Skip to content

Releases: Azure/terraform-provider-azapi


07 Mar 06:15
Choose a tag to compare


  • New Ephemeral Resource: azapi_resource_action


  • azapi provider: The oidc_azure_service_connection_id field can be sourced from the ARM_ADO_PIPELINE_SERVICE_CONNECTION_ID or ARM_OIDC_AZURE_SERVICE_CONNECTION_ID Environment Variables.
  • azapi provider: The enable_preflight field can be sourced from the ARM_ENABLE_PREFLIGHT Environment Variable.
  • azapi provider: The disable_default_output field can be sourced from the ARM_DISABLE_DEFAULT_OUTPUT Environment Variable.
  • azapi provider: Support maximum_busy_retry_attempts field, which is used to specify the maximum number of busy retry attempts if the Azure API returns an HTTP 408, 429, 500, 502, 503, or 504 response.
  • azapi_resource_action resource, data source: Support sensitive_response_export_values field, which is used to specify the sensitive fields to export.
  • azaapi_resource_action resource, data source: Support sensitive_output field, which is a sensitive computed field that contains the fields exported by sensitive_response_export_values.
  • Update bicep types to ms-henglu/bicep-types-az@c4c1c04
  • azapi resources: Skip external requests when no resource changes are detected.


  • Fix a bug that query parameters and headers don't work properly with unknown values
  • Fix more edge cases that the provider produced inconsistent result after apply when default output feature is enabled.
  • Fix a bug that when moving resource from azurerm resource, the id could not be parsed correctly.
  • Fix a bug that custom retry configuration doesn't override the default retry configuration.


30 Dec 06:13
Choose a tag to compare


  • azapi_resource resource: Improved 403 handling for management group resources to include child resources
  • Update bicep types to ms-henglu/bicep-types-az@4da2e19


  • Fix a bug that the provider produced inconsistent result after apply when default output feature is enabled.
    Notice: Terraform will detect the output field's changes made outside of Terraform since the last "terraform apply". You can run terraform refresh to update the state file with the latest values.
  • Fix a bug that the GET after PUT retry timeout doesn't work properly when the environment variable is set.


29 Nov 05:31
Choose a tag to compare


  • azapi_resource resource: Support resource move operation, it allows moving resources from azurerm provider.



  • Fix a bug when body contains an unknown float number, the provider will crash.
  • Fix the crash that occurs when no tenant ID is configured in Azure CLI.
  • Fix a bug that using multiple locks can result in a deadlock.


21 Oct 03:07
Choose a tag to compare


  • Major Version: Version 2.0 of the AzAPI Provider is a major version - some behaviours have changed and some deprecated fields/resources have been removed - please refer to the 2.0 upgrade guide for more information.
  • When upgrading to v2.0 of the AzAPI Provider, we recommend upgrading to the latest version of Terraform Core (which can be found here).


  • azapi_resource, azapi_update_resource resources and data sources' output field defaults to the readonly fields when the response_export_values is not specified.
  • azapi_resource_list data source's output field defaults to the response when the response_export_values is not specified.
  • Provider field default_naming_prefix and default_naming_suffix are removed. Please specify the naming prefix and suffix in the resource's name field instead.
  • Provider field enable_hcl_output_for_data_source is removed. The output field in the data source is always in HCL format.
  • The azapi_resource's removing_special_chars field is removed. Please specify the name field and remove the special characters in the name field instead.
  • The ignore_body_changes field is removed. Please use the lifecyle.ignore_changes to ignore some properties when comparing the resource with its current state.
  • The body field now only accepts an HCL object. Please remove the jsonencode function when using the body field.
  • The output field now only exports an HCL object. Please remove the jsondecode function when using the output field.
  • The use_msi field now defaults to false, please set it to true explicitly if you want to authenticate using Managed Service Identity.


  • azapi_data_plane_resource resource: Support Microsoft.Purview/accounts/Scanning/managedvirtualnetworks type.
  • Support a default retry policy that retries when GET request fails with 404 status code after resource creation.
  • azapi provider: Support disable_default_output field, which is used to disable the default output for the resources and data sources.
  • Update bicep types to ms-henglu/bicep-types-az@c3ff45d


  • Fix a bug that non-standard LRO error responses are not handled properly.


18 Sep 01:39
Choose a tag to compare


  • Provider field default_naming_prefix and default_naming_suffix are removed. Please specify the naming prefix and suffix in the resource's name field instead.
  • Provider field enable_hcl_output_for_data_source is removed. The output field in the data source is always in HCL format.
  • The azapi_resource's removing_special_chars field is removed. Please specify the name field and remove the special characters in the name field instead.
  • The ignore_body_changes field is removed. Please use the lifecyle.ignore_changes to ignore some properties when comparing the resource with its current state.
  • The body field now only accepts an HCL object. Please remove the jsonencode function when using the body field.
  • The output field now only exports an HCL object. Please remove the jsondecode function when using the output field.
  • The use_msi field now defaults to false, please set it to true explicitly if you want to authenticate using Managed Service Identity.


