:"webhooks" tkhao:"webhooks"`
+	ApplicationAdministration        types.Bool   `tfsdk:"application_administration"`
+	AuditConfig                      types.Object `tfsdk:"audit_config"`
+	AuditRequested                   types.Bool   `tfsdk:"audit_requested"`
+	Auditor                          types.Bool   `tfsdk:"auditor"`
+	AuthorizingGroupAuditingUUID     types.String `tfsdk:"authorizing_group_auditing_uuid"`
+	AuthorizingGroupDelegationUUID   types.String `tfsdk:"authorizing_group_delegation_uuid"`
+	AuthorizingGroupMembershipUUID   types.String `tfsdk:"authorizing_group_membership_uuid"`
+	AuthorizingGroupProvisioningUUID types.String `tfsdk:"authorizing_group_provisioning_uuid"`
+	AuthorizingGroupTypes            types.List   `tfsdk:"authorizing_group_types"`
+	ClassificationUUID               types.String `tfsdk:"classification_uuid"`
+	Description                      types.String `tfsdk:"description"`
+	ExtendedAccess                   types.String `tfsdk:"extended_access"`
+	HideAuditTrail                   types.Bool   `tfsdk:"hide_audit_trail"`
+	NestedUnderUUID                  types.String `tfsdk:"nested_under_uuid"`
+	OrganizationalUnitUUID           types.String `tfsdk:"organizational_unit_uuid"`
+	PrivateGroup                     types.Bool   `tfsdk:"private_group"`
+	RecordTrail                      types.Bool   `tfsdk:"record_trail"`
+	RotatingPasswordRequired         types.Bool   `tfsdk:"rotating_password_required"`
+	SingleManaged                    types.Bool   `tfsdk:"single_managed"`
+	VaultRecovery                    types.String `tfsdk:"vault_recovery"`
+	VaultRequiresActivation          types.Bool   `tfsdk:"vault_requires_activation"`
+}
+
+var groupGroupAccountAttrTypesRS = objectAttrsTypeRSGroupGroupAccount(false)
+var groupGroupAccountAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupAccount(true)
+
+type groupGroupAccountDataRS struct {
+	UUID                   types.String `tfsdk:"uuid"`
+	Audit                  types.Object `tfsdk:"audit" tkhao:"audit"`
+	DirectoryUUID          types.String `tfsdk:"directory_uuid"`
+	DisconnectedNested     types.Bool   `tfsdk:"disconnected_nested"`
+	EndDate                types.String `tfsdk:"end_date"`
+	LastUsed               types.String `tfsdk:"last_used"`
+	Nested                 types.Bool   `tfsdk:"nested"`
+	ProvisioningEndTime    types.String `tfsdk:"provisioning_end_time"`
+	Rights                 types.String `tfsdk:"rights"`
+	TwoFactorStatus        types.String `tfsdk:"two_factor_status"`
+	VisibleForProvisioning types.Bool   `tfsdk:"visible_for_provisioning"`
+}
+
+var groupGroupAccountLinkableWrapperAttrTypesRS = objectAttrsTypeRSGroupGroupAccountLinkableWrapper(false)
+var groupGroupAccountLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupAccountLinkableWrapper(true)
+
+type groupGroupAccountLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupGroupAccount_additionalObjectsAttrTypesRS = objectAttrsTypeRSGroupGroupAccount_additionalObjects(false)
+var groupGroupAccount_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupAccount_additionalObjects(true)
+
+type groupGroupAccount_additionalObjectsDataRS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var groupGroupAuditAttrTypesRS = objectAttrsTypeRSGroupGroupAudit(false)
+var groupGroupAuditAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupAudit(true)
+
+type groupGroupAuditDataRS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Accounts    types.List   `tfsdk:"accounts"`
+	Audit       types.Object `tfsdk:"audit" tkhao:"audit"`
+	Comment     types.String `tfsdk:"comment"`
+	CreatedAt   types.String `tfsdk:"created_at"`
+	CreatedBy   types.String `tfsdk:"created_by"`
+	GroupName   types.String `tfsdk:"group_name"`
+	NameOnAudit types.String `tfsdk:"name_on_audit"`
+	ReviewedAt  types.String `tfsdk:"reviewed_at"`
+	ReviewedBy  types.String `tfsdk:"reviewed_by"`
+	Status      types.String `tfsdk:"status"`
+	SubmittedAt types.String `tfsdk:"submitted_at"`
+	SubmittedBy types.String `tfsdk:"submitted_by"`
+}
+
+var groupGroupAuditAccountAttrTypesRS = objectAttrsTypeRSGroupGroupAuditAccount(false)
+var groupGroupAuditAccountAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupAuditAccount(true)
+
+type groupGroupAuditAccountDataRS struct {
+	Links              types.List   `tfsdk:"links"`
+	Permissions        types.List   `tfsdk:"permissions"`
+	AccountUUID        types.String `tfsdk:"account_uuid"`
+	AccountValid       types.Bool   `tfsdk:"account_valid"`
+	Action             types.String `tfsdk:"action"`
+	Comment            types.String `tfsdk:"comment"`
+	DisconnectedNested types.Bool   `tfsdk:"disconnected_nested"`
+	DisplayName        types.String `tfsdk:"display_name"`
+	EndDate            types.String `tfsdk:"end_date"`
+	LastActive         types.String `tfsdk:"last_active"`
+	LastUsed           types.String `tfsdk:"last_used"`
+	Nested             types.Bool   `tfsdk:"nested"`
+	Rights             types.String `tfsdk:"rights"`
+	Username           types.String `tfsdk:"username"`
+}
+
+var groupGroupAuditConfigAttrTypesRS = objectAttrsTypeRSGroupGroupAuditConfig(false)
+var groupGroupAuditConfigAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupAuditConfig(true)
+
+type groupGroupAuditConfigDataRS struct {
+	Links       types.List `tfsdk:"links"`
+	Permissions types.List `tfsdk:"permissions"`
+	Months      types.List `tfsdk:"months"`
+}
+
+var groupGroupAuditLinkableWrapperAttrTypesRS = objectAttrsTypeRSGroupGroupAuditLinkableWrapper(false)
+var groupGroupAuditLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupAuditLinkableWrapper(true)
+
+type groupGroupAuditLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupGroupAudit_additionalObjectsAttrTypesRS = objectAttrsTypeRSGroupGroupAudit_additionalObjects(false)
+var groupGroupAudit_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupAudit_additionalObjects(true)
+
+type groupGroupAudit_additionalObjectsDataRS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var groupGroupAuditingInfoAttrTypesRS = objectAttrsTypeRSGroupGroupAuditingInfo(false)
+var groupGroupAuditingInfoAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupAuditingInfo(true)
+
+type groupGroupAuditingInfoDataRS struct {
+	AuditDueDate              types.String `tfsdk:"audit_due_date"`
+	LastAuditDate             types.String `tfsdk:"last_audit_date"`
+	NrAccounts                types.Int64  `tfsdk:"nr_accounts"`
+	NrDisabledAccounts        types.Int64  `tfsdk:"nr_disabled_accounts"`
+	NrDisabledManagers        types.Int64  `tfsdk:"nr_disabled_managers"`
+	NrExpiredVaultRecords     types.Int64  `tfsdk:"nr_expired_vault_records"`
+	NrManagers                types.Int64  `tfsdk:"nr_managers"`
+	NrVaultRecordsWithEndDate types.Int64  `tfsdk:"nr_vault_records_with_end_date"`
+}
+
+var groupGroupClassificationPrimerAttrTypesRS = objectAttrsTypeRSGroupGroupClassificationPrimer(false)
+var groupGroupClassificationPrimerAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupClassificationPrimer(true)
+
+type groupGroupClassificationPrimerDataRS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Name        types.String `tfsdk:"name"`
+	UUID        types.String `tfsdk:"uuid"`
+}
+
+var groupGroupClientAttrTypesRS = objectAttrsTypeRSGroupGroupClient(false)
+var groupGroupClientAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupClient(true)
+
+type groupGroupClientDataRS struct {
+	Links                      types.List   `tfsdk:"links"`
+	Permissions                types.List   `tfsdk:"permissions"`
+	ActivationRequired         types.Bool   `tfsdk:"activation_required"`
+	Audit                      types.Object `tfsdk:"audit" tkhao:"audit"`
+	ClientUUID                 types.String `tfsdk:"client_uuid"`
+	GroupUUID                  types.String `tfsdk:"group_uuid"`
+	OwnerUUID                  types.String `tfsdk:"owner_uuid"`
+	TechnicalAdministratorUUID types.String `tfsdk:"technical_administrator_uuid"`
+}
+
+var groupGroupClientLinkableWrapperAttrTypesRS = objectAttrsTypeRSGroupGroupClientLinkableWrapper(false)
+var groupGroupClientLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupClientLinkableWrapper(true)
+
+type groupGroupClientLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupGroupClient_additionalObjectsAttrTypesRS = objectAttrsTypeRSGroupGroupClient_additionalObjects(false)
+var groupGroupClient_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupClient_additionalObjects(true)
+
+type groupGroupClient_additionalObjectsDataRS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var groupGroupInfoAttrTypesRS = objectAttrsTypeRSGroupGroupInfo(false)
+var groupGroupInfoAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupInfo(true)
+
+type groupGroupInfoDataRS struct {
+	NrAccounts           types.Int64 `tfsdk:"nr_accounts"`
+	NrAccountsWithVault  types.Int64 `tfsdk:"nr_accounts_with_vault"`
+	NrAudits             types.Int64 `tfsdk:"nr_audits"`
+	NrClients            types.Int64 `tfsdk:"nr_clients"`
+	NrProvisionedSystems types.Int64 `tfsdk:"nr_provisioned_systems"`
+	NrVaultRecords       types.Int64 `tfsdk:"nr_vault_records"`
+}
+
+var groupGroupLinkableWrapperAttrTypesRS = objectAttrsTypeRSGroupGroupLinkableWrapper(false)
+var groupGroupLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupLinkableWrapper(true)
+
+type groupGroupLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupGroupPrimerAttrTypesRS = objectAttrsTypeRSGroupGroupPrimer(false)
+var groupGroupPrimerAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupPrimer(true)
+
+type groupGroupPrimerDataRS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Admin       types.Bool   `tfsdk:"admin"`
+	Name        types.String `tfsdk:"name"`
+	UUID        types.String `tfsdk:"uuid"`
+}
+
+var groupGroupPrimerLinkableWrapperAttrTypesRS = objectAttrsTypeRSGroupGroupPrimerLinkableWrapper(false)
+var groupGroupPrimerLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSGroupGroupPrimerLinkableWrapper(true)
+
+type groupGroupPrimerLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupGroup_additionalObjectsAttrTypesRS = objectAttrsTypeRSGroupGroup_additionalObjects(false)
+var groupGroup_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSGroupGroup_additionalObjects(true)
+
+type groupGroup_additionalObjectsDataRS struct {
+	Accounts                   types.List   `tfsdk:"accounts"`
+	AdministeredClients        types.List   `tfsdk:"administered_clients"`
+	AdministeredSystems        types.List   `tfsdk:"administered_systems"`
+	Admins                     types.List   `tfsdk:"admins"`
+	Audit                      types.Object `tfsdk:"audit"`
+	AuthorizedGroups           types.Object `tfsdk:"authorized_groups"`
+	ClientPermissions          types.List   `tfsdk:"client_permissions"`
+	Clients                    types.List   `tfsdk:"clients"`
+	ContentAdministeredSystems types.List   `tfsdk:"content_administered_systems"`
+	Groupauditinginfo          types.Object `tfsdk:"groupauditinginfo"`
+	Groupinfo                  types.Object `tfsdk:"groupinfo"`
+	Helpdesk                   types.List   `tfsdk:"helpdesk"`
+	Markers                    types.Object `tfsdk:"markers"`
+	Myaccount                  types.Object `tfsdk:"myaccount"`
+	Mydelegatedaccount         types.Object `tfsdk:"mydelegatedaccount"`
+	NestedGroups               types.List   `tfsdk:"nested_groups"`
+	OwnedClients               types.List   `tfsdk:"owned_clients"`
+	OwnedDirectories           types.List   `tfsdk:"owned_directories"`
+	OwnedGroupsOnSystem        types.Object `tfsdk:"owned_groups_on_system"`
+	OwnedOrganizationalUnits   types.List   `tfsdk:"owned_organizational_units"`
+	OwnedSystems               types.List   `tfsdk:"owned_systems"`
+	RecentAudits               types.List   `tfsdk:"recent_audits"`
+	Requeststatus              types.String `tfsdk:"requeststatus"`
+	ServiceAccounts            types.List   `tfsdk:"service_accounts"`
+	Systems                    types.List   `tfsdk:"systems"`
+	Vault                      types.Object `tfsdk:"vault"`
+	Webhooks                   types.List   `tfsdk:"webhooks"`
+}
+
+var groupProvisioningGroupAttrTypesRS = objectAttrsTypeRSGroupProvisioningGroup(false)
+var groupProvisioningGroupAttrTypesRSRecurse = objectAttrsTypeRSGroupProvisioningGroup(true)
+
+type groupProvisioningGroupDataRS struct {
+	Links              types.List   `tfsdk:"links"`
+	Permissions        types.List   `tfsdk:"permissions"`
+	ActivationRequired types.Bool   `tfsdk:"activation_required"`
+	Audit              types.Object `tfsdk:"audit" tkhao:"audit"`
+	GroupUUID          types.String `tfsdk:"group_uuid"`
+	GroupOnSystem      types.Object `tfsdk:"group_on_system"`
+}
+
+var groupProvisioningGroupLinkableWrapperAttrTypesRS = objectAttrsTypeRSGroupProvisioningGroupLinkableWrapper(false)
+var groupProvisioningGroupLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSGroupProvisioningGroupLinkableWrapper(true)
+
+type groupProvisioningGroupLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var groupProvisioningGroup_additionalObjectsAttrTypesRS = objectAttrsTypeRSGroupProvisioningGroup_additionalObjects(false)
+var groupProvisioningGroup_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSGroupProvisioningGroup_additionalObjects(true)
+
+type groupProvisioningGroup_additionalObjectsDataRS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var groupVaultVaultRecordAttrTypesRS = objectAttrsTypeRSGroupVaultVaultRecord(false)
+var groupVaultVaultRecordAttrTypesRSRecurse = objectAttrsTypeRSGroupVaultVaultRecord(true)
+
+type groupVaultVaultRecordDataRS struct {
+	GroupUUID        types.String `tfsdk:"group_uuid"`
+	Links            types.List   `tfsdk:"links"`
+	Permissions      types.List   `tfsdk:"permissions"`
+	Color            types.String `tfsdk:"color"`
+	Name             types.String `tfsdk:"name"`
+	ShareEndTime     types.String `tfsdk:"share_end_time"`
+	UUID             types.String `tfsdk:"uuid"`
+	Audit            types.Object `tfsdk:"audit" tkhao:"audit"`
+	DeleteTile       types.Bool   `tfsdk:"delete_tile" tkhao:"deleteTile"`
+	ParentUUID       types.String `tfsdk:"parent_uuid" tkhao:"parent"`
+	PasswordMetadata types.Object `tfsdk:"password_metadata" tkhao:"passwordMetadata"`
+	Secret           types.Object `tfsdk:"secret" tkhao:"secret"`
+	ShareSummary     types.Object `tfsdk:"share_summary" tkhao:"shareSummary"`
+	Shares           types.List   `tfsdk:"shares" tkhao:"shares"`
+	Tile             types.Object `tfsdk:"tile" tkhao:"tile"`
+	Vaultholder      types.Object `tfsdk:"vaultholder" tkhao:"vaultholder"`
+	Derived          types.Bool   `tfsdk:"derived"`
+	EndDate          types.String `tfsdk:"end_date"`
+	Filename         types.String `tfsdk:"filename"`
+	Types            types.List   `tfsdk:"types"`
+	URL              types.String `tfsdk:"url"`
+	Username         types.String `tfsdk:"username"`
+	WarningPeriod    types.String `tfsdk:"warning_period"`
+}
+
+var launchpadSsoApplicationLaunchpadTileAttrTypesRS = objectAttrsTypeRSLaunchpadSsoApplicationLaunchpadTile(false)
+var launchpadSsoApplicationLaunchpadTileAttrTypesRSRecurse = objectAttrsTypeRSLaunchpadSsoApplicationLaunchpadTile(true)
+
+type launchpadSsoApplicationLaunchpadTileDataRS struct {
+	URI types.String `tfsdk:"uri"`
+}
+
+var launchpadVaultRecordLaunchpadTileAttrTypesRS = objectAttrsTypeRSLaunchpadVaultRecordLaunchpadTile(false)
+var launchpadVaultRecordLaunchpadTileAttrTypesRSRecurse = objectAttrsTypeRSLaunchpadVaultRecordLaunchpadTile(true)
+
+type launchpadVaultRecordLaunchpadTileDataRS struct {
+}
+
+var markItemMarkerAttrTypesRS = objectAttrsTypeRSMarkItemMarker(false)
+var markItemMarkerAttrTypesRSRecurse = objectAttrsTypeRSMarkItemMarker(true)
+
+type markItemMarkerDataRS struct {
+	Level              types.String `tfsdk:"level"`
+	MarkItemMarkerType types.String `tfsdk:"type"`
+	Parameters         types.Map    `tfsdk:"parameters"`
+}
+
+var markItemMarkersAttrTypesRS = objectAttrsTypeRSMarkItemMarkers(false)
+var markItemMarkersAttrTypesRSRecurse = objectAttrsTypeRSMarkItemMarkers(true)
+
+type markItemMarkersDataRS struct {
+	Markers types.List `tfsdk:"markers"`
+}
+
+var nestedProvisioningGroupOnSystemAttrTypesRS = objectAttrsTypeRSNestedProvisioningGroupOnSystem(false)
+var nestedProvisioningGroupOnSystemAttrTypesRSRecurse = objectAttrsTypeRSNestedProvisioningGroupOnSystem(true)
+
+type nestedProvisioningGroupOnSystemDataRS struct {
+	ProvisionedSystemUUID               types.String `tfsdk:"provisioned_system_uuid"`
+	Links                               types.List   `tfsdk:"links"`
+	Permissions                         types.List   `tfsdk:"permissions"`
+	DisplayName                         types.String `tfsdk:"display_name"`
+	NameInSystem                        types.String `tfsdk:"name_in_system"`
+	ProvisioningGroupOnSystemPrimerType types.String `tfsdk:"type"`
+	ShortNameInSystem                   types.String `tfsdk:"short_name_in_system"`
+	Audit                               types.Object `tfsdk:"audit" tkhao:"audit"`
+	Provgroups                          types.List   `tfsdk:"provgroups" tkhao:"provgroups"`
+	ServiceAccounts                     types.List   `tfsdk:"service_accounts" tkhao:"serviceAccounts"`
+	OwnerUUID                           types.String `tfsdk:"owner_uuid"`
+}
+
+var organizationOrganizationalUnitAttrTypesRS = objectAttrsTypeRSOrganizationOrganizationalUnit(false)
+var organizationOrganizationalUnitAttrTypesRSRecurse = objectAttrsTypeRSOrganizationOrganizationalUnit(true)
+
+type organizationOrganizationalUnitDataRS struct {
+	Links            types.List   `tfsdk:"links"`
+	Permissions      types.List   `tfsdk:"permissions"`
+	Name             types.String `tfsdk:"name"`
+	UUID             types.String `tfsdk:"uuid"`
+	Audit            types.Object `tfsdk:"audit" tkhao:"audit"`
+	CreateAsParentOf types.List   `tfsdk:"create_as_parent_of" tkhao:"createAsParentOf"`
+	Depth            types.Int64  `tfsdk:"depth"`
+	Description      types.String `tfsdk:"description"`
+	OwnerUUID        types.String `tfsdk:"owner_uuid"`
+	ParentUUID       types.String `tfsdk:"parent_uuid"`
+}
+
+var organizationOrganizationalUnitLinkableWrapperAttrTypesRS = objectAttrsTypeRSOrganizationOrganizationalUnitLinkableWrapper(false)
+var organizationOrganizationalUnitLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSOrganizationOrganizationalUnitLinkableWrapper(true)
+
+type organizationOrganizationalUnitLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var organizationOrganizationalUnitPrimerAttrTypesRS = objectAttrsTypeRSOrganizationOrganizationalUnitPrimer(false)
+var organizationOrganizationalUnitPrimerAttrTypesRSRecurse = objectAttrsTypeRSOrganizationOrganizationalUnitPrimer(true)
+
+type organizationOrganizationalUnitPrimerDataRS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Name        types.String `tfsdk:"name"`
+	UUID        types.String `tfsdk:"uuid"`
+}
+
+var organizationOrganizationalUnitPrimerLinkableWrapperAttrTypesRS = objectAttrsTypeRSOrganizationOrganizationalUnitPrimerLinkableWrapper(false)
+var organizationOrganizationalUnitPrimerLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSOrganizationOrganizationalUnitPrimerLinkableWrapper(true)
+
+type organizationOrganizationalUnitPrimerLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var organizationOrganizationalUnit_additionalObjectsAttrTypesRS = objectAttrsTypeRSOrganizationOrganizationalUnit_additionalObjects(false)
+var organizationOrganizationalUnit_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSOrganizationOrganizationalUnit_additionalObjects(true)
+
+type organizationOrganizationalUnit_additionalObjectsDataRS struct {
+	Audit            types.Object `tfsdk:"audit"`
+	CreateAsParentOf types.List   `tfsdk:"create_as_parent_of"`
+}
+
+var provisioningAbstractProvisionedLDAPAttrTypesRS = objectAttrsTypeRSProvisioningAbstractProvisionedLDAP(false)
+var provisioningAbstractProvisionedLDAPAttrTypesRSRecurse = objectAttrsTypeRSProvisioningAbstractProvisionedLDAP(true)
+
+type provisioningAbstractProvisionedLDAPDataRS struct {
+	Attributes                     types.Map    `tfsdk:"attributes"`
+	BaseDN                         types.String `tfsdk:"base_dn"`
+	BindDN                         types.String `tfsdk:"bind_dn"`
+	BindPassword                   types.String `tfsdk:"bind_password"`
+	ClientCertificateUUID          types.String `tfsdk:"client_certificate_uuid"`
+	FailoverHost                   types.String `tfsdk:"failover_host"`
+	FailoverTrustedCertificateUUID types.String `tfsdk:"failover_trusted_certificate_uuid"`
+	GroupDN                        types.String `tfsdk:"group_dn"`
+	Host                           types.String `tfsdk:"host"`
+	ObjectClasses                  types.String `tfsdk:"object_classes"`
+	Port                           types.Int64  `tfsdk:"port"`
+	ServiceAccountDN               types.String `tfsdk:"service_account_dn"`
+	SshPublicKeySupported          types.Bool   `tfsdk:"ssh_public_key_supported"`
+	TLS                            types.String `tfsdk:"tls"`
+	TrustedCertificateUUID         types.String `tfsdk:"trusted_certificate_uuid"`
+	UserDN                         types.String `tfsdk:"user_dn"`
+}
+
+var provisioningCircuitBreakerStatisticsAttrTypesRS = objectAttrsTypeRSProvisioningCircuitBreakerStatistics(false)
+var provisioningCircuitBreakerStatisticsAttrTypesRSRecurse = objectAttrsTypeRSProvisioningCircuitBreakerStatistics(true)
+
+type provisioningCircuitBreakerStatisticsDataRS struct {
+	NumberOfFailedCalls       types.Int64  `tfsdk:"number_of_failed_calls"`
+	NumberOfNotPermittedCalls types.Int64  `tfsdk:"number_of_not_permitted_calls"`
+	NumberOfSuccessfulCalls   types.Int64  `tfsdk:"number_of_successful_calls"`
+	State                     types.String `tfsdk:"state"`
+}
+
+var provisioningGroupOnSystemAttrTypesRS = objectAttrsTypeRSProvisioningGroupOnSystem(false)
+var provisioningGroupOnSystemAttrTypesRSRecurse = objectAttrsTypeRSProvisioningGroupOnSystem(true)
+
+type provisioningGroupOnSystemDataRS struct {
+	Links                               types.List   `tfsdk:"links"`
+	Permissions                         types.List   `tfsdk:"permissions"`
+	DisplayName                         types.String `tfsdk:"display_name"`
+	NameInSystem                        types.String `tfsdk:"name_in_system"`
+	ProvisioningGroupOnSystemPrimerType types.String `tfsdk:"type"`
+	ShortNameInSystem                   types.String `tfsdk:"short_name_in_system"`
+	Audit                               types.Object `tfsdk:"audit" tkhao:"audit"`
+	Provgroups                          types.List   `tfsdk:"provgroups" tkhao:"provgroups"`
+	ServiceAccounts                     types.List   `tfsdk:"service_accounts" tkhao:"serviceAccounts"`
+	OwnerUUID                           types.String `tfsdk:"owner_uuid"`
+}
+
+var provisioningGroupOnSystemLinkableWrapperAttrTypesRS = objectAttrsTypeRSProvisioningGroupOnSystemLinkableWrapper(false)
+var provisioningGroupOnSystemLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSProvisioningGroupOnSystemLinkableWrapper(true)
+
+type provisioningGroupOnSystemLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var provisioningGroupOnSystemPrimerAttrTypesRS = objectAttrsTypeRSProvisioningGroupOnSystemPrimer(false)
+var provisioningGroupOnSystemPrimerAttrTypesRSRecurse = objectAttrsTypeRSProvisioningGroupOnSystemPrimer(true)
+
+type provisioningGroupOnSystemPrimerDataRS struct {
+	Links                               types.List   `tfsdk:"links"`
+	Permissions                         types.List   `tfsdk:"permissions"`
+	DisplayName                         types.String `tfsdk:"display_name"`
+	NameInSystem                        types.String `tfsdk:"name_in_system"`
+	ProvisioningGroupOnSystemPrimerType types.String `tfsdk:"type"`
+	ShortNameInSystem                   types.String `tfsdk:"short_name_in_system"`
+}
+
+var provisioningGroupOnSystemTypesAttrTypesRS = objectAttrsTypeRSProvisioningGroupOnSystemTypes(false)
+var provisioningGroupOnSystemTypesAttrTypesRSRecurse = objectAttrsTypeRSProvisioningGroupOnSystemTypes(true)
+
+type provisioningGroupOnSystemTypesDataRS struct {
+	Types types.List `tfsdk:"types"`
+}
+
+var provisioningGroupOnSystem_additionalObjectsAttrTypesRS = objectAttrsTypeRSProvisioningGroupOnSystem_additionalObjects(false)
+var provisioningGroupOnSystem_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSProvisioningGroupOnSystem_additionalObjects(true)
+
+type provisioningGroupOnSystem_additionalObjectsDataRS struct {
+	Audit           types.Object `tfsdk:"audit"`
+	Provgroups      types.List   `tfsdk:"provgroups"`
+	ServiceAccounts types.List   `tfsdk:"service_accounts"`
+}
+
+var provisioningOwnedGroupOnSystemsWrapperAttrTypesRS = objectAttrsTypeRSProvisioningOwnedGroupOnSystemsWrapper(false)
+var provisioningOwnedGroupOnSystemsWrapperAttrTypesRSRecurse = objectAttrsTypeRSProvisioningOwnedGroupOnSystemsWrapper(true)
+
+type provisioningOwnedGroupOnSystemsWrapperDataRS struct {
+	Items         types.List  `tfsdk:"items"`
+	UnlinkedCount types.Int64 `tfsdk:"unlinked_count"`
+}
+
+var provisioningProvisionNumberSequenceAttrTypesRS = objectAttrsTypeRSProvisioningProvisionNumberSequence(false)
+var provisioningProvisionNumberSequenceAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionNumberSequence(true)
+
+type provisioningProvisionNumberSequenceDataRS struct {
+	Links        types.List   `tfsdk:"links"`
+	Permissions  types.List   `tfsdk:"permissions"`
+	AccountCount types.Int64  `tfsdk:"account_count"`
+	Audit        types.Object `tfsdk:"audit" tkhao:"audit"`
+	Systems      types.List   `tfsdk:"systems" tkhao:"systems"`
+	Name         types.String `tfsdk:"name"`
+	NextUID      types.Int64  `tfsdk:"next_uid"`
+}
+
+var provisioningProvisionNumberSequence_additionalObjectsAttrTypesRS = objectAttrsTypeRSProvisioningProvisionNumberSequence_additionalObjects(false)
+var provisioningProvisionNumberSequence_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionNumberSequence_additionalObjects(true)
+
+type provisioningProvisionNumberSequence_additionalObjectsDataRS struct {
+	Audit   types.Object `tfsdk:"audit"`
+	Systems types.List   `tfsdk:"systems"`
+}
+
+var provisioningProvisionedADAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedAD(false)
+var provisioningProvisionedADAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedAD(true)
+
+type provisioningProvisionedADDataRS struct {
+	SamAccountNameScheme types.String `tfsdk:"sam_account_name_scheme"`
+}
+
+var provisioningProvisionedAccountAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedAccount(false)
+var provisioningProvisionedAccountAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedAccount(true)
+
+type provisioningProvisionedAccountDataRS struct {
+	UUID  types.String `tfsdk:"uuid"`
+	Audit types.Object `tfsdk:"audit" tkhao:"audit"`
+	UID   types.Int64  `tfsdk:"uid"`
+}
+
+var provisioningProvisionedAccount_additionalObjectsAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedAccount_additionalObjects(false)
+var provisioningProvisionedAccount_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedAccount_additionalObjects(true)
+
+type provisioningProvisionedAccount_additionalObjectsDataRS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var provisioningProvisionedAzureOIDCDirectoryAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedAzureOIDCDirectory(false)
+var provisioningProvisionedAzureOIDCDirectoryAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedAzureOIDCDirectory(true)
+
+type provisioningProvisionedAzureOIDCDirectoryDataRS struct {
+	DirectoryUUID types.String `tfsdk:"directory_uuid"`
+	Tenant        types.String `tfsdk:"tenant"`
+}
+
+var provisioningProvisionedAzureSyncLDAPDirectoryAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedAzureSyncLDAPDirectory(false)
+var provisioningProvisionedAzureSyncLDAPDirectoryAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedAzureSyncLDAPDirectory(true)
+
+type provisioningProvisionedAzureSyncLDAPDirectoryDataRS struct {
+	ClientID      types.String `tfsdk:"client_id"`
+	ClientSecret  types.String `tfsdk:"client_secret"`
+	DirectoryUUID types.String `tfsdk:"directory_uuid"`
+	Tenant        types.String `tfsdk:"tenant"`
+}
+
+var provisioningProvisionedAzureTenantAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedAzureTenant(false)
+var provisioningProvisionedAzureTenantAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedAzureTenant(true)
+
+type provisioningProvisionedAzureTenantDataRS struct {
+	ClientID     types.String `tfsdk:"client_id"`
+	ClientSecret types.String `tfsdk:"client_secret"`
+	IDpDomain    types.String `tfsdk:"idp_domain"`
+	Tenant       types.String `tfsdk:"tenant"`
+}
+
+var provisioningProvisionedInternalLDAPAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedInternalLDAP(false)
+var provisioningProvisionedInternalLDAPAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedInternalLDAP(true)
+
+type provisioningProvisionedInternalLDAPDataRS struct {
+	ClientUUID types.String `tfsdk:"client_uuid"`
+}
+
+var provisioningProvisionedLDAPAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedLDAP(false)
+var provisioningProvisionedLDAPAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedLDAP(true)
+
+type provisioningProvisionedLDAPDataRS struct {
+	Gid           types.Int64  `tfsdk:"gid"`
+	HashingScheme types.String `tfsdk:"hashing_scheme"`
+	Numbering     types.Object `tfsdk:"numbering"`
+}
+
+var provisioningProvisionedLDAPDirectoryAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedLDAPDirectory(false)
+var provisioningProvisionedLDAPDirectoryAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedLDAPDirectory(true)
+
+type provisioningProvisionedLDAPDirectoryDataRS struct {
+	DirectoryUUID types.String `tfsdk:"directory_uuid"`
+	GroupDN       types.String `tfsdk:"group_dn"`
+}
+
+var provisioningProvisionedSystemAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedSystem(false)
+var provisioningProvisionedSystemAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedSystem(true)
+
+type provisioningProvisionedSystemDataRS struct {
+	Links                                   types.List   `tfsdk:"links"`
+	Permissions                             types.List   `tfsdk:"permissions"`
+	Active                                  types.Bool   `tfsdk:"active"`
+	Name                                    types.String `tfsdk:"name"`
+	OrganizationalUnitUUID                  types.String `tfsdk:"organizational_unit_uuid"`
+	ProvisioningProvisionedSystemPrimerType types.String `tfsdk:"type"`
+	UUID                                    types.String `tfsdk:"uuid"`
+	AccountCount                            types.Int64  `tfsdk:"account_count"`
+	Account                                 types.Object `tfsdk:"account" tkhao:"account"`
+	Audit                                   types.Object `tfsdk:"audit" tkhao:"audit"`
+	IssuedPermissions                       types.List   `tfsdk:"issued_permissions" tkhao:"issuedPermissions"`
+	LoginName                               types.String `tfsdk:"login_name" tkhao:"loginName"`
+	ManagementPermissions                   types.Object `tfsdk:"management_permissions" tkhao:"managementPermissions"`
+	Markers                                 types.Object `tfsdk:"markers" tkhao:"markers"`
+	Statistics                              types.Object `tfsdk:"statistics" tkhao:"statistics"`
+	SupportedGroupTypes                     types.Object `tfsdk:"supported_group_types" tkhao:"supportedGroupTypes"`
+	ContentAdministratorUUID                types.String `tfsdk:"content_administrator_uuid"`
+	ExternalUUID                            types.String `tfsdk:"external_uuid"`
+	OwnerUUID                               types.String `tfsdk:"owner_uuid"`
+	SelfServiceExistingGroups               types.Bool   `tfsdk:"self_service_existing_groups"`
+	SelfServiceNewGroups                    types.Bool   `tfsdk:"self_service_new_groups"`
+	SelfServiceServiceAccounts              types.Bool   `tfsdk:"self_service_service_accounts"`
+	ShouldDestroyUnknownAccounts            types.Bool   `tfsdk:"should_destroy_unknown_accounts"`
+	TechnicalAdministratorUUID              types.String `tfsdk:"technical_administrator_uuid"`
+	UsernamePrefix                          types.String `tfsdk:"username_prefix"`
+	AbstractProvisionedLDAP                 types.Object `tfsdk:"abstract_provisioned_ldap"`
+	ProvisionedAD                           types.Object `tfsdk:"provisioned_a_d"`
+	ProvisionedAzureOIDCDirectory           types.Object `tfsdk:"provisioned_azure_oidc_directory"`
+	ProvisionedAzureSyncLDAPDirectory       types.Object `tfsdk:"provisioned_azure_sync_ldap_directory"`
+	ProvisionedAzureTenant                  types.Object `tfsdk:"provisioned_azure_tenant"`
+	ProvisionedInternalLDAP                 types.Object `tfsdk:"provisioned_internal_ldap"`
+	ProvisionedLDAP                         types.Object `tfsdk:"provisioned_ldap"`
+	ProvisionedLDAPDirectory                types.Object `tfsdk:"provisioned_ldap_directory"`
+}
+
+var provisioningProvisionedSystemLinkableWrapperAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedSystemLinkableWrapper(false)
+var provisioningProvisionedSystemLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedSystemLinkableWrapper(true)
+
+type provisioningProvisionedSystemLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var provisioningProvisionedSystemPrimerAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedSystemPrimer(false)
+var provisioningProvisionedSystemPrimerAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedSystemPrimer(true)
+
+type provisioningProvisionedSystemPrimerDataRS struct {
+	Links                                   types.List   `tfsdk:"links"`
+	Permissions                             types.List   `tfsdk:"permissions"`
+	Active                                  types.Bool   `tfsdk:"active"`
+	Name                                    types.String `tfsdk:"name"`
+	OrganizationalUnitUUID                  types.String `tfsdk:"organizational_unit_uuid"`
+	ProvisioningProvisionedSystemPrimerType types.String `tfsdk:"type"`
+	UUID                                    types.String `tfsdk:"uuid"`
+}
+
+var provisioningProvisionedSystemPrimerLinkableWrapperAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedSystemPrimerLinkableWrapper(false)
+var provisioningProvisionedSystemPrimerLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedSystemPrimerLinkableWrapper(true)
+
+type provisioningProvisionedSystemPrimerLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var provisioningProvisionedSystem_additionalObjectsAttrTypesRS = objectAttrsTypeRSProvisioningProvisionedSystem_additionalObjects(false)
+var provisioningProvisionedSystem_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisionedSystem_additionalObjects(true)
+
+type provisioningProvisionedSystem_additionalObjectsDataRS struct {
+	Account               types.Object `tfsdk:"account"`
+	Audit                 types.Object `tfsdk:"audit"`
+	IssuedPermissions     types.List   `tfsdk:"issued_permissions"`
+	LoginName             types.String `tfsdk:"login_name"`
+	ManagementPermissions types.Object `tfsdk:"management_permissions"`
+	Markers               types.Object `tfsdk:"markers"`
+	Statistics            types.Object `tfsdk:"statistics"`
+	SupportedGroupTypes   types.Object `tfsdk:"supported_group_types"`
+}
+
+var provisioningProvisioningManagementPermissionsAttrTypesRS = objectAttrsTypeRSProvisioningProvisioningManagementPermissions(false)
+var provisioningProvisioningManagementPermissionsAttrTypesRSRecurse = objectAttrsTypeRSProvisioningProvisioningManagementPermissions(true)
+
+type provisioningProvisioningManagementPermissionsDataRS struct {
+	CreateNewGroupsAllowed       types.Bool `tfsdk:"create_new_groups_allowed"`
+	CreateServiceAccountsAllowed types.Bool `tfsdk:"create_service_accounts_allowed"`
+	ReuseExistingGroupsAllowed   types.Bool `tfsdk:"reuse_existing_groups_allowed"`
+}
+
+var serviceaccountServiceAccountAttrTypesRS = objectAttrsTypeRSServiceaccountServiceAccount(false)
+var serviceaccountServiceAccountAttrTypesRSRecurse = objectAttrsTypeRSServiceaccountServiceAccount(true)
+
+type serviceaccountServiceAccountDataRS struct {
+	Links                      types.List   `tfsdk:"links"`
+	Permissions                types.List   `tfsdk:"permissions"`
+	Active                     types.Bool   `tfsdk:"active"`
+	Name                       types.String `tfsdk:"name"`
+	SystemUUID                 types.String `tfsdk:"system_uuid"`
+	Username                   types.String `tfsdk:"username"`
+	UUID                       types.String `tfsdk:"uuid"`
+	Audit                      types.Object `tfsdk:"audit" tkhao:"audit"`
+	Groups                     types.List   `tfsdk:"groups" tkhao:"groups"`
+	Secret                     types.Object `tfsdk:"secret" tkhao:"secret"`
+	Description                types.String `tfsdk:"description"`
+	PasswordUUID               types.String `tfsdk:"password_uuid"`
+	PasswordRotation           types.String `tfsdk:"password_rotation"`
+	TechnicalAdministratorUUID types.String `tfsdk:"technical_administrator_uuid"`
+}
+
+var serviceaccountServiceAccountGroupAttrTypesRS = objectAttrsTypeRSServiceaccountServiceAccountGroup(false)
+var serviceaccountServiceAccountGroupAttrTypesRSRecurse = objectAttrsTypeRSServiceaccountServiceAccountGroup(true)
+
+type serviceaccountServiceAccountGroupDataRS struct {
+	Links                               types.List   `tfsdk:"links"`
+	Permissions                         types.List   `tfsdk:"permissions"`
+	DisplayName                         types.String `tfsdk:"display_name"`
+	NameInSystem                        types.String `tfsdk:"name_in_system"`
+	ProvisioningGroupOnSystemPrimerType types.String `tfsdk:"type"`
+	ShortNameInSystem                   types.String `tfsdk:"short_name_in_system"`
+	Audit                               types.Object `tfsdk:"audit" tkhao:"audit"`
+}
+
+var serviceaccountServiceAccountGroupLinkableWrapperAttrTypesRS = objectAttrsTypeRSServiceaccountServiceAccountGroupLinkableWrapper(false)
+var serviceaccountServiceAccountGroupLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSServiceaccountServiceAccountGroupLinkableWrapper(true)
+
+type serviceaccountServiceAccountGroupLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var serviceaccountServiceAccountGroup_additionalObjectsAttrTypesRS = objectAttrsTypeRSServiceaccountServiceAccountGroup_additionalObjects(false)
+var serviceaccountServiceAccountGroup_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSServiceaccountServiceAccountGroup_additionalObjects(true)
+
+type serviceaccountServiceAccountGroup_additionalObjectsDataRS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
+
+var serviceaccountServiceAccountLinkableWrapperAttrTypesRS = objectAttrsTypeRSServiceaccountServiceAccountLinkableWrapper(false)
+var serviceaccountServiceAccountLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSServiceaccountServiceAccountLinkableWrapper(true)
+
+type serviceaccountServiceAccountLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var serviceaccountServiceAccountPrimerAttrTypesRS = objectAttrsTypeRSServiceaccountServiceAccountPrimer(false)
+var serviceaccountServiceAccountPrimerAttrTypesRSRecurse = objectAttrsTypeRSServiceaccountServiceAccountPrimer(true)
+
+type serviceaccountServiceAccountPrimerDataRS struct {
+	Links       types.List   `tfsdk:"links"`
+	Permissions types.List   `tfsdk:"permissions"`
+	Active      types.Bool   `tfsdk:"active"`
+	Name        types.String `tfsdk:"name"`
+	SystemUUID  types.String `tfsdk:"system_uuid"`
+	Username    types.String `tfsdk:"username"`
+	UUID        types.String `tfsdk:"uuid"`
+}
+
+var serviceaccountServiceAccountPrimerLinkableWrapperAttrTypesRS = objectAttrsTypeRSServiceaccountServiceAccountPrimerLinkableWrapper(false)
+var serviceaccountServiceAccountPrimerLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSServiceaccountServiceAccountPrimerLinkableWrapper(true)
+
+type serviceaccountServiceAccountPrimerLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var serviceaccountServiceAccount_additionalObjectsAttrTypesRS = objectAttrsTypeRSServiceaccountServiceAccount_additionalObjects(false)
+var serviceaccountServiceAccount_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSServiceaccountServiceAccount_additionalObjects(true)
+
+type serviceaccountServiceAccount_additionalObjectsDataRS struct {
+	Audit  types.Object `tfsdk:"audit"`
+	Groups types.List   `tfsdk:"groups"`
+	Secret types.Object `tfsdk:"secret"`
+}
+
+var vaultPasswordMetadataAttrTypesRS = objectAttrsTypeRSVaultPasswordMetadata(false)
+var vaultPasswordMetadataAttrTypesRSRecurse = objectAttrsTypeRSVaultPasswordMetadata(true)
+
+type vaultPasswordMetadataDataRS struct {
+	Dictionary   types.Bool   `tfsdk:"dictionary"`
+	Duplicate    types.Bool   `tfsdk:"duplicate"`
+	Hash         types.String `tfsdk:"hash"`
+	Length       types.Int64  `tfsdk:"length"`
+	LowerCount   types.Int64  `tfsdk:"lower_count"`
+	NumberCount  types.Int64  `tfsdk:"number_count"`
+	SpecialCount types.Int64  `tfsdk:"special_count"`
+	Strength     types.Int64  `tfsdk:"strength"`
+	UpperCount   types.Int64  `tfsdk:"upper_count"`
+}
+
+var vaultVaultAttrTypesRS = objectAttrsTypeRSVaultVault(false)
+var vaultVaultAttrTypesRSRecurse = objectAttrsTypeRSVaultVault(true)
+
+type vaultVaultDataRS struct {
+	Links           types.List   `tfsdk:"links"`
+	Permissions     types.List   `tfsdk:"permissions"`
+	AccessAvailable types.Bool   `tfsdk:"access_available"`
+	Name            types.String `tfsdk:"name"`
+	Records         types.List   `tfsdk:"records"`
+}
+
+var vaultVaultHolderAttrTypesRS = objectAttrsTypeRSVaultVaultHolder(false)
+var vaultVaultHolderAttrTypesRSRecurse = objectAttrsTypeRSVaultVaultHolder(true)
+
+type vaultVaultHolderDataRS struct {
+}
+
+var vaultVaultRecordAttrTypesRS = objectAttrsTypeRSVaultVaultRecord(false)
+var vaultVaultRecordAttrTypesRSRecurse = objectAttrsTypeRSVaultVaultRecord(true)
+
+type vaultVaultRecordDataRS struct {
+	Links            types.List   `tfsdk:"links"`
+	Permissions      types.List   `tfsdk:"permissions"`
+	Color            types.String `tfsdk:"color"`
+	Name             types.String `tfsdk:"name"`
+	ShareEndTime     types.String `tfsdk:"share_end_time"`
+	UUID             types.String `tfsdk:"uuid"`
+	Audit            types.Object `tfsdk:"audit" tkhao:"audit"`
+	DeleteTile       types.Bool   `tfsdk:"delete_tile" tkhao:"deleteTile"`
+	ParentUUID       types.String `tfsdk:"parent_uuid" tkhao:"parent"`
+	PasswordMetadata types.Object `tfsdk:"password_metadata" tkhao:"passwordMetadata"`
+	Secret           types.Object `tfsdk:"secret" tkhao:"secret"`
+	ShareSummary     types.Object `tfsdk:"share_summary" tkhao:"shareSummary"`
+	Shares           types.List   `tfsdk:"shares" tkhao:"shares"`
+	Tile             types.Object `tfsdk:"tile" tkhao:"tile"`
+	Vaultholder      types.Object `tfsdk:"vaultholder" tkhao:"vaultholder"`
+	Derived          types.Bool   `tfsdk:"derived"`
+	EndDate          types.String `tfsdk:"end_date"`
+	Filename         types.String `tfsdk:"filename"`
+	Types            types.List   `tfsdk:"types"`
+	URL              types.String `tfsdk:"url"`
+	Username         types.String `tfsdk:"username"`
+	WarningPeriod    types.String `tfsdk:"warning_period"`
+}
+
+var vaultVaultRecordPrimerAttrTypesRS = objectAttrsTypeRSVaultVaultRecordPrimer(false)
+var vaultVaultRecordPrimerAttrTypesRSRecurse = objectAttrsTypeRSVaultVaultRecordPrimer(true)
+
+type vaultVaultRecordPrimerDataRS struct {
+	Links        types.List   `tfsdk:"links"`
+	Permissions  types.List   `tfsdk:"permissions"`
+	Color        types.String `tfsdk:"color"`
+	Name         types.String `tfsdk:"name"`
+	ShareEndTime types.String `tfsdk:"share_end_time"`
+	UUID         types.String `tfsdk:"uuid"`
+}
+
+var vaultVaultRecordPrimerLinkableWrapperAttrTypesRS = objectAttrsTypeRSVaultVaultRecordPrimerLinkableWrapper(false)
+var vaultVaultRecordPrimerLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSVaultVaultRecordPrimerLinkableWrapper(true)
+
+type vaultVaultRecordPrimerLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var vaultVaultRecordSecretsAttrTypesRS = objectAttrsTypeRSVaultVaultRecordSecrets(false)
+var vaultVaultRecordSecretsAttrTypesRSRecurse = objectAttrsTypeRSVaultVaultRecordSecrets(true)
+
+type vaultVaultRecordSecretsDataRS struct {
+	Comment   types.String `tfsdk:"comment"`
+	File      types.String `tfsdk:"file"`
+	Password  types.String `tfsdk:"password"`
+	Totp      types.String `tfsdk:"totp"`
+	WriteTotp types.Bool   `tfsdk:"write_totp"`
+}
+
+var vaultVaultRecordShareAttrTypesRS = objectAttrsTypeRSVaultVaultRecordShare(false)
+var vaultVaultRecordShareAttrTypesRSRecurse = objectAttrsTypeRSVaultVaultRecordShare(true)
+
+type vaultVaultRecordShareDataRS struct {
+	Name                      types.String `tfsdk:"name"`
+	VaultVaultRecordShareType types.String `tfsdk:"type"`
+}
+
+var vaultVaultRecordShareSummaryAttrTypesRS = objectAttrsTypeRSVaultVaultRecordShareSummary(false)
+var vaultVaultRecordShareSummaryAttrTypesRSRecurse = objectAttrsTypeRSVaultVaultRecordShareSummary(true)
+
+type vaultVaultRecordShareSummaryDataRS struct {
+	Children types.List   `tfsdk:"children"`
+	Parent   types.Object `tfsdk:"parent"`
+}
+
+var vaultVaultRecord_additionalObjectsAttrTypesRS = objectAttrsTypeRSVaultVaultRecord_additionalObjects(false)
+var vaultVaultRecord_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSVaultVaultRecord_additionalObjects(true)
+
+type vaultVaultRecord_additionalObjectsDataRS struct {
+	Audit            types.Object `tfsdk:"audit"`
+	DeleteTile       types.Bool   `tfsdk:"delete_tile"`
+	ParentUUID       types.String `tfsdk:"parent_uuid"`
+	PasswordMetadata types.Object `tfsdk:"password_metadata"`
+	Secret           types.Object `tfsdk:"secret"`
+	ShareSummary     types.Object `tfsdk:"share_summary"`
+	Shares           types.List   `tfsdk:"shares"`
+	Tile             types.Object `tfsdk:"tile"`
+	Vaultholder      types.Object `tfsdk:"vaultholder"`
+}
+
+var webhookWebhookAttrTypesRS = objectAttrsTypeRSWebhookWebhook(false)
+var webhookWebhookAttrTypesRSRecurse = objectAttrsTypeRSWebhookWebhook(true)
+
+type webhookWebhookDataRS struct {
+	Links                  types.List   `tfsdk:"links"`
+	Permissions            types.List   `tfsdk:"permissions"`
+	AccountUUID            types.String `tfsdk:"account_uuid"`
+	Active                 types.Bool   `tfsdk:"active"`
+	Audit                  types.Object `tfsdk:"audit" tkhao:"audit"`
+	AllTypes               types.Bool   `tfsdk:"all_types"`
+	AuthenticationScheme   types.String `tfsdk:"authentication_scheme"`
+	BasicAuthPassword      types.String `tfsdk:"basic_auth_password"`
+	BasicAuthUsername      types.String `tfsdk:"basic_auth_username"`
+	BearerToken            types.String `tfsdk:"bearer_token"`
+	ClientUUID             types.String `tfsdk:"client_uuid"`
+	ClientCertificateUUID  types.String `tfsdk:"client_certificate_uuid"`
+	CustomHeaderName       types.String `tfsdk:"custom_header_name"`
+	CustomHeaderValue      types.String `tfsdk:"custom_header_value"`
+	DirectoryUUID          types.String `tfsdk:"directory_uuid"`
+	GroupUUID              types.String `tfsdk:"group_uuid"`
+	Name                   types.String `tfsdk:"name"`
+	SystemUUID             types.String `tfsdk:"system_uuid"`
+	TLS                    types.String `tfsdk:"tls"`
+	TrustedCertificateUUID types.String `tfsdk:"trusted_certificate_uuid"`
+	Types                  types.List   `tfsdk:"types"`
+	URL                    types.String `tfsdk:"url"`
+	UUID                   types.String `tfsdk:"uuid"`
+	VerbosePayloads        types.Bool   `tfsdk:"verbose_payloads"`
+}
+
+var webhookWebhookLinkableWrapperAttrTypesRS = objectAttrsTypeRSWebhookWebhookLinkableWrapper(false)
+var webhookWebhookLinkableWrapperAttrTypesRSRecurse = objectAttrsTypeRSWebhookWebhookLinkableWrapper(true)
+
+type webhookWebhookLinkableWrapperDataRS struct {
+	Items types.List `tfsdk:"items"`
+}
+
+var webhookWebhook_additionalObjectsAttrTypesRS = objectAttrsTypeRSWebhookWebhook_additionalObjects(false)
+var webhookWebhook_additionalObjectsAttrTypesRSRecurse = objectAttrsTypeRSWebhookWebhook_additionalObjects(true)
+
+type webhookWebhook_additionalObjectsDataRS struct {
+	Audit types.Object `tfsdk:"audit"`
+}
diff --git a/internal/provider/full-helpers.go b/internal/provider/full-helpers.go
new file mode 100644
index 0000000..be9bb42
--- /dev/null
+++ b/internal/provider/full-helpers.go
@@ -0,0 +1,581 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"context"
+	"fmt"
+	"reflect"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	rsschema "github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	"github.com/microsoft/kiota-abstractions-go/serialization"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubaccount "github.com/topicuskeyhub/sdk-go/account"
+	keyhubcertificate "github.com/topicuskeyhub/sdk-go/certificate"
+	keyhubclient "github.com/topicuskeyhub/sdk-go/client"
+	keyhubdirectory "github.com/topicuskeyhub/sdk-go/directory"
+	keyhubgroup "github.com/topicuskeyhub/sdk-go/group"
+	keyhubgroupclassification "github.com/topicuskeyhub/sdk-go/groupclassification"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+	keyhuborganizationalunit "github.com/topicuskeyhub/sdk-go/organizationalunit"
+	keyhubserviceaccount "github.com/topicuskeyhub/sdk-go/serviceaccount"
+	keyhubsystem "github.com/topicuskeyhub/sdk-go/system"
+	keyhubvaultrecord "github.com/topicuskeyhub/sdk-go/vaultrecord"
+)
+
+type contextKey int
+
+const (
+	keyHubClientKey contextKey = iota
+)
+
+func sliceToTF[T any](elemType attr.Type, vals []T, toValue func(T, *diag.Diagnostics) attr.Value) (attr.Value, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	ret := make([]attr.Value, 0, len(vals))
+	for _, curVal := range vals {
+		ret = append(ret, toValue(curVal, &diags))
+	}
+	return types.ListValue(elemType, ret)
+}
+
+func tfToSlice[T any](val basetypes.ListValue, toValue func(attr.Value, *diag.Diagnostics) T) ([]T, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	vals := val.Elements()
+	ret := make([]T, 0, len(vals))
+	for _, curVal := range vals {
+		ret = append(ret, toValue(curVal, &diags))
+	}
+	return ret, diags
+}
+
+func mapToTF[T any](elemType attr.Type, vals map[string]T, toValue func(T, *diag.Diagnostics) attr.Value) (attr.Value, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	ret := make(map[string]attr.Value)
+	for name, val := range vals {
+		ret[name] = toValue(val, &diags)
+	}
+	return types.MapValue(elemType, ret)
+}
+
+func tfToMap[T serialization.AdditionalDataHolder](val basetypes.MapValue, toValue func(attr.Value, *diag.Diagnostics) any, ret T) (T, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	vals := val.Elements()
+	retMap := make(map[string]any)
+	for name, val := range vals {
+		retMap[name] = toValue(val, &diags)
+	}
+	ret.SetAdditionalData(retMap)
+	return ret, diags
+}
+
+func int32PToInt64P(in *int32) *int64 {
+	if in == nil {
+		return nil
+	}
+	ret := int64(*in)
+	return &ret
+}
+
+func int64PToInt32P(in *int64) *int32 {
+	if in == nil {
+		return nil
+	}
+	ret := int32(*in)
+	return &ret
+}
+
+func stringerToTF[T fmt.Stringer](val *T) attr.Value {
+	if val == nil {
+		return types.StringNull()
+	}
+	return types.StringValue((*val).String())
+}
+
+func timeToTF(val time.Time) attr.Value {
+	ret, _ := val.MarshalText()
+	return types.StringValue(string(ret))
+}
+
+func timePointerToTF(val *time.Time) attr.Value {
+	if val == nil {
+		return types.StringNull()
+	}
+	ret, _ := val.MarshalText()
+	return types.StringValue(string(ret))
+}
+
+func tfToTime(val basetypes.StringValue) (time.Time, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	parsed, err := time.Parse(time.RFC3339, val.ValueString())
+	if err != nil {
+		diags.AddError("Conversion error", fmt.Sprintf("Unable to parse time: %s", err))
+	}
+	return parsed, diags
+}
+
+func tfToTimePointer(val basetypes.StringValue) (*time.Time, diag.Diagnostics) {
+	if val.IsNull() || val.IsUnknown() {
+		return nil, diag.Diagnostics{}
+	}
+	parsed, diags := tfToTime(val)
+	return &parsed, diags
+}
+
+func withUuidToTF(val interface{ GetUuid() *string }) attr.Value {
+	if val == nil {
+		return types.StringNull()
+	}
+	return types.StringPointerValue(val.GetUuid())
+}
+
+func toItemsList(ctx context.Context, val attr.Value) basetypes.ObjectValue {
+	attrType := map[string]attr.Type{"items": val.Type(ctx)}
+	if val.IsNull() || val.IsUnknown() {
+		return types.ObjectNull(attrType)
+	}
+	return types.ObjectValueMust(attrType, map[string]attr.Value{"items": val})
+}
+
+func getItemsAttr(val basetypes.ObjectValue, attrType attr.Type) attr.Value {
+	if val.IsNull() || val.IsUnknown() {
+		return types.ListNull(attrType.(basetypes.ListType).ElementType())
+	}
+	return val.Attributes()["items"]
+}
+
+func parsePointer[T any](val basetypes.StringValue, parser func(string) (T, error)) (*T, diag.Diagnostics) {
+	if val.IsNull() || val.IsUnknown() {
+		return nil, diag.Diagnostics{}
+	}
+	parsed, diags := parse(val, parser)
+	return &parsed, diags
+}
+
+func parsePointer2[T any](val basetypes.StringValue, parser func(string) (*T, error)) (*T, diag.Diagnostics) {
+	if val.IsNull() || val.IsUnknown() {
+		return nil, diag.Diagnostics{}
+	}
+	parsed, diags := parse(val, parser)
+	return parsed, diags
+}
+
+func parse[T any](val basetypes.StringValue, parser func(string) (T, error)) (T, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	parsed, err := parser(val.ValueString())
+	if err != nil {
+		diags.AddError("Conversion error", fmt.Sprintf("Unable to parse %s: %s", val.ValueString(), err))
+	}
+	return parsed, diags
+}
+
+func parseCastPointer[T any, Z any](val basetypes.StringValue, parser func(string) (Z, error), caster func(Z) T) (*T, diag.Diagnostics) {
+	if val.IsNull() || val.IsUnknown() {
+		return nil, diag.Diagnostics{}
+	}
+	parsed, diags := parseCast(val, parser, caster)
+	return &parsed, diags
+}
+
+func parseCast[T any, Z any](val basetypes.StringValue, parser func(string) (Z, error), caster func(Z) T) (T, diag.Diagnostics) {
+	parsed, diags := parse(val, parser)
+	var ret T
+	if diags.HasError() {
+		return ret, diags
+	}
+	return caster(parsed), diags
+}
+
+func findFirst[T keyhubmodels.Linkableable](ctx context.Context, wrapper interface{ GetItems() []T }, name string, uuid *string, err error) (T, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var noVal T
+	if err != nil {
+		diags.AddError("Client Error", fmt.Sprintf("Unable to read %s, got error: %s", name, errorReportToString(ctx, err)))
+		return noVal, diags
+	}
+	if len(wrapper.GetItems()) == 0 {
+		diags.AddError("Client Error", fmt.Sprintf("Unable to find %s with UUID %s", name, *uuid))
+		return noVal, diags
+	}
+	return wrapper.GetItems()[0], nil
+
+}
+
+func findGroupGroupPrimerByUUID(ctx context.Context, uuid *string) (keyhubmodels.GroupGroupPrimerable, diag.Diagnostics) {
+	if uuid == nil || *uuid == "" {
+		return nil, diag.Diagnostics{}
+	}
+	client := ctx.Value(keyHubClientKey).(*keyhub.KeyHubClient)
+	wrapper, err := client.Group().Get(ctx, &keyhubgroup.GroupRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubgroup.GroupRequestBuilderGetQueryParameters{
+			Uuid: []string{*uuid},
+		},
+	})
+	ret, diag := findFirst[keyhubmodels.GroupGroupable](ctx, wrapper, "group", uuid, err)
+	if ret == nil {
+		return ret, diag
+	}
+	if primer, ok := findSuperStruct(ret, reflect.TypeOf(keyhubmodels.GroupGroupPrimer{})); ok {
+		ret := primer.(keyhubmodels.GroupGroupPrimer)
+		return &ret, diag
+	}
+	diag.AddError("Type error", "Result not of type GroupGroupPrimer")
+	return nil, diag
+}
+
+func findDirectoryAccountDirectoryPrimerByUUID(ctx context.Context, uuid *string) (keyhubmodels.DirectoryAccountDirectoryPrimerable, diag.Diagnostics) {
+	if uuid == nil || *uuid == "" {
+		return nil, diag.Diagnostics{}
+	}
+	client := ctx.Value(keyHubClientKey).(*keyhub.KeyHubClient)
+	wrapper, err := client.Directory().Get(ctx, &keyhubdirectory.DirectoryRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubdirectory.DirectoryRequestBuilderGetQueryParameters{
+			Uuid: []string{*uuid},
+		},
+	})
+	ret, diag := findFirst[keyhubmodels.DirectoryAccountDirectoryable](ctx, wrapper, "directory", uuid, err)
+	if ret == nil {
+		return ret, diag
+	}
+	if primer, ok := findSuperStruct(ret, reflect.TypeOf(keyhubmodels.DirectoryAccountDirectoryPrimer{})); ok {
+		ret := primer.(keyhubmodels.DirectoryAccountDirectoryPrimer)
+		return &ret, diag
+	}
+	diag.AddError("Type error", "Result not of type DirectoryAccountDirectoryPrimer")
+	return nil, diag
+}
+
+func findOrganizationOrganizationalUnitPrimerByUUID(ctx context.Context, uuid *string) (keyhubmodels.OrganizationOrganizationalUnitPrimerable, diag.Diagnostics) {
+	if uuid == nil || *uuid == "" {
+		return nil, diag.Diagnostics{}
+	}
+	client := ctx.Value(keyHubClientKey).(*keyhub.KeyHubClient)
+	wrapper, err := client.Organizationalunit().Get(ctx, &keyhuborganizationalunit.OrganizationalunitRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhuborganizationalunit.OrganizationalunitRequestBuilderGetQueryParameters{
+			Uuid: []string{*uuid},
+		},
+	})
+	ret, diag := findFirst[keyhubmodels.OrganizationOrganizationalUnitable](ctx, wrapper, "organizational unit", uuid, err)
+	if ret == nil {
+		return ret, diag
+	}
+	if primer, ok := findSuperStruct(ret, reflect.TypeOf(keyhubmodels.OrganizationOrganizationalUnitPrimer{})); ok {
+		ret := primer.(keyhubmodels.OrganizationOrganizationalUnitPrimer)
+		return &ret, diag
+	}
+	diag.AddError("Type error", "Result not of type OrganizationOrganizationalUnitPrimer")
+	return nil, diag
+}
+
+func findCertificateCertificatePrimerByUUID(ctx context.Context, uuid *string) (keyhubmodels.CertificateCertificatePrimerable, diag.Diagnostics) {
+	if uuid == nil || *uuid == "" {
+		return nil, diag.Diagnostics{}
+	}
+	client := ctx.Value(keyHubClientKey).(*keyhub.KeyHubClient)
+	wrapper, err := client.Certificate().Get(ctx, &keyhubcertificate.CertificateRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubcertificate.CertificateRequestBuilderGetQueryParameters{
+			Uuid: []string{*uuid},
+		},
+	})
+	ret, diag := findFirst[keyhubmodels.CertificateCertificateable](ctx, wrapper, "certificate", uuid, err)
+	if ret == nil {
+		return ret, diag
+	}
+	if primer, ok := findSuperStruct(ret, reflect.TypeOf(keyhubmodels.CertificateCertificatePrimer{})); ok {
+		ret := primer.(keyhubmodels.CertificateCertificatePrimer)
+		return &ret, diag
+	}
+	diag.AddError("Type error", "Result not of type CertificateCertificatePrimer")
+	return nil, diag
+}
+
+func findProvisioningProvisionedSystemPrimerByUUID(ctx context.Context, uuid *string) (keyhubmodels.ProvisioningProvisionedSystemPrimerable, diag.Diagnostics) {
+	if uuid == nil || *uuid == "" {
+		return nil, diag.Diagnostics{}
+	}
+	client := ctx.Value(keyHubClientKey).(*keyhub.KeyHubClient)
+	wrapper, err := client.System().Get(ctx, &keyhubsystem.SystemRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubsystem.SystemRequestBuilderGetQueryParameters{
+			Uuid: []string{*uuid},
+		},
+	})
+	ret, diag := findFirst[keyhubmodels.ProvisioningProvisionedSystemable](ctx, wrapper, "provisioned system", uuid, err)
+	if ret == nil {
+		return ret, diag
+	}
+	if primer, ok := findSuperStruct(ret, reflect.TypeOf(keyhubmodels.ProvisioningProvisionedSystemPrimer{})); ok {
+		ret := primer.(keyhubmodels.ProvisioningProvisionedSystemPrimer)
+		return &ret, diag
+	}
+	diag.AddError("Type error", "Result not of type ProvisioningProvisionedSystemPrimer")
+	return nil, diag
+}
+
+func findGroupGroupClassificationPrimerByUUID(ctx context.Context, uuid *string) (keyhubmodels.GroupGroupClassificationPrimerable, diag.Diagnostics) {
+	if uuid == nil || *uuid == "" {
+		return nil, diag.Diagnostics{}
+	}
+	client := ctx.Value(keyHubClientKey).(*keyhub.KeyHubClient)
+	wrapper, err := client.Groupclassification().Get(ctx, &keyhubgroupclassification.GroupclassificationRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubgroupclassification.GroupclassificationRequestBuilderGetQueryParameters{
+			Uuid: []string{*uuid},
+		},
+	})
+	ret, diag := findFirst[keyhubmodels.GroupGroupClassificationable](ctx, wrapper, "group classification", uuid, err)
+	if ret == nil {
+		return ret, diag
+	}
+	if primer, ok := findSuperStruct(ret, reflect.TypeOf(keyhubmodels.GroupGroupClassificationPrimer{})); ok {
+		ret := primer.(keyhubmodels.GroupGroupClassificationPrimer)
+		return &ret, diag
+	}
+	diag.AddError("Type error", "Result not of type GroupGroupClassificationPrimer")
+	return nil, diag
+}
+
+func findClientClientApplicationPrimerByUUID(ctx context.Context, uuid *string) (keyhubmodels.ClientClientApplicationPrimerable, diag.Diagnostics) {
+	if uuid == nil || *uuid == "" {
+		return nil, diag.Diagnostics{}
+	}
+	client := ctx.Value(keyHubClientKey).(*keyhub.KeyHubClient)
+	wrapper, err := client.Client().Get(ctx, &keyhubclient.ClientRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubclient.ClientRequestBuilderGetQueryParameters{
+			Uuid: []string{*uuid},
+		},
+	})
+	ret, diag := findFirst[keyhubmodels.ClientClientApplicationable](ctx, wrapper, "client application", uuid, err)
+	if ret == nil {
+		return ret, diag
+	}
+	if primer, ok := findSuperStruct(ret, reflect.TypeOf(keyhubmodels.ClientClientApplicationPrimer{})); ok {
+		ret := primer.(keyhubmodels.ClientClientApplicationPrimer)
+		return &ret, diag
+	}
+	diag.AddError("Type error", "Result not of type ClientClientApplicationPrimer")
+	return nil, diag
+}
+
+func findClientOAuth2ClientByUUID(ctx context.Context, uuid *string) (keyhubmodels.ClientOAuth2Clientable, diag.Diagnostics) {
+	if uuid == nil || *uuid == "" {
+		return nil, diag.Diagnostics{}
+	}
+	client := ctx.Value(keyHubClientKey).(*keyhub.KeyHubClient)
+	wrapper, err := client.Client().Get(ctx, &keyhubclient.ClientRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubclient.ClientRequestBuilderGetQueryParameters{
+			Uuid: []string{*uuid},
+		},
+	})
+	ret, diag := findFirst[keyhubmodels.ClientClientApplicationable](ctx, wrapper, "client application", uuid, err)
+	if ret == nil {
+		return nil, diag
+	}
+	if retSub, ok := ret.(*keyhubmodels.ClientOAuth2Client); ok {
+		return retSub, diag
+	}
+	diag.AddError("Type error", "Result not of type ClientOAuth2Client")
+	return nil, diag
+}
+
+func findClientLdapClientByUUID(ctx context.Context, uuid *string) (keyhubmodels.ClientLdapClientable, diag.Diagnostics) {
+	if uuid == nil || *uuid == "" {
+		return nil, diag.Diagnostics{}
+	}
+	client := ctx.Value(keyHubClientKey).(*keyhub.KeyHubClient)
+	wrapper, err := client.Client().Get(ctx, &keyhubclient.ClientRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubclient.ClientRequestBuilderGetQueryParameters{
+			Uuid: []string{*uuid},
+		},
+	})
+	ret, diag := findFirst[keyhubmodels.ClientClientApplicationable](ctx, wrapper, "client application", uuid, err)
+	if ret == nil {
+		return nil, diag
+	}
+	if retSub, ok := ret.(*keyhubmodels.ClientLdapClient); ok {
+		return retSub, diag
+	}
+	diag.AddError("Type error", "Result not of type ClientLdapClient")
+	return nil, diag
+}
+
+func findAuthAccountPrimerByUUID(ctx context.Context, uuid *string) (keyhubmodels.AuthAccountPrimerable, diag.Diagnostics) {
+	ret, diag := findAuthAccountByUUID(ctx, uuid)
+	if ret == nil {
+		return ret, diag
+	}
+	if primer, ok := findSuperStruct(ret, reflect.TypeOf(keyhubmodels.AuthAccountPrimer{})); ok {
+		ret := primer.(keyhubmodels.AuthAccountPrimer)
+		return &ret, diag
+	}
+	diag.AddError("Type error", "Result not of type AuthAccountPrimer")
+	return nil, diag
+}
+
+func findAuthAccountByUUID(ctx context.Context, uuid *string) (keyhubmodels.AuthAccountable, diag.Diagnostics) {
+	if uuid == nil || *uuid == "" {
+		return nil, diag.Diagnostics{}
+	}
+	client := ctx.Value(keyHubClientKey).(*keyhub.KeyHubClient)
+	wrapper, err := client.Account().Get(ctx, &keyhubaccount.AccountRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubaccount.AccountRequestBuilderGetQueryParameters{
+			Uuid: []string{*uuid},
+		},
+	})
+	return findFirst[keyhubmodels.AuthAccountable](ctx, wrapper, "account", uuid, err)
+}
+
+func findServiceaccountServiceAccountPrimerByUUID(ctx context.Context, uuid *string) (keyhubmodels.ServiceaccountServiceAccountPrimerable, diag.Diagnostics) {
+	if uuid == nil || *uuid == "" {
+		return nil, diag.Diagnostics{}
+	}
+	client := ctx.Value(keyHubClientKey).(*keyhub.KeyHubClient)
+	wrapper, err := client.Serviceaccount().Get(ctx, &keyhubserviceaccount.ServiceaccountRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubserviceaccount.ServiceaccountRequestBuilderGetQueryParameters{
+			Uuid: []string{*uuid},
+		},
+	})
+	ret, diag := findFirst[keyhubmodels.ServiceaccountServiceAccountable](ctx, wrapper, "service account", uuid, err)
+	if ret == nil {
+		return ret, diag
+	}
+	if primer, ok := findSuperStruct(ret, reflect.TypeOf(keyhubmodels.ServiceaccountServiceAccountPrimer{})); ok {
+		ret := primer.(keyhubmodels.ServiceaccountServiceAccountPrimer)
+		return &ret, diag
+	}
+	diag.AddError("Type error", "Result not of type ServiceaccountServiceAccountPrimer")
+	return nil, diag
+}
+
+func findVaultVaultRecordPrimerByUUID(ctx context.Context, uuid *string) (keyhubmodels.VaultVaultRecordPrimerable, diag.Diagnostics) {
+	ret, diag := findVaultVaultRecordByUUID(ctx, uuid)
+	if ret == nil {
+		return ret, diag
+	}
+	if primer, ok := findSuperStruct(ret, reflect.TypeOf(keyhubmodels.VaultVaultRecordPrimer{})); ok {
+		ret := primer.(keyhubmodels.VaultVaultRecordPrimer)
+		return &ret, diag
+	}
+	diag.AddError("Type error", "Result not of type VaultVaultRecordPrimer")
+	return nil, diag
+}
+
+func findVaultVaultRecordByUUID(ctx context.Context, uuid *string) (keyhubmodels.VaultVaultRecordable, diag.Diagnostics) {
+	if uuid == nil || *uuid == "" {
+		return nil, diag.Diagnostics{}
+	}
+	client := ctx.Value(keyHubClientKey).(*keyhub.KeyHubClient)
+	wrapper, err := client.Vaultrecord().Get(ctx, &keyhubvaultrecord.VaultrecordRequestBuilderGetRequestConfiguration{
+		QueryParameters: &keyhubvaultrecord.VaultrecordRequestBuilderGetQueryParameters{
+			Uuid: []string{*uuid},
+		},
+	})
+	return findFirst[keyhubmodels.VaultVaultRecordable](ctx, wrapper, "vault record", uuid, err)
+}
+
+func errorReportToString(ctx context.Context, err error) string {
+	report, ok := err.(keyhubmodels.ErrorReportable)
+	if !ok {
+		return err.Error()
+	}
+	var msg string
+	if report.GetApplicationError() == nil {
+		msg = fmt.Sprintf("Error %d from backend: %s", *report.GetCode(), stringPointerToString(report.GetMessage()))
+	} else {
+		msg = fmt.Sprintf("Error %d (%s) from backend: %s", *report.GetCode(), *report.GetApplicationError(), stringPointerToString(report.GetMessage()))
+	}
+	tflog.Info(ctx, msg)
+	if report.GetStacktrace() != nil {
+		tflog.Info(ctx, strings.Join(report.GetStacktrace(), "\n"))
+	}
+	return msg
+}
+
+func stringPointerToString(input *string) string {
+	if input != nil {
+		return *input
+	}
+	return ""
+}
+
+func getSelfLink(linksAttr basetypes.ListValue) restLinkDataRS {
+	var links restLinkDataRS
+	fillDataStructFromTFObjectRSRestLink(&links, linksAttr.Elements()[0].(basetypes.ObjectValue))
+	return links
+}
+
+func resetListNestedAttributeFlags(schema rsschema.ListNestedAttribute) rsschema.ListNestedAttribute {
+	schema.Optional = false
+	schema.Computed = false
+	schema.Required = false
+	schema.PlanModifiers = nil
+	return schema
+}
+
+func resetListAttributeFlags(schema rsschema.ListAttribute) rsschema.ListAttribute {
+	schema.Optional = false
+	schema.Computed = false
+	schema.Required = false
+	schema.PlanModifiers = nil
+	return schema
+}
+
+func isHttpStatusCodeOk(ctx context.Context, status int32, err error, diags *diag.Diagnostics) bool {
+	if err != nil {
+		report, ok := err.(keyhubmodels.ErrorReportable)
+		if !ok || *report.GetCode() != status {
+			diags.AddError("Client Error", fmt.Sprintf("Unexpected status code: %s", errorReportToString(ctx, err)))
+			return false
+		}
+	}
+	return true
+}
+
+func setAttributeValue(ctx context.Context, tf basetypes.ObjectValue, key string, value attr.Value) basetypes.ObjectValue {
+	obj := tf.Attributes()
+	obj[key] = value
+	return types.ObjectValueMust(tf.AttributeTypes(ctx), obj)
+}
+
+func collectAdditional(data any) []string {
+	reflectValue := reflect.ValueOf(data)
+	reflectType := reflectValue.Type()
+	ret := make([]string, 0)
+	for i := 0; i < reflectType.NumField(); i++ {
+		field := reflectType.Field(i)
+		tkhoa := field.Tag.Get("tkhao")
+		if tkhoa != "" {
+			attr := reflectValue.Field(i).Interface().(attr.Value)
+			if !attr.IsNull() && !attr.IsUnknown() {
+				ret = append(ret, tkhoa)
+			}
+		}
+	}
+	return ret
+}
+
+func findSuperStruct(data any, targetType reflect.Type) (any, bool) {
+	reflectValue := reflect.ValueOf(data)
+	reflectType := reflectValue.Type()
+	if reflectType.Kind() == reflect.Pointer {
+		return findSuperStruct(reflectValue.Elem().Interface(), targetType)
+	}
+	for i := 0; i < reflectType.NumField(); i++ {
+		field := reflectType.Field(i)
+		if field.Anonymous {
+			fieldValue := reflectValue.Field(i).Interface()
+			if field.Type == targetType {
+				return fieldValue, true
+			}
+			if ret, ok := findSuperStruct(fieldValue, targetType); ok {
+				return ret, true
+			}
+		}
+	}
+	return nil, false
+}
diff --git a/internal/provider/full-object-attrs-ds.go b/internal/provider/full-object-attrs-ds.go
new file mode 100644
index 0000000..e0188d2
--- /dev/null
+++ b/internal/provider/full-object-attrs-ds.go
@@ -0,0 +1,1428 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+func objectAttrsTypeDSAuditInfo(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["created_at"] = types.StringType
+	objectAttrs["created_by"] = types.StringType
+	objectAttrs["last_modified_at"] = types.StringType
+	objectAttrs["last_modified_by"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGeneratedSecret(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["generated_secret"] = types.StringType
+	objectAttrs["old_secret"] = types.StringType
+	objectAttrs["regenerate"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSLinkable(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSNonLinkable(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	return objectAttrs
+}
+
+func objectAttrsTypeDSRestLink(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["href"] = types.StringType
+	objectAttrs["id"] = types.Int64Type
+	objectAttrs["rel"] = types.StringType
+	objectAttrs["type_escaped"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSAuthAccount(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["active_login"] = types.BoolType
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+		objectAttrs["groups"] = objectAttrsTypeDSGroupAccountGroupLinkableWrapper(false)["items"]
+		objectAttrs["pending_recovery_requests"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuthAccountRecoveryStatus(false)}
+		objectAttrs["settings"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuthAccountSettings(false)}
+		objectAttrs["stored_attributes"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuthStoredAccountAttributes(false)}
+		objectAttrs["vault"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVault(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["last_active"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["validity"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["account_permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(false)}}
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["can_request_groups"] = types.BoolType
+	objectAttrs["directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryAccountDirectoryPrimer(false)}
+	objectAttrs["directory_name"] = types.StringType
+	objectAttrs["directory_password_change_required"] = types.BoolType
+	objectAttrs["directory_rotating_password"] = types.StringType
+	objectAttrs["directory_type"] = types.StringType
+	objectAttrs["email"] = types.StringType
+	objectAttrs["id_in_directory"] = types.StringType
+	objectAttrs["key_hub_password_change_required"] = types.BoolType
+	objectAttrs["last_modified_at"] = types.StringType
+	objectAttrs["license_role"] = types.StringType
+	objectAttrs["locale"] = types.StringType
+	objectAttrs["reregistration_required"] = types.BoolType
+	objectAttrs["token_password_enabled"] = types.BoolType
+	objectAttrs["two_factor_status"] = types.StringType
+	objectAttrs["valid_in_directory"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSAuthAccountPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["last_active"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["validity"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSAuthAccountRecoveryStatus(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["pending2fa_recovery_request"] = types.BoolType
+	objectAttrs["pending_password_recovery_request"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSAuthAccountSettings(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["default_organizational_unit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSOrganizationOrganizationalUnitPrimer(recurse)}
+	objectAttrs["directory_name"] = types.StringType
+	objectAttrs["directory_type"] = types.StringType
+	objectAttrs["in_groups"] = types.BoolType
+	objectAttrs["in_multiple_organizational_units"] = types.BoolType
+	objectAttrs["key_hub_admin"] = types.BoolType
+	objectAttrs["multiple_organizational_units_exist"] = types.BoolType
+	objectAttrs["password_mode"] = types.StringType
+	objectAttrs["ssh_public_key"] = types.StringType
+	objectAttrs["two_factor_authentication"] = types.StringType
+	objectAttrs["use_token_password"] = types.BoolType
+	objectAttrs["vault_status"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSAuthAccount_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["active_login"] = types.BoolType
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	objectAttrs["groups"] = objectAttrsTypeDSGroupAccountGroupLinkableWrapper(recurse)["items"]
+	objectAttrs["pending_recovery_requests"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuthAccountRecoveryStatus(recurse)}
+	objectAttrs["settings"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuthAccountSettings(recurse)}
+	objectAttrs["stored_attributes"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuthStoredAccountAttributes(recurse)}
+	objectAttrs["vault"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVault(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSAuthPermission(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["full"] = types.StringType
+	objectAttrs["instances"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["operations"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["type_escaped"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSAuthStoredAccountAttribute(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["name"] = types.StringType
+	objectAttrs["value"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSAuthStoredAccountAttributes(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["attributes"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthStoredAccountAttribute(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSCertificateCertificate(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["alias"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["certificate_data"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["expiration"] = types.StringType
+	objectAttrs["fingerprint_sha1"] = types.StringType
+	objectAttrs["fingerprint_sha256"] = types.StringType
+	objectAttrs["global"] = types.BoolType
+	objectAttrs["subject_dn"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["key_data"] = types.ListType{ElemType: types.StringType}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSCertificateCertificatePrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["alias"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["certificate_data"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["expiration"] = types.StringType
+	objectAttrs["fingerprint_sha1"] = types.StringType
+	objectAttrs["fingerprint_sha256"] = types.StringType
+	objectAttrs["global"] = types.BoolType
+	objectAttrs["subject_dn"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSCertificateCertificate_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSClientClientApplication(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+		objectAttrs["groupclients"] = objectAttrsTypeDSGroupGroupClientLinkableWrapper(false)["items"]
+		objectAttrs["groups"] = objectAttrsTypeDSGroupGroupLinkableWrapper(false)["items"]
+		objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGeneratedSecret(false)}
+		objectAttrs["tile"] = types.ObjectType{AttrTypes: objectAttrsTypeDSLaunchpadSsoApplicationLaunchpadTile(false)}
+		objectAttrs["vault_record_count"] = types.Int64Type
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["type"] = types.StringType
+	objectAttrs["client_id"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["scopes"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["sso_application"] = types.BoolType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["last_modified_at"] = types.StringType
+	objectAttrs["owner"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["technical_administrator"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["ldap_client"] = types.ObjectType{AttrTypes: objectAttrsTypeDSClientLdapClient(false)}
+	objectAttrs["o_auth2_client"] = types.ObjectType{AttrTypes: objectAttrsTypeDSClientOAuth2Client(false)}
+	objectAttrs["saml2_client"] = types.ObjectType{AttrTypes: objectAttrsTypeDSClientSaml2Client(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSClientClientApplicationLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSClientClientApplication(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSClientClientApplicationPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["type"] = types.StringType
+	objectAttrs["client_id"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["scopes"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["sso_application"] = types.BoolType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSClientClientApplication_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	objectAttrs["groupclients"] = objectAttrsTypeDSGroupGroupClientLinkableWrapper(recurse)["items"]
+	objectAttrs["groups"] = objectAttrsTypeDSGroupGroupLinkableWrapper(recurse)["items"]
+	objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGeneratedSecret(recurse)}
+	objectAttrs["tile"] = types.ObjectType{AttrTypes: objectAttrsTypeDSLaunchpadSsoApplicationLaunchpadTile(recurse)}
+	objectAttrs["vault_record_count"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeDSClientLdapClient(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["bind_dn"] = types.StringType
+	objectAttrs["client_certificate"] = types.ObjectType{AttrTypes: objectAttrsTypeDSCertificateCertificatePrimer(recurse)}
+	objectAttrs["share_secret_in_vault"] = types.BoolType
+	objectAttrs["shared_secret"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecordPrimer(recurse)}
+	objectAttrs["used_for_provisioning"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSClientOAuth2Client(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["account_permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["attributes"] = types.MapType{ElemType: types.StringType}
+	objectAttrs["callback_uri"] = types.StringType
+	objectAttrs["confidential"] = types.BoolType
+	objectAttrs["debug_mode"] = types.BoolType
+	objectAttrs["id_token_claims"] = types.StringType
+	objectAttrs["initiate_login_uri"] = types.StringType
+	objectAttrs["resource_uris"] = types.StringType
+	objectAttrs["share_secret_in_vault"] = types.BoolType
+	objectAttrs["shared_secret"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecordPrimer(recurse)}
+	objectAttrs["show_landing_page"] = types.BoolType
+	objectAttrs["use_client_credentials"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSClientOAuth2ClientPermission(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["for_group"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["for_system"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedSystemPrimer(false)}
+	objectAttrs["value"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSClientOAuth2ClientPermissionWithClient(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["for_group"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["for_system"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedSystemPrimer(false)}
+	objectAttrs["value"] = types.StringType
+	objectAttrs["client"] = types.ObjectType{AttrTypes: objectAttrsTypeDSClientOAuth2Client(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSClientOAuth2ClientPermissionWithClient(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSClientOAuth2ClientPermission_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSClientSaml2Client(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["attributes"] = types.MapType{ElemType: types.StringType}
+	objectAttrs["metadata"] = types.StringType
+	objectAttrs["metadata_url"] = types.StringType
+	objectAttrs["subject_format"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSDirectoryAccountDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+		objectAttrs["markers"] = types.ObjectType{AttrTypes: objectAttrsTypeDSMarkItemMarkers(false)}
+		objectAttrs["status"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryAccountDirectoryStatusReport(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["account_validity_supported"] = types.BoolType
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["base_organizational_unit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSOrganizationOrganizationalUnitPrimer(false)}
+	objectAttrs["default_directory"] = types.BoolType
+	objectAttrs["helpdesk_group"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["restrict2fa"] = types.BoolType
+	objectAttrs["rotating_password"] = types.StringType
+	objectAttrs["username_customizable"] = types.BoolType
+	objectAttrs["internal_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryInternalDirectory(false)}
+	objectAttrs["l_d_a_p_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryLDAPDirectory(false)}
+	objectAttrs["maintenance_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryMaintenanceDirectory(false)}
+	objectAttrs["o_id_c_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryOIDCDirectory(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSDirectoryAccountDirectoryLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryAccountDirectory(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSDirectoryAccountDirectoryPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["account_validity_supported"] = types.BoolType
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSDirectoryAccountDirectoryStatusReport(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["accounts"] = types.Int64Type
+	objectAttrs["reason"] = types.StringType
+	objectAttrs["status"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSDirectoryAccountDirectorySummary(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["type"] = types.StringType
+	objectAttrs["domain_restriction"] = types.StringType
+	objectAttrs["fully_resolved_issuer"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["status"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryAccountDirectoryStatusReport(recurse)}
+	objectAttrs["username_customizable"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSDirectoryAccountDirectorySummaryLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryAccountDirectorySummary(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSDirectoryAccountDirectory_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	objectAttrs["markers"] = types.ObjectType{AttrTypes: objectAttrsTypeDSMarkItemMarkers(recurse)}
+	objectAttrs["status"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryAccountDirectoryStatusReport(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSDirectoryInternalDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["owner"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSDirectoryLDAPDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["attributes_to_store"] = types.StringType
+	objectAttrs["base_dn"] = types.StringType
+	objectAttrs["client_certificate"] = types.ObjectType{AttrTypes: objectAttrsTypeDSCertificateCertificatePrimer(recurse)}
+	objectAttrs["dialect"] = types.StringType
+	objectAttrs["failover_host"] = types.StringType
+	objectAttrs["failover_trusted_certificate"] = types.ObjectType{AttrTypes: objectAttrsTypeDSCertificateCertificatePrimer(recurse)}
+	objectAttrs["host"] = types.StringType
+	objectAttrs["password_recovery"] = types.StringType
+	objectAttrs["port"] = types.Int64Type
+	objectAttrs["search_bind_dn"] = types.StringType
+	objectAttrs["search_bind_password"] = types.StringType
+	objectAttrs["search_filter"] = types.StringType
+	objectAttrs["tls"] = types.StringType
+	objectAttrs["trusted_certificate"] = types.ObjectType{AttrTypes: objectAttrsTypeDSCertificateCertificatePrimer(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSDirectoryMaintenanceDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	return objectAttrs
+}
+
+func objectAttrsTypeDSDirectoryOIDCDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["acr_values"] = types.StringType
+	objectAttrs["attributes_to_store"] = types.StringType
+	objectAttrs["client_id"] = types.StringType
+	objectAttrs["client_secret"] = types.StringType
+	objectAttrs["domain_restriction"] = types.StringType
+	objectAttrs["enforces2fa"] = types.BoolType
+	objectAttrs["fully_resolved_issuer"] = types.StringType
+	objectAttrs["issuer"] = types.StringType
+	objectAttrs["logout_url"] = types.StringType
+	objectAttrs["send_login_hint"] = types.BoolType
+	objectAttrs["vendor_escaped"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupAccountGroup(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+		objectAttrs["vault"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVault(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["admin"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["end_date"] = types.StringType
+	objectAttrs["folder"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupFolder(false)}
+	objectAttrs["last_used"] = types.StringType
+	objectAttrs["provisioning_end_time"] = types.StringType
+	objectAttrs["rights"] = types.StringType
+	objectAttrs["visible_for_provisioning"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupAccountGroupLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSGroupAccountGroup(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupAccountGroup_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	objectAttrs["vault"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVault(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupAuthorizedGroupsWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroup(recurse)}}
+	objectAttrs["group_count"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroup(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["accounts"] = objectAttrsTypeDSGroupGroupAccountLinkableWrapper(false)["items"]
+		objectAttrs["administered_clients"] = objectAttrsTypeDSClientClientApplicationLinkableWrapper(false)["items"]
+		objectAttrs["administered_systems"] = objectAttrsTypeDSProvisioningProvisionedSystemLinkableWrapper(false)["items"]
+		objectAttrs["admins"] = objectAttrsTypeDSGroupGroupAccountLinkableWrapper(false)["items"]
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+		objectAttrs["authorized_groups"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupAuthorizedGroupsWrapper(false)}
+		objectAttrs["client_permissions"] = objectAttrsTypeDSClientOAuth2ClientPermissionWithClientLinkableWrapper(false)["items"]
+		objectAttrs["clients"] = objectAttrsTypeDSGroupGroupClientLinkableWrapper(false)["items"]
+		objectAttrs["content_administered_systems"] = objectAttrsTypeDSProvisioningProvisionedSystemLinkableWrapper(false)["items"]
+		objectAttrs["groupauditinginfo"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupAuditingInfo(false)}
+		objectAttrs["groupinfo"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupInfo(false)}
+		objectAttrs["helpdesk"] = objectAttrsTypeDSDirectoryAccountDirectorySummaryLinkableWrapper(false)["items"]
+		objectAttrs["markers"] = types.ObjectType{AttrTypes: objectAttrsTypeDSMarkItemMarkers(false)}
+		objectAttrs["myaccount"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupAccount(false)}
+		objectAttrs["mydelegatedaccount"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupAccount(false)}
+		objectAttrs["nested_groups"] = objectAttrsTypeDSGroupGroupPrimerLinkableWrapper(false)["items"]
+		objectAttrs["owned_clients"] = objectAttrsTypeDSClientClientApplicationLinkableWrapper(false)["items"]
+		objectAttrs["owned_directories"] = objectAttrsTypeDSDirectoryAccountDirectoryLinkableWrapper(false)["items"]
+		objectAttrs["owned_groups_on_system"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningOwnedGroupOnSystemsWrapper(false)}
+		objectAttrs["owned_organizational_units"] = objectAttrsTypeDSOrganizationOrganizationalUnitLinkableWrapper(false)["items"]
+		objectAttrs["owned_systems"] = objectAttrsTypeDSProvisioningProvisionedSystemLinkableWrapper(false)["items"]
+		objectAttrs["recent_audits"] = objectAttrsTypeDSGroupGroupAuditLinkableWrapper(false)["items"]
+		objectAttrs["requeststatus"] = types.StringType
+		objectAttrs["service_accounts"] = objectAttrsTypeDSServiceaccountServiceAccountLinkableWrapper(false)["items"]
+		objectAttrs["systems"] = objectAttrsTypeDSGroupProvisioningGroupLinkableWrapper(false)["items"]
+		objectAttrs["vault"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVault(false)}
+		objectAttrs["webhooks"] = objectAttrsTypeDSWebhookWebhookLinkableWrapper(false)["items"]
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["admin"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["application_administration"] = types.BoolType
+	objectAttrs["audit_config"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupAuditConfig(false)}
+	objectAttrs["audit_requested"] = types.BoolType
+	objectAttrs["auditor"] = types.BoolType
+	objectAttrs["authorizing_group_auditing"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["authorizing_group_delegation"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["authorizing_group_membership"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["authorizing_group_provisioning"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["authorizing_group_types"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["classification"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupClassificationPrimer(false)}
+	objectAttrs["description"] = types.StringType
+	objectAttrs["extended_access"] = types.StringType
+	objectAttrs["hide_audit_trail"] = types.BoolType
+	objectAttrs["nested_under"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["organizational_unit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSOrganizationOrganizationalUnitPrimer(false)}
+	objectAttrs["private_group"] = types.BoolType
+	objectAttrs["record_trail"] = types.BoolType
+	objectAttrs["rotating_password_required"] = types.BoolType
+	objectAttrs["single_managed"] = types.BoolType
+	objectAttrs["vault_recovery"] = types.StringType
+	objectAttrs["vault_requires_activation"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupAccount(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["last_active"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["validity"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryAccountDirectoryPrimer(false)}
+	objectAttrs["disconnected_nested"] = types.BoolType
+	objectAttrs["end_date"] = types.StringType
+	objectAttrs["last_used"] = types.StringType
+	objectAttrs["nested"] = types.BoolType
+	objectAttrs["provisioning_end_time"] = types.StringType
+	objectAttrs["rights"] = types.StringType
+	objectAttrs["two_factor_status"] = types.StringType
+	objectAttrs["visible_for_provisioning"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupAccountLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupAccount(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupAccount_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupAudit(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["accounts"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupAuditAccount(false)}}
+	objectAttrs["comment"] = types.StringType
+	objectAttrs["created_at"] = types.StringType
+	objectAttrs["created_by"] = types.StringType
+	objectAttrs["group_name"] = types.StringType
+	objectAttrs["name_on_audit"] = types.StringType
+	objectAttrs["reviewed_at"] = types.StringType
+	objectAttrs["reviewed_by"] = types.StringType
+	objectAttrs["status"] = types.StringType
+	objectAttrs["submitted_at"] = types.StringType
+	objectAttrs["submitted_by"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupAuditAccount(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["account_uuid"] = types.StringType
+	objectAttrs["account_valid"] = types.BoolType
+	objectAttrs["action"] = types.StringType
+	objectAttrs["comment"] = types.StringType
+	objectAttrs["disconnected_nested"] = types.BoolType
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["end_date"] = types.StringType
+	objectAttrs["last_active"] = types.StringType
+	objectAttrs["last_used"] = types.StringType
+	objectAttrs["nested"] = types.BoolType
+	objectAttrs["rights"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupAuditConfig(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["months"] = types.ListType{ElemType: types.StringType}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupAuditLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupAudit(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupAudit_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupAuditingInfo(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit_due_date"] = types.StringType
+	objectAttrs["last_audit_date"] = types.StringType
+	objectAttrs["nr_accounts"] = types.Int64Type
+	objectAttrs["nr_disabled_accounts"] = types.Int64Type
+	objectAttrs["nr_disabled_managers"] = types.Int64Type
+	objectAttrs["nr_expired_vault_records"] = types.Int64Type
+	objectAttrs["nr_managers"] = types.Int64Type
+	objectAttrs["nr_vault_records_with_end_date"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupClassification(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+		objectAttrs["info"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupClassificationInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["authorizing_group_auditing_required"] = types.BoolType
+	objectAttrs["authorizing_group_delegation_required"] = types.BoolType
+	objectAttrs["authorizing_group_membership_required"] = types.BoolType
+	objectAttrs["authorizing_group_provisioning_required"] = types.BoolType
+	objectAttrs["default_classification"] = types.BoolType
+	objectAttrs["description"] = types.StringType
+	objectAttrs["maximum_audit_interval"] = types.Int64Type
+	objectAttrs["minimum_nr_managers"] = types.Int64Type
+	objectAttrs["record_trail_required"] = types.BoolType
+	objectAttrs["required_months"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["rotating_password_required"] = types.BoolType
+	objectAttrs["vault_requires_activation"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupClassificationInfo(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["nr_groups"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupClassificationPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupClassification_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	objectAttrs["info"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupClassificationInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupClient(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["activation_required"] = types.BoolType
+	objectAttrs["client"] = types.ObjectType{AttrTypes: objectAttrsTypeDSClientClientApplicationPrimer(false)}
+	objectAttrs["group"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["owner"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["technical_administrator"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupClientLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupClient(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupClient_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupFolder(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["name"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupFolder_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupInfo(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["nr_accounts"] = types.Int64Type
+	objectAttrs["nr_accounts_with_vault"] = types.Int64Type
+	objectAttrs["nr_audits"] = types.Int64Type
+	objectAttrs["nr_clients"] = types.Int64Type
+	objectAttrs["nr_provisioned_systems"] = types.Int64Type
+	objectAttrs["nr_vault_records"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroup(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["admin"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroupPrimerLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupGroup_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["accounts"] = objectAttrsTypeDSGroupGroupAccountLinkableWrapper(recurse)["items"]
+	objectAttrs["administered_clients"] = objectAttrsTypeDSClientClientApplicationLinkableWrapper(recurse)["items"]
+	objectAttrs["administered_systems"] = objectAttrsTypeDSProvisioningProvisionedSystemLinkableWrapper(recurse)["items"]
+	objectAttrs["admins"] = objectAttrsTypeDSGroupGroupAccountLinkableWrapper(recurse)["items"]
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	objectAttrs["authorized_groups"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupAuthorizedGroupsWrapper(recurse)}
+	objectAttrs["client_permissions"] = objectAttrsTypeDSClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse)["items"]
+	objectAttrs["clients"] = objectAttrsTypeDSGroupGroupClientLinkableWrapper(recurse)["items"]
+	objectAttrs["content_administered_systems"] = objectAttrsTypeDSProvisioningProvisionedSystemLinkableWrapper(recurse)["items"]
