chore(deps): bump the terraform-providers group across 2 directories with 7 updates

[dependabot]

Bumps the terraform-providers group with 7 updates in the /infra directory:

Package	From	To
aztfmod/azurecaf	1.2.32	1.2.34
azure/avm-res-storage-storageaccount/azurerm	0.6.8	0.7.2
azure/azapi	2.7.0	2.10.0
azure/modtm	0.3.5	0.4.0
hashicorp/azurerm	4.67.0	4.77.0
hashicorp/random	3.8.1	3.9.0
hashicorp/time	0.13.1	0.14.0

Bumps the terraform-providers group with 4 updates in the /infra/modules/copilot_studio directory: azure/azapi, azure/modtm, hashicorp/azurerm and hashicorp/random.

Updates aztfmod/azurecaf from 1.2.32 to 1.2.34

Release notes

Sourced from aztfmod/azurecaf's releases.

v1.2.34

What's Changed

• fix(ci/release-validation): move build/test to host runner by @​arnaudlh in aztfmod/terraform-provider-azurecaf#480
• ci(deps): bump github/gh-aw-actions from 0.72.1 to 0.74.4 by @​dependabot[bot] in aztfmod/terraform-provider-azurecaf#495
• deps(deps): bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.40.0 to 2.40.1 by @​dependabot[bot] in aztfmod/terraform-provider-azurecaf#494
• fix(workflow): move pr-review-agent build artifacts from /tmp to workspace by @​arnaudlh in aztfmod/terraform-provider-azurecaf#498
• Improve devcontainer and dev environment by @​arnaudlh in aztfmod/terraform-provider-azurecaf#499
• feat(resources): add 105 missing azurerm resource definitions from weekly azure-sync (2026-05-14) by @​Copilot in aztfmod/terraform-provider-azurecaf#481
• Improved logging and fields description by @​arnaudlh in aztfmod/terraform-provider-azurecaf#500
• fix(release): make models_generated.go gofmt-clean to unblock GoReleaser by @​arnaudlh in aztfmod/terraform-provider-azurecaf#516

Full Changelog: aztfmod/terraform-provider-azurecaf@v1.2.33...v1.2.34

v1.2.33

What's Changed

• ci(deps): bump github/gh-aw-actions from 0.61.0 to 0.64.4 by @​dependabot[bot] in aztfmod/terraform-provider-azurecaf#448
• ci(deps): bump github/gh-aw-actions from 0.64.4 to 0.73.0 by @​dependabot[bot] in aztfmod/terraform-provider-azurecaf#458
• ci(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by @​dependabot[bot] in aztfmod/terraform-provider-azurecaf#454
• ci(deps): bump actions/github-script from 8.0.0 to 9.0.0 by @​dependabot[bot] in aztfmod/terraform-provider-azurecaf#452
• deps(deps): bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.38.2 to 2.40.0 by @​dependabot[bot] in aztfmod/terraform-provider-azurecaf#421
• chore(workflows): recompile agentic workflows with gh-aw v0.72.1 by @​arnaudlh in aztfmod/terraform-provider-azurecaf#459
• ci: align Go toolchain across env + SHA-pin hand-authored workflows by @​arnaudlh in aztfmod/terraform-provider-azurecaf#467
• Add support for azurerm_network_connection_monitor by @​Copilot in aztfmod/terraform-provider-azurecaf#357
• docs: correct resource counts, missing argument, and stale prereqs by @​arnaudlh in aztfmod/terraform-provider-azurecaf#469
• ci+docs: fix nightly regression, agentic workflow firewall paths, and doc accuracy by @​arnaudlh in aztfmod/terraform-provider-azurecaf#471
• fix(workflows): install tfproviderlint in nightly + lock down top-level permissions by @​arnaudlh in aztfmod/terraform-provider-azurecaf#475
• feat(resources): add four missing name resources from #432 by @​arnaudlh in aztfmod/terraform-provider-azurecaf#476

Full Changelog: aztfmod/terraform-provider-azurecaf@v1.2.32...v1.2.33

Changelog

Sourced from aztfmod/azurecaf's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Fixed

