terraform-provider-azapi icon indicating copy to clipboard operation
terraform-provider-azapi copied to clipboard
verified publisher icon Azure

feature request: support for terraform actions

Open jaredfholgate opened this issue 3 months ago • 7 comments

I'd like to see the azapi_resource_action re-implemented as an action as released in Terraform CLI 1.4: https://developer.hashicorp.com/terraform/language/v1.14.x/invoke-actions

Also, if we could have a generic action resource that can call any data plane API, that would be amazing.

CC: @matt-FFFFFF

jaredfholgate avatar Sep 27 '25 08:09 jaredfholgate

Hi @jaredfholgate ,

Thank you for taking time to open this issue.

I'll work on this feature and the target release is v2.8.0. Thanks!

ms-henglu avatar Sep 28 '25 01:09 ms-henglu

Hi @ms-henglu this is great news thanks!

For the general purpose action - could #918 be a source of inspiration? A general client that can get a token for any Entra-backed API?

This would provide a general-purpose approach that meets and exceeds the capabilities in the aws provider. You will see that the aws_lambda_invoke action uses jsonencode()... Perhaps they will lean how to use an HCL dynamic in the future ;-)

matt-FFFFFF avatar Sep 28 '25 08:09 matt-FFFFFF

@matt-FFFFFF how low-level/generic do you want this data plane API? Our longstanding hesitation around this feature is that it'll end up being essentially a REST API due to the lack of consistency in how data plane APIs behave. On the other hand, fully agree that we should be supporting actions with our next release.

stemaMSFT avatar Sep 29 '25 16:09 stemaMSFT

@stemaMSFT just in that PR, I want to have:

  • a request URL
  • an HTTP method
  • The HTTP body
  • Query parameters
  • Header control

This with all the existing goodness of AzAPI, e.g. retry support, output control, etc, etc.

resource "azapi_general_resource" "secret" {
  url         = "${azapi_resource.keyvault.output.properties.vaultUri}secrets/test"
  api_version = "7.5"
  body = {
    attributes = {
      enabled = true
    }
  }
  sensitive_body = {
    value = "test" # this would be a reference to an ephemeral value
  }
  sensitive_body_version = {
    "value" = "0"
  }
  response_export_values = [
    "attributes.created",
    "id"
  ]
}

matt-FFFFFF avatar Oct 01 '25 15:10 matt-FFFFFF

Thanks @matt-FFFFFF let me chat with the team about this. I hadn't thought about these unique azapi based benefits applying to a "restful" experience, but that resonates with me.

It seems based on your code snippet you're looking to make things CRUD-able. Do we have decent confidence on the ability of data plane APIs being CRUD-able or should we also be supporting azapi_general_action for imperative calls?

stemaMSFT avatar Oct 01 '25 19:10 stemaMSFT

I think there are two use cases here @stemaMSFT.

The original ask of this thread, to use the new actions feature. These are imperative, by nature.

Then there's my original ask in the linked PR. A general purpose CrUD resource that can be used for any data plane service.

Both could look and feel the same, in that they expose the a schema like the one posted above.

In terms of data plane supporting full CrUD, that will depend on the service. Things like key vault, storage, app config, etc - all support crud. There will be those that don't but this is ok I think. It's a general purpose resource.

Being able to wrap these with azapi sugar is of great benefit. The ability to support write only attributes for any API is huge, for example.

matt-FFFFFF avatar Oct 01 '25 20:10 matt-FFFFFF

Hi all,

I opened this PR to support the mgmt-plane action: https://github.com/Azure/terraform-provider-azapi/pull/1018

ms-henglu avatar Nov 24 '25 06:11 ms-henglu