+	objectAttrs["groupauditinginfo"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupAuditingInfo(recurse)}
+	objectAttrs["groupinfo"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupInfo(recurse)}
+	objectAttrs["helpdesk"] = objectAttrsTypeDSDirectoryAccountDirectorySummaryLinkableWrapper(recurse)["items"]
+	objectAttrs["markers"] = types.ObjectType{AttrTypes: objectAttrsTypeDSMarkItemMarkers(recurse)}
+	objectAttrs["myaccount"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupAccount(recurse)}
+	objectAttrs["mydelegatedaccount"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupAccount(recurse)}
+	objectAttrs["nested_groups"] = objectAttrsTypeDSGroupGroupPrimerLinkableWrapper(recurse)["items"]
+	objectAttrs["owned_clients"] = objectAttrsTypeDSClientClientApplicationLinkableWrapper(recurse)["items"]
+	objectAttrs["owned_directories"] = objectAttrsTypeDSDirectoryAccountDirectoryLinkableWrapper(recurse)["items"]
+	objectAttrs["owned_groups_on_system"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningOwnedGroupOnSystemsWrapper(recurse)}
+	objectAttrs["owned_organizational_units"] = objectAttrsTypeDSOrganizationOrganizationalUnitLinkableWrapper(recurse)["items"]
+	objectAttrs["owned_systems"] = objectAttrsTypeDSProvisioningProvisionedSystemLinkableWrapper(recurse)["items"]
+	objectAttrs["recent_audits"] = objectAttrsTypeDSGroupGroupAuditLinkableWrapper(recurse)["items"]
+	objectAttrs["requeststatus"] = types.StringType
+	objectAttrs["service_accounts"] = objectAttrsTypeDSServiceaccountServiceAccountLinkableWrapper(recurse)["items"]
+	objectAttrs["systems"] = objectAttrsTypeDSGroupProvisioningGroupLinkableWrapper(recurse)["items"]
+	objectAttrs["vault"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVault(recurse)}
+	objectAttrs["webhooks"] = objectAttrsTypeDSWebhookWebhookLinkableWrapper(recurse)["items"]
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupProvisioningGroup(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["activation_required"] = types.BoolType
+	objectAttrs["group"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["group_on_system"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningGroupOnSystem(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupProvisioningGroupLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSGroupProvisioningGroup(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSGroupProvisioningGroup_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSLaunchpadSsoApplicationLaunchpadTile(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["uri"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSLaunchpadVaultRecordLaunchpadTile(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	return objectAttrs
+}
+
+func objectAttrsTypeDSMarkItemMarker(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["level"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["parameters"] = types.MapType{ElemType: types.StringType}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSMarkItemMarkers(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["markers"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSMarkItemMarker(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSOrganizationOrganizationalUnit(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["depth"] = types.Int64Type
+	objectAttrs["description"] = types.StringType
+	objectAttrs["owner"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["parent"] = types.ObjectType{AttrTypes: objectAttrsTypeDSOrganizationOrganizationalUnitPrimer(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSOrganizationOrganizationalUnitLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSOrganizationOrganizationalUnit(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSOrganizationOrganizationalUnitPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSOrganizationOrganizationalUnit_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningAbstractProvisionedLDAP(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["attributes"] = types.MapType{ElemType: types.StringType}
+	objectAttrs["base_dn"] = types.StringType
+	objectAttrs["bind_dn"] = types.StringType
+	objectAttrs["bind_password"] = types.StringType
+	objectAttrs["client_certificate"] = types.ObjectType{AttrTypes: objectAttrsTypeDSCertificateCertificatePrimer(recurse)}
+	objectAttrs["failover_host"] = types.StringType
+	objectAttrs["failover_trusted_certificate"] = types.ObjectType{AttrTypes: objectAttrsTypeDSCertificateCertificatePrimer(recurse)}
+	objectAttrs["group_dn"] = types.StringType
+	objectAttrs["host"] = types.StringType
+	objectAttrs["object_classes"] = types.StringType
+	objectAttrs["port"] = types.Int64Type
+	objectAttrs["service_account_dn"] = types.StringType
+	objectAttrs["ssh_public_key_supported"] = types.BoolType
+	objectAttrs["tls"] = types.StringType
+	objectAttrs["trusted_certificate"] = types.ObjectType{AttrTypes: objectAttrsTypeDSCertificateCertificatePrimer(recurse)}
+	objectAttrs["user_dn"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningCircuitBreakerStatistics(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["number_of_failed_calls"] = types.Int64Type
+	objectAttrs["number_of_not_permitted_calls"] = types.Int64Type
+	objectAttrs["number_of_successful_calls"] = types.Int64Type
+	objectAttrs["state"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningGroupOnSystem(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+		objectAttrs["provgroups"] = objectAttrsTypeDSGroupProvisioningGroupLinkableWrapper(false)["items"]
+		objectAttrs["service_accounts"] = objectAttrsTypeDSServiceaccountServiceAccountPrimerLinkableWrapper(false)["items"]
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["name_in_system"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["short_name_in_system"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["owner"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningGroupOnSystemLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningGroupOnSystem(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningGroupOnSystemPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["name_in_system"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["short_name_in_system"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningGroupOnSystemTypes(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["types"] = types.ListType{ElemType: types.StringType}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningGroupOnSystem_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	objectAttrs["provgroups"] = objectAttrsTypeDSGroupProvisioningGroupLinkableWrapper(recurse)["items"]
+	objectAttrs["service_accounts"] = objectAttrsTypeDSServiceaccountServiceAccountPrimerLinkableWrapper(recurse)["items"]
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningOwnedGroupOnSystemsWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningGroupOnSystem(recurse)}}
+	objectAttrs["unlinked_count"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionNumberSequence(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+		objectAttrs["systems"] = objectAttrsTypeDSProvisioningProvisionedSystemPrimerLinkableWrapper(false)["items"]
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["account_count"] = types.Int64Type
+	objectAttrs["name"] = types.StringType
+	objectAttrs["next_uid"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionNumberSequence_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	objectAttrs["systems"] = objectAttrsTypeDSProvisioningProvisionedSystemPrimerLinkableWrapper(recurse)["items"]
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedAD(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["sam_account_name_scheme"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedAccount(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["last_active"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["validity"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["uid"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedAccount_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedAzureOIDCDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryAccountDirectoryPrimer(recurse)}
+	objectAttrs["tenant"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedAzureSyncLDAPDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["client_id"] = types.StringType
+	objectAttrs["client_secret"] = types.StringType
+	objectAttrs["directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryAccountDirectoryPrimer(recurse)}
+	objectAttrs["tenant"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedAzureTenant(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["client_id"] = types.StringType
+	objectAttrs["client_secret"] = types.StringType
+	objectAttrs["idp_domain"] = types.StringType
+	objectAttrs["tenant"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedInternalLDAP(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["client"] = types.ObjectType{AttrTypes: objectAttrsTypeDSClientLdapClient(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedLDAP(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["gid"] = types.Int64Type
+	objectAttrs["hashing_scheme"] = types.StringType
+	objectAttrs["numbering"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionNumberSequence(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedLDAPDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryAccountDirectoryPrimer(recurse)}
+	objectAttrs["group_dn"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedSystem(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["account"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedAccount(false)}
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+		objectAttrs["issued_permissions"] = objectAttrsTypeDSClientOAuth2ClientPermissionWithClientLinkableWrapper(false)["items"]
+		objectAttrs["login_name"] = types.StringType
+		objectAttrs["management_permissions"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisioningManagementPermissions(false)}
+		objectAttrs["markers"] = types.ObjectType{AttrTypes: objectAttrsTypeDSMarkItemMarkers(false)}
+		objectAttrs["statistics"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningCircuitBreakerStatistics(false)}
+		objectAttrs["supported_group_types"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningGroupOnSystemTypes(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["organizational_unit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSOrganizationOrganizationalUnitPrimer(recurse)}
+	objectAttrs["type"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["account_count"] = types.Int64Type
+	objectAttrs["content_administrator"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["external_uuid"] = types.StringType
+	objectAttrs["owner"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["self_service_existing_groups"] = types.BoolType
+	objectAttrs["self_service_new_groups"] = types.BoolType
+	objectAttrs["self_service_service_accounts"] = types.BoolType
+	objectAttrs["should_destroy_unknown_accounts"] = types.BoolType
+	objectAttrs["technical_administrator"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["username_prefix"] = types.StringType
+	objectAttrs["abstract_provisioned_ldap"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningAbstractProvisionedLDAP(false)}
+	objectAttrs["provisioned_a_d"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedAD(false)}
+	objectAttrs["provisioned_azure_oidc_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedAzureOIDCDirectory(false)}
+	objectAttrs["provisioned_azure_sync_ldap_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedAzureSyncLDAPDirectory(false)}
+	objectAttrs["provisioned_azure_tenant"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedAzureTenant(false)}
+	objectAttrs["provisioned_internal_ldap"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedInternalLDAP(false)}
+	objectAttrs["provisioned_ldap"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedLDAP(false)}
+	objectAttrs["provisioned_ldap_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedLDAPDirectory(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedSystemLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedSystem(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedSystemPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["organizational_unit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSOrganizationOrganizationalUnitPrimer(recurse)}
+	objectAttrs["type"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedSystemPrimerLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedSystemPrimer(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisionedSystem_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["account"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedAccount(recurse)}
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	objectAttrs["issued_permissions"] = objectAttrsTypeDSClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse)["items"]
+	objectAttrs["login_name"] = types.StringType
+	objectAttrs["management_permissions"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisioningManagementPermissions(recurse)}
+	objectAttrs["markers"] = types.ObjectType{AttrTypes: objectAttrsTypeDSMarkItemMarkers(recurse)}
+	objectAttrs["statistics"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningCircuitBreakerStatistics(recurse)}
+	objectAttrs["supported_group_types"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningGroupOnSystemTypes(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSProvisioningProvisioningManagementPermissions(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["create_new_groups_allowed"] = types.BoolType
+	objectAttrs["create_service_accounts_allowed"] = types.BoolType
+	objectAttrs["reuse_existing_groups_allowed"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSServiceaccountServiceAccount(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+		objectAttrs["groups"] = objectAttrsTypeDSServiceaccountServiceAccountGroupLinkableWrapper(false)["items"]
+		objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGeneratedSecret(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["system"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedSystemPrimer(recurse)}
+	objectAttrs["username"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["description"] = types.StringType
+	objectAttrs["password"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecordPrimer(false)}
+	objectAttrs["password_rotation"] = types.StringType
+	objectAttrs["technical_administrator"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSServiceaccountServiceAccountGroup(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["name_in_system"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["short_name_in_system"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSServiceaccountServiceAccountGroupLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSServiceaccountServiceAccountGroup(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSServiceaccountServiceAccountGroup_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSServiceaccountServiceAccountLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSServiceaccountServiceAccount(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSServiceaccountServiceAccountPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["system"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedSystemPrimer(recurse)}
+	objectAttrs["username"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSServiceaccountServiceAccountPrimerLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSServiceaccountServiceAccountPrimer(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSServiceaccountServiceAccount_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	objectAttrs["groups"] = objectAttrsTypeDSServiceaccountServiceAccountGroupLinkableWrapper(recurse)["items"]
+	objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGeneratedSecret(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSVaultPasswordMetadata(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["dictionary"] = types.BoolType
+	objectAttrs["duplicate"] = types.BoolType
+	objectAttrs["hash"] = types.StringType
+	objectAttrs["length"] = types.Int64Type
+	objectAttrs["lower_count"] = types.Int64Type
+	objectAttrs["number_count"] = types.Int64Type
+	objectAttrs["special_count"] = types.Int64Type
+	objectAttrs["strength"] = types.Int64Type
+	objectAttrs["upper_count"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeDSVaultVault(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["access_available"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["records"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecord(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSVaultVaultHolder(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	return objectAttrs
+}
+
+func objectAttrsTypeDSVaultVaultRecord(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+		objectAttrs["parent"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecordPrimer(false)}
+		objectAttrs["password_metadata"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultPasswordMetadata(false)}
+		objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecordSecrets(false)}
+		objectAttrs["share_summary"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecordShareSummary(false)}
+		objectAttrs["shares"] = objectAttrsTypeDSVaultVaultRecordPrimerLinkableWrapper(false)["items"]
+		objectAttrs["tile"] = types.ObjectType{AttrTypes: objectAttrsTypeDSLaunchpadVaultRecordLaunchpadTile(false)}
+		objectAttrs["vaultholder"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultHolder(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["color"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["share_end_time"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["derived"] = types.BoolType
+	objectAttrs["end_date"] = types.StringType
+	objectAttrs["filename"] = types.StringType
+	objectAttrs["types"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["url"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	objectAttrs["warning_period"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSVaultVaultRecordPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["color"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["share_end_time"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSVaultVaultRecordPrimerLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecordPrimer(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSVaultVaultRecordSecrets(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["comment"] = types.StringType
+	objectAttrs["file"] = types.StringType
+	objectAttrs["password"] = types.StringType
+	objectAttrs["totp"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSVaultVaultRecordShare(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["name"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSVaultVaultRecordShareSummary(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["children"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecordShare(recurse)}}
+	objectAttrs["parent"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecordShare(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSVaultVaultRecord_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	objectAttrs["parent"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecordPrimer(recurse)}
+	objectAttrs["password_metadata"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultPasswordMetadata(recurse)}
+	objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecordSecrets(recurse)}
+	objectAttrs["share_summary"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultRecordShareSummary(recurse)}
+	objectAttrs["shares"] = objectAttrsTypeDSVaultVaultRecordPrimerLinkableWrapper(recurse)["items"]
+	objectAttrs["tile"] = types.ObjectType{AttrTypes: objectAttrsTypeDSLaunchpadVaultRecordLaunchpadTile(recurse)}
+	objectAttrs["vaultholder"] = types.ObjectType{AttrTypes: objectAttrsTypeDSVaultVaultHolder(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSWebhookWebhook(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSAuthPermission(recurse)}}
+	objectAttrs["additional"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["account"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuthAccountPrimer(false)}
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["all_types"] = types.BoolType
+	objectAttrs["authentication_scheme"] = types.StringType
+	objectAttrs["basic_auth_password"] = types.StringType
+	objectAttrs["basic_auth_username"] = types.StringType
+	objectAttrs["bearer_token"] = types.StringType
+	objectAttrs["client"] = types.ObjectType{AttrTypes: objectAttrsTypeDSClientClientApplicationPrimer(false)}
+	objectAttrs["client_certificate"] = types.ObjectType{AttrTypes: objectAttrsTypeDSCertificateCertificatePrimer(false)}
+	objectAttrs["custom_header_name"] = types.StringType
+	objectAttrs["custom_header_value"] = types.StringType
+	objectAttrs["directory"] = types.ObjectType{AttrTypes: objectAttrsTypeDSDirectoryAccountDirectoryPrimer(false)}
+	objectAttrs["group"] = types.ObjectType{AttrTypes: objectAttrsTypeDSGroupGroupPrimer(false)}
+	objectAttrs["name"] = types.StringType
+	objectAttrs["system"] = types.ObjectType{AttrTypes: objectAttrsTypeDSProvisioningProvisionedSystemPrimer(false)}
+	objectAttrs["tls"] = types.StringType
+	objectAttrs["trusted_certificate"] = types.ObjectType{AttrTypes: objectAttrsTypeDSCertificateCertificatePrimer(false)}
+	objectAttrs["types"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["url"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["verbose_payloads"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeDSWebhookWebhookLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeDSWebhookWebhook(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeDSWebhookWebhook_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeDSAuditInfo(recurse)}
+	return objectAttrs
+}
diff --git a/internal/provider/full-object-attrs-rs.go b/internal/provider/full-object-attrs-rs.go
new file mode 100644
index 0000000..d6728c9
--- /dev/null
+++ b/internal/provider/full-object-attrs-rs.go
@@ -0,0 +1,1282 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+func objectAttrsTypeRSAuditInfo(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["created_at"] = types.StringType
+	objectAttrs["created_by"] = types.StringType
+	objectAttrs["last_modified_at"] = types.StringType
+	objectAttrs["last_modified_by"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGeneratedSecret(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["generated_secret"] = types.StringType
+	objectAttrs["old_secret"] = types.StringType
+	objectAttrs["regenerate"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSLinkable(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSNonLinkable(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	return objectAttrs
+}
+
+func objectAttrsTypeRSRestLink(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["href"] = types.StringType
+	objectAttrs["id"] = types.Int64Type
+	objectAttrs["rel"] = types.StringType
+	objectAttrs["type_escaped"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSAuthAccountPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["last_active"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["validity"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSAuthPermission(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["full"] = types.StringType
+	objectAttrs["instances"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["operations"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["type_escaped"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSCertificateCertificatePrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["alias"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["certificate_data"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["expiration"] = types.StringType
+	objectAttrs["fingerprint_sha1"] = types.StringType
+	objectAttrs["fingerprint_sha256"] = types.StringType
+	objectAttrs["global"] = types.BoolType
+	objectAttrs["subject_dn"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSClientApplicationVaultVaultRecord(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+		objectAttrs["delete_tile"] = types.BoolType
+		objectAttrs["parent_uuid"] = types.StringType
+		objectAttrs["password_metadata"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultPasswordMetadata(false)}
+		objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultRecordSecrets(false)}
+		objectAttrs["share_summary"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultRecordShareSummary(false)}
+		objectAttrs["shares"] = objectAttrsTypeRSVaultVaultRecordPrimerLinkableWrapper(false)["items"]
+		objectAttrs["tile"] = types.ObjectType{AttrTypes: objectAttrsTypeRSLaunchpadVaultRecordLaunchpadTile(false)}
+		objectAttrs["vaultholder"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultHolder(false)}
+	}
+	objectAttrs["client_application_uuid"] = types.StringType
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["color"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["share_end_time"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["derived"] = types.BoolType
+	objectAttrs["end_date"] = types.StringType
+	objectAttrs["filename"] = types.StringType
+	objectAttrs["types"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["url"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	objectAttrs["warning_period"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSClientClientApplication(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+		objectAttrs["delete_tile"] = types.BoolType
+		objectAttrs["groupclients"] = objectAttrsTypeRSGroupGroupClientLinkableWrapper(false)["items"]
+		objectAttrs["groups"] = objectAttrsTypeRSGroupGroupLinkableWrapper(false)["items"]
+		objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGeneratedSecret(false)}
+		objectAttrs["tile"] = types.ObjectType{AttrTypes: objectAttrsTypeRSLaunchpadSsoApplicationLaunchpadTile(false)}
+		objectAttrs["vault_record_count"] = types.Int64Type
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["type"] = types.StringType
+	objectAttrs["client_id"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["scopes"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["sso_application"] = types.BoolType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["last_modified_at"] = types.StringType
+	objectAttrs["owner_uuid"] = types.StringType
+	objectAttrs["technical_administrator_uuid"] = types.StringType
+	objectAttrs["ldap_client"] = types.ObjectType{AttrTypes: objectAttrsTypeRSClientLdapClient(false)}
+	objectAttrs["o_auth2_client"] = types.ObjectType{AttrTypes: objectAttrsTypeRSClientOAuth2Client(false)}
+	objectAttrs["saml2_client"] = types.ObjectType{AttrTypes: objectAttrsTypeRSClientSaml2Client(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSClientClientApplicationLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSClientClientApplication(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSClientClientApplicationPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["type"] = types.StringType
+	objectAttrs["client_id"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["scopes"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["sso_application"] = types.BoolType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSClientClientApplication_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	objectAttrs["delete_tile"] = types.BoolType
+	objectAttrs["groupclients"] = objectAttrsTypeRSGroupGroupClientLinkableWrapper(recurse)["items"]
+	objectAttrs["groups"] = objectAttrsTypeRSGroupGroupLinkableWrapper(recurse)["items"]
+	objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGeneratedSecret(recurse)}
+	objectAttrs["tile"] = types.ObjectType{AttrTypes: objectAttrsTypeRSLaunchpadSsoApplicationLaunchpadTile(recurse)}
+	objectAttrs["vault_record_count"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeRSClientLdapClient(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["bind_dn"] = types.StringType
+	objectAttrs["client_certificate_uuid"] = types.StringType
+	objectAttrs["share_secret_in_vault"] = types.BoolType
+	objectAttrs["shared_secret_uuid"] = types.StringType
+	objectAttrs["used_for_provisioning"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSClientOAuth2Client(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["account_permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["attributes"] = types.MapType{ElemType: types.StringType}
+	objectAttrs["callback_uri"] = types.StringType
+	objectAttrs["confidential"] = types.BoolType
+	objectAttrs["debug_mode"] = types.BoolType
+	objectAttrs["id_token_claims"] = types.StringType
+	objectAttrs["initiate_login_uri"] = types.StringType
+	objectAttrs["resource_uris"] = types.StringType
+	objectAttrs["share_secret_in_vault"] = types.BoolType
+	objectAttrs["shared_secret_uuid"] = types.StringType
+	objectAttrs["show_landing_page"] = types.BoolType
+	objectAttrs["use_client_credentials"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSClientOAuth2ClientPermission(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["for_group_uuid"] = types.StringType
+	objectAttrs["for_system_uuid"] = types.StringType
+	objectAttrs["value"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSClientOAuth2ClientPermissionWithClient(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["for_group_uuid"] = types.StringType
+	objectAttrs["for_system_uuid"] = types.StringType
+	objectAttrs["value"] = types.StringType
+	objectAttrs["client_uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSClientOAuth2ClientPermissionWithClient(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSClientOAuth2ClientPermission_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSClientSaml2Client(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["attributes"] = types.MapType{ElemType: types.StringType}
+	objectAttrs["metadata"] = types.StringType
+	objectAttrs["metadata_url"] = types.StringType
+	objectAttrs["subject_format"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSDirectoryAccountDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+		objectAttrs["markers"] = types.ObjectType{AttrTypes: objectAttrsTypeRSMarkItemMarkers(false)}
+		objectAttrs["status"] = types.ObjectType{AttrTypes: objectAttrsTypeRSDirectoryAccountDirectoryStatusReport(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["account_validity_supported"] = types.BoolType
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["base_organizational_unit_uuid"] = types.StringType
+	objectAttrs["default_directory"] = types.BoolType
+	objectAttrs["helpdesk_group_uuid"] = types.StringType
+	objectAttrs["restrict2fa"] = types.BoolType
+	objectAttrs["rotating_password"] = types.StringType
+	objectAttrs["username_customizable"] = types.BoolType
+	objectAttrs["internal_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeRSDirectoryInternalDirectory(false)}
+	objectAttrs["l_d_a_p_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeRSDirectoryLDAPDirectory(false)}
+	objectAttrs["maintenance_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeRSDirectoryMaintenanceDirectory(false)}
+	objectAttrs["o_id_c_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeRSDirectoryOIDCDirectory(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSDirectoryAccountDirectoryLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSDirectoryAccountDirectory(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSDirectoryAccountDirectoryPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["account_validity_supported"] = types.BoolType
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSDirectoryAccountDirectoryStatusReport(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["accounts"] = types.Int64Type
+	objectAttrs["reason"] = types.StringType
+	objectAttrs["status"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSDirectoryAccountDirectorySummary(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["type"] = types.StringType
+	objectAttrs["domain_restriction"] = types.StringType
+	objectAttrs["fully_resolved_issuer"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["status"] = types.ObjectType{AttrTypes: objectAttrsTypeRSDirectoryAccountDirectoryStatusReport(recurse)}
+	objectAttrs["username_customizable"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSDirectoryAccountDirectorySummaryLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSDirectoryAccountDirectorySummary(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSDirectoryAccountDirectory_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	objectAttrs["markers"] = types.ObjectType{AttrTypes: objectAttrsTypeRSMarkItemMarkers(recurse)}
+	objectAttrs["status"] = types.ObjectType{AttrTypes: objectAttrsTypeRSDirectoryAccountDirectoryStatusReport(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSDirectoryInternalDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["owner_uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSDirectoryLDAPDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["attributes_to_store"] = types.StringType
+	objectAttrs["base_dn"] = types.StringType
+	objectAttrs["client_certificate_uuid"] = types.StringType
+	objectAttrs["dialect"] = types.StringType
+	objectAttrs["failover_host"] = types.StringType
+	objectAttrs["failover_trusted_certificate_uuid"] = types.StringType
+	objectAttrs["host"] = types.StringType
+	objectAttrs["password_recovery"] = types.StringType
+	objectAttrs["port"] = types.Int64Type
+	objectAttrs["search_bind_dn"] = types.StringType
+	objectAttrs["search_bind_password"] = types.StringType
+	objectAttrs["search_filter"] = types.StringType
+	objectAttrs["tls"] = types.StringType
+	objectAttrs["trusted_certificate_uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSDirectoryMaintenanceDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	return objectAttrs
+}
+
+func objectAttrsTypeRSDirectoryOIDCDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["acr_values"] = types.StringType
+	objectAttrs["attributes_to_store"] = types.StringType
+	objectAttrs["client_id"] = types.StringType
+	objectAttrs["client_secret"] = types.StringType
+	objectAttrs["domain_restriction"] = types.StringType
+	objectAttrs["enforces2fa"] = types.BoolType
+	objectAttrs["fully_resolved_issuer"] = types.StringType
+	objectAttrs["issuer"] = types.StringType
+	objectAttrs["logout_url"] = types.StringType
+	objectAttrs["send_login_hint"] = types.BoolType
+	objectAttrs["vendor_escaped"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupAuthorizedGroupsWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroup(recurse)}}
+	objectAttrs["group_count"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroup(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["accounts"] = objectAttrsTypeRSGroupGroupAccountLinkableWrapper(false)["items"]
+		objectAttrs["administered_clients"] = objectAttrsTypeRSClientClientApplicationLinkableWrapper(false)["items"]
+		objectAttrs["administered_systems"] = objectAttrsTypeRSProvisioningProvisionedSystemLinkableWrapper(false)["items"]
+		objectAttrs["admins"] = objectAttrsTypeRSGroupGroupAccountLinkableWrapper(false)["items"]
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+		objectAttrs["authorized_groups"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGroupAuthorizedGroupsWrapper(false)}
+		objectAttrs["client_permissions"] = objectAttrsTypeRSClientOAuth2ClientPermissionWithClientLinkableWrapper(false)["items"]
+		objectAttrs["clients"] = objectAttrsTypeRSGroupGroupClientLinkableWrapper(false)["items"]
+		objectAttrs["content_administered_systems"] = objectAttrsTypeRSProvisioningProvisionedSystemLinkableWrapper(false)["items"]
+		objectAttrs["groupauditinginfo"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupAuditingInfo(false)}
+		objectAttrs["groupinfo"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupInfo(false)}
+		objectAttrs["helpdesk"] = objectAttrsTypeRSDirectoryAccountDirectorySummaryLinkableWrapper(false)["items"]
+		objectAttrs["markers"] = types.ObjectType{AttrTypes: objectAttrsTypeRSMarkItemMarkers(false)}
+		objectAttrs["myaccount"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupAccount(false)}
+		objectAttrs["mydelegatedaccount"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupAccount(false)}
+		objectAttrs["nested_groups"] = objectAttrsTypeRSGroupGroupPrimerLinkableWrapper(false)["items"]
+		objectAttrs["owned_clients"] = objectAttrsTypeRSClientClientApplicationLinkableWrapper(false)["items"]
+		objectAttrs["owned_directories"] = objectAttrsTypeRSDirectoryAccountDirectoryLinkableWrapper(false)["items"]
+		objectAttrs["owned_groups_on_system"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningOwnedGroupOnSystemsWrapper(false)}
+		objectAttrs["owned_organizational_units"] = objectAttrsTypeRSOrganizationOrganizationalUnitLinkableWrapper(false)["items"]
+		objectAttrs["owned_systems"] = objectAttrsTypeRSProvisioningProvisionedSystemLinkableWrapper(false)["items"]
+		objectAttrs["recent_audits"] = objectAttrsTypeRSGroupGroupAuditLinkableWrapper(false)["items"]
+		objectAttrs["requeststatus"] = types.StringType
+		objectAttrs["service_accounts"] = objectAttrsTypeRSServiceaccountServiceAccountLinkableWrapper(false)["items"]
+		objectAttrs["systems"] = objectAttrsTypeRSGroupProvisioningGroupLinkableWrapper(false)["items"]
+		objectAttrs["vault"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVault(false)}
+		objectAttrs["webhooks"] = objectAttrsTypeRSWebhookWebhookLinkableWrapper(false)["items"]
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["admin"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["application_administration"] = types.BoolType
+	objectAttrs["audit_config"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupAuditConfig(false)}
+	objectAttrs["audit_requested"] = types.BoolType
+	objectAttrs["auditor"] = types.BoolType
+	objectAttrs["authorizing_group_auditing_uuid"] = types.StringType
+	objectAttrs["authorizing_group_delegation_uuid"] = types.StringType
+	objectAttrs["authorizing_group_membership_uuid"] = types.StringType
+	objectAttrs["authorizing_group_provisioning_uuid"] = types.StringType
+	objectAttrs["authorizing_group_types"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["classification_uuid"] = types.StringType
+	objectAttrs["description"] = types.StringType
+	objectAttrs["extended_access"] = types.StringType
+	objectAttrs["hide_audit_trail"] = types.BoolType
+	objectAttrs["nested_under_uuid"] = types.StringType
+	objectAttrs["organizational_unit_uuid"] = types.StringType
+	objectAttrs["private_group"] = types.BoolType
+	objectAttrs["record_trail"] = types.BoolType
+	objectAttrs["rotating_password_required"] = types.BoolType
+	objectAttrs["single_managed"] = types.BoolType
+	objectAttrs["vault_recovery"] = types.StringType
+	objectAttrs["vault_requires_activation"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupAccount(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+	}
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["directory_uuid"] = types.StringType
+	objectAttrs["disconnected_nested"] = types.BoolType
+	objectAttrs["end_date"] = types.StringType
+	objectAttrs["last_used"] = types.StringType
+	objectAttrs["nested"] = types.BoolType
+	objectAttrs["provisioning_end_time"] = types.StringType
+	objectAttrs["rights"] = types.StringType
+	objectAttrs["two_factor_status"] = types.StringType
+	objectAttrs["visible_for_provisioning"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupAccountLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupAccount(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupAccount_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupAudit(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["accounts"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupAuditAccount(false)}}
+	objectAttrs["comment"] = types.StringType
+	objectAttrs["created_at"] = types.StringType
+	objectAttrs["created_by"] = types.StringType
+	objectAttrs["group_name"] = types.StringType
+	objectAttrs["name_on_audit"] = types.StringType
+	objectAttrs["reviewed_at"] = types.StringType
+	objectAttrs["reviewed_by"] = types.StringType
+	objectAttrs["status"] = types.StringType
+	objectAttrs["submitted_at"] = types.StringType
+	objectAttrs["submitted_by"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupAuditAccount(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["account_uuid"] = types.StringType
+	objectAttrs["account_valid"] = types.BoolType
+	objectAttrs["action"] = types.StringType
+	objectAttrs["comment"] = types.StringType
+	objectAttrs["disconnected_nested"] = types.BoolType
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["end_date"] = types.StringType
+	objectAttrs["last_active"] = types.StringType
+	objectAttrs["last_used"] = types.StringType
+	objectAttrs["nested"] = types.BoolType
+	objectAttrs["rights"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupAuditConfig(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["months"] = types.ListType{ElemType: types.StringType}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupAuditLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupAudit(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupAudit_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupAuditingInfo(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit_due_date"] = types.StringType
+	objectAttrs["last_audit_date"] = types.StringType
+	objectAttrs["nr_accounts"] = types.Int64Type
+	objectAttrs["nr_disabled_accounts"] = types.Int64Type
+	objectAttrs["nr_disabled_managers"] = types.Int64Type
+	objectAttrs["nr_expired_vault_records"] = types.Int64Type
+	objectAttrs["nr_managers"] = types.Int64Type
+	objectAttrs["nr_vault_records_with_end_date"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupClassificationPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupClient(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["activation_required"] = types.BoolType
+	objectAttrs["client_uuid"] = types.StringType
+	objectAttrs["group_uuid"] = types.StringType
+	objectAttrs["owner_uuid"] = types.StringType
+	objectAttrs["technical_administrator_uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupClientLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupClient(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupClient_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupInfo(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["nr_accounts"] = types.Int64Type
+	objectAttrs["nr_accounts_with_vault"] = types.Int64Type
+	objectAttrs["nr_audits"] = types.Int64Type
+	objectAttrs["nr_clients"] = types.Int64Type
+	objectAttrs["nr_provisioned_systems"] = types.Int64Type
+	objectAttrs["nr_vault_records"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroup(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["admin"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroupPrimerLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupPrimer(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupGroup_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["accounts"] = objectAttrsTypeRSGroupGroupAccountLinkableWrapper(recurse)["items"]
+	objectAttrs["administered_clients"] = objectAttrsTypeRSClientClientApplicationLinkableWrapper(recurse)["items"]
+	objectAttrs["administered_systems"] = objectAttrsTypeRSProvisioningProvisionedSystemLinkableWrapper(recurse)["items"]
+	objectAttrs["admins"] = objectAttrsTypeRSGroupGroupAccountLinkableWrapper(recurse)["items"]
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	objectAttrs["authorized_groups"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGroupAuthorizedGroupsWrapper(recurse)}
+	objectAttrs["client_permissions"] = objectAttrsTypeRSClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse)["items"]
+	objectAttrs["clients"] = objectAttrsTypeRSGroupGroupClientLinkableWrapper(recurse)["items"]
+	objectAttrs["content_administered_systems"] = objectAttrsTypeRSProvisioningProvisionedSystemLinkableWrapper(recurse)["items"]
+	objectAttrs["groupauditinginfo"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupAuditingInfo(recurse)}
+	objectAttrs["groupinfo"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupInfo(recurse)}
+	objectAttrs["helpdesk"] = objectAttrsTypeRSDirectoryAccountDirectorySummaryLinkableWrapper(recurse)["items"]
+	objectAttrs["markers"] = types.ObjectType{AttrTypes: objectAttrsTypeRSMarkItemMarkers(recurse)}
+	objectAttrs["myaccount"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupAccount(recurse)}
+	objectAttrs["mydelegatedaccount"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGroupGroupAccount(recurse)}
+	objectAttrs["nested_groups"] = objectAttrsTypeRSGroupGroupPrimerLinkableWrapper(recurse)["items"]
+	objectAttrs["owned_clients"] = objectAttrsTypeRSClientClientApplicationLinkableWrapper(recurse)["items"]
+	objectAttrs["owned_directories"] = objectAttrsTypeRSDirectoryAccountDirectoryLinkableWrapper(recurse)["items"]
+	objectAttrs["owned_groups_on_system"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningOwnedGroupOnSystemsWrapper(recurse)}
+	objectAttrs["owned_organizational_units"] = objectAttrsTypeRSOrganizationOrganizationalUnitLinkableWrapper(recurse)["items"]
+	objectAttrs["owned_systems"] = objectAttrsTypeRSProvisioningProvisionedSystemLinkableWrapper(recurse)["items"]
+	objectAttrs["recent_audits"] = objectAttrsTypeRSGroupGroupAuditLinkableWrapper(recurse)["items"]
+	objectAttrs["requeststatus"] = types.StringType
+	objectAttrs["service_accounts"] = objectAttrsTypeRSServiceaccountServiceAccountLinkableWrapper(recurse)["items"]
+	objectAttrs["systems"] = objectAttrsTypeRSGroupProvisioningGroupLinkableWrapper(recurse)["items"]
+	objectAttrs["vault"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVault(recurse)}
+	objectAttrs["webhooks"] = objectAttrsTypeRSWebhookWebhookLinkableWrapper(recurse)["items"]
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupProvisioningGroup(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["activation_required"] = types.BoolType
+	objectAttrs["group_uuid"] = types.StringType
+	objectAttrs["group_on_system"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningGroupOnSystem(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupProvisioningGroupLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSGroupProvisioningGroup(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupProvisioningGroup_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSGroupVaultVaultRecord(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+		objectAttrs["delete_tile"] = types.BoolType
+		objectAttrs["parent_uuid"] = types.StringType
+		objectAttrs["password_metadata"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultPasswordMetadata(false)}
+		objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultRecordSecrets(false)}
+		objectAttrs["share_summary"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultRecordShareSummary(false)}
+		objectAttrs["shares"] = objectAttrsTypeRSVaultVaultRecordPrimerLinkableWrapper(false)["items"]
+		objectAttrs["tile"] = types.ObjectType{AttrTypes: objectAttrsTypeRSLaunchpadVaultRecordLaunchpadTile(false)}
+		objectAttrs["vaultholder"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultHolder(false)}
+	}
+	objectAttrs["group_uuid"] = types.StringType
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["color"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["share_end_time"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["derived"] = types.BoolType
+	objectAttrs["end_date"] = types.StringType
+	objectAttrs["filename"] = types.StringType
+	objectAttrs["types"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["url"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	objectAttrs["warning_period"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSLaunchpadSsoApplicationLaunchpadTile(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["uri"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSLaunchpadVaultRecordLaunchpadTile(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	return objectAttrs
+}
+
+func objectAttrsTypeRSMarkItemMarker(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["level"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["parameters"] = types.MapType{ElemType: types.StringType}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSMarkItemMarkers(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["markers"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSMarkItemMarker(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSNestedProvisioningGroupOnSystem(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+		objectAttrs["provgroups"] = objectAttrsTypeRSGroupProvisioningGroupLinkableWrapper(false)["items"]
+		objectAttrs["service_accounts"] = objectAttrsTypeRSServiceaccountServiceAccountPrimerLinkableWrapper(false)["items"]
+	}
+	objectAttrs["provisioned_system_uuid"] = types.StringType
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["name_in_system"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["short_name_in_system"] = types.StringType
+	objectAttrs["owner_uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSOrganizationOrganizationalUnit(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+		objectAttrs["create_as_parent_of"] = objectAttrsTypeRSOrganizationOrganizationalUnitPrimerLinkableWrapper(false)["items"]
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["depth"] = types.Int64Type
+	objectAttrs["description"] = types.StringType
+	objectAttrs["owner_uuid"] = types.StringType
+	objectAttrs["parent_uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSOrganizationOrganizationalUnitLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSOrganizationOrganizationalUnit(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSOrganizationOrganizationalUnitPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["name"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSOrganizationOrganizationalUnitPrimerLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSOrganizationOrganizationalUnitPrimer(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSOrganizationOrganizationalUnit_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	objectAttrs["create_as_parent_of"] = objectAttrsTypeRSOrganizationOrganizationalUnitPrimerLinkableWrapper(recurse)["items"]
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningAbstractProvisionedLDAP(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["attributes"] = types.MapType{ElemType: types.StringType}
+	objectAttrs["base_dn"] = types.StringType
+	objectAttrs["bind_dn"] = types.StringType
+	objectAttrs["bind_password"] = types.StringType
+	objectAttrs["client_certificate_uuid"] = types.StringType
+	objectAttrs["failover_host"] = types.StringType
+	objectAttrs["failover_trusted_certificate_uuid"] = types.StringType
+	objectAttrs["group_dn"] = types.StringType
+	objectAttrs["host"] = types.StringType
+	objectAttrs["object_classes"] = types.StringType
+	objectAttrs["port"] = types.Int64Type
+	objectAttrs["service_account_dn"] = types.StringType
+	objectAttrs["ssh_public_key_supported"] = types.BoolType
+	objectAttrs["tls"] = types.StringType
+	objectAttrs["trusted_certificate_uuid"] = types.StringType
+	objectAttrs["user_dn"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningCircuitBreakerStatistics(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["number_of_failed_calls"] = types.Int64Type
+	objectAttrs["number_of_not_permitted_calls"] = types.Int64Type
+	objectAttrs["number_of_successful_calls"] = types.Int64Type
+	objectAttrs["state"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningGroupOnSystem(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+		objectAttrs["provgroups"] = objectAttrsTypeRSGroupProvisioningGroupLinkableWrapper(false)["items"]
+		objectAttrs["service_accounts"] = objectAttrsTypeRSServiceaccountServiceAccountPrimerLinkableWrapper(false)["items"]
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["name_in_system"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["short_name_in_system"] = types.StringType
+	objectAttrs["owner_uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningGroupOnSystemLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningGroupOnSystem(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningGroupOnSystemPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["name_in_system"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["short_name_in_system"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningGroupOnSystemTypes(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["types"] = types.ListType{ElemType: types.StringType}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningGroupOnSystem_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	objectAttrs["provgroups"] = objectAttrsTypeRSGroupProvisioningGroupLinkableWrapper(recurse)["items"]
+	objectAttrs["service_accounts"] = objectAttrsTypeRSServiceaccountServiceAccountPrimerLinkableWrapper(recurse)["items"]
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningOwnedGroupOnSystemsWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningGroupOnSystem(recurse)}}
+	objectAttrs["unlinked_count"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionNumberSequence(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+		objectAttrs["systems"] = objectAttrsTypeRSProvisioningProvisionedSystemPrimerLinkableWrapper(false)["items"]
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["account_count"] = types.Int64Type
+	objectAttrs["name"] = types.StringType
+	objectAttrs["next_uid"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionNumberSequence_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	objectAttrs["systems"] = objectAttrsTypeRSProvisioningProvisionedSystemPrimerLinkableWrapper(recurse)["items"]
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedAD(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["sam_account_name_scheme"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedAccount(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+	}
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["uid"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedAccount_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedAzureOIDCDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["directory_uuid"] = types.StringType
+	objectAttrs["tenant"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedAzureSyncLDAPDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["client_id"] = types.StringType
+	objectAttrs["client_secret"] = types.StringType
+	objectAttrs["directory_uuid"] = types.StringType
+	objectAttrs["tenant"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedAzureTenant(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["client_id"] = types.StringType
+	objectAttrs["client_secret"] = types.StringType
+	objectAttrs["idp_domain"] = types.StringType
+	objectAttrs["tenant"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedInternalLDAP(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["client_uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedLDAP(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["gid"] = types.Int64Type
+	objectAttrs["hashing_scheme"] = types.StringType
+	objectAttrs["numbering"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisionNumberSequence(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedLDAPDirectory(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["directory_uuid"] = types.StringType
+	objectAttrs["group_dn"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedSystem(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["account"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisionedAccount(false)}
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+		objectAttrs["issued_permissions"] = objectAttrsTypeRSClientOAuth2ClientPermissionWithClientLinkableWrapper(false)["items"]
+		objectAttrs["login_name"] = types.StringType
+		objectAttrs["management_permissions"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisioningManagementPermissions(false)}
+		objectAttrs["markers"] = types.ObjectType{AttrTypes: objectAttrsTypeRSMarkItemMarkers(false)}
+		objectAttrs["statistics"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningCircuitBreakerStatistics(false)}
+		objectAttrs["supported_group_types"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningGroupOnSystemTypes(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["organizational_unit_uuid"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["account_count"] = types.Int64Type
+	objectAttrs["content_administrator_uuid"] = types.StringType
+	objectAttrs["external_uuid"] = types.StringType
+	objectAttrs["owner_uuid"] = types.StringType
+	objectAttrs["self_service_existing_groups"] = types.BoolType
+	objectAttrs["self_service_new_groups"] = types.BoolType
+	objectAttrs["self_service_service_accounts"] = types.BoolType
+	objectAttrs["should_destroy_unknown_accounts"] = types.BoolType
+	objectAttrs["technical_administrator_uuid"] = types.StringType
+	objectAttrs["username_prefix"] = types.StringType
+	objectAttrs["abstract_provisioned_ldap"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningAbstractProvisionedLDAP(false)}
+	objectAttrs["provisioned_a_d"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisionedAD(false)}
+	objectAttrs["provisioned_azure_oidc_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisionedAzureOIDCDirectory(false)}
+	objectAttrs["provisioned_azure_sync_ldap_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisionedAzureSyncLDAPDirectory(false)}
+	objectAttrs["provisioned_azure_tenant"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisionedAzureTenant(false)}
+	objectAttrs["provisioned_internal_ldap"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisionedInternalLDAP(false)}
+	objectAttrs["provisioned_ldap"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisionedLDAP(false)}
+	objectAttrs["provisioned_ldap_directory"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisionedLDAPDirectory(false)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedSystemLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisionedSystem(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedSystemPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["organizational_unit_uuid"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedSystemPrimerLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisionedSystemPrimer(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisionedSystem_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["account"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisionedAccount(recurse)}
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	objectAttrs["issued_permissions"] = objectAttrsTypeRSClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse)["items"]
+	objectAttrs["login_name"] = types.StringType
+	objectAttrs["management_permissions"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningProvisioningManagementPermissions(recurse)}
+	objectAttrs["markers"] = types.ObjectType{AttrTypes: objectAttrsTypeRSMarkItemMarkers(recurse)}
+	objectAttrs["statistics"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningCircuitBreakerStatistics(recurse)}
+	objectAttrs["supported_group_types"] = types.ObjectType{AttrTypes: objectAttrsTypeRSProvisioningGroupOnSystemTypes(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSProvisioningProvisioningManagementPermissions(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["create_new_groups_allowed"] = types.BoolType
+	objectAttrs["create_service_accounts_allowed"] = types.BoolType
+	objectAttrs["reuse_existing_groups_allowed"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSServiceaccountServiceAccount(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+		objectAttrs["groups"] = objectAttrsTypeRSServiceaccountServiceAccountGroupLinkableWrapper(false)["items"]
+		objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGeneratedSecret(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["system_uuid"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["description"] = types.StringType
+	objectAttrs["password_uuid"] = types.StringType
+	objectAttrs["password_rotation"] = types.StringType
+	objectAttrs["technical_administrator_uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSServiceaccountServiceAccountGroup(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["display_name"] = types.StringType
+	objectAttrs["name_in_system"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	objectAttrs["short_name_in_system"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSServiceaccountServiceAccountGroupLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSServiceaccountServiceAccountGroup(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSServiceaccountServiceAccountGroup_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSServiceaccountServiceAccountLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSServiceaccountServiceAccount(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSServiceaccountServiceAccountPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["system_uuid"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSServiceaccountServiceAccountPrimerLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSServiceaccountServiceAccountPrimer(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSServiceaccountServiceAccount_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	objectAttrs["groups"] = objectAttrsTypeRSServiceaccountServiceAccountGroupLinkableWrapper(recurse)["items"]
+	objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeRSGeneratedSecret(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSVaultPasswordMetadata(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["dictionary"] = types.BoolType
+	objectAttrs["duplicate"] = types.BoolType
+	objectAttrs["hash"] = types.StringType
+	objectAttrs["length"] = types.Int64Type
+	objectAttrs["lower_count"] = types.Int64Type
+	objectAttrs["number_count"] = types.Int64Type
+	objectAttrs["special_count"] = types.Int64Type
+	objectAttrs["strength"] = types.Int64Type
+	objectAttrs["upper_count"] = types.Int64Type
+	return objectAttrs
+}
+
+func objectAttrsTypeRSVaultVault(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["access_available"] = types.BoolType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["records"] = types.ListType{ElemType: types.StringType}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSVaultVaultHolder(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	return objectAttrs
+}
+
+func objectAttrsTypeRSVaultVaultRecord(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+		objectAttrs["delete_tile"] = types.BoolType
+		objectAttrs["parent_uuid"] = types.StringType
+		objectAttrs["password_metadata"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultPasswordMetadata(false)}
+		objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultRecordSecrets(false)}
+		objectAttrs["share_summary"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultRecordShareSummary(false)}
+		objectAttrs["shares"] = objectAttrsTypeRSVaultVaultRecordPrimerLinkableWrapper(false)["items"]
+		objectAttrs["tile"] = types.ObjectType{AttrTypes: objectAttrsTypeRSLaunchpadVaultRecordLaunchpadTile(false)}
+		objectAttrs["vaultholder"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultHolder(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["color"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["share_end_time"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["derived"] = types.BoolType
+	objectAttrs["end_date"] = types.StringType
+	objectAttrs["filename"] = types.StringType
+	objectAttrs["types"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["url"] = types.StringType
+	objectAttrs["username"] = types.StringType
+	objectAttrs["warning_period"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSVaultVaultRecordPrimer(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["color"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["share_end_time"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSVaultVaultRecordPrimerLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultRecordPrimer(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSVaultVaultRecordSecrets(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["comment"] = types.StringType
+	objectAttrs["file"] = types.StringType
+	objectAttrs["password"] = types.StringType
+	objectAttrs["totp"] = types.StringType
+	objectAttrs["write_totp"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSVaultVaultRecordShare(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["name"] = types.StringType
+	objectAttrs["type"] = types.StringType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSVaultVaultRecordShareSummary(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["children"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultRecordShare(recurse)}}
+	objectAttrs["parent"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultRecordShare(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSVaultVaultRecord_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	objectAttrs["delete_tile"] = types.BoolType
+	objectAttrs["parent_uuid"] = types.StringType
+	objectAttrs["password_metadata"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultPasswordMetadata(recurse)}
+	objectAttrs["secret"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultRecordSecrets(recurse)}
+	objectAttrs["share_summary"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultRecordShareSummary(recurse)}
+	objectAttrs["shares"] = objectAttrsTypeRSVaultVaultRecordPrimerLinkableWrapper(recurse)["items"]
+	objectAttrs["tile"] = types.ObjectType{AttrTypes: objectAttrsTypeRSLaunchpadVaultRecordLaunchpadTile(recurse)}
+	objectAttrs["vaultholder"] = types.ObjectType{AttrTypes: objectAttrsTypeRSVaultVaultHolder(recurse)}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSWebhookWebhook(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	if recurse {
+		objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(false)}
+	}
+	objectAttrs["links"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSRestLink(recurse)}}
+	objectAttrs["permissions"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSAuthPermission(recurse)}}
+	objectAttrs["account_uuid"] = types.StringType
+	objectAttrs["active"] = types.BoolType
+	objectAttrs["all_types"] = types.BoolType
+	objectAttrs["authentication_scheme"] = types.StringType
+	objectAttrs["basic_auth_password"] = types.StringType
+	objectAttrs["basic_auth_username"] = types.StringType
+	objectAttrs["bearer_token"] = types.StringType
+	objectAttrs["client_uuid"] = types.StringType
+	objectAttrs["client_certificate_uuid"] = types.StringType
+	objectAttrs["custom_header_name"] = types.StringType
+	objectAttrs["custom_header_value"] = types.StringType
+	objectAttrs["directory_uuid"] = types.StringType
+	objectAttrs["group_uuid"] = types.StringType
+	objectAttrs["name"] = types.StringType
+	objectAttrs["system_uuid"] = types.StringType
+	objectAttrs["tls"] = types.StringType
+	objectAttrs["trusted_certificate_uuid"] = types.StringType
+	objectAttrs["types"] = types.ListType{ElemType: types.StringType}
+	objectAttrs["url"] = types.StringType
+	objectAttrs["uuid"] = types.StringType
+	objectAttrs["verbose_payloads"] = types.BoolType
+	return objectAttrs
+}
+
+func objectAttrsTypeRSWebhookWebhookLinkableWrapper(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["items"] = types.ListType{ElemType: types.ObjectType{AttrTypes: objectAttrsTypeRSWebhookWebhook(recurse)}}
+	return objectAttrs
+}
+
+func objectAttrsTypeRSWebhookWebhook_additionalObjects(recurse bool) map[string]attr.Type {
+	objectAttrs := make(map[string]attr.Type)
+	objectAttrs["audit"] = types.ObjectType{AttrTypes: objectAttrsTypeRSAuditInfo(recurse)}
+	return objectAttrs
+}
diff --git a/internal/provider/full-schema-ds.go b/internal/provider/full-schema-ds.go
new file mode 100644
index 0000000..3677be2
--- /dev/null
+++ b/internal/provider/full-schema-ds.go
@@ -0,0 +1,3767 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"golang.org/x/exp/maps"
+	"regexp"
+
+	"github.com/hashicorp/terraform-plugin-framework-validators/listvalidator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	dsschema "github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+func dataSourceSchemaAttrsAuditInfo(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["created_at"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["created_by"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_modified_at"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_modified_by"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGeneratedSecret(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["generated_secret"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["old_secret"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["regenerate"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsLinkable(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsNonLinkable(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsRestLink(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["href"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["id"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["rel"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["type_escaped"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsAuthAccount(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsAuthAccount_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["display_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_active"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["username"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["validity"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"activeLogin", "audit", "groups", "pendingRecoveryRequests", "settings", "storedAttributes", "vault",
+			)),
+		},
+	}
+	schemaAttrs["account_permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(false),
+		},
+		Computed: true,
+	}
+	schemaAttrs["active"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["can_request_groups"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsDirectoryAccountDirectoryPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["directory"] = attr
+	}
+	schemaAttrs["directory_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["directory_password_change_required"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["directory_rotating_password"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["directory_type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["email"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["id_in_directory"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["key_hub_password_change_required"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_modified_at"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["license_role"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["locale"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["reregistration_required"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["token_password_enabled"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["two_factor_status"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["valid_in_directory"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsAuthAccountPrimer(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["display_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_active"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["username"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["validity"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsAuthAccountRecoveryStatus(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["pending2fa_recovery_request"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["pending_password_recovery_request"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsAuthAccountSettings(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsOrganizationOrganizationalUnitPrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["default_organizational_unit"] = attr
+	}
+	schemaAttrs["directory_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["directory_type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["in_groups"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["in_multiple_organizational_units"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["key_hub_admin"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["multiple_organizational_units_exist"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["password_mode"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["ssh_public_key"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["two_factor_authentication"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["use_token_password"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["vault_status"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsAuthAccount_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["active_login"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsGroupAccountGroupLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["groups"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuthAccountRecoveryStatus(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["pending_recovery_requests"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuthAccountSettings(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["settings"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuthStoredAccountAttributes(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["stored_attributes"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsVaultVault(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["vault"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsAuthPermission(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["full"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["instances"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["operations"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["type_escaped"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsAuthStoredAccountAttribute(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["value"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsAuthStoredAccountAttributes(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["attributes"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthStoredAccountAttribute(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsCertificateCertificate(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsCertificateCertificate_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["alias"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["certificate_data"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["expiration"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["fingerprint_sha1"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["fingerprint_sha256"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["global"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["subject_dn"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit",
+			)),
+		},
+	}
+	schemaAttrs["key_data"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsCertificateCertificatePrimer(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["alias"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["certificate_data"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["expiration"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["fingerprint_sha1"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["fingerprint_sha256"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["global"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["subject_dn"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsCertificateCertificate_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsClientClientApplication(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsClientClientApplication_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["client_id"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["scopes"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["sso_application"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit", "groupclients", "groups", "secret", "tile", "vaultRecordCount",
+			)),
+		},
+	}
+	schemaAttrs["last_modified_at"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["owner"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["technical_administrator"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsClientLdapClient(false),
+		}
+		attr.Computed = true
+		schemaAttrs["ldap_client"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsClientOAuth2Client(false),
+		}
+		attr.Computed = true
+		schemaAttrs["o_auth2_client"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsClientSaml2Client(false),
+		}
+		attr.Computed = true
+		schemaAttrs["saml2_client"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsClientClientApplicationLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsClientClientApplication(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsClientClientApplicationPrimer(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["client_id"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["scopes"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["sso_application"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsClientClientApplication_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsGroupGroupClientLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["groupclients"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsGroupGroupLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["groups"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGeneratedSecret(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["secret"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsLaunchpadSsoApplicationLaunchpadTile(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["tile"] = attr
+	}
+	schemaAttrs["vault_record_count"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsClientLdapClient(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["bind_dn"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsCertificateCertificatePrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["client_certificate"] = attr
+	}
+	schemaAttrs["share_secret_in_vault"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsVaultVaultRecordPrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["shared_secret"] = attr
+	}
+	schemaAttrs["used_for_provisioning"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsClientOAuth2Client(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["account_permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["attributes"] = dsschema.MapAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["callback_uri"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["confidential"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["debug_mode"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["id_token_claims"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["initiate_login_uri"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["resource_uris"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["share_secret_in_vault"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsVaultVaultRecordPrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["shared_secret"] = attr
+	}
+	schemaAttrs["show_landing_page"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["use_client_credentials"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsClientOAuth2ClientPermission(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsClientOAuth2ClientPermission_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit",
+			)),
+		},
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["for_group"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedSystemPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["for_system"] = attr
+	}
+	schemaAttrs["value"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsClientOAuth2ClientPermissionWithClient(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsClientOAuth2ClientPermission_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit",
+			)),
+		},
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["for_group"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedSystemPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["for_system"] = attr
+	}
+	schemaAttrs["value"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsClientOAuth2Client(false),
+		}
+		attr.Computed = true
+		schemaAttrs["client"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsClientOAuth2ClientPermissionWithClient(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsClientOAuth2ClientPermission_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsClientSaml2Client(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["attributes"] = dsschema.MapAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["metadata"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["metadata_url"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["subject_format"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsDirectoryAccountDirectory(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsDirectoryAccountDirectory_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["account_validity_supported"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["active"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit", "markers", "status",
+			)),
+		},
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsOrganizationOrganizationalUnitPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["base_organizational_unit"] = attr
+	}
+	schemaAttrs["default_directory"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["helpdesk_group"] = attr
+	}
+	schemaAttrs["restrict2fa"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["rotating_password"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["username_customizable"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsDirectoryInternalDirectory(false),
+		}
+		attr.Computed = true
+		schemaAttrs["internal_directory"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsDirectoryLDAPDirectory(false),
+		}
+		attr.Computed = true
+		schemaAttrs["l_d_a_p_directory"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsDirectoryMaintenanceDirectory(false),
+		}
+		attr.Computed = true
+		schemaAttrs["maintenance_directory"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsDirectoryOIDCDirectory(false),
+		}
+		attr.Computed = true
+		schemaAttrs["o_id_c_directory"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsDirectoryAccountDirectoryLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsDirectoryAccountDirectory(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsDirectoryAccountDirectoryPrimer(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["account_validity_supported"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["active"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsDirectoryAccountDirectoryStatusReport(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["accounts"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["reason"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["status"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsDirectoryAccountDirectorySummary(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["domain_restriction"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["fully_resolved_issuer"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsDirectoryAccountDirectoryStatusReport(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["status"] = attr
+	}
+	schemaAttrs["username_customizable"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsDirectoryAccountDirectorySummaryLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsDirectoryAccountDirectorySummary(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsDirectoryAccountDirectory_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsMarkItemMarkers(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["markers"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsDirectoryAccountDirectoryStatusReport(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["status"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsDirectoryInternalDirectory(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["owner"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsDirectoryLDAPDirectory(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["attributes_to_store"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["base_dn"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsCertificateCertificatePrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["client_certificate"] = attr
+	}
+	schemaAttrs["dialect"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["failover_host"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsCertificateCertificatePrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["failover_trusted_certificate"] = attr
+	}
+	schemaAttrs["host"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["password_recovery"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["port"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["search_bind_dn"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["search_bind_password"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["search_filter"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["tls"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsCertificateCertificatePrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["trusted_certificate"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsDirectoryMaintenanceDirectory(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsDirectoryOIDCDirectory(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["acr_values"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["attributes_to_store"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["client_id"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["client_secret"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["domain_restriction"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["enforces2fa"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["fully_resolved_issuer"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["issuer"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["logout_url"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["send_login_hint"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["vendor_escaped"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupAccountGroup(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsGroupAccountGroup_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["admin"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit", "vault",
+			)),
+		},
+	}
+	schemaAttrs["end_date"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupFolder(false),
+		}
+		attr.Computed = true
+		schemaAttrs["folder"] = attr
+	}
+	schemaAttrs["last_used"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["provisioning_end_time"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["rights"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["visible_for_provisioning"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupAccountGroupLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsGroupAccountGroup(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupAccountGroup_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsVaultVault(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["vault"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupAuthorizedGroupsWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsGroupGroup(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["group_count"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroup(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsGroupGroup_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["admin"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"accounts", "administeredClients", "administeredSystems", "admins", "audit", "authorizedGroups", "clientPermissions", "clients", "contentAdministeredSystems", "groupauditinginfo", "groupinfo", "helpdesk", "markers", "myaccount", "mydelegatedaccount", "nestedGroups", "ownedClients", "ownedDirectories", "ownedGroupsOnSystem", "ownedOrganizationalUnits", "ownedSystems", "recentAudits", "requeststatus", "serviceAccounts", "systems", "vault", "webhooks",
+			)),
+		},
+	}
+	schemaAttrs["application_administration"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupAuditConfig(false),
+		}
+		attr.Computed = true
+		schemaAttrs["audit_config"] = attr
+	}
+	schemaAttrs["audit_requested"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["auditor"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["authorizing_group_auditing"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["authorizing_group_delegation"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["authorizing_group_membership"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["authorizing_group_provisioning"] = attr
+	}
+	schemaAttrs["authorizing_group_types"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupClassificationPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["classification"] = attr
+	}
+	schemaAttrs["description"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["extended_access"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["hide_audit_trail"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["nested_under"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsOrganizationOrganizationalUnitPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["organizational_unit"] = attr
+	}
+	schemaAttrs["private_group"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["record_trail"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["rotating_password_required"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["single_managed"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["vault_recovery"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["vault_requires_activation"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupAccount(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsGroupGroupAccount_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["display_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_active"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["username"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["validity"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit",
+			)),
+		},
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsDirectoryAccountDirectoryPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["directory"] = attr
+	}
+	schemaAttrs["disconnected_nested"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["end_date"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_used"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["nested"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["provisioning_end_time"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["rights"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["two_factor_status"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["visible_for_provisioning"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupAccountLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsGroupGroupAccount(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupAccount_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupAudit(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsGroupGroupAudit_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit",
+			)),
+		},
+	}
+	schemaAttrs["accounts"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsGroupGroupAuditAccount(false),
+		},
+		Computed: true,
+	}
+	schemaAttrs["comment"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["created_at"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["created_by"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["group_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name_on_audit"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["reviewed_at"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["reviewed_by"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["status"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["submitted_at"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["submitted_by"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupAuditAccount(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["account_uuid"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["account_valid"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["action"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["comment"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["disconnected_nested"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["display_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["end_date"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_active"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_used"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["nested"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["rights"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["username"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupAuditConfig(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["months"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupAuditLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsGroupGroupAudit(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupAudit_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupAuditingInfo(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["audit_due_date"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_audit_date"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["nr_accounts"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["nr_disabled_accounts"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["nr_disabled_managers"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["nr_expired_vault_records"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["nr_managers"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["nr_vault_records_with_end_date"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupClassification(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsGroupGroupClassification_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit", "info",
+			)),
+		},
+	}
+	schemaAttrs["authorizing_group_auditing_required"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["authorizing_group_delegation_required"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["authorizing_group_membership_required"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["authorizing_group_provisioning_required"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["default_classification"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["description"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["maximum_audit_interval"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["minimum_nr_managers"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["record_trail_required"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["required_months"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["rotating_password_required"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["vault_requires_activation"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupClassificationInfo(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["nr_groups"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupClassificationPrimer(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupClassification_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupClassificationInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["info"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupClient(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsGroupGroupClient_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit",
+			)),
+		},
+	}
+	schemaAttrs["activation_required"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsClientClientApplicationPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["client"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["group"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["owner"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["technical_administrator"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupClientLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsGroupGroupClient(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupClient_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupFolder(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsGroupGroupFolder_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit",
+			)),
+		},
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupFolder_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupInfo(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["nr_accounts"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["nr_accounts_with_vault"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["nr_audits"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["nr_clients"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["nr_provisioned_systems"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["nr_vault_records"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsGroupGroup(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupPrimer(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["admin"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroupPrimerLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupGroup_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dataSourceSchemaAttrsGroupGroupAccountLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["accounts"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsClientClientApplicationLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["administered_clients"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsProvisioningProvisionedSystemLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["administered_systems"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsGroupGroupAccountLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		attr.DeprecationMessage = "This property will be removed in a future version."