• Issue Arborist agentic workflow — allow python3 in agent sandbox (fixes #509): The daily Issue Arborist workflow run 26360490064 reported a missing-tools failure: "Bash command execution was blocked by security policy. Cannot run python3 or any shell commands in this environment." The agent tries to run python3 to cluster ~100 issues by token/label overlap (jq alone is awkward for set similarity), but the bash allowlist only granted cat *, jq *, and the schema script. Added python3 * to .github/workflows/issue-arborist.md tools.bash (matching the pattern already used by issue-to-pr-agent.md), documented in the prompt that python3 is available for richer analysis with output constrained to ${GITHUB_WORKSPACE}/.gh-aw-data/, and regenerated issue-arborist.lock.yml via gh aw compile (compiler v0.72.1). The recompile also pinned github/gh-aw-actions/setup to its commit SHA (was floating v0.74.4 tag, now bc56a0cad2f450c562810785ef38649c04db812a # v0.72.1), matching the SHA-pinning convention introduced in commit 9c6e560. Impact: removes the recurring [aw] Issue Arborist failed issue; no behavior change for end users of the provider.
• azurecaf/models_generated.go is now gofmt-clean: The generated file's struct-literal alignment did not match what gofmt produces on current Go toolchains. As a result, the v1.2.34 release pipeline failed at the Run GoReleaser step with git is in a dirty state - M azurecaf/models_generated.go, because the Go workflow's E2E tests call make build (which runs go generate then go fmt ./...), and go fmt reformatted the file. Regenerated and gofmt'd the file (no semantic change, same 489 resource entries) so subsequent runs of make build leave the working tree clean. Impact: None for end users; unblocks tag releases (next attempt should be v1.2.34 or later).

