`InvalidModel` when updating Access Package Assignment Policy

[sandra-bee]

Describe the bug

I want to update an access package assignment policy, but whenever the policy includes the requirement for approval (i.e. is_approval_required_for_add=True), this fails with an InvalidModel error.

Example:
If I set the property for "requires approval" to false, I am able to retrieve an existing access package policy by ID and update a certain property (e.g. the duration) successfully:

# Retrieve the pre-existing access package assignment policy:
ap_assignment_policy_obj = await graph_client.identity_governance.entitlement_management.assignment_policies.by_access_package_assignment_policy_id(<ap_pol_id>).get()

# Set the required duration in ISO 8601 duration format:
ap_assignment_policy_obj.expiration.duration = "PT4H"
        
# Update the access package assignment policy:
result = await graph_client.identity_governance.entitlement_management.assignment_policies.by_access_package_assignment_policy_id(<ap_pol_id>).put(ap_assignment_policy_obj)

However as soon as "requires approval" is set to true (and the associated approval groups etc. are set), I am no longer able to update an existing access package assignment policy. Instead, the following error is encountered:

msgraph.generated.models.o_data_errors.o_data_error.ODataError: 
APIError
Code: 400
message: None
error: MainError(additional_data={}, code='InvalidModel', details=[], inner_error=InnerError(additional_data={}, client_request_id='', date=datetime.datetime(2025, 6, 12, 12, 57, 48), odata_type=None, request_id=''), message='The model is invalid.', target=None)

Expected behavior

Regardless of whether or not approval is required (as dictated by the property is_approval_required_for_add), the access package policy update should work.

How to reproduce

1. Create an access package assignment policy
2. Set "requires approval" to true, and fill in the required properties
3. Try to update the access package assignment policy

SDK Version

1.33.0

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log

msgraph.generated.models.o_data_errors.o_data_error.ODataError: 
APIError
Code: 400
message: None
error: MainError(additional_data={}, code='InvalidModel', details=[], inner_error=InnerError(additional_data={}, client_request_id='', date=datetime.datetime(2025, 6, 12, 12, 57, 48), odata_type=None, request_id=''), message='The model is invalid.', target=None)

Configuration

No response

Other information

An example of the approval settings that can be used to generate this error is shown below:

from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage

ap_assignment_policy_obj. request_approval_settings = AccessPackageAssignmentApprovalSettings(
        is_approval_required_for_add = True,
        is_approval_required_for_update = False,
        is_requestor_justification_required = True,
        stages = [
                AccessPackageApprovalStage(
                    duration_before_automatic_denial = datetime.timedelta(days=14), 
                    is_escalation_enabled = False,
                    is_approver_justification_required = True,
                    duration_before_escalation = datetime.timedelta(0),
                    primary_approvers = [
                        GroupMembers(
                            odata_type = "#microsoft.graph.groupMembers",
                            description = "approver_group"
                        )
                    ],
                    fallback_primary_approvers = [],
                    escalation_approvers = [],
                    fallback_escalation_approvers = []
                )
        ]
)