+		schemaAttrs["admins"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupAuthorizedGroupsWrapper(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["authorized_groups"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["client_permissions"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsGroupGroupClientLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["clients"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsProvisioningProvisionedSystemLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["content_administered_systems"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupAuditingInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["groupauditinginfo"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["groupinfo"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsDirectoryAccountDirectorySummaryLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["helpdesk"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsMarkItemMarkers(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["markers"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupAccount(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["myaccount"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupAccount(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["mydelegatedaccount"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsGroupGroupPrimerLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["nested_groups"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsClientClientApplicationLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["owned_clients"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsDirectoryAccountDirectoryLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["owned_directories"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningOwnedGroupOnSystemsWrapper(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["owned_groups_on_system"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsOrganizationOrganizationalUnitLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["owned_organizational_units"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsProvisioningProvisionedSystemLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["owned_systems"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsGroupGroupAuditLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["recent_audits"] = attr
+	}
+	schemaAttrs["requeststatus"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dataSourceSchemaAttrsServiceaccountServiceAccountLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["service_accounts"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsGroupProvisioningGroupLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["systems"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsVaultVault(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["vault"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsWebhookWebhookLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["webhooks"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupProvisioningGroup(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsGroupProvisioningGroup_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit",
+			)),
+		},
+	}
+	schemaAttrs["activation_required"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["group"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningGroupOnSystem(false),
+		}
+		attr.Computed = true
+		schemaAttrs["group_on_system"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupProvisioningGroupLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsGroupProvisioningGroup(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsGroupProvisioningGroup_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsLaunchpadSsoApplicationLaunchpadTile(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["uri"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsLaunchpadVaultRecordLaunchpadTile(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsMarkItemMarker(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["level"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["parameters"] = dsschema.MapAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsMarkItemMarkers(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["markers"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsMarkItemMarker(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsOrganizationOrganizationalUnit(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsOrganizationOrganizationalUnit_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit",
+			)),
+		},
+	}
+	schemaAttrs["depth"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["description"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["owner"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsOrganizationOrganizationalUnitPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["parent"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsOrganizationOrganizationalUnitLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsOrganizationOrganizationalUnit(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsOrganizationOrganizationalUnitPrimer(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsOrganizationOrganizationalUnit_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningAbstractProvisionedLDAP(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["attributes"] = dsschema.MapAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["base_dn"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["bind_dn"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["bind_password"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsCertificateCertificatePrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["client_certificate"] = attr
+	}
+	schemaAttrs["failover_host"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsCertificateCertificatePrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["failover_trusted_certificate"] = attr
+	}
+	schemaAttrs["group_dn"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["host"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["object_classes"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["port"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["service_account_dn"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["ssh_public_key_supported"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["tls"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsCertificateCertificatePrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["trusted_certificate"] = attr
+	}
+	schemaAttrs["user_dn"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningCircuitBreakerStatistics(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["number_of_failed_calls"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["number_of_not_permitted_calls"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["number_of_successful_calls"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["state"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningGroupOnSystem(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsProvisioningGroupOnSystem_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["display_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name_in_system"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["short_name_in_system"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit", "provgroups", "serviceAccounts",
+			)),
+		},
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["owner"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningGroupOnSystemLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsProvisioningGroupOnSystem(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningGroupOnSystemPrimer(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["display_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name_in_system"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["short_name_in_system"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningGroupOnSystemTypes(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["types"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningGroupOnSystem_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsGroupProvisioningGroupLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["provgroups"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsServiceaccountServiceAccountPrimerLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["service_accounts"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningOwnedGroupOnSystemsWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsProvisioningGroupOnSystem(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["unlinked_count"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionNumberSequence(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsProvisioningProvisionNumberSequence_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit", "systems",
+			)),
+		},
+	}
+	schemaAttrs["account_count"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["next_uid"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionNumberSequence_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsProvisioningProvisionedSystemPrimerLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["systems"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedAD(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["sam_account_name_scheme"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedAccount(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsProvisioningProvisionedAccount_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["display_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_active"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["username"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["validity"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit",
+			)),
+		},
+	}
+	schemaAttrs["uid"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedAccount_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedAzureOIDCDirectory(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsDirectoryAccountDirectoryPrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["directory"] = attr
+	}
+	schemaAttrs["tenant"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedAzureSyncLDAPDirectory(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["client_id"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["client_secret"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsDirectoryAccountDirectoryPrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["directory"] = attr
+	}
+	schemaAttrs["tenant"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedAzureTenant(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["client_id"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["client_secret"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["idp_domain"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["tenant"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedInternalLDAP(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsClientLdapClient(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["client"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedLDAP(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["gid"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["hashing_scheme"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionNumberSequence(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["numbering"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedLDAPDirectory(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsDirectoryAccountDirectoryPrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["directory"] = attr
+	}
+	schemaAttrs["group_dn"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedSystem(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsProvisioningProvisionedSystem_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["active"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsOrganizationOrganizationalUnitPrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["organizational_unit"] = attr
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"account", "audit", "issuedPermissions", "loginName", "managementPermissions", "markers", "statistics", "supportedGroupTypes",
+			)),
+		},
+	}
+	schemaAttrs["account_count"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["content_administrator"] = attr
+	}
+	schemaAttrs["external_uuid"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["owner"] = attr
+	}
+	schemaAttrs["self_service_existing_groups"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["self_service_new_groups"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["self_service_service_accounts"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["should_destroy_unknown_accounts"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["technical_administrator"] = attr
+	}
+	schemaAttrs["username_prefix"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningAbstractProvisionedLDAP(false),
+		}
+		attr.Computed = true
+		schemaAttrs["abstract_provisioned_ldap"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedAD(false),
+		}
+		attr.Computed = true
+		schemaAttrs["provisioned_a_d"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedAzureOIDCDirectory(false),
+		}
+		attr.Computed = true
+		schemaAttrs["provisioned_azure_oidc_directory"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedAzureSyncLDAPDirectory(false),
+		}
+		attr.Computed = true
+		schemaAttrs["provisioned_azure_sync_ldap_directory"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedAzureTenant(false),
+		}
+		attr.Computed = true
+		schemaAttrs["provisioned_azure_tenant"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedInternalLDAP(false),
+		}
+		attr.Computed = true
+		schemaAttrs["provisioned_internal_ldap"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedLDAP(false),
+		}
+		attr.Computed = true
+		schemaAttrs["provisioned_ldap"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedLDAPDirectory(false),
+		}
+		attr.Computed = true
+		schemaAttrs["provisioned_ldap_directory"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedSystemLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedSystem(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedSystemPrimer(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["active"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsOrganizationOrganizationalUnitPrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["organizational_unit"] = attr
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedSystemPrimerLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedSystemPrimer(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisionedSystem_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedAccount(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["account"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["issued_permissions"] = attr
+	}
+	schemaAttrs["login_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisioningManagementPermissions(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["management_permissions"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsMarkItemMarkers(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["markers"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningCircuitBreakerStatistics(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["statistics"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningGroupOnSystemTypes(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["supported_group_types"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsProvisioningProvisioningManagementPermissions(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["create_new_groups_allowed"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["create_service_accounts_allowed"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["reuse_existing_groups_allowed"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsServiceaccountServiceAccount(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsServiceaccountServiceAccount_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["active"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedSystemPrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["system"] = attr
+	}
+	schemaAttrs["username"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit", "groups", "secret",
+			)),
+		},
+	}
+	schemaAttrs["description"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsVaultVaultRecordPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["password"] = attr
+	}
+	schemaAttrs["password_rotation"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["technical_administrator"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsServiceaccountServiceAccountGroup(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsServiceaccountServiceAccountGroup_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["display_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name_in_system"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["short_name_in_system"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit",
+			)),
+		},
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsServiceaccountServiceAccountGroupLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsServiceaccountServiceAccountGroup(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsServiceaccountServiceAccountGroup_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsServiceaccountServiceAccountLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsServiceaccountServiceAccount(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsServiceaccountServiceAccountPrimer(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["active"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedSystemPrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["system"] = attr
+	}
+	schemaAttrs["username"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsServiceaccountServiceAccountPrimerLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsServiceaccountServiceAccountPrimer(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsServiceaccountServiceAccount_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsServiceaccountServiceAccountGroupLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["groups"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGeneratedSecret(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["secret"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsVaultPasswordMetadata(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["dictionary"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["duplicate"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["hash"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["length"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["lower_count"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["number_count"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["special_count"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["strength"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["upper_count"] = dsschema.Int64Attribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsVaultVault(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["access_available"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["records"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsVaultVaultRecord(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsVaultVaultHolder(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsVaultVaultRecord(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsVaultVaultRecord_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["color"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["share_end_time"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit", "parent", "passwordMetadata", "secret", "shareSummary", "shares", "tile", "vaultholder",
+			)),
+		},
+	}
+	schemaAttrs["derived"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["end_date"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["filename"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["types"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["url"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["username"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["warning_period"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsVaultVaultRecordPrimer(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["color"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["share_end_time"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsVaultVaultRecordPrimerLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsVaultVaultRecordPrimer(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsVaultVaultRecordSecrets(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["comment"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["file"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["password"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["totp"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsVaultVaultRecordShare(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["type"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsVaultVaultRecordShareSummary(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["children"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsVaultVaultRecordShare(recurse),
+		},
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsVaultVaultRecordShare(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["parent"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsVaultVaultRecord_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsVaultVaultRecordPrimer(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["parent"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsVaultPasswordMetadata(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["password_metadata"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsVaultVaultRecordSecrets(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["secret"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsVaultVaultRecordShareSummary(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["share_summary"] = attr
+	}
+	{
+		attr := dataSourceSchemaAttrsVaultVaultRecordPrimerLinkableWrapper(recurse)["items"].(dsschema.ListNestedAttribute)
+		attr.Computed = true
+		schemaAttrs["shares"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsLaunchpadVaultRecordLaunchpadTile(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["tile"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsVaultVaultHolder(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["vaultholder"] = attr
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsWebhookWebhook(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, dataSourceSchemaAttrsWebhookWebhook_additionalObjects(false))
+	}
+	schemaAttrs["links"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsRestLink(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["permissions"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["additional"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(stringvalidator.OneOf(
+				"audit",
+			)),
+		},
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuthAccountPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["account"] = attr
+	}
+	schemaAttrs["active"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["all_types"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["authentication_scheme"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["basic_auth_password"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["basic_auth_username"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["bearer_token"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsClientClientApplicationPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["client"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsCertificateCertificatePrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["client_certificate"] = attr
+	}
+	schemaAttrs["custom_header_name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["custom_header_value"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsDirectoryAccountDirectoryPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["directory"] = attr
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsGroupGroupPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["group"] = attr
+	}
+	schemaAttrs["name"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsProvisioningProvisionedSystemPrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["system"] = attr
+	}
+	schemaAttrs["tls"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsCertificateCertificatePrimer(false),
+		}
+		attr.Computed = true
+		schemaAttrs["trusted_certificate"] = attr
+	}
+	schemaAttrs["types"] = dsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["url"] = dsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = dsschema.StringAttribute{
+		Required: recurse,
+		Computed: !recurse,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 36),
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["verbose_payloads"] = dsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsWebhookWebhookLinkableWrapper(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	schemaAttrs["items"] = dsschema.ListNestedAttribute{
+		NestedObject: dsschema.NestedAttributeObject{
+			Attributes: dataSourceSchemaAttrsWebhookWebhook(recurse),
+		},
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func dataSourceSchemaAttrsWebhookWebhook_additionalObjects(recurse bool) map[string]dsschema.Attribute {
+	schemaAttrs := make(map[string]dsschema.Attribute)
+	{
+		attr := dsschema.SingleNestedAttribute{
+			Attributes: dataSourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
diff --git a/internal/provider/full-schema-rs.go b/internal/provider/full-schema-rs.go
new file mode 100644
index 0000000..459d803
--- /dev/null
+++ b/internal/provider/full-schema-rs.go
@@ -0,0 +1,3732 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"golang.org/x/exp/maps"
+	"regexp"
+
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/listvalidator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	rsschema "github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/boolplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/int64default"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/int64planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/listplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/objectplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+func resourceSchemaAttrsAuditInfo(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["created_at"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["created_by"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["last_modified_at"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["last_modified_by"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGeneratedSecret(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["generated_secret"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["old_secret"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["regenerate"] = rsschema.BoolAttribute{
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsLinkable(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsNonLinkable(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	return schemaAttrs
+}
+func resourceSchemaAttrsRestLink(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["href"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["id"] = rsschema.Int64Attribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.Int64{int64planmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["rel"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["type_escaped"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsAuthAccountPrimer(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["display_name"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_active"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["username"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["validity"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsAuthPermission(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["full"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["instances"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+	}
+	schemaAttrs["operations"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(
+				stringvalidator.OneOf(
+					"CREATE", "READ", "UPDATE", "DELETE",
+				),
+			),
+		},
+	}
+	schemaAttrs["type_escaped"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsCertificateCertificatePrimer(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["alias"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 128),
+		},
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["certificate_data"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+	}
+	schemaAttrs["expiration"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["fingerprint_sha1"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["fingerprint_sha256"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["global"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["subject_dn"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsClientApplicationVaultVaultRecord(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsVaultVaultRecord_additionalObjects(false))
+	}
+	schemaAttrs["client_application_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["color"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  stringdefault.StaticString("NONE"),
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"NONE", "GREEN", "RED", "BLUE", "DARK", "PINK_LAVENDER", "CRIMSON_RED", "MIDDLE_YELLOW", "ANDROID_GREEN", "SAGE", "ARTICHOKE",
+			),
+		},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["share_end_time"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["derived"] = rsschema.BoolAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.Bool{boolplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["end_date"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["filename"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["types"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["url"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["username"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["warning_period"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"AT_EXPIRATION", "TWO_WEEKS", "ONE_MONTH", "TWO_MONTHS", "THREE_MONTHS", "SIX_MONTHS", "NEVER",
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsClientClientApplication(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsClientClientApplication_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["client_id"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["scopes"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+	}
+	schemaAttrs["sso_application"] = rsschema.BoolAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.Bool{boolplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["last_modified_at"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["owner_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["technical_administrator_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsClientLdapClient(false),
+		}
+		attr.Optional = true
+		schemaAttrs["ldap_client"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsClientOAuth2Client(false),
+		}
+		attr.Optional = true
+		schemaAttrs["o_auth2_client"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsClientSaml2Client(false),
+		}
+		attr.Optional = true
+		schemaAttrs["saml2_client"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsClientClientApplicationLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsClientClientApplication(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsClientClientApplicationPrimer(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["client_id"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["scopes"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+	}
+	schemaAttrs["sso_application"] = rsschema.BoolAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.Bool{boolplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsClientClientApplication_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	schemaAttrs["delete_tile"] = rsschema.BoolAttribute{
+		Optional: true,
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsGroupGroupClientLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Optional = true
+		schemaAttrs["groupclients"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsGroupGroupLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["groups"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsGeneratedSecret(recurse),
+		}
+		attr.Optional = true
+		schemaAttrs["secret"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsLaunchpadSsoApplicationLaunchpadTile(recurse),
+		}
+		attr.Optional = true
+		schemaAttrs["tile"] = attr
+	}
+	schemaAttrs["vault_record_count"] = rsschema.Int64Attribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsClientLdapClient(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["bind_dn"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["client_certificate_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["share_secret_in_vault"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(true),
+	}
+	schemaAttrs["shared_secret_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["used_for_provisioning"] = rsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsClientOAuth2Client(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["account_permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed: true,
+	}
+	schemaAttrs["attributes"] = rsschema.MapAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+	}
+	schemaAttrs["callback_uri"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["confidential"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(true),
+	}
+	schemaAttrs["debug_mode"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["id_token_claims"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 512),
+		},
+	}
+	schemaAttrs["initiate_login_uri"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["resource_uris"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["share_secret_in_vault"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(true),
+	}
+	schemaAttrs["shared_secret_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["show_landing_page"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["use_client_credentials"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsClientOAuth2ClientPermission(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsClientOAuth2ClientPermission_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["for_group_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["for_system_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["value"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"ACCOUNTS_QUERY", "ACCOUNTS_REMOVE", "CLIENTS_CREATE", "CLIENTS_QUERY", "GROUPONSYSTEM_CREATE", "GROUPS_CREATE", "GROUPS_GRANT_PERMISSIONS_AFTER_CREATE", "GROUPS_QUERY", "GROUPS_SET_CLASSIFICATION", "GROUP_FULL_VAULT_ACCESS", "GROUP_LAUNCHPADTILES", "GROUP_READ_CONTENTS", "GROUP_SET_AUTHORIZATION", "PROVISIONEDSYSTEMS_QUERY", "SERVICE_ACCOUNTS_CREATE", "SERVICE_ACCOUNTS_QUERY", "SERVICE_ACCOUNTS_UPDATE",
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsClientOAuth2ClientPermissionWithClient(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsClientOAuth2ClientPermission_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["for_group_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["for_system_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["value"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"ACCOUNTS_QUERY", "ACCOUNTS_REMOVE", "CLIENTS_CREATE", "CLIENTS_QUERY", "GROUPONSYSTEM_CREATE", "GROUPS_CREATE", "GROUPS_GRANT_PERMISSIONS_AFTER_CREATE", "GROUPS_QUERY", "GROUPS_SET_CLASSIFICATION", "GROUP_FULL_VAULT_ACCESS", "GROUP_LAUNCHPADTILES", "GROUP_READ_CONTENTS", "GROUP_SET_AUTHORIZATION", "PROVISIONEDSYSTEMS_QUERY", "SERVICE_ACCOUNTS_CREATE", "SERVICE_ACCOUNTS_QUERY", "SERVICE_ACCOUNTS_UPDATE",
+			),
+		},
+	}
+	schemaAttrs["client_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsClientOAuth2ClientPermissionWithClient(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsClientOAuth2ClientPermission_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsClientSaml2Client(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["attributes"] = rsschema.MapAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+	}
+	schemaAttrs["metadata"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["metadata_url"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["subject_format"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"ID", "UPN", "USERNAME", "EMAIL",
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsDirectoryAccountDirectory(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsDirectoryAccountDirectory_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["account_validity_supported"] = rsschema.BoolAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.Bool{boolplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["active"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["base_organizational_unit_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["default_directory"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["helpdesk_group_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["restrict2fa"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["rotating_password"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"DEFAULT_OFF", "DEFAULT_ON", "ALWAYS_ON",
+			),
+		},
+	}
+	schemaAttrs["username_customizable"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsDirectoryInternalDirectory(false),
+		}
+		attr.Optional = true
+		schemaAttrs["internal_directory"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsDirectoryLDAPDirectory(false),
+		}
+		attr.Optional = true
+		schemaAttrs["l_d_a_p_directory"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsDirectoryMaintenanceDirectory(false),
+		}
+		attr.Optional = true
+		schemaAttrs["maintenance_directory"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsDirectoryOIDCDirectory(false),
+		}
+		attr.Optional = true
+		schemaAttrs["o_id_c_directory"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsDirectoryAccountDirectoryLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsDirectoryAccountDirectory(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsDirectoryAccountDirectoryPrimer(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["account_validity_supported"] = rsschema.BoolAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.Bool{boolplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["active"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsDirectoryAccountDirectoryStatusReport(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["accounts"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["reason"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["status"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"INIT_REQUIRED", "ONLINE", "DEGRADED", "NON_REDUNDANT", "OFFLINE", "DISABLED",
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsDirectoryAccountDirectorySummary(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"MAINTENANCE", "LDAP", "INTERNAL", "OIDC",
+			),
+		},
+	}
+	schemaAttrs["domain_restriction"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["fully_resolved_issuer"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsDirectoryAccountDirectoryStatusReport(recurse),
+		}
+		attr.Optional = true
+		schemaAttrs["status"] = attr
+	}
+	schemaAttrs["username_customizable"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsDirectoryAccountDirectorySummaryLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsDirectoryAccountDirectorySummary(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsDirectoryAccountDirectory_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsMarkItemMarkers(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["markers"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsDirectoryAccountDirectoryStatusReport(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["status"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsDirectoryInternalDirectory(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["owner_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsDirectoryLDAPDirectory(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["attributes_to_store"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 512),
+		},
+	}
+	schemaAttrs["base_dn"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["client_certificate_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["dialect"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  stringdefault.StaticString("ACTIVE_DIRECTORY"),
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"ACTIVE_DIRECTORY", "OPENLDAP",
+			),
+		},
+	}
+	schemaAttrs["failover_host"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["failover_trusted_certificate_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["host"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["password_recovery"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"DISABLED", "VERIFY_2FA", "VERIFY_MAIL", "VERIFY_MAIL_AND_2FA",
+			),
+		},
+	}
+	schemaAttrs["port"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["search_bind_dn"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["search_bind_password"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 128),
+		},
+	}
+	schemaAttrs["search_filter"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["tls"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"VERIFIED_PINNED", "VERIFIED", "SECURE_PINNED", "SECURE", "ENCRYPTED", "UNSECURE",
+			),
+		},
+	}
+	schemaAttrs["trusted_certificate_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsDirectoryMaintenanceDirectory(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	return schemaAttrs
+}
+func resourceSchemaAttrsDirectoryOIDCDirectory(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["acr_values"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 512),
+		},
+	}
+	schemaAttrs["attributes_to_store"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 512),
+		},
+	}
+	schemaAttrs["client_id"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["client_secret"] = rsschema.StringAttribute{
+		Required: true,
+	}
+	schemaAttrs["domain_restriction"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 512),
+		},
+	}
+	schemaAttrs["enforces2fa"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["fully_resolved_issuer"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["issuer"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 512),
+		},
+	}
+	schemaAttrs["logout_url"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 512),
+		},
+	}
+	schemaAttrs["send_login_hint"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["vendor_escaped"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"GENERIC", "GOOGLE", "AZURE_AD",
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupAuthorizedGroupsWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsGroupGroup(recurse),
+		},
+		Optional: true,
+	}
+	schemaAttrs["group_count"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroup(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsGroupGroup_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["admin"] = rsschema.BoolAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.Bool{boolplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["application_administration"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsGroupGroupAuditConfig(false),
+		}
+		attr.Optional = true
+		attr.Computed = true
+		schemaAttrs["audit_config"] = attr
+	}
+	schemaAttrs["audit_requested"] = rsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["auditor"] = rsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["authorizing_group_auditing_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["authorizing_group_delegation_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["authorizing_group_membership_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["authorizing_group_provisioning_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["authorizing_group_types"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["classification_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["description"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["extended_access"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  stringdefault.StaticString("NOT_ALLOWED"),
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"NOT_ALLOWED", "ONE_WEEK", "TWO_WEEKS", "TWO_WEEKS_NO_CONFIRM",
+			),
+		},
+	}
+	schemaAttrs["hide_audit_trail"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["nested_under_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["organizational_unit_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["private_group"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["record_trail"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["rotating_password_required"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["single_managed"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["vault_recovery"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  stringdefault.StaticString("FULL"),
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"NONE", "RECOVERY_KEY_ONLY", "FULL",
+			),
+		},
+	}
+	schemaAttrs["vault_requires_activation"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupAccount(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsGroupGroupAccount_additionalObjects(false))
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["directory_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["disconnected_nested"] = rsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["end_date"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["last_used"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["nested"] = rsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["provisioning_end_time"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["rights"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"MANAGER", "NORMAL",
+			),
+		},
+	}
+	schemaAttrs["two_factor_status"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["visible_for_provisioning"] = rsschema.BoolAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupAccountLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsGroupGroupAccount(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupAccount_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupAudit(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsGroupGroupAudit_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["accounts"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsGroupGroupAuditAccount(false),
+		},
+		Optional: true,
+	}
+	schemaAttrs["comment"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["created_at"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["created_by"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["group_name"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["name_on_audit"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["reviewed_at"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["reviewed_by"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["status"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"NEW", "DRAFT", "UNDER_REVIEW", "FINAL",
+			),
+		},
+	}
+	schemaAttrs["submitted_at"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["submitted_by"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupAuditAccount(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["account_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["account_valid"] = rsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["action"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"APPROVE", "CHANGE_TO_MANAGER", "CHANGE_TO_NORMAL", "REMOVE", "CONNECT_NESTED",
+			),
+		},
+	}
+	schemaAttrs["comment"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["disconnected_nested"] = rsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["display_name"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["end_date"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_active"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["last_used"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["nested"] = rsschema.BoolAttribute{
+		Computed: true,
+	}
+	schemaAttrs["rights"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["username"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupAuditConfig(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["months"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Computed:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(
+				stringvalidator.OneOf(
+					"JANUARY", "FEBRUARY", "MARCH", "APRIL", "MAY", "JUNE", "JULY", "AUGUST", "SEPTEMBER", "OCTOBER", "NOVEMBER", "DECEMBER",
+				),
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupAuditLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsGroupGroupAudit(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupAudit_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupAuditingInfo(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["audit_due_date"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["last_audit_date"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["nr_accounts"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["nr_disabled_accounts"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["nr_disabled_managers"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["nr_expired_vault_records"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["nr_managers"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["nr_vault_records_with_end_date"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupClassificationPrimer(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupClient(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsGroupGroupClient_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["activation_required"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["client_uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["group_uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["owner_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["technical_administrator_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupClientLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsGroupGroupClient(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupClient_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupInfo(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["nr_accounts"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["nr_accounts_with_vault"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["nr_audits"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["nr_clients"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["nr_provisioned_systems"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["nr_vault_records"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsGroupGroup(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupPrimer(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["admin"] = rsschema.BoolAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.Bool{boolplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroupPrimerLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsGroupGroupPrimer(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupGroup_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsGroupGroupAccountLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Optional = true
+		schemaAttrs["accounts"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsClientClientApplicationLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["administered_clients"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsProvisioningProvisionedSystemLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["administered_systems"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsGroupGroupAccountLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Optional = true
+		attr.DeprecationMessage = "This property will be removed in a future version."
+		schemaAttrs["admins"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsGroupAuthorizedGroupsWrapper(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["authorized_groups"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Optional = true
+		schemaAttrs["client_permissions"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsGroupGroupClientLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["clients"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsProvisioningProvisionedSystemLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["content_administered_systems"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsGroupGroupAuditingInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["groupauditinginfo"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsGroupGroupInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["groupinfo"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsDirectoryAccountDirectorySummaryLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["helpdesk"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsMarkItemMarkers(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["markers"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsGroupGroupAccount(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["myaccount"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsGroupGroupAccount(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["mydelegatedaccount"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsGroupGroupPrimerLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["nested_groups"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsClientClientApplicationLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["owned_clients"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsDirectoryAccountDirectoryLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["owned_directories"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningOwnedGroupOnSystemsWrapper(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["owned_groups_on_system"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsOrganizationOrganizationalUnitLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["owned_organizational_units"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsProvisioningProvisionedSystemLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["owned_systems"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsGroupGroupAuditLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["recent_audits"] = attr
+	}
+	schemaAttrs["requeststatus"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsServiceaccountServiceAccountLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["service_accounts"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsGroupProvisioningGroupLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["systems"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsVaultVault(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["vault"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsWebhookWebhookLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["webhooks"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupProvisioningGroup(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsGroupProvisioningGroup_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["activation_required"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(true),
+	}
+	schemaAttrs["group_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningGroupOnSystem(false),
+		}
+		attr.Computed = true
+		attr.PlanModifiers = []planmodifier.Object{objectplanmodifier.UseStateForUnknown()}
+		schemaAttrs["group_on_system"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupProvisioningGroupLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsGroupProvisioningGroup(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupProvisioningGroup_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsGroupVaultVaultRecord(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsVaultVaultRecord_additionalObjects(false))
+	}
+	schemaAttrs["group_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["color"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  stringdefault.StaticString("NONE"),
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"NONE", "GREEN", "RED", "BLUE", "DARK", "PINK_LAVENDER", "CRIMSON_RED", "MIDDLE_YELLOW", "ANDROID_GREEN", "SAGE", "ARTICHOKE",
+			),
+		},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["share_end_time"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["derived"] = rsschema.BoolAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.Bool{boolplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["end_date"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["filename"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["types"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["url"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["username"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["warning_period"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"AT_EXPIRATION", "TWO_WEEKS", "ONE_MONTH", "TWO_MONTHS", "THREE_MONTHS", "SIX_MONTHS", "NEVER",
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsLaunchpadSsoApplicationLaunchpadTile(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["uri"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsLaunchpadVaultRecordLaunchpadTile(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	return schemaAttrs
+}
+func resourceSchemaAttrsMarkItemMarker(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["level"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"INFO", "WARNING",
+			),
+		},
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"TLS_DISABLED", "TLS_UNVERIFIED", "WEAK_PASSWORD_HASHING", "GROUP_NO_MANAGER", "GROUP_ONE_MANAGER", "GROUP_UNREADABLE_VAULT", "GROUP_UNRECOVERABLE_VAULT", "GROUP_CRITERIA_UNSATISFIED_AUDIT_INTERVAL", "GROUP_CRITERIA_UNSATISFIED_AUDIT_MONTHS", "GROUP_CRITERIA_UNSATISFIED_AUTHORIZING_GROUP_PROVISIONING", "GROUP_CRITERIA_UNSATISFIED_AUTHORIZING_GROUP_MEMBERSHIP", "GROUP_CRITERIA_UNSATISFIED_AUTHORIZING_GROUP_DELEGATION", "GROUP_CRITERIA_UNSATISFIED_AUTHORIZING_GROUP_AUDITING", "GROUP_CRITERIA_UNSATISFIED_RECORD_TRAIL", "GROUP_CRITERIA_UNSATISFIED_ROTATING_PASSWORD_REQUIRED", "GROUP_CRITERIA_UNSATISFIED_VAULT_REQUIRES_ACTIVATION", "GROUP_CRITERIA_UNSATISFIED_MINIMUM_NR_MANAGERS",
+			),
+		},
+	}
+	schemaAttrs["parameters"] = rsschema.MapAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsMarkItemMarkers(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["markers"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsMarkItemMarker(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsNestedProvisioningGroupOnSystem(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsProvisioningGroupOnSystem_additionalObjects(false))
+	}
+	schemaAttrs["provisioned_system_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["display_name"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["name_in_system"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"POSIX_GROUP", "GROUP_OF_NAMES", "GROUP_OF_UNIQUE_NAMES", "GROUP", "AZURE_ROLE", "AZURE_UNIFIED_GROUP", "AZURE_SECURITY_GROUP",
+			),
+		},
+	}
+	schemaAttrs["short_name_in_system"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["owner_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsOrganizationOrganizationalUnit(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsOrganizationOrganizationalUnit_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["depth"] = rsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["description"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["owner_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["parent_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsOrganizationOrganizationalUnitLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsOrganizationOrganizationalUnit(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsOrganizationOrganizationalUnitPrimer(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsOrganizationOrganizationalUnitPrimerLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsOrganizationOrganizationalUnitPrimer(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsOrganizationOrganizationalUnit_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsOrganizationOrganizationalUnitPrimerLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Optional = true
+		schemaAttrs["create_as_parent_of"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningAbstractProvisionedLDAP(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["attributes"] = rsschema.MapAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+	}
+	schemaAttrs["base_dn"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["bind_dn"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["bind_password"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 128),
+		},
+	}
+	schemaAttrs["client_certificate_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["failover_host"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["failover_trusted_certificate_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["group_dn"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["host"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["object_classes"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["port"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["service_account_dn"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["ssh_public_key_supported"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(true),
+	}
+	schemaAttrs["tls"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"VERIFIED_PINNED", "VERIFIED", "SECURE_PINNED", "SECURE", "ENCRYPTED", "UNSECURE",
+			),
+		},
+	}
+	schemaAttrs["trusted_certificate_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["user_dn"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningCircuitBreakerStatistics(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["number_of_failed_calls"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["number_of_not_permitted_calls"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["number_of_successful_calls"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["state"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"CLOSED", "OPEN", "HALF_OPEN",
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningGroupOnSystem(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsProvisioningGroupOnSystem_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["display_name"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["name_in_system"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"POSIX_GROUP", "GROUP_OF_NAMES", "GROUP_OF_UNIQUE_NAMES", "GROUP", "AZURE_ROLE", "AZURE_UNIFIED_GROUP", "AZURE_SECURITY_GROUP",
+			),
+		},
+	}
+	schemaAttrs["short_name_in_system"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["owner_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningGroupOnSystemLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsProvisioningGroupOnSystem(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningGroupOnSystemPrimer(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["display_name"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["name_in_system"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"POSIX_GROUP", "GROUP_OF_NAMES", "GROUP_OF_UNIQUE_NAMES", "GROUP", "AZURE_ROLE", "AZURE_UNIFIED_GROUP", "AZURE_SECURITY_GROUP",
+			),
+		},
+	}
+	schemaAttrs["short_name_in_system"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningGroupOnSystemTypes(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["types"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(
+				stringvalidator.OneOf(
+					"POSIX_GROUP", "GROUP_OF_NAMES", "GROUP_OF_UNIQUE_NAMES", "GROUP", "AZURE_ROLE", "AZURE_UNIFIED_GROUP", "AZURE_SECURITY_GROUP",
+				),
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningGroupOnSystem_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsGroupProvisioningGroupLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Optional = true
+		schemaAttrs["provgroups"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsServiceaccountServiceAccountPrimerLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Optional = true
+		schemaAttrs["service_accounts"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningOwnedGroupOnSystemsWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsProvisioningGroupOnSystem(recurse),
+		},
+		Optional: true,
+	}
+	schemaAttrs["unlinked_count"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionNumberSequence(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsProvisioningProvisionNumberSequence_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["account_count"] = rsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["next_uid"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(2000),
+		Validators: []validator.Int64{
+			int64validator.Between(2000, 60000),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionNumberSequence_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsProvisioningProvisionedSystemPrimerLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["systems"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedAD(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["sam_account_name_scheme"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"OMIT", "TRUNCATE", "TRANSFER", "TRANSFER_TRUNCATE", "USERNAME",
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedAccount(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsProvisioningProvisionedAccount_additionalObjects(false))
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["uid"] = rsschema.Int64Attribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.Int64{int64planmodifier.UseStateForUnknown()},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedAccount_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedAzureOIDCDirectory(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["directory_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["tenant"] = rsschema.StringAttribute{
+		Required: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedAzureSyncLDAPDirectory(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["client_id"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["client_secret"] = rsschema.StringAttribute{
+		Required: true,
+	}
+	schemaAttrs["directory_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["tenant"] = rsschema.StringAttribute{
+		Required: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedAzureTenant(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["client_id"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["client_secret"] = rsschema.StringAttribute{
+		Required: true,
+	}
+	schemaAttrs["idp_domain"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["tenant"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedInternalLDAP(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["client_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedLDAP(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["gid"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["hashing_scheme"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"SSHA", "PBKDF2",
+			),
+		},
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningProvisionNumberSequence(recurse),
+		}
+		attr.Required = true
+		schemaAttrs["numbering"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedLDAPDirectory(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["directory_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["group_dn"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedSystem(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsProvisioningProvisionedSystem_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["active"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["organizational_unit_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["account_count"] = rsschema.Int64Attribute{
+		Computed: true,
+	}
+	schemaAttrs["content_administrator_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["external_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["owner_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["self_service_existing_groups"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(true),
+	}
+	schemaAttrs["self_service_new_groups"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(true),
+	}
+	schemaAttrs["self_service_service_accounts"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(true),
+	}
+	schemaAttrs["should_destroy_unknown_accounts"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["technical_administrator_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["username_prefix"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningAbstractProvisionedLDAP(false),
+		}
+		attr.Optional = true
+		schemaAttrs["abstract_provisioned_ldap"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningProvisionedAD(false),
+		}
+		attr.Optional = true
+		schemaAttrs["provisioned_a_d"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningProvisionedAzureOIDCDirectory(false),
+		}
+		attr.Optional = true
+		schemaAttrs["provisioned_azure_oidc_directory"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningProvisionedAzureSyncLDAPDirectory(false),
+		}
+		attr.Optional = true
+		schemaAttrs["provisioned_azure_sync_ldap_directory"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningProvisionedAzureTenant(false),
+		}
+		attr.Optional = true
+		schemaAttrs["provisioned_azure_tenant"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningProvisionedInternalLDAP(false),
+		}
+		attr.Optional = true
+		schemaAttrs["provisioned_internal_ldap"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningProvisionedLDAP(false),
+		}
+		attr.Optional = true
+		schemaAttrs["provisioned_ldap"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningProvisionedLDAPDirectory(false),
+		}
+		attr.Optional = true
+		schemaAttrs["provisioned_ldap_directory"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedSystemLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsProvisioningProvisionedSystem(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedSystemPrimer(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["active"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["organizational_unit_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedSystemPrimerLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsProvisioningProvisionedSystemPrimer(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisionedSystem_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningProvisionedAccount(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["account"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["issued_permissions"] = attr
+	}
+	schemaAttrs["login_name"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningProvisioningManagementPermissions(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["management_permissions"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsMarkItemMarkers(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["markers"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningCircuitBreakerStatistics(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["statistics"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsProvisioningGroupOnSystemTypes(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["supported_group_types"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsProvisioningProvisioningManagementPermissions(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["create_new_groups_allowed"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["create_service_accounts_allowed"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["reuse_existing_groups_allowed"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsServiceaccountServiceAccount(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsServiceaccountServiceAccount_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["active"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["system_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["username"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["description"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["password_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	schemaAttrs["password_rotation"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"MANUAL", "MANUAL_STORED_IN_VAULT", "DAILY",
+			),
+		},
+	}
+	schemaAttrs["technical_administrator_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsServiceaccountServiceAccountGroup(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsServiceaccountServiceAccountGroup_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["display_name"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["name_in_system"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"POSIX_GROUP", "GROUP_OF_NAMES", "GROUP_OF_UNIQUE_NAMES", "GROUP", "AZURE_ROLE", "AZURE_UNIFIED_GROUP", "AZURE_SECURITY_GROUP",
+			),
+		},
+	}
+	schemaAttrs["short_name_in_system"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsServiceaccountServiceAccountGroupLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsServiceaccountServiceAccountGroup(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsServiceaccountServiceAccountGroup_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsServiceaccountServiceAccountLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsServiceaccountServiceAccount(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsServiceaccountServiceAccountPrimer(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["active"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["system_uuid"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["username"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsServiceaccountServiceAccountPrimerLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsServiceaccountServiceAccountPrimer(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsServiceaccountServiceAccount_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsServiceaccountServiceAccountGroupLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["groups"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsGeneratedSecret(recurse),
+		}
+		attr.Optional = true
+		schemaAttrs["secret"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsVaultPasswordMetadata(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["dictionary"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["duplicate"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["hash"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["length"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["lower_count"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["number_count"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["special_count"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["strength"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	schemaAttrs["upper_count"] = rsschema.Int64Attribute{
+		Computed: true,
+		Optional: true,
+		Default:  int64default.StaticInt64(0),
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsVaultVault(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["access_available"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["records"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(
+				stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsVaultVaultHolder(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	return schemaAttrs
+}
+func resourceSchemaAttrsVaultVaultRecord(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsVaultVaultRecord_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["color"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  stringdefault.StaticString("NONE"),
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"NONE", "GREEN", "RED", "BLUE", "DARK", "PINK_LAVENDER", "CRIMSON_RED", "MIDDLE_YELLOW", "ANDROID_GREEN", "SAGE", "ARTICHOKE",
+			),
+		},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["share_end_time"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["derived"] = rsschema.BoolAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.Bool{boolplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["end_date"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["filename"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["types"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Computed:    true,
+	}
+	schemaAttrs["url"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["username"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["warning_period"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"AT_EXPIRATION", "TWO_WEEKS", "ONE_MONTH", "TWO_MONTHS", "THREE_MONTHS", "SIX_MONTHS", "NEVER",
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsVaultVaultRecordPrimer(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["color"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  stringdefault.StaticString("NONE"),
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"NONE", "GREEN", "RED", "BLUE", "DARK", "PINK_LAVENDER", "CRIMSON_RED", "MIDDLE_YELLOW", "ANDROID_GREEN", "SAGE", "ARTICHOKE",
+			),
+		},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["share_end_time"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsVaultVaultRecordPrimerLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsVaultVaultRecordPrimer(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsVaultVaultRecordSecrets(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["comment"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["file"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["password"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["totp"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["write_totp"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsVaultVaultRecordShare(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Optional: true,
+	}
+	schemaAttrs["type"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"ACCOUNT", "CLIENT", "GROUP",
+			),
+		},
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsVaultVaultRecordShareSummary(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["children"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsVaultVaultRecordShare(recurse),
+		},
+		Optional: true,
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsVaultVaultRecordShare(recurse),
+		}
+		attr.Optional = true
+		schemaAttrs["parent"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsVaultVaultRecord_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	schemaAttrs["delete_tile"] = rsschema.BoolAttribute{
+		Optional: true,
+	}
+	schemaAttrs["parent_uuid"] = rsschema.StringAttribute{
+		Computed: true,
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsVaultPasswordMetadata(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["password_metadata"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsVaultVaultRecordSecrets(recurse),
+		}
+		attr.Optional = true
+		schemaAttrs["secret"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsVaultVaultRecordShareSummary(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["share_summary"] = attr
+	}
+	{
+		attr := resetListNestedAttributeFlags(resourceSchemaAttrsVaultVaultRecordPrimerLinkableWrapper(recurse)["items"].(rsschema.ListNestedAttribute))
+		attr.Computed = true
+		schemaAttrs["shares"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsLaunchpadVaultRecordLaunchpadTile(recurse),
+		}
+		attr.Optional = true
+		schemaAttrs["tile"] = attr
+	}
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsVaultVaultHolder(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["vaultholder"] = attr
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsWebhookWebhook(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	if recurse {
+		maps.Copy(schemaAttrs, resourceSchemaAttrsWebhookWebhook_additionalObjects(false))
+	}
+	schemaAttrs["links"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsRestLink(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["permissions"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsAuthPermission(recurse),
+		},
+		Computed:      true,
+		PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["account_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["active"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(true),
+	}
+	schemaAttrs["all_types"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	schemaAttrs["authentication_scheme"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  stringdefault.StaticString("NONE"),
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"NONE", "BASIC", "BEARER", "CUSTOM",
+			),
+		},
+	}
+	schemaAttrs["basic_auth_password"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 512),
+		},
+	}
+	schemaAttrs["basic_auth_username"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 512),
+		},
+	}
+	schemaAttrs["bearer_token"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["client_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["client_certificate_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["custom_header_name"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 64),
+		},
+	}
+	schemaAttrs["custom_header_value"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 1024),
+		},
+	}
+	schemaAttrs["directory_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["group_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["name"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 255),
+		},
+	}
+	schemaAttrs["system_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["tls"] = rsschema.StringAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  stringdefault.StaticString("SECURE"),
+		Validators: []validator.String{
+			stringvalidator.OneOf(
+				"VERIFIED_PINNED", "VERIFIED", "SECURE_PINNED", "SECURE", "ENCRYPTED", "UNSECURE",
+			),
+		},
+	}
+	schemaAttrs["trusted_certificate_uuid"] = rsschema.StringAttribute{
+		Optional: true,
+		Validators: []validator.String{
+			stringvalidator.RegexMatches(regexp.MustCompile("[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), "The value must be a valid UUID"),
+		},
+	}
+	schemaAttrs["types"] = rsschema.ListAttribute{
+		ElementType: types.StringType,
+		Optional:    true,
+		Validators: []validator.List{
+			listvalidator.ValueStringsAre(
+				stringvalidator.OneOf(
+					"ACCOUNT_2FA_DISABLED", "ACCOUNT_2FA_ENABLED", "ACCOUNT_ADDED_TO_GROUP", "ACCOUNT_ADDED_TO_ORGANIZATIONAL_UNIT", "ACCOUNT_CREATED", "ACCOUNT_DEPROVISIONED", "ACCOUNT_DISABLED", "ACCOUNT_ENABLED", "ACCOUNT_GROUP_ACTIVATED", "ACCOUNT_GROUP_ACTIVATION_REASON", "ACCOUNT_GROUP_DEPROVISIONED", "ACCOUNT_GROUP_PROVISIONED", "ACCOUNT_LOGIN", "ACCOUNT_LOGIN_FAILED", "ACCOUNT_MODIFIED_FOR_GROUP", "ACCOUNT_PASSWORD_CHANGED", "ACCOUNT_PROVISIONED", "ACCOUNT_PROVISIONING_DESTROYED", "ACCOUNT_PROVISIONING_INITED", "ACCOUNT_PROVISIONING_SETUP", "ACCOUNT_REMOVED", "ACCOUNT_REMOVED_FROM_GROUP", "ACCOUNT_REMOVED_FROM_ORGANIZATIONAL_UNIT", "ACCOUNT_REREGISTERED", "ACCOUNT_SSH_PUBLIC_KEY_MODIFIED", "ACCOUNT_TOKEN_SIGNED", "ACCOUNT_TOTP_OFFSET_CHANGED", "ACCOUNT_VAULT_UNLOCKED", "ADD_GROUP_ADMIN_ACCEPTED", "ADD_GROUP_ADMIN_DECLINED", "ADD_GROUP_ADMIN_REQUESTED", "AUDITOR_EXPORT_GENERATED", "CERTIFICATE_CREATED", "CERTIFICATE_MODIFIED", "CERTIFICATE_REMOVED", "CLIENT_ADDED_TO_GROUP", "CLIENT_CREATED", "CLIENT_MODIFIED", "CLIENT_MODIFIED_FOR_GROUP", "CLIENT_PERMISSION_GRANTED", "CLIENT_PERMISSION_REVOKED", "CLIENT_REMOVED", "CLIENT_REMOVED_FROM_GROUP", "CLIENT_SECRET_ROTATED", "CREATE_GROUP_ACCEPTED", "CREATE_GROUP_DECLINED", "CREATE_GROUP_REQUESTED", "CREATE_GROUP_ON_SYSTEM_ACCEPTED", "CREATE_GROUP_ON_SYSTEM_DECLINED", "CREATE_GROUP_ON_SYSTEM_REQUESTED", "CREATE_SERVICE_ACCOUNT_ACCEPTED", "CREATE_SERVICE_ACCOUNT_DECLINED", "CREATE_SERVICE_ACCOUNT_REQUESTED", "DIRECTORY_CREATED", "DIRECTORY_HELPDESK_MODIFIED", "DIRECTORY_MODIFIED", "DIRECTORY_REMOVED", "DISABLE_2FA_ACCEPTED", "DISABLE_2FA_DECLINED", "DISABLE_2FA_REQUESTED", "ENABLE_TECHNICAL_ADMINISTRATION_ACCEPTED", "ENABLE_TECHNICAL_ADMINISTRATION_DECLINED", "ENABLE_TECHNICAL_ADMINISTRATION_REQUESTED", "EXTENDED_ACCESS_ACCEPTED", "EXTENDED_ACCESS_DECLINED", "EXTENDED_ACCESS_REQUESTED", "GRANT_ACCESS_ACCEPTED", "GRANT_ACCESS_DECLINED", "GRANT_ACCESS_REQUESTED", "GRANT_APPLICATION_ACCEPTED", "GRANT_APPLICATION_DECLINED", "GRANT_APPLICATION_REQUESTED", "GRANT_CLIENT_PERMISSION_ACCEPTED", "GRANT_CLIENT_PERMISSION_DECLINED", "GRANT_CLIENT_PERMISSION_REQUESTED", "GRANT_GROUP_ON_SYSTEM_ACCEPTED", "GRANT_GROUP_ON_SYSTEM_DECLINED", "GRANT_GROUP_ON_SYSTEM_REQUESTED", "GRANT_GROUP_ON_SYSTEM_REQUEST_ACCEPTED", "GRANT_GROUP_ON_SYSTEM_REQUEST_DECLINED", "GRANT_GROUP_ON_SYSTEM_REQUEST_REQUESTED", "GRANT_SERVICE_ACCOUNT_GROUP_ACCEPTED", "GRANT_SERVICE_ACCOUNT_GROUP_DECLINED", "GRANT_SERVICE_ACCOUNT_GROUP_REQUESTED", "GROUP_AUDIT_CREATED", "GROUP_AUDIT_REQUESTED", "GROUP_AUTHORIZATION_CONNECTED", "GROUP_AUTHORIZATION_DISCONNECTED", "GROUP_CLASSIFICATION_ASSIGNED", "GROUP_CLASSIFICATION_CREATED", "GROUP_CLASSIFICATION_MODIFIED", "GROUP_CLASSIFICATION_REMOVED", "GROUP_CREATED", "GROUP_MODIFIED", "GROUP_NESTING_CONNECTED", "GROUP_NESTING_DISCONNECTED", "GROUP_ON_SYSTEM_CREATED", "GROUP_ON_SYSTEM_DEPROVISIONED", "GROUP_ON_SYSTEM_PROVISIONED", "GROUP_ON_SYSTEM_REMOVED", "GROUP_REMOVED", "INTERNAL_ACCOUNT_ACTIVATED", "INTERNAL_ACCOUNT_CREATED", "INTERNAL_ACCOUNT_MODIFIED", "INTERNAL_ACCOUNT_REMOVED", "INVALID_SIGNATURE_DETECTED", "JOIN_GROUP_ACCEPTED", "JOIN_GROUP_DECLINED", "JOIN_GROUP_REQUESTED", "JOIN_VAULT_ACCEPTED", "JOIN_VAULT_DECLINED", "JOIN_VAULT_REQUESTED", "LICENSE_KEY_UPLOADED", "ORGANIZATIONAL_UNIT_CREATED", "ORGANIZATIONAL_UNIT_MODIFIED", "ORGANIZATIONAL_UNIT_REMOVED", "PROVISIONED_SYSTEM_ADDED_TO_GROUP", "PROVISIONED_SYSTEM_CREATED", "PROVISIONED_SYSTEM_MODIFIED", "PROVISIONED_SYSTEM_MODIFIED_FOR_GROUP", "PROVISIONED_SYSTEM_REMOVED", "PROVISIONED_SYSTEM_REMOVED_FROM_GROUP", "PROVISIONED_SYSTEM_UNKNOWN_ACCOUNT_DESTROYED", "REMOVE_GROUP_ACCEPTED", "REMOVE_GROUP_DECLINED", "REMOVE_GROUP_REQUESTED", "REMOVE_ORGANIZATIONAL_UNIT_ACCEPTED", "REMOVE_ORGANIZATIONAL_UNIT_DECLINED", "REMOVE_ORGANIZATIONAL_UNIT_REQUESTED", "REMOVE_PROVISIONED_SYSTEM_ACCEPTED", "REMOVE_PROVISIONED_SYSTEM_DECLINED", "REMOVE_PROVISIONED_SYSTEM_REQUESTED", "RESET_PASSWORD_ACCEPTED", "RESET_PASSWORD_DECLINED", "RESET_PASSWORD_FINISHED", "RESET_PASSWORD_REQUESTED", "REVIEW_AUDIT_ACCEPTED", "REVIEW_AUDIT_DECLINED", "REVIEW_AUDIT_REQUESTED", "REVOKE_ADMIN_ACCEPTED", "REVOKE_ADMIN_DECLINED", "REVOKE_ADMIN_REQUESTED", "SERVICE_ACCOUNT_ADDED_TO_GROUP", "SERVICE_ACCOUNT_CREATED", "SERVICE_ACCOUNT_GROUP_DEPROVISIONED", "SERVICE_ACCOUNT_GROUP_PROVISIONED", "SERVICE_ACCOUNT_MODIFIED", "SERVICE_ACCOUNT_PASSWORD_ROTATED", "SERVICE_ACCOUNT_PROVISIONING_DESTROYED", "SERVICE_ACCOUNT_PROVISIONING_INITED", "SERVICE_ACCOUNT_REMOVED", "SERVICE_ACCOUNT_REMOVED_FROM_GROUP", "SETUP_AUTHORIZING_GROUP_CONNECT_ACCEPTED", "SETUP_AUTHORIZING_GROUP_CONNECT_DECLINED", "SETUP_AUTHORIZING_GROUP_CONNECT_REQUESTED", "SETUP_AUTHORIZING_GROUP_DISCONNECT_ACCEPTED", "SETUP_AUTHORIZING_GROUP_DISCONNECT_DECLINED", "SETUP_AUTHORIZING_GROUP_DISCONNECT_REQUESTED", "SETUP_NESTED_GROUP_CONNECT_ACCEPTED", "SETUP_NESTED_GROUP_CONNECT_DECLINED", "SETUP_NESTED_GROUP_CONNECT_REQUESTED", "SETUP_NESTED_GROUP_DISCONNECT_ACCEPTED", "SETUP_NESTED_GROUP_DISCONNECT_DECLINED", "SETUP_NESTED_GROUP_DISCONNECT_REQUESTED", "TRANSFER_APPLICATION_ADMINISTRATION_ACCEPTED", "TRANSFER_APPLICATION_ADMINISTRATION_DECLINED", "TRANSFER_APPLICATION_ADMINISTRATION_REQUESTED", "TRANSFER_APPLICATION_OWNERSHIP_ACCEPTED", "TRANSFER_APPLICATION_OWNERSHIP_DECLINED", "TRANSFER_APPLICATION_OWNERSHIP_REQUESTED", "TRANSFER_GROUP_ON_SYSTEM_OWNERSHIP_ACCEPTED", "TRANSFER_GROUP_ON_SYSTEM_OWNERSHIP_DECLINED", "TRANSFER_GROUP_ON_SYSTEM_OWNERSHIP_REQUESTED", "TRANSFER_ORGANIZATIONAL_UNIT_OWNERSHIP_ACCEPTED", "TRANSFER_ORGANIZATIONAL_UNIT_OWNERSHIP_DECLINED", "TRANSFER_ORGANIZATIONAL_UNIT_OWNERSHIP_REQUESTED", "TRANSFER_PROVISIONED_SYSTEM_ADMINISTRATION_ACCEPTED", "TRANSFER_PROVISIONED_SYSTEM_ADMINISTRATION_DECLINED", "TRANSFER_PROVISIONED_SYSTEM_ADMINISTRATION_REQUESTED", "TRANSFER_PROVISIONED_SYSTEM_CONTENT_ADMINISTRATION_ACCEPTED", "TRANSFER_PROVISIONED_SYSTEM_CONTENT_ADMINISTRATION_DECLINED", "TRANSFER_PROVISIONED_SYSTEM_CONTENT_ADMINISTRATION_REQUESTED", "TRANSFER_PROVISIONED_SYSTEM_OWNERSHIP_ACCEPTED", "TRANSFER_PROVISIONED_SYSTEM_OWNERSHIP_DECLINED", "TRANSFER_PROVISIONED_SYSTEM_OWNERSHIP_REQUESTED", "TRANSFER_SERVICE_ACCOUNT_ADMINISTRATION_ACCEPTED", "TRANSFER_SERVICE_ACCOUNT_ADMINISTRATION_DECLINED", "TRANSFER_SERVICE_ACCOUNT_ADMINISTRATION_REQUESTED", "TRANSFER_AUDITOR_GROUP_ACCEPTED", "TRANSFER_AUDITOR_GROUP_DECLINED", "TRANSFER_AUDITOR_GROUP_REQUESTED", "UPDATE_GROUP_MEMBERSHIP_ACCEPTED", "UPDATE_GROUP_MEMBERSHIP_DECLINED", "UPDATE_GROUP_MEMBERSHIP_REQUESTED", "VAULT_ACCESS_RESTORED", "VAULT_EXPORTED", "VAULT_PERSONAL_RESET", "VAULT_PERSONAL_SETUP", "VAULT_RECORD_CREATED", "VAULT_RECORD_MODIFIED", "VAULT_RECORD_MOVED_COPIED_SHARED", "VAULT_RECORD_READ", "VAULT_RECORD_REMOVED", "VAULT_RECOVERED", "VERIFY_INTERNAL_ACCOUNT_ACCEPTED", "VERIFY_INTERNAL_ACCOUNT_DECLINED", "VERIFY_INTERNAL_ACCOUNT_REQUESTED", "WEBHOOK_CREATED", "WEBHOOK_MODIFIED", "WEBHOOK_REMOVED",
+				),
+			),
+		},
+	}
+	schemaAttrs["url"] = rsschema.StringAttribute{
+		Required: true,
+		Validators: []validator.String{
+			stringvalidator.UTF8LengthBetween(0, 512),
+		},
+	}
+	schemaAttrs["uuid"] = rsschema.StringAttribute{
+		Computed:      true,
+		PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+	}
+	schemaAttrs["verbose_payloads"] = rsschema.BoolAttribute{
+		Computed: true,
+		Optional: true,
+		Default:  booldefault.StaticBool(false),
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsWebhookWebhookLinkableWrapper(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	schemaAttrs["items"] = rsschema.ListNestedAttribute{
+		NestedObject: rsschema.NestedAttributeObject{
+			Attributes: resourceSchemaAttrsWebhookWebhook(recurse),
+		},
+		Optional: true,
+	}
+	return schemaAttrs
+}
+func resourceSchemaAttrsWebhookWebhook_additionalObjects(recurse bool) map[string]rsschema.Attribute {
+	schemaAttrs := make(map[string]rsschema.Attribute)
+	{
+		attr := rsschema.SingleNestedAttribute{
+			Attributes: resourceSchemaAttrsAuditInfo(recurse),
+		}
+		attr.Computed = true
+		schemaAttrs["audit"] = attr
+	}
+	return schemaAttrs
+}
diff --git a/internal/provider/full-tf-to-data-struct-ds.go b/internal/provider/full-tf-to-data-struct-ds.go
new file mode 100644
index 0000000..d399c5e
--- /dev/null
+++ b/internal/provider/full-tf-to-data-struct-ds.go
@@ -0,0 +1,1136 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+)
+
+func fillDataStructFromTFObjectDSAuditInfo(data *auditInfoDataDS, obj types.Object) {
+	data.CreatedAt = obj.Attributes()["created_at"].(basetypes.StringValue)
+	data.CreatedBy = obj.Attributes()["created_by"].(basetypes.StringValue)
+	data.LastModifiedAt = obj.Attributes()["last_modified_at"].(basetypes.StringValue)
+	data.LastModifiedBy = obj.Attributes()["last_modified_by"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSGeneratedSecret(data *generatedSecretDataDS, obj types.Object) {
+	data.GeneratedSecret = obj.Attributes()["generated_secret"].(basetypes.StringValue)
+	data.OldSecret = obj.Attributes()["old_secret"].(basetypes.StringValue)
+	data.Regenerate = obj.Attributes()["regenerate"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectDSLinkable(data *linkableDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSNonLinkable(data *nonLinkableDataDS, obj types.Object) {
+}
+
+func fillDataStructFromTFObjectDSRestLink(data *restLinkDataDS, obj types.Object) {
+	data.Href = obj.Attributes()["href"].(basetypes.StringValue)
+	data.ID = obj.Attributes()["id"].(basetypes.Int64Value)
+	data.Rel = obj.Attributes()["rel"].(basetypes.StringValue)
+	data.TypeEscaped = obj.Attributes()["type_escaped"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSAuthAccount(data *authAccountDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.LastActive = obj.Attributes()["last_active"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Validity = obj.Attributes()["validity"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.AccountPermissions = obj.Attributes()["account_permissions"].(basetypes.ListValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.ActiveLogin = obj.Attributes()["active_login"].(basetypes.BoolValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Groups = obj.Attributes()["groups"].(basetypes.ListValue)
+	data.PendingRecoveryRequests = obj.Attributes()["pending_recovery_requests"].(basetypes.ObjectValue)
+	data.Settings = obj.Attributes()["settings"].(basetypes.ObjectValue)
+	data.StoredAttributes = obj.Attributes()["stored_attributes"].(basetypes.ObjectValue)
+	data.Vault = obj.Attributes()["vault"].(basetypes.ObjectValue)
+	data.CanRequestGroups = obj.Attributes()["can_request_groups"].(basetypes.BoolValue)
+	data.Directory = obj.Attributes()["directory"].(basetypes.ObjectValue)
+	data.DirectoryName = obj.Attributes()["directory_name"].(basetypes.StringValue)
+	data.DirectoryPasswordChangeRequired = obj.Attributes()["directory_password_change_required"].(basetypes.BoolValue)
+	data.DirectoryRotatingPassword = obj.Attributes()["directory_rotating_password"].(basetypes.StringValue)
+	data.DirectoryType = obj.Attributes()["directory_type"].(basetypes.StringValue)
+	data.Email = obj.Attributes()["email"].(basetypes.StringValue)
+	data.IDInDirectory = obj.Attributes()["id_in_directory"].(basetypes.StringValue)
+	data.KeyHubPasswordChangeRequired = obj.Attributes()["key_hub_password_change_required"].(basetypes.BoolValue)
+	data.LastModifiedAt = obj.Attributes()["last_modified_at"].(basetypes.StringValue)
+	data.LicenseRole = obj.Attributes()["license_role"].(basetypes.StringValue)
+	data.Locale = obj.Attributes()["locale"].(basetypes.StringValue)
+	data.ReregistrationRequired = obj.Attributes()["reregistration_required"].(basetypes.BoolValue)
+	data.TokenPasswordEnabled = obj.Attributes()["token_password_enabled"].(basetypes.BoolValue)
+	data.TwoFactorStatus = obj.Attributes()["two_factor_status"].(basetypes.StringValue)
+	data.ValidInDirectory = obj.Attributes()["valid_in_directory"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectDSAuthAccountPrimer(data *authAccountPrimerDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.LastActive = obj.Attributes()["last_active"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Validity = obj.Attributes()["validity"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSAuthAccountRecoveryStatus(data *authAccountRecoveryStatusDataDS, obj types.Object) {
+	data.Pending2FARecoveryRequest = obj.Attributes()["pending2fa_recovery_request"].(basetypes.BoolValue)
+	data.PendingPasswordRecoveryRequest = obj.Attributes()["pending_password_recovery_request"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectDSAuthAccountSettings(data *authAccountSettingsDataDS, obj types.Object) {
+	data.DefaultOrganizationalUnit = obj.Attributes()["default_organizational_unit"].(basetypes.ObjectValue)
+	data.DirectoryName = obj.Attributes()["directory_name"].(basetypes.StringValue)
+	data.DirectoryType = obj.Attributes()["directory_type"].(basetypes.StringValue)
+	data.InGroups = obj.Attributes()["in_groups"].(basetypes.BoolValue)
+	data.InMultipleOrganizationalUnits = obj.Attributes()["in_multiple_organizational_units"].(basetypes.BoolValue)
+	data.KeyHubAdmin = obj.Attributes()["key_hub_admin"].(basetypes.BoolValue)
+	data.MultipleOrganizationalUnitsExist = obj.Attributes()["multiple_organizational_units_exist"].(basetypes.BoolValue)
+	data.PasswordMode = obj.Attributes()["password_mode"].(basetypes.StringValue)
+	data.SshPublicKey = obj.Attributes()["ssh_public_key"].(basetypes.StringValue)
+	data.TwoFactorAuthentication = obj.Attributes()["two_factor_authentication"].(basetypes.StringValue)
+	data.UseTokenPassword = obj.Attributes()["use_token_password"].(basetypes.BoolValue)
+	data.VaultStatus = obj.Attributes()["vault_status"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSAuthAccount_additionalObjects(data *authAccount_additionalObjectsDataDS, obj types.Object) {
+	data.ActiveLogin = obj.Attributes()["active_login"].(basetypes.BoolValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Groups = obj.Attributes()["groups"].(basetypes.ListValue)
+	data.PendingRecoveryRequests = obj.Attributes()["pending_recovery_requests"].(basetypes.ObjectValue)
+	data.Settings = obj.Attributes()["settings"].(basetypes.ObjectValue)
+	data.StoredAttributes = obj.Attributes()["stored_attributes"].(basetypes.ObjectValue)
+	data.Vault = obj.Attributes()["vault"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSAuthPermission(data *authPermissionDataDS, obj types.Object) {
+	data.Full = obj.Attributes()["full"].(basetypes.StringValue)
+	data.Instances = obj.Attributes()["instances"].(basetypes.ListValue)
+	data.Operations = obj.Attributes()["operations"].(basetypes.ListValue)
+	data.TypeEscaped = obj.Attributes()["type_escaped"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSAuthStoredAccountAttribute(data *authStoredAccountAttributeDataDS, obj types.Object) {
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.Value = obj.Attributes()["value"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSAuthStoredAccountAttributes(data *authStoredAccountAttributesDataDS, obj types.Object) {
+	data.Attributes = obj.Attributes()["attributes"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSCertificateCertificate(data *certificateCertificateDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Alias = obj.Attributes()["alias"].(basetypes.StringValue)
+	data.CertificateCertificatePrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.CertificateData = obj.Attributes()["certificate_data"].(basetypes.ListValue)
+	data.Expiration = obj.Attributes()["expiration"].(basetypes.StringValue)
+	data.FingerprintSha1 = obj.Attributes()["fingerprint_sha1"].(basetypes.StringValue)
+	data.FingerprintSha256 = obj.Attributes()["fingerprint_sha256"].(basetypes.StringValue)
+	data.Global = obj.Attributes()["global"].(basetypes.BoolValue)
+	data.SubjectDN = obj.Attributes()["subject_dn"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.KeyData = obj.Attributes()["key_data"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSCertificateCertificatePrimer(data *certificateCertificatePrimerDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Alias = obj.Attributes()["alias"].(basetypes.StringValue)
+	data.CertificateCertificatePrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.CertificateData = obj.Attributes()["certificate_data"].(basetypes.ListValue)
+	data.Expiration = obj.Attributes()["expiration"].(basetypes.StringValue)
+	data.FingerprintSha1 = obj.Attributes()["fingerprint_sha1"].(basetypes.StringValue)
+	data.FingerprintSha256 = obj.Attributes()["fingerprint_sha256"].(basetypes.StringValue)
+	data.Global = obj.Attributes()["global"].(basetypes.BoolValue)
+	data.SubjectDN = obj.Attributes()["subject_dn"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSCertificateCertificate_additionalObjects(data *certificateCertificate_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSClientClientApplication(data *clientClientApplicationDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.ClientClientApplicationPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.ClientID = obj.Attributes()["client_id"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.Scopes = obj.Attributes()["scopes"].(basetypes.ListValue)
+	data.SsoApplication = obj.Attributes()["sso_application"].(basetypes.BoolValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Groupclients = obj.Attributes()["groupclients"].(basetypes.ListValue)
+	data.Groups = obj.Attributes()["groups"].(basetypes.ListValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+	data.Tile = obj.Attributes()["tile"].(basetypes.ObjectValue)
+	data.VaultRecordCount = obj.Attributes()["vault_record_count"].(basetypes.Int64Value)
+	data.LastModifiedAt = obj.Attributes()["last_modified_at"].(basetypes.StringValue)
+	data.Owner = obj.Attributes()["owner"].(basetypes.ObjectValue)
+	data.TechnicalAdministrator = obj.Attributes()["technical_administrator"].(basetypes.ObjectValue)
+	data.LDAPClient = obj.Attributes()["ldap_client"].(basetypes.ObjectValue)
+	data.OAuth2Client = obj.Attributes()["o_auth2_client"].(basetypes.ObjectValue)
+	data.Saml2Client = obj.Attributes()["saml2_client"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSClientClientApplicationLinkableWrapper(data *clientClientApplicationLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSClientClientApplicationPrimer(data *clientClientApplicationPrimerDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.ClientClientApplicationPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.ClientID = obj.Attributes()["client_id"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.Scopes = obj.Attributes()["scopes"].(basetypes.ListValue)
+	data.SsoApplication = obj.Attributes()["sso_application"].(basetypes.BoolValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSClientClientApplication_additionalObjects(data *clientClientApplication_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Groupclients = obj.Attributes()["groupclients"].(basetypes.ListValue)
+	data.Groups = obj.Attributes()["groups"].(basetypes.ListValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+	data.Tile = obj.Attributes()["tile"].(basetypes.ObjectValue)
+	data.VaultRecordCount = obj.Attributes()["vault_record_count"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectDSClientLdapClient(data *clientLdapClientDataDS, obj types.Object) {
+	data.BindDN = obj.Attributes()["bind_dn"].(basetypes.StringValue)
+	data.ClientCertificate = obj.Attributes()["client_certificate"].(basetypes.ObjectValue)
+	data.ShareSecretInVault = obj.Attributes()["share_secret_in_vault"].(basetypes.BoolValue)
+	data.SharedSecret = obj.Attributes()["shared_secret"].(basetypes.ObjectValue)
+	data.UsedForProvisioning = obj.Attributes()["used_for_provisioning"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectDSClientOAuth2Client(data *clientOAuth2ClientDataDS, obj types.Object) {
+	data.AccountPermissions = obj.Attributes()["account_permissions"].(basetypes.ListValue)
+	data.Attributes = obj.Attributes()["attributes"].(basetypes.MapValue)
+	data.CallbackURI = obj.Attributes()["callback_uri"].(basetypes.StringValue)
+	data.Confidential = obj.Attributes()["confidential"].(basetypes.BoolValue)
+	data.DebugMode = obj.Attributes()["debug_mode"].(basetypes.BoolValue)
+	data.IDTokenClaims = obj.Attributes()["id_token_claims"].(basetypes.StringValue)
+	data.InitiateLoginURI = obj.Attributes()["initiate_login_uri"].(basetypes.StringValue)
+	data.ResourceURIs = obj.Attributes()["resource_uris"].(basetypes.StringValue)
+	data.ShareSecretInVault = obj.Attributes()["share_secret_in_vault"].(basetypes.BoolValue)
+	data.SharedSecret = obj.Attributes()["shared_secret"].(basetypes.ObjectValue)
+	data.ShowLandingPage = obj.Attributes()["show_landing_page"].(basetypes.BoolValue)
+	data.UseClientCredentials = obj.Attributes()["use_client_credentials"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectDSClientOAuth2ClientPermission(data *clientOAuth2ClientPermissionDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.ForGroup = obj.Attributes()["for_group"].(basetypes.ObjectValue)
+	data.ForSystem = obj.Attributes()["for_system"].(basetypes.ObjectValue)
+	data.Value = obj.Attributes()["value"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSClientOAuth2ClientPermissionWithClient(data *clientOAuth2ClientPermissionWithClientDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.ForGroup = obj.Attributes()["for_group"].(basetypes.ObjectValue)
+	data.ForSystem = obj.Attributes()["for_system"].(basetypes.ObjectValue)
+	data.Value = obj.Attributes()["value"].(basetypes.StringValue)
+	data.Client = obj.Attributes()["client"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSClientOAuth2ClientPermissionWithClientLinkableWrapper(data *clientOAuth2ClientPermissionWithClientLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSClientOAuth2ClientPermission_additionalObjects(data *clientOAuth2ClientPermission_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSClientSaml2Client(data *clientSaml2ClientDataDS, obj types.Object) {
+	data.Attributes = obj.Attributes()["attributes"].(basetypes.MapValue)
+	data.Metadata = obj.Attributes()["metadata"].(basetypes.StringValue)
+	data.MetadataURL = obj.Attributes()["metadata_url"].(basetypes.StringValue)
+	data.SubjectFormat = obj.Attributes()["subject_format"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSDirectoryAccountDirectory(data *directoryAccountDirectoryDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.AccountValiditySupported = obj.Attributes()["account_validity_supported"].(basetypes.BoolValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.DirectoryAccountDirectoryPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Markers = obj.Attributes()["markers"].(basetypes.ObjectValue)
+	data.Status = obj.Attributes()["status"].(basetypes.ObjectValue)
+	data.BaseOrganizationalUnit = obj.Attributes()["base_organizational_unit"].(basetypes.ObjectValue)
+	data.DefaultDirectory = obj.Attributes()["default_directory"].(basetypes.BoolValue)
+	data.HelpdeskGroup = obj.Attributes()["helpdesk_group"].(basetypes.ObjectValue)
+	data.Restrict2fa = obj.Attributes()["restrict2fa"].(basetypes.BoolValue)
+	data.RotatingPassword = obj.Attributes()["rotating_password"].(basetypes.StringValue)
+	data.UsernameCustomizable = obj.Attributes()["username_customizable"].(basetypes.BoolValue)
+	data.InternalDirectory = obj.Attributes()["internal_directory"].(basetypes.ObjectValue)
+	data.LDAPDirectory = obj.Attributes()["l_d_a_p_directory"].(basetypes.ObjectValue)