Added

• Weekly mock-azurerm sweep (.github/workflows/weekly-mock-azurerm.md): Companion gh-aw agentic workflow to the PR-time mock-azurerm.yml gate. Runs the full mock-azurerm sweep across every azurerm_* resource in resourceDefinition.json once a week (Mondays 09:00 UTC), classifies failures into three buckets (real CAF bug, scaffolding gap, deprecated upstream resource) and opens a single categorized issue with close-older-issues: true so the backlog stays tidy. Reuses make test_mock_azurerm_all and the harness under scripts/mock-test/ introduced in the previous entry.
  • Impact: Low — additive new agentic workflow only, no provider behavior change. Issues are advisory backlog items, not gating.
• Mock-azurerm PR gate (scripts/mock-test/ + .github/workflows/mock-azurerm.yml): Added a CI check that proves every CAF-generated name is accepted by the corresponding azurerm_* resource schema, using terraform test with mock_provider "azurerm" {}. Closes the long-standing gap where existing in-process Go tests only validated the regex against itself. Generates three naming variations per resource (default, with_prefix=["dev"], with_random=5/seed=12345) and runs them against the live hashicorp/azurerm (~> 4.0) schema — no Azure credentials required.
  • Diff-scoped on PRs (only resources changed in resourceDefinition.json are re-validated) so the check stays fast.
  • New Makefile targets: make test_mock_azurerm_setup, make test_mock_azurerm_changed, make test_mock_azurerm_all.
  • See scripts/mock-test/README.md for local usage.
  • Cleaned up scripts/mock-test/generate_tests.py, fetch_schema.sh, and run_all.sh to clear the SonarCloud quality-gate findings raised on PR #485: extracted repeated HCL literals ("Linux", "CanNotDelete", "Custom", "10.0.0.1", "PT5M") as named constants, split fake_value_for into table-driven helpers (_override_lookup/_name_based_value/_type_based_value), split main into _build_arg_parser/_select_wanted/_classify_resource/_emit_workspace so it returns non-zero when no workspace can be generated, switched resources_changed_between to parsed-JSON diff (also addresses a PR reviewer comment), threaded the resolved name_attr through to make_test_hcl so assertions hit the right schema attribute for resources like azurerm_policy_definition that use display_name, dropped the redundant json.JSONDecodeError from the except clause (it derives from ValueError), added an explicit return 0 to run_all.sh::usage, and added a default *) ;; case to fetch_schema.sh's flag loop. No behavior change to the generated workspaces.
  • Impact: Low — additive new CI workflow only, no provider behavior change.
• Weekly Azure Sync 2026-05-14 — 89 new resource types (post-review): Added definitions for resources highlighted by the weekly azure-sync report. All entries are additive (no slug or behavior changes to existing resources) and follow CAF-style abbreviations and Azure naming rules. The initial sync proposed 105 resources; 16 were removed during review (see "Removed" below) and 2 had their regex/length corrected (see "Fixed" below). Every kept addition was validated via terraform test with mock_provider "azurerm" and fuzz-tested (89 × 25 = 2,225 randomized inputs, 99.87% pass rate; 3 remaining edge cases match pre-existing patterns in main). Categories covered:
  • Compute: azurerm_container_group (slug aci), azurerm_orchestrated_virtual_machine_scale_set (ovmss), azurerm_snapshot (snp), azurerm_dedicated_hardware_security_module (hsm).
  • Networking: azurerm_network_profile (npr), azurerm_route_filter (rf), azurerm_vpn_gateway (vpng), azurerm_virtual_network_gateway_connection (vngc), azurerm_express_route_circuit_authorization (erca), azurerm_express_route_circuit_peering (ercp), azurerm_firewall_policy_rule_collection_group (fwprcg), azurerm_virtual_hub_route_table (vhrt), azurerm_virtual_hub_ip (vhip), azurerm_virtual_hub_bgp_connection (vhbgp), azurerm_virtual_hub_security_partner_provider (vhspp).
  • Storage & Databases: azurerm_sql_database (sqld), azurerm_mssql_virtual_machine (sqlvm), azurerm_cosmosdb_cassandra_keyspace (coscas), azurerm_cosmosdb_gremlin_database (cosgrm), azurerm_cosmosdb_gremlin_graph (cosgrmg), azurerm_cosmosdb_mongo_collection (cosmonc), azurerm_cosmosdb_mongo_database (cosmondb), azurerm_cosmosdb_sql_container (cosqlc), azurerm_cosmosdb_sql_database (cosqldb), azurerm_cosmosdb_sql_stored_procedure (cosqlsp), azurerm_cosmosdb_table (costbl), azurerm_storage_encryption_scope (stes), azurerm_storage_data_lake_gen2_path (stdlp), azurerm_shared_image_version (siv).
  • IoT & Messaging: azurerm_iothub_endpoint_eventhub (iothepeh), azurerm_iothub_endpoint_servicebus_queue (iothepsbq), azurerm_iothub_endpoint_servicebus_topic (iothepsbt), azurerm_iothub_endpoint_storage_container (iothepsc), azurerm_iothub_fallback_route (iothfr), azurerm_iothub_route (iothr), azurerm_iot_time_series_insights_standard_environment (tsise), azurerm_iot_time_series_insights_reference_data_set (tsirds), azurerm_eventhub_cluster (ehc).
  • Analytics & Data: azurerm_data_share (dshr), azurerm_data_share_account (dshra), azurerm_data_share_dataset_blob_storage (dshrdsb), azurerm_data_share_dataset_data_lake_gen1 (dshrdsg1), azurerm_data_share_dataset_data_lake_gen2 (dshrdsg2), azurerm_data_share_dataset_kusto_cluster (dshrdskc), azurerm_data_share_dataset_kusto_database (dshrdskd), azurerm_hpc_cache (hpcc), azurerm_hpc_cache_blob_target (hpcbt), azurerm_hpc_cache_nfs_target (hpcnt), azurerm_hdinsight_cluster (hdi), azurerm_data_factory_integration_runtime_self_hosted (adfirsh), azurerm_kusto_attached_database_configuration (kadc).
  • Security & Governance: azurerm_advanced_threat_protection (atp), azurerm_attestation (atst), azurerm_security_center_automation (sca), azurerm_security_center_auto_provisioning (scap), azurerm_security_center_contact (scc), azurerm_sentinel_alert_rule (sentar), azurerm_sentinel_alert_rule_ms_security_incident (sentarms), azurerm_sentinel_alert_rule_scheduled (sentars), azurerm_lighthouse_assignment (lha), azurerm_lighthouse_definition (lhd), azurerm_policy_definition (pold), azurerm_policy_set_definition (polsd), azurerm_policy_remediation (polr), azurerm_management_lock (mgl), azurerm_management_group (mg), azurerm_key_vault_access_policy (kvap).
  • App Services & Containers: azurerm_app_service_slot (apps), azurerm_app_service_certificate (appcert), azurerm_service_plan (asp), azurerm_spring_cloud_app (spca), azurerm_spring_cloud_certificate (spcert), azurerm_spring_cloud_service (spcs), azurerm_spatial_anchors_account (spaa).
  • Monitoring & Operations: azurerm_monitor_log_profile (mlp), azurerm_monitor_action_rule_action_group (marag), azurerm_monitor_action_rule_suppression (mars), azurerm_monitor_scheduled_query_rules_log (msqrl), azurerm_monitor_smart_detector_alert_rule (msdar), azurerm_log_analytics_data_export_rule (laer), azurerm_log_analytics_linked_service (lals), azurerm_log_analytics_saved_search (lass), azurerm_log_analytics_cluster_customer_managed_key (laccmk).
  • Automation & DevOps: azurerm_automation_connection (aacon), azurerm_automation_module (aamod), azurerm_automation_dsc_configuration (aadsc), azurerm_blueprint_assignment (bpa), azurerm_blueprint_definition (bpd), azurerm_blueprint_published_version (bppv), azurerm_dev_test_virtual_network (dtlvn), azurerm_dev_test_policy (dtlp), azurerm_dev_test_schedule (dtls), azurerm_resource_group_template_deployment (rgtd), azurerm_subscription_template_deployment (subtd).
  • Other / Misc: azurerm_managed_application (manapp), azurerm_managed_application_definition (manappd), azurerm_media_services_account (ams), azurerm_devspace_controller (dsc), azurerm_service_fabric_mesh_application (sfmesha), azurerm_service_fabric_mesh_local_network (sfmeshln), azurerm_service_fabric_mesh_secret (sfmeshs), azurerm_site_recovery_fabric (asrf), azurerm_site_recovery_replicated_vm (asrrvm), azurerm_site_recovery_replication_policy (asrrp), azurerm_site_recovery_protection_container (asrpc).
  • Impact: Low - additive only. Existing resource slugs are unchanged.
  • Note: The 3 CAF slug drifts reported in the same issue (ehn→evhns, syws→synw, dpbv→bvault) are not included here. Changing existing slugs is breaking for downstream users and should be handled in a separate change with an aliasing/deprecation strategy.