  • New Provider Function: build_resource_id
  • New Provider Function: parse_resource_id
  • New Provider Function: subscription_resource_id
  • New Provider Function: tenant_resource_id
  • New Provider Function: management_group_resource_id
  • New Provider Function: resource_group_resource_id
  • New Provider Function: extension_resource_id


  • azapi provider: Support enable_preflight field, which is used to enable Preflight Validation, the default value is false.
  • azapi_resource and azapi_data_plane_resource resource: Support replace_triggers_external_values field which is used to trigger a replacement of the resource.
  • azapi_resource and azapi_data_plane_resource resource: Support replace_triggers_refs field which is used to trigger a replacement of the resource.
  • azapi resources and data sources: Support retry field, which is used to specify the retry configuration.
  • azapi resources and data sources: Support headers and query_parameters fields, which are used to specify the headers and query parameters.
  • azapi resources and data sources: The response_export_values field supports JMESPath expressions.
  • Accept AZURE_CLIENT_ID and AZURE_TENANT_ID environment variables when authenticating using AKS workload identity.
  • azapi provider: Support oidc_azure_service_connection_id field, which is used to specify the Azure Service Connection ID for OIDC authentication with Azure DevOps.
  • Update bicep types to ms-henglu/bicep-types-az@7492c6d


16 Aug 05:45
Choose a tag to compare



  • Fix a bug that differences in a list of objects are not detected correctly.
  • Fix a bug that azapi_update_resource produced inconsistent results when the case of the resource_id and type fields are different.
  • Fix a bug that provider will crash when there's no default subscription configured in azure cli.
  • Fix a bug that resource definitions are not correctly cached.


04 Jul 07:18
Choose a tag to compare


  • New Data Source: azapi_client_config


  • azapi provider: Support client_certificate field, which specifies base64-encoded PKCS#12 bundle to be used as the client certificate for authentication.
  • azapi provider: Support use_aks_workload_identity field to enable AKS workload identity.
  • azapi_resource, azapi_update_resource, azapi_resource_action, azapi_data_plane_resource resources: Support timeouts.update field, which is used to specify the timeout for the update operation.
  • azapi_update_resource resource: Improve the id build logic to honor user's input.
  • Update bicep types to ms-henglu/bicep-types-az@37dcb18


  • Fix a bug that azapi_resource will crash when the location in GET response is null.
  • Fix a bug that schema validation fails to validate unknown string values.
  • Fix a bug that azapi_resource only supports extension resource on a resource group scoped resource.
  • Fix a bug that OIDC authentication should not be used when required fields are missing.


29 Apr 03:00
Choose a tag to compare


  • azapi provider: Support enable_hcl_output_for_data_source field, which is used to enable the HCL output for the data source, the default value is false.
    This could resolve the following breaking changes in the previous release:

    • azapi_resource data source: The output field changes from JSON string to HCL object. Users can use access the fields in the output as an HCL object. Please remove the jsondecode function when using the output field.
    • azapi_resource_list data source: The output field changes from JSON string to HCL object. Users can use access the fields in the output as an HCL object. Please remove the jsondecode function when using the output field.

    Please notice if you already upgraded to v1.13.0 and removed jsondecode function for the output of data sources, when upgrade to the v1.13.1 release, you need to set enable_hcl_output_for_data_source = true in the azapi provider block to enable the HCL output for data sources.


  • Fix a bug when upgrading from previous provider azapi_resource resource will set tags and location for resources that don't have tags or location in the configuration.
  • Fix a bug that azapi_resource resource cannot handle tags with unknown values.
  • Fix a bug that null string value can't pass the schema validation.
  • Fix a bug that required fields which have null value can't pass the schema validation.
  • Fix a bug that schema validation fails to validate the float number in the body.
  • Fix a bug that client certificate authentication doesn't work.
  • Fix a bug that auxiliary tenant ids are not passed to the client.
  • Fix a bug that azapi_resource_action resource shows the plan diff when upgrading from the previous provider.


24 Apr 11:00
Choose a tag to compare


  1. Provider field default_naming_prefix and default_naming_suffix are deprecated. It will not work in this release and will be removed in the next major release.
    Please specify the naming prefix and suffix in the resource's name field instead.
  2. The azapi_resource's removing_special_chars field is deprecated. It will not work in this release and will be removed in the next major release.
    Please specify the name field and remove the special characters in the name field instead.
  3. Defining the identity inside the body field is not recommended. In this release, it will not sync the identity inside the body field to identity block.
    Please define the identity block instead.
  4. azapi_resource data source, azapi_resource_listdata source: Theoutput` field changes from JSON string to HCL object. Users can use access the fields in the output as an HCL object. Please follow the instructions to migrate:
    1. Please remove the jsondecode function when using the output field from these data sources.
    data "azapi_resource" "test" {
      type                   = "Microsoft.Automation/automationAccounts@2023-11-01"
      resource_id            =
      response_export_values = ["properties"]
    output "o1" {
      // change jsondecode(data.azapi_resource.test.output).properties.automationHybridServiceUrl to
      value =
    1. Run terraform plan to preview the changes.
    No changes. Your infrastructure matches the configuration.


  • azapi_resource resource, azapi_update_resource resource, azapi_resource_action resource, azapi_data_plane_resource resource, azapi_resource_action data source: The body field supports the dynamic schema and allows user to use the HCL object to specify the body.
  • azapi_resource resource, azapi_update_resource resource, azapi_resource_action resource, azapi_data_plane_resource resource, azapi_resource_action data source, azapi_resource data source, azapi_resource_list data source: The output field supports the dynamic schema and allows user to read the output as an HCL object.
  • azapi provider: Support client_id_file_pathand client_secret_file_path fields, which are used to specify the file path of the client id and client secret.
  • azapi_data_plane_resource resource: Support Microsoft.Synapse/workspaces/databases type.
  • azapi_resource resource, azapi_update_resource resource: Ignore the order of the elements in a list if the element has a name field as identifier.
  • Update bicep types to ms-henglu/bicep-types-az@48ce933


  • Fix a bug that azapi_resource_action doesn't support 204 status code as a success response.


21 Feb 05:15
Choose a tag to compare


  • Fix a bug that azapi_resource removes some required fields in the body when using ignore_body_changes feature.