+	data.MaintenanceDirectory = obj.Attributes()["maintenance_directory"].(basetypes.ObjectValue)
+	data.OIDCDirectory = obj.Attributes()["o_id_c_directory"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSDirectoryAccountDirectoryLinkableWrapper(data *directoryAccountDirectoryLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSDirectoryAccountDirectoryPrimer(data *directoryAccountDirectoryPrimerDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.AccountValiditySupported = obj.Attributes()["account_validity_supported"].(basetypes.BoolValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.DirectoryAccountDirectoryPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSDirectoryAccountDirectoryStatusReport(data *directoryAccountDirectoryStatusReportDataDS, obj types.Object) {
+	data.Accounts = obj.Attributes()["accounts"].(basetypes.Int64Value)
+	data.Reason = obj.Attributes()["reason"].(basetypes.StringValue)
+	data.Status = obj.Attributes()["status"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSDirectoryAccountDirectorySummary(data *directoryAccountDirectorySummaryDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DirectoryAccountDirectorySummaryType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.DomainRestriction = obj.Attributes()["domain_restriction"].(basetypes.StringValue)
+	data.FullyResolvedIssuer = obj.Attributes()["fully_resolved_issuer"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.Status = obj.Attributes()["status"].(basetypes.ObjectValue)
+	data.UsernameCustomizable = obj.Attributes()["username_customizable"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectDSDirectoryAccountDirectorySummaryLinkableWrapper(data *directoryAccountDirectorySummaryLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSDirectoryAccountDirectory_additionalObjects(data *directoryAccountDirectory_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Markers = obj.Attributes()["markers"].(basetypes.ObjectValue)
+	data.Status = obj.Attributes()["status"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSDirectoryInternalDirectory(data *directoryInternalDirectoryDataDS, obj types.Object) {
+	data.Owner = obj.Attributes()["owner"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSDirectoryLDAPDirectory(data *directoryLDAPDirectoryDataDS, obj types.Object) {
+	data.AttributesToStore = obj.Attributes()["attributes_to_store"].(basetypes.StringValue)
+	data.BaseDN = obj.Attributes()["base_dn"].(basetypes.StringValue)
+	data.ClientCertificate = obj.Attributes()["client_certificate"].(basetypes.ObjectValue)
+	data.Dialect = obj.Attributes()["dialect"].(basetypes.StringValue)
+	data.FailoverHost = obj.Attributes()["failover_host"].(basetypes.StringValue)
+	data.FailoverTrustedCertificate = obj.Attributes()["failover_trusted_certificate"].(basetypes.ObjectValue)
+	data.Host = obj.Attributes()["host"].(basetypes.StringValue)
+	data.PasswordRecovery = obj.Attributes()["password_recovery"].(basetypes.StringValue)
+	data.Port = obj.Attributes()["port"].(basetypes.Int64Value)
+	data.SearchBindDN = obj.Attributes()["search_bind_dn"].(basetypes.StringValue)
+	data.SearchBindPassword = obj.Attributes()["search_bind_password"].(basetypes.StringValue)
+	data.SearchFilter = obj.Attributes()["search_filter"].(basetypes.StringValue)
+	data.TLS = obj.Attributes()["tls"].(basetypes.StringValue)
+	data.TrustedCertificate = obj.Attributes()["trusted_certificate"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSDirectoryMaintenanceDirectory(data *directoryMaintenanceDirectoryDataDS, obj types.Object) {
+}
+
+func fillDataStructFromTFObjectDSDirectoryOIDCDirectory(data *directoryOIDCDirectoryDataDS, obj types.Object) {
+	data.AcrValues = obj.Attributes()["acr_values"].(basetypes.StringValue)
+	data.AttributesToStore = obj.Attributes()["attributes_to_store"].(basetypes.StringValue)
+	data.ClientID = obj.Attributes()["client_id"].(basetypes.StringValue)
+	data.ClientSecret = obj.Attributes()["client_secret"].(basetypes.StringValue)
+	data.DomainRestriction = obj.Attributes()["domain_restriction"].(basetypes.StringValue)
+	data.Enforces2fa = obj.Attributes()["enforces2fa"].(basetypes.BoolValue)
+	data.FullyResolvedIssuer = obj.Attributes()["fully_resolved_issuer"].(basetypes.StringValue)
+	data.Issuer = obj.Attributes()["issuer"].(basetypes.StringValue)
+	data.LogoutURL = obj.Attributes()["logout_url"].(basetypes.StringValue)
+	data.SendLoginHint = obj.Attributes()["send_login_hint"].(basetypes.BoolValue)
+	data.VendorEscaped = obj.Attributes()["vendor_escaped"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSGroupAccountGroup(data *groupAccountGroupDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Admin = obj.Attributes()["admin"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Vault = obj.Attributes()["vault"].(basetypes.ObjectValue)
+	data.EndDate = obj.Attributes()["end_date"].(basetypes.StringValue)
+	data.Folder = obj.Attributes()["folder"].(basetypes.ObjectValue)
+	data.LastUsed = obj.Attributes()["last_used"].(basetypes.StringValue)
+	data.ProvisioningEndTime = obj.Attributes()["provisioning_end_time"].(basetypes.StringValue)
+	data.Rights = obj.Attributes()["rights"].(basetypes.StringValue)
+	data.VisibleForProvisioning = obj.Attributes()["visible_for_provisioning"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectDSGroupAccountGroupLinkableWrapper(data *groupAccountGroupLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSGroupAccountGroup_additionalObjects(data *groupAccountGroup_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Vault = obj.Attributes()["vault"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSGroupAuthorizedGroupsWrapper(data *groupAuthorizedGroupsWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+	data.GroupCount = obj.Attributes()["group_count"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectDSGroupGroup(data *groupGroupDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Admin = obj.Attributes()["admin"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Accounts = obj.Attributes()["accounts"].(basetypes.ListValue)
+	data.AdministeredClients = obj.Attributes()["administered_clients"].(basetypes.ListValue)
+	data.AdministeredSystems = obj.Attributes()["administered_systems"].(basetypes.ListValue)
+	data.Admins = obj.Attributes()["admins"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.AuthorizedGroups = obj.Attributes()["authorized_groups"].(basetypes.ObjectValue)
+	data.ClientPermissions = obj.Attributes()["client_permissions"].(basetypes.ListValue)
+	data.Clients = obj.Attributes()["clients"].(basetypes.ListValue)
+	data.ContentAdministeredSystems = obj.Attributes()["content_administered_systems"].(basetypes.ListValue)
+	data.Groupauditinginfo = obj.Attributes()["groupauditinginfo"].(basetypes.ObjectValue)
+	data.Groupinfo = obj.Attributes()["groupinfo"].(basetypes.ObjectValue)
+	data.Helpdesk = obj.Attributes()["helpdesk"].(basetypes.ListValue)
+	data.Markers = obj.Attributes()["markers"].(basetypes.ObjectValue)
+	data.Myaccount = obj.Attributes()["myaccount"].(basetypes.ObjectValue)
+	data.Mydelegatedaccount = obj.Attributes()["mydelegatedaccount"].(basetypes.ObjectValue)
+	data.NestedGroups = obj.Attributes()["nested_groups"].(basetypes.ListValue)
+	data.OwnedClients = obj.Attributes()["owned_clients"].(basetypes.ListValue)
+	data.OwnedDirectories = obj.Attributes()["owned_directories"].(basetypes.ListValue)
+	data.OwnedGroupsOnSystem = obj.Attributes()["owned_groups_on_system"].(basetypes.ObjectValue)
+	data.OwnedOrganizationalUnits = obj.Attributes()["owned_organizational_units"].(basetypes.ListValue)
+	data.OwnedSystems = obj.Attributes()["owned_systems"].(basetypes.ListValue)
+	data.RecentAudits = obj.Attributes()["recent_audits"].(basetypes.ListValue)
+	data.Requeststatus = obj.Attributes()["requeststatus"].(basetypes.StringValue)
+	data.ServiceAccounts = obj.Attributes()["service_accounts"].(basetypes.ListValue)
+	data.Systems = obj.Attributes()["systems"].(basetypes.ListValue)
+	data.Vault = obj.Attributes()["vault"].(basetypes.ObjectValue)
+	data.Webhooks = obj.Attributes()["webhooks"].(basetypes.ListValue)
+	data.ApplicationAdministration = obj.Attributes()["application_administration"].(basetypes.BoolValue)
+	data.AuditConfig = obj.Attributes()["audit_config"].(basetypes.ObjectValue)
+	data.AuditRequested = obj.Attributes()["audit_requested"].(basetypes.BoolValue)
+	data.Auditor = obj.Attributes()["auditor"].(basetypes.BoolValue)
+	data.AuthorizingGroupAuditing = obj.Attributes()["authorizing_group_auditing"].(basetypes.ObjectValue)
+	data.AuthorizingGroupDelegation = obj.Attributes()["authorizing_group_delegation"].(basetypes.ObjectValue)
+	data.AuthorizingGroupMembership = obj.Attributes()["authorizing_group_membership"].(basetypes.ObjectValue)
+	data.AuthorizingGroupProvisioning = obj.Attributes()["authorizing_group_provisioning"].(basetypes.ObjectValue)
+	data.AuthorizingGroupTypes = obj.Attributes()["authorizing_group_types"].(basetypes.ListValue)
+	data.Classification = obj.Attributes()["classification"].(basetypes.ObjectValue)
+	data.Description = obj.Attributes()["description"].(basetypes.StringValue)
+	data.ExtendedAccess = obj.Attributes()["extended_access"].(basetypes.StringValue)
+	data.HideAuditTrail = obj.Attributes()["hide_audit_trail"].(basetypes.BoolValue)
+	data.NestedUnder = obj.Attributes()["nested_under"].(basetypes.ObjectValue)
+	data.OrganizationalUnit = obj.Attributes()["organizational_unit"].(basetypes.ObjectValue)
+	data.PrivateGroup = obj.Attributes()["private_group"].(basetypes.BoolValue)
+	data.RecordTrail = obj.Attributes()["record_trail"].(basetypes.BoolValue)
+	data.RotatingPasswordRequired = obj.Attributes()["rotating_password_required"].(basetypes.BoolValue)
+	data.SingleManaged = obj.Attributes()["single_managed"].(basetypes.BoolValue)
+	data.VaultRecovery = obj.Attributes()["vault_recovery"].(basetypes.StringValue)
+	data.VaultRequiresActivation = obj.Attributes()["vault_requires_activation"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupAccount(data *groupGroupAccountDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.LastActive = obj.Attributes()["last_active"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Validity = obj.Attributes()["validity"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Directory = obj.Attributes()["directory"].(basetypes.ObjectValue)
+	data.DisconnectedNested = obj.Attributes()["disconnected_nested"].(basetypes.BoolValue)
+	data.EndDate = obj.Attributes()["end_date"].(basetypes.StringValue)
+	data.LastUsed = obj.Attributes()["last_used"].(basetypes.StringValue)
+	data.Nested = obj.Attributes()["nested"].(basetypes.BoolValue)
+	data.ProvisioningEndTime = obj.Attributes()["provisioning_end_time"].(basetypes.StringValue)
+	data.Rights = obj.Attributes()["rights"].(basetypes.StringValue)
+	data.TwoFactorStatus = obj.Attributes()["two_factor_status"].(basetypes.StringValue)
+	data.VisibleForProvisioning = obj.Attributes()["visible_for_provisioning"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupAccountLinkableWrapper(data *groupGroupAccountLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupAccount_additionalObjects(data *groupGroupAccount_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupAudit(data *groupGroupAuditDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Accounts = obj.Attributes()["accounts"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Comment = obj.Attributes()["comment"].(basetypes.StringValue)
+	data.CreatedAt = obj.Attributes()["created_at"].(basetypes.StringValue)
+	data.CreatedBy = obj.Attributes()["created_by"].(basetypes.StringValue)
+	data.GroupName = obj.Attributes()["group_name"].(basetypes.StringValue)
+	data.NameOnAudit = obj.Attributes()["name_on_audit"].(basetypes.StringValue)
+	data.ReviewedAt = obj.Attributes()["reviewed_at"].(basetypes.StringValue)
+	data.ReviewedBy = obj.Attributes()["reviewed_by"].(basetypes.StringValue)
+	data.Status = obj.Attributes()["status"].(basetypes.StringValue)
+	data.SubmittedAt = obj.Attributes()["submitted_at"].(basetypes.StringValue)
+	data.SubmittedBy = obj.Attributes()["submitted_by"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupAuditAccount(data *groupGroupAuditAccountDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.AccountUUID = obj.Attributes()["account_uuid"].(basetypes.StringValue)
+	data.AccountValid = obj.Attributes()["account_valid"].(basetypes.BoolValue)
+	data.Action = obj.Attributes()["action"].(basetypes.StringValue)
+	data.Comment = obj.Attributes()["comment"].(basetypes.StringValue)
+	data.DisconnectedNested = obj.Attributes()["disconnected_nested"].(basetypes.BoolValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.EndDate = obj.Attributes()["end_date"].(basetypes.StringValue)
+	data.LastActive = obj.Attributes()["last_active"].(basetypes.StringValue)
+	data.LastUsed = obj.Attributes()["last_used"].(basetypes.StringValue)
+	data.Nested = obj.Attributes()["nested"].(basetypes.BoolValue)
+	data.Rights = obj.Attributes()["rights"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupAuditConfig(data *groupGroupAuditConfigDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Months = obj.Attributes()["months"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupAuditLinkableWrapper(data *groupGroupAuditLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupAudit_additionalObjects(data *groupGroupAudit_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupAuditingInfo(data *groupGroupAuditingInfoDataDS, obj types.Object) {
+	data.AuditDueDate = obj.Attributes()["audit_due_date"].(basetypes.StringValue)
+	data.LastAuditDate = obj.Attributes()["last_audit_date"].(basetypes.StringValue)
+	data.NrAccounts = obj.Attributes()["nr_accounts"].(basetypes.Int64Value)
+	data.NrDisabledAccounts = obj.Attributes()["nr_disabled_accounts"].(basetypes.Int64Value)
+	data.NrDisabledManagers = obj.Attributes()["nr_disabled_managers"].(basetypes.Int64Value)
+	data.NrExpiredVaultRecords = obj.Attributes()["nr_expired_vault_records"].(basetypes.Int64Value)
+	data.NrManagers = obj.Attributes()["nr_managers"].(basetypes.Int64Value)
+	data.NrVaultRecordsWithEndDate = obj.Attributes()["nr_vault_records_with_end_date"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupClassification(data *groupGroupClassificationDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Info = obj.Attributes()["info"].(basetypes.ObjectValue)
+	data.AuthorizingGroupAuditingRequired = obj.Attributes()["authorizing_group_auditing_required"].(basetypes.BoolValue)
+	data.AuthorizingGroupDelegationRequired = obj.Attributes()["authorizing_group_delegation_required"].(basetypes.BoolValue)
+	data.AuthorizingGroupMembershipRequired = obj.Attributes()["authorizing_group_membership_required"].(basetypes.BoolValue)
+	data.AuthorizingGroupProvisioningRequired = obj.Attributes()["authorizing_group_provisioning_required"].(basetypes.BoolValue)
+	data.DefaultClassification = obj.Attributes()["default_classification"].(basetypes.BoolValue)
+	data.Description = obj.Attributes()["description"].(basetypes.StringValue)
+	data.MaximumAuditInterval = obj.Attributes()["maximum_audit_interval"].(basetypes.Int64Value)
+	data.MinimumNrManagers = obj.Attributes()["minimum_nr_managers"].(basetypes.Int64Value)
+	data.RecordTrailRequired = obj.Attributes()["record_trail_required"].(basetypes.BoolValue)
+	data.RequiredMonths = obj.Attributes()["required_months"].(basetypes.ListValue)
+	data.RotatingPasswordRequired = obj.Attributes()["rotating_password_required"].(basetypes.BoolValue)
+	data.VaultRequiresActivation = obj.Attributes()["vault_requires_activation"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupClassificationInfo(data *groupGroupClassificationInfoDataDS, obj types.Object) {
+	data.NrGroups = obj.Attributes()["nr_groups"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupClassificationPrimer(data *groupGroupClassificationPrimerDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupClassification_additionalObjects(data *groupGroupClassification_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Info = obj.Attributes()["info"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupClient(data *groupGroupClientDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.ActivationRequired = obj.Attributes()["activation_required"].(basetypes.BoolValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Client = obj.Attributes()["client"].(basetypes.ObjectValue)
+	data.Group = obj.Attributes()["group"].(basetypes.ObjectValue)
+	data.Owner = obj.Attributes()["owner"].(basetypes.ObjectValue)
+	data.TechnicalAdministrator = obj.Attributes()["technical_administrator"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupClientLinkableWrapper(data *groupGroupClientLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupClient_additionalObjects(data *groupGroupClient_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupFolder(data *groupGroupFolderDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupFolder_additionalObjects(data *groupGroupFolder_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupInfo(data *groupGroupInfoDataDS, obj types.Object) {
+	data.NrAccounts = obj.Attributes()["nr_accounts"].(basetypes.Int64Value)
+	data.NrAccountsWithVault = obj.Attributes()["nr_accounts_with_vault"].(basetypes.Int64Value)
+	data.NrAudits = obj.Attributes()["nr_audits"].(basetypes.Int64Value)
+	data.NrClients = obj.Attributes()["nr_clients"].(basetypes.Int64Value)
+	data.NrProvisionedSystems = obj.Attributes()["nr_provisioned_systems"].(basetypes.Int64Value)
+	data.NrVaultRecords = obj.Attributes()["nr_vault_records"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupLinkableWrapper(data *groupGroupLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupPrimer(data *groupGroupPrimerDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Admin = obj.Attributes()["admin"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroupPrimerLinkableWrapper(data *groupGroupPrimerLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSGroupGroup_additionalObjects(data *groupGroup_additionalObjectsDataDS, obj types.Object) {
+	data.Accounts = obj.Attributes()["accounts"].(basetypes.ListValue)
+	data.AdministeredClients = obj.Attributes()["administered_clients"].(basetypes.ListValue)
+	data.AdministeredSystems = obj.Attributes()["administered_systems"].(basetypes.ListValue)
+	data.Admins = obj.Attributes()["admins"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.AuthorizedGroups = obj.Attributes()["authorized_groups"].(basetypes.ObjectValue)
+	data.ClientPermissions = obj.Attributes()["client_permissions"].(basetypes.ListValue)
+	data.Clients = obj.Attributes()["clients"].(basetypes.ListValue)
+	data.ContentAdministeredSystems = obj.Attributes()["content_administered_systems"].(basetypes.ListValue)
+	data.Groupauditinginfo = obj.Attributes()["groupauditinginfo"].(basetypes.ObjectValue)
+	data.Groupinfo = obj.Attributes()["groupinfo"].(basetypes.ObjectValue)
+	data.Helpdesk = obj.Attributes()["helpdesk"].(basetypes.ListValue)
+	data.Markers = obj.Attributes()["markers"].(basetypes.ObjectValue)
+	data.Myaccount = obj.Attributes()["myaccount"].(basetypes.ObjectValue)
+	data.Mydelegatedaccount = obj.Attributes()["mydelegatedaccount"].(basetypes.ObjectValue)
+	data.NestedGroups = obj.Attributes()["nested_groups"].(basetypes.ListValue)
+	data.OwnedClients = obj.Attributes()["owned_clients"].(basetypes.ListValue)
+	data.OwnedDirectories = obj.Attributes()["owned_directories"].(basetypes.ListValue)
+	data.OwnedGroupsOnSystem = obj.Attributes()["owned_groups_on_system"].(basetypes.ObjectValue)
+	data.OwnedOrganizationalUnits = obj.Attributes()["owned_organizational_units"].(basetypes.ListValue)
+	data.OwnedSystems = obj.Attributes()["owned_systems"].(basetypes.ListValue)
+	data.RecentAudits = obj.Attributes()["recent_audits"].(basetypes.ListValue)
+	data.Requeststatus = obj.Attributes()["requeststatus"].(basetypes.StringValue)
+	data.ServiceAccounts = obj.Attributes()["service_accounts"].(basetypes.ListValue)
+	data.Systems = obj.Attributes()["systems"].(basetypes.ListValue)
+	data.Vault = obj.Attributes()["vault"].(basetypes.ObjectValue)
+	data.Webhooks = obj.Attributes()["webhooks"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSGroupProvisioningGroup(data *groupProvisioningGroupDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.ActivationRequired = obj.Attributes()["activation_required"].(basetypes.BoolValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Group = obj.Attributes()["group"].(basetypes.ObjectValue)
+	data.GroupOnSystem = obj.Attributes()["group_on_system"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSGroupProvisioningGroupLinkableWrapper(data *groupProvisioningGroupLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSGroupProvisioningGroup_additionalObjects(data *groupProvisioningGroup_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSLaunchpadSsoApplicationLaunchpadTile(data *launchpadSsoApplicationLaunchpadTileDataDS, obj types.Object) {
+	data.URI = obj.Attributes()["uri"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSLaunchpadVaultRecordLaunchpadTile(data *launchpadVaultRecordLaunchpadTileDataDS, obj types.Object) {
+}
+
+func fillDataStructFromTFObjectDSMarkItemMarker(data *markItemMarkerDataDS, obj types.Object) {
+	data.Level = obj.Attributes()["level"].(basetypes.StringValue)
+	data.MarkItemMarkerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.Parameters = obj.Attributes()["parameters"].(basetypes.MapValue)
+}
+
+func fillDataStructFromTFObjectDSMarkItemMarkers(data *markItemMarkersDataDS, obj types.Object) {
+	data.Markers = obj.Attributes()["markers"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSOrganizationOrganizationalUnit(data *organizationOrganizationalUnitDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Depth = obj.Attributes()["depth"].(basetypes.Int64Value)
+	data.Description = obj.Attributes()["description"].(basetypes.StringValue)
+	data.Owner = obj.Attributes()["owner"].(basetypes.ObjectValue)
+	data.Parent = obj.Attributes()["parent"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSOrganizationOrganizationalUnitLinkableWrapper(data *organizationOrganizationalUnitLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSOrganizationOrganizationalUnitPrimer(data *organizationOrganizationalUnitPrimerDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSOrganizationOrganizationalUnit_additionalObjects(data *organizationOrganizationalUnit_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningAbstractProvisionedLDAP(data *provisioningAbstractProvisionedLDAPDataDS, obj types.Object) {
+	data.Attributes = obj.Attributes()["attributes"].(basetypes.MapValue)
+	data.BaseDN = obj.Attributes()["base_dn"].(basetypes.StringValue)
+	data.BindDN = obj.Attributes()["bind_dn"].(basetypes.StringValue)
+	data.BindPassword = obj.Attributes()["bind_password"].(basetypes.StringValue)
+	data.ClientCertificate = obj.Attributes()["client_certificate"].(basetypes.ObjectValue)
+	data.FailoverHost = obj.Attributes()["failover_host"].(basetypes.StringValue)
+	data.FailoverTrustedCertificate = obj.Attributes()["failover_trusted_certificate"].(basetypes.ObjectValue)
+	data.GroupDN = obj.Attributes()["group_dn"].(basetypes.StringValue)
+	data.Host = obj.Attributes()["host"].(basetypes.StringValue)
+	data.ObjectClasses = obj.Attributes()["object_classes"].(basetypes.StringValue)
+	data.Port = obj.Attributes()["port"].(basetypes.Int64Value)
+	data.ServiceAccountDN = obj.Attributes()["service_account_dn"].(basetypes.StringValue)
+	data.SshPublicKeySupported = obj.Attributes()["ssh_public_key_supported"].(basetypes.BoolValue)
+	data.TLS = obj.Attributes()["tls"].(basetypes.StringValue)
+	data.TrustedCertificate = obj.Attributes()["trusted_certificate"].(basetypes.ObjectValue)
+	data.UserDN = obj.Attributes()["user_dn"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningCircuitBreakerStatistics(data *provisioningCircuitBreakerStatisticsDataDS, obj types.Object) {
+	data.NumberOfFailedCalls = obj.Attributes()["number_of_failed_calls"].(basetypes.Int64Value)
+	data.NumberOfNotPermittedCalls = obj.Attributes()["number_of_not_permitted_calls"].(basetypes.Int64Value)
+	data.NumberOfSuccessfulCalls = obj.Attributes()["number_of_successful_calls"].(basetypes.Int64Value)
+	data.State = obj.Attributes()["state"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningGroupOnSystem(data *provisioningGroupOnSystemDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.NameInSystem = obj.Attributes()["name_in_system"].(basetypes.StringValue)
+	data.ProvisioningGroupOnSystemPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.ShortNameInSystem = obj.Attributes()["short_name_in_system"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Provgroups = obj.Attributes()["provgroups"].(basetypes.ListValue)
+	data.ServiceAccounts = obj.Attributes()["service_accounts"].(basetypes.ListValue)
+	data.Owner = obj.Attributes()["owner"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningGroupOnSystemLinkableWrapper(data *provisioningGroupOnSystemLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningGroupOnSystemPrimer(data *provisioningGroupOnSystemPrimerDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.NameInSystem = obj.Attributes()["name_in_system"].(basetypes.StringValue)
+	data.ProvisioningGroupOnSystemPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.ShortNameInSystem = obj.Attributes()["short_name_in_system"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningGroupOnSystemTypes(data *provisioningGroupOnSystemTypesDataDS, obj types.Object) {
+	data.Types = obj.Attributes()["types"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningGroupOnSystem_additionalObjects(data *provisioningGroupOnSystem_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Provgroups = obj.Attributes()["provgroups"].(basetypes.ListValue)
+	data.ServiceAccounts = obj.Attributes()["service_accounts"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningOwnedGroupOnSystemsWrapper(data *provisioningOwnedGroupOnSystemsWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+	data.UnlinkedCount = obj.Attributes()["unlinked_count"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionNumberSequence(data *provisioningProvisionNumberSequenceDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.AccountCount = obj.Attributes()["account_count"].(basetypes.Int64Value)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Systems = obj.Attributes()["systems"].(basetypes.ListValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.NextUID = obj.Attributes()["next_uid"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionNumberSequence_additionalObjects(data *provisioningProvisionNumberSequence_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Systems = obj.Attributes()["systems"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedAD(data *provisioningProvisionedADDataDS, obj types.Object) {
+	data.SamAccountNameScheme = obj.Attributes()["sam_account_name_scheme"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedAccount(data *provisioningProvisionedAccountDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.LastActive = obj.Attributes()["last_active"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Validity = obj.Attributes()["validity"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.UID = obj.Attributes()["uid"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedAccount_additionalObjects(data *provisioningProvisionedAccount_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedAzureOIDCDirectory(data *provisioningProvisionedAzureOIDCDirectoryDataDS, obj types.Object) {
+	data.Directory = obj.Attributes()["directory"].(basetypes.ObjectValue)
+	data.Tenant = obj.Attributes()["tenant"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedAzureSyncLDAPDirectory(data *provisioningProvisionedAzureSyncLDAPDirectoryDataDS, obj types.Object) {
+	data.ClientID = obj.Attributes()["client_id"].(basetypes.StringValue)
+	data.ClientSecret = obj.Attributes()["client_secret"].(basetypes.StringValue)
+	data.Directory = obj.Attributes()["directory"].(basetypes.ObjectValue)
+	data.Tenant = obj.Attributes()["tenant"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedAzureTenant(data *provisioningProvisionedAzureTenantDataDS, obj types.Object) {
+	data.ClientID = obj.Attributes()["client_id"].(basetypes.StringValue)
+	data.ClientSecret = obj.Attributes()["client_secret"].(basetypes.StringValue)
+	data.IDpDomain = obj.Attributes()["idp_domain"].(basetypes.StringValue)
+	data.Tenant = obj.Attributes()["tenant"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedInternalLDAP(data *provisioningProvisionedInternalLDAPDataDS, obj types.Object) {
+	data.Client = obj.Attributes()["client"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedLDAP(data *provisioningProvisionedLDAPDataDS, obj types.Object) {
+	data.Gid = obj.Attributes()["gid"].(basetypes.Int64Value)
+	data.HashingScheme = obj.Attributes()["hashing_scheme"].(basetypes.StringValue)
+	data.Numbering = obj.Attributes()["numbering"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedLDAPDirectory(data *provisioningProvisionedLDAPDirectoryDataDS, obj types.Object) {
+	data.Directory = obj.Attributes()["directory"].(basetypes.ObjectValue)
+	data.GroupDN = obj.Attributes()["group_dn"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedSystem(data *provisioningProvisionedSystemDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.OrganizationalUnit = obj.Attributes()["organizational_unit"].(basetypes.ObjectValue)
+	data.ProvisioningProvisionedSystemPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.AccountCount = obj.Attributes()["account_count"].(basetypes.Int64Value)
+	data.Account = obj.Attributes()["account"].(basetypes.ObjectValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.IssuedPermissions = obj.Attributes()["issued_permissions"].(basetypes.ListValue)
+	data.LoginName = obj.Attributes()["login_name"].(basetypes.StringValue)
+	data.ManagementPermissions = obj.Attributes()["management_permissions"].(basetypes.ObjectValue)
+	data.Markers = obj.Attributes()["markers"].(basetypes.ObjectValue)
+	data.Statistics = obj.Attributes()["statistics"].(basetypes.ObjectValue)
+	data.SupportedGroupTypes = obj.Attributes()["supported_group_types"].(basetypes.ObjectValue)
+	data.ContentAdministrator = obj.Attributes()["content_administrator"].(basetypes.ObjectValue)
+	data.ExternalUUID = obj.Attributes()["external_uuid"].(basetypes.StringValue)
+	data.Owner = obj.Attributes()["owner"].(basetypes.ObjectValue)
+	data.SelfServiceExistingGroups = obj.Attributes()["self_service_existing_groups"].(basetypes.BoolValue)
+	data.SelfServiceNewGroups = obj.Attributes()["self_service_new_groups"].(basetypes.BoolValue)
+	data.SelfServiceServiceAccounts = obj.Attributes()["self_service_service_accounts"].(basetypes.BoolValue)
+	data.ShouldDestroyUnknownAccounts = obj.Attributes()["should_destroy_unknown_accounts"].(basetypes.BoolValue)
+	data.TechnicalAdministrator = obj.Attributes()["technical_administrator"].(basetypes.ObjectValue)
+	data.UsernamePrefix = obj.Attributes()["username_prefix"].(basetypes.StringValue)
+	data.AbstractProvisionedLDAP = obj.Attributes()["abstract_provisioned_ldap"].(basetypes.ObjectValue)
+	data.ProvisionedAD = obj.Attributes()["provisioned_a_d"].(basetypes.ObjectValue)
+	data.ProvisionedAzureOIDCDirectory = obj.Attributes()["provisioned_azure_oidc_directory"].(basetypes.ObjectValue)
+	data.ProvisionedAzureSyncLDAPDirectory = obj.Attributes()["provisioned_azure_sync_ldap_directory"].(basetypes.ObjectValue)
+	data.ProvisionedAzureTenant = obj.Attributes()["provisioned_azure_tenant"].(basetypes.ObjectValue)
+	data.ProvisionedInternalLDAP = obj.Attributes()["provisioned_internal_ldap"].(basetypes.ObjectValue)
+	data.ProvisionedLDAP = obj.Attributes()["provisioned_ldap"].(basetypes.ObjectValue)
+	data.ProvisionedLDAPDirectory = obj.Attributes()["provisioned_ldap_directory"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedSystemLinkableWrapper(data *provisioningProvisionedSystemLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedSystemPrimer(data *provisioningProvisionedSystemPrimerDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.OrganizationalUnit = obj.Attributes()["organizational_unit"].(basetypes.ObjectValue)
+	data.ProvisioningProvisionedSystemPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedSystemPrimerLinkableWrapper(data *provisioningProvisionedSystemPrimerLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisionedSystem_additionalObjects(data *provisioningProvisionedSystem_additionalObjectsDataDS, obj types.Object) {
+	data.Account = obj.Attributes()["account"].(basetypes.ObjectValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.IssuedPermissions = obj.Attributes()["issued_permissions"].(basetypes.ListValue)
+	data.LoginName = obj.Attributes()["login_name"].(basetypes.StringValue)
+	data.ManagementPermissions = obj.Attributes()["management_permissions"].(basetypes.ObjectValue)
+	data.Markers = obj.Attributes()["markers"].(basetypes.ObjectValue)
+	data.Statistics = obj.Attributes()["statistics"].(basetypes.ObjectValue)
+	data.SupportedGroupTypes = obj.Attributes()["supported_group_types"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSProvisioningProvisioningManagementPermissions(data *provisioningProvisioningManagementPermissionsDataDS, obj types.Object) {
+	data.CreateNewGroupsAllowed = obj.Attributes()["create_new_groups_allowed"].(basetypes.BoolValue)
+	data.CreateServiceAccountsAllowed = obj.Attributes()["create_service_accounts_allowed"].(basetypes.BoolValue)
+	data.ReuseExistingGroupsAllowed = obj.Attributes()["reuse_existing_groups_allowed"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectDSServiceaccountServiceAccount(data *serviceaccountServiceAccountDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.System = obj.Attributes()["system"].(basetypes.ObjectValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Groups = obj.Attributes()["groups"].(basetypes.ListValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+	data.Description = obj.Attributes()["description"].(basetypes.StringValue)
+	data.Password = obj.Attributes()["password"].(basetypes.ObjectValue)
+	data.PasswordRotation = obj.Attributes()["password_rotation"].(basetypes.StringValue)
+	data.TechnicalAdministrator = obj.Attributes()["technical_administrator"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSServiceaccountServiceAccountGroup(data *serviceaccountServiceAccountGroupDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.NameInSystem = obj.Attributes()["name_in_system"].(basetypes.StringValue)
+	data.ProvisioningGroupOnSystemPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.ShortNameInSystem = obj.Attributes()["short_name_in_system"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSServiceaccountServiceAccountGroupLinkableWrapper(data *serviceaccountServiceAccountGroupLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSServiceaccountServiceAccountGroup_additionalObjects(data *serviceaccountServiceAccountGroup_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSServiceaccountServiceAccountLinkableWrapper(data *serviceaccountServiceAccountLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSServiceaccountServiceAccountPrimer(data *serviceaccountServiceAccountPrimerDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.System = obj.Attributes()["system"].(basetypes.ObjectValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSServiceaccountServiceAccountPrimerLinkableWrapper(data *serviceaccountServiceAccountPrimerLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSServiceaccountServiceAccount_additionalObjects(data *serviceaccountServiceAccount_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Groups = obj.Attributes()["groups"].(basetypes.ListValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSVaultPasswordMetadata(data *vaultPasswordMetadataDataDS, obj types.Object) {
+	data.Dictionary = obj.Attributes()["dictionary"].(basetypes.BoolValue)
+	data.Duplicate = obj.Attributes()["duplicate"].(basetypes.BoolValue)
+	data.Hash = obj.Attributes()["hash"].(basetypes.StringValue)
+	data.Length = obj.Attributes()["length"].(basetypes.Int64Value)
+	data.LowerCount = obj.Attributes()["lower_count"].(basetypes.Int64Value)
+	data.NumberCount = obj.Attributes()["number_count"].(basetypes.Int64Value)
+	data.SpecialCount = obj.Attributes()["special_count"].(basetypes.Int64Value)
+	data.Strength = obj.Attributes()["strength"].(basetypes.Int64Value)
+	data.UpperCount = obj.Attributes()["upper_count"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectDSVaultVault(data *vaultVaultDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.AccessAvailable = obj.Attributes()["access_available"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.Records = obj.Attributes()["records"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSVaultVaultHolder(data *vaultVaultHolderDataDS, obj types.Object) {
+}
+
+func fillDataStructFromTFObjectDSVaultVaultRecord(data *vaultVaultRecordDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Color = obj.Attributes()["color"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.ShareEndTime = obj.Attributes()["share_end_time"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Parent = obj.Attributes()["parent"].(basetypes.ObjectValue)
+	data.PasswordMetadata = obj.Attributes()["password_metadata"].(basetypes.ObjectValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+	data.ShareSummary = obj.Attributes()["share_summary"].(basetypes.ObjectValue)
+	data.Shares = obj.Attributes()["shares"].(basetypes.ListValue)
+	data.Tile = obj.Attributes()["tile"].(basetypes.ObjectValue)
+	data.Vaultholder = obj.Attributes()["vaultholder"].(basetypes.ObjectValue)
+	data.Derived = obj.Attributes()["derived"].(basetypes.BoolValue)
+	data.EndDate = obj.Attributes()["end_date"].(basetypes.StringValue)
+	data.Filename = obj.Attributes()["filename"].(basetypes.StringValue)
+	data.Types = obj.Attributes()["types"].(basetypes.ListValue)
+	data.URL = obj.Attributes()["url"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.WarningPeriod = obj.Attributes()["warning_period"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSVaultVaultRecordPrimer(data *vaultVaultRecordPrimerDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Color = obj.Attributes()["color"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.ShareEndTime = obj.Attributes()["share_end_time"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSVaultVaultRecordPrimerLinkableWrapper(data *vaultVaultRecordPrimerLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSVaultVaultRecordSecrets(data *vaultVaultRecordSecretsDataDS, obj types.Object) {
+	data.Comment = obj.Attributes()["comment"].(basetypes.StringValue)
+	data.File = obj.Attributes()["file"].(basetypes.StringValue)
+	data.Password = obj.Attributes()["password"].(basetypes.StringValue)
+	data.Totp = obj.Attributes()["totp"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSVaultVaultRecordShare(data *vaultVaultRecordShareDataDS, obj types.Object) {
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.VaultVaultRecordShareType = obj.Attributes()["type"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectDSVaultVaultRecordShareSummary(data *vaultVaultRecordShareSummaryDataDS, obj types.Object) {
+	data.Children = obj.Attributes()["children"].(basetypes.ListValue)
+	data.Parent = obj.Attributes()["parent"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSVaultVaultRecord_additionalObjects(data *vaultVaultRecord_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Parent = obj.Attributes()["parent"].(basetypes.ObjectValue)
+	data.PasswordMetadata = obj.Attributes()["password_metadata"].(basetypes.ObjectValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+	data.ShareSummary = obj.Attributes()["share_summary"].(basetypes.ObjectValue)
+	data.Shares = obj.Attributes()["shares"].(basetypes.ListValue)
+	data.Tile = obj.Attributes()["tile"].(basetypes.ObjectValue)
+	data.Vaultholder = obj.Attributes()["vaultholder"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectDSWebhookWebhook(data *webhookWebhookDataDS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Additional = obj.Attributes()["additional"].(basetypes.ListValue)
+	data.Account = obj.Attributes()["account"].(basetypes.ObjectValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.AllTypes = obj.Attributes()["all_types"].(basetypes.BoolValue)
+	data.AuthenticationScheme = obj.Attributes()["authentication_scheme"].(basetypes.StringValue)
+	data.BasicAuthPassword = obj.Attributes()["basic_auth_password"].(basetypes.StringValue)
+	data.BasicAuthUsername = obj.Attributes()["basic_auth_username"].(basetypes.StringValue)
+	data.BearerToken = obj.Attributes()["bearer_token"].(basetypes.StringValue)
+	data.Client = obj.Attributes()["client"].(basetypes.ObjectValue)
+	data.ClientCertificate = obj.Attributes()["client_certificate"].(basetypes.ObjectValue)
+	data.CustomHeaderName = obj.Attributes()["custom_header_name"].(basetypes.StringValue)
+	data.CustomHeaderValue = obj.Attributes()["custom_header_value"].(basetypes.StringValue)
+	data.Directory = obj.Attributes()["directory"].(basetypes.ObjectValue)
+	data.Group = obj.Attributes()["group"].(basetypes.ObjectValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.System = obj.Attributes()["system"].(basetypes.ObjectValue)
+	data.TLS = obj.Attributes()["tls"].(basetypes.StringValue)
+	data.TrustedCertificate = obj.Attributes()["trusted_certificate"].(basetypes.ObjectValue)
+	data.Types = obj.Attributes()["types"].(basetypes.ListValue)
+	data.URL = obj.Attributes()["url"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.VerbosePayloads = obj.Attributes()["verbose_payloads"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectDSWebhookWebhookLinkableWrapper(data *webhookWebhookLinkableWrapperDataDS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectDSWebhookWebhook_additionalObjects(data *webhookWebhook_additionalObjectsDataDS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
diff --git a/internal/provider/full-tf-to-data-struct-rs.go b/internal/provider/full-tf-to-data-struct-rs.go
new file mode 100644
index 0000000..1b3fc4d
--- /dev/null
+++ b/internal/provider/full-tf-to-data-struct-rs.go
@@ -0,0 +1,1018 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+)
+
+func fillDataStructFromTFObjectRSAuditInfo(data *auditInfoDataRS, obj types.Object) {
+	data.CreatedAt = obj.Attributes()["created_at"].(basetypes.StringValue)
+	data.CreatedBy = obj.Attributes()["created_by"].(basetypes.StringValue)
+	data.LastModifiedAt = obj.Attributes()["last_modified_at"].(basetypes.StringValue)
+	data.LastModifiedBy = obj.Attributes()["last_modified_by"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSGeneratedSecret(data *generatedSecretDataRS, obj types.Object) {
+	data.GeneratedSecret = obj.Attributes()["generated_secret"].(basetypes.StringValue)
+	data.OldSecret = obj.Attributes()["old_secret"].(basetypes.StringValue)
+	data.Regenerate = obj.Attributes()["regenerate"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectRSLinkable(data *linkableDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSNonLinkable(data *nonLinkableDataRS, obj types.Object) {
+}
+
+func fillDataStructFromTFObjectRSRestLink(data *restLinkDataRS, obj types.Object) {
+	data.Href = obj.Attributes()["href"].(basetypes.StringValue)
+	data.ID = obj.Attributes()["id"].(basetypes.Int64Value)
+	data.Rel = obj.Attributes()["rel"].(basetypes.StringValue)
+	data.TypeEscaped = obj.Attributes()["type_escaped"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSAuthAccountPrimer(data *authAccountPrimerDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.LastActive = obj.Attributes()["last_active"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Validity = obj.Attributes()["validity"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSAuthPermission(data *authPermissionDataRS, obj types.Object) {
+	data.Full = obj.Attributes()["full"].(basetypes.StringValue)
+	data.Instances = obj.Attributes()["instances"].(basetypes.ListValue)
+	data.Operations = obj.Attributes()["operations"].(basetypes.ListValue)
+	data.TypeEscaped = obj.Attributes()["type_escaped"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSCertificateCertificatePrimer(data *certificateCertificatePrimerDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Alias = obj.Attributes()["alias"].(basetypes.StringValue)
+	data.CertificateCertificatePrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.CertificateData = obj.Attributes()["certificate_data"].(basetypes.ListValue)
+	data.Expiration = obj.Attributes()["expiration"].(basetypes.StringValue)
+	data.FingerprintSha1 = obj.Attributes()["fingerprint_sha1"].(basetypes.StringValue)
+	data.FingerprintSha256 = obj.Attributes()["fingerprint_sha256"].(basetypes.StringValue)
+	data.Global = obj.Attributes()["global"].(basetypes.BoolValue)
+	data.SubjectDN = obj.Attributes()["subject_dn"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSClientApplicationVaultVaultRecord(data *clientApplicationVaultVaultRecordDataRS, obj types.Object) {
+	data.ClientApplicationUUID = obj.Attributes()["client_application_uuid"].(basetypes.StringValue)
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Color = obj.Attributes()["color"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.ShareEndTime = obj.Attributes()["share_end_time"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.DeleteTile = obj.Attributes()["delete_tile"].(basetypes.BoolValue)
+	data.ParentUUID = obj.Attributes()["parent_uuid"].(basetypes.StringValue)
+	data.PasswordMetadata = obj.Attributes()["password_metadata"].(basetypes.ObjectValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+	data.ShareSummary = obj.Attributes()["share_summary"].(basetypes.ObjectValue)
+	data.Shares = obj.Attributes()["shares"].(basetypes.ListValue)
+	data.Tile = obj.Attributes()["tile"].(basetypes.ObjectValue)
+	data.Vaultholder = obj.Attributes()["vaultholder"].(basetypes.ObjectValue)
+	data.Derived = obj.Attributes()["derived"].(basetypes.BoolValue)
+	data.EndDate = obj.Attributes()["end_date"].(basetypes.StringValue)
+	data.Filename = obj.Attributes()["filename"].(basetypes.StringValue)
+	data.Types = obj.Attributes()["types"].(basetypes.ListValue)
+	data.URL = obj.Attributes()["url"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.WarningPeriod = obj.Attributes()["warning_period"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSClientClientApplication(data *clientClientApplicationDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.ClientClientApplicationPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.ClientID = obj.Attributes()["client_id"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.Scopes = obj.Attributes()["scopes"].(basetypes.ListValue)
+	data.SsoApplication = obj.Attributes()["sso_application"].(basetypes.BoolValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.DeleteTile = obj.Attributes()["delete_tile"].(basetypes.BoolValue)
+	data.Groupclients = obj.Attributes()["groupclients"].(basetypes.ListValue)
+	data.Groups = obj.Attributes()["groups"].(basetypes.ListValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+	data.Tile = obj.Attributes()["tile"].(basetypes.ObjectValue)
+	data.VaultRecordCount = obj.Attributes()["vault_record_count"].(basetypes.Int64Value)
+	data.LastModifiedAt = obj.Attributes()["last_modified_at"].(basetypes.StringValue)
+	data.OwnerUUID = obj.Attributes()["owner_uuid"].(basetypes.StringValue)
+	data.TechnicalAdministratorUUID = obj.Attributes()["technical_administrator_uuid"].(basetypes.StringValue)
+	data.LDAPClient = obj.Attributes()["ldap_client"].(basetypes.ObjectValue)
+	data.OAuth2Client = obj.Attributes()["o_auth2_client"].(basetypes.ObjectValue)
+	data.Saml2Client = obj.Attributes()["saml2_client"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSClientClientApplicationLinkableWrapper(data *clientClientApplicationLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSClientClientApplicationPrimer(data *clientClientApplicationPrimerDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.ClientClientApplicationPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.ClientID = obj.Attributes()["client_id"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.Scopes = obj.Attributes()["scopes"].(basetypes.ListValue)
+	data.SsoApplication = obj.Attributes()["sso_application"].(basetypes.BoolValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSClientClientApplication_additionalObjects(data *clientClientApplication_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.DeleteTile = obj.Attributes()["delete_tile"].(basetypes.BoolValue)
+	data.Groupclients = obj.Attributes()["groupclients"].(basetypes.ListValue)
+	data.Groups = obj.Attributes()["groups"].(basetypes.ListValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+	data.Tile = obj.Attributes()["tile"].(basetypes.ObjectValue)
+	data.VaultRecordCount = obj.Attributes()["vault_record_count"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectRSClientLdapClient(data *clientLdapClientDataRS, obj types.Object) {
+	data.BindDN = obj.Attributes()["bind_dn"].(basetypes.StringValue)
+	data.ClientCertificateUUID = obj.Attributes()["client_certificate_uuid"].(basetypes.StringValue)
+	data.ShareSecretInVault = obj.Attributes()["share_secret_in_vault"].(basetypes.BoolValue)
+	data.SharedSecretUUID = obj.Attributes()["shared_secret_uuid"].(basetypes.StringValue)
+	data.UsedForProvisioning = obj.Attributes()["used_for_provisioning"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectRSClientOAuth2Client(data *clientOAuth2ClientDataRS, obj types.Object) {
+	data.AccountPermissions = obj.Attributes()["account_permissions"].(basetypes.ListValue)
+	data.Attributes = obj.Attributes()["attributes"].(basetypes.MapValue)
+	data.CallbackURI = obj.Attributes()["callback_uri"].(basetypes.StringValue)
+	data.Confidential = obj.Attributes()["confidential"].(basetypes.BoolValue)
+	data.DebugMode = obj.Attributes()["debug_mode"].(basetypes.BoolValue)
+	data.IDTokenClaims = obj.Attributes()["id_token_claims"].(basetypes.StringValue)
+	data.InitiateLoginURI = obj.Attributes()["initiate_login_uri"].(basetypes.StringValue)
+	data.ResourceURIs = obj.Attributes()["resource_uris"].(basetypes.StringValue)
+	data.ShareSecretInVault = obj.Attributes()["share_secret_in_vault"].(basetypes.BoolValue)
+	data.SharedSecretUUID = obj.Attributes()["shared_secret_uuid"].(basetypes.StringValue)
+	data.ShowLandingPage = obj.Attributes()["show_landing_page"].(basetypes.BoolValue)
+	data.UseClientCredentials = obj.Attributes()["use_client_credentials"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectRSClientOAuth2ClientPermission(data *clientOAuth2ClientPermissionDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.ForGroupUUID = obj.Attributes()["for_group_uuid"].(basetypes.StringValue)
+	data.ForSystemUUID = obj.Attributes()["for_system_uuid"].(basetypes.StringValue)
+	data.Value = obj.Attributes()["value"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSClientOAuth2ClientPermissionWithClient(data *clientOAuth2ClientPermissionWithClientDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.ForGroupUUID = obj.Attributes()["for_group_uuid"].(basetypes.StringValue)
+	data.ForSystemUUID = obj.Attributes()["for_system_uuid"].(basetypes.StringValue)
+	data.Value = obj.Attributes()["value"].(basetypes.StringValue)
+	data.ClientUUID = obj.Attributes()["client_uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSClientOAuth2ClientPermissionWithClientLinkableWrapper(data *clientOAuth2ClientPermissionWithClientLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSClientOAuth2ClientPermission_additionalObjects(data *clientOAuth2ClientPermission_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSClientSaml2Client(data *clientSaml2ClientDataRS, obj types.Object) {
+	data.Attributes = obj.Attributes()["attributes"].(basetypes.MapValue)
+	data.Metadata = obj.Attributes()["metadata"].(basetypes.StringValue)
+	data.MetadataURL = obj.Attributes()["metadata_url"].(basetypes.StringValue)
+	data.SubjectFormat = obj.Attributes()["subject_format"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSDirectoryAccountDirectory(data *directoryAccountDirectoryDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.AccountValiditySupported = obj.Attributes()["account_validity_supported"].(basetypes.BoolValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.DirectoryAccountDirectoryPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Markers = obj.Attributes()["markers"].(basetypes.ObjectValue)
+	data.Status = obj.Attributes()["status"].(basetypes.ObjectValue)
+	data.BaseOrganizationalUnitUUID = obj.Attributes()["base_organizational_unit_uuid"].(basetypes.StringValue)
+	data.DefaultDirectory = obj.Attributes()["default_directory"].(basetypes.BoolValue)
+	data.HelpdeskGroupUUID = obj.Attributes()["helpdesk_group_uuid"].(basetypes.StringValue)
+	data.Restrict2fa = obj.Attributes()["restrict2fa"].(basetypes.BoolValue)
+	data.RotatingPassword = obj.Attributes()["rotating_password"].(basetypes.StringValue)
+	data.UsernameCustomizable = obj.Attributes()["username_customizable"].(basetypes.BoolValue)
+	data.InternalDirectory = obj.Attributes()["internal_directory"].(basetypes.ObjectValue)
+	data.LDAPDirectory = obj.Attributes()["l_d_a_p_directory"].(basetypes.ObjectValue)
+	data.MaintenanceDirectory = obj.Attributes()["maintenance_directory"].(basetypes.ObjectValue)
+	data.OIDCDirectory = obj.Attributes()["o_id_c_directory"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSDirectoryAccountDirectoryLinkableWrapper(data *directoryAccountDirectoryLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSDirectoryAccountDirectoryPrimer(data *directoryAccountDirectoryPrimerDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.AccountValiditySupported = obj.Attributes()["account_validity_supported"].(basetypes.BoolValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.DirectoryAccountDirectoryPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSDirectoryAccountDirectoryStatusReport(data *directoryAccountDirectoryStatusReportDataRS, obj types.Object) {
+	data.Accounts = obj.Attributes()["accounts"].(basetypes.Int64Value)
+	data.Reason = obj.Attributes()["reason"].(basetypes.StringValue)
+	data.Status = obj.Attributes()["status"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSDirectoryAccountDirectorySummary(data *directoryAccountDirectorySummaryDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DirectoryAccountDirectorySummaryType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.DomainRestriction = obj.Attributes()["domain_restriction"].(basetypes.StringValue)
+	data.FullyResolvedIssuer = obj.Attributes()["fully_resolved_issuer"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.Status = obj.Attributes()["status"].(basetypes.ObjectValue)
+	data.UsernameCustomizable = obj.Attributes()["username_customizable"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectRSDirectoryAccountDirectorySummaryLinkableWrapper(data *directoryAccountDirectorySummaryLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSDirectoryAccountDirectory_additionalObjects(data *directoryAccountDirectory_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Markers = obj.Attributes()["markers"].(basetypes.ObjectValue)
+	data.Status = obj.Attributes()["status"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSDirectoryInternalDirectory(data *directoryInternalDirectoryDataRS, obj types.Object) {
+	data.OwnerUUID = obj.Attributes()["owner_uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSDirectoryLDAPDirectory(data *directoryLDAPDirectoryDataRS, obj types.Object) {
+	data.AttributesToStore = obj.Attributes()["attributes_to_store"].(basetypes.StringValue)
+	data.BaseDN = obj.Attributes()["base_dn"].(basetypes.StringValue)
+	data.ClientCertificateUUID = obj.Attributes()["client_certificate_uuid"].(basetypes.StringValue)
+	data.Dialect = obj.Attributes()["dialect"].(basetypes.StringValue)
+	data.FailoverHost = obj.Attributes()["failover_host"].(basetypes.StringValue)
+	data.FailoverTrustedCertificateUUID = obj.Attributes()["failover_trusted_certificate_uuid"].(basetypes.StringValue)
+	data.Host = obj.Attributes()["host"].(basetypes.StringValue)
+	data.PasswordRecovery = obj.Attributes()["password_recovery"].(basetypes.StringValue)
+	data.Port = obj.Attributes()["port"].(basetypes.Int64Value)
+	data.SearchBindDN = obj.Attributes()["search_bind_dn"].(basetypes.StringValue)
+	data.SearchBindPassword = obj.Attributes()["search_bind_password"].(basetypes.StringValue)
+	data.SearchFilter = obj.Attributes()["search_filter"].(basetypes.StringValue)
+	data.TLS = obj.Attributes()["tls"].(basetypes.StringValue)
+	data.TrustedCertificateUUID = obj.Attributes()["trusted_certificate_uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSDirectoryMaintenanceDirectory(data *directoryMaintenanceDirectoryDataRS, obj types.Object) {
+}
+
+func fillDataStructFromTFObjectRSDirectoryOIDCDirectory(data *directoryOIDCDirectoryDataRS, obj types.Object) {
+	data.AcrValues = obj.Attributes()["acr_values"].(basetypes.StringValue)
+	data.AttributesToStore = obj.Attributes()["attributes_to_store"].(basetypes.StringValue)
+	data.ClientID = obj.Attributes()["client_id"].(basetypes.StringValue)
+	data.ClientSecret = obj.Attributes()["client_secret"].(basetypes.StringValue)
+	data.DomainRestriction = obj.Attributes()["domain_restriction"].(basetypes.StringValue)
+	data.Enforces2fa = obj.Attributes()["enforces2fa"].(basetypes.BoolValue)
+	data.FullyResolvedIssuer = obj.Attributes()["fully_resolved_issuer"].(basetypes.StringValue)
+	data.Issuer = obj.Attributes()["issuer"].(basetypes.StringValue)
+	data.LogoutURL = obj.Attributes()["logout_url"].(basetypes.StringValue)
+	data.SendLoginHint = obj.Attributes()["send_login_hint"].(basetypes.BoolValue)
+	data.VendorEscaped = obj.Attributes()["vendor_escaped"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSGroupAuthorizedGroupsWrapper(data *groupAuthorizedGroupsWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+	data.GroupCount = obj.Attributes()["group_count"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectRSGroupGroup(data *groupGroupDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Admin = obj.Attributes()["admin"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Accounts = obj.Attributes()["accounts"].(basetypes.ListValue)
+	data.AdministeredClients = obj.Attributes()["administered_clients"].(basetypes.ListValue)
+	data.AdministeredSystems = obj.Attributes()["administered_systems"].(basetypes.ListValue)
+	data.Admins = obj.Attributes()["admins"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.AuthorizedGroups = obj.Attributes()["authorized_groups"].(basetypes.ObjectValue)
+	data.ClientPermissions = obj.Attributes()["client_permissions"].(basetypes.ListValue)
+	data.Clients = obj.Attributes()["clients"].(basetypes.ListValue)
+	data.ContentAdministeredSystems = obj.Attributes()["content_administered_systems"].(basetypes.ListValue)
+	data.Groupauditinginfo = obj.Attributes()["groupauditinginfo"].(basetypes.ObjectValue)
+	data.Groupinfo = obj.Attributes()["groupinfo"].(basetypes.ObjectValue)
+	data.Helpdesk = obj.Attributes()["helpdesk"].(basetypes.ListValue)
+	data.Markers = obj.Attributes()["markers"].(basetypes.ObjectValue)
+	data.Myaccount = obj.Attributes()["myaccount"].(basetypes.ObjectValue)
+	data.Mydelegatedaccount = obj.Attributes()["mydelegatedaccount"].(basetypes.ObjectValue)
+	data.NestedGroups = obj.Attributes()["nested_groups"].(basetypes.ListValue)
+	data.OwnedClients = obj.Attributes()["owned_clients"].(basetypes.ListValue)
+	data.OwnedDirectories = obj.Attributes()["owned_directories"].(basetypes.ListValue)
+	data.OwnedGroupsOnSystem = obj.Attributes()["owned_groups_on_system"].(basetypes.ObjectValue)
+	data.OwnedOrganizationalUnits = obj.Attributes()["owned_organizational_units"].(basetypes.ListValue)
+	data.OwnedSystems = obj.Attributes()["owned_systems"].(basetypes.ListValue)
+	data.RecentAudits = obj.Attributes()["recent_audits"].(basetypes.ListValue)
+	data.Requeststatus = obj.Attributes()["requeststatus"].(basetypes.StringValue)
+	data.ServiceAccounts = obj.Attributes()["service_accounts"].(basetypes.ListValue)
+	data.Systems = obj.Attributes()["systems"].(basetypes.ListValue)
+	data.Vault = obj.Attributes()["vault"].(basetypes.ObjectValue)
+	data.Webhooks = obj.Attributes()["webhooks"].(basetypes.ListValue)
+	data.ApplicationAdministration = obj.Attributes()["application_administration"].(basetypes.BoolValue)
+	data.AuditConfig = obj.Attributes()["audit_config"].(basetypes.ObjectValue)
+	data.AuditRequested = obj.Attributes()["audit_requested"].(basetypes.BoolValue)
+	data.Auditor = obj.Attributes()["auditor"].(basetypes.BoolValue)
+	data.AuthorizingGroupAuditingUUID = obj.Attributes()["authorizing_group_auditing_uuid"].(basetypes.StringValue)
+	data.AuthorizingGroupDelegationUUID = obj.Attributes()["authorizing_group_delegation_uuid"].(basetypes.StringValue)
+	data.AuthorizingGroupMembershipUUID = obj.Attributes()["authorizing_group_membership_uuid"].(basetypes.StringValue)
+	data.AuthorizingGroupProvisioningUUID = obj.Attributes()["authorizing_group_provisioning_uuid"].(basetypes.StringValue)
+	data.AuthorizingGroupTypes = obj.Attributes()["authorizing_group_types"].(basetypes.ListValue)
+	data.ClassificationUUID = obj.Attributes()["classification_uuid"].(basetypes.StringValue)
+	data.Description = obj.Attributes()["description"].(basetypes.StringValue)
+	data.ExtendedAccess = obj.Attributes()["extended_access"].(basetypes.StringValue)
+	data.HideAuditTrail = obj.Attributes()["hide_audit_trail"].(basetypes.BoolValue)
+	data.NestedUnderUUID = obj.Attributes()["nested_under_uuid"].(basetypes.StringValue)
+	data.OrganizationalUnitUUID = obj.Attributes()["organizational_unit_uuid"].(basetypes.StringValue)
+	data.PrivateGroup = obj.Attributes()["private_group"].(basetypes.BoolValue)
+	data.RecordTrail = obj.Attributes()["record_trail"].(basetypes.BoolValue)
+	data.RotatingPasswordRequired = obj.Attributes()["rotating_password_required"].(basetypes.BoolValue)
+	data.SingleManaged = obj.Attributes()["single_managed"].(basetypes.BoolValue)
+	data.VaultRecovery = obj.Attributes()["vault_recovery"].(basetypes.StringValue)
+	data.VaultRequiresActivation = obj.Attributes()["vault_requires_activation"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupAccount(data *groupGroupAccountDataRS, obj types.Object) {
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.DirectoryUUID = obj.Attributes()["directory_uuid"].(basetypes.StringValue)
+	data.DisconnectedNested = obj.Attributes()["disconnected_nested"].(basetypes.BoolValue)
+	data.EndDate = obj.Attributes()["end_date"].(basetypes.StringValue)
+	data.LastUsed = obj.Attributes()["last_used"].(basetypes.StringValue)
+	data.Nested = obj.Attributes()["nested"].(basetypes.BoolValue)
+	data.ProvisioningEndTime = obj.Attributes()["provisioning_end_time"].(basetypes.StringValue)
+	data.Rights = obj.Attributes()["rights"].(basetypes.StringValue)
+	data.TwoFactorStatus = obj.Attributes()["two_factor_status"].(basetypes.StringValue)
+	data.VisibleForProvisioning = obj.Attributes()["visible_for_provisioning"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupAccountLinkableWrapper(data *groupGroupAccountLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupAccount_additionalObjects(data *groupGroupAccount_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupAudit(data *groupGroupAuditDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Accounts = obj.Attributes()["accounts"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Comment = obj.Attributes()["comment"].(basetypes.StringValue)
+	data.CreatedAt = obj.Attributes()["created_at"].(basetypes.StringValue)
+	data.CreatedBy = obj.Attributes()["created_by"].(basetypes.StringValue)
+	data.GroupName = obj.Attributes()["group_name"].(basetypes.StringValue)
+	data.NameOnAudit = obj.Attributes()["name_on_audit"].(basetypes.StringValue)
+	data.ReviewedAt = obj.Attributes()["reviewed_at"].(basetypes.StringValue)
+	data.ReviewedBy = obj.Attributes()["reviewed_by"].(basetypes.StringValue)
+	data.Status = obj.Attributes()["status"].(basetypes.StringValue)
+	data.SubmittedAt = obj.Attributes()["submitted_at"].(basetypes.StringValue)
+	data.SubmittedBy = obj.Attributes()["submitted_by"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupAuditAccount(data *groupGroupAuditAccountDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.AccountUUID = obj.Attributes()["account_uuid"].(basetypes.StringValue)
+	data.AccountValid = obj.Attributes()["account_valid"].(basetypes.BoolValue)
+	data.Action = obj.Attributes()["action"].(basetypes.StringValue)
+	data.Comment = obj.Attributes()["comment"].(basetypes.StringValue)
+	data.DisconnectedNested = obj.Attributes()["disconnected_nested"].(basetypes.BoolValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.EndDate = obj.Attributes()["end_date"].(basetypes.StringValue)
+	data.LastActive = obj.Attributes()["last_active"].(basetypes.StringValue)
+	data.LastUsed = obj.Attributes()["last_used"].(basetypes.StringValue)
+	data.Nested = obj.Attributes()["nested"].(basetypes.BoolValue)
+	data.Rights = obj.Attributes()["rights"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupAuditConfig(data *groupGroupAuditConfigDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Months = obj.Attributes()["months"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupAuditLinkableWrapper(data *groupGroupAuditLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupAudit_additionalObjects(data *groupGroupAudit_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupAuditingInfo(data *groupGroupAuditingInfoDataRS, obj types.Object) {
+	data.AuditDueDate = obj.Attributes()["audit_due_date"].(basetypes.StringValue)
+	data.LastAuditDate = obj.Attributes()["last_audit_date"].(basetypes.StringValue)
+	data.NrAccounts = obj.Attributes()["nr_accounts"].(basetypes.Int64Value)
+	data.NrDisabledAccounts = obj.Attributes()["nr_disabled_accounts"].(basetypes.Int64Value)
+	data.NrDisabledManagers = obj.Attributes()["nr_disabled_managers"].(basetypes.Int64Value)
+	data.NrExpiredVaultRecords = obj.Attributes()["nr_expired_vault_records"].(basetypes.Int64Value)
+	data.NrManagers = obj.Attributes()["nr_managers"].(basetypes.Int64Value)
+	data.NrVaultRecordsWithEndDate = obj.Attributes()["nr_vault_records_with_end_date"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupClassificationPrimer(data *groupGroupClassificationPrimerDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupClient(data *groupGroupClientDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.ActivationRequired = obj.Attributes()["activation_required"].(basetypes.BoolValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.ClientUUID = obj.Attributes()["client_uuid"].(basetypes.StringValue)
+	data.GroupUUID = obj.Attributes()["group_uuid"].(basetypes.StringValue)
+	data.OwnerUUID = obj.Attributes()["owner_uuid"].(basetypes.StringValue)
+	data.TechnicalAdministratorUUID = obj.Attributes()["technical_administrator_uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupClientLinkableWrapper(data *groupGroupClientLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupClient_additionalObjects(data *groupGroupClient_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupInfo(data *groupGroupInfoDataRS, obj types.Object) {
+	data.NrAccounts = obj.Attributes()["nr_accounts"].(basetypes.Int64Value)
+	data.NrAccountsWithVault = obj.Attributes()["nr_accounts_with_vault"].(basetypes.Int64Value)
+	data.NrAudits = obj.Attributes()["nr_audits"].(basetypes.Int64Value)
+	data.NrClients = obj.Attributes()["nr_clients"].(basetypes.Int64Value)
+	data.NrProvisionedSystems = obj.Attributes()["nr_provisioned_systems"].(basetypes.Int64Value)
+	data.NrVaultRecords = obj.Attributes()["nr_vault_records"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupLinkableWrapper(data *groupGroupLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupPrimer(data *groupGroupPrimerDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Admin = obj.Attributes()["admin"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroupPrimerLinkableWrapper(data *groupGroupPrimerLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSGroupGroup_additionalObjects(data *groupGroup_additionalObjectsDataRS, obj types.Object) {
+	data.Accounts = obj.Attributes()["accounts"].(basetypes.ListValue)
+	data.AdministeredClients = obj.Attributes()["administered_clients"].(basetypes.ListValue)
+	data.AdministeredSystems = obj.Attributes()["administered_systems"].(basetypes.ListValue)
+	data.Admins = obj.Attributes()["admins"].(basetypes.ListValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.AuthorizedGroups = obj.Attributes()["authorized_groups"].(basetypes.ObjectValue)
+	data.ClientPermissions = obj.Attributes()["client_permissions"].(basetypes.ListValue)
+	data.Clients = obj.Attributes()["clients"].(basetypes.ListValue)
+	data.ContentAdministeredSystems = obj.Attributes()["content_administered_systems"].(basetypes.ListValue)
+	data.Groupauditinginfo = obj.Attributes()["groupauditinginfo"].(basetypes.ObjectValue)
+	data.Groupinfo = obj.Attributes()["groupinfo"].(basetypes.ObjectValue)
+	data.Helpdesk = obj.Attributes()["helpdesk"].(basetypes.ListValue)
+	data.Markers = obj.Attributes()["markers"].(basetypes.ObjectValue)
+	data.Myaccount = obj.Attributes()["myaccount"].(basetypes.ObjectValue)
+	data.Mydelegatedaccount = obj.Attributes()["mydelegatedaccount"].(basetypes.ObjectValue)
+	data.NestedGroups = obj.Attributes()["nested_groups"].(basetypes.ListValue)
+	data.OwnedClients = obj.Attributes()["owned_clients"].(basetypes.ListValue)
+	data.OwnedDirectories = obj.Attributes()["owned_directories"].(basetypes.ListValue)
+	data.OwnedGroupsOnSystem = obj.Attributes()["owned_groups_on_system"].(basetypes.ObjectValue)
+	data.OwnedOrganizationalUnits = obj.Attributes()["owned_organizational_units"].(basetypes.ListValue)
+	data.OwnedSystems = obj.Attributes()["owned_systems"].(basetypes.ListValue)
+	data.RecentAudits = obj.Attributes()["recent_audits"].(basetypes.ListValue)
+	data.Requeststatus = obj.Attributes()["requeststatus"].(basetypes.StringValue)
+	data.ServiceAccounts = obj.Attributes()["service_accounts"].(basetypes.ListValue)
+	data.Systems = obj.Attributes()["systems"].(basetypes.ListValue)
+	data.Vault = obj.Attributes()["vault"].(basetypes.ObjectValue)
+	data.Webhooks = obj.Attributes()["webhooks"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSGroupProvisioningGroup(data *groupProvisioningGroupDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.ActivationRequired = obj.Attributes()["activation_required"].(basetypes.BoolValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.GroupUUID = obj.Attributes()["group_uuid"].(basetypes.StringValue)
+	data.GroupOnSystem = obj.Attributes()["group_on_system"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSGroupProvisioningGroupLinkableWrapper(data *groupProvisioningGroupLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSGroupProvisioningGroup_additionalObjects(data *groupProvisioningGroup_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSGroupVaultVaultRecord(data *groupVaultVaultRecordDataRS, obj types.Object) {
+	data.GroupUUID = obj.Attributes()["group_uuid"].(basetypes.StringValue)
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Color = obj.Attributes()["color"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.ShareEndTime = obj.Attributes()["share_end_time"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.DeleteTile = obj.Attributes()["delete_tile"].(basetypes.BoolValue)
+	data.ParentUUID = obj.Attributes()["parent_uuid"].(basetypes.StringValue)
+	data.PasswordMetadata = obj.Attributes()["password_metadata"].(basetypes.ObjectValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+	data.ShareSummary = obj.Attributes()["share_summary"].(basetypes.ObjectValue)
+	data.Shares = obj.Attributes()["shares"].(basetypes.ListValue)
+	data.Tile = obj.Attributes()["tile"].(basetypes.ObjectValue)
+	data.Vaultholder = obj.Attributes()["vaultholder"].(basetypes.ObjectValue)
+	data.Derived = obj.Attributes()["derived"].(basetypes.BoolValue)
+	data.EndDate = obj.Attributes()["end_date"].(basetypes.StringValue)
+	data.Filename = obj.Attributes()["filename"].(basetypes.StringValue)
+	data.Types = obj.Attributes()["types"].(basetypes.ListValue)
+	data.URL = obj.Attributes()["url"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.WarningPeriod = obj.Attributes()["warning_period"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSLaunchpadSsoApplicationLaunchpadTile(data *launchpadSsoApplicationLaunchpadTileDataRS, obj types.Object) {
+	data.URI = obj.Attributes()["uri"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSLaunchpadVaultRecordLaunchpadTile(data *launchpadVaultRecordLaunchpadTileDataRS, obj types.Object) {
+}
+
+func fillDataStructFromTFObjectRSMarkItemMarker(data *markItemMarkerDataRS, obj types.Object) {
+	data.Level = obj.Attributes()["level"].(basetypes.StringValue)
+	data.MarkItemMarkerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.Parameters = obj.Attributes()["parameters"].(basetypes.MapValue)
+}
+
+func fillDataStructFromTFObjectRSMarkItemMarkers(data *markItemMarkersDataRS, obj types.Object) {
+	data.Markers = obj.Attributes()["markers"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSNestedProvisioningGroupOnSystem(data *nestedProvisioningGroupOnSystemDataRS, obj types.Object) {
+	data.ProvisionedSystemUUID = obj.Attributes()["provisioned_system_uuid"].(basetypes.StringValue)
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.NameInSystem = obj.Attributes()["name_in_system"].(basetypes.StringValue)
+	data.ProvisioningGroupOnSystemPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.ShortNameInSystem = obj.Attributes()["short_name_in_system"].(basetypes.StringValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Provgroups = obj.Attributes()["provgroups"].(basetypes.ListValue)
+	data.ServiceAccounts = obj.Attributes()["service_accounts"].(basetypes.ListValue)
+	data.OwnerUUID = obj.Attributes()["owner_uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSOrganizationOrganizationalUnit(data *organizationOrganizationalUnitDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.CreateAsParentOf = obj.Attributes()["create_as_parent_of"].(basetypes.ListValue)
+	data.Depth = obj.Attributes()["depth"].(basetypes.Int64Value)
+	data.Description = obj.Attributes()["description"].(basetypes.StringValue)
+	data.OwnerUUID = obj.Attributes()["owner_uuid"].(basetypes.StringValue)
+	data.ParentUUID = obj.Attributes()["parent_uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSOrganizationOrganizationalUnitLinkableWrapper(data *organizationOrganizationalUnitLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSOrganizationOrganizationalUnitPrimer(data *organizationOrganizationalUnitPrimerDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSOrganizationOrganizationalUnitPrimerLinkableWrapper(data *organizationOrganizationalUnitPrimerLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSOrganizationOrganizationalUnit_additionalObjects(data *organizationOrganizationalUnit_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.CreateAsParentOf = obj.Attributes()["create_as_parent_of"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningAbstractProvisionedLDAP(data *provisioningAbstractProvisionedLDAPDataRS, obj types.Object) {
+	data.Attributes = obj.Attributes()["attributes"].(basetypes.MapValue)
+	data.BaseDN = obj.Attributes()["base_dn"].(basetypes.StringValue)
+	data.BindDN = obj.Attributes()["bind_dn"].(basetypes.StringValue)
+	data.BindPassword = obj.Attributes()["bind_password"].(basetypes.StringValue)
+	data.ClientCertificateUUID = obj.Attributes()["client_certificate_uuid"].(basetypes.StringValue)
+	data.FailoverHost = obj.Attributes()["failover_host"].(basetypes.StringValue)
+	data.FailoverTrustedCertificateUUID = obj.Attributes()["failover_trusted_certificate_uuid"].(basetypes.StringValue)
+	data.GroupDN = obj.Attributes()["group_dn"].(basetypes.StringValue)
+	data.Host = obj.Attributes()["host"].(basetypes.StringValue)
+	data.ObjectClasses = obj.Attributes()["object_classes"].(basetypes.StringValue)
+	data.Port = obj.Attributes()["port"].(basetypes.Int64Value)
+	data.ServiceAccountDN = obj.Attributes()["service_account_dn"].(basetypes.StringValue)
+	data.SshPublicKeySupported = obj.Attributes()["ssh_public_key_supported"].(basetypes.BoolValue)
+	data.TLS = obj.Attributes()["tls"].(basetypes.StringValue)
+	data.TrustedCertificateUUID = obj.Attributes()["trusted_certificate_uuid"].(basetypes.StringValue)
+	data.UserDN = obj.Attributes()["user_dn"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningCircuitBreakerStatistics(data *provisioningCircuitBreakerStatisticsDataRS, obj types.Object) {
+	data.NumberOfFailedCalls = obj.Attributes()["number_of_failed_calls"].(basetypes.Int64Value)
+	data.NumberOfNotPermittedCalls = obj.Attributes()["number_of_not_permitted_calls"].(basetypes.Int64Value)
+	data.NumberOfSuccessfulCalls = obj.Attributes()["number_of_successful_calls"].(basetypes.Int64Value)
+	data.State = obj.Attributes()["state"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningGroupOnSystem(data *provisioningGroupOnSystemDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.NameInSystem = obj.Attributes()["name_in_system"].(basetypes.StringValue)
+	data.ProvisioningGroupOnSystemPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.ShortNameInSystem = obj.Attributes()["short_name_in_system"].(basetypes.StringValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Provgroups = obj.Attributes()["provgroups"].(basetypes.ListValue)
+	data.ServiceAccounts = obj.Attributes()["service_accounts"].(basetypes.ListValue)
+	data.OwnerUUID = obj.Attributes()["owner_uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningGroupOnSystemLinkableWrapper(data *provisioningGroupOnSystemLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningGroupOnSystemPrimer(data *provisioningGroupOnSystemPrimerDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.NameInSystem = obj.Attributes()["name_in_system"].(basetypes.StringValue)
+	data.ProvisioningGroupOnSystemPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.ShortNameInSystem = obj.Attributes()["short_name_in_system"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningGroupOnSystemTypes(data *provisioningGroupOnSystemTypesDataRS, obj types.Object) {
+	data.Types = obj.Attributes()["types"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningGroupOnSystem_additionalObjects(data *provisioningGroupOnSystem_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Provgroups = obj.Attributes()["provgroups"].(basetypes.ListValue)
+	data.ServiceAccounts = obj.Attributes()["service_accounts"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningOwnedGroupOnSystemsWrapper(data *provisioningOwnedGroupOnSystemsWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+	data.UnlinkedCount = obj.Attributes()["unlinked_count"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionNumberSequence(data *provisioningProvisionNumberSequenceDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.AccountCount = obj.Attributes()["account_count"].(basetypes.Int64Value)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Systems = obj.Attributes()["systems"].(basetypes.ListValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.NextUID = obj.Attributes()["next_uid"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionNumberSequence_additionalObjects(data *provisioningProvisionNumberSequence_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Systems = obj.Attributes()["systems"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedAD(data *provisioningProvisionedADDataRS, obj types.Object) {
+	data.SamAccountNameScheme = obj.Attributes()["sam_account_name_scheme"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedAccount(data *provisioningProvisionedAccountDataRS, obj types.Object) {
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.UID = obj.Attributes()["uid"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedAccount_additionalObjects(data *provisioningProvisionedAccount_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedAzureOIDCDirectory(data *provisioningProvisionedAzureOIDCDirectoryDataRS, obj types.Object) {
+	data.DirectoryUUID = obj.Attributes()["directory_uuid"].(basetypes.StringValue)
+	data.Tenant = obj.Attributes()["tenant"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedAzureSyncLDAPDirectory(data *provisioningProvisionedAzureSyncLDAPDirectoryDataRS, obj types.Object) {
+	data.ClientID = obj.Attributes()["client_id"].(basetypes.StringValue)
+	data.ClientSecret = obj.Attributes()["client_secret"].(basetypes.StringValue)
+	data.DirectoryUUID = obj.Attributes()["directory_uuid"].(basetypes.StringValue)
+	data.Tenant = obj.Attributes()["tenant"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedAzureTenant(data *provisioningProvisionedAzureTenantDataRS, obj types.Object) {
+	data.ClientID = obj.Attributes()["client_id"].(basetypes.StringValue)
+	data.ClientSecret = obj.Attributes()["client_secret"].(basetypes.StringValue)
+	data.IDpDomain = obj.Attributes()["idp_domain"].(basetypes.StringValue)
+	data.Tenant = obj.Attributes()["tenant"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedInternalLDAP(data *provisioningProvisionedInternalLDAPDataRS, obj types.Object) {
+	data.ClientUUID = obj.Attributes()["client_uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedLDAP(data *provisioningProvisionedLDAPDataRS, obj types.Object) {
+	data.Gid = obj.Attributes()["gid"].(basetypes.Int64Value)
+	data.HashingScheme = obj.Attributes()["hashing_scheme"].(basetypes.StringValue)
+	data.Numbering = obj.Attributes()["numbering"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedLDAPDirectory(data *provisioningProvisionedLDAPDirectoryDataRS, obj types.Object) {
+	data.DirectoryUUID = obj.Attributes()["directory_uuid"].(basetypes.StringValue)
+	data.GroupDN = obj.Attributes()["group_dn"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedSystem(data *provisioningProvisionedSystemDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.OrganizationalUnitUUID = obj.Attributes()["organizational_unit_uuid"].(basetypes.StringValue)
+	data.ProvisioningProvisionedSystemPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.AccountCount = obj.Attributes()["account_count"].(basetypes.Int64Value)
+	data.Account = obj.Attributes()["account"].(basetypes.ObjectValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.IssuedPermissions = obj.Attributes()["issued_permissions"].(basetypes.ListValue)
+	data.LoginName = obj.Attributes()["login_name"].(basetypes.StringValue)
+	data.ManagementPermissions = obj.Attributes()["management_permissions"].(basetypes.ObjectValue)
+	data.Markers = obj.Attributes()["markers"].(basetypes.ObjectValue)
+	data.Statistics = obj.Attributes()["statistics"].(basetypes.ObjectValue)
+	data.SupportedGroupTypes = obj.Attributes()["supported_group_types"].(basetypes.ObjectValue)
+	data.ContentAdministratorUUID = obj.Attributes()["content_administrator_uuid"].(basetypes.StringValue)
+	data.ExternalUUID = obj.Attributes()["external_uuid"].(basetypes.StringValue)
+	data.OwnerUUID = obj.Attributes()["owner_uuid"].(basetypes.StringValue)
+	data.SelfServiceExistingGroups = obj.Attributes()["self_service_existing_groups"].(basetypes.BoolValue)
+	data.SelfServiceNewGroups = obj.Attributes()["self_service_new_groups"].(basetypes.BoolValue)
+	data.SelfServiceServiceAccounts = obj.Attributes()["self_service_service_accounts"].(basetypes.BoolValue)
+	data.ShouldDestroyUnknownAccounts = obj.Attributes()["should_destroy_unknown_accounts"].(basetypes.BoolValue)
+	data.TechnicalAdministratorUUID = obj.Attributes()["technical_administrator_uuid"].(basetypes.StringValue)
+	data.UsernamePrefix = obj.Attributes()["username_prefix"].(basetypes.StringValue)
+	data.AbstractProvisionedLDAP = obj.Attributes()["abstract_provisioned_ldap"].(basetypes.ObjectValue)
+	data.ProvisionedAD = obj.Attributes()["provisioned_a_d"].(basetypes.ObjectValue)
+	data.ProvisionedAzureOIDCDirectory = obj.Attributes()["provisioned_azure_oidc_directory"].(basetypes.ObjectValue)
+	data.ProvisionedAzureSyncLDAPDirectory = obj.Attributes()["provisioned_azure_sync_ldap_directory"].(basetypes.ObjectValue)
+	data.ProvisionedAzureTenant = obj.Attributes()["provisioned_azure_tenant"].(basetypes.ObjectValue)
+	data.ProvisionedInternalLDAP = obj.Attributes()["provisioned_internal_ldap"].(basetypes.ObjectValue)
+	data.ProvisionedLDAP = obj.Attributes()["provisioned_ldap"].(basetypes.ObjectValue)
+	data.ProvisionedLDAPDirectory = obj.Attributes()["provisioned_ldap_directory"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedSystemLinkableWrapper(data *provisioningProvisionedSystemLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedSystemPrimer(data *provisioningProvisionedSystemPrimerDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.OrganizationalUnitUUID = obj.Attributes()["organizational_unit_uuid"].(basetypes.StringValue)
+	data.ProvisioningProvisionedSystemPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedSystemPrimerLinkableWrapper(data *provisioningProvisionedSystemPrimerLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisionedSystem_additionalObjects(data *provisioningProvisionedSystem_additionalObjectsDataRS, obj types.Object) {
+	data.Account = obj.Attributes()["account"].(basetypes.ObjectValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.IssuedPermissions = obj.Attributes()["issued_permissions"].(basetypes.ListValue)
+	data.LoginName = obj.Attributes()["login_name"].(basetypes.StringValue)
+	data.ManagementPermissions = obj.Attributes()["management_permissions"].(basetypes.ObjectValue)
+	data.Markers = obj.Attributes()["markers"].(basetypes.ObjectValue)
+	data.Statistics = obj.Attributes()["statistics"].(basetypes.ObjectValue)
+	data.SupportedGroupTypes = obj.Attributes()["supported_group_types"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSProvisioningProvisioningManagementPermissions(data *provisioningProvisioningManagementPermissionsDataRS, obj types.Object) {
+	data.CreateNewGroupsAllowed = obj.Attributes()["create_new_groups_allowed"].(basetypes.BoolValue)
+	data.CreateServiceAccountsAllowed = obj.Attributes()["create_service_accounts_allowed"].(basetypes.BoolValue)
+	data.ReuseExistingGroupsAllowed = obj.Attributes()["reuse_existing_groups_allowed"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectRSServiceaccountServiceAccount(data *serviceaccountServiceAccountDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.SystemUUID = obj.Attributes()["system_uuid"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Groups = obj.Attributes()["groups"].(basetypes.ListValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+	data.Description = obj.Attributes()["description"].(basetypes.StringValue)
+	data.PasswordUUID = obj.Attributes()["password_uuid"].(basetypes.StringValue)
+	data.PasswordRotation = obj.Attributes()["password_rotation"].(basetypes.StringValue)
+	data.TechnicalAdministratorUUID = obj.Attributes()["technical_administrator_uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSServiceaccountServiceAccountGroup(data *serviceaccountServiceAccountGroupDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.DisplayName = obj.Attributes()["display_name"].(basetypes.StringValue)
+	data.NameInSystem = obj.Attributes()["name_in_system"].(basetypes.StringValue)
+	data.ProvisioningGroupOnSystemPrimerType = obj.Attributes()["type"].(basetypes.StringValue)
+	data.ShortNameInSystem = obj.Attributes()["short_name_in_system"].(basetypes.StringValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSServiceaccountServiceAccountGroupLinkableWrapper(data *serviceaccountServiceAccountGroupLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSServiceaccountServiceAccountGroup_additionalObjects(data *serviceaccountServiceAccountGroup_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSServiceaccountServiceAccountLinkableWrapper(data *serviceaccountServiceAccountLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSServiceaccountServiceAccountPrimer(data *serviceaccountServiceAccountPrimerDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.SystemUUID = obj.Attributes()["system_uuid"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSServiceaccountServiceAccountPrimerLinkableWrapper(data *serviceaccountServiceAccountPrimerLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSServiceaccountServiceAccount_additionalObjects(data *serviceaccountServiceAccount_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.Groups = obj.Attributes()["groups"].(basetypes.ListValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSVaultPasswordMetadata(data *vaultPasswordMetadataDataRS, obj types.Object) {
+	data.Dictionary = obj.Attributes()["dictionary"].(basetypes.BoolValue)
+	data.Duplicate = obj.Attributes()["duplicate"].(basetypes.BoolValue)
+	data.Hash = obj.Attributes()["hash"].(basetypes.StringValue)
+	data.Length = obj.Attributes()["length"].(basetypes.Int64Value)
+	data.LowerCount = obj.Attributes()["lower_count"].(basetypes.Int64Value)
+	data.NumberCount = obj.Attributes()["number_count"].(basetypes.Int64Value)
+	data.SpecialCount = obj.Attributes()["special_count"].(basetypes.Int64Value)
+	data.Strength = obj.Attributes()["strength"].(basetypes.Int64Value)
+	data.UpperCount = obj.Attributes()["upper_count"].(basetypes.Int64Value)
+}
+
+func fillDataStructFromTFObjectRSVaultVault(data *vaultVaultDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.AccessAvailable = obj.Attributes()["access_available"].(basetypes.BoolValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.Records = obj.Attributes()["records"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSVaultVaultHolder(data *vaultVaultHolderDataRS, obj types.Object) {
+}
+
+func fillDataStructFromTFObjectRSVaultVaultRecord(data *vaultVaultRecordDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Color = obj.Attributes()["color"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.ShareEndTime = obj.Attributes()["share_end_time"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.DeleteTile = obj.Attributes()["delete_tile"].(basetypes.BoolValue)
+	data.ParentUUID = obj.Attributes()["parent_uuid"].(basetypes.StringValue)
+	data.PasswordMetadata = obj.Attributes()["password_metadata"].(basetypes.ObjectValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+	data.ShareSummary = obj.Attributes()["share_summary"].(basetypes.ObjectValue)
+	data.Shares = obj.Attributes()["shares"].(basetypes.ListValue)
+	data.Tile = obj.Attributes()["tile"].(basetypes.ObjectValue)
+	data.Vaultholder = obj.Attributes()["vaultholder"].(basetypes.ObjectValue)
+	data.Derived = obj.Attributes()["derived"].(basetypes.BoolValue)
+	data.EndDate = obj.Attributes()["end_date"].(basetypes.StringValue)
+	data.Filename = obj.Attributes()["filename"].(basetypes.StringValue)
+	data.Types = obj.Attributes()["types"].(basetypes.ListValue)
+	data.URL = obj.Attributes()["url"].(basetypes.StringValue)
+	data.Username = obj.Attributes()["username"].(basetypes.StringValue)
+	data.WarningPeriod = obj.Attributes()["warning_period"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSVaultVaultRecordPrimer(data *vaultVaultRecordPrimerDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.Color = obj.Attributes()["color"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.ShareEndTime = obj.Attributes()["share_end_time"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSVaultVaultRecordPrimerLinkableWrapper(data *vaultVaultRecordPrimerLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSVaultVaultRecordSecrets(data *vaultVaultRecordSecretsDataRS, obj types.Object) {
+	data.Comment = obj.Attributes()["comment"].(basetypes.StringValue)
+	data.File = obj.Attributes()["file"].(basetypes.StringValue)
+	data.Password = obj.Attributes()["password"].(basetypes.StringValue)
+	data.Totp = obj.Attributes()["totp"].(basetypes.StringValue)
+	data.WriteTotp = obj.Attributes()["write_totp"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectRSVaultVaultRecordShare(data *vaultVaultRecordShareDataRS, obj types.Object) {
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.VaultVaultRecordShareType = obj.Attributes()["type"].(basetypes.StringValue)
+}
+
+func fillDataStructFromTFObjectRSVaultVaultRecordShareSummary(data *vaultVaultRecordShareSummaryDataRS, obj types.Object) {
+	data.Children = obj.Attributes()["children"].(basetypes.ListValue)
+	data.Parent = obj.Attributes()["parent"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSVaultVaultRecord_additionalObjects(data *vaultVaultRecord_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.DeleteTile = obj.Attributes()["delete_tile"].(basetypes.BoolValue)
+	data.ParentUUID = obj.Attributes()["parent_uuid"].(basetypes.StringValue)
+	data.PasswordMetadata = obj.Attributes()["password_metadata"].(basetypes.ObjectValue)
+	data.Secret = obj.Attributes()["secret"].(basetypes.ObjectValue)
+	data.ShareSummary = obj.Attributes()["share_summary"].(basetypes.ObjectValue)
+	data.Shares = obj.Attributes()["shares"].(basetypes.ListValue)
+	data.Tile = obj.Attributes()["tile"].(basetypes.ObjectValue)
+	data.Vaultholder = obj.Attributes()["vaultholder"].(basetypes.ObjectValue)
+}
+
+func fillDataStructFromTFObjectRSWebhookWebhook(data *webhookWebhookDataRS, obj types.Object) {
+	data.Links = obj.Attributes()["links"].(basetypes.ListValue)
+	data.Permissions = obj.Attributes()["permissions"].(basetypes.ListValue)
+	data.AccountUUID = obj.Attributes()["account_uuid"].(basetypes.StringValue)
+	data.Active = obj.Attributes()["active"].(basetypes.BoolValue)
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+	data.AllTypes = obj.Attributes()["all_types"].(basetypes.BoolValue)
+	data.AuthenticationScheme = obj.Attributes()["authentication_scheme"].(basetypes.StringValue)
+	data.BasicAuthPassword = obj.Attributes()["basic_auth_password"].(basetypes.StringValue)
+	data.BasicAuthUsername = obj.Attributes()["basic_auth_username"].(basetypes.StringValue)
+	data.BearerToken = obj.Attributes()["bearer_token"].(basetypes.StringValue)
+	data.ClientUUID = obj.Attributes()["client_uuid"].(basetypes.StringValue)
+	data.ClientCertificateUUID = obj.Attributes()["client_certificate_uuid"].(basetypes.StringValue)
+	data.CustomHeaderName = obj.Attributes()["custom_header_name"].(basetypes.StringValue)
+	data.CustomHeaderValue = obj.Attributes()["custom_header_value"].(basetypes.StringValue)
+	data.DirectoryUUID = obj.Attributes()["directory_uuid"].(basetypes.StringValue)
+	data.GroupUUID = obj.Attributes()["group_uuid"].(basetypes.StringValue)
+	data.Name = obj.Attributes()["name"].(basetypes.StringValue)
+	data.SystemUUID = obj.Attributes()["system_uuid"].(basetypes.StringValue)
+	data.TLS = obj.Attributes()["tls"].(basetypes.StringValue)
+	data.TrustedCertificateUUID = obj.Attributes()["trusted_certificate_uuid"].(basetypes.StringValue)
+	data.Types = obj.Attributes()["types"].(basetypes.ListValue)
+	data.URL = obj.Attributes()["url"].(basetypes.StringValue)
+	data.UUID = obj.Attributes()["uuid"].(basetypes.StringValue)
+	data.VerbosePayloads = obj.Attributes()["verbose_payloads"].(basetypes.BoolValue)
+}
+
+func fillDataStructFromTFObjectRSWebhookWebhookLinkableWrapper(data *webhookWebhookLinkableWrapperDataRS, obj types.Object) {
+	data.Items = obj.Attributes()["items"].(basetypes.ListValue)
+}
+
+func fillDataStructFromTFObjectRSWebhookWebhook_additionalObjects(data *webhookWebhook_additionalObjectsDataRS, obj types.Object) {
+	data.Audit = obj.Attributes()["audit"].(basetypes.ObjectValue)
+}
diff --git a/internal/provider/full-tf-to-tkh-ds.go b/internal/provider/full-tf-to-tkh-ds.go
new file mode 100644
index 0000000..9cd01a9
--- /dev/null
+++ b/internal/provider/full-tf-to-tkh-ds.go
@@ -0,0 +1,4216 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"context"
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/microsoft/kiota-abstractions-go/serialization"
+	keyhubmodel "github.com/topicuskeyhub/sdk-go/models"
+)
+
+func tfObjectToTKHDSAuditInfo(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.AuditInfoable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.AuditInfoable
+	tkh = keyhubmodel.NewAuditInfo()
+	{
+		val, d := tfToTimePointer(objAttrs["created_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetCreatedAt(val)
+	}
+	tkh.SetCreatedBy(objAttrs["created_by"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["last_modified_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetLastModifiedAt(val)
+	}
+	tkh.SetLastModifiedBy(objAttrs["last_modified_by"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGeneratedSecret(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GeneratedSecretable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GeneratedSecretable
+	tkh = keyhubmodel.NewGeneratedSecret()
+	tkh.SetGeneratedSecret(objAttrs["generated_secret"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetOldSecret(objAttrs["old_secret"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetRegenerate(objAttrs["regenerate"].(basetypes.BoolValue).ValueBoolPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSLinkable(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.Linkableable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.Linkableable
+	tkh = keyhubmodel.NewLinkable()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSNonLinkable(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.NonLinkableable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	var tkh keyhubmodel.NonLinkableable
+	tkh = keyhubmodel.NewNonLinkable()
+	return tkh, diags
+}
+
+func tfObjectToTKHDSRestLink(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.RestLinkable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.RestLinkable
+	tkh = keyhubmodel.NewRestLink()
+	tkh.SetHref(objAttrs["href"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetId(objAttrs["id"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetRel(objAttrs["rel"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetTypeEscaped(objAttrs["type_escaped"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSAuthAccount(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.AuthAccountable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.AuthAccountable
+	tkh = keyhubmodel.NewAuthAccount()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["last_active"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetLastActive(val)
+	}
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["validity"].(basetypes.StringValue), keyhubmodel.ParseAuthAccountValidity, func(val any) keyhubmodel.AuthAccountValidity { return *val.(*keyhubmodel.AuthAccountValidity) })
+		diags.Append(d...)
+		tkh.SetValidity(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["account_permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, false, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetAccountPermissions(val)
+	}
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetCanRequestGroups(objAttrs["can_request_groups"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHDSDirectoryAccountDirectoryPrimer(ctx, false, objAttrs["directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetDirectory(val)
+	}
+	tkh.SetDirectoryName(objAttrs["directory_name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDirectoryPasswordChangeRequired(objAttrs["directory_password_change_required"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["directory_rotating_password"].(basetypes.StringValue), keyhubmodel.ParseDirectoryDirectoryRotatingPassword, func(val any) keyhubmodel.DirectoryDirectoryRotatingPassword {
+			return *val.(*keyhubmodel.DirectoryDirectoryRotatingPassword)
+		})
+		diags.Append(d...)
+		tkh.SetDirectoryRotatingPassword(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["directory_type"].(basetypes.StringValue), keyhubmodel.ParseDirectoryAccountDirectoryType, func(val any) keyhubmodel.DirectoryAccountDirectoryType {
+			return *val.(*keyhubmodel.DirectoryAccountDirectoryType)
+		})
+		diags.Append(d...)
+		tkh.SetDirectoryType(val)
+	}
+	tkh.SetEmail(objAttrs["email"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetIdInDirectory(objAttrs["id_in_directory"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetKeyHubPasswordChangeRequired(objAttrs["key_hub_password_change_required"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["last_modified_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetLastModifiedAt(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["license_role"].(basetypes.StringValue), keyhubmodel.ParseAuthAccountLicenseRole, func(val any) keyhubmodel.AuthAccountLicenseRole { return *val.(*keyhubmodel.AuthAccountLicenseRole) })
+		diags.Append(d...)
+		tkh.SetLicenseRole(val)
+	}
+	tkh.SetLocale(objAttrs["locale"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetReregistrationRequired(objAttrs["reregistration_required"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetTokenPasswordEnabled(objAttrs["token_password_enabled"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["two_factor_status"].(basetypes.StringValue), keyhubmodel.ParseAuthTwoFactorAuthenticationStatus, func(val any) keyhubmodel.AuthTwoFactorAuthenticationStatus {
+			return *val.(*keyhubmodel.AuthTwoFactorAuthenticationStatus)
+		})
+		diags.Append(d...)
+		tkh.SetTwoFactorStatus(val)
+	}
+	tkh.SetValidInDirectory(objAttrs["valid_in_directory"].(basetypes.BoolValue).ValueBoolPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSAuthAccount_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSAuthAccountPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.AuthAccountPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.AuthAccountPrimerable
+	tkh = keyhubmodel.NewAuthAccountPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["last_active"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetLastActive(val)
+	}
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["validity"].(basetypes.StringValue), keyhubmodel.ParseAuthAccountValidity, func(val any) keyhubmodel.AuthAccountValidity { return *val.(*keyhubmodel.AuthAccountValidity) })
+		diags.Append(d...)
+		tkh.SetValidity(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSAuthAccountRecoveryStatus(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.AuthAccountRecoveryStatusable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.AuthAccountRecoveryStatusable
+	tkh = keyhubmodel.NewAuthAccountRecoveryStatus()
+	tkh.SetPending2FARecoveryRequest(objAttrs["pending2fa_recovery_request"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetPendingPasswordRecoveryRequest(objAttrs["pending_password_recovery_request"].(basetypes.BoolValue).ValueBoolPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSAuthAccountSettings(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.AuthAccountSettingsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.AuthAccountSettingsable
+	tkh = keyhubmodel.NewAuthAccountSettings()
+	{
+		val, d := tfObjectToTKHDSOrganizationOrganizationalUnitPrimer(ctx, recurse, objAttrs["default_organizational_unit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetDefaultOrganizationalUnit(val)
+	}
+	tkh.SetDirectoryName(objAttrs["directory_name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["directory_type"].(basetypes.StringValue), keyhubmodel.ParseDirectoryAccountDirectoryType, func(val any) keyhubmodel.DirectoryAccountDirectoryType {
+			return *val.(*keyhubmodel.DirectoryAccountDirectoryType)
+		})
+		diags.Append(d...)
+		tkh.SetDirectoryType(val)
+	}
+	tkh.SetInGroups(objAttrs["in_groups"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetInMultipleOrganizationalUnits(objAttrs["in_multiple_organizational_units"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetKeyHubAdmin(objAttrs["key_hub_admin"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetMultipleOrganizationalUnitsExist(objAttrs["multiple_organizational_units_exist"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["password_mode"].(basetypes.StringValue), keyhubmodel.ParseAuthPasswordMode, func(val any) keyhubmodel.AuthPasswordMode { return *val.(*keyhubmodel.AuthPasswordMode) })
+		diags.Append(d...)
+		tkh.SetPasswordMode(val)
+	}
+	tkh.SetSshPublicKey(objAttrs["ssh_public_key"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["two_factor_authentication"].(basetypes.StringValue), keyhubmodel.ParseAuthTwoFactorAuthenticationStatus, func(val any) keyhubmodel.AuthTwoFactorAuthenticationStatus {
+			return *val.(*keyhubmodel.AuthTwoFactorAuthenticationStatus)
+		})
+		diags.Append(d...)
+		tkh.SetTwoFactorAuthentication(val)
+	}
+	tkh.SetUseTokenPassword(objAttrs["use_token_password"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["vault_status"].(basetypes.StringValue), keyhubmodel.ParseVaultAccountVaultStatus, func(val any) keyhubmodel.VaultAccountVaultStatus { return *val.(*keyhubmodel.VaultAccountVaultStatus) })
+		diags.Append(d...)
+		tkh.SetVaultStatus(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSAuthAccount_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.AuthAccount_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.AuthAccount_additionalObjectsable
+	tkh = keyhubmodel.NewAuthAccount_additionalObjects()
+	tkh.SetActiveLogin(objAttrs["active_login"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupAccountGroupLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["groups"]))
+		diags.Append(d...)
+		tkh.SetGroups(val)
+	}
+	{
+		val, d := tfObjectToTKHDSAuthAccountRecoveryStatus(ctx, recurse, objAttrs["pending_recovery_requests"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetPendingRecoveryRequests(val)
+	}
+	{
+		val, d := tfObjectToTKHDSAuthAccountSettings(ctx, recurse, objAttrs["settings"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSettings(val)
+	}
+	{
+		val, d := tfObjectToTKHDSAuthStoredAccountAttributes(ctx, recurse, objAttrs["stored_attributes"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetStoredAttributes(val)
+	}
+	{
+		val, d := tfObjectToTKHDSVaultVault(ctx, recurse, objAttrs["vault"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetVault(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSAuthPermission(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.AuthPermissionable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.AuthPermissionable
+	tkh = keyhubmodel.NewAuthPermission()
+	tkh.SetFull(objAttrs["full"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["instances"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) string {
+			return val.(basetypes.StringValue).ValueString()
+		})
+		diags.Append(d...)
+		tkh.SetInstances(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["operations"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermittedOperation {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseAuthPermittedOperation, func(val any) keyhubmodel.AuthPermittedOperation { return *val.(*keyhubmodel.AuthPermittedOperation) })
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetOperations(val)
+	}
+	tkh.SetTypeEscaped(objAttrs["type_escaped"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSAuthStoredAccountAttribute(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.AuthStoredAccountAttributeable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.AuthStoredAccountAttributeable
+	tkh = keyhubmodel.NewAuthStoredAccountAttribute()
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetValue(objAttrs["value"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSAuthStoredAccountAttributes(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.AuthStoredAccountAttributesable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.AuthStoredAccountAttributesable
+	tkh = keyhubmodel.NewAuthStoredAccountAttributes()
+	{
+		val, d := tfToSlice(objAttrs["attributes"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthStoredAccountAttributeable {
+			tkh, d := tfObjectToTKHDSAuthStoredAccountAttribute(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetAttributes(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSCertificateCertificate(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.CertificateCertificateable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.CertificateCertificateable
+	tkh = keyhubmodel.NewCertificateCertificate()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAlias(objAttrs["alias"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseCertificateCertificateType, func(val any) keyhubmodel.CertificateCertificateType {
+			return *val.(*keyhubmodel.CertificateCertificateType)
+		})
+		diags.Append(d...)
+		tkh.SetCertificateCertificatePrimerType(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["certificate_data"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) string {
+			return val.(basetypes.StringValue).ValueString()
+		})
+		diags.Append(d...)
+		tkh.SetCertificateData(val)
+	}
+	{
+		val, d := tfToTimePointer(objAttrs["expiration"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetExpiration(val)
+	}
+	tkh.SetFingerprintSha1(objAttrs["fingerprint_sha1"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetFingerprintSha256(objAttrs["fingerprint_sha256"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetGlobal(objAttrs["global"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetSubjectDN(objAttrs["subject_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["key_data"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) string {
+			return val.(basetypes.StringValue).ValueString()
+		})
+		diags.Append(d...)
+		tkh.SetKeyData(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSCertificateCertificate_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSCertificateCertificatePrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.CertificateCertificatePrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.CertificateCertificatePrimerable
+	tkh = keyhubmodel.NewCertificateCertificatePrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAlias(objAttrs["alias"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseCertificateCertificateType, func(val any) keyhubmodel.CertificateCertificateType {
+			return *val.(*keyhubmodel.CertificateCertificateType)
+		})
+		diags.Append(d...)
+		tkh.SetCertificateCertificatePrimerType(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["certificate_data"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) string {
+			return val.(basetypes.StringValue).ValueString()
+		})
+		diags.Append(d...)
+		tkh.SetCertificateData(val)
+	}
+	{
+		val, d := tfToTimePointer(objAttrs["expiration"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetExpiration(val)
+	}
+	tkh.SetFingerprintSha1(objAttrs["fingerprint_sha1"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetFingerprintSha256(objAttrs["fingerprint_sha256"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetGlobal(objAttrs["global"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetSubjectDN(objAttrs["subject_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSCertificateCertificate_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.CertificateCertificate_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.CertificateCertificate_additionalObjectsable
+	tkh = keyhubmodel.NewCertificateCertificate_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSClientClientApplication(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientClientApplicationable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientClientApplicationable
+	tkh = keyhubmodel.NewClientClientApplication()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseClientClientApplicationType, func(val any) keyhubmodel.ClientClientApplicationType {
+			return *val.(*keyhubmodel.ClientClientApplicationType)
+		})
+		diags.Append(d...)
+		tkh.SetClientClientApplicationPrimerType(val)
+	}
+	tkh.SetClientId(objAttrs["client_id"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["scopes"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) string {
+			return val.(basetypes.StringValue).ValueString()
+		})
+		diags.Append(d...)
+		tkh.SetScopes(val)
+	}
+	tkh.SetSsoApplication(objAttrs["sso_application"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["last_modified_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetLastModifiedAt(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["owner"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["technical_administrator"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetTechnicalAdministrator(val)
+	}
+	if !objAttrs["ldap_client"].IsNull() {
+		val, d := tfObjectToTKHDSClientLdapClient(ctx, false, objAttrs["ldap_client"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ClientLdapClient)).ClientClientApplication = *tkh.(*keyhubmodel.ClientClientApplication)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["o_auth2_client"].IsNull() {
+		val, d := tfObjectToTKHDSClientOAuth2Client(ctx, false, objAttrs["o_auth2_client"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ClientOAuth2Client)).ClientClientApplication = *tkh.(*keyhubmodel.ClientClientApplication)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["saml2_client"].IsNull() {
+		val, d := tfObjectToTKHDSClientSaml2Client(ctx, false, objAttrs["saml2_client"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ClientSaml2Client)).ClientClientApplication = *tkh.(*keyhubmodel.ClientClientApplication)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSClientClientApplication_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSClientClientApplicationLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientClientApplicationLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientClientApplicationLinkableWrapperable
+	tkh = keyhubmodel.NewClientClientApplicationLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ClientClientApplicationable {
+			tkh, d := tfObjectToTKHDSClientClientApplication(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSClientClientApplicationPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientClientApplicationPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientClientApplicationPrimerable
+	tkh = keyhubmodel.NewClientClientApplicationPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseClientClientApplicationType, func(val any) keyhubmodel.ClientClientApplicationType {
+			return *val.(*keyhubmodel.ClientClientApplicationType)
+		})
+		diags.Append(d...)
+		tkh.SetClientClientApplicationPrimerType(val)
+	}
+	tkh.SetClientId(objAttrs["client_id"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["scopes"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) string {
+			return val.(basetypes.StringValue).ValueString()
+		})
+		diags.Append(d...)
+		tkh.SetScopes(val)
+	}
+	tkh.SetSsoApplication(objAttrs["sso_application"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSClientClientApplication_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientClientApplication_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientClientApplication_additionalObjectsable
+	tkh = keyhubmodel.NewClientClientApplication_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupClientLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["groupclients"]))
+		diags.Append(d...)
+		tkh.SetGroupclients(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["groups"]))
+		diags.Append(d...)
+		tkh.SetGroups(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGeneratedSecret(ctx, recurse, objAttrs["secret"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSecret(val)
+	}
+	{
+		val, d := tfObjectToTKHDSLaunchpadSsoApplicationLaunchpadTile(ctx, recurse, objAttrs["tile"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetTile(val)
+	}
+	tkh.SetVaultRecordCount(int64PToInt32P(objAttrs["vault_record_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	return tkh, diags
+}
+
+func tfObjectToTKHDSClientLdapClient(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientLdapClientable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientLdapClientable
+	tkh = keyhubmodel.NewClientLdapClient()
+	tkh.SetBindDn(objAttrs["bind_dn"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSCertificateCertificatePrimer(ctx, recurse, objAttrs["client_certificate"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetClientCertificate(val)
+	}
+	tkh.SetShareSecretInVault(objAttrs["share_secret_in_vault"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHDSVaultVaultRecordPrimer(ctx, recurse, objAttrs["shared_secret"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSharedSecret(val)
+	}
+	tkh.SetUsedForProvisioning(objAttrs["used_for_provisioning"].(basetypes.BoolValue).ValueBoolPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSClientOAuth2Client(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientOAuth2Clientable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientOAuth2Clientable
+	tkh = keyhubmodel.NewClientOAuth2Client()
+	{
+		val, d := tfToSlice(objAttrs["account_permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetAccountPermissions(val)
+	}
+	{
+		val, d := tfToMap(objAttrs["attributes"].(basetypes.MapValue), func(val attr.Value, diags *diag.Diagnostics) any {
+			return val.(basetypes.StringValue).ValueString()
+		}, keyhubmodel.NewClientOAuth2Client_attributes())
+		diags.Append(d...)
+		tkh.SetAttributes(val)
+	}
+	tkh.SetCallbackURI(objAttrs["callback_uri"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetConfidential(objAttrs["confidential"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetDebugMode(objAttrs["debug_mode"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetIdTokenClaims(objAttrs["id_token_claims"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetInitiateLoginURI(objAttrs["initiate_login_uri"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetResourceURIs(objAttrs["resource_uris"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetShareSecretInVault(objAttrs["share_secret_in_vault"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHDSVaultVaultRecordPrimer(ctx, recurse, objAttrs["shared_secret"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSharedSecret(val)
+	}
+	tkh.SetShowLandingPage(objAttrs["show_landing_page"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetUseClientCredentials(objAttrs["use_client_credentials"].(basetypes.BoolValue).ValueBoolPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSClientOAuth2ClientPermission(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientOAuth2ClientPermissionable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientOAuth2ClientPermissionable
+	tkh = keyhubmodel.NewClientOAuth2ClientPermission()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["for_group"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetForGroup(val)
+	}
+	{
+		val, d := tfObjectToTKHDSProvisioningProvisionedSystemPrimer(ctx, false, objAttrs["for_system"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetForSystem(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["value"].(basetypes.StringValue), keyhubmodel.ParseClientOAuth2ClientPermissionType, func(val any) keyhubmodel.ClientOAuth2ClientPermissionType {
+			return *val.(*keyhubmodel.ClientOAuth2ClientPermissionType)
+		})
+		diags.Append(d...)
+		tkh.SetValue(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSClientOAuth2ClientPermission_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSClientOAuth2ClientPermissionWithClient(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientOAuth2ClientPermissionWithClientable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientOAuth2ClientPermissionWithClientable
+	tkh = keyhubmodel.NewClientOAuth2ClientPermissionWithClient()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["for_group"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetForGroup(val)
+	}
+	{
+		val, d := tfObjectToTKHDSProvisioningProvisionedSystemPrimer(ctx, false, objAttrs["for_system"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetForSystem(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["value"].(basetypes.StringValue), keyhubmodel.ParseClientOAuth2ClientPermissionType, func(val any) keyhubmodel.ClientOAuth2ClientPermissionType {
+			return *val.(*keyhubmodel.ClientOAuth2ClientPermissionType)
+		})
+		diags.Append(d...)
+		tkh.SetValue(val)
+	}
+	{
+		val, d := tfObjectToTKHDSClientOAuth2Client(ctx, false, objAttrs["client"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetClient(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSClientOAuth2ClientPermission_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSClientOAuth2ClientPermissionWithClientLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientOAuth2ClientPermissionWithClientLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientOAuth2ClientPermissionWithClientLinkableWrapperable
+	tkh = keyhubmodel.NewClientOAuth2ClientPermissionWithClientLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ClientOAuth2ClientPermissionWithClientable {
+			tkh, d := tfObjectToTKHDSClientOAuth2ClientPermissionWithClient(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSClientOAuth2ClientPermission_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientOAuth2ClientPermission_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientOAuth2ClientPermission_additionalObjectsable
+	tkh = keyhubmodel.NewClientOAuth2ClientPermission_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSClientSaml2Client(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientSaml2Clientable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientSaml2Clientable
+	tkh = keyhubmodel.NewClientSaml2Client()
+	{
+		val, d := tfToMap(objAttrs["attributes"].(basetypes.MapValue), func(val attr.Value, diags *diag.Diagnostics) any {
+			return val.(basetypes.StringValue).ValueString()
+		}, keyhubmodel.NewClientSaml2Client_attributes())
+		diags.Append(d...)
+		tkh.SetAttributes(val)
+	}
+	tkh.SetMetadata(objAttrs["metadata"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetMetadataUrl(objAttrs["metadata_url"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["subject_format"].(basetypes.StringValue), keyhubmodel.ParseClientSubjectFormat, func(val any) keyhubmodel.ClientSubjectFormat { return *val.(*keyhubmodel.ClientSubjectFormat) })
+		diags.Append(d...)
+		tkh.SetSubjectFormat(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSDirectoryAccountDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectoryable
+	tkh = keyhubmodel.NewDirectoryAccountDirectory()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAccountValiditySupported(objAttrs["account_validity_supported"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseDirectoryAccountDirectoryType, func(val any) keyhubmodel.DirectoryAccountDirectoryType {
+			return *val.(*keyhubmodel.DirectoryAccountDirectoryType)
+		})
+		diags.Append(d...)
+		tkh.SetDirectoryAccountDirectoryPrimerType(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSOrganizationOrganizationalUnitPrimer(ctx, false, objAttrs["base_organizational_unit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetBaseOrganizationalUnit(val)
+	}
+	tkh.SetDefaultDirectory(objAttrs["default_directory"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["helpdesk_group"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetHelpdeskGroup(val)
+	}
+	tkh.SetRestrict2fa(objAttrs["restrict2fa"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["rotating_password"].(basetypes.StringValue), keyhubmodel.ParseDirectoryDirectoryRotatingPassword, func(val any) keyhubmodel.DirectoryDirectoryRotatingPassword {
+			return *val.(*keyhubmodel.DirectoryDirectoryRotatingPassword)
+		})
+		diags.Append(d...)
+		tkh.SetRotatingPassword(val)
+	}
+	tkh.SetUsernameCustomizable(objAttrs["username_customizable"].(basetypes.BoolValue).ValueBoolPointer())
+	if !objAttrs["internal_directory"].IsNull() {
+		val, d := tfObjectToTKHDSDirectoryInternalDirectory(ctx, false, objAttrs["internal_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.DirectoryInternalDirectory)).DirectoryAccountDirectory = *tkh.(*keyhubmodel.DirectoryAccountDirectory)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["l_d_a_p_directory"].IsNull() {
+		val, d := tfObjectToTKHDSDirectoryLDAPDirectory(ctx, false, objAttrs["l_d_a_p_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.DirectoryLDAPDirectory)).DirectoryAccountDirectory = *tkh.(*keyhubmodel.DirectoryAccountDirectory)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["maintenance_directory"].IsNull() {
+		val, d := tfObjectToTKHDSDirectoryMaintenanceDirectory(ctx, false, objAttrs["maintenance_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.DirectoryMaintenanceDirectory)).DirectoryAccountDirectory = *tkh.(*keyhubmodel.DirectoryAccountDirectory)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["o_id_c_directory"].IsNull() {
+		val, d := tfObjectToTKHDSDirectoryOIDCDirectory(ctx, false, objAttrs["o_id_c_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.DirectoryOIDCDirectory)).DirectoryAccountDirectory = *tkh.(*keyhubmodel.DirectoryAccountDirectory)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSDirectoryAccountDirectory_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSDirectoryAccountDirectoryLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectoryLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectoryLinkableWrapperable
+	tkh = keyhubmodel.NewDirectoryAccountDirectoryLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.DirectoryAccountDirectoryable {
+			tkh, d := tfObjectToTKHDSDirectoryAccountDirectory(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSDirectoryAccountDirectoryPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectoryPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectoryPrimerable
+	tkh = keyhubmodel.NewDirectoryAccountDirectoryPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAccountValiditySupported(objAttrs["account_validity_supported"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseDirectoryAccountDirectoryType, func(val any) keyhubmodel.DirectoryAccountDirectoryType {
+			return *val.(*keyhubmodel.DirectoryAccountDirectoryType)
+		})
+		diags.Append(d...)
+		tkh.SetDirectoryAccountDirectoryPrimerType(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSDirectoryAccountDirectoryStatusReport(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectoryStatusReportable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectoryStatusReportable
+	tkh = keyhubmodel.NewDirectoryAccountDirectoryStatusReport()
+	tkh.SetAccounts(objAttrs["accounts"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetReason(objAttrs["reason"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["status"].(basetypes.StringValue), keyhubmodel.ParseDirectoryAccountDirectoryStatus, func(val any) keyhubmodel.DirectoryAccountDirectoryStatus {
+			return *val.(*keyhubmodel.DirectoryAccountDirectoryStatus)
+		})
+		diags.Append(d...)
+		tkh.SetStatus(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSDirectoryAccountDirectorySummary(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectorySummaryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectorySummaryable
+	tkh = keyhubmodel.NewDirectoryAccountDirectorySummary()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseDirectoryAccountDirectoryType, func(val any) keyhubmodel.DirectoryAccountDirectoryType {
+			return *val.(*keyhubmodel.DirectoryAccountDirectoryType)
+		})
+		diags.Append(d...)
+		tkh.SetDirectoryAccountDirectorySummaryType(val)
+	}
+	tkh.SetDomainRestriction(objAttrs["domain_restriction"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetFullyResolvedIssuer(objAttrs["fully_resolved_issuer"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSDirectoryAccountDirectoryStatusReport(ctx, recurse, objAttrs["status"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetStatus(val)
+	}
+	tkh.SetUsernameCustomizable(objAttrs["username_customizable"].(basetypes.BoolValue).ValueBoolPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSDirectoryAccountDirectorySummaryLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectorySummaryLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectorySummaryLinkableWrapperable
+	tkh = keyhubmodel.NewDirectoryAccountDirectorySummaryLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.DirectoryAccountDirectorySummaryable {
+			tkh, d := tfObjectToTKHDSDirectoryAccountDirectorySummary(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSDirectoryAccountDirectory_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectory_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectory_additionalObjectsable
+	tkh = keyhubmodel.NewDirectoryAccountDirectory_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHDSMarkItemMarkers(ctx, recurse, objAttrs["markers"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetMarkers(val)
+	}
+	{
+		val, d := tfObjectToTKHDSDirectoryAccountDirectoryStatusReport(ctx, recurse, objAttrs["status"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetStatus(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSDirectoryInternalDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryInternalDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryInternalDirectoryable
+	tkh = keyhubmodel.NewDirectoryInternalDirectory()
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, recurse, objAttrs["owner"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSDirectoryLDAPDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryLDAPDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryLDAPDirectoryable
+	tkh = keyhubmodel.NewDirectoryLDAPDirectory()
+	tkh.SetAttributesToStore(objAttrs["attributes_to_store"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetBaseDN(objAttrs["base_dn"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSCertificateCertificatePrimer(ctx, recurse, objAttrs["client_certificate"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetClientCertificate(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["dialect"].(basetypes.StringValue), keyhubmodel.ParseDirectoryLDAPDialect, func(val any) keyhubmodel.DirectoryLDAPDialect { return *val.(*keyhubmodel.DirectoryLDAPDialect) })
+		diags.Append(d...)
+		tkh.SetDialect(val)
+	}
+	tkh.SetFailoverHost(objAttrs["failover_host"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSCertificateCertificatePrimer(ctx, recurse, objAttrs["failover_trusted_certificate"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetFailoverTrustedCertificate(val)
+	}
+	tkh.SetHost(objAttrs["host"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["password_recovery"].(basetypes.StringValue), keyhubmodel.ParseDirectoryLDAPDirectoryPasswordRecovery, func(val any) keyhubmodel.DirectoryLDAPDirectoryPasswordRecovery {
+			return *val.(*keyhubmodel.DirectoryLDAPDirectoryPasswordRecovery)
+		})
+		diags.Append(d...)
+		tkh.SetPasswordRecovery(val)
+	}
+	tkh.SetPort(int64PToInt32P(objAttrs["port"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetSearchBindDN(objAttrs["search_bind_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetSearchBindPassword(objAttrs["search_bind_password"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetSearchFilter(objAttrs["search_filter"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["tls"].(basetypes.StringValue), keyhubmodel.ParseTLSLevel, func(val any) keyhubmodel.TLSLevel { return *val.(*keyhubmodel.TLSLevel) })
+		diags.Append(d...)
+		tkh.SetTls(val)
+	}
+	{
+		val, d := tfObjectToTKHDSCertificateCertificatePrimer(ctx, recurse, objAttrs["trusted_certificate"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetTrustedCertificate(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSDirectoryMaintenanceDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryMaintenanceDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	var tkh keyhubmodel.DirectoryMaintenanceDirectoryable
+	tkh = keyhubmodel.NewDirectoryMaintenanceDirectory()
+	return tkh, diags
+}
+
+func tfObjectToTKHDSDirectoryOIDCDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryOIDCDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryOIDCDirectoryable
+	tkh = keyhubmodel.NewDirectoryOIDCDirectory()
+	tkh.SetAcrValues(objAttrs["acr_values"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetAttributesToStore(objAttrs["attributes_to_store"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetClientId(objAttrs["client_id"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetClientSecret(objAttrs["client_secret"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDomainRestriction(objAttrs["domain_restriction"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetEnforces2fa(objAttrs["enforces2fa"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetFullyResolvedIssuer(objAttrs["fully_resolved_issuer"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetIssuer(objAttrs["issuer"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetLogoutUrl(objAttrs["logout_url"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetSendLoginHint(objAttrs["send_login_hint"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["vendor_escaped"].(basetypes.StringValue), keyhubmodel.ParseDirectoryOIDCVendor, func(val any) keyhubmodel.DirectoryOIDCVendor { return *val.(*keyhubmodel.DirectoryOIDCVendor) })
+		diags.Append(d...)
+		tkh.SetVendorEscaped(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupAccountGroup(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupAccountGroupable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupAccountGroupable
+	tkh = keyhubmodel.NewGroupAccountGroup()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAdmin(objAttrs["admin"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parsePointer2(objAttrs["end_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetEndDate(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupFolder(ctx, false, objAttrs["folder"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetFolder(val)
+	}
+	{
+		val, d := parsePointer2(objAttrs["last_used"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetLastUsed(val)
+	}
+	{
+		val, d := tfToTimePointer(objAttrs["provisioning_end_time"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetProvisioningEndTime(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["rights"].(basetypes.StringValue), keyhubmodel.ParseGroupGroupRights, func(val any) keyhubmodel.GroupGroupRights { return *val.(*keyhubmodel.GroupGroupRights) })
+		diags.Append(d...)
+		tkh.SetRights(val)
+	}
+	tkh.SetVisibleForProvisioning(objAttrs["visible_for_provisioning"].(basetypes.BoolValue).ValueBoolPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSGroupAccountGroup_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupAccountGroupLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupAccountGroupLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupAccountGroupLinkableWrapperable
+	tkh = keyhubmodel.NewGroupAccountGroupLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupAccountGroupable {
+			tkh, d := tfObjectToTKHDSGroupAccountGroup(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupAccountGroup_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupAccountGroup_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupAccountGroup_additionalObjectsable
+	tkh = keyhubmodel.NewGroupAccountGroup_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHDSVaultVault(ctx, recurse, objAttrs["vault"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetVault(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupAuthorizedGroupsWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupAuthorizedGroupsWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupAuthorizedGroupsWrapperable
+	tkh = keyhubmodel.NewGroupAuthorizedGroupsWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupable {
+			tkh, d := tfObjectToTKHDSGroupGroup(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	tkh.SetGroupCount(objAttrs["group_count"].(basetypes.Int64Value).ValueInt64Pointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroup(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupable
+	tkh = keyhubmodel.NewGroupGroup()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAdmin(objAttrs["admin"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetApplicationAdministration(objAttrs["application_administration"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHDSGroupGroupAuditConfig(ctx, false, objAttrs["audit_config"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAuditConfig(val)
+	}
+	tkh.SetAuditRequested(objAttrs["audit_requested"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetAuditor(objAttrs["auditor"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["authorizing_group_auditing"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAuthorizingGroupAuditing(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["authorizing_group_delegation"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAuthorizingGroupDelegation(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["authorizing_group_membership"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAuthorizingGroupMembership(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["authorizing_group_provisioning"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAuthorizingGroupProvisioning(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["authorizing_group_types"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RequestAuthorizingGroupType {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseRequestAuthorizingGroupType, func(val any) keyhubmodel.RequestAuthorizingGroupType {
+				return *val.(*keyhubmodel.RequestAuthorizingGroupType)
+			})
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetAuthorizingGroupTypes(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupClassificationPrimer(ctx, false, objAttrs["classification"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetClassification(val)
+	}
+	tkh.SetDescription(objAttrs["description"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["extended_access"].(basetypes.StringValue), keyhubmodel.ParseGroupGroupExtendedAccess, func(val any) keyhubmodel.GroupGroupExtendedAccess {
+			return *val.(*keyhubmodel.GroupGroupExtendedAccess)
+		})
+		diags.Append(d...)
+		tkh.SetExtendedAccess(val)
+	}
+	tkh.SetHideAuditTrail(objAttrs["hide_audit_trail"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["nested_under"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetNestedUnder(val)
+	}
+	{
+		val, d := tfObjectToTKHDSOrganizationOrganizationalUnitPrimer(ctx, false, objAttrs["organizational_unit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetOrganizationalUnit(val)
+	}
+	tkh.SetPrivateGroup(objAttrs["private_group"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetRecordTrail(objAttrs["record_trail"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetRotatingPasswordRequired(objAttrs["rotating_password_required"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetSingleManaged(objAttrs["single_managed"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["vault_recovery"].(basetypes.StringValue), keyhubmodel.ParseGroupVaultRecoveryAvailability, func(val any) keyhubmodel.GroupVaultRecoveryAvailability {
+			return *val.(*keyhubmodel.GroupVaultRecoveryAvailability)
+		})
+		diags.Append(d...)
+		tkh.SetVaultRecovery(val)
+	}
+	tkh.SetVaultRequiresActivation(objAttrs["vault_requires_activation"].(basetypes.BoolValue).ValueBoolPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSGroupGroup_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupAccount(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAccountable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAccountable
+	tkh = keyhubmodel.NewGroupGroupAccount()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["last_active"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetLastActive(val)
+	}
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["validity"].(basetypes.StringValue), keyhubmodel.ParseAuthAccountValidity, func(val any) keyhubmodel.AuthAccountValidity { return *val.(*keyhubmodel.AuthAccountValidity) })
+		diags.Append(d...)
+		tkh.SetValidity(val)
+	}
+	{
+		val, d := tfObjectToTKHDSDirectoryAccountDirectoryPrimer(ctx, false, objAttrs["directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetDirectory(val)
+	}
+	tkh.SetDisconnectedNested(objAttrs["disconnected_nested"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parsePointer2(objAttrs["end_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetEndDate(val)
+	}
+	{
+		val, d := parsePointer2(objAttrs["last_used"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetLastUsed(val)
+	}
+	tkh.SetNested(objAttrs["nested"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["provisioning_end_time"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetProvisioningEndTime(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["rights"].(basetypes.StringValue), keyhubmodel.ParseGroupGroupRights, func(val any) keyhubmodel.GroupGroupRights { return *val.(*keyhubmodel.GroupGroupRights) })
+		diags.Append(d...)
+		tkh.SetRights(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["two_factor_status"].(basetypes.StringValue), keyhubmodel.ParseAuthTwoFactorAuthenticationStatus, func(val any) keyhubmodel.AuthTwoFactorAuthenticationStatus {
+			return *val.(*keyhubmodel.AuthTwoFactorAuthenticationStatus)
+		})
+		diags.Append(d...)
+		tkh.SetTwoFactorStatus(val)
+	}
+	tkh.SetVisibleForProvisioning(objAttrs["visible_for_provisioning"].(basetypes.BoolValue).ValueBoolPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSGroupGroupAccount_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupAccountLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAccountLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAccountLinkableWrapperable
+	tkh = keyhubmodel.NewGroupGroupAccountLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupAccountable {
+			tkh, d := tfObjectToTKHDSGroupGroupAccount(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupAccount_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAccount_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAccount_additionalObjectsable
+	tkh = keyhubmodel.NewGroupGroupAccount_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupAudit(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAuditable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAuditable
+	tkh = keyhubmodel.NewGroupGroupAudit()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["accounts"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupAuditAccountable {
+			tkh, d := tfObjectToTKHDSGroupGroupAuditAccount(ctx, false, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetAccounts(val)
+	}
+	tkh.SetComment(objAttrs["comment"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["created_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetCreatedAt(val)
+	}
+	tkh.SetCreatedBy(objAttrs["created_by"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetGroupName(objAttrs["group_name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetNameOnAudit(objAttrs["name_on_audit"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["reviewed_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetReviewedAt(val)
+	}
+	tkh.SetReviewedBy(objAttrs["reviewed_by"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["status"].(basetypes.StringValue), keyhubmodel.ParseGroupGroupAuditStatus, func(val any) keyhubmodel.GroupGroupAuditStatus { return *val.(*keyhubmodel.GroupGroupAuditStatus) })
+		diags.Append(d...)
+		tkh.SetStatus(val)
+	}
+	{
+		val, d := tfToTimePointer(objAttrs["submitted_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetSubmittedAt(val)
+	}
+	tkh.SetSubmittedBy(objAttrs["submitted_by"].(basetypes.StringValue).ValueStringPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSGroupGroupAudit_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupAuditAccount(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAuditAccountable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAuditAccountable
+	tkh = keyhubmodel.NewGroupGroupAuditAccount()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAccountUuid(objAttrs["account_uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetAccountValid(objAttrs["account_valid"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["action"].(basetypes.StringValue), keyhubmodel.ParseAuditAuditAccountAction, func(val any) keyhubmodel.AuditAuditAccountAction { return *val.(*keyhubmodel.AuditAuditAccountAction) })
+		diags.Append(d...)
+		tkh.SetAction(val)
+	}
+	tkh.SetComment(objAttrs["comment"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDisconnectedNested(objAttrs["disconnected_nested"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parsePointer2(objAttrs["end_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetEndDate(val)
+	}
+	{
+		val, d := tfToTimePointer(objAttrs["last_active"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetLastActive(val)
+	}
+	{
+		val, d := parsePointer2(objAttrs["last_used"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetLastUsed(val)
+	}
+	tkh.SetNested(objAttrs["nested"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["rights"].(basetypes.StringValue), keyhubmodel.ParseGroupGroupRights, func(val any) keyhubmodel.GroupGroupRights { return *val.(*keyhubmodel.GroupGroupRights) })
+		diags.Append(d...)
+		tkh.SetRights(val)
+	}
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupAuditConfig(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAuditConfigable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAuditConfigable
+	tkh = keyhubmodel.NewGroupGroupAuditConfig()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["months"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.Month {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseMonth, func(val any) keyhubmodel.Month { return *val.(*keyhubmodel.Month) })
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetMonths(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupAuditLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAuditLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAuditLinkableWrapperable
+	tkh = keyhubmodel.NewGroupGroupAuditLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupAuditable {
+			tkh, d := tfObjectToTKHDSGroupGroupAudit(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupAudit_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAudit_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAudit_additionalObjectsable
+	tkh = keyhubmodel.NewGroupGroupAudit_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupAuditingInfo(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAuditingInfoable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAuditingInfoable
+	tkh = keyhubmodel.NewGroupGroupAuditingInfo()
+	{
+		val, d := parsePointer2(objAttrs["audit_due_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetAuditDueDate(val)
+	}
+	{
+		val, d := parsePointer2(objAttrs["last_audit_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetLastAuditDate(val)
+	}
+	tkh.SetNrAccounts(objAttrs["nr_accounts"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNrDisabledAccounts(objAttrs["nr_disabled_accounts"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNrDisabledManagers(objAttrs["nr_disabled_managers"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNrExpiredVaultRecords(objAttrs["nr_expired_vault_records"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNrManagers(objAttrs["nr_managers"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNrVaultRecordsWithEndDate(objAttrs["nr_vault_records_with_end_date"].(basetypes.Int64Value).ValueInt64Pointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupClassification(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupClassificationable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupClassificationable
+	tkh = keyhubmodel.NewGroupGroupClassification()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetAuthorizingGroupAuditingRequired(objAttrs["authorizing_group_auditing_required"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetAuthorizingGroupDelegationRequired(objAttrs["authorizing_group_delegation_required"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetAuthorizingGroupMembershipRequired(objAttrs["authorizing_group_membership_required"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetAuthorizingGroupProvisioningRequired(objAttrs["authorizing_group_provisioning_required"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetDefaultClassification(objAttrs["default_classification"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetDescription(objAttrs["description"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetMaximumAuditInterval(int64PToInt32P(objAttrs["maximum_audit_interval"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetMinimumNrManagers(int64PToInt32P(objAttrs["minimum_nr_managers"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetRecordTrailRequired(objAttrs["record_trail_required"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfToSlice(objAttrs["required_months"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.Month {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseMonth, func(val any) keyhubmodel.Month { return *val.(*keyhubmodel.Month) })
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetRequiredMonths(val)
+	}
+	tkh.SetRotatingPasswordRequired(objAttrs["rotating_password_required"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetVaultRequiresActivation(objAttrs["vault_requires_activation"].(basetypes.BoolValue).ValueBoolPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSGroupGroupClassification_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupClassificationInfo(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupClassificationInfoable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupClassificationInfoable
+	tkh = keyhubmodel.NewGroupGroupClassificationInfo()
+	tkh.SetNrGroups(int64PToInt32P(objAttrs["nr_groups"].(basetypes.Int64Value).ValueInt64Pointer()))
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupClassificationPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupClassificationPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupClassificationPrimerable
+	tkh = keyhubmodel.NewGroupGroupClassificationPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupClassification_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupClassification_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupClassification_additionalObjectsable
+	tkh = keyhubmodel.NewGroupGroupClassification_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupClassificationInfo(ctx, recurse, objAttrs["info"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetInfo(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupClient(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupClientable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupClientable
+	tkh = keyhubmodel.NewGroupGroupClient()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetActivationRequired(objAttrs["activation_required"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHDSClientClientApplicationPrimer(ctx, false, objAttrs["client"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetClient(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["group"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetGroup(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["owner"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["technical_administrator"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetTechnicalAdministrator(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSGroupGroupClient_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupClientLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupClientLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupClientLinkableWrapperable
+	tkh = keyhubmodel.NewGroupGroupClientLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupClientable {
+			tkh, d := tfObjectToTKHDSGroupGroupClient(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupClient_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupClient_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupClient_additionalObjectsable
+	tkh = keyhubmodel.NewGroupGroupClient_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupFolder(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupFolderable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupFolderable
+	tkh = keyhubmodel.NewGroupGroupFolder()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSGroupGroupFolder_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupFolder_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupFolder_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupFolder_additionalObjectsable
+	tkh = keyhubmodel.NewGroupGroupFolder_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupInfo(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupInfoable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupInfoable
+	tkh = keyhubmodel.NewGroupGroupInfo()
+	tkh.SetNrAccounts(int64PToInt32P(objAttrs["nr_accounts"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetNrAccountsWithVault(int64PToInt32P(objAttrs["nr_accounts_with_vault"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetNrAudits(int64PToInt32P(objAttrs["nr_audits"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetNrClients(int64PToInt32P(objAttrs["nr_clients"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetNrProvisionedSystems(int64PToInt32P(objAttrs["nr_provisioned_systems"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetNrVaultRecords(int64PToInt32P(objAttrs["nr_vault_records"].(basetypes.Int64Value).ValueInt64Pointer()))
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupLinkableWrapperable
+	tkh = keyhubmodel.NewGroupGroupLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupable {
+			tkh, d := tfObjectToTKHDSGroupGroup(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupPrimerable
+	tkh = keyhubmodel.NewGroupGroupPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAdmin(objAttrs["admin"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroupPrimerLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupPrimerLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupPrimerLinkableWrapperable
+	tkh = keyhubmodel.NewGroupGroupPrimerLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupPrimerable {
+			tkh, d := tfObjectToTKHDSGroupGroupPrimer(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupGroup_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroup_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroup_additionalObjectsable
+	tkh = keyhubmodel.NewGroupGroup_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSGroupGroupAccountLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["accounts"]))
+		diags.Append(d...)
+		tkh.SetAccounts(val)
+	}
+	{
+		val, d := tfObjectToTKHDSClientClientApplicationLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["administered_clients"]))
+		diags.Append(d...)
+		tkh.SetAdministeredClients(val)
+	}
+	{
+		val, d := tfObjectToTKHDSProvisioningProvisionedSystemLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["administered_systems"]))
+		diags.Append(d...)
+		tkh.SetAdministeredSystems(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupAccountLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["admins"]))
+		diags.Append(d...)
+		tkh.SetAdmins(val)
+	}
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupAuthorizedGroupsWrapper(ctx, recurse, objAttrs["authorized_groups"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAuthorizedGroups(val)
+	}
+	{
+		val, d := tfObjectToTKHDSClientOAuth2ClientPermissionWithClientLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["client_permissions"]))
+		diags.Append(d...)
+		tkh.SetClientPermissions(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupClientLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["clients"]))
+		diags.Append(d...)
+		tkh.SetClients(val)
+	}
+	{
+		val, d := tfObjectToTKHDSProvisioningProvisionedSystemLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["content_administered_systems"]))
+		diags.Append(d...)
+		tkh.SetContentAdministeredSystems(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupAuditingInfo(ctx, recurse, objAttrs["groupauditinginfo"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetGroupauditinginfo(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupInfo(ctx, recurse, objAttrs["groupinfo"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetGroupinfo(val)
+	}
+	{
+		val, d := tfObjectToTKHDSDirectoryAccountDirectorySummaryLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["helpdesk"]))
+		diags.Append(d...)
+		tkh.SetHelpdesk(val)
+	}
+	{
+		val, d := tfObjectToTKHDSMarkItemMarkers(ctx, recurse, objAttrs["markers"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetMarkers(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupAccount(ctx, recurse, objAttrs["myaccount"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetMyaccount(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupAccount(ctx, recurse, objAttrs["mydelegatedaccount"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetMydelegatedaccount(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimerLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["nested_groups"]))
+		diags.Append(d...)
+		tkh.SetNestedGroups(val)
+	}
+	{
+		val, d := tfObjectToTKHDSClientClientApplicationLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["owned_clients"]))
+		diags.Append(d...)
+		tkh.SetOwnedClients(val)
+	}
+	{
+		val, d := tfObjectToTKHDSDirectoryAccountDirectoryLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["owned_directories"]))
+		diags.Append(d...)
+		tkh.SetOwnedDirectories(val)
+	}
+	{
+		val, d := tfObjectToTKHDSProvisioningOwnedGroupOnSystemsWrapper(ctx, recurse, objAttrs["owned_groups_on_system"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetOwnedGroupsOnSystem(val)
+	}
+	{
+		val, d := tfObjectToTKHDSOrganizationOrganizationalUnitLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["owned_organizational_units"]))
+		diags.Append(d...)
+		tkh.SetOwnedOrganizationalUnits(val)
+	}
+	{
+		val, d := tfObjectToTKHDSProvisioningProvisionedSystemLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["owned_systems"]))
+		diags.Append(d...)
+		tkh.SetOwnedSystems(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupAuditLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["recent_audits"]))
+		diags.Append(d...)
+		tkh.SetRecentAudits(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["requeststatus"].(basetypes.StringValue), keyhubmodel.ParseGroupGroupRequestStatus, func(val any) keyhubmodel.GroupGroupRequestStatus { return *val.(*keyhubmodel.GroupGroupRequestStatus) })
+		diags.Append(d...)
+		tkh.SetRequeststatus(val)
+	}
+	{
+		val, d := tfObjectToTKHDSServiceaccountServiceAccountLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["service_accounts"]))
+		diags.Append(d...)
+		tkh.SetServiceAccounts(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupProvisioningGroupLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["systems"]))
+		diags.Append(d...)
+		tkh.SetSystems(val)
+	}
+	{
+		val, d := tfObjectToTKHDSVaultVault(ctx, recurse, objAttrs["vault"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetVault(val)
+	}
+	{
+		val, d := tfObjectToTKHDSWebhookWebhookLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["webhooks"]))
+		diags.Append(d...)
+		tkh.SetWebhooks(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupProvisioningGroup(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupProvisioningGroupable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupProvisioningGroupable
+	tkh = keyhubmodel.NewGroupProvisioningGroup()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetActivationRequired(objAttrs["activation_required"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["group"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetGroup(val)
+	}
+	{
+		val, d := tfObjectToTKHDSProvisioningGroupOnSystem(ctx, false, objAttrs["group_on_system"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetGroupOnSystem(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSGroupProvisioningGroup_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupProvisioningGroupLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupProvisioningGroupLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupProvisioningGroupLinkableWrapperable
+	tkh = keyhubmodel.NewGroupProvisioningGroupLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupProvisioningGroupable {
+			tkh, d := tfObjectToTKHDSGroupProvisioningGroup(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSGroupProvisioningGroup_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupProvisioningGroup_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupProvisioningGroup_additionalObjectsable
+	tkh = keyhubmodel.NewGroupProvisioningGroup_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSLaunchpadSsoApplicationLaunchpadTile(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.LaunchpadSsoApplicationLaunchpadTileable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.LaunchpadSsoApplicationLaunchpadTileable
+	tkh = keyhubmodel.NewLaunchpadSsoApplicationLaunchpadTile()
+	tkh.SetUri(objAttrs["uri"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSLaunchpadVaultRecordLaunchpadTile(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.LaunchpadVaultRecordLaunchpadTileable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	var tkh keyhubmodel.LaunchpadVaultRecordLaunchpadTileable
+	tkh = keyhubmodel.NewLaunchpadVaultRecordLaunchpadTile()
+	return tkh, diags
+}
+
+func tfObjectToTKHDSMarkItemMarker(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.MarkItemMarkerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.MarkItemMarkerable
+	tkh = keyhubmodel.NewMarkItemMarker()
+	{
+		val, d := parseCastPointer(objAttrs["level"].(basetypes.StringValue), keyhubmodel.ParseMarkItemMarkerLevel, func(val any) keyhubmodel.MarkItemMarkerLevel { return *val.(*keyhubmodel.MarkItemMarkerLevel) })
+		diags.Append(d...)
+		tkh.SetLevel(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseMarkItemMarkerType, func(val any) keyhubmodel.MarkItemMarkerType { return *val.(*keyhubmodel.MarkItemMarkerType) })
+		diags.Append(d...)
+		tkh.SetMarkItemMarkerType(val)
+	}
+	{
+		val, d := tfToMap(objAttrs["parameters"].(basetypes.MapValue), func(val attr.Value, diags *diag.Diagnostics) any {
+			return val.(basetypes.StringValue).ValueString()
+		}, keyhubmodel.NewMarkItemMarker_parameters())
+		diags.Append(d...)
+		tkh.SetParameters(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSMarkItemMarkers(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.MarkItemMarkersable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.MarkItemMarkersable
+	tkh = keyhubmodel.NewMarkItemMarkers()
+	{
+		val, d := tfToSlice(objAttrs["markers"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.MarkItemMarkerable {
+			tkh, d := tfObjectToTKHDSMarkItemMarker(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetMarkers(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSOrganizationOrganizationalUnit(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.OrganizationOrganizationalUnitable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.OrganizationOrganizationalUnitable
+	tkh = keyhubmodel.NewOrganizationOrganizationalUnit()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDepth(int64PToInt32P(objAttrs["depth"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetDescription(objAttrs["description"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["owner"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	{
+		val, d := tfObjectToTKHDSOrganizationOrganizationalUnitPrimer(ctx, false, objAttrs["parent"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetParent(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSOrganizationOrganizationalUnit_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSOrganizationOrganizationalUnitLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.OrganizationOrganizationalUnitLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.OrganizationOrganizationalUnitLinkableWrapperable
+	tkh = keyhubmodel.NewOrganizationOrganizationalUnitLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.OrganizationOrganizationalUnitable {
+			tkh, d := tfObjectToTKHDSOrganizationOrganizationalUnit(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSOrganizationOrganizationalUnitPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.OrganizationOrganizationalUnitPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.OrganizationOrganizationalUnitPrimerable
+	tkh = keyhubmodel.NewOrganizationOrganizationalUnitPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSOrganizationOrganizationalUnit_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.OrganizationOrganizationalUnit_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.OrganizationOrganizationalUnit_additionalObjectsable
+	tkh = keyhubmodel.NewOrganizationOrganizationalUnit_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningAbstractProvisionedLDAP(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningAbstractProvisionedLDAPable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningAbstractProvisionedLDAPable
+	tkh = keyhubmodel.NewProvisioningAbstractProvisionedLDAP()
+	{
+		val, d := tfToMap(objAttrs["attributes"].(basetypes.MapValue), func(val attr.Value, diags *diag.Diagnostics) any {
+			return val.(basetypes.StringValue).ValueString()
+		}, keyhubmodel.NewProvisioningAbstractProvisionedLDAP_attributes())
+		diags.Append(d...)
+		tkh.SetAttributes(val)
+	}
+	tkh.SetBaseDN(objAttrs["base_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetBindDN(objAttrs["bind_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetBindPassword(objAttrs["bind_password"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSCertificateCertificatePrimer(ctx, recurse, objAttrs["client_certificate"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetClientCertificate(val)
+	}
+	tkh.SetFailoverHost(objAttrs["failover_host"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSCertificateCertificatePrimer(ctx, recurse, objAttrs["failover_trusted_certificate"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetFailoverTrustedCertificate(val)
+	}
+	tkh.SetGroupDN(objAttrs["group_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetHost(objAttrs["host"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetObjectClasses(objAttrs["object_classes"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetPort(int64PToInt32P(objAttrs["port"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetServiceAccountDN(objAttrs["service_account_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetSshPublicKeySupported(objAttrs["ssh_public_key_supported"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["tls"].(basetypes.StringValue), keyhubmodel.ParseTLSLevel, func(val any) keyhubmodel.TLSLevel { return *val.(*keyhubmodel.TLSLevel) })
+		diags.Append(d...)
+		tkh.SetTls(val)
+	}
+	{
+		val, d := tfObjectToTKHDSCertificateCertificatePrimer(ctx, recurse, objAttrs["trusted_certificate"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetTrustedCertificate(val)
+	}
+	tkh.SetUserDN(objAttrs["user_dn"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningCircuitBreakerStatistics(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningCircuitBreakerStatisticsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningCircuitBreakerStatisticsable
+	tkh = keyhubmodel.NewProvisioningCircuitBreakerStatistics()
+	tkh.SetNumberOfFailedCalls(objAttrs["number_of_failed_calls"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNumberOfNotPermittedCalls(objAttrs["number_of_not_permitted_calls"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNumberOfSuccessfulCalls(objAttrs["number_of_successful_calls"].(basetypes.Int64Value).ValueInt64Pointer())
+	{
+		val, d := parseCastPointer(objAttrs["state"].(basetypes.StringValue), keyhubmodel.ParseProvisioningCircuitBreakerState, func(val any) keyhubmodel.ProvisioningCircuitBreakerState {
+			return *val.(*keyhubmodel.ProvisioningCircuitBreakerState)
+		})
+		diags.Append(d...)
+		tkh.SetState(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningGroupOnSystem(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningGroupOnSystemable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningGroupOnSystemable
+	tkh = keyhubmodel.NewProvisioningGroupOnSystem()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetNameInSystem(objAttrs["name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseProvisioningGroupOnSystemType, func(val any) keyhubmodel.ProvisioningGroupOnSystemType {
+			return *val.(*keyhubmodel.ProvisioningGroupOnSystemType)
+		})
+		diags.Append(d...)
+		tkh.SetProvisioningGroupOnSystemPrimerType(val)
+	}
+	tkh.SetShortNameInSystem(objAttrs["short_name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["owner"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSProvisioningGroupOnSystem_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningGroupOnSystemLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningGroupOnSystemLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningGroupOnSystemLinkableWrapperable
+	tkh = keyhubmodel.NewProvisioningGroupOnSystemLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ProvisioningGroupOnSystemable {
+			tkh, d := tfObjectToTKHDSProvisioningGroupOnSystem(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningGroupOnSystemPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningGroupOnSystemPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningGroupOnSystemPrimerable
+	tkh = keyhubmodel.NewProvisioningGroupOnSystemPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetNameInSystem(objAttrs["name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseProvisioningGroupOnSystemType, func(val any) keyhubmodel.ProvisioningGroupOnSystemType {
+			return *val.(*keyhubmodel.ProvisioningGroupOnSystemType)
+		})
+		diags.Append(d...)
+		tkh.SetProvisioningGroupOnSystemPrimerType(val)
+	}
+	tkh.SetShortNameInSystem(objAttrs["short_name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningGroupOnSystemTypes(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningGroupOnSystemTypesable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningGroupOnSystemTypesable
+	tkh = keyhubmodel.NewProvisioningGroupOnSystemTypes()
+	{
+		val, d := tfToSlice(objAttrs["types"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ProvisioningGroupOnSystemType {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseProvisioningGroupOnSystemType, func(val any) keyhubmodel.ProvisioningGroupOnSystemType {
+				return *val.(*keyhubmodel.ProvisioningGroupOnSystemType)
+			})
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetTypes(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningGroupOnSystem_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningGroupOnSystem_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningGroupOnSystem_additionalObjectsable
+	tkh = keyhubmodel.NewProvisioningGroupOnSystem_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupProvisioningGroupLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["provgroups"]))
+		diags.Append(d...)
+		tkh.SetProvgroups(val)
+	}
+	{
+		val, d := tfObjectToTKHDSServiceaccountServiceAccountPrimerLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["service_accounts"]))
+		diags.Append(d...)
+		tkh.SetServiceAccounts(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningOwnedGroupOnSystemsWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningOwnedGroupOnSystemsWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningOwnedGroupOnSystemsWrapperable
+	tkh = keyhubmodel.NewProvisioningOwnedGroupOnSystemsWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ProvisioningGroupOnSystemable {
+			tkh, d := tfObjectToTKHDSProvisioningGroupOnSystem(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	tkh.SetUnlinkedCount(objAttrs["unlinked_count"].(basetypes.Int64Value).ValueInt64Pointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionNumberSequence(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionNumberSequenceable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionNumberSequenceable
+	tkh = keyhubmodel.NewProvisioningProvisionNumberSequence()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAccountCount(int64PToInt32P(objAttrs["account_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetNextUID(objAttrs["next_uid"].(basetypes.Int64Value).ValueInt64Pointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSProvisioningProvisionNumberSequence_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionNumberSequence_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionNumberSequence_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionNumberSequence_additionalObjectsable
+	tkh = keyhubmodel.NewProvisioningProvisionNumberSequence_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHDSProvisioningProvisionedSystemPrimerLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["systems"]))
+		diags.Append(d...)
+		tkh.SetSystems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedAD(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedADable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedADable
+	tkh = keyhubmodel.NewProvisioningProvisionedAD()
+	{
+		val, d := parseCastPointer(objAttrs["sam_account_name_scheme"].(basetypes.StringValue), keyhubmodel.ParseProvisioningADSamAccountNameScheme, func(val any) keyhubmodel.ProvisioningADSamAccountNameScheme {
+			return *val.(*keyhubmodel.ProvisioningADSamAccountNameScheme)
+		})
+		diags.Append(d...)
+		tkh.SetSamAccountNameScheme(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedAccount(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedAccountable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedAccountable
+	tkh = keyhubmodel.NewProvisioningProvisionedAccount()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["last_active"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetLastActive(val)
+	}
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["validity"].(basetypes.StringValue), keyhubmodel.ParseAuthAccountValidity, func(val any) keyhubmodel.AuthAccountValidity { return *val.(*keyhubmodel.AuthAccountValidity) })
+		diags.Append(d...)
+		tkh.SetValidity(val)
+	}
+	tkh.SetUid(objAttrs["uid"].(basetypes.Int64Value).ValueInt64Pointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSProvisioningProvisionedAccount_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedAccount_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedAccount_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedAccount_additionalObjectsable
+	tkh = keyhubmodel.NewProvisioningProvisionedAccount_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedAzureOIDCDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedAzureOIDCDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedAzureOIDCDirectoryable
+	tkh = keyhubmodel.NewProvisioningProvisionedAzureOIDCDirectory()
+	{
+		val, d := tfObjectToTKHDSDirectoryAccountDirectoryPrimer(ctx, recurse, objAttrs["directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetDirectory(val)
+	}
+	tkh.SetTenant(objAttrs["tenant"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedAzureSyncLDAPDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedAzureSyncLDAPDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedAzureSyncLDAPDirectoryable
+	tkh = keyhubmodel.NewProvisioningProvisionedAzureSyncLDAPDirectory()
+	tkh.SetClientId(objAttrs["client_id"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetClientSecret(objAttrs["client_secret"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSDirectoryAccountDirectoryPrimer(ctx, recurse, objAttrs["directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetDirectory(val)
+	}
+	tkh.SetTenant(objAttrs["tenant"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedAzureTenant(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedAzureTenantable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedAzureTenantable
+	tkh = keyhubmodel.NewProvisioningProvisionedAzureTenant()
+	tkh.SetClientId(objAttrs["client_id"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetClientSecret(objAttrs["client_secret"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetIdpDomain(objAttrs["idp_domain"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetTenant(objAttrs["tenant"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedInternalLDAP(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedInternalLDAPable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedInternalLDAPable
+	tkh = keyhubmodel.NewProvisioningProvisionedInternalLDAP()
+	{
+		val, d := tfObjectToTKHDSClientLdapClient(ctx, recurse, objAttrs["client"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetClient(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedLDAP(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedLDAPable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedLDAPable
+	tkh = keyhubmodel.NewProvisioningProvisionedLDAP()
+	tkh.SetGid(objAttrs["gid"].(basetypes.Int64Value).ValueInt64Pointer())
+	{
+		val, d := parseCastPointer(objAttrs["hashing_scheme"].(basetypes.StringValue), keyhubmodel.ParseProvisioningLDAPPasswordHashingScheme, func(val any) keyhubmodel.ProvisioningLDAPPasswordHashingScheme {
+			return *val.(*keyhubmodel.ProvisioningLDAPPasswordHashingScheme)
+		})
+		diags.Append(d...)
+		tkh.SetHashingScheme(val)
+	}
+	{
+		val, d := tfObjectToTKHDSProvisioningProvisionNumberSequence(ctx, recurse, objAttrs["numbering"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetNumbering(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedLDAPDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedLDAPDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedLDAPDirectoryable
+	tkh = keyhubmodel.NewProvisioningProvisionedLDAPDirectory()
+	{
+		val, d := tfObjectToTKHDSDirectoryAccountDirectoryPrimer(ctx, recurse, objAttrs["directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetDirectory(val)
+	}
+	tkh.SetGroupDN(objAttrs["group_dn"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedSystem(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedSystemable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedSystemable
+	tkh = keyhubmodel.NewProvisioningProvisionedSystem()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSOrganizationOrganizationalUnitPrimer(ctx, recurse, objAttrs["organizational_unit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetOrganizationalUnit(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseProvisioningProvisionedSystemType, func(val any) keyhubmodel.ProvisioningProvisionedSystemType {
+			return *val.(*keyhubmodel.ProvisioningProvisionedSystemType)
+		})
+		diags.Append(d...)
+		tkh.SetProvisioningProvisionedSystemPrimerType(val)
+	}
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetAccountCount(int64PToInt32P(objAttrs["account_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["content_administrator"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetContentAdministrator(val)
+	}
+	{
+		val, d := parsePointer(objAttrs["external_uuid"].(basetypes.StringValue), uuid.Parse)
+		diags.Append(d...)
+		tkh.SetExternalUuid(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["owner"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	tkh.SetSelfServiceExistingGroups(objAttrs["self_service_existing_groups"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetSelfServiceNewGroups(objAttrs["self_service_new_groups"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetSelfServiceServiceAccounts(objAttrs["self_service_service_accounts"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetShouldDestroyUnknownAccounts(objAttrs["should_destroy_unknown_accounts"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["technical_administrator"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetTechnicalAdministrator(val)
+	}
+	tkh.SetUsernamePrefix(objAttrs["username_prefix"].(basetypes.StringValue).ValueStringPointer())
+	if !objAttrs["abstract_provisioned_ldap"].IsNull() {
+		val, d := tfObjectToTKHDSProvisioningAbstractProvisionedLDAP(ctx, false, objAttrs["abstract_provisioned_ldap"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningAbstractProvisionedLDAP)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_a_d"].IsNull() {
+		val, d := tfObjectToTKHDSProvisioningProvisionedAD(ctx, false, objAttrs["provisioned_a_d"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedAD)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_azure_oidc_directory"].IsNull() {
+		val, d := tfObjectToTKHDSProvisioningProvisionedAzureOIDCDirectory(ctx, false, objAttrs["provisioned_azure_oidc_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedAzureOIDCDirectory)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_azure_sync_ldap_directory"].IsNull() {
+		val, d := tfObjectToTKHDSProvisioningProvisionedAzureSyncLDAPDirectory(ctx, false, objAttrs["provisioned_azure_sync_ldap_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedAzureSyncLDAPDirectory)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_azure_tenant"].IsNull() {
+		val, d := tfObjectToTKHDSProvisioningProvisionedAzureTenant(ctx, false, objAttrs["provisioned_azure_tenant"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedAzureTenant)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_internal_ldap"].IsNull() {
+		val, d := tfObjectToTKHDSProvisioningProvisionedInternalLDAP(ctx, false, objAttrs["provisioned_internal_ldap"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedInternalLDAP)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_ldap"].IsNull() {
+		val, d := tfObjectToTKHDSProvisioningProvisionedLDAP(ctx, false, objAttrs["provisioned_ldap"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedLDAP)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_ldap_directory"].IsNull() {
+		val, d := tfObjectToTKHDSProvisioningProvisionedLDAPDirectory(ctx, false, objAttrs["provisioned_ldap_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedLDAPDirectory)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSProvisioningProvisionedSystem_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedSystemLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedSystemLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedSystemLinkableWrapperable
+	tkh = keyhubmodel.NewProvisioningProvisionedSystemLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ProvisioningProvisionedSystemable {
+			tkh, d := tfObjectToTKHDSProvisioningProvisionedSystem(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedSystemPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedSystemPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedSystemPrimerable
+	tkh = keyhubmodel.NewProvisioningProvisionedSystemPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSOrganizationOrganizationalUnitPrimer(ctx, recurse, objAttrs["organizational_unit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetOrganizationalUnit(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseProvisioningProvisionedSystemType, func(val any) keyhubmodel.ProvisioningProvisionedSystemType {
+			return *val.(*keyhubmodel.ProvisioningProvisionedSystemType)
+		})
+		diags.Append(d...)
+		tkh.SetProvisioningProvisionedSystemPrimerType(val)
+	}
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedSystemPrimerLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedSystemPrimerLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedSystemPrimerLinkableWrapperable
+	tkh = keyhubmodel.NewProvisioningProvisionedSystemPrimerLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ProvisioningProvisionedSystemPrimerable {
+			tkh, d := tfObjectToTKHDSProvisioningProvisionedSystemPrimer(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisionedSystem_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedSystem_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedSystem_additionalObjectsable
+	tkh = keyhubmodel.NewProvisioningProvisionedSystem_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSProvisioningProvisionedAccount(ctx, recurse, objAttrs["account"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAccount(val)
+	}
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHDSClientOAuth2ClientPermissionWithClientLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["issued_permissions"]))
+		diags.Append(d...)
+		tkh.SetIssuedPermissions(val)
+	}
+	tkh.SetLoginName(objAttrs["login_name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSProvisioningProvisioningManagementPermissions(ctx, recurse, objAttrs["management_permissions"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetManagementPermissions(val)
+	}
+	{
+		val, d := tfObjectToTKHDSMarkItemMarkers(ctx, recurse, objAttrs["markers"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetMarkers(val)
+	}
+	{
+		val, d := tfObjectToTKHDSProvisioningCircuitBreakerStatistics(ctx, recurse, objAttrs["statistics"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetStatistics(val)
+	}
+	{
+		val, d := tfObjectToTKHDSProvisioningGroupOnSystemTypes(ctx, recurse, objAttrs["supported_group_types"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSupportedGroupTypes(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSProvisioningProvisioningManagementPermissions(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisioningManagementPermissionsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisioningManagementPermissionsable
+	tkh = keyhubmodel.NewProvisioningProvisioningManagementPermissions()
+	tkh.SetCreateNewGroupsAllowed(objAttrs["create_new_groups_allowed"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetCreateServiceAccountsAllowed(objAttrs["create_service_accounts_allowed"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetReuseExistingGroupsAllowed(objAttrs["reuse_existing_groups_allowed"].(basetypes.BoolValue).ValueBoolPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSServiceaccountServiceAccount(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountable
+	tkh = keyhubmodel.NewServiceaccountServiceAccount()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSProvisioningProvisionedSystemPrimer(ctx, recurse, objAttrs["system"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSystem(val)
+	}
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDescription(objAttrs["description"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSVaultVaultRecordPrimer(ctx, false, objAttrs["password"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetPassword(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["password_rotation"].(basetypes.StringValue), keyhubmodel.ParseServiceaccountPasswordRotationScheme, func(val any) keyhubmodel.ServiceaccountPasswordRotationScheme {
+			return *val.(*keyhubmodel.ServiceaccountPasswordRotationScheme)
+		})
+		diags.Append(d...)
+		tkh.SetPasswordRotation(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["technical_administrator"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetTechnicalAdministrator(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSServiceaccountServiceAccount_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSServiceaccountServiceAccountGroup(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountGroupable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountGroupable
+	tkh = keyhubmodel.NewServiceaccountServiceAccountGroup()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetNameInSystem(objAttrs["name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseProvisioningGroupOnSystemType, func(val any) keyhubmodel.ProvisioningGroupOnSystemType {
+			return *val.(*keyhubmodel.ProvisioningGroupOnSystemType)
+		})
+		diags.Append(d...)
+		tkh.SetProvisioningGroupOnSystemPrimerType(val)
+	}
+	tkh.SetShortNameInSystem(objAttrs["short_name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSServiceaccountServiceAccountGroup_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSServiceaccountServiceAccountGroupLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountGroupLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountGroupLinkableWrapperable
+	tkh = keyhubmodel.NewServiceaccountServiceAccountGroupLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ServiceaccountServiceAccountGroupable {
+			tkh, d := tfObjectToTKHDSServiceaccountServiceAccountGroup(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSServiceaccountServiceAccountGroup_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountGroup_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountGroup_additionalObjectsable
+	tkh = keyhubmodel.NewServiceaccountServiceAccountGroup_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSServiceaccountServiceAccountLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountLinkableWrapperable
+	tkh = keyhubmodel.NewServiceaccountServiceAccountLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ServiceaccountServiceAccountable {
+			tkh, d := tfObjectToTKHDSServiceaccountServiceAccount(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSServiceaccountServiceAccountPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountPrimerable
+	tkh = keyhubmodel.NewServiceaccountServiceAccountPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSProvisioningProvisionedSystemPrimer(ctx, recurse, objAttrs["system"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSystem(val)
+	}
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSServiceaccountServiceAccountPrimerLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountPrimerLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountPrimerLinkableWrapperable
+	tkh = keyhubmodel.NewServiceaccountServiceAccountPrimerLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ServiceaccountServiceAccountPrimerable {
+			tkh, d := tfObjectToTKHDSServiceaccountServiceAccountPrimer(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSServiceaccountServiceAccount_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccount_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccount_additionalObjectsable
+	tkh = keyhubmodel.NewServiceaccountServiceAccount_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHDSServiceaccountServiceAccountGroupLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["groups"]))
+		diags.Append(d...)
+		tkh.SetGroups(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGeneratedSecret(ctx, recurse, objAttrs["secret"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSecret(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSVaultPasswordMetadata(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultPasswordMetadataable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultPasswordMetadataable
+	tkh = keyhubmodel.NewVaultPasswordMetadata()
+	tkh.SetDictionary(objAttrs["dictionary"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetDuplicate(objAttrs["duplicate"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetHash(objAttrs["hash"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetLength(int64PToInt32P(objAttrs["length"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetLowerCount(int64PToInt32P(objAttrs["lower_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetNumberCount(int64PToInt32P(objAttrs["number_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetSpecialCount(int64PToInt32P(objAttrs["special_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetStrength(int64PToInt32P(objAttrs["strength"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetUpperCount(int64PToInt32P(objAttrs["upper_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	return tkh, diags
+}
+
+func tfObjectToTKHDSVaultVault(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultable
+	tkh = keyhubmodel.NewVaultVault()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAccessAvailable(objAttrs["access_available"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["records"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.VaultVaultRecordable {
+			tkh, d := tfObjectToTKHDSVaultVaultRecord(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetRecords(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSVaultVaultHolder(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultHolderable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	var tkh keyhubmodel.VaultVaultHolderable
+	tkh = keyhubmodel.NewVaultVaultHolder()
+	return tkh, diags
+}
+
+func tfObjectToTKHDSVaultVaultRecord(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordable
+	tkh = keyhubmodel.NewVaultVaultRecord()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["color"].(basetypes.StringValue), keyhubmodel.ParseVaultVaultRecordColor, func(val any) keyhubmodel.VaultVaultRecordColor { return *val.(*keyhubmodel.VaultVaultRecordColor) })
+		diags.Append(d...)
+		tkh.SetColor(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["share_end_time"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetShareEndTime(val)
+	}
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDerived(objAttrs["derived"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parsePointer2(objAttrs["end_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetEndDate(val)
+	}
+	tkh.SetFilename(objAttrs["filename"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["types"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.VaultVaultSecretType {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseVaultVaultSecretType, func(val any) keyhubmodel.VaultVaultSecretType { return *val.(*keyhubmodel.VaultVaultSecretType) })
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetTypes(val)
+	}
+	tkh.SetUrl(objAttrs["url"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["warning_period"].(basetypes.StringValue), keyhubmodel.ParseVaultVaultRecordWarningPeriod, func(val any) keyhubmodel.VaultVaultRecordWarningPeriod {
+			return *val.(*keyhubmodel.VaultVaultRecordWarningPeriod)
+		})
+		diags.Append(d...)
+		tkh.SetWarningPeriod(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSVaultVaultRecord_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSVaultVaultRecordPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordPrimerable
+	tkh = keyhubmodel.NewVaultVaultRecordPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["color"].(basetypes.StringValue), keyhubmodel.ParseVaultVaultRecordColor, func(val any) keyhubmodel.VaultVaultRecordColor { return *val.(*keyhubmodel.VaultVaultRecordColor) })
+		diags.Append(d...)
+		tkh.SetColor(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["share_end_time"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetShareEndTime(val)
+	}
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSVaultVaultRecordPrimerLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordPrimerLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordPrimerLinkableWrapperable
+	tkh = keyhubmodel.NewVaultVaultRecordPrimerLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.VaultVaultRecordPrimerable {
+			tkh, d := tfObjectToTKHDSVaultVaultRecordPrimer(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSVaultVaultRecordSecrets(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordSecretsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordSecretsable
+	tkh = keyhubmodel.NewVaultVaultRecordSecrets()
+	tkh.SetComment(objAttrs["comment"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetFile(objAttrs["file"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetPassword(objAttrs["password"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetTotp(objAttrs["totp"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHDSVaultVaultRecordShare(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordShareable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordShareable
+	tkh = keyhubmodel.NewVaultVaultRecordShare()
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseVaultVaultHolderType, func(val any) keyhubmodel.VaultVaultHolderType { return *val.(*keyhubmodel.VaultVaultHolderType) })
+		diags.Append(d...)
+		tkh.SetVaultVaultRecordShareType(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSVaultVaultRecordShareSummary(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordShareSummaryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordShareSummaryable
+	tkh = keyhubmodel.NewVaultVaultRecordShareSummary()
+	{
+		val, d := tfToSlice(objAttrs["children"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.VaultVaultRecordShareable {
+			tkh, d := tfObjectToTKHDSVaultVaultRecordShare(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetChildren(val)
+	}
+	{
+		val, d := tfObjectToTKHDSVaultVaultRecordShare(ctx, recurse, objAttrs["parent"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetParent(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSVaultVaultRecord_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecord_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecord_additionalObjectsable
+	tkh = keyhubmodel.NewVaultVaultRecord_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHDSVaultVaultRecordPrimer(ctx, recurse, objAttrs["parent"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetParent(val)
+	}
+	{
+		val, d := tfObjectToTKHDSVaultPasswordMetadata(ctx, recurse, objAttrs["password_metadata"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetPasswordMetadata(val)
+	}
+	{
+		val, d := tfObjectToTKHDSVaultVaultRecordSecrets(ctx, recurse, objAttrs["secret"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSecret(val)
+	}
+	{
+		val, d := tfObjectToTKHDSVaultVaultRecordShareSummary(ctx, recurse, objAttrs["share_summary"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetShareSummary(val)
+	}
+	{
+		val, d := tfObjectToTKHDSVaultVaultRecordPrimerLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["shares"]))
+		diags.Append(d...)
+		tkh.SetShares(val)
+	}
+	{
+		val, d := tfObjectToTKHDSLaunchpadVaultRecordLaunchpadTile(ctx, recurse, objAttrs["tile"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetTile(val)
+	}
+	{
+		val, d := tfObjectToTKHDSVaultVaultHolder(ctx, recurse, objAttrs["vaultholder"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetVaultholder(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSWebhookWebhook(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.WebhookWebhookable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.WebhookWebhookable
+	tkh = keyhubmodel.NewWebhookWebhook()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHDSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHDSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := tfObjectToTKHDSAuthAccountPrimer(ctx, false, objAttrs["account"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAccount(val)
+	}
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetAllTypes(objAttrs["all_types"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["authentication_scheme"].(basetypes.StringValue), keyhubmodel.ParseWebhookWebhookAuthenticationScheme, func(val any) keyhubmodel.WebhookWebhookAuthenticationScheme {
+			return *val.(*keyhubmodel.WebhookWebhookAuthenticationScheme)
+		})
+		diags.Append(d...)
+		tkh.SetAuthenticationScheme(val)
+	}
+	tkh.SetBasicAuthPassword(objAttrs["basic_auth_password"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetBasicAuthUsername(objAttrs["basic_auth_username"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetBearerToken(objAttrs["bearer_token"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSClientClientApplicationPrimer(ctx, false, objAttrs["client"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetClient(val)
+	}
+	{
+		val, d := tfObjectToTKHDSCertificateCertificatePrimer(ctx, false, objAttrs["client_certificate"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetClientCertificate(val)
+	}
+	tkh.SetCustomHeaderName(objAttrs["custom_header_name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetCustomHeaderValue(objAttrs["custom_header_value"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSDirectoryAccountDirectoryPrimer(ctx, false, objAttrs["directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetDirectory(val)
+	}
+	{
+		val, d := tfObjectToTKHDSGroupGroupPrimer(ctx, false, objAttrs["group"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetGroup(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHDSProvisioningProvisionedSystemPrimer(ctx, false, objAttrs["system"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSystem(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["tls"].(basetypes.StringValue), keyhubmodel.ParseTLSLevel, func(val any) keyhubmodel.TLSLevel { return *val.(*keyhubmodel.TLSLevel) })
+		diags.Append(d...)
+		tkh.SetTls(val)
+	}
+	{
+		val, d := tfObjectToTKHDSCertificateCertificatePrimer(ctx, false, objAttrs["trusted_certificate"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetTrustedCertificate(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["types"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuditAuditRecordType {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseAuditAuditRecordType, func(val any) keyhubmodel.AuditAuditRecordType { return *val.(*keyhubmodel.AuditAuditRecordType) })
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetTypes(val)
+	}
+	tkh.SetUrl(objAttrs["url"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetVerbosePayloads(objAttrs["verbose_payloads"].(basetypes.BoolValue).ValueBoolPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHDSWebhookWebhook_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSWebhookWebhookLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.WebhookWebhookLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.WebhookWebhookLinkableWrapperable
+	tkh = keyhubmodel.NewWebhookWebhookLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.WebhookWebhookable {
+			tkh, d := tfObjectToTKHDSWebhookWebhook(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHDSWebhookWebhook_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.WebhookWebhook_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.WebhookWebhook_additionalObjectsable
+	tkh = keyhubmodel.NewWebhookWebhook_additionalObjects()
+	{
+		val, d := tfObjectToTKHDSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
diff --git a/internal/provider/full-tf-to-tkh-rs.go b/internal/provider/full-tf-to-tkh-rs.go
new file mode 100644
index 0000000..aab10a9
--- /dev/null
+++ b/internal/provider/full-tf-to-tkh-rs.go
@@ -0,0 +1,3886 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"context"
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/microsoft/kiota-abstractions-go/serialization"
+	keyhubmodel "github.com/topicuskeyhub/sdk-go/models"
+)
+
+func tfObjectToTKHRSAuditInfo(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.AuditInfoable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.AuditInfoable
+	tkh = keyhubmodel.NewAuditInfo()
+	{
+		val, d := tfToTimePointer(objAttrs["created_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetCreatedAt(val)
+	}
+	tkh.SetCreatedBy(objAttrs["created_by"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["last_modified_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetLastModifiedAt(val)
+	}
+	tkh.SetLastModifiedBy(objAttrs["last_modified_by"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGeneratedSecret(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GeneratedSecretable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GeneratedSecretable
+	tkh = keyhubmodel.NewGeneratedSecret()
+	tkh.SetGeneratedSecret(objAttrs["generated_secret"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetOldSecret(objAttrs["old_secret"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetRegenerate(objAttrs["regenerate"].(basetypes.BoolValue).ValueBoolPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSLinkable(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.Linkableable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.Linkableable
+	tkh = keyhubmodel.NewLinkable()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSNonLinkable(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.NonLinkableable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	var tkh keyhubmodel.NonLinkableable
+	tkh = keyhubmodel.NewNonLinkable()
+	return tkh, diags
+}
+
+func tfObjectToTKHRSRestLink(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.RestLinkable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.RestLinkable
+	tkh = keyhubmodel.NewRestLink()
+	tkh.SetHref(objAttrs["href"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetId(objAttrs["id"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetRel(objAttrs["rel"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetTypeEscaped(objAttrs["type_escaped"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSAuthAccountPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.AuthAccountPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.AuthAccountPrimerable
+	tkh = keyhubmodel.NewAuthAccountPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["last_active"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetLastActive(val)
+	}
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["validity"].(basetypes.StringValue), keyhubmodel.ParseAuthAccountValidity, func(val any) keyhubmodel.AuthAccountValidity { return *val.(*keyhubmodel.AuthAccountValidity) })
+		diags.Append(d...)
+		tkh.SetValidity(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSAuthPermission(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.AuthPermissionable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.AuthPermissionable
+	tkh = keyhubmodel.NewAuthPermission()
+	tkh.SetFull(objAttrs["full"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["instances"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) string {
+			return val.(basetypes.StringValue).ValueString()
+		})
+		diags.Append(d...)
+		tkh.SetInstances(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["operations"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermittedOperation {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseAuthPermittedOperation, func(val any) keyhubmodel.AuthPermittedOperation { return *val.(*keyhubmodel.AuthPermittedOperation) })
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetOperations(val)
+	}
+	tkh.SetTypeEscaped(objAttrs["type_escaped"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSCertificateCertificatePrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.CertificateCertificatePrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.CertificateCertificatePrimerable
+	tkh = keyhubmodel.NewCertificateCertificatePrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAlias(objAttrs["alias"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseCertificateCertificateType, func(val any) keyhubmodel.CertificateCertificateType {
+			return *val.(*keyhubmodel.CertificateCertificateType)
+		})
+		diags.Append(d...)
+		tkh.SetCertificateCertificatePrimerType(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["certificate_data"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) string {
+			return val.(basetypes.StringValue).ValueString()
+		})
+		diags.Append(d...)
+		tkh.SetCertificateData(val)
+	}
+	{
+		val, d := tfToTimePointer(objAttrs["expiration"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetExpiration(val)
+	}
+	tkh.SetFingerprintSha1(objAttrs["fingerprint_sha1"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetFingerprintSha256(objAttrs["fingerprint_sha256"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetGlobal(objAttrs["global"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetSubjectDN(objAttrs["subject_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSClientApplicationVaultVaultRecord(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordable
+	tkh = keyhubmodel.NewVaultVaultRecord()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["color"].(basetypes.StringValue), keyhubmodel.ParseVaultVaultRecordColor, func(val any) keyhubmodel.VaultVaultRecordColor { return *val.(*keyhubmodel.VaultVaultRecordColor) })
+		diags.Append(d...)
+		tkh.SetColor(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["share_end_time"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetShareEndTime(val)
+	}
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDerived(objAttrs["derived"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parsePointer2(objAttrs["end_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetEndDate(val)
+	}
+	tkh.SetFilename(objAttrs["filename"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["types"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.VaultVaultSecretType {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseVaultVaultSecretType, func(val any) keyhubmodel.VaultVaultSecretType { return *val.(*keyhubmodel.VaultVaultSecretType) })
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetTypes(val)
+	}
+	tkh.SetUrl(objAttrs["url"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["warning_period"].(basetypes.StringValue), keyhubmodel.ParseVaultVaultRecordWarningPeriod, func(val any) keyhubmodel.VaultVaultRecordWarningPeriod {
+			return *val.(*keyhubmodel.VaultVaultRecordWarningPeriod)
+		})
+		diags.Append(d...)
+		tkh.SetWarningPeriod(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSVaultVaultRecord_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSClientClientApplication(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientClientApplicationable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientClientApplicationable
+	tkh = keyhubmodel.NewClientClientApplication()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseClientClientApplicationType, func(val any) keyhubmodel.ClientClientApplicationType {
+			return *val.(*keyhubmodel.ClientClientApplicationType)
+		})
+		diags.Append(d...)
+		tkh.SetClientClientApplicationPrimerType(val)
+	}
+	tkh.SetClientId(objAttrs["client_id"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["scopes"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) string {
+			return val.(basetypes.StringValue).ValueString()
+		})
+		diags.Append(d...)
+		tkh.SetScopes(val)
+	}
+	tkh.SetSsoApplication(objAttrs["sso_application"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["last_modified_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetLastModifiedAt(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["owner_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["technical_administrator_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetTechnicalAdministrator(val)
+	}
+	if !objAttrs["ldap_client"].IsNull() {
+		val, d := tfObjectToTKHRSClientLdapClient(ctx, false, objAttrs["ldap_client"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ClientLdapClient)).ClientClientApplication = *tkh.(*keyhubmodel.ClientClientApplication)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["o_auth2_client"].IsNull() {
+		val, d := tfObjectToTKHRSClientOAuth2Client(ctx, false, objAttrs["o_auth2_client"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ClientOAuth2Client)).ClientClientApplication = *tkh.(*keyhubmodel.ClientClientApplication)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["saml2_client"].IsNull() {
+		val, d := tfObjectToTKHRSClientSaml2Client(ctx, false, objAttrs["saml2_client"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ClientSaml2Client)).ClientClientApplication = *tkh.(*keyhubmodel.ClientClientApplication)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSClientClientApplication_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSClientClientApplicationLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientClientApplicationLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientClientApplicationLinkableWrapperable
+	tkh = keyhubmodel.NewClientClientApplicationLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ClientClientApplicationable {
+			tkh, d := tfObjectToTKHRSClientClientApplication(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSClientClientApplicationPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientClientApplicationPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientClientApplicationPrimerable
+	tkh = keyhubmodel.NewClientClientApplicationPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseClientClientApplicationType, func(val any) keyhubmodel.ClientClientApplicationType {
+			return *val.(*keyhubmodel.ClientClientApplicationType)
+		})
+		diags.Append(d...)
+		tkh.SetClientClientApplicationPrimerType(val)
+	}
+	tkh.SetClientId(objAttrs["client_id"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["scopes"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) string {
+			return val.(basetypes.StringValue).ValueString()
+		})
+		diags.Append(d...)
+		tkh.SetScopes(val)
+	}
+	tkh.SetSsoApplication(objAttrs["sso_application"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSClientClientApplication_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientClientApplication_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientClientApplication_additionalObjectsable
+	tkh = keyhubmodel.NewClientClientApplication_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	tkh.SetDeleteTile(objAttrs["delete_tile"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHRSGroupGroupClientLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["groupclients"]))
+		diags.Append(d...)
+		tkh.SetGroupclients(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSGroupGroupLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["groups"]))
+		diags.Append(d...)
+		tkh.SetGroups(val)
+	}
+	{
+		val, d := tfObjectToTKHRSGeneratedSecret(ctx, recurse, objAttrs["secret"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSecret(val)
+	}
+	{
+		val, d := tfObjectToTKHRSLaunchpadSsoApplicationLaunchpadTile(ctx, recurse, objAttrs["tile"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetTile(val)
+	}
+	tkh.SetVaultRecordCount(int64PToInt32P(objAttrs["vault_record_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	return tkh, diags
+}
+
+func tfObjectToTKHRSClientLdapClient(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientLdapClientable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientLdapClientable
+	tkh = keyhubmodel.NewClientLdapClient()
+	tkh.SetBindDn(objAttrs["bind_dn"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findCertificateCertificatePrimerByUUID(ctx, objAttrs["client_certificate_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetClientCertificate(val)
+	}
+	tkh.SetShareSecretInVault(objAttrs["share_secret_in_vault"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := findVaultVaultRecordPrimerByUUID(ctx, objAttrs["shared_secret_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetSharedSecret(val)
+	}
+	tkh.SetUsedForProvisioning(objAttrs["used_for_provisioning"].(basetypes.BoolValue).ValueBoolPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSClientOAuth2Client(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientOAuth2Clientable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientOAuth2Clientable
+	tkh = keyhubmodel.NewClientOAuth2Client()
+	{
+		val, d := tfToSlice(objAttrs["account_permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetAccountPermissions(val)
+	}
+	{
+		val, d := tfToMap(objAttrs["attributes"].(basetypes.MapValue), func(val attr.Value, diags *diag.Diagnostics) any {
+			return val.(basetypes.StringValue).ValueString()
+		}, keyhubmodel.NewClientOAuth2Client_attributes())
+		diags.Append(d...)
+		tkh.SetAttributes(val)
+	}
+	tkh.SetCallbackURI(objAttrs["callback_uri"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetConfidential(objAttrs["confidential"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetDebugMode(objAttrs["debug_mode"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetIdTokenClaims(objAttrs["id_token_claims"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetInitiateLoginURI(objAttrs["initiate_login_uri"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetResourceURIs(objAttrs["resource_uris"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetShareSecretInVault(objAttrs["share_secret_in_vault"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := findVaultVaultRecordPrimerByUUID(ctx, objAttrs["shared_secret_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetSharedSecret(val)
+	}
+	tkh.SetShowLandingPage(objAttrs["show_landing_page"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetUseClientCredentials(objAttrs["use_client_credentials"].(basetypes.BoolValue).ValueBoolPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSClientOAuth2ClientPermission(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientOAuth2ClientPermissionable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientOAuth2ClientPermissionable
+	tkh = keyhubmodel.NewClientOAuth2ClientPermission()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["for_group_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetForGroup(val)
+	}
+	{
+		val, d := findProvisioningProvisionedSystemPrimerByUUID(ctx, objAttrs["for_system_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetForSystem(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["value"].(basetypes.StringValue), keyhubmodel.ParseClientOAuth2ClientPermissionType, func(val any) keyhubmodel.ClientOAuth2ClientPermissionType {
+			return *val.(*keyhubmodel.ClientOAuth2ClientPermissionType)
+		})
+		diags.Append(d...)
+		tkh.SetValue(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSClientOAuth2ClientPermission_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSClientOAuth2ClientPermissionWithClient(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientOAuth2ClientPermissionWithClientable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientOAuth2ClientPermissionWithClientable
+	tkh = keyhubmodel.NewClientOAuth2ClientPermissionWithClient()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["for_group_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetForGroup(val)
+	}
+	{
+		val, d := findProvisioningProvisionedSystemPrimerByUUID(ctx, objAttrs["for_system_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetForSystem(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["value"].(basetypes.StringValue), keyhubmodel.ParseClientOAuth2ClientPermissionType, func(val any) keyhubmodel.ClientOAuth2ClientPermissionType {
+			return *val.(*keyhubmodel.ClientOAuth2ClientPermissionType)
+		})
+		diags.Append(d...)
+		tkh.SetValue(val)
+	}
+	{
+		val, d := findClientOAuth2ClientByUUID(ctx, objAttrs["client_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetClient(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSClientOAuth2ClientPermission_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSClientOAuth2ClientPermissionWithClientLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientOAuth2ClientPermissionWithClientLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientOAuth2ClientPermissionWithClientLinkableWrapperable
+	tkh = keyhubmodel.NewClientOAuth2ClientPermissionWithClientLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ClientOAuth2ClientPermissionWithClientable {
+			tkh, d := tfObjectToTKHRSClientOAuth2ClientPermissionWithClient(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSClientOAuth2ClientPermission_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientOAuth2ClientPermission_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientOAuth2ClientPermission_additionalObjectsable
+	tkh = keyhubmodel.NewClientOAuth2ClientPermission_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSClientSaml2Client(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ClientSaml2Clientable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ClientSaml2Clientable
+	tkh = keyhubmodel.NewClientSaml2Client()
+	{
+		val, d := tfToMap(objAttrs["attributes"].(basetypes.MapValue), func(val attr.Value, diags *diag.Diagnostics) any {
+			return val.(basetypes.StringValue).ValueString()
+		}, keyhubmodel.NewClientSaml2Client_attributes())
+		diags.Append(d...)
+		tkh.SetAttributes(val)
+	}
+	tkh.SetMetadata(objAttrs["metadata"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetMetadataUrl(objAttrs["metadata_url"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["subject_format"].(basetypes.StringValue), keyhubmodel.ParseClientSubjectFormat, func(val any) keyhubmodel.ClientSubjectFormat { return *val.(*keyhubmodel.ClientSubjectFormat) })
+		diags.Append(d...)
+		tkh.SetSubjectFormat(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSDirectoryAccountDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectoryable
+	tkh = keyhubmodel.NewDirectoryAccountDirectory()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAccountValiditySupported(objAttrs["account_validity_supported"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseDirectoryAccountDirectoryType, func(val any) keyhubmodel.DirectoryAccountDirectoryType {
+			return *val.(*keyhubmodel.DirectoryAccountDirectoryType)
+		})
+		diags.Append(d...)
+		tkh.SetDirectoryAccountDirectoryPrimerType(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findOrganizationOrganizationalUnitPrimerByUUID(ctx, objAttrs["base_organizational_unit_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetBaseOrganizationalUnit(val)
+	}
+	tkh.SetDefaultDirectory(objAttrs["default_directory"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["helpdesk_group_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetHelpdeskGroup(val)
+	}
+	tkh.SetRestrict2fa(objAttrs["restrict2fa"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["rotating_password"].(basetypes.StringValue), keyhubmodel.ParseDirectoryDirectoryRotatingPassword, func(val any) keyhubmodel.DirectoryDirectoryRotatingPassword {
+			return *val.(*keyhubmodel.DirectoryDirectoryRotatingPassword)
+		})
+		diags.Append(d...)
+		tkh.SetRotatingPassword(val)
+	}
+	tkh.SetUsernameCustomizable(objAttrs["username_customizable"].(basetypes.BoolValue).ValueBoolPointer())
+	if !objAttrs["internal_directory"].IsNull() {
+		val, d := tfObjectToTKHRSDirectoryInternalDirectory(ctx, false, objAttrs["internal_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.DirectoryInternalDirectory)).DirectoryAccountDirectory = *tkh.(*keyhubmodel.DirectoryAccountDirectory)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["l_d_a_p_directory"].IsNull() {
+		val, d := tfObjectToTKHRSDirectoryLDAPDirectory(ctx, false, objAttrs["l_d_a_p_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.DirectoryLDAPDirectory)).DirectoryAccountDirectory = *tkh.(*keyhubmodel.DirectoryAccountDirectory)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["maintenance_directory"].IsNull() {
+		val, d := tfObjectToTKHRSDirectoryMaintenanceDirectory(ctx, false, objAttrs["maintenance_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.DirectoryMaintenanceDirectory)).DirectoryAccountDirectory = *tkh.(*keyhubmodel.DirectoryAccountDirectory)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["o_id_c_directory"].IsNull() {
+		val, d := tfObjectToTKHRSDirectoryOIDCDirectory(ctx, false, objAttrs["o_id_c_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.DirectoryOIDCDirectory)).DirectoryAccountDirectory = *tkh.(*keyhubmodel.DirectoryAccountDirectory)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSDirectoryAccountDirectory_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSDirectoryAccountDirectoryLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectoryLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectoryLinkableWrapperable
+	tkh = keyhubmodel.NewDirectoryAccountDirectoryLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.DirectoryAccountDirectoryable {
+			tkh, d := tfObjectToTKHRSDirectoryAccountDirectory(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSDirectoryAccountDirectoryPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectoryPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectoryPrimerable
+	tkh = keyhubmodel.NewDirectoryAccountDirectoryPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAccountValiditySupported(objAttrs["account_validity_supported"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseDirectoryAccountDirectoryType, func(val any) keyhubmodel.DirectoryAccountDirectoryType {
+			return *val.(*keyhubmodel.DirectoryAccountDirectoryType)
+		})
+		diags.Append(d...)
+		tkh.SetDirectoryAccountDirectoryPrimerType(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSDirectoryAccountDirectoryStatusReport(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectoryStatusReportable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectoryStatusReportable
+	tkh = keyhubmodel.NewDirectoryAccountDirectoryStatusReport()
+	tkh.SetAccounts(objAttrs["accounts"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetReason(objAttrs["reason"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["status"].(basetypes.StringValue), keyhubmodel.ParseDirectoryAccountDirectoryStatus, func(val any) keyhubmodel.DirectoryAccountDirectoryStatus {
+			return *val.(*keyhubmodel.DirectoryAccountDirectoryStatus)
+		})
+		diags.Append(d...)
+		tkh.SetStatus(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSDirectoryAccountDirectorySummary(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectorySummaryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectorySummaryable
+	tkh = keyhubmodel.NewDirectoryAccountDirectorySummary()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseDirectoryAccountDirectoryType, func(val any) keyhubmodel.DirectoryAccountDirectoryType {
+			return *val.(*keyhubmodel.DirectoryAccountDirectoryType)
+		})
+		diags.Append(d...)
+		tkh.SetDirectoryAccountDirectorySummaryType(val)
+	}
+	tkh.SetDomainRestriction(objAttrs["domain_restriction"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetFullyResolvedIssuer(objAttrs["fully_resolved_issuer"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHRSDirectoryAccountDirectoryStatusReport(ctx, recurse, objAttrs["status"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetStatus(val)
+	}
+	tkh.SetUsernameCustomizable(objAttrs["username_customizable"].(basetypes.BoolValue).ValueBoolPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSDirectoryAccountDirectorySummaryLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectorySummaryLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectorySummaryLinkableWrapperable
+	tkh = keyhubmodel.NewDirectoryAccountDirectorySummaryLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.DirectoryAccountDirectorySummaryable {
+			tkh, d := tfObjectToTKHRSDirectoryAccountDirectorySummary(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSDirectoryAccountDirectory_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryAccountDirectory_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryAccountDirectory_additionalObjectsable
+	tkh = keyhubmodel.NewDirectoryAccountDirectory_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHRSMarkItemMarkers(ctx, recurse, objAttrs["markers"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetMarkers(val)
+	}
+	{
+		val, d := tfObjectToTKHRSDirectoryAccountDirectoryStatusReport(ctx, recurse, objAttrs["status"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetStatus(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSDirectoryInternalDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryInternalDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryInternalDirectoryable
+	tkh = keyhubmodel.NewDirectoryInternalDirectory()
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["owner_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSDirectoryLDAPDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryLDAPDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryLDAPDirectoryable
+	tkh = keyhubmodel.NewDirectoryLDAPDirectory()
+	tkh.SetAttributesToStore(objAttrs["attributes_to_store"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetBaseDN(objAttrs["base_dn"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findCertificateCertificatePrimerByUUID(ctx, objAttrs["client_certificate_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetClientCertificate(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["dialect"].(basetypes.StringValue), keyhubmodel.ParseDirectoryLDAPDialect, func(val any) keyhubmodel.DirectoryLDAPDialect { return *val.(*keyhubmodel.DirectoryLDAPDialect) })
+		diags.Append(d...)
+		tkh.SetDialect(val)
+	}
+	tkh.SetFailoverHost(objAttrs["failover_host"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findCertificateCertificatePrimerByUUID(ctx, objAttrs["failover_trusted_certificate_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetFailoverTrustedCertificate(val)
+	}
+	tkh.SetHost(objAttrs["host"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["password_recovery"].(basetypes.StringValue), keyhubmodel.ParseDirectoryLDAPDirectoryPasswordRecovery, func(val any) keyhubmodel.DirectoryLDAPDirectoryPasswordRecovery {
+			return *val.(*keyhubmodel.DirectoryLDAPDirectoryPasswordRecovery)
+		})
+		diags.Append(d...)
+		tkh.SetPasswordRecovery(val)
+	}
+	tkh.SetPort(int64PToInt32P(objAttrs["port"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetSearchBindDN(objAttrs["search_bind_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetSearchBindPassword(objAttrs["search_bind_password"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetSearchFilter(objAttrs["search_filter"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["tls"].(basetypes.StringValue), keyhubmodel.ParseTLSLevel, func(val any) keyhubmodel.TLSLevel { return *val.(*keyhubmodel.TLSLevel) })
+		diags.Append(d...)
+		tkh.SetTls(val)
+	}
+	{
+		val, d := findCertificateCertificatePrimerByUUID(ctx, objAttrs["trusted_certificate_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetTrustedCertificate(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSDirectoryMaintenanceDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryMaintenanceDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	var tkh keyhubmodel.DirectoryMaintenanceDirectoryable
+	tkh = keyhubmodel.NewDirectoryMaintenanceDirectory()
+	return tkh, diags
+}
+
+func tfObjectToTKHRSDirectoryOIDCDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.DirectoryOIDCDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.DirectoryOIDCDirectoryable
+	tkh = keyhubmodel.NewDirectoryOIDCDirectory()
+	tkh.SetAcrValues(objAttrs["acr_values"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetAttributesToStore(objAttrs["attributes_to_store"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetClientId(objAttrs["client_id"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetClientSecret(objAttrs["client_secret"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDomainRestriction(objAttrs["domain_restriction"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetEnforces2fa(objAttrs["enforces2fa"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetFullyResolvedIssuer(objAttrs["fully_resolved_issuer"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetIssuer(objAttrs["issuer"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetLogoutUrl(objAttrs["logout_url"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetSendLoginHint(objAttrs["send_login_hint"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["vendor_escaped"].(basetypes.StringValue), keyhubmodel.ParseDirectoryOIDCVendor, func(val any) keyhubmodel.DirectoryOIDCVendor { return *val.(*keyhubmodel.DirectoryOIDCVendor) })
+		diags.Append(d...)
+		tkh.SetVendorEscaped(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupAuthorizedGroupsWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupAuthorizedGroupsWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupAuthorizedGroupsWrapperable
+	tkh = keyhubmodel.NewGroupAuthorizedGroupsWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupable {
+			tkh, d := tfObjectToTKHRSGroupGroup(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	tkh.SetGroupCount(objAttrs["group_count"].(basetypes.Int64Value).ValueInt64Pointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroup(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupable
+	tkh = keyhubmodel.NewGroupGroup()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAdmin(objAttrs["admin"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetApplicationAdministration(objAttrs["application_administration"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfObjectToTKHRSGroupGroupAuditConfig(ctx, false, objAttrs["audit_config"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAuditConfig(val)
+	}
+	tkh.SetAuditRequested(objAttrs["audit_requested"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetAuditor(objAttrs["auditor"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["authorizing_group_auditing_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetAuthorizingGroupAuditing(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["authorizing_group_delegation_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetAuthorizingGroupDelegation(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["authorizing_group_membership_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetAuthorizingGroupMembership(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["authorizing_group_provisioning_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetAuthorizingGroupProvisioning(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["authorizing_group_types"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RequestAuthorizingGroupType {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseRequestAuthorizingGroupType, func(val any) keyhubmodel.RequestAuthorizingGroupType {
+				return *val.(*keyhubmodel.RequestAuthorizingGroupType)
+			})
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetAuthorizingGroupTypes(val)
+	}
+	{
+		val, d := findGroupGroupClassificationPrimerByUUID(ctx, objAttrs["classification_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetClassification(val)
+	}
+	tkh.SetDescription(objAttrs["description"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["extended_access"].(basetypes.StringValue), keyhubmodel.ParseGroupGroupExtendedAccess, func(val any) keyhubmodel.GroupGroupExtendedAccess {
+			return *val.(*keyhubmodel.GroupGroupExtendedAccess)
+		})
+		diags.Append(d...)
+		tkh.SetExtendedAccess(val)
+	}
+	tkh.SetHideAuditTrail(objAttrs["hide_audit_trail"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["nested_under_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetNestedUnder(val)
+	}
+	{
+		val, d := findOrganizationOrganizationalUnitPrimerByUUID(ctx, objAttrs["organizational_unit_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetOrganizationalUnit(val)
+	}
+	tkh.SetPrivateGroup(objAttrs["private_group"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetRecordTrail(objAttrs["record_trail"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetRotatingPasswordRequired(objAttrs["rotating_password_required"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetSingleManaged(objAttrs["single_managed"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["vault_recovery"].(basetypes.StringValue), keyhubmodel.ParseGroupVaultRecoveryAvailability, func(val any) keyhubmodel.GroupVaultRecoveryAvailability {
+			return *val.(*keyhubmodel.GroupVaultRecoveryAvailability)
+		})
+		diags.Append(d...)
+		tkh.SetVaultRecovery(val)
+	}
+	tkh.SetVaultRequiresActivation(objAttrs["vault_requires_activation"].(basetypes.BoolValue).ValueBoolPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSGroupGroup_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupAccount(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAccountable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAccountable
+	tkh = keyhubmodel.NewGroupGroupAccount()
+	{
+		val, d := findAuthAccountPrimerByUUID(ctx, objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		if val != nil {
+			dtype := tkh.GetTypeEscaped()
+			(*tkh.(*keyhubmodel.GroupGroupAccount)).AuthAccountPrimer = *(val.(*keyhubmodel.AuthAccountPrimer))
+			tkh.SetTypeEscaped(dtype)
+		}
+	}
+	{
+		val, d := findDirectoryAccountDirectoryPrimerByUUID(ctx, objAttrs["directory_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetDirectory(val)
+	}
+	tkh.SetDisconnectedNested(objAttrs["disconnected_nested"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parsePointer2(objAttrs["end_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetEndDate(val)
+	}
+	{
+		val, d := parsePointer2(objAttrs["last_used"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetLastUsed(val)
+	}
+	tkh.SetNested(objAttrs["nested"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["provisioning_end_time"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetProvisioningEndTime(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["rights"].(basetypes.StringValue), keyhubmodel.ParseGroupGroupRights, func(val any) keyhubmodel.GroupGroupRights { return *val.(*keyhubmodel.GroupGroupRights) })
+		diags.Append(d...)
+		tkh.SetRights(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["two_factor_status"].(basetypes.StringValue), keyhubmodel.ParseAuthTwoFactorAuthenticationStatus, func(val any) keyhubmodel.AuthTwoFactorAuthenticationStatus {
+			return *val.(*keyhubmodel.AuthTwoFactorAuthenticationStatus)
+		})
+		diags.Append(d...)
+		tkh.SetTwoFactorStatus(val)
+	}
+	tkh.SetVisibleForProvisioning(objAttrs["visible_for_provisioning"].(basetypes.BoolValue).ValueBoolPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSGroupGroupAccount_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupAccountLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAccountLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAccountLinkableWrapperable
+	tkh = keyhubmodel.NewGroupGroupAccountLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupAccountable {
+			tkh, d := tfObjectToTKHRSGroupGroupAccount(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupAccount_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAccount_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAccount_additionalObjectsable
+	tkh = keyhubmodel.NewGroupGroupAccount_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupAudit(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAuditable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAuditable
+	tkh = keyhubmodel.NewGroupGroupAudit()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["accounts"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupAuditAccountable {
+			tkh, d := tfObjectToTKHRSGroupGroupAuditAccount(ctx, false, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetAccounts(val)
+	}
+	tkh.SetComment(objAttrs["comment"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["created_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetCreatedAt(val)
+	}
+	tkh.SetCreatedBy(objAttrs["created_by"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetGroupName(objAttrs["group_name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetNameOnAudit(objAttrs["name_on_audit"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["reviewed_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetReviewedAt(val)
+	}
+	tkh.SetReviewedBy(objAttrs["reviewed_by"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["status"].(basetypes.StringValue), keyhubmodel.ParseGroupGroupAuditStatus, func(val any) keyhubmodel.GroupGroupAuditStatus { return *val.(*keyhubmodel.GroupGroupAuditStatus) })
+		diags.Append(d...)
+		tkh.SetStatus(val)
+	}
+	{
+		val, d := tfToTimePointer(objAttrs["submitted_at"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetSubmittedAt(val)
+	}
+	tkh.SetSubmittedBy(objAttrs["submitted_by"].(basetypes.StringValue).ValueStringPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSGroupGroupAudit_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupAuditAccount(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAuditAccountable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAuditAccountable
+	tkh = keyhubmodel.NewGroupGroupAuditAccount()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAccountUuid(objAttrs["account_uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetAccountValid(objAttrs["account_valid"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["action"].(basetypes.StringValue), keyhubmodel.ParseAuditAuditAccountAction, func(val any) keyhubmodel.AuditAuditAccountAction { return *val.(*keyhubmodel.AuditAuditAccountAction) })
+		diags.Append(d...)
+		tkh.SetAction(val)
+	}
+	tkh.SetComment(objAttrs["comment"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDisconnectedNested(objAttrs["disconnected_nested"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parsePointer2(objAttrs["end_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetEndDate(val)
+	}
+	{
+		val, d := tfToTimePointer(objAttrs["last_active"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetLastActive(val)
+	}
+	{
+		val, d := parsePointer2(objAttrs["last_used"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetLastUsed(val)
+	}
+	tkh.SetNested(objAttrs["nested"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["rights"].(basetypes.StringValue), keyhubmodel.ParseGroupGroupRights, func(val any) keyhubmodel.GroupGroupRights { return *val.(*keyhubmodel.GroupGroupRights) })
+		diags.Append(d...)
+		tkh.SetRights(val)
+	}
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupAuditConfig(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAuditConfigable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAuditConfigable
+	tkh = keyhubmodel.NewGroupGroupAuditConfig()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["months"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.Month {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseMonth, func(val any) keyhubmodel.Month { return *val.(*keyhubmodel.Month) })
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetMonths(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupAuditLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAuditLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAuditLinkableWrapperable
+	tkh = keyhubmodel.NewGroupGroupAuditLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupAuditable {
+			tkh, d := tfObjectToTKHRSGroupGroupAudit(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupAudit_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAudit_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAudit_additionalObjectsable
+	tkh = keyhubmodel.NewGroupGroupAudit_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupAuditingInfo(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupAuditingInfoable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupAuditingInfoable
+	tkh = keyhubmodel.NewGroupGroupAuditingInfo()
+	{
+		val, d := parsePointer2(objAttrs["audit_due_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetAuditDueDate(val)
+	}
+	{
+		val, d := parsePointer2(objAttrs["last_audit_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetLastAuditDate(val)
+	}
+	tkh.SetNrAccounts(objAttrs["nr_accounts"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNrDisabledAccounts(objAttrs["nr_disabled_accounts"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNrDisabledManagers(objAttrs["nr_disabled_managers"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNrExpiredVaultRecords(objAttrs["nr_expired_vault_records"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNrManagers(objAttrs["nr_managers"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNrVaultRecordsWithEndDate(objAttrs["nr_vault_records_with_end_date"].(basetypes.Int64Value).ValueInt64Pointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupClassificationPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupClassificationPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupClassificationPrimerable
+	tkh = keyhubmodel.NewGroupGroupClassificationPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupClient(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupClientable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupClientable
+	tkh = keyhubmodel.NewGroupGroupClient()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetActivationRequired(objAttrs["activation_required"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := findClientClientApplicationPrimerByUUID(ctx, objAttrs["client_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetClient(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["group_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetGroup(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["owner_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["technical_administrator_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetTechnicalAdministrator(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSGroupGroupClient_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupClientLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupClientLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupClientLinkableWrapperable
+	tkh = keyhubmodel.NewGroupGroupClientLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupClientable {
+			tkh, d := tfObjectToTKHRSGroupGroupClient(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupClient_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupClient_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupClient_additionalObjectsable
+	tkh = keyhubmodel.NewGroupGroupClient_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupInfo(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupInfoable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupInfoable
+	tkh = keyhubmodel.NewGroupGroupInfo()
+	tkh.SetNrAccounts(int64PToInt32P(objAttrs["nr_accounts"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetNrAccountsWithVault(int64PToInt32P(objAttrs["nr_accounts_with_vault"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetNrAudits(int64PToInt32P(objAttrs["nr_audits"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetNrClients(int64PToInt32P(objAttrs["nr_clients"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetNrProvisionedSystems(int64PToInt32P(objAttrs["nr_provisioned_systems"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetNrVaultRecords(int64PToInt32P(objAttrs["nr_vault_records"].(basetypes.Int64Value).ValueInt64Pointer()))
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupLinkableWrapperable
+	tkh = keyhubmodel.NewGroupGroupLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupable {
+			tkh, d := tfObjectToTKHRSGroupGroup(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupPrimerable
+	tkh = keyhubmodel.NewGroupGroupPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAdmin(objAttrs["admin"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroupPrimerLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroupPrimerLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroupPrimerLinkableWrapperable
+	tkh = keyhubmodel.NewGroupGroupPrimerLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupGroupPrimerable {
+			tkh, d := tfObjectToTKHRSGroupGroupPrimer(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupGroup_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupGroup_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupGroup_additionalObjectsable
+	tkh = keyhubmodel.NewGroupGroup_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSGroupGroupAccountLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["accounts"]))
+		diags.Append(d...)
+		tkh.SetAccounts(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSClientClientApplicationLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["administered_clients"]))
+		diags.Append(d...)
+		tkh.SetAdministeredClients(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSProvisioningProvisionedSystemLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["administered_systems"]))
+		diags.Append(d...)
+		tkh.SetAdministeredSystems(val)
+	}
+	{
+		val, d := tfObjectToTKHRSGroupGroupAccountLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["admins"]))
+		diags.Append(d...)
+		tkh.SetAdmins(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHRSGroupAuthorizedGroupsWrapper(ctx, recurse, objAttrs["authorized_groups"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAuthorizedGroups(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "group.AuthorizedGroupsWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSClientOAuth2ClientPermissionWithClientLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["client_permissions"]))
+		diags.Append(d...)
+		tkh.SetClientPermissions(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSGroupGroupClientLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["clients"]))
+		diags.Append(d...)
+		tkh.SetClients(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSProvisioningProvisionedSystemLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["content_administered_systems"]))
+		diags.Append(d...)
+		tkh.SetContentAdministeredSystems(val)
+	}
+	{
+		val, d := tfObjectToTKHRSGroupGroupAuditingInfo(ctx, recurse, objAttrs["groupauditinginfo"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetGroupauditinginfo(val)
+	}
+	{
+		val, d := tfObjectToTKHRSGroupGroupInfo(ctx, recurse, objAttrs["groupinfo"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetGroupinfo(val)
+	}
+	{
+		val, d := tfObjectToTKHRSDirectoryAccountDirectorySummaryLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["helpdesk"]))
+		diags.Append(d...)
+		tkh.SetHelpdesk(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSMarkItemMarkers(ctx, recurse, objAttrs["markers"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetMarkers(val)
+	}
+	{
+		val, d := tfObjectToTKHRSGroupGroupAccount(ctx, recurse, objAttrs["myaccount"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetMyaccount(val)
+	}
+	{
+		val, d := tfObjectToTKHRSGroupGroupAccount(ctx, recurse, objAttrs["mydelegatedaccount"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetMydelegatedaccount(val)
+	}
+	{
+		val, d := tfObjectToTKHRSGroupGroupPrimerLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["nested_groups"]))
+		diags.Append(d...)
+		tkh.SetNestedGroups(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSClientClientApplicationLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["owned_clients"]))
+		diags.Append(d...)
+		tkh.SetOwnedClients(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSDirectoryAccountDirectoryLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["owned_directories"]))
+		diags.Append(d...)
+		tkh.SetOwnedDirectories(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSProvisioningOwnedGroupOnSystemsWrapper(ctx, recurse, objAttrs["owned_groups_on_system"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetOwnedGroupsOnSystem(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "provisioning.OwnedGroupOnSystemsWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSOrganizationOrganizationalUnitLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["owned_organizational_units"]))
+		diags.Append(d...)
+		tkh.SetOwnedOrganizationalUnits(val)
+	}
+	{
+		val, d := tfObjectToTKHRSProvisioningProvisionedSystemLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["owned_systems"]))
+		diags.Append(d...)
+		tkh.SetOwnedSystems(val)
+	}
+	{
+		val, d := tfObjectToTKHRSGroupGroupAuditLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["recent_audits"]))
+		diags.Append(d...)
+		tkh.SetRecentAudits(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := parseCastPointer(objAttrs["requeststatus"].(basetypes.StringValue), keyhubmodel.ParseGroupGroupRequestStatus, func(val any) keyhubmodel.GroupGroupRequestStatus { return *val.(*keyhubmodel.GroupGroupRequestStatus) })
+		diags.Append(d...)
+		tkh.SetRequeststatus(val)
+	}
+	{
+		val, d := tfObjectToTKHRSServiceaccountServiceAccountLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["service_accounts"]))
+		diags.Append(d...)
+		tkh.SetServiceAccounts(val)
+	}
+	{
+		val, d := tfObjectToTKHRSGroupProvisioningGroupLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["systems"]))
+		diags.Append(d...)
+		tkh.SetSystems(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSVaultVault(ctx, recurse, objAttrs["vault"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetVault(val)
+	}
+	{
+		val, d := tfObjectToTKHRSWebhookWebhookLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["webhooks"]))
+		diags.Append(d...)
+		tkh.SetWebhooks(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupProvisioningGroup(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupProvisioningGroupable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupProvisioningGroupable
+	tkh = keyhubmodel.NewGroupProvisioningGroup()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetActivationRequired(objAttrs["activation_required"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["group_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetGroup(val)
+	}
+	{
+		val, d := tfObjectToTKHRSProvisioningGroupOnSystem(ctx, false, objAttrs["group_on_system"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetGroupOnSystem(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSGroupProvisioningGroup_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupProvisioningGroupLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupProvisioningGroupLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupProvisioningGroupLinkableWrapperable
+	tkh = keyhubmodel.NewGroupProvisioningGroupLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.GroupProvisioningGroupable {
+			tkh, d := tfObjectToTKHRSGroupProvisioningGroup(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupProvisioningGroup_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.GroupProvisioningGroup_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.GroupProvisioningGroup_additionalObjectsable
+	tkh = keyhubmodel.NewGroupProvisioningGroup_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSGroupVaultVaultRecord(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordable
+	tkh = keyhubmodel.NewVaultVaultRecord()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["color"].(basetypes.StringValue), keyhubmodel.ParseVaultVaultRecordColor, func(val any) keyhubmodel.VaultVaultRecordColor { return *val.(*keyhubmodel.VaultVaultRecordColor) })
+		diags.Append(d...)
+		tkh.SetColor(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["share_end_time"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetShareEndTime(val)
+	}
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDerived(objAttrs["derived"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parsePointer2(objAttrs["end_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetEndDate(val)
+	}
+	tkh.SetFilename(objAttrs["filename"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["types"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.VaultVaultSecretType {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseVaultVaultSecretType, func(val any) keyhubmodel.VaultVaultSecretType { return *val.(*keyhubmodel.VaultVaultSecretType) })
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetTypes(val)
+	}
+	tkh.SetUrl(objAttrs["url"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["warning_period"].(basetypes.StringValue), keyhubmodel.ParseVaultVaultRecordWarningPeriod, func(val any) keyhubmodel.VaultVaultRecordWarningPeriod {
+			return *val.(*keyhubmodel.VaultVaultRecordWarningPeriod)
+		})
+		diags.Append(d...)
+		tkh.SetWarningPeriod(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSVaultVaultRecord_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSLaunchpadSsoApplicationLaunchpadTile(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.LaunchpadSsoApplicationLaunchpadTileable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.LaunchpadSsoApplicationLaunchpadTileable
+	tkh = keyhubmodel.NewLaunchpadSsoApplicationLaunchpadTile()
+	tkh.SetUri(objAttrs["uri"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSLaunchpadVaultRecordLaunchpadTile(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.LaunchpadVaultRecordLaunchpadTileable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	var tkh keyhubmodel.LaunchpadVaultRecordLaunchpadTileable
+	tkh = keyhubmodel.NewLaunchpadVaultRecordLaunchpadTile()
+	return tkh, diags
+}
+
+func tfObjectToTKHRSMarkItemMarker(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.MarkItemMarkerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.MarkItemMarkerable
+	tkh = keyhubmodel.NewMarkItemMarker()
+	{
+		val, d := parseCastPointer(objAttrs["level"].(basetypes.StringValue), keyhubmodel.ParseMarkItemMarkerLevel, func(val any) keyhubmodel.MarkItemMarkerLevel { return *val.(*keyhubmodel.MarkItemMarkerLevel) })
+		diags.Append(d...)
+		tkh.SetLevel(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseMarkItemMarkerType, func(val any) keyhubmodel.MarkItemMarkerType { return *val.(*keyhubmodel.MarkItemMarkerType) })
+		diags.Append(d...)
+		tkh.SetMarkItemMarkerType(val)
+	}
+	{
+		val, d := tfToMap(objAttrs["parameters"].(basetypes.MapValue), func(val attr.Value, diags *diag.Diagnostics) any {
+			return val.(basetypes.StringValue).ValueString()
+		}, keyhubmodel.NewMarkItemMarker_parameters())
+		diags.Append(d...)
+		tkh.SetParameters(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSMarkItemMarkers(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.MarkItemMarkersable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.MarkItemMarkersable
+	tkh = keyhubmodel.NewMarkItemMarkers()
+	{
+		val, d := tfToSlice(objAttrs["markers"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.MarkItemMarkerable {
+			tkh, d := tfObjectToTKHRSMarkItemMarker(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetMarkers(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSNestedProvisioningGroupOnSystem(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningGroupOnSystemable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningGroupOnSystemable
+	tkh = keyhubmodel.NewProvisioningGroupOnSystem()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetNameInSystem(objAttrs["name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseProvisioningGroupOnSystemType, func(val any) keyhubmodel.ProvisioningGroupOnSystemType {
+			return *val.(*keyhubmodel.ProvisioningGroupOnSystemType)
+		})
+		diags.Append(d...)
+		tkh.SetProvisioningGroupOnSystemPrimerType(val)
+	}
+	tkh.SetShortNameInSystem(objAttrs["short_name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["owner_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSProvisioningGroupOnSystem_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSOrganizationOrganizationalUnit(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.OrganizationOrganizationalUnitable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.OrganizationOrganizationalUnitable
+	tkh = keyhubmodel.NewOrganizationOrganizationalUnit()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDepth(int64PToInt32P(objAttrs["depth"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetDescription(objAttrs["description"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["owner_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	{
+		val, d := findOrganizationOrganizationalUnitPrimerByUUID(ctx, objAttrs["parent_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetParent(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSOrganizationOrganizationalUnit_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSOrganizationOrganizationalUnitLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.OrganizationOrganizationalUnitLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.OrganizationOrganizationalUnitLinkableWrapperable
+	tkh = keyhubmodel.NewOrganizationOrganizationalUnitLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.OrganizationOrganizationalUnitable {
+			tkh, d := tfObjectToTKHRSOrganizationOrganizationalUnit(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSOrganizationOrganizationalUnitPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.OrganizationOrganizationalUnitPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.OrganizationOrganizationalUnitPrimerable
+	tkh = keyhubmodel.NewOrganizationOrganizationalUnitPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSOrganizationOrganizationalUnitPrimerLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.OrganizationOrganizationalUnitPrimerLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.OrganizationOrganizationalUnitPrimerLinkableWrapperable
+	tkh = keyhubmodel.NewOrganizationOrganizationalUnitPrimerLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.OrganizationOrganizationalUnitPrimerable {
+			tkh, d := tfObjectToTKHRSOrganizationOrganizationalUnitPrimer(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSOrganizationOrganizationalUnit_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.OrganizationOrganizationalUnit_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.OrganizationOrganizationalUnit_additionalObjectsable
+	tkh = keyhubmodel.NewOrganizationOrganizationalUnit_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHRSOrganizationOrganizationalUnitPrimerLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["create_as_parent_of"]))
+		diags.Append(d...)
+		tkh.SetCreateAsParentOf(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningAbstractProvisionedLDAP(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningAbstractProvisionedLDAPable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningAbstractProvisionedLDAPable
+	tkh = keyhubmodel.NewProvisioningAbstractProvisionedLDAP()
+	{
+		val, d := tfToMap(objAttrs["attributes"].(basetypes.MapValue), func(val attr.Value, diags *diag.Diagnostics) any {
+			return val.(basetypes.StringValue).ValueString()
+		}, keyhubmodel.NewProvisioningAbstractProvisionedLDAP_attributes())
+		diags.Append(d...)
+		tkh.SetAttributes(val)
+	}
+	tkh.SetBaseDN(objAttrs["base_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetBindDN(objAttrs["bind_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetBindPassword(objAttrs["bind_password"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findCertificateCertificatePrimerByUUID(ctx, objAttrs["client_certificate_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetClientCertificate(val)
+	}
+	tkh.SetFailoverHost(objAttrs["failover_host"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findCertificateCertificatePrimerByUUID(ctx, objAttrs["failover_trusted_certificate_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetFailoverTrustedCertificate(val)
+	}
+	tkh.SetGroupDN(objAttrs["group_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetHost(objAttrs["host"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetObjectClasses(objAttrs["object_classes"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetPort(int64PToInt32P(objAttrs["port"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetServiceAccountDN(objAttrs["service_account_dn"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetSshPublicKeySupported(objAttrs["ssh_public_key_supported"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["tls"].(basetypes.StringValue), keyhubmodel.ParseTLSLevel, func(val any) keyhubmodel.TLSLevel { return *val.(*keyhubmodel.TLSLevel) })
+		diags.Append(d...)
+		tkh.SetTls(val)
+	}
+	{
+		val, d := findCertificateCertificatePrimerByUUID(ctx, objAttrs["trusted_certificate_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetTrustedCertificate(val)
+	}
+	tkh.SetUserDN(objAttrs["user_dn"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningCircuitBreakerStatistics(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningCircuitBreakerStatisticsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningCircuitBreakerStatisticsable
+	tkh = keyhubmodel.NewProvisioningCircuitBreakerStatistics()
+	tkh.SetNumberOfFailedCalls(objAttrs["number_of_failed_calls"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNumberOfNotPermittedCalls(objAttrs["number_of_not_permitted_calls"].(basetypes.Int64Value).ValueInt64Pointer())
+	tkh.SetNumberOfSuccessfulCalls(objAttrs["number_of_successful_calls"].(basetypes.Int64Value).ValueInt64Pointer())
+	{
+		val, d := parseCastPointer(objAttrs["state"].(basetypes.StringValue), keyhubmodel.ParseProvisioningCircuitBreakerState, func(val any) keyhubmodel.ProvisioningCircuitBreakerState {
+			return *val.(*keyhubmodel.ProvisioningCircuitBreakerState)
+		})
+		diags.Append(d...)
+		tkh.SetState(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningGroupOnSystem(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningGroupOnSystemable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningGroupOnSystemable
+	tkh = keyhubmodel.NewProvisioningGroupOnSystem()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetNameInSystem(objAttrs["name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseProvisioningGroupOnSystemType, func(val any) keyhubmodel.ProvisioningGroupOnSystemType {
+			return *val.(*keyhubmodel.ProvisioningGroupOnSystemType)
+		})
+		diags.Append(d...)
+		tkh.SetProvisioningGroupOnSystemPrimerType(val)
+	}
+	tkh.SetShortNameInSystem(objAttrs["short_name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["owner_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSProvisioningGroupOnSystem_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningGroupOnSystemLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningGroupOnSystemLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningGroupOnSystemLinkableWrapperable
+	tkh = keyhubmodel.NewProvisioningGroupOnSystemLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ProvisioningGroupOnSystemable {
+			tkh, d := tfObjectToTKHRSProvisioningGroupOnSystem(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningGroupOnSystemPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningGroupOnSystemPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningGroupOnSystemPrimerable
+	tkh = keyhubmodel.NewProvisioningGroupOnSystemPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetNameInSystem(objAttrs["name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseProvisioningGroupOnSystemType, func(val any) keyhubmodel.ProvisioningGroupOnSystemType {
+			return *val.(*keyhubmodel.ProvisioningGroupOnSystemType)
+		})
+		diags.Append(d...)
+		tkh.SetProvisioningGroupOnSystemPrimerType(val)
+	}
+	tkh.SetShortNameInSystem(objAttrs["short_name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningGroupOnSystemTypes(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningGroupOnSystemTypesable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningGroupOnSystemTypesable
+	tkh = keyhubmodel.NewProvisioningGroupOnSystemTypes()
+	{
+		val, d := tfToSlice(objAttrs["types"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ProvisioningGroupOnSystemType {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseProvisioningGroupOnSystemType, func(val any) keyhubmodel.ProvisioningGroupOnSystemType {
+				return *val.(*keyhubmodel.ProvisioningGroupOnSystemType)
+			})
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetTypes(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningGroupOnSystem_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningGroupOnSystem_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningGroupOnSystem_additionalObjectsable
+	tkh = keyhubmodel.NewProvisioningGroupOnSystem_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHRSGroupProvisioningGroupLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["provgroups"]))
+		diags.Append(d...)
+		tkh.SetProvgroups(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSServiceaccountServiceAccountPrimerLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["service_accounts"]))
+		diags.Append(d...)
+		tkh.SetServiceAccounts(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningOwnedGroupOnSystemsWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningOwnedGroupOnSystemsWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningOwnedGroupOnSystemsWrapperable
+	tkh = keyhubmodel.NewProvisioningOwnedGroupOnSystemsWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ProvisioningGroupOnSystemable {
+			tkh, d := tfObjectToTKHRSProvisioningGroupOnSystem(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	tkh.SetUnlinkedCount(objAttrs["unlinked_count"].(basetypes.Int64Value).ValueInt64Pointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionNumberSequence(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionNumberSequenceable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionNumberSequenceable
+	tkh = keyhubmodel.NewProvisioningProvisionNumberSequence()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAccountCount(int64PToInt32P(objAttrs["account_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetNextUID(objAttrs["next_uid"].(basetypes.Int64Value).ValueInt64Pointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSProvisioningProvisionNumberSequence_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionNumberSequence_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionNumberSequence_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionNumberSequence_additionalObjectsable
+	tkh = keyhubmodel.NewProvisioningProvisionNumberSequence_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHRSProvisioningProvisionedSystemPrimerLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["systems"]))
+		diags.Append(d...)
+		tkh.SetSystems(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedAD(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedADable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedADable
+	tkh = keyhubmodel.NewProvisioningProvisionedAD()
+	{
+		val, d := parseCastPointer(objAttrs["sam_account_name_scheme"].(basetypes.StringValue), keyhubmodel.ParseProvisioningADSamAccountNameScheme, func(val any) keyhubmodel.ProvisioningADSamAccountNameScheme {
+			return *val.(*keyhubmodel.ProvisioningADSamAccountNameScheme)
+		})
+		diags.Append(d...)
+		tkh.SetSamAccountNameScheme(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedAccount(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedAccountable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedAccountable
+	tkh = keyhubmodel.NewProvisioningProvisionedAccount()
+	{
+		val, d := findAuthAccountPrimerByUUID(ctx, objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		if val != nil {
+			dtype := tkh.GetTypeEscaped()
+			(*tkh.(*keyhubmodel.ProvisioningProvisionedAccount)).AuthAccountPrimer = *(val.(*keyhubmodel.AuthAccountPrimer))
+			tkh.SetTypeEscaped(dtype)
+		}
+	}
+	tkh.SetUid(objAttrs["uid"].(basetypes.Int64Value).ValueInt64Pointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSProvisioningProvisionedAccount_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedAccount_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedAccount_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedAccount_additionalObjectsable
+	tkh = keyhubmodel.NewProvisioningProvisionedAccount_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedAzureOIDCDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedAzureOIDCDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedAzureOIDCDirectoryable
+	tkh = keyhubmodel.NewProvisioningProvisionedAzureOIDCDirectory()
+	{
+		val, d := findDirectoryAccountDirectoryPrimerByUUID(ctx, objAttrs["directory_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetDirectory(val)
+	}
+	tkh.SetTenant(objAttrs["tenant"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedAzureSyncLDAPDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedAzureSyncLDAPDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedAzureSyncLDAPDirectoryable
+	tkh = keyhubmodel.NewProvisioningProvisionedAzureSyncLDAPDirectory()
+	tkh.SetClientId(objAttrs["client_id"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetClientSecret(objAttrs["client_secret"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findDirectoryAccountDirectoryPrimerByUUID(ctx, objAttrs["directory_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetDirectory(val)
+	}
+	tkh.SetTenant(objAttrs["tenant"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedAzureTenant(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedAzureTenantable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedAzureTenantable
+	tkh = keyhubmodel.NewProvisioningProvisionedAzureTenant()
+	tkh.SetClientId(objAttrs["client_id"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetClientSecret(objAttrs["client_secret"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetIdpDomain(objAttrs["idp_domain"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetTenant(objAttrs["tenant"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedInternalLDAP(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedInternalLDAPable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedInternalLDAPable
+	tkh = keyhubmodel.NewProvisioningProvisionedInternalLDAP()
+	{
+		val, d := findClientLdapClientByUUID(ctx, objAttrs["client_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetClient(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedLDAP(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedLDAPable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedLDAPable
+	tkh = keyhubmodel.NewProvisioningProvisionedLDAP()
+	tkh.SetGid(objAttrs["gid"].(basetypes.Int64Value).ValueInt64Pointer())
+	{
+		val, d := parseCastPointer(objAttrs["hashing_scheme"].(basetypes.StringValue), keyhubmodel.ParseProvisioningLDAPPasswordHashingScheme, func(val any) keyhubmodel.ProvisioningLDAPPasswordHashingScheme {
+			return *val.(*keyhubmodel.ProvisioningLDAPPasswordHashingScheme)
+		})
+		diags.Append(d...)
+		tkh.SetHashingScheme(val)
+	}
+	{
+		val, d := tfObjectToTKHRSProvisioningProvisionNumberSequence(ctx, recurse, objAttrs["numbering"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetNumbering(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedLDAPDirectory(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedLDAPDirectoryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedLDAPDirectoryable
+	tkh = keyhubmodel.NewProvisioningProvisionedLDAPDirectory()
+	{
+		val, d := findDirectoryAccountDirectoryPrimerByUUID(ctx, objAttrs["directory_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetDirectory(val)
+	}
+	tkh.SetGroupDN(objAttrs["group_dn"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedSystem(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedSystemable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedSystemable
+	tkh = keyhubmodel.NewProvisioningProvisionedSystem()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findOrganizationOrganizationalUnitPrimerByUUID(ctx, objAttrs["organizational_unit_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetOrganizationalUnit(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseProvisioningProvisionedSystemType, func(val any) keyhubmodel.ProvisioningProvisionedSystemType {
+			return *val.(*keyhubmodel.ProvisioningProvisionedSystemType)
+		})
+		diags.Append(d...)
+		tkh.SetProvisioningProvisionedSystemPrimerType(val)
+	}
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetAccountCount(int64PToInt32P(objAttrs["account_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["content_administrator_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetContentAdministrator(val)
+	}
+	{
+		val, d := parsePointer(objAttrs["external_uuid"].(basetypes.StringValue), uuid.Parse)
+		diags.Append(d...)
+		tkh.SetExternalUuid(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["owner_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetOwner(val)
+	}
+	tkh.SetSelfServiceExistingGroups(objAttrs["self_service_existing_groups"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetSelfServiceNewGroups(objAttrs["self_service_new_groups"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetSelfServiceServiceAccounts(objAttrs["self_service_service_accounts"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetShouldDestroyUnknownAccounts(objAttrs["should_destroy_unknown_accounts"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["technical_administrator_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetTechnicalAdministrator(val)
+	}
+	tkh.SetUsernamePrefix(objAttrs["username_prefix"].(basetypes.StringValue).ValueStringPointer())
+	if !objAttrs["abstract_provisioned_ldap"].IsNull() {
+		val, d := tfObjectToTKHRSProvisioningAbstractProvisionedLDAP(ctx, false, objAttrs["abstract_provisioned_ldap"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningAbstractProvisionedLDAP)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_a_d"].IsNull() {
+		val, d := tfObjectToTKHRSProvisioningProvisionedAD(ctx, false, objAttrs["provisioned_a_d"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedAD)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_azure_oidc_directory"].IsNull() {
+		val, d := tfObjectToTKHRSProvisioningProvisionedAzureOIDCDirectory(ctx, false, objAttrs["provisioned_azure_oidc_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedAzureOIDCDirectory)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_azure_sync_ldap_directory"].IsNull() {
+		val, d := tfObjectToTKHRSProvisioningProvisionedAzureSyncLDAPDirectory(ctx, false, objAttrs["provisioned_azure_sync_ldap_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedAzureSyncLDAPDirectory)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_azure_tenant"].IsNull() {
+		val, d := tfObjectToTKHRSProvisioningProvisionedAzureTenant(ctx, false, objAttrs["provisioned_azure_tenant"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedAzureTenant)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_internal_ldap"].IsNull() {
+		val, d := tfObjectToTKHRSProvisioningProvisionedInternalLDAP(ctx, false, objAttrs["provisioned_internal_ldap"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedInternalLDAP)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_ldap"].IsNull() {
+		val, d := tfObjectToTKHRSProvisioningProvisionedLDAP(ctx, false, objAttrs["provisioned_ldap"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedLDAP)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if !objAttrs["provisioned_ldap_directory"].IsNull() {
+		val, d := tfObjectToTKHRSProvisioningProvisionedLDAPDirectory(ctx, false, objAttrs["provisioned_ldap_directory"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		dtype := val.GetTypeEscaped()
+		(*val.(*keyhubmodel.ProvisioningProvisionedLDAPDirectory)).ProvisioningProvisionedSystem = *tkh.(*keyhubmodel.ProvisioningProvisionedSystem)
+		val.SetTypeEscaped(dtype)
+		tkh = val
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSProvisioningProvisionedSystem_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedSystemLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedSystemLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedSystemLinkableWrapperable
+	tkh = keyhubmodel.NewProvisioningProvisionedSystemLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ProvisioningProvisionedSystemable {
+			tkh, d := tfObjectToTKHRSProvisioningProvisionedSystem(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedSystemPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedSystemPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedSystemPrimerable
+	tkh = keyhubmodel.NewProvisioningProvisionedSystemPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findOrganizationOrganizationalUnitPrimerByUUID(ctx, objAttrs["organizational_unit_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetOrganizationalUnit(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseProvisioningProvisionedSystemType, func(val any) keyhubmodel.ProvisioningProvisionedSystemType {
+			return *val.(*keyhubmodel.ProvisioningProvisionedSystemType)
+		})
+		diags.Append(d...)
+		tkh.SetProvisioningProvisionedSystemPrimerType(val)
+	}
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedSystemPrimerLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedSystemPrimerLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedSystemPrimerLinkableWrapperable
+	tkh = keyhubmodel.NewProvisioningProvisionedSystemPrimerLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ProvisioningProvisionedSystemPrimerable {
+			tkh, d := tfObjectToTKHRSProvisioningProvisionedSystemPrimer(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisionedSystem_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisionedSystem_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisionedSystem_additionalObjectsable
+	tkh = keyhubmodel.NewProvisioningProvisionedSystem_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSProvisioningProvisionedAccount(ctx, recurse, objAttrs["account"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAccount(val)
+	}
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHRSClientOAuth2ClientPermissionWithClientLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["issued_permissions"]))
+		diags.Append(d...)
+		tkh.SetIssuedPermissions(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	tkh.SetLoginName(objAttrs["login_name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfObjectToTKHRSProvisioningProvisioningManagementPermissions(ctx, recurse, objAttrs["management_permissions"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetManagementPermissions(val)
+	}
+	{
+		val, d := tfObjectToTKHRSMarkItemMarkers(ctx, recurse, objAttrs["markers"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetMarkers(val)
+	}
+	{
+		val, d := tfObjectToTKHRSProvisioningCircuitBreakerStatistics(ctx, recurse, objAttrs["statistics"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetStatistics(val)
+	}
+	{
+		val, d := tfObjectToTKHRSProvisioningGroupOnSystemTypes(ctx, recurse, objAttrs["supported_group_types"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSupportedGroupTypes(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSProvisioningProvisioningManagementPermissions(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ProvisioningProvisioningManagementPermissionsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ProvisioningProvisioningManagementPermissionsable
+	tkh = keyhubmodel.NewProvisioningProvisioningManagementPermissions()
+	tkh.SetCreateNewGroupsAllowed(objAttrs["create_new_groups_allowed"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetCreateServiceAccountsAllowed(objAttrs["create_service_accounts_allowed"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetReuseExistingGroupsAllowed(objAttrs["reuse_existing_groups_allowed"].(basetypes.BoolValue).ValueBoolPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSServiceaccountServiceAccount(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountable
+	tkh = keyhubmodel.NewServiceaccountServiceAccount()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findProvisioningProvisionedSystemPrimerByUUID(ctx, objAttrs["system_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetSystem(val)
+	}
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDescription(objAttrs["description"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findVaultVaultRecordPrimerByUUID(ctx, objAttrs["password_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetPassword(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["password_rotation"].(basetypes.StringValue), keyhubmodel.ParseServiceaccountPasswordRotationScheme, func(val any) keyhubmodel.ServiceaccountPasswordRotationScheme {
+			return *val.(*keyhubmodel.ServiceaccountPasswordRotationScheme)
+		})
+		diags.Append(d...)
+		tkh.SetPasswordRotation(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["technical_administrator_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetTechnicalAdministrator(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSServiceaccountServiceAccount_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSServiceaccountServiceAccountGroup(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountGroupable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountGroupable
+	tkh = keyhubmodel.NewServiceaccountServiceAccountGroup()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetDisplayName(objAttrs["display_name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetNameInSystem(objAttrs["name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseProvisioningGroupOnSystemType, func(val any) keyhubmodel.ProvisioningGroupOnSystemType {
+			return *val.(*keyhubmodel.ProvisioningGroupOnSystemType)
+		})
+		diags.Append(d...)
+		tkh.SetProvisioningGroupOnSystemPrimerType(val)
+	}
+	tkh.SetShortNameInSystem(objAttrs["short_name_in_system"].(basetypes.StringValue).ValueStringPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSServiceaccountServiceAccountGroup_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSServiceaccountServiceAccountGroupLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountGroupLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountGroupLinkableWrapperable
+	tkh = keyhubmodel.NewServiceaccountServiceAccountGroupLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ServiceaccountServiceAccountGroupable {
+			tkh, d := tfObjectToTKHRSServiceaccountServiceAccountGroup(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSServiceaccountServiceAccountGroup_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountGroup_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountGroup_additionalObjectsable
+	tkh = keyhubmodel.NewServiceaccountServiceAccountGroup_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSServiceaccountServiceAccountLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountLinkableWrapperable
+	tkh = keyhubmodel.NewServiceaccountServiceAccountLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ServiceaccountServiceAccountable {
+			tkh, d := tfObjectToTKHRSServiceaccountServiceAccount(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSServiceaccountServiceAccountPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountPrimerable
+	tkh = keyhubmodel.NewServiceaccountServiceAccountPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findProvisioningProvisionedSystemPrimerByUUID(ctx, objAttrs["system_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetSystem(val)
+	}
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSServiceaccountServiceAccountPrimerLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccountPrimerLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccountPrimerLinkableWrapperable
+	tkh = keyhubmodel.NewServiceaccountServiceAccountPrimerLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.ServiceaccountServiceAccountPrimerable {
+			tkh, d := tfObjectToTKHRSServiceaccountServiceAccountPrimer(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSServiceaccountServiceAccount_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.ServiceaccountServiceAccount_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.ServiceaccountServiceAccount_additionalObjectsable
+	tkh = keyhubmodel.NewServiceaccountServiceAccount_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	{
+		val, d := tfObjectToTKHRSServiceaccountServiceAccountGroupLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["groups"]))
+		diags.Append(d...)
+		tkh.SetGroups(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSGeneratedSecret(ctx, recurse, objAttrs["secret"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSecret(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSVaultPasswordMetadata(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultPasswordMetadataable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultPasswordMetadataable
+	tkh = keyhubmodel.NewVaultPasswordMetadata()
+	tkh.SetDictionary(objAttrs["dictionary"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetDuplicate(objAttrs["duplicate"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetHash(objAttrs["hash"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetLength(int64PToInt32P(objAttrs["length"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetLowerCount(int64PToInt32P(objAttrs["lower_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetNumberCount(int64PToInt32P(objAttrs["number_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetSpecialCount(int64PToInt32P(objAttrs["special_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetStrength(int64PToInt32P(objAttrs["strength"].(basetypes.Int64Value).ValueInt64Pointer()))
+	tkh.SetUpperCount(int64PToInt32P(objAttrs["upper_count"].(basetypes.Int64Value).ValueInt64Pointer()))
+	return tkh, diags
+}
+
+func tfObjectToTKHRSVaultVault(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultable
+	tkh = keyhubmodel.NewVaultVault()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	tkh.SetAccessAvailable(objAttrs["access_available"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["records"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.VaultVaultRecordable {
+			tkh, d := findVaultVaultRecordByUUID(ctx, val.(basetypes.StringValue).ValueStringPointer())
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetRecords(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSVaultVaultHolder(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultHolderable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	var tkh keyhubmodel.VaultVaultHolderable
+	tkh = keyhubmodel.NewVaultVaultHolder()
+	return tkh, diags
+}
+
+func tfObjectToTKHRSVaultVaultRecord(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordable
+	tkh = keyhubmodel.NewVaultVaultRecord()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["color"].(basetypes.StringValue), keyhubmodel.ParseVaultVaultRecordColor, func(val any) keyhubmodel.VaultVaultRecordColor { return *val.(*keyhubmodel.VaultVaultRecordColor) })
+		diags.Append(d...)
+		tkh.SetColor(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["share_end_time"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetShareEndTime(val)
+	}
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetDerived(objAttrs["derived"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parsePointer2(objAttrs["end_date"].(basetypes.StringValue), serialization.ParseDateOnly)
+		diags.Append(d...)
+		tkh.SetEndDate(val)
+	}
+	tkh.SetFilename(objAttrs["filename"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToSlice(objAttrs["types"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.VaultVaultSecretType {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseVaultVaultSecretType, func(val any) keyhubmodel.VaultVaultSecretType { return *val.(*keyhubmodel.VaultVaultSecretType) })
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetTypes(val)
+	}
+	tkh.SetUrl(objAttrs["url"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUsername(objAttrs["username"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["warning_period"].(basetypes.StringValue), keyhubmodel.ParseVaultVaultRecordWarningPeriod, func(val any) keyhubmodel.VaultVaultRecordWarningPeriod {
+			return *val.(*keyhubmodel.VaultVaultRecordWarningPeriod)
+		})
+		diags.Append(d...)
+		tkh.SetWarningPeriod(val)
+	}
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSVaultVaultRecord_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSVaultVaultRecordPrimer(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordPrimerable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordPrimerable
+	tkh = keyhubmodel.NewVaultVaultRecordPrimer()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["color"].(basetypes.StringValue), keyhubmodel.ParseVaultVaultRecordColor, func(val any) keyhubmodel.VaultVaultRecordColor { return *val.(*keyhubmodel.VaultVaultRecordColor) })
+		diags.Append(d...)
+		tkh.SetColor(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := tfToTimePointer(objAttrs["share_end_time"].(basetypes.StringValue))
+		diags.Append(d...)
+		tkh.SetShareEndTime(val)
+	}
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSVaultVaultRecordPrimerLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordPrimerLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordPrimerLinkableWrapperable
+	tkh = keyhubmodel.NewVaultVaultRecordPrimerLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.VaultVaultRecordPrimerable {
+			tkh, d := tfObjectToTKHRSVaultVaultRecordPrimer(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSVaultVaultRecordSecrets(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordSecretsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordSecretsable
+	tkh = keyhubmodel.NewVaultVaultRecordSecrets()
+	tkh.SetComment(objAttrs["comment"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetFile(objAttrs["file"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetPassword(objAttrs["password"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetTotp(objAttrs["totp"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetWriteTotp(objAttrs["write_totp"].(basetypes.BoolValue).ValueBoolPointer())
+	return tkh, diags
+}
+
+func tfObjectToTKHRSVaultVaultRecordShare(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordShareable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordShareable
+	tkh = keyhubmodel.NewVaultVaultRecordShare()
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := parseCastPointer(objAttrs["type"].(basetypes.StringValue), keyhubmodel.ParseVaultVaultHolderType, func(val any) keyhubmodel.VaultVaultHolderType { return *val.(*keyhubmodel.VaultVaultHolderType) })
+		diags.Append(d...)
+		tkh.SetVaultVaultRecordShareType(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSVaultVaultRecordShareSummary(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecordShareSummaryable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecordShareSummaryable
+	tkh = keyhubmodel.NewVaultVaultRecordShareSummary()
+	{
+		val, d := tfToSlice(objAttrs["children"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.VaultVaultRecordShareable {
+			tkh, d := tfObjectToTKHRSVaultVaultRecordShare(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetChildren(val)
+	}
+	{
+		val, d := tfObjectToTKHRSVaultVaultRecordShare(ctx, recurse, objAttrs["parent"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetParent(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSVaultVaultRecord_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.VaultVaultRecord_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.VaultVaultRecord_additionalObjectsable
+	tkh = keyhubmodel.NewVaultVaultRecord_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	tkh.SetDeleteTile(objAttrs["delete_tile"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := findVaultVaultRecordPrimerByUUID(ctx, objAttrs["parent_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetParent(val)
+	}
+	{
+		val, d := tfObjectToTKHRSVaultPasswordMetadata(ctx, recurse, objAttrs["password_metadata"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetPasswordMetadata(val)
+	}
+	{
+		val, d := tfObjectToTKHRSVaultVaultRecordSecrets(ctx, recurse, objAttrs["secret"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetSecret(val)
+	}
+	{
+		val, d := tfObjectToTKHRSVaultVaultRecordShareSummary(ctx, recurse, objAttrs["share_summary"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetShareSummary(val)
+	}
+	{
+		val, d := tfObjectToTKHRSVaultVaultRecordPrimerLinkableWrapper(ctx, recurse, toItemsList(ctx, objAttrs["shares"]))
+		diags.Append(d...)
+		tkh.SetShares(val)
+		if val != nil {
+			val.SetAdditionalData(map[string]any{"$type": "LinkableWrapper"})
+		}
+	}
+	{
+		val, d := tfObjectToTKHRSLaunchpadVaultRecordLaunchpadTile(ctx, recurse, objAttrs["tile"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetTile(val)
+	}
+	{
+		val, d := tfObjectToTKHRSVaultVaultHolder(ctx, recurse, objAttrs["vaultholder"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetVaultholder(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSWebhookWebhook(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.WebhookWebhookable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.WebhookWebhookable
+	tkh = keyhubmodel.NewWebhookWebhook()
+	{
+		val, d := tfToSlice(objAttrs["links"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.RestLinkable {
+			tkh, d := tfObjectToTKHRSRestLink(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetLinks(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["permissions"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuthPermissionable {
+			tkh, d := tfObjectToTKHRSAuthPermission(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetPermissions(val)
+	}
+	{
+		val, d := findAuthAccountPrimerByUUID(ctx, objAttrs["account_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetAccount(val)
+	}
+	tkh.SetActive(objAttrs["active"].(basetypes.BoolValue).ValueBoolPointer())
+	tkh.SetAllTypes(objAttrs["all_types"].(basetypes.BoolValue).ValueBoolPointer())
+	{
+		val, d := parseCastPointer(objAttrs["authentication_scheme"].(basetypes.StringValue), keyhubmodel.ParseWebhookWebhookAuthenticationScheme, func(val any) keyhubmodel.WebhookWebhookAuthenticationScheme {
+			return *val.(*keyhubmodel.WebhookWebhookAuthenticationScheme)
+		})
+		diags.Append(d...)
+		tkh.SetAuthenticationScheme(val)
+	}
+	tkh.SetBasicAuthPassword(objAttrs["basic_auth_password"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetBasicAuthUsername(objAttrs["basic_auth_username"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetBearerToken(objAttrs["bearer_token"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findClientClientApplicationPrimerByUUID(ctx, objAttrs["client_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetClient(val)
+	}
+	{
+		val, d := findCertificateCertificatePrimerByUUID(ctx, objAttrs["client_certificate_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetClientCertificate(val)
+	}
+	tkh.SetCustomHeaderName(objAttrs["custom_header_name"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetCustomHeaderValue(objAttrs["custom_header_value"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findDirectoryAccountDirectoryPrimerByUUID(ctx, objAttrs["directory_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetDirectory(val)
+	}
+	{
+		val, d := findGroupGroupPrimerByUUID(ctx, objAttrs["group_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetGroup(val)
+	}
+	tkh.SetName(objAttrs["name"].(basetypes.StringValue).ValueStringPointer())
+	{
+		val, d := findProvisioningProvisionedSystemPrimerByUUID(ctx, objAttrs["system_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetSystem(val)
+	}
+	{
+		val, d := parseCastPointer(objAttrs["tls"].(basetypes.StringValue), keyhubmodel.ParseTLSLevel, func(val any) keyhubmodel.TLSLevel { return *val.(*keyhubmodel.TLSLevel) })
+		diags.Append(d...)
+		tkh.SetTls(val)
+	}
+	{
+		val, d := findCertificateCertificatePrimerByUUID(ctx, objAttrs["trusted_certificate_uuid"].(basetypes.StringValue).ValueStringPointer())
+		diags.Append(d...)
+		tkh.SetTrustedCertificate(val)
+	}
+	{
+		val, d := tfToSlice(objAttrs["types"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.AuditAuditRecordType {
+			tkh, d := parseCast(val.(basetypes.StringValue), keyhubmodel.ParseAuditAuditRecordType, func(val any) keyhubmodel.AuditAuditRecordType { return *val.(*keyhubmodel.AuditAuditRecordType) })
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetTypes(val)
+	}
+	tkh.SetUrl(objAttrs["url"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetUuid(objAttrs["uuid"].(basetypes.StringValue).ValueStringPointer())
+	tkh.SetVerbosePayloads(objAttrs["verbose_payloads"].(basetypes.BoolValue).ValueBoolPointer())
+	if recurse {
+		{
+			val, d := tfObjectToTKHRSWebhookWebhook_additionalObjects(ctx, false, objVal)
+			diags.Append(d...)
+			tkh.SetAdditionalObjects(val)
+		}
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSWebhookWebhookLinkableWrapper(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.WebhookWebhookLinkableWrapperable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.WebhookWebhookLinkableWrapperable
+	tkh = keyhubmodel.NewWebhookWebhookLinkableWrapper()
+	{
+		val, d := tfToSlice(objAttrs["items"].(basetypes.ListValue), func(val attr.Value, diags *diag.Diagnostics) keyhubmodel.WebhookWebhookable {
+			tkh, d := tfObjectToTKHRSWebhookWebhook(ctx, recurse, val.(basetypes.ObjectValue))
+			diags.Append(d...)
+			return tkh
+		})
+		diags.Append(d...)
+		tkh.SetItems(val)
+	}
+	return tkh, diags
+}
+
+func tfObjectToTKHRSWebhookWebhook_additionalObjects(ctx context.Context, recurse bool, objVal types.Object) (keyhubmodel.WebhookWebhook_additionalObjectsable, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	if objVal.IsNull() || objVal.IsUnknown() {
+		return nil, diags
+	}
+	objAttrs := objVal.Attributes()
+	var tkh keyhubmodel.WebhookWebhook_additionalObjectsable
+	tkh = keyhubmodel.NewWebhookWebhook_additionalObjects()
+	{
+		val, d := tfObjectToTKHRSAuditInfo(ctx, recurse, objAttrs["audit"].(basetypes.ObjectValue))
+		diags.Append(d...)
+		tkh.SetAudit(val)
+	}
+	return tkh, diags
+}
diff --git a/internal/provider/full-tkh-to-tf-ds.go b/internal/provider/full-tkh-to-tf-ds.go
new file mode 100644
index 0000000..631a35d
--- /dev/null
+++ b/internal/provider/full-tkh-to-tf-ds.go
@@ -0,0 +1,4907 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"golang.org/x/exp/maps"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	keyhubmodel "github.com/topicuskeyhub/sdk-go/models"
+)
+
+func tkhToTFObjectDSAuditInfo(recurse bool, tkh keyhubmodel.AuditInfoable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = auditInfoAttrTypesDSRecurse
+	} else {
+		attrs = auditInfoAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["created_at"] = timePointerToTF(tkh.GetCreatedAt())
+	obj["created_by"] = types.StringPointerValue(tkh.GetCreatedBy())
+	obj["last_modified_at"] = timePointerToTF(tkh.GetLastModifiedAt())
+	obj["last_modified_by"] = types.StringPointerValue(tkh.GetLastModifiedBy())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGeneratedSecret(recurse bool, tkh keyhubmodel.GeneratedSecretable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = generatedSecretAttrTypesDSRecurse
+	} else {
+		attrs = generatedSecretAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["generated_secret"] = types.StringPointerValue(tkh.GetGeneratedSecret())
+	obj["old_secret"] = types.StringPointerValue(tkh.GetOldSecret())
+	obj["regenerate"] = types.BoolPointerValue(tkh.GetRegenerate())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSLinkable(recurse bool, tkh keyhubmodel.Linkableable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = linkableAttrTypesDSRecurse
+	} else {
+		attrs = linkableAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSNonLinkable(recurse bool, tkh keyhubmodel.NonLinkableable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = nonLinkableAttrTypesDSRecurse
+	} else {
+		attrs = nonLinkableAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSRestLink(recurse bool, tkh keyhubmodel.RestLinkable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = restLinkAttrTypesDSRecurse
+	} else {
+		attrs = restLinkAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["href"] = types.StringPointerValue(tkh.GetHref())
+	obj["id"] = types.Int64PointerValue(tkh.GetId())
+	obj["rel"] = types.StringPointerValue(tkh.GetRel())
+	obj["type_escaped"] = types.StringPointerValue(tkh.GetTypeEscaped())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSAuthAccount(recurse bool, tkh keyhubmodel.AuthAccountable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = authAccountAttrTypesDSRecurse
+	} else {
+		attrs = authAccountAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSAuthAccount_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["last_active"] = timePointerToTF(tkh.GetLastActive())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["validity"] = stringerToTF(tkh.GetValidity())
+	obj["additional"] = types.ListNull(types.StringType)
+	{
+		elemType := attrs["account_permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetAccountPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(false, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["account_permissions"] = val
+	}
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["can_request_groups"] = types.BoolPointerValue(tkh.GetCanRequestGroups())
+	{
+		val, d := tkhToTFObjectDSDirectoryAccountDirectoryPrimer(false, tkh.GetDirectory())
+		diags.Append(d...)
+		obj["directory"] = val
+	}
+	obj["directory_name"] = types.StringPointerValue(tkh.GetDirectoryName())
+	obj["directory_password_change_required"] = types.BoolPointerValue(tkh.GetDirectoryPasswordChangeRequired())
+	obj["directory_rotating_password"] = stringerToTF(tkh.GetDirectoryRotatingPassword())
+	obj["directory_type"] = stringerToTF(tkh.GetDirectoryType())
+	obj["email"] = types.StringPointerValue(tkh.GetEmail())
+	obj["id_in_directory"] = types.StringPointerValue(tkh.GetIdInDirectory())
+	obj["key_hub_password_change_required"] = types.BoolPointerValue(tkh.GetKeyHubPasswordChangeRequired())
+	obj["last_modified_at"] = timePointerToTF(tkh.GetLastModifiedAt())
+	obj["license_role"] = stringerToTF(tkh.GetLicenseRole())
+	obj["locale"] = types.StringPointerValue(tkh.GetLocale())
+	obj["reregistration_required"] = types.BoolPointerValue(tkh.GetReregistrationRequired())
+	obj["token_password_enabled"] = types.BoolPointerValue(tkh.GetTokenPasswordEnabled())
+	obj["two_factor_status"] = stringerToTF(tkh.GetTwoFactorStatus())
+	obj["valid_in_directory"] = types.BoolPointerValue(tkh.GetValidInDirectory())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSAuthAccountPrimer(recurse bool, tkh keyhubmodel.AuthAccountPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = authAccountPrimerAttrTypesDSRecurse
+	} else {
+		attrs = authAccountPrimerAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["last_active"] = timePointerToTF(tkh.GetLastActive())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["validity"] = stringerToTF(tkh.GetValidity())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSAuthAccountRecoveryStatus(recurse bool, tkh keyhubmodel.AuthAccountRecoveryStatusable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = authAccountRecoveryStatusAttrTypesDSRecurse
+	} else {
+		attrs = authAccountRecoveryStatusAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["pending2fa_recovery_request"] = types.BoolPointerValue(tkh.GetPending2FARecoveryRequest())
+	obj["pending_password_recovery_request"] = types.BoolPointerValue(tkh.GetPendingPasswordRecoveryRequest())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSAuthAccountSettings(recurse bool, tkh keyhubmodel.AuthAccountSettingsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = authAccountSettingsAttrTypesDSRecurse
+	} else {
+		attrs = authAccountSettingsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSOrganizationOrganizationalUnitPrimer(recurse, tkh.GetDefaultOrganizationalUnit())
+		diags.Append(d...)
+		obj["default_organizational_unit"] = val
+	}
+	obj["directory_name"] = types.StringPointerValue(tkh.GetDirectoryName())
+	obj["directory_type"] = stringerToTF(tkh.GetDirectoryType())
+	obj["in_groups"] = types.BoolPointerValue(tkh.GetInGroups())
+	obj["in_multiple_organizational_units"] = types.BoolPointerValue(tkh.GetInMultipleOrganizationalUnits())
+	obj["key_hub_admin"] = types.BoolPointerValue(tkh.GetKeyHubAdmin())
+	obj["multiple_organizational_units_exist"] = types.BoolPointerValue(tkh.GetMultipleOrganizationalUnitsExist())
+	obj["password_mode"] = stringerToTF(tkh.GetPasswordMode())
+	obj["ssh_public_key"] = types.StringPointerValue(tkh.GetSshPublicKey())
+	obj["two_factor_authentication"] = stringerToTF(tkh.GetTwoFactorAuthentication())
+	obj["use_token_password"] = types.BoolPointerValue(tkh.GetUseTokenPassword())
+	obj["vault_status"] = stringerToTF(tkh.GetVaultStatus())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSAuthAccount_additionalObjects(recurse bool, tkh keyhubmodel.AuthAccount_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = authAccount_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = authAccount_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["active_login"] = types.BoolPointerValue(tkh.GetActiveLogin())
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupAccountGroupLinkableWrapper(recurse, tkh.GetGroups())
+		diags.Append(d...)
+		obj["groups"] = getItemsAttr(val, attrs["groups"])
+	}
+	{
+		val, d := tkhToTFObjectDSAuthAccountRecoveryStatus(recurse, tkh.GetPendingRecoveryRequests())
+		diags.Append(d...)
+		obj["pending_recovery_requests"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSAuthAccountSettings(recurse, tkh.GetSettings())
+		diags.Append(d...)
+		obj["settings"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSAuthStoredAccountAttributes(recurse, tkh.GetStoredAttributes())
+		diags.Append(d...)
+		obj["stored_attributes"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSVaultVault(recurse, tkh.GetVault())
+		diags.Append(d...)
+		obj["vault"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSAuthPermission(recurse bool, tkh keyhubmodel.AuthPermissionable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = authPermissionAttrTypesDSRecurse
+	} else {
+		attrs = authPermissionAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["full"] = types.StringPointerValue(tkh.GetFull())
+	{
+		elemType := attrs["instances"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetInstances(), func(tkh string, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh)
+		})
+		diags.Append(d...)
+		obj["instances"] = val
+	}
+	{
+		elemType := attrs["operations"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetOperations(), func(tkh keyhubmodel.AuthPermittedOperation, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["operations"] = val
+	}
+	obj["type_escaped"] = types.StringPointerValue(tkh.GetTypeEscaped())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSAuthStoredAccountAttribute(recurse bool, tkh keyhubmodel.AuthStoredAccountAttributeable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = authStoredAccountAttributeAttrTypesDSRecurse
+	} else {
+		attrs = authStoredAccountAttributeAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["value"] = types.StringPointerValue(tkh.GetValue())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSAuthStoredAccountAttributes(recurse bool, tkh keyhubmodel.AuthStoredAccountAttributesable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = authStoredAccountAttributesAttrTypesDSRecurse
+	} else {
+		attrs = authStoredAccountAttributesAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["attributes"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetAttributes(), func(tkh keyhubmodel.AuthStoredAccountAttributeable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthStoredAccountAttribute(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["attributes"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSCertificateCertificate(recurse bool, tkh keyhubmodel.CertificateCertificateable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = certificateCertificateAttrTypesDSRecurse
+	} else {
+		attrs = certificateCertificateAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSCertificateCertificate_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["alias"] = types.StringPointerValue(tkh.GetAlias())
+	obj["type"] = stringerToTF(tkh.GetCertificateCertificatePrimerType())
+	{
+		elemType := attrs["certificate_data"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetCertificateData(), func(tkh string, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh)
+		})
+		diags.Append(d...)
+		obj["certificate_data"] = val
+	}
+	obj["expiration"] = timePointerToTF(tkh.GetExpiration())
+	obj["fingerprint_sha1"] = types.StringPointerValue(tkh.GetFingerprintSha1())
+	obj["fingerprint_sha256"] = types.StringPointerValue(tkh.GetFingerprintSha256())
+	obj["global"] = types.BoolPointerValue(tkh.GetGlobal())
+	obj["subject_dn"] = types.StringPointerValue(tkh.GetSubjectDN())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["additional"] = types.ListNull(types.StringType)
+	{
+		elemType := attrs["key_data"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetKeyData(), func(tkh string, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh)
+		})
+		diags.Append(d...)
+		obj["key_data"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSCertificateCertificatePrimer(recurse bool, tkh keyhubmodel.CertificateCertificatePrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = certificateCertificatePrimerAttrTypesDSRecurse
+	} else {
+		attrs = certificateCertificatePrimerAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["alias"] = types.StringPointerValue(tkh.GetAlias())
+	obj["type"] = stringerToTF(tkh.GetCertificateCertificatePrimerType())
+	{
+		elemType := attrs["certificate_data"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetCertificateData(), func(tkh string, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh)
+		})
+		diags.Append(d...)
+		obj["certificate_data"] = val
+	}
+	obj["expiration"] = timePointerToTF(tkh.GetExpiration())
+	obj["fingerprint_sha1"] = types.StringPointerValue(tkh.GetFingerprintSha1())
+	obj["fingerprint_sha256"] = types.StringPointerValue(tkh.GetFingerprintSha256())
+	obj["global"] = types.BoolPointerValue(tkh.GetGlobal())
+	obj["subject_dn"] = types.StringPointerValue(tkh.GetSubjectDN())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSCertificateCertificate_additionalObjects(recurse bool, tkh keyhubmodel.CertificateCertificate_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = certificateCertificate_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = certificateCertificate_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSClientClientApplication(recurse bool, tkh keyhubmodel.ClientClientApplicationable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientClientApplicationAttrTypesDSRecurse
+	} else {
+		attrs = clientClientApplicationAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSClientClientApplication_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["type"] = stringerToTF(tkh.GetClientClientApplicationPrimerType())
+	obj["client_id"] = types.StringPointerValue(tkh.GetClientId())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		elemType := attrs["scopes"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetScopes(), func(tkh string, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh)
+		})
+		diags.Append(d...)
+		obj["scopes"] = val
+	}
+	obj["sso_application"] = types.BoolPointerValue(tkh.GetSsoApplication())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["last_modified_at"] = timePointerToTF(tkh.GetLastModifiedAt())
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetOwner())
+		diags.Append(d...)
+		obj["owner"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetTechnicalAdministrator())
+		diags.Append(d...)
+		obj["technical_administrator"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ClientLdapClientable)
+		val, d := tkhToTFObjectDSClientLdapClient(false, tkhCast)
+		diags.Append(d...)
+		obj["ldap_client"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ClientOAuth2Clientable)
+		val, d := tkhToTFObjectDSClientOAuth2Client(false, tkhCast)
+		diags.Append(d...)
+		obj["o_auth2_client"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ClientSaml2Clientable)
+		val, d := tkhToTFObjectDSClientSaml2Client(false, tkhCast)
+		diags.Append(d...)
+		obj["saml2_client"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSClientClientApplicationLinkableWrapper(recurse bool, tkh keyhubmodel.ClientClientApplicationLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientClientApplicationLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = clientClientApplicationLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ClientClientApplicationable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSClientClientApplication(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSClientClientApplicationPrimer(recurse bool, tkh keyhubmodel.ClientClientApplicationPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientClientApplicationPrimerAttrTypesDSRecurse
+	} else {
+		attrs = clientClientApplicationPrimerAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["type"] = stringerToTF(tkh.GetClientClientApplicationPrimerType())
+	obj["client_id"] = types.StringPointerValue(tkh.GetClientId())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		elemType := attrs["scopes"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetScopes(), func(tkh string, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh)
+		})
+		diags.Append(d...)
+		obj["scopes"] = val
+	}
+	obj["sso_application"] = types.BoolPointerValue(tkh.GetSsoApplication())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSClientClientApplication_additionalObjects(recurse bool, tkh keyhubmodel.ClientClientApplication_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientClientApplication_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = clientClientApplication_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupClientLinkableWrapper(recurse, tkh.GetGroupclients())
+		diags.Append(d...)
+		obj["groupclients"] = getItemsAttr(val, attrs["groupclients"])
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupLinkableWrapper(recurse, tkh.GetGroups())
+		diags.Append(d...)
+		obj["groups"] = getItemsAttr(val, attrs["groups"])
+	}
+	{
+		val, d := tkhToTFObjectDSGeneratedSecret(recurse, tkh.GetSecret())
+		diags.Append(d...)
+		obj["secret"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSLaunchpadSsoApplicationLaunchpadTile(recurse, tkh.GetTile())
+		diags.Append(d...)
+		obj["tile"] = val
+	}
+	obj["vault_record_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetVaultRecordCount()))
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSClientLdapClient(recurse bool, tkh keyhubmodel.ClientLdapClientable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientLdapClientAttrTypesDSRecurse
+	} else {
+		attrs = clientLdapClientAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["bind_dn"] = types.StringPointerValue(tkh.GetBindDn())
+	{
+		val, d := tkhToTFObjectDSCertificateCertificatePrimer(recurse, tkh.GetClientCertificate())
+		diags.Append(d...)
+		obj["client_certificate"] = val
+	}
+	obj["share_secret_in_vault"] = types.BoolPointerValue(tkh.GetShareSecretInVault())
+	{
+		val, d := tkhToTFObjectDSVaultVaultRecordPrimer(recurse, tkh.GetSharedSecret())
+		diags.Append(d...)
+		obj["shared_secret"] = val
+	}
+	obj["used_for_provisioning"] = types.BoolPointerValue(tkh.GetUsedForProvisioning())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSClientOAuth2Client(recurse bool, tkh keyhubmodel.ClientOAuth2Clientable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientOAuth2ClientAttrTypesDSRecurse
+	} else {
+		attrs = clientOAuth2ClientAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["account_permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetAccountPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["account_permissions"] = val
+	}
+	{
+		elemType := attrs["attributes"].(types.MapType).ElemType
+		val, d := mapToTF(elemType, tkh.GetAttributes().GetAdditionalData(), func(tkh any, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.(string))
+		})
+		diags.Append(d...)
+		obj["attributes"] = val
+	}
+	obj["callback_uri"] = types.StringPointerValue(tkh.GetCallbackURI())
+	obj["confidential"] = types.BoolPointerValue(tkh.GetConfidential())
+	obj["debug_mode"] = types.BoolPointerValue(tkh.GetDebugMode())
+	obj["id_token_claims"] = types.StringPointerValue(tkh.GetIdTokenClaims())
+	obj["initiate_login_uri"] = types.StringPointerValue(tkh.GetInitiateLoginURI())
+	obj["resource_uris"] = types.StringPointerValue(tkh.GetResourceURIs())
+	obj["share_secret_in_vault"] = types.BoolPointerValue(tkh.GetShareSecretInVault())
+	{
+		val, d := tkhToTFObjectDSVaultVaultRecordPrimer(recurse, tkh.GetSharedSecret())
+		diags.Append(d...)
+		obj["shared_secret"] = val
+	}
+	obj["show_landing_page"] = types.BoolPointerValue(tkh.GetShowLandingPage())
+	obj["use_client_credentials"] = types.BoolPointerValue(tkh.GetUseClientCredentials())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSClientOAuth2ClientPermission(recurse bool, tkh keyhubmodel.ClientOAuth2ClientPermissionable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientOAuth2ClientPermissionAttrTypesDSRecurse
+	} else {
+		attrs = clientOAuth2ClientPermissionAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSClientOAuth2ClientPermission_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["additional"] = types.ListNull(types.StringType)
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetForGroup())
+		diags.Append(d...)
+		obj["for_group"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSProvisioningProvisionedSystemPrimer(false, tkh.GetForSystem())
+		diags.Append(d...)
+		obj["for_system"] = val
+	}
+	obj["value"] = stringerToTF(tkh.GetValue())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSClientOAuth2ClientPermissionWithClient(recurse bool, tkh keyhubmodel.ClientOAuth2ClientPermissionWithClientable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientOAuth2ClientPermissionWithClientAttrTypesDSRecurse
+	} else {
+		attrs = clientOAuth2ClientPermissionWithClientAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSClientOAuth2ClientPermission_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["additional"] = types.ListNull(types.StringType)
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetForGroup())
+		diags.Append(d...)
+		obj["for_group"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSProvisioningProvisionedSystemPrimer(false, tkh.GetForSystem())
+		diags.Append(d...)
+		obj["for_system"] = val
+	}
+	obj["value"] = stringerToTF(tkh.GetValue())
+	{
+		val, d := tkhToTFObjectDSClientOAuth2Client(false, tkh.GetClient())
+		diags.Append(d...)
+		obj["client"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse bool, tkh keyhubmodel.ClientOAuth2ClientPermissionWithClientLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientOAuth2ClientPermissionWithClientLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = clientOAuth2ClientPermissionWithClientLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ClientOAuth2ClientPermissionWithClientable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSClientOAuth2ClientPermissionWithClient(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSClientOAuth2ClientPermission_additionalObjects(recurse bool, tkh keyhubmodel.ClientOAuth2ClientPermission_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientOAuth2ClientPermission_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = clientOAuth2ClientPermission_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSClientSaml2Client(recurse bool, tkh keyhubmodel.ClientSaml2Clientable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientSaml2ClientAttrTypesDSRecurse
+	} else {
+		attrs = clientSaml2ClientAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["attributes"].(types.MapType).ElemType
+		val, d := mapToTF(elemType, tkh.GetAttributes().GetAdditionalData(), func(tkh any, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.(string))
+		})
+		diags.Append(d...)
+		obj["attributes"] = val
+	}
+	obj["metadata"] = types.StringPointerValue(tkh.GetMetadata())
+	obj["metadata_url"] = types.StringPointerValue(tkh.GetMetadataUrl())
+	obj["subject_format"] = stringerToTF(tkh.GetSubjectFormat())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSDirectoryAccountDirectory(recurse bool, tkh keyhubmodel.DirectoryAccountDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectoryAttrTypesDSRecurse
+	} else {
+		attrs = directoryAccountDirectoryAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSDirectoryAccountDirectory_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["account_validity_supported"] = types.BoolPointerValue(tkh.GetAccountValiditySupported())
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["type"] = stringerToTF(tkh.GetDirectoryAccountDirectoryPrimerType())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["additional"] = types.ListNull(types.StringType)
+	{
+		val, d := tkhToTFObjectDSOrganizationOrganizationalUnitPrimer(false, tkh.GetBaseOrganizationalUnit())
+		diags.Append(d...)
+		obj["base_organizational_unit"] = val
+	}
+	obj["default_directory"] = types.BoolPointerValue(tkh.GetDefaultDirectory())
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetHelpdeskGroup())
+		diags.Append(d...)
+		obj["helpdesk_group"] = val
+	}
+	obj["restrict2fa"] = types.BoolPointerValue(tkh.GetRestrict2fa())
+	obj["rotating_password"] = stringerToTF(tkh.GetRotatingPassword())
+	obj["username_customizable"] = types.BoolPointerValue(tkh.GetUsernameCustomizable())
+	{
+		tkhCast, _ := tkh.(keyhubmodel.DirectoryInternalDirectoryable)
+		val, d := tkhToTFObjectDSDirectoryInternalDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["internal_directory"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.DirectoryLDAPDirectoryable)
+		val, d := tkhToTFObjectDSDirectoryLDAPDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["l_d_a_p_directory"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.DirectoryMaintenanceDirectoryable)
+		val, d := tkhToTFObjectDSDirectoryMaintenanceDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["maintenance_directory"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.DirectoryOIDCDirectoryable)
+		val, d := tkhToTFObjectDSDirectoryOIDCDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["o_id_c_directory"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSDirectoryAccountDirectoryLinkableWrapper(recurse bool, tkh keyhubmodel.DirectoryAccountDirectoryLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectoryLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = directoryAccountDirectoryLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.DirectoryAccountDirectoryable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSDirectoryAccountDirectory(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSDirectoryAccountDirectoryPrimer(recurse bool, tkh keyhubmodel.DirectoryAccountDirectoryPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectoryPrimerAttrTypesDSRecurse
+	} else {
+		attrs = directoryAccountDirectoryPrimerAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["account_validity_supported"] = types.BoolPointerValue(tkh.GetAccountValiditySupported())
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["type"] = stringerToTF(tkh.GetDirectoryAccountDirectoryPrimerType())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSDirectoryAccountDirectoryStatusReport(recurse bool, tkh keyhubmodel.DirectoryAccountDirectoryStatusReportable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectoryStatusReportAttrTypesDSRecurse
+	} else {
+		attrs = directoryAccountDirectoryStatusReportAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["accounts"] = types.Int64PointerValue(tkh.GetAccounts())
+	obj["reason"] = types.StringPointerValue(tkh.GetReason())
+	obj["status"] = stringerToTF(tkh.GetStatus())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSDirectoryAccountDirectorySummary(recurse bool, tkh keyhubmodel.DirectoryAccountDirectorySummaryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectorySummaryAttrTypesDSRecurse
+	} else {
+		attrs = directoryAccountDirectorySummaryAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["type"] = stringerToTF(tkh.GetDirectoryAccountDirectorySummaryType())
+	obj["domain_restriction"] = types.StringPointerValue(tkh.GetDomainRestriction())
+	obj["fully_resolved_issuer"] = types.StringPointerValue(tkh.GetFullyResolvedIssuer())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		val, d := tkhToTFObjectDSDirectoryAccountDirectoryStatusReport(recurse, tkh.GetStatus())
+		diags.Append(d...)
+		obj["status"] = val
+	}
+	obj["username_customizable"] = types.BoolPointerValue(tkh.GetUsernameCustomizable())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSDirectoryAccountDirectorySummaryLinkableWrapper(recurse bool, tkh keyhubmodel.DirectoryAccountDirectorySummaryLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectorySummaryLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = directoryAccountDirectorySummaryLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.DirectoryAccountDirectorySummaryable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSDirectoryAccountDirectorySummary(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSDirectoryAccountDirectory_additionalObjects(recurse bool, tkh keyhubmodel.DirectoryAccountDirectory_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectory_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = directoryAccountDirectory_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSMarkItemMarkers(recurse, tkh.GetMarkers())
+		diags.Append(d...)
+		obj["markers"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSDirectoryAccountDirectoryStatusReport(recurse, tkh.GetStatus())
+		diags.Append(d...)
+		obj["status"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSDirectoryInternalDirectory(recurse bool, tkh keyhubmodel.DirectoryInternalDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryInternalDirectoryAttrTypesDSRecurse
+	} else {
+		attrs = directoryInternalDirectoryAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(recurse, tkh.GetOwner())
+		diags.Append(d...)
+		obj["owner"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSDirectoryLDAPDirectory(recurse bool, tkh keyhubmodel.DirectoryLDAPDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryLDAPDirectoryAttrTypesDSRecurse
+	} else {
+		attrs = directoryLDAPDirectoryAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["attributes_to_store"] = types.StringPointerValue(tkh.GetAttributesToStore())
+	obj["base_dn"] = types.StringPointerValue(tkh.GetBaseDN())
+	{
+		val, d := tkhToTFObjectDSCertificateCertificatePrimer(recurse, tkh.GetClientCertificate())
+		diags.Append(d...)
+		obj["client_certificate"] = val
+	}
+	obj["dialect"] = stringerToTF(tkh.GetDialect())
+	obj["failover_host"] = types.StringPointerValue(tkh.GetFailoverHost())
+	{
+		val, d := tkhToTFObjectDSCertificateCertificatePrimer(recurse, tkh.GetFailoverTrustedCertificate())
+		diags.Append(d...)
+		obj["failover_trusted_certificate"] = val
+	}
+	obj["host"] = types.StringPointerValue(tkh.GetHost())
+	obj["password_recovery"] = stringerToTF(tkh.GetPasswordRecovery())
+	obj["port"] = types.Int64PointerValue(int32PToInt64P(tkh.GetPort()))
+	obj["search_bind_dn"] = types.StringPointerValue(tkh.GetSearchBindDN())
+	obj["search_bind_password"] = types.StringPointerValue(tkh.GetSearchBindPassword())
+	obj["search_filter"] = types.StringPointerValue(tkh.GetSearchFilter())
+	obj["tls"] = stringerToTF(tkh.GetTls())
+	{
+		val, d := tkhToTFObjectDSCertificateCertificatePrimer(recurse, tkh.GetTrustedCertificate())
+		diags.Append(d...)
+		obj["trusted_certificate"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSDirectoryMaintenanceDirectory(recurse bool, tkh keyhubmodel.DirectoryMaintenanceDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryMaintenanceDirectoryAttrTypesDSRecurse
+	} else {
+		attrs = directoryMaintenanceDirectoryAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSDirectoryOIDCDirectory(recurse bool, tkh keyhubmodel.DirectoryOIDCDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryOIDCDirectoryAttrTypesDSRecurse
+	} else {
+		attrs = directoryOIDCDirectoryAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["acr_values"] = types.StringPointerValue(tkh.GetAcrValues())
+	obj["attributes_to_store"] = types.StringPointerValue(tkh.GetAttributesToStore())
+	obj["client_id"] = types.StringPointerValue(tkh.GetClientId())
+	obj["client_secret"] = types.StringPointerValue(tkh.GetClientSecret())
+	obj["domain_restriction"] = types.StringPointerValue(tkh.GetDomainRestriction())
+	obj["enforces2fa"] = types.BoolPointerValue(tkh.GetEnforces2fa())
+	obj["fully_resolved_issuer"] = types.StringPointerValue(tkh.GetFullyResolvedIssuer())
+	obj["issuer"] = types.StringPointerValue(tkh.GetIssuer())
+	obj["logout_url"] = types.StringPointerValue(tkh.GetLogoutUrl())
+	obj["send_login_hint"] = types.BoolPointerValue(tkh.GetSendLoginHint())
+	obj["vendor_escaped"] = stringerToTF(tkh.GetVendorEscaped())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupAccountGroup(recurse bool, tkh keyhubmodel.GroupAccountGroupable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupAccountGroupAttrTypesDSRecurse
+	} else {
+		attrs = groupAccountGroupAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSGroupAccountGroup_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["admin"] = types.BoolPointerValue(tkh.GetAdmin())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["end_date"] = stringerToTF(tkh.GetEndDate())
+	{
+		val, d := tkhToTFObjectDSGroupGroupFolder(false, tkh.GetFolder())
+		diags.Append(d...)
+		obj["folder"] = val
+	}
+	obj["last_used"] = stringerToTF(tkh.GetLastUsed())
+	obj["provisioning_end_time"] = timePointerToTF(tkh.GetProvisioningEndTime())
+	obj["rights"] = stringerToTF(tkh.GetRights())
+	obj["visible_for_provisioning"] = types.BoolPointerValue(tkh.GetVisibleForProvisioning())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupAccountGroupLinkableWrapper(recurse bool, tkh keyhubmodel.GroupAccountGroupLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupAccountGroupLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = groupAccountGroupLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupAccountGroupable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSGroupAccountGroup(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupAccountGroup_additionalObjects(recurse bool, tkh keyhubmodel.GroupAccountGroup_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupAccountGroup_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = groupAccountGroup_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSVaultVault(recurse, tkh.GetVault())
+		diags.Append(d...)
+		obj["vault"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupAuthorizedGroupsWrapper(recurse bool, tkh keyhubmodel.GroupAuthorizedGroupsWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupAuthorizedGroupsWrapperAttrTypesDSRecurse
+	} else {
+		attrs = groupAuthorizedGroupsWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupGroupable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSGroupGroup(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+	obj["group_count"] = types.Int64PointerValue(tkh.GetGroupCount())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroup(recurse bool, tkh keyhubmodel.GroupGroupable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSGroupGroup_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["admin"] = types.BoolPointerValue(tkh.GetAdmin())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["application_administration"] = types.BoolPointerValue(tkh.GetApplicationAdministration())
+	{
+		val, d := tkhToTFObjectDSGroupGroupAuditConfig(false, tkh.GetAuditConfig())
+		diags.Append(d...)
+		obj["audit_config"] = val
+	}
+	obj["audit_requested"] = types.BoolPointerValue(tkh.GetAuditRequested())
+	obj["auditor"] = types.BoolPointerValue(tkh.GetAuditor())
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetAuthorizingGroupAuditing())
+		diags.Append(d...)
+		obj["authorizing_group_auditing"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetAuthorizingGroupDelegation())
+		diags.Append(d...)
+		obj["authorizing_group_delegation"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetAuthorizingGroupMembership())
+		diags.Append(d...)
+		obj["authorizing_group_membership"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetAuthorizingGroupProvisioning())
+		diags.Append(d...)
+		obj["authorizing_group_provisioning"] = val
+	}
+	{
+		elemType := attrs["authorizing_group_types"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetAuthorizingGroupTypes(), func(tkh keyhubmodel.RequestAuthorizingGroupType, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["authorizing_group_types"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupClassificationPrimer(false, tkh.GetClassification())
+		diags.Append(d...)
+		obj["classification"] = val
+	}
+	obj["description"] = types.StringPointerValue(tkh.GetDescription())
+	obj["extended_access"] = stringerToTF(tkh.GetExtendedAccess())
+	obj["hide_audit_trail"] = types.BoolPointerValue(tkh.GetHideAuditTrail())
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetNestedUnder())
+		diags.Append(d...)
+		obj["nested_under"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSOrganizationOrganizationalUnitPrimer(false, tkh.GetOrganizationalUnit())
+		diags.Append(d...)
+		obj["organizational_unit"] = val
+	}
+	obj["private_group"] = types.BoolPointerValue(tkh.GetPrivateGroup())
+	obj["record_trail"] = types.BoolPointerValue(tkh.GetRecordTrail())
+	obj["rotating_password_required"] = types.BoolPointerValue(tkh.GetRotatingPasswordRequired())
+	obj["single_managed"] = types.BoolPointerValue(tkh.GetSingleManaged())
+	obj["vault_recovery"] = stringerToTF(tkh.GetVaultRecovery())
+	obj["vault_requires_activation"] = types.BoolPointerValue(tkh.GetVaultRequiresActivation())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupAccount(recurse bool, tkh keyhubmodel.GroupGroupAccountable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAccountAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupAccountAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSGroupGroupAccount_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["last_active"] = timePointerToTF(tkh.GetLastActive())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["validity"] = stringerToTF(tkh.GetValidity())
+	obj["additional"] = types.ListNull(types.StringType)
+	{
+		val, d := tkhToTFObjectDSDirectoryAccountDirectoryPrimer(false, tkh.GetDirectory())
+		diags.Append(d...)
+		obj["directory"] = val
+	}
+	obj["disconnected_nested"] = types.BoolPointerValue(tkh.GetDisconnectedNested())
+	obj["end_date"] = stringerToTF(tkh.GetEndDate())
+	obj["last_used"] = stringerToTF(tkh.GetLastUsed())
+	obj["nested"] = types.BoolPointerValue(tkh.GetNested())
+	obj["provisioning_end_time"] = timePointerToTF(tkh.GetProvisioningEndTime())
+	obj["rights"] = stringerToTF(tkh.GetRights())
+	obj["two_factor_status"] = stringerToTF(tkh.GetTwoFactorStatus())
+	obj["visible_for_provisioning"] = types.BoolPointerValue(tkh.GetVisibleForProvisioning())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupAccountLinkableWrapper(recurse bool, tkh keyhubmodel.GroupGroupAccountLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAccountLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupAccountLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupGroupAccountable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSGroupGroupAccount(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupAccount_additionalObjects(recurse bool, tkh keyhubmodel.GroupGroupAccount_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAccount_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupAccount_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupAudit(recurse bool, tkh keyhubmodel.GroupGroupAuditable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAuditAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupAuditAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSGroupGroupAudit_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["additional"] = types.ListNull(types.StringType)
+	{
+		elemType := attrs["accounts"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetAccounts(), func(tkh keyhubmodel.GroupGroupAuditAccountable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSGroupGroupAuditAccount(false, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["accounts"] = val
+	}
+	obj["comment"] = types.StringPointerValue(tkh.GetComment())
+	obj["created_at"] = timePointerToTF(tkh.GetCreatedAt())
+	obj["created_by"] = types.StringPointerValue(tkh.GetCreatedBy())
+	obj["group_name"] = types.StringPointerValue(tkh.GetGroupName())
+	obj["name_on_audit"] = types.StringPointerValue(tkh.GetNameOnAudit())
+	obj["reviewed_at"] = timePointerToTF(tkh.GetReviewedAt())
+	obj["reviewed_by"] = types.StringPointerValue(tkh.GetReviewedBy())
+	obj["status"] = stringerToTF(tkh.GetStatus())
+	obj["submitted_at"] = timePointerToTF(tkh.GetSubmittedAt())
+	obj["submitted_by"] = types.StringPointerValue(tkh.GetSubmittedBy())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupAuditAccount(recurse bool, tkh keyhubmodel.GroupGroupAuditAccountable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAuditAccountAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupAuditAccountAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["account_uuid"] = types.StringPointerValue(tkh.GetAccountUuid())
+	obj["account_valid"] = types.BoolPointerValue(tkh.GetAccountValid())
+	obj["action"] = stringerToTF(tkh.GetAction())
+	obj["comment"] = types.StringPointerValue(tkh.GetComment())
+	obj["disconnected_nested"] = types.BoolPointerValue(tkh.GetDisconnectedNested())
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["end_date"] = stringerToTF(tkh.GetEndDate())
+	obj["last_active"] = timePointerToTF(tkh.GetLastActive())
+	obj["last_used"] = stringerToTF(tkh.GetLastUsed())
+	obj["nested"] = types.BoolPointerValue(tkh.GetNested())
+	obj["rights"] = stringerToTF(tkh.GetRights())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupAuditConfig(recurse bool, tkh keyhubmodel.GroupGroupAuditConfigable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAuditConfigAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupAuditConfigAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	{
+		elemType := attrs["months"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetMonths(), func(tkh keyhubmodel.Month, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["months"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupAuditLinkableWrapper(recurse bool, tkh keyhubmodel.GroupGroupAuditLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAuditLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupAuditLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupGroupAuditable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSGroupGroupAudit(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupAudit_additionalObjects(recurse bool, tkh keyhubmodel.GroupGroupAudit_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAudit_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupAudit_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupAuditingInfo(recurse bool, tkh keyhubmodel.GroupGroupAuditingInfoable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAuditingInfoAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupAuditingInfoAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["audit_due_date"] = stringerToTF(tkh.GetAuditDueDate())
+	obj["last_audit_date"] = stringerToTF(tkh.GetLastAuditDate())
+	obj["nr_accounts"] = types.Int64PointerValue(tkh.GetNrAccounts())
+	obj["nr_disabled_accounts"] = types.Int64PointerValue(tkh.GetNrDisabledAccounts())
+	obj["nr_disabled_managers"] = types.Int64PointerValue(tkh.GetNrDisabledManagers())
+	obj["nr_expired_vault_records"] = types.Int64PointerValue(tkh.GetNrExpiredVaultRecords())
+	obj["nr_managers"] = types.Int64PointerValue(tkh.GetNrManagers())
+	obj["nr_vault_records_with_end_date"] = types.Int64PointerValue(tkh.GetNrVaultRecordsWithEndDate())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupClassification(recurse bool, tkh keyhubmodel.GroupGroupClassificationable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupClassificationAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupClassificationAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSGroupGroupClassification_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["authorizing_group_auditing_required"] = types.BoolPointerValue(tkh.GetAuthorizingGroupAuditingRequired())
+	obj["authorizing_group_delegation_required"] = types.BoolPointerValue(tkh.GetAuthorizingGroupDelegationRequired())
+	obj["authorizing_group_membership_required"] = types.BoolPointerValue(tkh.GetAuthorizingGroupMembershipRequired())
+	obj["authorizing_group_provisioning_required"] = types.BoolPointerValue(tkh.GetAuthorizingGroupProvisioningRequired())
+	obj["default_classification"] = types.BoolPointerValue(tkh.GetDefaultClassification())
+	obj["description"] = types.StringPointerValue(tkh.GetDescription())
+	obj["maximum_audit_interval"] = types.Int64PointerValue(int32PToInt64P(tkh.GetMaximumAuditInterval()))
+	obj["minimum_nr_managers"] = types.Int64PointerValue(int32PToInt64P(tkh.GetMinimumNrManagers()))
+	obj["record_trail_required"] = types.BoolPointerValue(tkh.GetRecordTrailRequired())
+	{
+		elemType := attrs["required_months"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetRequiredMonths(), func(tkh keyhubmodel.Month, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["required_months"] = val
+	}
+	obj["rotating_password_required"] = types.BoolPointerValue(tkh.GetRotatingPasswordRequired())
+	obj["vault_requires_activation"] = types.BoolPointerValue(tkh.GetVaultRequiresActivation())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupClassificationInfo(recurse bool, tkh keyhubmodel.GroupGroupClassificationInfoable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupClassificationInfoAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupClassificationInfoAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["nr_groups"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrGroups()))
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupClassificationPrimer(recurse bool, tkh keyhubmodel.GroupGroupClassificationPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupClassificationPrimerAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupClassificationPrimerAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupClassification_additionalObjects(recurse bool, tkh keyhubmodel.GroupGroupClassification_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupClassification_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupClassification_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupClassificationInfo(recurse, tkh.GetInfo())
+		diags.Append(d...)
+		obj["info"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupClient(recurse bool, tkh keyhubmodel.GroupGroupClientable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupClientAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupClientAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSGroupGroupClient_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["activation_required"] = types.BoolPointerValue(tkh.GetActivationRequired())
+	{
+		val, d := tkhToTFObjectDSClientClientApplicationPrimer(false, tkh.GetClient())
+		diags.Append(d...)
+		obj["client"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetGroup())
+		diags.Append(d...)
+		obj["group"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetOwner())
+		diags.Append(d...)
+		obj["owner"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetTechnicalAdministrator())
+		diags.Append(d...)
+		obj["technical_administrator"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupClientLinkableWrapper(recurse bool, tkh keyhubmodel.GroupGroupClientLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupClientLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupClientLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupGroupClientable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSGroupGroupClient(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupClient_additionalObjects(recurse bool, tkh keyhubmodel.GroupGroupClient_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupClient_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupClient_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupFolder(recurse bool, tkh keyhubmodel.GroupGroupFolderable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupFolderAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupFolderAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSGroupGroupFolder_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupFolder_additionalObjects(recurse bool, tkh keyhubmodel.GroupGroupFolder_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupFolder_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupFolder_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupInfo(recurse bool, tkh keyhubmodel.GroupGroupInfoable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupInfoAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupInfoAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["nr_accounts"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrAccounts()))
+	obj["nr_accounts_with_vault"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrAccountsWithVault()))
+	obj["nr_audits"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrAudits()))
+	obj["nr_clients"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrClients()))
+	obj["nr_provisioned_systems"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrProvisionedSystems()))
+	obj["nr_vault_records"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrVaultRecords()))
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupLinkableWrapper(recurse bool, tkh keyhubmodel.GroupGroupLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupGroupable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSGroupGroup(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupPrimer(recurse bool, tkh keyhubmodel.GroupGroupPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupPrimerAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupPrimerAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["admin"] = types.BoolPointerValue(tkh.GetAdmin())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroupPrimerLinkableWrapper(recurse bool, tkh keyhubmodel.GroupGroupPrimerLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupPrimerLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = groupGroupPrimerLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupGroupPrimerable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSGroupGroupPrimer(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupGroup_additionalObjects(recurse bool, tkh keyhubmodel.GroupGroup_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroup_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = groupGroup_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSGroupGroupAccountLinkableWrapper(recurse, tkh.GetAccounts())
+		diags.Append(d...)
+		obj["accounts"] = getItemsAttr(val, attrs["accounts"])
+	}
+	{
+		val, d := tkhToTFObjectDSClientClientApplicationLinkableWrapper(recurse, tkh.GetAdministeredClients())
+		diags.Append(d...)
+		obj["administered_clients"] = getItemsAttr(val, attrs["administered_clients"])
+	}
+	{
+		val, d := tkhToTFObjectDSProvisioningProvisionedSystemLinkableWrapper(recurse, tkh.GetAdministeredSystems())
+		diags.Append(d...)
+		obj["administered_systems"] = getItemsAttr(val, attrs["administered_systems"])
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupAccountLinkableWrapper(recurse, tkh.GetAdmins())
+		diags.Append(d...)
+		obj["admins"] = getItemsAttr(val, attrs["admins"])
+	}
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupAuthorizedGroupsWrapper(recurse, tkh.GetAuthorizedGroups())
+		diags.Append(d...)
+		obj["authorized_groups"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse, tkh.GetClientPermissions())
+		diags.Append(d...)
+		obj["client_permissions"] = getItemsAttr(val, attrs["client_permissions"])
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupClientLinkableWrapper(recurse, tkh.GetClients())
+		diags.Append(d...)
+		obj["clients"] = getItemsAttr(val, attrs["clients"])
+	}
+	{
+		val, d := tkhToTFObjectDSProvisioningProvisionedSystemLinkableWrapper(recurse, tkh.GetContentAdministeredSystems())
+		diags.Append(d...)
+		obj["content_administered_systems"] = getItemsAttr(val, attrs["content_administered_systems"])
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupAuditingInfo(recurse, tkh.GetGroupauditinginfo())
+		diags.Append(d...)
+		obj["groupauditinginfo"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupInfo(recurse, tkh.GetGroupinfo())
+		diags.Append(d...)
+		obj["groupinfo"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSDirectoryAccountDirectorySummaryLinkableWrapper(recurse, tkh.GetHelpdesk())
+		diags.Append(d...)
+		obj["helpdesk"] = getItemsAttr(val, attrs["helpdesk"])
+	}
+	{
+		val, d := tkhToTFObjectDSMarkItemMarkers(recurse, tkh.GetMarkers())
+		diags.Append(d...)
+		obj["markers"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupAccount(recurse, tkh.GetMyaccount())
+		diags.Append(d...)
+		obj["myaccount"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupAccount(recurse, tkh.GetMydelegatedaccount())
+		diags.Append(d...)
+		obj["mydelegatedaccount"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimerLinkableWrapper(recurse, tkh.GetNestedGroups())
+		diags.Append(d...)
+		obj["nested_groups"] = getItemsAttr(val, attrs["nested_groups"])
+	}
+	{
+		val, d := tkhToTFObjectDSClientClientApplicationLinkableWrapper(recurse, tkh.GetOwnedClients())
+		diags.Append(d...)
+		obj["owned_clients"] = getItemsAttr(val, attrs["owned_clients"])
+	}
+	{
+		val, d := tkhToTFObjectDSDirectoryAccountDirectoryLinkableWrapper(recurse, tkh.GetOwnedDirectories())
+		diags.Append(d...)
+		obj["owned_directories"] = getItemsAttr(val, attrs["owned_directories"])
+	}
+	{
+		val, d := tkhToTFObjectDSProvisioningOwnedGroupOnSystemsWrapper(recurse, tkh.GetOwnedGroupsOnSystem())
+		diags.Append(d...)
+		obj["owned_groups_on_system"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSOrganizationOrganizationalUnitLinkableWrapper(recurse, tkh.GetOwnedOrganizationalUnits())
+		diags.Append(d...)
+		obj["owned_organizational_units"] = getItemsAttr(val, attrs["owned_organizational_units"])
+	}
+	{
+		val, d := tkhToTFObjectDSProvisioningProvisionedSystemLinkableWrapper(recurse, tkh.GetOwnedSystems())
+		diags.Append(d...)
+		obj["owned_systems"] = getItemsAttr(val, attrs["owned_systems"])
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupAuditLinkableWrapper(recurse, tkh.GetRecentAudits())
+		diags.Append(d...)
+		obj["recent_audits"] = getItemsAttr(val, attrs["recent_audits"])
+	}
+	obj["requeststatus"] = stringerToTF(tkh.GetRequeststatus())
+	{
+		val, d := tkhToTFObjectDSServiceaccountServiceAccountLinkableWrapper(recurse, tkh.GetServiceAccounts())
+		diags.Append(d...)
+		obj["service_accounts"] = getItemsAttr(val, attrs["service_accounts"])
+	}
+	{
+		val, d := tkhToTFObjectDSGroupProvisioningGroupLinkableWrapper(recurse, tkh.GetSystems())
+		diags.Append(d...)
+		obj["systems"] = getItemsAttr(val, attrs["systems"])
+	}
+	{
+		val, d := tkhToTFObjectDSVaultVault(recurse, tkh.GetVault())
+		diags.Append(d...)
+		obj["vault"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSWebhookWebhookLinkableWrapper(recurse, tkh.GetWebhooks())
+		diags.Append(d...)
+		obj["webhooks"] = getItemsAttr(val, attrs["webhooks"])
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupProvisioningGroup(recurse bool, tkh keyhubmodel.GroupProvisioningGroupable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupProvisioningGroupAttrTypesDSRecurse
+	} else {
+		attrs = groupProvisioningGroupAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSGroupProvisioningGroup_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["activation_required"] = types.BoolPointerValue(tkh.GetActivationRequired())
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetGroup())
+		diags.Append(d...)
+		obj["group"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSProvisioningGroupOnSystem(false, tkh.GetGroupOnSystem())
+		diags.Append(d...)
+		obj["group_on_system"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupProvisioningGroupLinkableWrapper(recurse bool, tkh keyhubmodel.GroupProvisioningGroupLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupProvisioningGroupLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = groupProvisioningGroupLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupProvisioningGroupable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSGroupProvisioningGroup(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSGroupProvisioningGroup_additionalObjects(recurse bool, tkh keyhubmodel.GroupProvisioningGroup_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupProvisioningGroup_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = groupProvisioningGroup_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSLaunchpadSsoApplicationLaunchpadTile(recurse bool, tkh keyhubmodel.LaunchpadSsoApplicationLaunchpadTileable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = launchpadSsoApplicationLaunchpadTileAttrTypesDSRecurse
+	} else {
+		attrs = launchpadSsoApplicationLaunchpadTileAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["uri"] = types.StringPointerValue(tkh.GetUri())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSLaunchpadVaultRecordLaunchpadTile(recurse bool, tkh keyhubmodel.LaunchpadVaultRecordLaunchpadTileable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = launchpadVaultRecordLaunchpadTileAttrTypesDSRecurse
+	} else {
+		attrs = launchpadVaultRecordLaunchpadTileAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSMarkItemMarker(recurse bool, tkh keyhubmodel.MarkItemMarkerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = markItemMarkerAttrTypesDSRecurse
+	} else {
+		attrs = markItemMarkerAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["level"] = stringerToTF(tkh.GetLevel())
+	obj["type"] = stringerToTF(tkh.GetMarkItemMarkerType())
+	{
+		elemType := attrs["parameters"].(types.MapType).ElemType
+		val, d := mapToTF(elemType, tkh.GetParameters().GetAdditionalData(), func(tkh any, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.(string))
+		})
+		diags.Append(d...)
+		obj["parameters"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSMarkItemMarkers(recurse bool, tkh keyhubmodel.MarkItemMarkersable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = markItemMarkersAttrTypesDSRecurse
+	} else {
+		attrs = markItemMarkersAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["markers"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetMarkers(), func(tkh keyhubmodel.MarkItemMarkerable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSMarkItemMarker(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["markers"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSOrganizationOrganizationalUnit(recurse bool, tkh keyhubmodel.OrganizationOrganizationalUnitable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = organizationOrganizationalUnitAttrTypesDSRecurse
+	} else {
+		attrs = organizationOrganizationalUnitAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSOrganizationOrganizationalUnit_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["depth"] = types.Int64PointerValue(int32PToInt64P(tkh.GetDepth()))
+	obj["description"] = types.StringPointerValue(tkh.GetDescription())
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetOwner())
+		diags.Append(d...)
+		obj["owner"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSOrganizationOrganizationalUnitPrimer(false, tkh.GetParent())
+		diags.Append(d...)
+		obj["parent"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSOrganizationOrganizationalUnitLinkableWrapper(recurse bool, tkh keyhubmodel.OrganizationOrganizationalUnitLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = organizationOrganizationalUnitLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = organizationOrganizationalUnitLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.OrganizationOrganizationalUnitable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSOrganizationOrganizationalUnit(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSOrganizationOrganizationalUnitPrimer(recurse bool, tkh keyhubmodel.OrganizationOrganizationalUnitPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = organizationOrganizationalUnitPrimerAttrTypesDSRecurse
+	} else {
+		attrs = organizationOrganizationalUnitPrimerAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSOrganizationOrganizationalUnit_additionalObjects(recurse bool, tkh keyhubmodel.OrganizationOrganizationalUnit_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = organizationOrganizationalUnit_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = organizationOrganizationalUnit_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningAbstractProvisionedLDAP(recurse bool, tkh keyhubmodel.ProvisioningAbstractProvisionedLDAPable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningAbstractProvisionedLDAPAttrTypesDSRecurse
+	} else {
+		attrs = provisioningAbstractProvisionedLDAPAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["attributes"].(types.MapType).ElemType
+		val, d := mapToTF(elemType, tkh.GetAttributes().GetAdditionalData(), func(tkh any, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.(string))
+		})
+		diags.Append(d...)
+		obj["attributes"] = val
+	}
+	obj["base_dn"] = types.StringPointerValue(tkh.GetBaseDN())
+	obj["bind_dn"] = types.StringPointerValue(tkh.GetBindDN())
+	obj["bind_password"] = types.StringPointerValue(tkh.GetBindPassword())
+	{
+		val, d := tkhToTFObjectDSCertificateCertificatePrimer(recurse, tkh.GetClientCertificate())
+		diags.Append(d...)
+		obj["client_certificate"] = val
+	}
+	obj["failover_host"] = types.StringPointerValue(tkh.GetFailoverHost())
+	{
+		val, d := tkhToTFObjectDSCertificateCertificatePrimer(recurse, tkh.GetFailoverTrustedCertificate())
+		diags.Append(d...)
+		obj["failover_trusted_certificate"] = val
+	}
+	obj["group_dn"] = types.StringPointerValue(tkh.GetGroupDN())
+	obj["host"] = types.StringPointerValue(tkh.GetHost())
+	obj["object_classes"] = types.StringPointerValue(tkh.GetObjectClasses())
+	obj["port"] = types.Int64PointerValue(int32PToInt64P(tkh.GetPort()))
+	obj["service_account_dn"] = types.StringPointerValue(tkh.GetServiceAccountDN())
+	obj["ssh_public_key_supported"] = types.BoolPointerValue(tkh.GetSshPublicKeySupported())
+	obj["tls"] = stringerToTF(tkh.GetTls())
+	{
+		val, d := tkhToTFObjectDSCertificateCertificatePrimer(recurse, tkh.GetTrustedCertificate())
+		diags.Append(d...)
+		obj["trusted_certificate"] = val
+	}
+	obj["user_dn"] = types.StringPointerValue(tkh.GetUserDN())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningCircuitBreakerStatistics(recurse bool, tkh keyhubmodel.ProvisioningCircuitBreakerStatisticsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningCircuitBreakerStatisticsAttrTypesDSRecurse
+	} else {
+		attrs = provisioningCircuitBreakerStatisticsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["number_of_failed_calls"] = types.Int64PointerValue(tkh.GetNumberOfFailedCalls())
+	obj["number_of_not_permitted_calls"] = types.Int64PointerValue(tkh.GetNumberOfNotPermittedCalls())
+	obj["number_of_successful_calls"] = types.Int64PointerValue(tkh.GetNumberOfSuccessfulCalls())
+	obj["state"] = stringerToTF(tkh.GetState())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningGroupOnSystem(recurse bool, tkh keyhubmodel.ProvisioningGroupOnSystemable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningGroupOnSystemAttrTypesDSRecurse
+	} else {
+		attrs = provisioningGroupOnSystemAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSProvisioningGroupOnSystem_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["name_in_system"] = types.StringPointerValue(tkh.GetNameInSystem())
+	obj["type"] = stringerToTF(tkh.GetProvisioningGroupOnSystemPrimerType())
+	obj["short_name_in_system"] = types.StringPointerValue(tkh.GetShortNameInSystem())
+	obj["additional"] = types.ListNull(types.StringType)
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetOwner())
+		diags.Append(d...)
+		obj["owner"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningGroupOnSystemLinkableWrapper(recurse bool, tkh keyhubmodel.ProvisioningGroupOnSystemLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningGroupOnSystemLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = provisioningGroupOnSystemLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ProvisioningGroupOnSystemable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSProvisioningGroupOnSystem(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningGroupOnSystemPrimer(recurse bool, tkh keyhubmodel.ProvisioningGroupOnSystemPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningGroupOnSystemPrimerAttrTypesDSRecurse
+	} else {
+		attrs = provisioningGroupOnSystemPrimerAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["name_in_system"] = types.StringPointerValue(tkh.GetNameInSystem())
+	obj["type"] = stringerToTF(tkh.GetProvisioningGroupOnSystemPrimerType())
+	obj["short_name_in_system"] = types.StringPointerValue(tkh.GetShortNameInSystem())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningGroupOnSystemTypes(recurse bool, tkh keyhubmodel.ProvisioningGroupOnSystemTypesable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningGroupOnSystemTypesAttrTypesDSRecurse
+	} else {
+		attrs = provisioningGroupOnSystemTypesAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["types"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetTypes(), func(tkh keyhubmodel.ProvisioningGroupOnSystemType, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["types"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningGroupOnSystem_additionalObjects(recurse bool, tkh keyhubmodel.ProvisioningGroupOnSystem_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningGroupOnSystem_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = provisioningGroupOnSystem_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupProvisioningGroupLinkableWrapper(recurse, tkh.GetProvgroups())
+		diags.Append(d...)
+		obj["provgroups"] = getItemsAttr(val, attrs["provgroups"])
+	}
+	{
+		val, d := tkhToTFObjectDSServiceaccountServiceAccountPrimerLinkableWrapper(recurse, tkh.GetServiceAccounts())
+		diags.Append(d...)
+		obj["service_accounts"] = getItemsAttr(val, attrs["service_accounts"])
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningOwnedGroupOnSystemsWrapper(recurse bool, tkh keyhubmodel.ProvisioningOwnedGroupOnSystemsWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningOwnedGroupOnSystemsWrapperAttrTypesDSRecurse
+	} else {
+		attrs = provisioningOwnedGroupOnSystemsWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ProvisioningGroupOnSystemable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSProvisioningGroupOnSystem(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+	obj["unlinked_count"] = types.Int64PointerValue(tkh.GetUnlinkedCount())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionNumberSequence(recurse bool, tkh keyhubmodel.ProvisioningProvisionNumberSequenceable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionNumberSequenceAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionNumberSequenceAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSProvisioningProvisionNumberSequence_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["account_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetAccountCount()))
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["next_uid"] = types.Int64PointerValue(tkh.GetNextUID())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionNumberSequence_additionalObjects(recurse bool, tkh keyhubmodel.ProvisioningProvisionNumberSequence_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionNumberSequence_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionNumberSequence_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSProvisioningProvisionedSystemPrimerLinkableWrapper(recurse, tkh.GetSystems())
+		diags.Append(d...)
+		obj["systems"] = getItemsAttr(val, attrs["systems"])
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedAD(recurse bool, tkh keyhubmodel.ProvisioningProvisionedADable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedADAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedADAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["sam_account_name_scheme"] = stringerToTF(tkh.GetSamAccountNameScheme())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedAccount(recurse bool, tkh keyhubmodel.ProvisioningProvisionedAccountable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedAccountAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedAccountAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSProvisioningProvisionedAccount_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["last_active"] = timePointerToTF(tkh.GetLastActive())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["validity"] = stringerToTF(tkh.GetValidity())
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["uid"] = types.Int64PointerValue(tkh.GetUid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedAccount_additionalObjects(recurse bool, tkh keyhubmodel.ProvisioningProvisionedAccount_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedAccount_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedAccount_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedAzureOIDCDirectory(recurse bool, tkh keyhubmodel.ProvisioningProvisionedAzureOIDCDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedAzureOIDCDirectoryAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedAzureOIDCDirectoryAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSDirectoryAccountDirectoryPrimer(recurse, tkh.GetDirectory())
+		diags.Append(d...)
+		obj["directory"] = val
+	}
+	obj["tenant"] = types.StringPointerValue(tkh.GetTenant())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedAzureSyncLDAPDirectory(recurse bool, tkh keyhubmodel.ProvisioningProvisionedAzureSyncLDAPDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedAzureSyncLDAPDirectoryAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedAzureSyncLDAPDirectoryAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["client_id"] = types.StringPointerValue(tkh.GetClientId())
+	obj["client_secret"] = types.StringPointerValue(tkh.GetClientSecret())
+	{
+		val, d := tkhToTFObjectDSDirectoryAccountDirectoryPrimer(recurse, tkh.GetDirectory())
+		diags.Append(d...)
+		obj["directory"] = val
+	}
+	obj["tenant"] = types.StringPointerValue(tkh.GetTenant())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedAzureTenant(recurse bool, tkh keyhubmodel.ProvisioningProvisionedAzureTenantable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedAzureTenantAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedAzureTenantAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["client_id"] = types.StringPointerValue(tkh.GetClientId())
+	obj["client_secret"] = types.StringPointerValue(tkh.GetClientSecret())
+	obj["idp_domain"] = types.StringPointerValue(tkh.GetIdpDomain())
+	obj["tenant"] = types.StringPointerValue(tkh.GetTenant())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedInternalLDAP(recurse bool, tkh keyhubmodel.ProvisioningProvisionedInternalLDAPable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedInternalLDAPAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedInternalLDAPAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSClientLdapClient(recurse, tkh.GetClient())
+		diags.Append(d...)
+		obj["client"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedLDAP(recurse bool, tkh keyhubmodel.ProvisioningProvisionedLDAPable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedLDAPAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedLDAPAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["gid"] = types.Int64PointerValue(tkh.GetGid())
+	obj["hashing_scheme"] = stringerToTF(tkh.GetHashingScheme())
+	{
+		val, d := tkhToTFObjectDSProvisioningProvisionNumberSequence(recurse, tkh.GetNumbering())
+		diags.Append(d...)
+		obj["numbering"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedLDAPDirectory(recurse bool, tkh keyhubmodel.ProvisioningProvisionedLDAPDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedLDAPDirectoryAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedLDAPDirectoryAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSDirectoryAccountDirectoryPrimer(recurse, tkh.GetDirectory())
+		diags.Append(d...)
+		obj["directory"] = val
+	}
+	obj["group_dn"] = types.StringPointerValue(tkh.GetGroupDN())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedSystem(recurse bool, tkh keyhubmodel.ProvisioningProvisionedSystemable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedSystemAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedSystemAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSProvisioningProvisionedSystem_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		val, d := tkhToTFObjectDSOrganizationOrganizationalUnitPrimer(recurse, tkh.GetOrganizationalUnit())
+		diags.Append(d...)
+		obj["organizational_unit"] = val
+	}
+	obj["type"] = stringerToTF(tkh.GetProvisioningProvisionedSystemPrimerType())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["account_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetAccountCount()))
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetContentAdministrator())
+		diags.Append(d...)
+		obj["content_administrator"] = val
+	}
+	obj["external_uuid"] = stringerToTF(tkh.GetExternalUuid())
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetOwner())
+		diags.Append(d...)
+		obj["owner"] = val
+	}
+	obj["self_service_existing_groups"] = types.BoolPointerValue(tkh.GetSelfServiceExistingGroups())
+	obj["self_service_new_groups"] = types.BoolPointerValue(tkh.GetSelfServiceNewGroups())
+	obj["self_service_service_accounts"] = types.BoolPointerValue(tkh.GetSelfServiceServiceAccounts())
+	obj["should_destroy_unknown_accounts"] = types.BoolPointerValue(tkh.GetShouldDestroyUnknownAccounts())
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetTechnicalAdministrator())
+		diags.Append(d...)
+		obj["technical_administrator"] = val
+	}
+	obj["username_prefix"] = types.StringPointerValue(tkh.GetUsernamePrefix())
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningAbstractProvisionedLDAPable)
+		val, d := tkhToTFObjectDSProvisioningAbstractProvisionedLDAP(false, tkhCast)
+		diags.Append(d...)
+		obj["abstract_provisioned_ldap"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedADable)
+		val, d := tkhToTFObjectDSProvisioningProvisionedAD(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_a_d"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedAzureOIDCDirectoryable)
+		val, d := tkhToTFObjectDSProvisioningProvisionedAzureOIDCDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_azure_oidc_directory"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedAzureSyncLDAPDirectoryable)
+		val, d := tkhToTFObjectDSProvisioningProvisionedAzureSyncLDAPDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_azure_sync_ldap_directory"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedAzureTenantable)
+		val, d := tkhToTFObjectDSProvisioningProvisionedAzureTenant(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_azure_tenant"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedInternalLDAPable)
+		val, d := tkhToTFObjectDSProvisioningProvisionedInternalLDAP(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_internal_ldap"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedLDAPable)
+		val, d := tkhToTFObjectDSProvisioningProvisionedLDAP(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_ldap"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedLDAPDirectoryable)
+		val, d := tkhToTFObjectDSProvisioningProvisionedLDAPDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_ldap_directory"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedSystemLinkableWrapper(recurse bool, tkh keyhubmodel.ProvisioningProvisionedSystemLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedSystemLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedSystemLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ProvisioningProvisionedSystemable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSProvisioningProvisionedSystem(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedSystemPrimer(recurse bool, tkh keyhubmodel.ProvisioningProvisionedSystemPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedSystemPrimerAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedSystemPrimerAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		val, d := tkhToTFObjectDSOrganizationOrganizationalUnitPrimer(recurse, tkh.GetOrganizationalUnit())
+		diags.Append(d...)
+		obj["organizational_unit"] = val
+	}
+	obj["type"] = stringerToTF(tkh.GetProvisioningProvisionedSystemPrimerType())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedSystemPrimerLinkableWrapper(recurse bool, tkh keyhubmodel.ProvisioningProvisionedSystemPrimerLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedSystemPrimerLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedSystemPrimerLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ProvisioningProvisionedSystemPrimerable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSProvisioningProvisionedSystemPrimer(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisionedSystem_additionalObjects(recurse bool, tkh keyhubmodel.ProvisioningProvisionedSystem_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedSystem_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisionedSystem_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSProvisioningProvisionedAccount(recurse, tkh.GetAccount())
+		diags.Append(d...)
+		obj["account"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse, tkh.GetIssuedPermissions())
+		diags.Append(d...)
+		obj["issued_permissions"] = getItemsAttr(val, attrs["issued_permissions"])
+	}
+	obj["login_name"] = types.StringPointerValue(tkh.GetLoginName())
+	{
+		val, d := tkhToTFObjectDSProvisioningProvisioningManagementPermissions(recurse, tkh.GetManagementPermissions())
+		diags.Append(d...)
+		obj["management_permissions"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSMarkItemMarkers(recurse, tkh.GetMarkers())
+		diags.Append(d...)
+		obj["markers"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSProvisioningCircuitBreakerStatistics(recurse, tkh.GetStatistics())
+		diags.Append(d...)
+		obj["statistics"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSProvisioningGroupOnSystemTypes(recurse, tkh.GetSupportedGroupTypes())
+		diags.Append(d...)
+		obj["supported_group_types"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSProvisioningProvisioningManagementPermissions(recurse bool, tkh keyhubmodel.ProvisioningProvisioningManagementPermissionsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisioningManagementPermissionsAttrTypesDSRecurse
+	} else {
+		attrs = provisioningProvisioningManagementPermissionsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["create_new_groups_allowed"] = types.BoolPointerValue(tkh.GetCreateNewGroupsAllowed())
+	obj["create_service_accounts_allowed"] = types.BoolPointerValue(tkh.GetCreateServiceAccountsAllowed())
+	obj["reuse_existing_groups_allowed"] = types.BoolPointerValue(tkh.GetReuseExistingGroupsAllowed())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSServiceaccountServiceAccount(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountAttrTypesDSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSServiceaccountServiceAccount_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		val, d := tkhToTFObjectDSProvisioningProvisionedSystemPrimer(recurse, tkh.GetSystem())
+		diags.Append(d...)
+		obj["system"] = val
+	}
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["description"] = types.StringPointerValue(tkh.GetDescription())
+	{
+		val, d := tkhToTFObjectDSVaultVaultRecordPrimer(false, tkh.GetPassword())
+		diags.Append(d...)
+		obj["password"] = val
+	}
+	obj["password_rotation"] = stringerToTF(tkh.GetPasswordRotation())
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetTechnicalAdministrator())
+		diags.Append(d...)
+		obj["technical_administrator"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSServiceaccountServiceAccountGroup(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountGroupable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountGroupAttrTypesDSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountGroupAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSServiceaccountServiceAccountGroup_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["name_in_system"] = types.StringPointerValue(tkh.GetNameInSystem())
+	obj["type"] = stringerToTF(tkh.GetProvisioningGroupOnSystemPrimerType())
+	obj["short_name_in_system"] = types.StringPointerValue(tkh.GetShortNameInSystem())
+	obj["additional"] = types.ListNull(types.StringType)
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSServiceaccountServiceAccountGroupLinkableWrapper(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountGroupLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountGroupLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountGroupLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ServiceaccountServiceAccountGroupable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSServiceaccountServiceAccountGroup(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSServiceaccountServiceAccountGroup_additionalObjects(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountGroup_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountGroup_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountGroup_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSServiceaccountServiceAccountLinkableWrapper(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ServiceaccountServiceAccountable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSServiceaccountServiceAccount(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSServiceaccountServiceAccountPrimer(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountPrimerAttrTypesDSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountPrimerAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		val, d := tkhToTFObjectDSProvisioningProvisionedSystemPrimer(recurse, tkh.GetSystem())
+		diags.Append(d...)
+		obj["system"] = val
+	}
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSServiceaccountServiceAccountPrimerLinkableWrapper(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountPrimerLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountPrimerLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountPrimerLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ServiceaccountServiceAccountPrimerable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSServiceaccountServiceAccountPrimer(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSServiceaccountServiceAccount_additionalObjects(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccount_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccount_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = serviceaccountServiceAccount_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSServiceaccountServiceAccountGroupLinkableWrapper(recurse, tkh.GetGroups())
+		diags.Append(d...)
+		obj["groups"] = getItemsAttr(val, attrs["groups"])
+	}
+	{
+		val, d := tkhToTFObjectDSGeneratedSecret(recurse, tkh.GetSecret())
+		diags.Append(d...)
+		obj["secret"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSVaultPasswordMetadata(recurse bool, tkh keyhubmodel.VaultPasswordMetadataable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultPasswordMetadataAttrTypesDSRecurse
+	} else {
+		attrs = vaultPasswordMetadataAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["dictionary"] = types.BoolPointerValue(tkh.GetDictionary())
+	obj["duplicate"] = types.BoolPointerValue(tkh.GetDuplicate())
+	obj["hash"] = types.StringPointerValue(tkh.GetHash())
+	obj["length"] = types.Int64PointerValue(int32PToInt64P(tkh.GetLength()))
+	obj["lower_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetLowerCount()))
+	obj["number_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNumberCount()))
+	obj["special_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetSpecialCount()))
+	obj["strength"] = types.Int64PointerValue(int32PToInt64P(tkh.GetStrength()))
+	obj["upper_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetUpperCount()))
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSVaultVault(recurse bool, tkh keyhubmodel.VaultVaultable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultAttrTypesDSRecurse
+	} else {
+		attrs = vaultVaultAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["access_available"] = types.BoolPointerValue(tkh.GetAccessAvailable())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		elemType := attrs["records"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetRecords(), func(tkh keyhubmodel.VaultVaultRecordable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSVaultVaultRecord(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["records"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSVaultVaultHolder(recurse bool, tkh keyhubmodel.VaultVaultHolderable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultHolderAttrTypesDSRecurse
+	} else {
+		attrs = vaultVaultHolderAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSVaultVaultRecord(recurse bool, tkh keyhubmodel.VaultVaultRecordable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecordAttrTypesDSRecurse
+	} else {
+		attrs = vaultVaultRecordAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSVaultVaultRecord_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["color"] = stringerToTF(tkh.GetColor())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["share_end_time"] = timePointerToTF(tkh.GetShareEndTime())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["additional"] = types.ListNull(types.StringType)
+	obj["derived"] = types.BoolPointerValue(tkh.GetDerived())
+	obj["end_date"] = stringerToTF(tkh.GetEndDate())
+	obj["filename"] = types.StringPointerValue(tkh.GetFilename())
+	{
+		elemType := attrs["types"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetTypes(), func(tkh keyhubmodel.VaultVaultSecretType, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["types"] = val
+	}
+	obj["url"] = types.StringPointerValue(tkh.GetUrl())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["warning_period"] = stringerToTF(tkh.GetWarningPeriod())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSVaultVaultRecordPrimer(recurse bool, tkh keyhubmodel.VaultVaultRecordPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecordPrimerAttrTypesDSRecurse
+	} else {
+		attrs = vaultVaultRecordPrimerAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["color"] = stringerToTF(tkh.GetColor())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["share_end_time"] = timePointerToTF(tkh.GetShareEndTime())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSVaultVaultRecordPrimerLinkableWrapper(recurse bool, tkh keyhubmodel.VaultVaultRecordPrimerLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecordPrimerLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = vaultVaultRecordPrimerLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.VaultVaultRecordPrimerable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSVaultVaultRecordPrimer(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSVaultVaultRecordSecrets(recurse bool, tkh keyhubmodel.VaultVaultRecordSecretsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecordSecretsAttrTypesDSRecurse
+	} else {
+		attrs = vaultVaultRecordSecretsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["comment"] = types.StringPointerValue(tkh.GetComment())
+	obj["file"] = types.StringPointerValue(tkh.GetFile())
+	obj["password"] = types.StringPointerValue(tkh.GetPassword())
+	obj["totp"] = types.StringPointerValue(tkh.GetTotp())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSVaultVaultRecordShare(recurse bool, tkh keyhubmodel.VaultVaultRecordShareable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecordShareAttrTypesDSRecurse
+	} else {
+		attrs = vaultVaultRecordShareAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["type"] = stringerToTF(tkh.GetVaultVaultRecordShareType())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSVaultVaultRecordShareSummary(recurse bool, tkh keyhubmodel.VaultVaultRecordShareSummaryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecordShareSummaryAttrTypesDSRecurse
+	} else {
+		attrs = vaultVaultRecordShareSummaryAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["children"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetChildren(), func(tkh keyhubmodel.VaultVaultRecordShareable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSVaultVaultRecordShare(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["children"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSVaultVaultRecordShare(recurse, tkh.GetParent())
+		diags.Append(d...)
+		obj["parent"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSVaultVaultRecord_additionalObjects(recurse bool, tkh keyhubmodel.VaultVaultRecord_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecord_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = vaultVaultRecord_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSVaultVaultRecordPrimer(recurse, tkh.GetParent())
+		diags.Append(d...)
+		obj["parent"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSVaultPasswordMetadata(recurse, tkh.GetPasswordMetadata())
+		diags.Append(d...)
+		obj["password_metadata"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSVaultVaultRecordSecrets(recurse, tkh.GetSecret())
+		diags.Append(d...)
+		obj["secret"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSVaultVaultRecordShareSummary(recurse, tkh.GetShareSummary())
+		diags.Append(d...)
+		obj["share_summary"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSVaultVaultRecordPrimerLinkableWrapper(recurse, tkh.GetShares())
+		diags.Append(d...)
+		obj["shares"] = getItemsAttr(val, attrs["shares"])
+	}
+	{
+		val, d := tkhToTFObjectDSLaunchpadVaultRecordLaunchpadTile(recurse, tkh.GetTile())
+		diags.Append(d...)
+		obj["tile"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSVaultVaultHolder(recurse, tkh.GetVaultholder())
+		diags.Append(d...)
+		obj["vaultholder"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSWebhookWebhook(recurse bool, tkh keyhubmodel.WebhookWebhookable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = webhookWebhookAttrTypesDSRecurse
+	} else {
+		attrs = webhookWebhookAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectDSWebhookWebhook_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["additional"] = types.ListNull(types.StringType)
+	{
+		val, d := tkhToTFObjectDSAuthAccountPrimer(false, tkh.GetAccount())
+		diags.Append(d...)
+		obj["account"] = val
+	}
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["all_types"] = types.BoolPointerValue(tkh.GetAllTypes())
+	obj["authentication_scheme"] = stringerToTF(tkh.GetAuthenticationScheme())
+	obj["basic_auth_password"] = types.StringPointerValue(tkh.GetBasicAuthPassword())
+	obj["basic_auth_username"] = types.StringPointerValue(tkh.GetBasicAuthUsername())
+	obj["bearer_token"] = types.StringPointerValue(tkh.GetBearerToken())
+	{
+		val, d := tkhToTFObjectDSClientClientApplicationPrimer(false, tkh.GetClient())
+		diags.Append(d...)
+		obj["client"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSCertificateCertificatePrimer(false, tkh.GetClientCertificate())
+		diags.Append(d...)
+		obj["client_certificate"] = val
+	}
+	obj["custom_header_name"] = types.StringPointerValue(tkh.GetCustomHeaderName())
+	obj["custom_header_value"] = types.StringPointerValue(tkh.GetCustomHeaderValue())
+	{
+		val, d := tkhToTFObjectDSDirectoryAccountDirectoryPrimer(false, tkh.GetDirectory())
+		diags.Append(d...)
+		obj["directory"] = val
+	}
+	{
+		val, d := tkhToTFObjectDSGroupGroupPrimer(false, tkh.GetGroup())
+		diags.Append(d...)
+		obj["group"] = val
+	}
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		val, d := tkhToTFObjectDSProvisioningProvisionedSystemPrimer(false, tkh.GetSystem())
+		diags.Append(d...)
+		obj["system"] = val
+	}
+	obj["tls"] = stringerToTF(tkh.GetTls())
+	{
+		val, d := tkhToTFObjectDSCertificateCertificatePrimer(false, tkh.GetTrustedCertificate())
+		diags.Append(d...)
+		obj["trusted_certificate"] = val
+	}
+	{
+		elemType := attrs["types"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetTypes(), func(tkh keyhubmodel.AuditAuditRecordType, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["types"] = val
+	}
+	obj["url"] = types.StringPointerValue(tkh.GetUrl())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["verbose_payloads"] = types.BoolPointerValue(tkh.GetVerbosePayloads())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSWebhookWebhookLinkableWrapper(recurse bool, tkh keyhubmodel.WebhookWebhookLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = webhookWebhookLinkableWrapperAttrTypesDSRecurse
+	} else {
+		attrs = webhookWebhookLinkableWrapperAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.WebhookWebhookable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectDSWebhookWebhook(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectDSWebhookWebhook_additionalObjects(recurse bool, tkh keyhubmodel.WebhookWebhook_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = webhookWebhook_additionalObjectsAttrTypesDSRecurse
+	} else {
+		attrs = webhookWebhook_additionalObjectsAttrTypesDS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectDSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
diff --git a/internal/provider/full-tkh-to-tf-rs.go b/internal/provider/full-tkh-to-tf-rs.go
new file mode 100644
index 0000000..d57c6de
--- /dev/null
+++ b/internal/provider/full-tkh-to-tf-rs.go
@@ -0,0 +1,4193 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+//lint:ignore U1000 Ignore unused functions in generated code
+package provider
+
+import (
+	"golang.org/x/exp/maps"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	keyhubmodel "github.com/topicuskeyhub/sdk-go/models"
+)
+
+func tkhToTFObjectRSAuditInfo(recurse bool, tkh keyhubmodel.AuditInfoable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = auditInfoAttrTypesRSRecurse
+	} else {
+		attrs = auditInfoAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["created_at"] = timePointerToTF(tkh.GetCreatedAt())
+	obj["created_by"] = types.StringPointerValue(tkh.GetCreatedBy())
+	obj["last_modified_at"] = timePointerToTF(tkh.GetLastModifiedAt())
+	obj["last_modified_by"] = types.StringPointerValue(tkh.GetLastModifiedBy())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGeneratedSecret(recurse bool, tkh keyhubmodel.GeneratedSecretable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = generatedSecretAttrTypesRSRecurse
+	} else {
+		attrs = generatedSecretAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["generated_secret"] = types.StringPointerValue(tkh.GetGeneratedSecret())
+	obj["old_secret"] = types.StringPointerValue(tkh.GetOldSecret())
+	obj["regenerate"] = types.BoolPointerValue(tkh.GetRegenerate())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSLinkable(recurse bool, tkh keyhubmodel.Linkableable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = linkableAttrTypesRSRecurse
+	} else {
+		attrs = linkableAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSNonLinkable(recurse bool, tkh keyhubmodel.NonLinkableable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = nonLinkableAttrTypesRSRecurse
+	} else {
+		attrs = nonLinkableAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSRestLink(recurse bool, tkh keyhubmodel.RestLinkable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = restLinkAttrTypesRSRecurse
+	} else {
+		attrs = restLinkAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["href"] = types.StringPointerValue(tkh.GetHref())
+	obj["id"] = types.Int64PointerValue(tkh.GetId())
+	obj["rel"] = types.StringPointerValue(tkh.GetRel())
+	obj["type_escaped"] = types.StringPointerValue(tkh.GetTypeEscaped())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSAuthAccountPrimer(recurse bool, tkh keyhubmodel.AuthAccountPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = authAccountPrimerAttrTypesRSRecurse
+	} else {
+		attrs = authAccountPrimerAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["last_active"] = timePointerToTF(tkh.GetLastActive())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["validity"] = stringerToTF(tkh.GetValidity())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSAuthPermission(recurse bool, tkh keyhubmodel.AuthPermissionable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = authPermissionAttrTypesRSRecurse
+	} else {
+		attrs = authPermissionAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["full"] = types.StringPointerValue(tkh.GetFull())
+	{
+		elemType := attrs["instances"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetInstances(), func(tkh string, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh)
+		})
+		diags.Append(d...)
+		obj["instances"] = val
+	}
+	{
+		elemType := attrs["operations"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetOperations(), func(tkh keyhubmodel.AuthPermittedOperation, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["operations"] = val
+	}
+	obj["type_escaped"] = types.StringPointerValue(tkh.GetTypeEscaped())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSCertificateCertificatePrimer(recurse bool, tkh keyhubmodel.CertificateCertificatePrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = certificateCertificatePrimerAttrTypesRSRecurse
+	} else {
+		attrs = certificateCertificatePrimerAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["alias"] = types.StringPointerValue(tkh.GetAlias())
+	obj["type"] = stringerToTF(tkh.GetCertificateCertificatePrimerType())
+	{
+		elemType := attrs["certificate_data"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetCertificateData(), func(tkh string, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh)
+		})
+		diags.Append(d...)
+		obj["certificate_data"] = val
+	}
+	obj["expiration"] = timePointerToTF(tkh.GetExpiration())
+	obj["fingerprint_sha1"] = types.StringPointerValue(tkh.GetFingerprintSha1())
+	obj["fingerprint_sha256"] = types.StringPointerValue(tkh.GetFingerprintSha256())
+	obj["global"] = types.BoolPointerValue(tkh.GetGlobal())
+	obj["subject_dn"] = types.StringPointerValue(tkh.GetSubjectDN())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSClientApplicationVaultVaultRecord(recurse bool, tkh keyhubmodel.VaultVaultRecordable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientApplicationVaultVaultRecordAttrTypesRSRecurse
+	} else {
+		attrs = clientApplicationVaultVaultRecordAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSVaultVaultRecord_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	obj["client_application_uuid"] = types.StringNull()
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["color"] = stringerToTF(tkh.GetColor())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["share_end_time"] = timePointerToTF(tkh.GetShareEndTime())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["derived"] = types.BoolPointerValue(tkh.GetDerived())
+	obj["end_date"] = stringerToTF(tkh.GetEndDate())
+	obj["filename"] = types.StringPointerValue(tkh.GetFilename())
+	{
+		elemType := attrs["types"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetTypes(), func(tkh keyhubmodel.VaultVaultSecretType, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["types"] = val
+	}
+	obj["url"] = types.StringPointerValue(tkh.GetUrl())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["warning_period"] = stringerToTF(tkh.GetWarningPeriod())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSClientClientApplication(recurse bool, tkh keyhubmodel.ClientClientApplicationable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientClientApplicationAttrTypesRSRecurse
+	} else {
+		attrs = clientClientApplicationAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSClientClientApplication_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["type"] = stringerToTF(tkh.GetClientClientApplicationPrimerType())
+	obj["client_id"] = types.StringPointerValue(tkh.GetClientId())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		elemType := attrs["scopes"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetScopes(), func(tkh string, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh)
+		})
+		diags.Append(d...)
+		obj["scopes"] = val
+	}
+	obj["sso_application"] = types.BoolPointerValue(tkh.GetSsoApplication())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["last_modified_at"] = timePointerToTF(tkh.GetLastModifiedAt())
+	obj["owner_uuid"] = withUuidToTF(tkh.GetOwner())
+	obj["technical_administrator_uuid"] = withUuidToTF(tkh.GetTechnicalAdministrator())
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ClientLdapClientable)
+		val, d := tkhToTFObjectRSClientLdapClient(false, tkhCast)
+		diags.Append(d...)
+		obj["ldap_client"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ClientOAuth2Clientable)
+		val, d := tkhToTFObjectRSClientOAuth2Client(false, tkhCast)
+		diags.Append(d...)
+		obj["o_auth2_client"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ClientSaml2Clientable)
+		val, d := tkhToTFObjectRSClientSaml2Client(false, tkhCast)
+		diags.Append(d...)
+		obj["saml2_client"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSClientClientApplicationLinkableWrapper(recurse bool, tkh keyhubmodel.ClientClientApplicationLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientClientApplicationLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = clientClientApplicationLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ClientClientApplicationable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSClientClientApplication(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSClientClientApplicationPrimer(recurse bool, tkh keyhubmodel.ClientClientApplicationPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientClientApplicationPrimerAttrTypesRSRecurse
+	} else {
+		attrs = clientClientApplicationPrimerAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["type"] = stringerToTF(tkh.GetClientClientApplicationPrimerType())
+	obj["client_id"] = types.StringPointerValue(tkh.GetClientId())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		elemType := attrs["scopes"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetScopes(), func(tkh string, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh)
+		})
+		diags.Append(d...)
+		obj["scopes"] = val
+	}
+	obj["sso_application"] = types.BoolPointerValue(tkh.GetSsoApplication())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSClientClientApplication_additionalObjects(recurse bool, tkh keyhubmodel.ClientClientApplication_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientClientApplication_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = clientClientApplication_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	obj["delete_tile"] = types.BoolPointerValue(tkh.GetDeleteTile())
+	{
+		val, d := tkhToTFObjectRSGroupGroupClientLinkableWrapper(recurse, tkh.GetGroupclients())
+		diags.Append(d...)
+		obj["groupclients"] = getItemsAttr(val, attrs["groupclients"])
+	}
+	{
+		val, d := tkhToTFObjectRSGroupGroupLinkableWrapper(recurse, tkh.GetGroups())
+		diags.Append(d...)
+		obj["groups"] = getItemsAttr(val, attrs["groups"])
+	}
+	{
+		val, d := tkhToTFObjectRSGeneratedSecret(recurse, tkh.GetSecret())
+		diags.Append(d...)
+		obj["secret"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSLaunchpadSsoApplicationLaunchpadTile(recurse, tkh.GetTile())
+		diags.Append(d...)
+		obj["tile"] = val
+	}
+	obj["vault_record_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetVaultRecordCount()))
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSClientLdapClient(recurse bool, tkh keyhubmodel.ClientLdapClientable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientLdapClientAttrTypesRSRecurse
+	} else {
+		attrs = clientLdapClientAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["bind_dn"] = types.StringPointerValue(tkh.GetBindDn())
+	obj["client_certificate_uuid"] = withUuidToTF(tkh.GetClientCertificate())
+	obj["share_secret_in_vault"] = types.BoolPointerValue(tkh.GetShareSecretInVault())
+	obj["shared_secret_uuid"] = withUuidToTF(tkh.GetSharedSecret())
+	obj["used_for_provisioning"] = types.BoolPointerValue(tkh.GetUsedForProvisioning())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSClientOAuth2Client(recurse bool, tkh keyhubmodel.ClientOAuth2Clientable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientOAuth2ClientAttrTypesRSRecurse
+	} else {
+		attrs = clientOAuth2ClientAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["account_permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetAccountPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["account_permissions"] = val
+	}
+	{
+		elemType := attrs["attributes"].(types.MapType).ElemType
+		val, d := mapToTF(elemType, tkh.GetAttributes().GetAdditionalData(), func(tkh any, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.(string))
+		})
+		diags.Append(d...)
+		obj["attributes"] = val
+	}
+	obj["callback_uri"] = types.StringPointerValue(tkh.GetCallbackURI())
+	obj["confidential"] = types.BoolPointerValue(tkh.GetConfidential())
+	obj["debug_mode"] = types.BoolPointerValue(tkh.GetDebugMode())
+	obj["id_token_claims"] = types.StringPointerValue(tkh.GetIdTokenClaims())
+	obj["initiate_login_uri"] = types.StringPointerValue(tkh.GetInitiateLoginURI())
+	obj["resource_uris"] = types.StringPointerValue(tkh.GetResourceURIs())
+	obj["share_secret_in_vault"] = types.BoolPointerValue(tkh.GetShareSecretInVault())
+	obj["shared_secret_uuid"] = withUuidToTF(tkh.GetSharedSecret())
+	obj["show_landing_page"] = types.BoolPointerValue(tkh.GetShowLandingPage())
+	obj["use_client_credentials"] = types.BoolPointerValue(tkh.GetUseClientCredentials())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSClientOAuth2ClientPermission(recurse bool, tkh keyhubmodel.ClientOAuth2ClientPermissionable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientOAuth2ClientPermissionAttrTypesRSRecurse
+	} else {
+		attrs = clientOAuth2ClientPermissionAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSClientOAuth2ClientPermission_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["for_group_uuid"] = withUuidToTF(tkh.GetForGroup())
+	obj["for_system_uuid"] = withUuidToTF(tkh.GetForSystem())
+	obj["value"] = stringerToTF(tkh.GetValue())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSClientOAuth2ClientPermissionWithClient(recurse bool, tkh keyhubmodel.ClientOAuth2ClientPermissionWithClientable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientOAuth2ClientPermissionWithClientAttrTypesRSRecurse
+	} else {
+		attrs = clientOAuth2ClientPermissionWithClientAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSClientOAuth2ClientPermission_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["for_group_uuid"] = withUuidToTF(tkh.GetForGroup())
+	obj["for_system_uuid"] = withUuidToTF(tkh.GetForSystem())
+	obj["value"] = stringerToTF(tkh.GetValue())
+	obj["client_uuid"] = withUuidToTF(tkh.GetClient())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse bool, tkh keyhubmodel.ClientOAuth2ClientPermissionWithClientLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientOAuth2ClientPermissionWithClientLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = clientOAuth2ClientPermissionWithClientLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ClientOAuth2ClientPermissionWithClientable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSClientOAuth2ClientPermissionWithClient(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSClientOAuth2ClientPermission_additionalObjects(recurse bool, tkh keyhubmodel.ClientOAuth2ClientPermission_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientOAuth2ClientPermission_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = clientOAuth2ClientPermission_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSClientSaml2Client(recurse bool, tkh keyhubmodel.ClientSaml2Clientable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = clientSaml2ClientAttrTypesRSRecurse
+	} else {
+		attrs = clientSaml2ClientAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["attributes"].(types.MapType).ElemType
+		val, d := mapToTF(elemType, tkh.GetAttributes().GetAdditionalData(), func(tkh any, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.(string))
+		})
+		diags.Append(d...)
+		obj["attributes"] = val
+	}
+	obj["metadata"] = types.StringPointerValue(tkh.GetMetadata())
+	obj["metadata_url"] = types.StringPointerValue(tkh.GetMetadataUrl())
+	obj["subject_format"] = stringerToTF(tkh.GetSubjectFormat())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSDirectoryAccountDirectory(recurse bool, tkh keyhubmodel.DirectoryAccountDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectoryAttrTypesRSRecurse
+	} else {
+		attrs = directoryAccountDirectoryAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSDirectoryAccountDirectory_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["account_validity_supported"] = types.BoolPointerValue(tkh.GetAccountValiditySupported())
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["type"] = stringerToTF(tkh.GetDirectoryAccountDirectoryPrimerType())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["base_organizational_unit_uuid"] = withUuidToTF(tkh.GetBaseOrganizationalUnit())
+	obj["default_directory"] = types.BoolPointerValue(tkh.GetDefaultDirectory())
+	obj["helpdesk_group_uuid"] = withUuidToTF(tkh.GetHelpdeskGroup())
+	obj["restrict2fa"] = types.BoolPointerValue(tkh.GetRestrict2fa())
+	obj["rotating_password"] = stringerToTF(tkh.GetRotatingPassword())
+	obj["username_customizable"] = types.BoolPointerValue(tkh.GetUsernameCustomizable())
+	{
+		tkhCast, _ := tkh.(keyhubmodel.DirectoryInternalDirectoryable)
+		val, d := tkhToTFObjectRSDirectoryInternalDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["internal_directory"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.DirectoryLDAPDirectoryable)
+		val, d := tkhToTFObjectRSDirectoryLDAPDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["l_d_a_p_directory"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.DirectoryMaintenanceDirectoryable)
+		val, d := tkhToTFObjectRSDirectoryMaintenanceDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["maintenance_directory"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.DirectoryOIDCDirectoryable)
+		val, d := tkhToTFObjectRSDirectoryOIDCDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["o_id_c_directory"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSDirectoryAccountDirectoryLinkableWrapper(recurse bool, tkh keyhubmodel.DirectoryAccountDirectoryLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectoryLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = directoryAccountDirectoryLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.DirectoryAccountDirectoryable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSDirectoryAccountDirectory(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSDirectoryAccountDirectoryPrimer(recurse bool, tkh keyhubmodel.DirectoryAccountDirectoryPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectoryPrimerAttrTypesRSRecurse
+	} else {
+		attrs = directoryAccountDirectoryPrimerAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["account_validity_supported"] = types.BoolPointerValue(tkh.GetAccountValiditySupported())
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["type"] = stringerToTF(tkh.GetDirectoryAccountDirectoryPrimerType())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSDirectoryAccountDirectoryStatusReport(recurse bool, tkh keyhubmodel.DirectoryAccountDirectoryStatusReportable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectoryStatusReportAttrTypesRSRecurse
+	} else {
+		attrs = directoryAccountDirectoryStatusReportAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["accounts"] = types.Int64PointerValue(tkh.GetAccounts())
+	obj["reason"] = types.StringPointerValue(tkh.GetReason())
+	obj["status"] = stringerToTF(tkh.GetStatus())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSDirectoryAccountDirectorySummary(recurse bool, tkh keyhubmodel.DirectoryAccountDirectorySummaryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectorySummaryAttrTypesRSRecurse
+	} else {
+		attrs = directoryAccountDirectorySummaryAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["type"] = stringerToTF(tkh.GetDirectoryAccountDirectorySummaryType())
+	obj["domain_restriction"] = types.StringPointerValue(tkh.GetDomainRestriction())
+	obj["fully_resolved_issuer"] = types.StringPointerValue(tkh.GetFullyResolvedIssuer())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		val, d := tkhToTFObjectRSDirectoryAccountDirectoryStatusReport(recurse, tkh.GetStatus())
+		diags.Append(d...)
+		obj["status"] = val
+	}
+	obj["username_customizable"] = types.BoolPointerValue(tkh.GetUsernameCustomizable())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSDirectoryAccountDirectorySummaryLinkableWrapper(recurse bool, tkh keyhubmodel.DirectoryAccountDirectorySummaryLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectorySummaryLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = directoryAccountDirectorySummaryLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.DirectoryAccountDirectorySummaryable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSDirectoryAccountDirectorySummary(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSDirectoryAccountDirectory_additionalObjects(recurse bool, tkh keyhubmodel.DirectoryAccountDirectory_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryAccountDirectory_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = directoryAccountDirectory_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSMarkItemMarkers(recurse, tkh.GetMarkers())
+		diags.Append(d...)
+		obj["markers"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSDirectoryAccountDirectoryStatusReport(recurse, tkh.GetStatus())
+		diags.Append(d...)
+		obj["status"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSDirectoryInternalDirectory(recurse bool, tkh keyhubmodel.DirectoryInternalDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryInternalDirectoryAttrTypesRSRecurse
+	} else {
+		attrs = directoryInternalDirectoryAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["owner_uuid"] = withUuidToTF(tkh.GetOwner())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSDirectoryLDAPDirectory(recurse bool, tkh keyhubmodel.DirectoryLDAPDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryLDAPDirectoryAttrTypesRSRecurse
+	} else {
+		attrs = directoryLDAPDirectoryAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["attributes_to_store"] = types.StringPointerValue(tkh.GetAttributesToStore())
+	obj["base_dn"] = types.StringPointerValue(tkh.GetBaseDN())
+	obj["client_certificate_uuid"] = withUuidToTF(tkh.GetClientCertificate())
+	obj["dialect"] = stringerToTF(tkh.GetDialect())
+	obj["failover_host"] = types.StringPointerValue(tkh.GetFailoverHost())
+	obj["failover_trusted_certificate_uuid"] = withUuidToTF(tkh.GetFailoverTrustedCertificate())
+	obj["host"] = types.StringPointerValue(tkh.GetHost())
+	obj["password_recovery"] = stringerToTF(tkh.GetPasswordRecovery())
+	obj["port"] = types.Int64PointerValue(int32PToInt64P(tkh.GetPort()))
+	obj["search_bind_dn"] = types.StringPointerValue(tkh.GetSearchBindDN())
+	obj["search_bind_password"] = types.StringPointerValue(tkh.GetSearchBindPassword())
+	obj["search_filter"] = types.StringPointerValue(tkh.GetSearchFilter())
+	obj["tls"] = stringerToTF(tkh.GetTls())
+	obj["trusted_certificate_uuid"] = withUuidToTF(tkh.GetTrustedCertificate())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSDirectoryMaintenanceDirectory(recurse bool, tkh keyhubmodel.DirectoryMaintenanceDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryMaintenanceDirectoryAttrTypesRSRecurse
+	} else {
+		attrs = directoryMaintenanceDirectoryAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSDirectoryOIDCDirectory(recurse bool, tkh keyhubmodel.DirectoryOIDCDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = directoryOIDCDirectoryAttrTypesRSRecurse
+	} else {
+		attrs = directoryOIDCDirectoryAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["acr_values"] = types.StringPointerValue(tkh.GetAcrValues())
+	obj["attributes_to_store"] = types.StringPointerValue(tkh.GetAttributesToStore())
+	obj["client_id"] = types.StringPointerValue(tkh.GetClientId())
+	obj["client_secret"] = types.StringPointerValue(tkh.GetClientSecret())
+	obj["domain_restriction"] = types.StringPointerValue(tkh.GetDomainRestriction())
+	obj["enforces2fa"] = types.BoolPointerValue(tkh.GetEnforces2fa())
+	obj["fully_resolved_issuer"] = types.StringPointerValue(tkh.GetFullyResolvedIssuer())
+	obj["issuer"] = types.StringPointerValue(tkh.GetIssuer())
+	obj["logout_url"] = types.StringPointerValue(tkh.GetLogoutUrl())
+	obj["send_login_hint"] = types.BoolPointerValue(tkh.GetSendLoginHint())
+	obj["vendor_escaped"] = stringerToTF(tkh.GetVendorEscaped())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupAuthorizedGroupsWrapper(recurse bool, tkh keyhubmodel.GroupAuthorizedGroupsWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupAuthorizedGroupsWrapperAttrTypesRSRecurse
+	} else {
+		attrs = groupAuthorizedGroupsWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupGroupable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSGroupGroup(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+	obj["group_count"] = types.Int64PointerValue(tkh.GetGroupCount())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroup(recurse bool, tkh keyhubmodel.GroupGroupable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSGroupGroup_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["admin"] = types.BoolPointerValue(tkh.GetAdmin())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["application_administration"] = types.BoolPointerValue(tkh.GetApplicationAdministration())
+	{
+		val, d := tkhToTFObjectRSGroupGroupAuditConfig(false, tkh.GetAuditConfig())
+		diags.Append(d...)
+		obj["audit_config"] = val
+	}
+	obj["audit_requested"] = types.BoolPointerValue(tkh.GetAuditRequested())
+	obj["auditor"] = types.BoolPointerValue(tkh.GetAuditor())
+	obj["authorizing_group_auditing_uuid"] = withUuidToTF(tkh.GetAuthorizingGroupAuditing())
+	obj["authorizing_group_delegation_uuid"] = withUuidToTF(tkh.GetAuthorizingGroupDelegation())
+	obj["authorizing_group_membership_uuid"] = withUuidToTF(tkh.GetAuthorizingGroupMembership())
+	obj["authorizing_group_provisioning_uuid"] = withUuidToTF(tkh.GetAuthorizingGroupProvisioning())
+	{
+		elemType := attrs["authorizing_group_types"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetAuthorizingGroupTypes(), func(tkh keyhubmodel.RequestAuthorizingGroupType, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["authorizing_group_types"] = val
+	}
+	obj["classification_uuid"] = withUuidToTF(tkh.GetClassification())
+	obj["description"] = types.StringPointerValue(tkh.GetDescription())
+	obj["extended_access"] = stringerToTF(tkh.GetExtendedAccess())
+	obj["hide_audit_trail"] = types.BoolPointerValue(tkh.GetHideAuditTrail())
+	obj["nested_under_uuid"] = withUuidToTF(tkh.GetNestedUnder())
+	obj["organizational_unit_uuid"] = withUuidToTF(tkh.GetOrganizationalUnit())
+	obj["private_group"] = types.BoolPointerValue(tkh.GetPrivateGroup())
+	obj["record_trail"] = types.BoolPointerValue(tkh.GetRecordTrail())
+	obj["rotating_password_required"] = types.BoolPointerValue(tkh.GetRotatingPasswordRequired())
+	obj["single_managed"] = types.BoolPointerValue(tkh.GetSingleManaged())
+	obj["vault_recovery"] = stringerToTF(tkh.GetVaultRecovery())
+	obj["vault_requires_activation"] = types.BoolPointerValue(tkh.GetVaultRequiresActivation())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupAccount(recurse bool, tkh keyhubmodel.GroupGroupAccountable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAccountAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupAccountAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSGroupGroupAccount_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	obj["uuid"] = withUuidToTF(tkh)
+	obj["directory_uuid"] = withUuidToTF(tkh.GetDirectory())
+	obj["disconnected_nested"] = types.BoolPointerValue(tkh.GetDisconnectedNested())
+	obj["end_date"] = stringerToTF(tkh.GetEndDate())
+	obj["last_used"] = stringerToTF(tkh.GetLastUsed())
+	obj["nested"] = types.BoolPointerValue(tkh.GetNested())
+	obj["provisioning_end_time"] = timePointerToTF(tkh.GetProvisioningEndTime())
+	obj["rights"] = stringerToTF(tkh.GetRights())
+	obj["two_factor_status"] = stringerToTF(tkh.GetTwoFactorStatus())
+	obj["visible_for_provisioning"] = types.BoolPointerValue(tkh.GetVisibleForProvisioning())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupAccountLinkableWrapper(recurse bool, tkh keyhubmodel.GroupGroupAccountLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAccountLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupAccountLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupGroupAccountable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSGroupGroupAccount(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupAccount_additionalObjects(recurse bool, tkh keyhubmodel.GroupGroupAccount_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAccount_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupAccount_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupAudit(recurse bool, tkh keyhubmodel.GroupGroupAuditable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAuditAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupAuditAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSGroupGroupAudit_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	{
+		elemType := attrs["accounts"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetAccounts(), func(tkh keyhubmodel.GroupGroupAuditAccountable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSGroupGroupAuditAccount(false, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["accounts"] = val
+	}
+	obj["comment"] = types.StringPointerValue(tkh.GetComment())
+	obj["created_at"] = timePointerToTF(tkh.GetCreatedAt())
+	obj["created_by"] = types.StringPointerValue(tkh.GetCreatedBy())
+	obj["group_name"] = types.StringPointerValue(tkh.GetGroupName())
+	obj["name_on_audit"] = types.StringPointerValue(tkh.GetNameOnAudit())
+	obj["reviewed_at"] = timePointerToTF(tkh.GetReviewedAt())
+	obj["reviewed_by"] = types.StringPointerValue(tkh.GetReviewedBy())
+	obj["status"] = stringerToTF(tkh.GetStatus())
+	obj["submitted_at"] = timePointerToTF(tkh.GetSubmittedAt())
+	obj["submitted_by"] = types.StringPointerValue(tkh.GetSubmittedBy())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupAuditAccount(recurse bool, tkh keyhubmodel.GroupGroupAuditAccountable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAuditAccountAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupAuditAccountAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["account_uuid"] = types.StringPointerValue(tkh.GetAccountUuid())
+	obj["account_valid"] = types.BoolPointerValue(tkh.GetAccountValid())
+	obj["action"] = stringerToTF(tkh.GetAction())
+	obj["comment"] = types.StringPointerValue(tkh.GetComment())
+	obj["disconnected_nested"] = types.BoolPointerValue(tkh.GetDisconnectedNested())
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["end_date"] = stringerToTF(tkh.GetEndDate())
+	obj["last_active"] = timePointerToTF(tkh.GetLastActive())
+	obj["last_used"] = stringerToTF(tkh.GetLastUsed())
+	obj["nested"] = types.BoolPointerValue(tkh.GetNested())
+	obj["rights"] = stringerToTF(tkh.GetRights())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupAuditConfig(recurse bool, tkh keyhubmodel.GroupGroupAuditConfigable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAuditConfigAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupAuditConfigAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	{
+		elemType := attrs["months"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetMonths(), func(tkh keyhubmodel.Month, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["months"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupAuditLinkableWrapper(recurse bool, tkh keyhubmodel.GroupGroupAuditLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAuditLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupAuditLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupGroupAuditable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSGroupGroupAudit(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupAudit_additionalObjects(recurse bool, tkh keyhubmodel.GroupGroupAudit_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAudit_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupAudit_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupAuditingInfo(recurse bool, tkh keyhubmodel.GroupGroupAuditingInfoable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupAuditingInfoAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupAuditingInfoAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["audit_due_date"] = stringerToTF(tkh.GetAuditDueDate())
+	obj["last_audit_date"] = stringerToTF(tkh.GetLastAuditDate())
+	obj["nr_accounts"] = types.Int64PointerValue(tkh.GetNrAccounts())
+	obj["nr_disabled_accounts"] = types.Int64PointerValue(tkh.GetNrDisabledAccounts())
+	obj["nr_disabled_managers"] = types.Int64PointerValue(tkh.GetNrDisabledManagers())
+	obj["nr_expired_vault_records"] = types.Int64PointerValue(tkh.GetNrExpiredVaultRecords())
+	obj["nr_managers"] = types.Int64PointerValue(tkh.GetNrManagers())
+	obj["nr_vault_records_with_end_date"] = types.Int64PointerValue(tkh.GetNrVaultRecordsWithEndDate())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupClassificationPrimer(recurse bool, tkh keyhubmodel.GroupGroupClassificationPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupClassificationPrimerAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupClassificationPrimerAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupClient(recurse bool, tkh keyhubmodel.GroupGroupClientable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupClientAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupClientAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSGroupGroupClient_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["activation_required"] = types.BoolPointerValue(tkh.GetActivationRequired())
+	obj["client_uuid"] = withUuidToTF(tkh.GetClient())
+	obj["group_uuid"] = withUuidToTF(tkh.GetGroup())
+	obj["owner_uuid"] = withUuidToTF(tkh.GetOwner())
+	obj["technical_administrator_uuid"] = withUuidToTF(tkh.GetTechnicalAdministrator())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupClientLinkableWrapper(recurse bool, tkh keyhubmodel.GroupGroupClientLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupClientLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupClientLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupGroupClientable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSGroupGroupClient(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupClient_additionalObjects(recurse bool, tkh keyhubmodel.GroupGroupClient_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupClient_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupClient_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupInfo(recurse bool, tkh keyhubmodel.GroupGroupInfoable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupInfoAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupInfoAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["nr_accounts"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrAccounts()))
+	obj["nr_accounts_with_vault"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrAccountsWithVault()))
+	obj["nr_audits"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrAudits()))
+	obj["nr_clients"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrClients()))
+	obj["nr_provisioned_systems"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrProvisionedSystems()))
+	obj["nr_vault_records"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNrVaultRecords()))
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupLinkableWrapper(recurse bool, tkh keyhubmodel.GroupGroupLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupGroupable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSGroupGroup(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupPrimer(recurse bool, tkh keyhubmodel.GroupGroupPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupPrimerAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupPrimerAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["admin"] = types.BoolPointerValue(tkh.GetAdmin())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroupPrimerLinkableWrapper(recurse bool, tkh keyhubmodel.GroupGroupPrimerLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroupPrimerLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = groupGroupPrimerLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupGroupPrimerable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSGroupGroupPrimer(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupGroup_additionalObjects(recurse bool, tkh keyhubmodel.GroupGroup_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupGroup_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = groupGroup_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSGroupGroupAccountLinkableWrapper(recurse, tkh.GetAccounts())
+		diags.Append(d...)
+		obj["accounts"] = getItemsAttr(val, attrs["accounts"])
+	}
+	{
+		val, d := tkhToTFObjectRSClientClientApplicationLinkableWrapper(recurse, tkh.GetAdministeredClients())
+		diags.Append(d...)
+		obj["administered_clients"] = getItemsAttr(val, attrs["administered_clients"])
+	}
+	{
+		val, d := tkhToTFObjectRSProvisioningProvisionedSystemLinkableWrapper(recurse, tkh.GetAdministeredSystems())
+		diags.Append(d...)
+		obj["administered_systems"] = getItemsAttr(val, attrs["administered_systems"])
+	}
+	{
+		val, d := tkhToTFObjectRSGroupGroupAccountLinkableWrapper(recurse, tkh.GetAdmins())
+		diags.Append(d...)
+		obj["admins"] = getItemsAttr(val, attrs["admins"])
+	}
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSGroupAuthorizedGroupsWrapper(recurse, tkh.GetAuthorizedGroups())
+		diags.Append(d...)
+		obj["authorized_groups"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse, tkh.GetClientPermissions())
+		diags.Append(d...)
+		obj["client_permissions"] = getItemsAttr(val, attrs["client_permissions"])
+	}
+	{
+		val, d := tkhToTFObjectRSGroupGroupClientLinkableWrapper(recurse, tkh.GetClients())
+		diags.Append(d...)
+		obj["clients"] = getItemsAttr(val, attrs["clients"])
+	}
+	{
+		val, d := tkhToTFObjectRSProvisioningProvisionedSystemLinkableWrapper(recurse, tkh.GetContentAdministeredSystems())
+		diags.Append(d...)
+		obj["content_administered_systems"] = getItemsAttr(val, attrs["content_administered_systems"])
+	}
+	{
+		val, d := tkhToTFObjectRSGroupGroupAuditingInfo(recurse, tkh.GetGroupauditinginfo())
+		diags.Append(d...)
+		obj["groupauditinginfo"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSGroupGroupInfo(recurse, tkh.GetGroupinfo())
+		diags.Append(d...)
+		obj["groupinfo"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSDirectoryAccountDirectorySummaryLinkableWrapper(recurse, tkh.GetHelpdesk())
+		diags.Append(d...)
+		obj["helpdesk"] = getItemsAttr(val, attrs["helpdesk"])
+	}
+	{
+		val, d := tkhToTFObjectRSMarkItemMarkers(recurse, tkh.GetMarkers())
+		diags.Append(d...)
+		obj["markers"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSGroupGroupAccount(recurse, tkh.GetMyaccount())
+		diags.Append(d...)
+		obj["myaccount"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSGroupGroupAccount(recurse, tkh.GetMydelegatedaccount())
+		diags.Append(d...)
+		obj["mydelegatedaccount"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSGroupGroupPrimerLinkableWrapper(recurse, tkh.GetNestedGroups())
+		diags.Append(d...)
+		obj["nested_groups"] = getItemsAttr(val, attrs["nested_groups"])
+	}
+	{
+		val, d := tkhToTFObjectRSClientClientApplicationLinkableWrapper(recurse, tkh.GetOwnedClients())
+		diags.Append(d...)
+		obj["owned_clients"] = getItemsAttr(val, attrs["owned_clients"])
+	}
+	{
+		val, d := tkhToTFObjectRSDirectoryAccountDirectoryLinkableWrapper(recurse, tkh.GetOwnedDirectories())
+		diags.Append(d...)
+		obj["owned_directories"] = getItemsAttr(val, attrs["owned_directories"])
+	}
+	{
+		val, d := tkhToTFObjectRSProvisioningOwnedGroupOnSystemsWrapper(recurse, tkh.GetOwnedGroupsOnSystem())
+		diags.Append(d...)
+		obj["owned_groups_on_system"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSOrganizationOrganizationalUnitLinkableWrapper(recurse, tkh.GetOwnedOrganizationalUnits())
+		diags.Append(d...)
+		obj["owned_organizational_units"] = getItemsAttr(val, attrs["owned_organizational_units"])
+	}
+	{
+		val, d := tkhToTFObjectRSProvisioningProvisionedSystemLinkableWrapper(recurse, tkh.GetOwnedSystems())
+		diags.Append(d...)
+		obj["owned_systems"] = getItemsAttr(val, attrs["owned_systems"])
+	}
+	{
+		val, d := tkhToTFObjectRSGroupGroupAuditLinkableWrapper(recurse, tkh.GetRecentAudits())
+		diags.Append(d...)
+		obj["recent_audits"] = getItemsAttr(val, attrs["recent_audits"])
+	}
+	obj["requeststatus"] = stringerToTF(tkh.GetRequeststatus())
+	{
+		val, d := tkhToTFObjectRSServiceaccountServiceAccountLinkableWrapper(recurse, tkh.GetServiceAccounts())
+		diags.Append(d...)
+		obj["service_accounts"] = getItemsAttr(val, attrs["service_accounts"])
+	}
+	{
+		val, d := tkhToTFObjectRSGroupProvisioningGroupLinkableWrapper(recurse, tkh.GetSystems())
+		diags.Append(d...)
+		obj["systems"] = getItemsAttr(val, attrs["systems"])
+	}
+	{
+		val, d := tkhToTFObjectRSVaultVault(recurse, tkh.GetVault())
+		diags.Append(d...)
+		obj["vault"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSWebhookWebhookLinkableWrapper(recurse, tkh.GetWebhooks())
+		diags.Append(d...)
+		obj["webhooks"] = getItemsAttr(val, attrs["webhooks"])
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupProvisioningGroup(recurse bool, tkh keyhubmodel.GroupProvisioningGroupable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupProvisioningGroupAttrTypesRSRecurse
+	} else {
+		attrs = groupProvisioningGroupAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSGroupProvisioningGroup_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["activation_required"] = types.BoolPointerValue(tkh.GetActivationRequired())
+	obj["group_uuid"] = withUuidToTF(tkh.GetGroup())
+	{
+		val, d := tkhToTFObjectRSProvisioningGroupOnSystem(false, tkh.GetGroupOnSystem())
+		diags.Append(d...)
+		obj["group_on_system"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupProvisioningGroupLinkableWrapper(recurse bool, tkh keyhubmodel.GroupProvisioningGroupLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupProvisioningGroupLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = groupProvisioningGroupLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.GroupProvisioningGroupable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSGroupProvisioningGroup(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupProvisioningGroup_additionalObjects(recurse bool, tkh keyhubmodel.GroupProvisioningGroup_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupProvisioningGroup_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = groupProvisioningGroup_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSGroupVaultVaultRecord(recurse bool, tkh keyhubmodel.VaultVaultRecordable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = groupVaultVaultRecordAttrTypesRSRecurse
+	} else {
+		attrs = groupVaultVaultRecordAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSVaultVaultRecord_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	obj["group_uuid"] = types.StringNull()
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["color"] = stringerToTF(tkh.GetColor())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["share_end_time"] = timePointerToTF(tkh.GetShareEndTime())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["derived"] = types.BoolPointerValue(tkh.GetDerived())
+	obj["end_date"] = stringerToTF(tkh.GetEndDate())
+	obj["filename"] = types.StringPointerValue(tkh.GetFilename())
+	{
+		elemType := attrs["types"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetTypes(), func(tkh keyhubmodel.VaultVaultSecretType, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["types"] = val
+	}
+	obj["url"] = types.StringPointerValue(tkh.GetUrl())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["warning_period"] = stringerToTF(tkh.GetWarningPeriod())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSLaunchpadSsoApplicationLaunchpadTile(recurse bool, tkh keyhubmodel.LaunchpadSsoApplicationLaunchpadTileable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = launchpadSsoApplicationLaunchpadTileAttrTypesRSRecurse
+	} else {
+		attrs = launchpadSsoApplicationLaunchpadTileAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["uri"] = types.StringPointerValue(tkh.GetUri())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSLaunchpadVaultRecordLaunchpadTile(recurse bool, tkh keyhubmodel.LaunchpadVaultRecordLaunchpadTileable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = launchpadVaultRecordLaunchpadTileAttrTypesRSRecurse
+	} else {
+		attrs = launchpadVaultRecordLaunchpadTileAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSMarkItemMarker(recurse bool, tkh keyhubmodel.MarkItemMarkerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = markItemMarkerAttrTypesRSRecurse
+	} else {
+		attrs = markItemMarkerAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["level"] = stringerToTF(tkh.GetLevel())
+	obj["type"] = stringerToTF(tkh.GetMarkItemMarkerType())
+	{
+		elemType := attrs["parameters"].(types.MapType).ElemType
+		val, d := mapToTF(elemType, tkh.GetParameters().GetAdditionalData(), func(tkh any, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.(string))
+		})
+		diags.Append(d...)
+		obj["parameters"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSMarkItemMarkers(recurse bool, tkh keyhubmodel.MarkItemMarkersable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = markItemMarkersAttrTypesRSRecurse
+	} else {
+		attrs = markItemMarkersAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["markers"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetMarkers(), func(tkh keyhubmodel.MarkItemMarkerable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSMarkItemMarker(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["markers"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSNestedProvisioningGroupOnSystem(recurse bool, tkh keyhubmodel.ProvisioningGroupOnSystemable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = nestedProvisioningGroupOnSystemAttrTypesRSRecurse
+	} else {
+		attrs = nestedProvisioningGroupOnSystemAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSProvisioningGroupOnSystem_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	obj["provisioned_system_uuid"] = types.StringNull()
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["name_in_system"] = types.StringPointerValue(tkh.GetNameInSystem())
+	obj["type"] = stringerToTF(tkh.GetProvisioningGroupOnSystemPrimerType())
+	obj["short_name_in_system"] = types.StringPointerValue(tkh.GetShortNameInSystem())
+	obj["owner_uuid"] = withUuidToTF(tkh.GetOwner())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSOrganizationOrganizationalUnit(recurse bool, tkh keyhubmodel.OrganizationOrganizationalUnitable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = organizationOrganizationalUnitAttrTypesRSRecurse
+	} else {
+		attrs = organizationOrganizationalUnitAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSOrganizationOrganizationalUnit_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["depth"] = types.Int64PointerValue(int32PToInt64P(tkh.GetDepth()))
+	obj["description"] = types.StringPointerValue(tkh.GetDescription())
+	obj["owner_uuid"] = withUuidToTF(tkh.GetOwner())
+	obj["parent_uuid"] = withUuidToTF(tkh.GetParent())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSOrganizationOrganizationalUnitLinkableWrapper(recurse bool, tkh keyhubmodel.OrganizationOrganizationalUnitLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = organizationOrganizationalUnitLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = organizationOrganizationalUnitLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.OrganizationOrganizationalUnitable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSOrganizationOrganizationalUnit(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSOrganizationOrganizationalUnitPrimer(recurse bool, tkh keyhubmodel.OrganizationOrganizationalUnitPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = organizationOrganizationalUnitPrimerAttrTypesRSRecurse
+	} else {
+		attrs = organizationOrganizationalUnitPrimerAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSOrganizationOrganizationalUnitPrimerLinkableWrapper(recurse bool, tkh keyhubmodel.OrganizationOrganizationalUnitPrimerLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = organizationOrganizationalUnitPrimerLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = organizationOrganizationalUnitPrimerLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.OrganizationOrganizationalUnitPrimerable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSOrganizationOrganizationalUnitPrimer(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSOrganizationOrganizationalUnit_additionalObjects(recurse bool, tkh keyhubmodel.OrganizationOrganizationalUnit_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = organizationOrganizationalUnit_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = organizationOrganizationalUnit_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSOrganizationOrganizationalUnitPrimerLinkableWrapper(recurse, tkh.GetCreateAsParentOf())
+		diags.Append(d...)
+		obj["create_as_parent_of"] = getItemsAttr(val, attrs["create_as_parent_of"])
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningAbstractProvisionedLDAP(recurse bool, tkh keyhubmodel.ProvisioningAbstractProvisionedLDAPable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningAbstractProvisionedLDAPAttrTypesRSRecurse
+	} else {
+		attrs = provisioningAbstractProvisionedLDAPAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["attributes"].(types.MapType).ElemType
+		val, d := mapToTF(elemType, tkh.GetAttributes().GetAdditionalData(), func(tkh any, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.(string))
+		})
+		diags.Append(d...)
+		obj["attributes"] = val
+	}
+	obj["base_dn"] = types.StringPointerValue(tkh.GetBaseDN())
+	obj["bind_dn"] = types.StringPointerValue(tkh.GetBindDN())
+	obj["bind_password"] = types.StringPointerValue(tkh.GetBindPassword())
+	obj["client_certificate_uuid"] = withUuidToTF(tkh.GetClientCertificate())
+	obj["failover_host"] = types.StringPointerValue(tkh.GetFailoverHost())
+	obj["failover_trusted_certificate_uuid"] = withUuidToTF(tkh.GetFailoverTrustedCertificate())
+	obj["group_dn"] = types.StringPointerValue(tkh.GetGroupDN())
+	obj["host"] = types.StringPointerValue(tkh.GetHost())
+	obj["object_classes"] = types.StringPointerValue(tkh.GetObjectClasses())
+	obj["port"] = types.Int64PointerValue(int32PToInt64P(tkh.GetPort()))
+	obj["service_account_dn"] = types.StringPointerValue(tkh.GetServiceAccountDN())
+	obj["ssh_public_key_supported"] = types.BoolPointerValue(tkh.GetSshPublicKeySupported())
+	obj["tls"] = stringerToTF(tkh.GetTls())
+	obj["trusted_certificate_uuid"] = withUuidToTF(tkh.GetTrustedCertificate())
+	obj["user_dn"] = types.StringPointerValue(tkh.GetUserDN())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningCircuitBreakerStatistics(recurse bool, tkh keyhubmodel.ProvisioningCircuitBreakerStatisticsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningCircuitBreakerStatisticsAttrTypesRSRecurse
+	} else {
+		attrs = provisioningCircuitBreakerStatisticsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["number_of_failed_calls"] = types.Int64PointerValue(tkh.GetNumberOfFailedCalls())
+	obj["number_of_not_permitted_calls"] = types.Int64PointerValue(tkh.GetNumberOfNotPermittedCalls())
+	obj["number_of_successful_calls"] = types.Int64PointerValue(tkh.GetNumberOfSuccessfulCalls())
+	obj["state"] = stringerToTF(tkh.GetState())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningGroupOnSystem(recurse bool, tkh keyhubmodel.ProvisioningGroupOnSystemable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningGroupOnSystemAttrTypesRSRecurse
+	} else {
+		attrs = provisioningGroupOnSystemAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSProvisioningGroupOnSystem_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["name_in_system"] = types.StringPointerValue(tkh.GetNameInSystem())
+	obj["type"] = stringerToTF(tkh.GetProvisioningGroupOnSystemPrimerType())
+	obj["short_name_in_system"] = types.StringPointerValue(tkh.GetShortNameInSystem())
+	obj["owner_uuid"] = withUuidToTF(tkh.GetOwner())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningGroupOnSystemLinkableWrapper(recurse bool, tkh keyhubmodel.ProvisioningGroupOnSystemLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningGroupOnSystemLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = provisioningGroupOnSystemLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ProvisioningGroupOnSystemable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSProvisioningGroupOnSystem(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningGroupOnSystemPrimer(recurse bool, tkh keyhubmodel.ProvisioningGroupOnSystemPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningGroupOnSystemPrimerAttrTypesRSRecurse
+	} else {
+		attrs = provisioningGroupOnSystemPrimerAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["name_in_system"] = types.StringPointerValue(tkh.GetNameInSystem())
+	obj["type"] = stringerToTF(tkh.GetProvisioningGroupOnSystemPrimerType())
+	obj["short_name_in_system"] = types.StringPointerValue(tkh.GetShortNameInSystem())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningGroupOnSystemTypes(recurse bool, tkh keyhubmodel.ProvisioningGroupOnSystemTypesable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningGroupOnSystemTypesAttrTypesRSRecurse
+	} else {
+		attrs = provisioningGroupOnSystemTypesAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["types"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetTypes(), func(tkh keyhubmodel.ProvisioningGroupOnSystemType, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["types"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningGroupOnSystem_additionalObjects(recurse bool, tkh keyhubmodel.ProvisioningGroupOnSystem_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningGroupOnSystem_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = provisioningGroupOnSystem_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSGroupProvisioningGroupLinkableWrapper(recurse, tkh.GetProvgroups())
+		diags.Append(d...)
+		obj["provgroups"] = getItemsAttr(val, attrs["provgroups"])
+	}
+	{
+		val, d := tkhToTFObjectRSServiceaccountServiceAccountPrimerLinkableWrapper(recurse, tkh.GetServiceAccounts())
+		diags.Append(d...)
+		obj["service_accounts"] = getItemsAttr(val, attrs["service_accounts"])
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningOwnedGroupOnSystemsWrapper(recurse bool, tkh keyhubmodel.ProvisioningOwnedGroupOnSystemsWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningOwnedGroupOnSystemsWrapperAttrTypesRSRecurse
+	} else {
+		attrs = provisioningOwnedGroupOnSystemsWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ProvisioningGroupOnSystemable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSProvisioningGroupOnSystem(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+	obj["unlinked_count"] = types.Int64PointerValue(tkh.GetUnlinkedCount())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionNumberSequence(recurse bool, tkh keyhubmodel.ProvisioningProvisionNumberSequenceable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionNumberSequenceAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionNumberSequenceAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSProvisioningProvisionNumberSequence_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["account_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetAccountCount()))
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["next_uid"] = types.Int64PointerValue(tkh.GetNextUID())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionNumberSequence_additionalObjects(recurse bool, tkh keyhubmodel.ProvisioningProvisionNumberSequence_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionNumberSequence_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionNumberSequence_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSProvisioningProvisionedSystemPrimerLinkableWrapper(recurse, tkh.GetSystems())
+		diags.Append(d...)
+		obj["systems"] = getItemsAttr(val, attrs["systems"])
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedAD(recurse bool, tkh keyhubmodel.ProvisioningProvisionedADable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedADAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedADAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["sam_account_name_scheme"] = stringerToTF(tkh.GetSamAccountNameScheme())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedAccount(recurse bool, tkh keyhubmodel.ProvisioningProvisionedAccountable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedAccountAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedAccountAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSProvisioningProvisionedAccount_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	obj["uuid"] = withUuidToTF(tkh)
+	obj["uid"] = types.Int64PointerValue(tkh.GetUid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedAccount_additionalObjects(recurse bool, tkh keyhubmodel.ProvisioningProvisionedAccount_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedAccount_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedAccount_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedAzureOIDCDirectory(recurse bool, tkh keyhubmodel.ProvisioningProvisionedAzureOIDCDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedAzureOIDCDirectoryAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedAzureOIDCDirectoryAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["directory_uuid"] = withUuidToTF(tkh.GetDirectory())
+	obj["tenant"] = types.StringPointerValue(tkh.GetTenant())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedAzureSyncLDAPDirectory(recurse bool, tkh keyhubmodel.ProvisioningProvisionedAzureSyncLDAPDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedAzureSyncLDAPDirectoryAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedAzureSyncLDAPDirectoryAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["client_id"] = types.StringPointerValue(tkh.GetClientId())
+	obj["client_secret"] = types.StringPointerValue(tkh.GetClientSecret())
+	obj["directory_uuid"] = withUuidToTF(tkh.GetDirectory())
+	obj["tenant"] = types.StringPointerValue(tkh.GetTenant())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedAzureTenant(recurse bool, tkh keyhubmodel.ProvisioningProvisionedAzureTenantable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedAzureTenantAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedAzureTenantAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["client_id"] = types.StringPointerValue(tkh.GetClientId())
+	obj["client_secret"] = types.StringPointerValue(tkh.GetClientSecret())
+	obj["idp_domain"] = types.StringPointerValue(tkh.GetIdpDomain())
+	obj["tenant"] = types.StringPointerValue(tkh.GetTenant())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedInternalLDAP(recurse bool, tkh keyhubmodel.ProvisioningProvisionedInternalLDAPable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedInternalLDAPAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedInternalLDAPAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["client_uuid"] = withUuidToTF(tkh.GetClient())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedLDAP(recurse bool, tkh keyhubmodel.ProvisioningProvisionedLDAPable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedLDAPAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedLDAPAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["gid"] = types.Int64PointerValue(tkh.GetGid())
+	obj["hashing_scheme"] = stringerToTF(tkh.GetHashingScheme())
+	{
+		val, d := tkhToTFObjectRSProvisioningProvisionNumberSequence(recurse, tkh.GetNumbering())
+		diags.Append(d...)
+		obj["numbering"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedLDAPDirectory(recurse bool, tkh keyhubmodel.ProvisioningProvisionedLDAPDirectoryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedLDAPDirectoryAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedLDAPDirectoryAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["directory_uuid"] = withUuidToTF(tkh.GetDirectory())
+	obj["group_dn"] = types.StringPointerValue(tkh.GetGroupDN())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedSystem(recurse bool, tkh keyhubmodel.ProvisioningProvisionedSystemable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedSystemAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedSystemAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSProvisioningProvisionedSystem_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["organizational_unit_uuid"] = withUuidToTF(tkh.GetOrganizationalUnit())
+	obj["type"] = stringerToTF(tkh.GetProvisioningProvisionedSystemPrimerType())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["account_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetAccountCount()))
+	obj["content_administrator_uuid"] = withUuidToTF(tkh.GetContentAdministrator())
+	obj["external_uuid"] = stringerToTF(tkh.GetExternalUuid())
+	obj["owner_uuid"] = withUuidToTF(tkh.GetOwner())
+	obj["self_service_existing_groups"] = types.BoolPointerValue(tkh.GetSelfServiceExistingGroups())
+	obj["self_service_new_groups"] = types.BoolPointerValue(tkh.GetSelfServiceNewGroups())
+	obj["self_service_service_accounts"] = types.BoolPointerValue(tkh.GetSelfServiceServiceAccounts())
+	obj["should_destroy_unknown_accounts"] = types.BoolPointerValue(tkh.GetShouldDestroyUnknownAccounts())
+	obj["technical_administrator_uuid"] = withUuidToTF(tkh.GetTechnicalAdministrator())
+	obj["username_prefix"] = types.StringPointerValue(tkh.GetUsernamePrefix())
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningAbstractProvisionedLDAPable)
+		val, d := tkhToTFObjectRSProvisioningAbstractProvisionedLDAP(false, tkhCast)
+		diags.Append(d...)
+		obj["abstract_provisioned_ldap"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedADable)
+		val, d := tkhToTFObjectRSProvisioningProvisionedAD(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_a_d"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedAzureOIDCDirectoryable)
+		val, d := tkhToTFObjectRSProvisioningProvisionedAzureOIDCDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_azure_oidc_directory"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedAzureSyncLDAPDirectoryable)
+		val, d := tkhToTFObjectRSProvisioningProvisionedAzureSyncLDAPDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_azure_sync_ldap_directory"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedAzureTenantable)
+		val, d := tkhToTFObjectRSProvisioningProvisionedAzureTenant(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_azure_tenant"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedInternalLDAPable)
+		val, d := tkhToTFObjectRSProvisioningProvisionedInternalLDAP(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_internal_ldap"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedLDAPable)
+		val, d := tkhToTFObjectRSProvisioningProvisionedLDAP(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_ldap"] = val
+	}
+	{
+		tkhCast, _ := tkh.(keyhubmodel.ProvisioningProvisionedLDAPDirectoryable)
+		val, d := tkhToTFObjectRSProvisioningProvisionedLDAPDirectory(false, tkhCast)
+		diags.Append(d...)
+		obj["provisioned_ldap_directory"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedSystemLinkableWrapper(recurse bool, tkh keyhubmodel.ProvisioningProvisionedSystemLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedSystemLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedSystemLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ProvisioningProvisionedSystemable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSProvisioningProvisionedSystem(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedSystemPrimer(recurse bool, tkh keyhubmodel.ProvisioningProvisionedSystemPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedSystemPrimerAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedSystemPrimerAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["organizational_unit_uuid"] = withUuidToTF(tkh.GetOrganizationalUnit())
+	obj["type"] = stringerToTF(tkh.GetProvisioningProvisionedSystemPrimerType())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedSystemPrimerLinkableWrapper(recurse bool, tkh keyhubmodel.ProvisioningProvisionedSystemPrimerLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedSystemPrimerLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedSystemPrimerLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ProvisioningProvisionedSystemPrimerable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSProvisioningProvisionedSystemPrimer(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisionedSystem_additionalObjects(recurse bool, tkh keyhubmodel.ProvisioningProvisionedSystem_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisionedSystem_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisionedSystem_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSProvisioningProvisionedAccount(recurse, tkh.GetAccount())
+		diags.Append(d...)
+		obj["account"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSClientOAuth2ClientPermissionWithClientLinkableWrapper(recurse, tkh.GetIssuedPermissions())
+		diags.Append(d...)
+		obj["issued_permissions"] = getItemsAttr(val, attrs["issued_permissions"])
+	}
+	obj["login_name"] = types.StringPointerValue(tkh.GetLoginName())
+	{
+		val, d := tkhToTFObjectRSProvisioningProvisioningManagementPermissions(recurse, tkh.GetManagementPermissions())
+		diags.Append(d...)
+		obj["management_permissions"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSMarkItemMarkers(recurse, tkh.GetMarkers())
+		diags.Append(d...)
+		obj["markers"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSProvisioningCircuitBreakerStatistics(recurse, tkh.GetStatistics())
+		diags.Append(d...)
+		obj["statistics"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSProvisioningGroupOnSystemTypes(recurse, tkh.GetSupportedGroupTypes())
+		diags.Append(d...)
+		obj["supported_group_types"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSProvisioningProvisioningManagementPermissions(recurse bool, tkh keyhubmodel.ProvisioningProvisioningManagementPermissionsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = provisioningProvisioningManagementPermissionsAttrTypesRSRecurse
+	} else {
+		attrs = provisioningProvisioningManagementPermissionsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["create_new_groups_allowed"] = types.BoolPointerValue(tkh.GetCreateNewGroupsAllowed())
+	obj["create_service_accounts_allowed"] = types.BoolPointerValue(tkh.GetCreateServiceAccountsAllowed())
+	obj["reuse_existing_groups_allowed"] = types.BoolPointerValue(tkh.GetReuseExistingGroupsAllowed())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSServiceaccountServiceAccount(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountAttrTypesRSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSServiceaccountServiceAccount_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["system_uuid"] = withUuidToTF(tkh.GetSystem())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["description"] = types.StringPointerValue(tkh.GetDescription())
+	obj["password_uuid"] = withUuidToTF(tkh.GetPassword())
+	obj["password_rotation"] = stringerToTF(tkh.GetPasswordRotation())
+	obj["technical_administrator_uuid"] = withUuidToTF(tkh.GetTechnicalAdministrator())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSServiceaccountServiceAccountGroup(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountGroupable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountGroupAttrTypesRSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountGroupAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSServiceaccountServiceAccountGroup_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["display_name"] = types.StringPointerValue(tkh.GetDisplayName())
+	obj["name_in_system"] = types.StringPointerValue(tkh.GetNameInSystem())
+	obj["type"] = stringerToTF(tkh.GetProvisioningGroupOnSystemPrimerType())
+	obj["short_name_in_system"] = types.StringPointerValue(tkh.GetShortNameInSystem())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSServiceaccountServiceAccountGroupLinkableWrapper(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountGroupLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountGroupLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountGroupLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ServiceaccountServiceAccountGroupable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSServiceaccountServiceAccountGroup(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSServiceaccountServiceAccountGroup_additionalObjects(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountGroup_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountGroup_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountGroup_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSServiceaccountServiceAccountLinkableWrapper(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ServiceaccountServiceAccountable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSServiceaccountServiceAccount(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSServiceaccountServiceAccountPrimer(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountPrimerAttrTypesRSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountPrimerAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["system_uuid"] = withUuidToTF(tkh.GetSystem())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSServiceaccountServiceAccountPrimerLinkableWrapper(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccountPrimerLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccountPrimerLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = serviceaccountServiceAccountPrimerLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.ServiceaccountServiceAccountPrimerable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSServiceaccountServiceAccountPrimer(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSServiceaccountServiceAccount_additionalObjects(recurse bool, tkh keyhubmodel.ServiceaccountServiceAccount_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = serviceaccountServiceAccount_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = serviceaccountServiceAccount_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSServiceaccountServiceAccountGroupLinkableWrapper(recurse, tkh.GetGroups())
+		diags.Append(d...)
+		obj["groups"] = getItemsAttr(val, attrs["groups"])
+	}
+	{
+		val, d := tkhToTFObjectRSGeneratedSecret(recurse, tkh.GetSecret())
+		diags.Append(d...)
+		obj["secret"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSVaultPasswordMetadata(recurse bool, tkh keyhubmodel.VaultPasswordMetadataable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultPasswordMetadataAttrTypesRSRecurse
+	} else {
+		attrs = vaultPasswordMetadataAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["dictionary"] = types.BoolPointerValue(tkh.GetDictionary())
+	obj["duplicate"] = types.BoolPointerValue(tkh.GetDuplicate())
+	obj["hash"] = types.StringPointerValue(tkh.GetHash())
+	obj["length"] = types.Int64PointerValue(int32PToInt64P(tkh.GetLength()))
+	obj["lower_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetLowerCount()))
+	obj["number_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetNumberCount()))
+	obj["special_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetSpecialCount()))
+	obj["strength"] = types.Int64PointerValue(int32PToInt64P(tkh.GetStrength()))
+	obj["upper_count"] = types.Int64PointerValue(int32PToInt64P(tkh.GetUpperCount()))
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSVaultVault(recurse bool, tkh keyhubmodel.VaultVaultable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultAttrTypesRSRecurse
+	} else {
+		attrs = vaultVaultAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["access_available"] = types.BoolPointerValue(tkh.GetAccessAvailable())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	{
+		elemType := attrs["records"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetRecords(), func(tkh keyhubmodel.VaultVaultRecordable, diags *diag.Diagnostics) attr.Value {
+			return withUuidToTF(tkh)
+		})
+		diags.Append(d...)
+		obj["records"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSVaultVaultHolder(recurse bool, tkh keyhubmodel.VaultVaultHolderable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultHolderAttrTypesRSRecurse
+	} else {
+		attrs = vaultVaultHolderAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSVaultVaultRecord(recurse bool, tkh keyhubmodel.VaultVaultRecordable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecordAttrTypesRSRecurse
+	} else {
+		attrs = vaultVaultRecordAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSVaultVaultRecord_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["color"] = stringerToTF(tkh.GetColor())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["share_end_time"] = timePointerToTF(tkh.GetShareEndTime())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["derived"] = types.BoolPointerValue(tkh.GetDerived())
+	obj["end_date"] = stringerToTF(tkh.GetEndDate())
+	obj["filename"] = types.StringPointerValue(tkh.GetFilename())
+	{
+		elemType := attrs["types"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetTypes(), func(tkh keyhubmodel.VaultVaultSecretType, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["types"] = val
+	}
+	obj["url"] = types.StringPointerValue(tkh.GetUrl())
+	obj["username"] = types.StringPointerValue(tkh.GetUsername())
+	obj["warning_period"] = stringerToTF(tkh.GetWarningPeriod())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSVaultVaultRecordPrimer(recurse bool, tkh keyhubmodel.VaultVaultRecordPrimerable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecordPrimerAttrTypesRSRecurse
+	} else {
+		attrs = vaultVaultRecordPrimerAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["color"] = stringerToTF(tkh.GetColor())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["share_end_time"] = timePointerToTF(tkh.GetShareEndTime())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSVaultVaultRecordPrimerLinkableWrapper(recurse bool, tkh keyhubmodel.VaultVaultRecordPrimerLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecordPrimerLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = vaultVaultRecordPrimerLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.VaultVaultRecordPrimerable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSVaultVaultRecordPrimer(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSVaultVaultRecordSecrets(recurse bool, tkh keyhubmodel.VaultVaultRecordSecretsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecordSecretsAttrTypesRSRecurse
+	} else {
+		attrs = vaultVaultRecordSecretsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["comment"] = types.StringPointerValue(tkh.GetComment())
+	obj["file"] = types.StringPointerValue(tkh.GetFile())
+	obj["password"] = types.StringPointerValue(tkh.GetPassword())
+	obj["totp"] = types.StringPointerValue(tkh.GetTotp())
+	obj["write_totp"] = types.BoolPointerValue(tkh.GetWriteTotp())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSVaultVaultRecordShare(recurse bool, tkh keyhubmodel.VaultVaultRecordShareable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecordShareAttrTypesRSRecurse
+	} else {
+		attrs = vaultVaultRecordShareAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["type"] = stringerToTF(tkh.GetVaultVaultRecordShareType())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSVaultVaultRecordShareSummary(recurse bool, tkh keyhubmodel.VaultVaultRecordShareSummaryable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecordShareSummaryAttrTypesRSRecurse
+	} else {
+		attrs = vaultVaultRecordShareSummaryAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["children"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetChildren(), func(tkh keyhubmodel.VaultVaultRecordShareable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSVaultVaultRecordShare(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["children"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSVaultVaultRecordShare(recurse, tkh.GetParent())
+		diags.Append(d...)
+		obj["parent"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSVaultVaultRecord_additionalObjects(recurse bool, tkh keyhubmodel.VaultVaultRecord_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = vaultVaultRecord_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = vaultVaultRecord_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+	obj["delete_tile"] = types.BoolPointerValue(tkh.GetDeleteTile())
+	obj["parent_uuid"] = withUuidToTF(tkh.GetParent())
+	{
+		val, d := tkhToTFObjectRSVaultPasswordMetadata(recurse, tkh.GetPasswordMetadata())
+		diags.Append(d...)
+		obj["password_metadata"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSVaultVaultRecordSecrets(recurse, tkh.GetSecret())
+		diags.Append(d...)
+		obj["secret"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSVaultVaultRecordShareSummary(recurse, tkh.GetShareSummary())
+		diags.Append(d...)
+		obj["share_summary"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSVaultVaultRecordPrimerLinkableWrapper(recurse, tkh.GetShares())
+		diags.Append(d...)
+		obj["shares"] = getItemsAttr(val, attrs["shares"])
+	}
+	{
+		val, d := tkhToTFObjectRSLaunchpadVaultRecordLaunchpadTile(recurse, tkh.GetTile())
+		diags.Append(d...)
+		obj["tile"] = val
+	}
+	{
+		val, d := tkhToTFObjectRSVaultVaultHolder(recurse, tkh.GetVaultholder())
+		diags.Append(d...)
+		obj["vaultholder"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSWebhookWebhook(recurse bool, tkh keyhubmodel.WebhookWebhookable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = webhookWebhookAttrTypesRSRecurse
+	} else {
+		attrs = webhookWebhookAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	if recurse {
+		{
+			val, d := tkhToTFObjectRSWebhookWebhook_additionalObjects(false, tkh.GetAdditionalObjects())
+			diags.Append(d...)
+			maps.Copy(obj, val.Attributes())
+		}
+	}
+	{
+		elemType := attrs["links"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetLinks(), func(tkh keyhubmodel.RestLinkable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSRestLink(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["links"] = val
+	}
+	{
+		elemType := attrs["permissions"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetPermissions(), func(tkh keyhubmodel.AuthPermissionable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSAuthPermission(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["permissions"] = val
+	}
+	obj["account_uuid"] = withUuidToTF(tkh.GetAccount())
+	obj["active"] = types.BoolPointerValue(tkh.GetActive())
+	obj["all_types"] = types.BoolPointerValue(tkh.GetAllTypes())
+	obj["authentication_scheme"] = stringerToTF(tkh.GetAuthenticationScheme())
+	obj["basic_auth_password"] = types.StringPointerValue(tkh.GetBasicAuthPassword())
+	obj["basic_auth_username"] = types.StringPointerValue(tkh.GetBasicAuthUsername())
+	obj["bearer_token"] = types.StringPointerValue(tkh.GetBearerToken())
+	obj["client_uuid"] = withUuidToTF(tkh.GetClient())
+	obj["client_certificate_uuid"] = withUuidToTF(tkh.GetClientCertificate())
+	obj["custom_header_name"] = types.StringPointerValue(tkh.GetCustomHeaderName())
+	obj["custom_header_value"] = types.StringPointerValue(tkh.GetCustomHeaderValue())
+	obj["directory_uuid"] = withUuidToTF(tkh.GetDirectory())
+	obj["group_uuid"] = withUuidToTF(tkh.GetGroup())
+	obj["name"] = types.StringPointerValue(tkh.GetName())
+	obj["system_uuid"] = withUuidToTF(tkh.GetSystem())
+	obj["tls"] = stringerToTF(tkh.GetTls())
+	obj["trusted_certificate_uuid"] = withUuidToTF(tkh.GetTrustedCertificate())
+	{
+		elemType := attrs["types"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetTypes(), func(tkh keyhubmodel.AuditAuditRecordType, diags *diag.Diagnostics) attr.Value {
+			return types.StringValue(tkh.String())
+		})
+		diags.Append(d...)
+		obj["types"] = val
+	}
+	obj["url"] = types.StringPointerValue(tkh.GetUrl())
+	obj["uuid"] = types.StringPointerValue(tkh.GetUuid())
+	obj["verbose_payloads"] = types.BoolPointerValue(tkh.GetVerbosePayloads())
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSWebhookWebhookLinkableWrapper(recurse bool, tkh keyhubmodel.WebhookWebhookLinkableWrapperable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = webhookWebhookLinkableWrapperAttrTypesRSRecurse
+	} else {
+		attrs = webhookWebhookLinkableWrapperAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		elemType := attrs["items"].(types.ListType).ElemType
+		val, d := sliceToTF(elemType, tkh.GetItems(), func(tkh keyhubmodel.WebhookWebhookable, diags *diag.Diagnostics) attr.Value {
+			val, d := tkhToTFObjectRSWebhookWebhook(recurse, tkh)
+			diags.Append(d...)
+			return val
+		})
+		diags.Append(d...)
+		obj["items"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
+
+func tkhToTFObjectRSWebhookWebhook_additionalObjects(recurse bool, tkh keyhubmodel.WebhookWebhook_additionalObjectsable) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	var attrs map[string]attr.Type
+	if recurse {
+		attrs = webhookWebhook_additionalObjectsAttrTypesRSRecurse
+	} else {
+		attrs = webhookWebhook_additionalObjectsAttrTypesRS
+	}
+	if tkh == nil {
+		return types.ObjectNull(attrs), diags
+	}
+
+	obj := make(map[string]attr.Value)
+	{
+		val, d := tkhToTFObjectRSAuditInfo(recurse, tkh.GetAudit())
+		diags.Append(d...)
+		obj["audit"] = val
+	}
+
+	objVal, d := types.ObjectValue(attrs, obj)
+	diags.Append(d...)
+	return objVal, diags
+}
diff --git a/internal/provider/group_data_source.go b/internal/provider/group_data_source.go
deleted file mode 100644
index 0696ed2..0000000
--- a/internal/provider/group_data_source.go
+++ /dev/null
@@ -1,213 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package provider
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/hashicorp/terraform-plugin-framework/datasource"
-	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
-	"github.com/hashicorp/terraform-plugin-framework/types"
-	keyhub "github.com/topicuskeyhub/sdk-go"
-	keyhubgroup "github.com/topicuskeyhub/sdk-go/group"
-	keyhubmodel "github.com/topicuskeyhub/sdk-go/models"
-)
-
-// Ensure provider defined types fully satisfy framework interfaces.
-var (
-	_ datasource.DataSource              = &groupDataSource{}
-	_ datasource.DataSourceWithConfigure = &groupDataSource{}
-)
-
-func NewGroupDataSource() datasource.DataSource {
-	return &groupDataSource{}
-}
-
-// groupDataSource defines the data source implementation.
-type groupDataSource struct {
-	client *keyhub.KeyHubClient
-}
-
-// GroupDataSourceModel describes the data source data model.
-type GroupDataSourceModel struct {
-	ID                        types.Int64  `tfsdk:"id"`
-	UUID                      types.String `tfsdk:"uuid"`
-	Name                      types.String `tfsdk:"name"`
-	Description               types.String `tfsdk:"description"`
-	ExtendedAccess            types.String `tfsdk:"extended_access"`
-	VaultRecovery             types.String `tfsdk:"vault_recovery"`
-	AuditMonths               types.List   `tfsdk:"audit_months"`
-	RotatingPasswordRequired  types.Bool   `tfsdk:"rotating_password_required"`
-	RecordTrail               types.Bool   `tfsdk:"record_trail"`
-	PrivateGroup              types.Bool   `tfsdk:"private_group"`
-	HideAuditTrail            types.Bool   `tfsdk:"hide_audit_trail"`
-	ApplicationAdministration types.Bool   `tfsdk:"application_administration"`
-	Auditor                   types.Bool   `tfsdk:"auditor"`
-	SingleManaged             types.Bool   `tfsdk:"single_managed"`
-	ProvisioningAuthGroupUUID types.String `tfsdk:"provisioning_auth_groupuuid"`
-	MembershipAuthGroupUUID   types.String `tfsdk:"membership_auth_groupuuid"`
-	AuditingAuthGroupUUID     types.String `tfsdk:"auditing_auth_groupuuid"`
-	NestedUnderGroupUUID      types.String `tfsdk:"nested_under_groupuuid"`
-}
-
-func (d *groupDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
-	resp.TypeName = req.ProviderTypeName + "_group"
-}
-
-func (d *groupDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
-	resp.Schema = schema.Schema{
-		// This description is used by the documentation generator and the language server.
-		MarkdownDescription: "Group data source",
-
-		Attributes: map[string]schema.Attribute{
-			"id": schema.Int64Attribute{
-				Computed: true,
-			},
-			"uuid": schema.StringAttribute{
-				Required: true,
-			},
-			"name": schema.StringAttribute{
-				Computed: true,
-			},
-			"description": schema.StringAttribute{
-				Computed: true,
-			},
-			"extended_access": schema.StringAttribute{
-				Computed: true,
-			},
-			"vault_recovery": schema.StringAttribute{
-				Computed: true,
-			},
-			"audit_months": schema.ListAttribute{
-				ElementType: types.StringType,
-				Computed:    true,
-			},
-			"rotating_password_required": schema.BoolAttribute{
-				Computed: true,
-			},
-			"record_trail": schema.BoolAttribute{
-				Computed: true,
-			},
-			"private_group": schema.BoolAttribute{
-				Computed: true,
-			},
-			"hide_audit_trail": schema.BoolAttribute{
-				Computed: true,
-			},
-			"application_administration": schema.BoolAttribute{
-				Computed: true,
-			},
-			"auditor": schema.BoolAttribute{
-				Computed: true,
-			},
-			"single_managed": schema.BoolAttribute{
-				Computed: true,
-			},
-			"provisioning_auth_groupuuid": schema.StringAttribute{
-				Computed: true,
-			},
-			"membership_auth_groupuuid": schema.StringAttribute{
-				Computed: true,
-			},
-			"auditing_auth_groupuuid": schema.StringAttribute{
-				Computed: true,
-			},
-			"nested_under_groupuuid": schema.StringAttribute{
-				Computed: true,
-			},
-		},
-	}
-}
-
-func (d *groupDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
-	// Prevent panic if the provider has not been configured.
-	if req.ProviderData == nil {
-		return
-	}
-
-	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
-
-	if !ok {
-		resp.Diagnostics.AddError(
-			"Unexpected Data Source Configure Type",
-			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
-		)
-
-		return
-	}
-
-	d.client = client
-}
-
-func (d *groupDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
-	var data GroupDataSourceModel
-
-	// Read Terraform configuration data into the model
-	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
-
-	if resp.Diagnostics.HasError() {
-		return
-	}
-
-	groups, err := d.client.Group().Get(ctx, &keyhubgroup.GroupRequestBuilderGetRequestConfiguration{
-		QueryParameters: &keyhubgroup.GroupRequestBuilderGetQueryParameters{
-			Uuid: []string{data.UUID.ValueString()},
-		},
-	})
-	if err != nil {
-		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to read group, got error: %s", err))
-		return
-	}
-	if len(groups.GetItems()) == 0 {
-		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to find group with UUID %s", data.UUID.ValueString()))
-		return
-	}
-	group := groups.GetItems()[0]
-
-	data.ID = types.Int64PointerValue(group.GetLinks()[0].GetId())
-	data.UUID = types.StringPointerValue(group.GetUuid())
-	data.Name = types.StringPointerValue(group.GetName())
-	data.Description = types.StringPointerValue(group.GetDescription())
-	data.ExtendedAccess = types.StringValue(group.GetExtendedAccess().String())
-	data.AuditMonths, _ = types.ListValueFrom(ctx, types.StringType, toMonthsString(group.GetAuditConfig().GetMonths()))
-	data.RotatingPasswordRequired = types.BoolPointerValue(group.GetRotatingPasswordRequired())
-	data.RecordTrail = types.BoolPointerValue(group.GetRecordTrail())
-	data.PrivateGroup = types.BoolPointerValue(group.GetPrivateGroup())
-	data.HideAuditTrail = types.BoolPointerValue(group.GetHideAuditTrail())
-	data.ApplicationAdministration = types.BoolPointerValue(group.GetApplicationAdministration())
-	data.Auditor = types.BoolPointerValue(group.GetAuditor())
-	data.SingleManaged = types.BoolPointerValue(group.GetSingleManaged())
-	if group.GetAuthorizingGroupProvisioning() == nil {
-		data.ProvisioningAuthGroupUUID = types.StringNull()
-	} else {
-		data.ProvisioningAuthGroupUUID = types.StringPointerValue(group.GetAuthorizingGroupProvisioning().GetUuid())
-	}
-	if group.GetAuthorizingGroupMembership() == nil {
-		data.MembershipAuthGroupUUID = types.StringNull()
-	} else {
-		data.MembershipAuthGroupUUID = types.StringPointerValue(group.GetAuthorizingGroupMembership().GetUuid())
-	}
-	if group.GetAuthorizingGroupAuditing() == nil {
-		data.AuditingAuthGroupUUID = types.StringNull()
-	} else {
-		data.AuditingAuthGroupUUID = types.StringPointerValue(group.GetAuthorizingGroupAuditing().GetUuid())
-	}
-	if group.GetNestedUnder() == nil {
-		data.NestedUnderGroupUUID = types.StringNull()
-	} else {
-		data.NestedUnderGroupUUID = types.StringPointerValue(group.GetNestedUnder().GetUuid())
-	}
-
-	// Save data into Terraform state
-	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
-}
-
-func toMonthsString(months []keyhubmodel.Month) []string {
-	ret := make([]string, len(months))
-	for _, month := range months {
-		ret = append(ret, month.String())
-	}
-	return ret
-}
diff --git a/internal/provider/group_data_source_test.go b/internal/provider/group_data_source_test.go
deleted file mode 100644
index 5185574..0000000
--- a/internal/provider/group_data_source_test.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package provider
-
-import (
-	"testing"
-
-	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
-)
-
-func TestAccExampleDataSource(t *testing.T) {
-	resource.Test(t, resource.TestCase{
-		PreCheck:                 func() { testAccPreCheck(t) },
-		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
-		Steps: []resource.TestStep{
-			// Read testing
-			{
-				Config: testAccGroupDataSourceConfig,
-				Check: resource.ComposeAggregateTestCheckFunc(
-					resource.TestCheckResourceAttr("data.keyhub_group.test", "id", "example-id"),
-				),
-			},
-		},
-	})
-}
-
-const testAccGroupDataSourceConfig = `
-data "keyhub_group" "test" {
-  uuid = "c20a6ed4-1ae5-4a9f-91b5-2f56f5a1522f"
-}
-`
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
index c0f167c..383e9b0 100644
--- a/internal/provider/provider.go
+++ b/internal/provider/provider.go
@@ -14,6 +14,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/provider/schema"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
 	keyhub "github.com/topicuskeyhub/sdk-go"
 )
 
@@ -28,6 +29,8 @@ type KeyHubProvider struct {
 	version string
 }
 
+const ProviderName = "keyhubpreview"
+
 // KeyHubProviderModel describes the provider data model.
 type KeyHubProviderModel struct {
 	Issuer       types.String `tfsdk:"issuer"`
@@ -36,8 +39,9 @@ type KeyHubProviderModel struct {
 }
 
 func (p *KeyHubProvider) Metadata(ctx context.Context, req provider.MetadataRequest, resp *provider.MetadataResponse) {
-	resp.TypeName = "keyhub"
+	resp.TypeName = ProviderName
 	resp.Version = p.version
+	tflog.Info(ctx, "Provider name set to "+resp.TypeName)
 }
 
 func (p *KeyHubProvider) Schema(ctx context.Context, req provider.SchemaRequest, resp *provider.SchemaResponse) {
@@ -142,8 +146,13 @@ func (p *KeyHubProvider) Configure(ctx context.Context, req provider.ConfigureRe
 	if resp.Diagnostics.HasError() {
 		return
 	}
+	ctx = tflog.SetField(ctx, "keyhub_issuer", issuer)
+	ctx = tflog.SetField(ctx, "keyhub_clientid", clientid)
+	ctx = tflog.SetField(ctx, "keyhub_clientsecret", clientsecret)
+	ctx = tflog.MaskFieldValuesWithFieldKeys(ctx, "keyhub_clientsecret")
 
-	adapter, err := keyhub.NewKeyHubRequestAdapter(http.DefaultClient, issuer, clientid, clientsecret)
+	tflog.Info(ctx, "Connecting to Topicus KeyHub")
+	adapter, err := keyhub.NewKeyHubRequestAdapter(&http.Client{}, issuer, clientid, clientsecret)
 	if err != nil {
 		resp.Diagnostics.AddError(
 			"Unable to create Topicus KeyHub API client",
@@ -157,17 +166,34 @@ func (p *KeyHubProvider) Configure(ctx context.Context, req provider.ConfigureRe
 	client := keyhub.NewKeyHubClient(adapter)
 	resp.DataSourceData = client
 	resp.ResourceData = client
+
+	tflog.Info(ctx, "Connected to Topicus KeyHub", map[string]any{"success": true})
 }
 
 func (p *KeyHubProvider) Resources(ctx context.Context) []func() resource.Resource {
 	return []func() resource.Resource{
-		NewExampleResource,
+		NewClientapplicationResource,
+		NewClientVaultrecordResource,
+		NewGroupVaultrecordResource,
+		NewGroupResource,
+		NewGrouponsystemResource,
+		NewServiceaccountResource,
 	}
 }
 
 func (p *KeyHubProvider) DataSources(ctx context.Context) []func() datasource.DataSource {
 	return []func() datasource.DataSource{
+		NewAccountDataSource,
+		NewCertificateDataSource,
+		NewClientDataSource,
+		NewDirectoryDataSource,
 		NewGroupDataSource,
+		NewGroupclassificationDataSource,
+		NewOrganizationalunitDataSource,
+		NewServiceaccountDataSource,
+		NewSystemDataSource,
+		NewVaultrecordDataSource,
+		NewWebhookDataSource,
 	}
 }
 
diff --git a/internal/provider/provider_test.go b/internal/provider/provider_test.go
deleted file mode 100644
index ef6599b..0000000
--- a/internal/provider/provider_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package provider
-
-import (
-	"testing"
-
-	"github.com/hashicorp/terraform-plugin-framework/providerserver"
-	"github.com/hashicorp/terraform-plugin-go/tfprotov6"
-)
-
-// testAccProtoV6ProviderFactories are used to instantiate a provider during
-// acceptance testing. The factory function will be invoked for every Terraform
-// CLI command executed to create a provider server to which the CLI can
-// reattach.
-var testAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){
-	"scaffolding": providerserver.NewProtocol6WithError(New("test")()),
-}
-
-func testAccPreCheck(t *testing.T) {
-	// You can add code here to run prior to any test case execution, for example assertions
-	// about the appropriate environment variables being set are common to see in a pre-check
-	// function.
-}
diff --git a/internal/provider/resource-client_vaultrecord.go b/internal/provider/resource-client_vaultrecord.go
new file mode 100644
index 0000000..f7d5d21
--- /dev/null
+++ b/internal/provider/resource-client_vaultrecord.go
@@ -0,0 +1,225 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/client"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ resource.Resource                = &clientVaultrecordResource{}
+	_ resource.ResourceWithImportState = &clientVaultrecordResource{}
+	_ resource.ResourceWithConfigure   = &clientVaultrecordResource{}
+)
+
+func NewClientVaultrecordResource() resource.Resource {
+	return &clientVaultrecordResource{}
+}
+
+type clientVaultrecordResource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (r *clientVaultrecordResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_client_vaultrecord"
+	tflog.Info(ctx, "Registred resource "+resp.TypeName)
+}
+
+func (r *clientVaultrecordResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: resourceSchemaAttrsClientApplicationVaultVaultRecord(true),
+	}
+}
+
+func (r *clientVaultrecordResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	r.client = client
+}
+
+func (r *clientVaultrecordResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var data clientApplicationVaultVaultRecordDataRS
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	obj, diags := types.ObjectValueFrom(ctx, clientApplicationVaultVaultRecordAttrTypesRSRecurse, data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	newTkh, diags := tfObjectToTKHRSClientApplicationVaultVaultRecord(ctx, true, obj)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Info(ctx, "Creating Topicus KeyHub client_vaultrecord")
+	newWrapper := keyhubmodels.NewVaultVaultRecordLinkableWrapper()
+	newWrapper.SetItems([]keyhubmodels.VaultVaultRecordable{newTkh})
+	tkhParent, diags := findClientClientApplicationPrimerByUUID(ctx, data.ClientApplicationUUID.ValueStringPointer())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	wrapper, err := r.client.Client().ByClientidInt64(*tkhParent.GetLinks()[0].GetId()).Vault().Record().Post(
+		ctx, newWrapper, &keyhubreq.ItemVaultRecordRequestBuilderPostRequestConfiguration{
+			QueryParameters: &keyhubreq.ItemVaultRecordRequestBuilderPostQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+	tkh, diags := findFirst[keyhubmodels.VaultVaultRecordable](ctx, wrapper, "client_vaultrecord", nil, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSClientApplicationVaultVaultRecord(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tf = setAttributeValue(ctx, tf, "client_application_uuid", types.StringValue(data.ClientApplicationUUID.ValueString()))
+	fillDataStructFromTFObjectRSClientApplicationVaultVaultRecord(&data, tf)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+
+	tflog.Info(ctx, "Created a new Topicus KeyHub client_vaultrecord")
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *clientVaultrecordResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var data clientApplicationVaultVaultRecordDataRS
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	tflog.Info(ctx, "Reading client_vaultrecord from Topicus KeyHub")
+	tkhParent, diags := findClientClientApplicationPrimerByUUID(ctx, data.ClientApplicationUUID.ValueStringPointer())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tkh, err := r.client.Client().ByClientidInt64(*tkhParent.GetLinks()[0].GetId()).Vault().Record().ByRecordidInt64(getSelfLink(data.Links).ID.ValueInt64()).Get(
+		ctx, &keyhubreq.ItemVaultRecordWithRecordItemRequestBuilderGetRequestConfiguration{
+			QueryParameters: &keyhubreq.ItemVaultRecordWithRecordItemRequestBuilderGetQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+
+	if !isHttpStatusCodeOk(ctx, -1, err, &resp.Diagnostics) {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSClientApplicationVaultVaultRecord(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tf = setAttributeValue(ctx, tf, "client_application_uuid", types.StringValue(data.ClientApplicationUUID.ValueString()))
+	fillDataStructFromTFObjectRSClientApplicationVaultVaultRecord(&data, tf)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *clientVaultrecordResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	var data clientApplicationVaultVaultRecordDataRS
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	obj, diags := types.ObjectValueFrom(ctx, clientApplicationVaultVaultRecordAttrTypesRSRecurse, data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	newTkh, diags := tfObjectToTKHRSClientApplicationVaultVaultRecord(ctx, true, obj)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Info(ctx, "Updating Topicus KeyHub client_vaultrecord")
+	tkhParent, diags := findClientClientApplicationPrimerByUUID(ctx, data.ClientApplicationUUID.ValueStringPointer())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tkh, err := r.client.Client().ByClientidInt64(*tkhParent.GetLinks()[0].GetId()).Vault().Record().ByRecordidInt64(getSelfLink(data.Links).ID.ValueInt64()).Put(
+		ctx, newTkh, &keyhubreq.ItemVaultRecordWithRecordItemRequestBuilderPutRequestConfiguration{
+			QueryParameters: &keyhubreq.ItemVaultRecordWithRecordItemRequestBuilderPutQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+
+	if !isHttpStatusCodeOk(ctx, -1, err, &resp.Diagnostics) {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSClientApplicationVaultVaultRecord(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tf = setAttributeValue(ctx, tf, "client_application_uuid", types.StringValue(data.ClientApplicationUUID.ValueString()))
+	fillDataStructFromTFObjectRSClientApplicationVaultVaultRecord(&data, tf)
+
+	tflog.Info(ctx, "Updated a Topicus KeyHub client_vaultrecord")
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *clientVaultrecordResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	var data clientApplicationVaultVaultRecordDataRS
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	tflog.Info(ctx, "Deleting client_vaultrecord from Topicus KeyHub")
+	err := r.client.Client().ByClientidInt64(-1).Vault().Record().ByRecordidInt64(-1).WithUrl(getSelfLink(data.Links).Href.ValueString()).Delete(ctx, nil)
+	if !isHttpStatusCodeOk(ctx, 404, err, &resp.Diagnostics) {
+		return
+	}
+	tflog.Info(ctx, "Deleted client_vaultrecord from Topicus KeyHub")
+}
+
+func (r *clientVaultrecordResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+	resource.ImportStatePassthroughID(ctx, path.Root("uuid"), req, resp)
+}
diff --git a/internal/provider/resource-clientapplication.go b/internal/provider/resource-clientapplication.go
new file mode 100644
index 0000000..b259462
--- /dev/null
+++ b/internal/provider/resource-clientapplication.go
@@ -0,0 +1,153 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/client"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ resource.Resource                = &clientapplicationResource{}
+	_ resource.ResourceWithImportState = &clientapplicationResource{}
+	_ resource.ResourceWithConfigure   = &clientapplicationResource{}
+)
+
+func NewClientapplicationResource() resource.Resource {
+	return &clientapplicationResource{}
+}
+
+type clientapplicationResource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (r *clientapplicationResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_clientapplication"
+	tflog.Info(ctx, "Registred resource "+resp.TypeName)
+}
+
+func (r *clientapplicationResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: resourceSchemaAttrsClientClientApplication(true),
+	}
+}
+
+func (r *clientapplicationResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	r.client = client
+}
+
+func (r *clientapplicationResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var data clientClientApplicationDataRS
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	obj, diags := types.ObjectValueFrom(ctx, clientClientApplicationAttrTypesRSRecurse, data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	newTkh, diags := tfObjectToTKHRSClientClientApplication(ctx, true, obj)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Info(ctx, "Creating Topicus KeyHub clientapplication")
+	newWrapper := keyhubmodels.NewClientClientApplicationLinkableWrapper()
+	newWrapper.SetItems([]keyhubmodels.ClientClientApplicationable{newTkh})
+	wrapper, err := r.client.Client().Post(
+		ctx, newWrapper, &keyhubreq.ClientRequestBuilderPostRequestConfiguration{
+			QueryParameters: &keyhubreq.ClientRequestBuilderPostQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+	tkh, diags := findFirst[keyhubmodels.ClientClientApplicationable](ctx, wrapper, "clientapplication", nil, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSClientClientApplication(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	fillDataStructFromTFObjectRSClientClientApplication(&data, tf)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+
+	tflog.Info(ctx, "Created a new Topicus KeyHub clientapplication")
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *clientapplicationResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var data clientClientApplicationDataRS
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	tflog.Info(ctx, "Reading clientapplication from Topicus KeyHub")
+	tkh, err := r.client.Client().ByClientidInt64(getSelfLink(data.Links).ID.ValueInt64()).Get(
+		ctx, &keyhubreq.WithClientItemRequestBuilderGetRequestConfiguration{
+			QueryParameters: &keyhubreq.WithClientItemRequestBuilderGetQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+
+	if !isHttpStatusCodeOk(ctx, -1, err, &resp.Diagnostics) {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSClientClientApplication(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	fillDataStructFromTFObjectRSClientClientApplication(&data, tf)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *clientapplicationResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	resp.Diagnostics.AddError("Cannot update a clientapplication", "Topicus KeyHub does not support updating a clientapplication via Terraform. The requested changes are not applied.")
+}
+
+func (r *clientapplicationResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	resp.Diagnostics.AddError("Cannot delete a clientapplication", "Topicus KeyHub does not support deleting a clientapplication via Terraform. The requested changes are not applied.")
+}
+
+func (r *clientapplicationResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+	resource.ImportStatePassthroughID(ctx, path.Root("uuid"), req, resp)
+}
diff --git a/internal/provider/resource-group.go b/internal/provider/resource-group.go
new file mode 100644
index 0000000..bc5d1b4
--- /dev/null
+++ b/internal/provider/resource-group.go
@@ -0,0 +1,153 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/group"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ resource.Resource                = &groupResource{}
+	_ resource.ResourceWithImportState = &groupResource{}
+	_ resource.ResourceWithConfigure   = &groupResource{}
+)
+
+func NewGroupResource() resource.Resource {
+	return &groupResource{}
+}
+
+type groupResource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (r *groupResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_group"
+	tflog.Info(ctx, "Registred resource "+resp.TypeName)
+}
+
+func (r *groupResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: resourceSchemaAttrsGroupGroup(true),
+	}
+}
+
+func (r *groupResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	r.client = client
+}
+
+func (r *groupResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var data groupGroupDataRS
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	obj, diags := types.ObjectValueFrom(ctx, groupGroupAttrTypesRSRecurse, data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	newTkh, diags := tfObjectToTKHRSGroupGroup(ctx, true, obj)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Info(ctx, "Creating Topicus KeyHub group")
+	newWrapper := keyhubmodels.NewGroupGroupLinkableWrapper()
+	newWrapper.SetItems([]keyhubmodels.GroupGroupable{newTkh})
+	wrapper, err := r.client.Group().Post(
+		ctx, newWrapper, &keyhubreq.GroupRequestBuilderPostRequestConfiguration{
+			QueryParameters: &keyhubreq.GroupRequestBuilderPostQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+	tkh, diags := findFirst[keyhubmodels.GroupGroupable](ctx, wrapper, "group", nil, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSGroupGroup(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	fillDataStructFromTFObjectRSGroupGroup(&data, tf)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+
+	tflog.Info(ctx, "Created a new Topicus KeyHub group")
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *groupResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var data groupGroupDataRS
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	tflog.Info(ctx, "Reading group from Topicus KeyHub")
+	tkh, err := r.client.Group().ByGroupidInt64(getSelfLink(data.Links).ID.ValueInt64()).Get(
+		ctx, &keyhubreq.WithGroupItemRequestBuilderGetRequestConfiguration{
+			QueryParameters: &keyhubreq.WithGroupItemRequestBuilderGetQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+
+	if !isHttpStatusCodeOk(ctx, -1, err, &resp.Diagnostics) {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSGroupGroup(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	fillDataStructFromTFObjectRSGroupGroup(&data, tf)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *groupResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	resp.Diagnostics.AddError("Cannot update a group", "Topicus KeyHub does not support updating a group via Terraform. The requested changes are not applied.")
+}
+
+func (r *groupResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	resp.Diagnostics.AddError("Cannot delete a group", "Topicus KeyHub does not support deleting a group via Terraform. The requested changes are not applied.")
+}
+
+func (r *groupResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+	resource.ImportStatePassthroughID(ctx, path.Root("uuid"), req, resp)
+}
diff --git a/internal/provider/resource-group_vaultrecord.go b/internal/provider/resource-group_vaultrecord.go
new file mode 100644
index 0000000..06dca83
--- /dev/null
+++ b/internal/provider/resource-group_vaultrecord.go
@@ -0,0 +1,225 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/group"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ resource.Resource                = &groupVaultrecordResource{}
+	_ resource.ResourceWithImportState = &groupVaultrecordResource{}
+	_ resource.ResourceWithConfigure   = &groupVaultrecordResource{}
+)
+
+func NewGroupVaultrecordResource() resource.Resource {
+	return &groupVaultrecordResource{}
+}
+
+type groupVaultrecordResource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (r *groupVaultrecordResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_group_vaultrecord"
+	tflog.Info(ctx, "Registred resource "+resp.TypeName)
+}
+
+func (r *groupVaultrecordResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: resourceSchemaAttrsGroupVaultVaultRecord(true),
+	}
+}
+
+func (r *groupVaultrecordResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	r.client = client
+}
+
+func (r *groupVaultrecordResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var data groupVaultVaultRecordDataRS
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	obj, diags := types.ObjectValueFrom(ctx, groupVaultVaultRecordAttrTypesRSRecurse, data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	newTkh, diags := tfObjectToTKHRSGroupVaultVaultRecord(ctx, true, obj)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Info(ctx, "Creating Topicus KeyHub group_vaultrecord")
+	newWrapper := keyhubmodels.NewVaultVaultRecordLinkableWrapper()
+	newWrapper.SetItems([]keyhubmodels.VaultVaultRecordable{newTkh})
+	tkhParent, diags := findGroupGroupPrimerByUUID(ctx, data.GroupUUID.ValueStringPointer())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	wrapper, err := r.client.Group().ByGroupidInt64(*tkhParent.GetLinks()[0].GetId()).Vault().Record().Post(
+		ctx, newWrapper, &keyhubreq.ItemVaultRecordRequestBuilderPostRequestConfiguration{
+			QueryParameters: &keyhubreq.ItemVaultRecordRequestBuilderPostQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+	tkh, diags := findFirst[keyhubmodels.VaultVaultRecordable](ctx, wrapper, "group_vaultrecord", nil, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSGroupVaultVaultRecord(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tf = setAttributeValue(ctx, tf, "group_uuid", types.StringValue(data.GroupUUID.ValueString()))
+	fillDataStructFromTFObjectRSGroupVaultVaultRecord(&data, tf)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+
+	tflog.Info(ctx, "Created a new Topicus KeyHub group_vaultrecord")
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *groupVaultrecordResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var data groupVaultVaultRecordDataRS
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	tflog.Info(ctx, "Reading group_vaultrecord from Topicus KeyHub")
+	tkhParent, diags := findGroupGroupPrimerByUUID(ctx, data.GroupUUID.ValueStringPointer())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tkh, err := r.client.Group().ByGroupidInt64(*tkhParent.GetLinks()[0].GetId()).Vault().Record().ByRecordidInt64(getSelfLink(data.Links).ID.ValueInt64()).Get(
+		ctx, &keyhubreq.ItemVaultRecordWithRecordItemRequestBuilderGetRequestConfiguration{
+			QueryParameters: &keyhubreq.ItemVaultRecordWithRecordItemRequestBuilderGetQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+
+	if !isHttpStatusCodeOk(ctx, -1, err, &resp.Diagnostics) {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSGroupVaultVaultRecord(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tf = setAttributeValue(ctx, tf, "group_uuid", types.StringValue(data.GroupUUID.ValueString()))
+	fillDataStructFromTFObjectRSGroupVaultVaultRecord(&data, tf)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *groupVaultrecordResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	var data groupVaultVaultRecordDataRS
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	obj, diags := types.ObjectValueFrom(ctx, groupVaultVaultRecordAttrTypesRSRecurse, data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	newTkh, diags := tfObjectToTKHRSGroupVaultVaultRecord(ctx, true, obj)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Info(ctx, "Updating Topicus KeyHub group_vaultrecord")
+	tkhParent, diags := findGroupGroupPrimerByUUID(ctx, data.GroupUUID.ValueStringPointer())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tkh, err := r.client.Group().ByGroupidInt64(*tkhParent.GetLinks()[0].GetId()).Vault().Record().ByRecordidInt64(getSelfLink(data.Links).ID.ValueInt64()).Put(
+		ctx, newTkh, &keyhubreq.ItemVaultRecordWithRecordItemRequestBuilderPutRequestConfiguration{
+			QueryParameters: &keyhubreq.ItemVaultRecordWithRecordItemRequestBuilderPutQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+
+	if !isHttpStatusCodeOk(ctx, -1, err, &resp.Diagnostics) {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSGroupVaultVaultRecord(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tf = setAttributeValue(ctx, tf, "group_uuid", types.StringValue(data.GroupUUID.ValueString()))
+	fillDataStructFromTFObjectRSGroupVaultVaultRecord(&data, tf)
+
+	tflog.Info(ctx, "Updated a Topicus KeyHub group_vaultrecord")
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *groupVaultrecordResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	var data groupVaultVaultRecordDataRS
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	tflog.Info(ctx, "Deleting group_vaultrecord from Topicus KeyHub")
+	err := r.client.Group().ByGroupidInt64(-1).Vault().Record().ByRecordidInt64(-1).WithUrl(getSelfLink(data.Links).Href.ValueString()).Delete(ctx, nil)
+	if !isHttpStatusCodeOk(ctx, 404, err, &resp.Diagnostics) {
+		return
+	}
+	tflog.Info(ctx, "Deleted group_vaultrecord from Topicus KeyHub")
+}
+
+func (r *groupVaultrecordResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+	resource.ImportStatePassthroughID(ctx, path.Root("uuid"), req, resp)
+}
diff --git a/internal/provider/resource-grouponsystem.go b/internal/provider/resource-grouponsystem.go
new file mode 100644
index 0000000..d19db29
--- /dev/null
+++ b/internal/provider/resource-grouponsystem.go
@@ -0,0 +1,167 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/system"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ resource.Resource                = &grouponsystemResource{}
+	_ resource.ResourceWithImportState = &grouponsystemResource{}
+	_ resource.ResourceWithConfigure   = &grouponsystemResource{}
+)
+
+func NewGrouponsystemResource() resource.Resource {
+	return &grouponsystemResource{}
+}
+
+type grouponsystemResource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (r *grouponsystemResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_grouponsystem"
+	tflog.Info(ctx, "Registred resource "+resp.TypeName)
+}
+
+func (r *grouponsystemResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: resourceSchemaAttrsNestedProvisioningGroupOnSystem(true),
+	}
+}
+
+func (r *grouponsystemResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	r.client = client
+}
+
+func (r *grouponsystemResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var data nestedProvisioningGroupOnSystemDataRS
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	obj, diags := types.ObjectValueFrom(ctx, nestedProvisioningGroupOnSystemAttrTypesRSRecurse, data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	newTkh, diags := tfObjectToTKHRSNestedProvisioningGroupOnSystem(ctx, true, obj)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Info(ctx, "Creating Topicus KeyHub grouponsystem")
+	newWrapper := keyhubmodels.NewProvisioningGroupOnSystemLinkableWrapper()
+	newWrapper.SetItems([]keyhubmodels.ProvisioningGroupOnSystemable{newTkh})
+	tkhParent, diags := findProvisioningProvisionedSystemPrimerByUUID(ctx, data.ProvisionedSystemUUID.ValueStringPointer())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	wrapper, err := r.client.System().BySystemidInt64(*tkhParent.GetLinks()[0].GetId()).Group().Post(
+		ctx, newWrapper, &keyhubreq.ItemGroupRequestBuilderPostRequestConfiguration{
+			QueryParameters: &keyhubreq.ItemGroupRequestBuilderPostQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+	tkh, diags := findFirst[keyhubmodels.ProvisioningGroupOnSystemable](ctx, wrapper, "grouponsystem", nil, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSNestedProvisioningGroupOnSystem(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tf = setAttributeValue(ctx, tf, "provisioned_system_uuid", types.StringValue(data.ProvisionedSystemUUID.ValueString()))
+	fillDataStructFromTFObjectRSNestedProvisioningGroupOnSystem(&data, tf)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+
+	tflog.Info(ctx, "Created a new Topicus KeyHub grouponsystem")
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *grouponsystemResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var data nestedProvisioningGroupOnSystemDataRS
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	tflog.Info(ctx, "Reading grouponsystem from Topicus KeyHub")
+	tkhParent, diags := findProvisioningProvisionedSystemPrimerByUUID(ctx, data.ProvisionedSystemUUID.ValueStringPointer())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tkh, err := r.client.System().BySystemidInt64(*tkhParent.GetLinks()[0].GetId()).Group().ByGroupidInt64(getSelfLink(data.Links).ID.ValueInt64()).Get(
+		ctx, &keyhubreq.ItemGroupWithGroupItemRequestBuilderGetRequestConfiguration{
+			QueryParameters: &keyhubreq.ItemGroupWithGroupItemRequestBuilderGetQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+
+	if !isHttpStatusCodeOk(ctx, -1, err, &resp.Diagnostics) {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSNestedProvisioningGroupOnSystem(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tf = setAttributeValue(ctx, tf, "provisioned_system_uuid", types.StringValue(data.ProvisionedSystemUUID.ValueString()))
+	fillDataStructFromTFObjectRSNestedProvisioningGroupOnSystem(&data, tf)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *grouponsystemResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	resp.Diagnostics.AddError("Cannot update a grouponsystem", "Topicus KeyHub does not support updating a grouponsystem via Terraform. The requested changes are not applied.")
+}
+
+func (r *grouponsystemResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	resp.Diagnostics.AddError("Cannot delete a grouponsystem", "Topicus KeyHub does not support deleting a grouponsystem via Terraform. The requested changes are not applied.")
+}
+
+func (r *grouponsystemResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+	resource.ImportStatePassthroughID(ctx, path.Root("uuid"), req, resp)
+}
diff --git a/internal/provider/resource-serviceaccount.go b/internal/provider/resource-serviceaccount.go
new file mode 100644
index 0000000..eae7269
--- /dev/null
+++ b/internal/provider/resource-serviceaccount.go
@@ -0,0 +1,192 @@
+// Code generated by "terraform-provider-keyhub-generator"; DO NOT EDIT.
+
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	keyhub "github.com/topicuskeyhub/sdk-go"
+	keyhubmodels "github.com/topicuskeyhub/sdk-go/models"
+	keyhubreq "github.com/topicuskeyhub/sdk-go/serviceaccount"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var (
+	_ resource.Resource                = &serviceaccountResource{}
+	_ resource.ResourceWithImportState = &serviceaccountResource{}
+	_ resource.ResourceWithConfigure   = &serviceaccountResource{}
+)
+
+func NewServiceaccountResource() resource.Resource {
+	return &serviceaccountResource{}
+}
+
+type serviceaccountResource struct {
+	client *keyhub.KeyHubClient
+}
+
+func (r *serviceaccountResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = ProviderName + "_serviceaccount"
+	tflog.Info(ctx, "Registred resource "+resp.TypeName)
+}
+
+func (r *serviceaccountResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: resourceSchemaAttrsServiceaccountServiceAccount(true),
+	}
+}
+
+func (r *serviceaccountResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*keyhub.KeyHubClient)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *keyhub.KeyHubClient, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	r.client = client
+}
+
+func (r *serviceaccountResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var data serviceaccountServiceAccountDataRS
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	obj, diags := types.ObjectValueFrom(ctx, serviceaccountServiceAccountAttrTypesRSRecurse, data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	newTkh, diags := tfObjectToTKHRSServiceaccountServiceAccount(ctx, true, obj)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Info(ctx, "Creating Topicus KeyHub serviceaccount")
+	newWrapper := keyhubmodels.NewServiceaccountServiceAccountLinkableWrapper()
+	newWrapper.SetItems([]keyhubmodels.ServiceaccountServiceAccountable{newTkh})
+	wrapper, err := r.client.Serviceaccount().Post(
+		ctx, newWrapper, &keyhubreq.ServiceaccountRequestBuilderPostRequestConfiguration{
+			QueryParameters: &keyhubreq.ServiceaccountRequestBuilderPostQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+	tkh, diags := findFirst[keyhubmodels.ServiceaccountServiceAccountable](ctx, wrapper, "serviceaccount", nil, err)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSServiceaccountServiceAccount(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	fillDataStructFromTFObjectRSServiceaccountServiceAccount(&data, tf)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+
+	tflog.Info(ctx, "Created a new Topicus KeyHub serviceaccount")
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *serviceaccountResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var data serviceaccountServiceAccountDataRS
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	tflog.Info(ctx, "Reading serviceaccount from Topicus KeyHub")
+	tkh, err := r.client.Serviceaccount().ByServiceaccountidInt64(getSelfLink(data.Links).ID.ValueInt64()).Get(
+		ctx, &keyhubreq.WithServiceaccountItemRequestBuilderGetRequestConfiguration{
+			QueryParameters: &keyhubreq.WithServiceaccountItemRequestBuilderGetQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+
+	if !isHttpStatusCodeOk(ctx, -1, err, &resp.Diagnostics) {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSServiceaccountServiceAccount(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	fillDataStructFromTFObjectRSServiceaccountServiceAccount(&data, tf)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *serviceaccountResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	var data serviceaccountServiceAccountDataRS
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = context.WithValue(ctx, keyHubClientKey, r.client)
+	obj, diags := types.ObjectValueFrom(ctx, serviceaccountServiceAccountAttrTypesRSRecurse, data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	newTkh, diags := tfObjectToTKHRSServiceaccountServiceAccount(ctx, true, obj)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Info(ctx, "Updating Topicus KeyHub serviceaccount")
+	tkh, err := r.client.Serviceaccount().ByServiceaccountidInt64(getSelfLink(data.Links).ID.ValueInt64()).Put(
+		ctx, newTkh, &keyhubreq.WithServiceaccountItemRequestBuilderPutRequestConfiguration{
+			QueryParameters: &keyhubreq.WithServiceaccountItemRequestBuilderPutQueryParameters{
+				Additional: collectAdditional(data),
+			},
+		})
+
+	if !isHttpStatusCodeOk(ctx, -1, err, &resp.Diagnostics) {
+		return
+	}
+
+	tf, diags := tkhToTFObjectRSServiceaccountServiceAccount(true, tkh)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	fillDataStructFromTFObjectRSServiceaccountServiceAccount(&data, tf)
+
+	tflog.Info(ctx, "Updated a Topicus KeyHub serviceaccount")
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *serviceaccountResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	resp.Diagnostics.AddError("Cannot delete a serviceaccount", "Topicus KeyHub does not support deleting a serviceaccount via Terraform. The requested changes are not applied.")
+}
+
+func (r *serviceaccountResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+	resource.ImportStatePassthroughID(ctx, path.Root("uuid"), req, resp)
+}
diff --git a/main.go b/main.go
index ac2195a..7a3b3a1 100644
--- a/main.go
+++ b/main.go
@@ -9,10 +9,46 @@ import (
 	"log"
 
 	"github.com/hashicorp/terraform-plugin-framework/providerserver"
-	"github.com/topicuskeyhub/terraform-provider-keyhub-preview/internal/provider"
+	"github.com/topicuskeyhub/terraform-provider-keyhubpreview/internal/provider"
 )
 
-// Run "go generate" to format example terraform files and generate the docs for the registry/website
+// Run "go generate" to generate the source code, format example terraform files and generate the docs for the registry/website
+
+// no UUID
+// info
+// launchpadtile
+// numberseq
+// groupclient
+// provisioninggroup
+
+// sub resources
+// directory/{directoryid}/internalaccount
+// account/{accountid}/group
+// account/{accountid}/organizationalunit
+// client/{clientid}/permission
+// group/{groupid}/account
+// organizationalunit/{organizationalunitid}/account
+// system/{systemid}/group
+// serviceaccount/{accountid}/group
+
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode model
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode data --resource account --linkable authAccount
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode data --resource certificate --linkable certificateCertificate
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode data --resource client --linkable clientClientApplication
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode data --resource directory --linkable directoryAccountDirectory
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode data --resource group --linkable groupGroup
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode data --resource groupclassification --linkable groupGroupClassification
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode data --resource organizationalunit --linkable organizationOrganizationalUnit
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode data --resource serviceaccount --linkable serviceaccountServiceAccount
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode data --resource system --linkable provisioningProvisionedSystem
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode data --resource vaultrecord --linkable vaultVaultRecord
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode data --resource webhook --linkable webhookWebhook
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode resource --resource clientapplication
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode resource --resource client_vaultrecord
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode resource --resource group_vaultrecord
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode resource --resource group
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode resource --resource grouponsystem
+//go:generate go run github.com/topicuskeyhub/terraform-provider-keyhub-generator@v0.0.5 --mode resource --resource serviceaccount
 
 // If you do not have terraform installed, you can remove the formatting command, but its suggested to
 // ensure the documentation is formatted properly.
@@ -38,7 +74,7 @@ func main() {
 	flag.Parse()
 
 	opts := providerserver.ServeOpts{
-		Address: "registry.terraform.io/hashicorp/keyhub-preview",
+		Address: "registry.terraform.io/hashicorp/keyhubpreview",
 		Debug:   debug,
 	}