Fixed

• azurerm_managed_application_definition naming rules: Tightened during PR #481 review. Azure rejects names with dashes/underscores/dots for managed-application definitions; updated to min_length: 3, validation_regex: "^[a-zA-Z0-9]{3,64}$", dashes: false, cleaning regex: "[^0-9A-Za-z]". Without this fix, names generated for this slug would have been rejected by the platform.
• azurerm_storage_encryption_scope naming rules: Tightened during PR #481 review. Azure storage encryption scope names are alphanumeric only and must be at least 4 characters; updated to min_length: 4, max_length: 63, validation_regex: "^[a-zA-Z0-9]{4,63}$", dashes: false, cleaning regex: "[^0-9A-Za-z]".

Removed

• Invalid azurerm resource definitions (16, originally proposed in this same PR): The following resource types were removed before merge because they cannot be named via azurecaf_name. Reasons include: the Terraform resource has no user-supplied name argument (parent-keyed only), the platform requires a UUID for the name (so a CAF slug + random suffix is not a valid value), the resource is a data-source-only construct, or the Terraform azurerm resource has been removed/renamed. None of these resources had reached main — they only existed in the original PR commit.
  • azurerm_advanced_threat_protection — no name argument (keyed by target_resource_id).
  • azurerm_attestation — superseded by azurerm_attestation_provider; azurerm_attestation does not exist in the current azurerm provider.
  • azurerm_blueprint_definition — data source only (data "azurerm_blueprint_definition"); no managed resource.
  • azurerm_blueprint_published_version — data source only; no managed resource.
  • azurerm_dev_test_policy — superseded; current resource is azurerm_dev_test_policy_set / azurerm_dev_test_linux_virtual_machine policies, no top-level azurerm_dev_test_policy.
  • azurerm_express_route_circuit_peering — peering_type is an enum (AzurePrivatePeering, MicrosoftPeering, AzurePublicPeering), not a free-form name.
  • azurerm_hdinsight_cluster — generic resource does not exist; HDInsight uses type-specific resources (azurerm_hdinsight_hadoop_cluster, _spark_cluster, etc.) which are already supported.
  • azurerm_iothub_fallback_route — singular per-IoT-Hub resource with no name argument.

... (truncated)

Commits

• c98098f Merge pull request #516 from aztfmod/fix/release-1.2.34-gofmt-drift
• 7dd89eb fix(release): make models_generated.go gofmt-clean to unblock GoReleaser
• a81347f Merge pull request #500 from aztfmod/phase1-phase2-improvements
• 44aa242 Add changelog entry for provider best practices
• 412c74a Potential fix for pull request finding
• ec5bc74 fix: bump tfproviderlint to v0.31.0 for Go 1.25 compatibility
• 5395cd8 Apply Terraform provider best practices (Phase 1+2)
• ee39380 Merge pull request #481 from aztfmod/copilot/azure-sync-234-new-resources
• a84bc1f docs(readme): drop 15 rows for resources removed in PR #481 review
• 517917e Merge branch 'main' into copilot/azure-sync-234-new-resources
• Additional commits viewable in compare view

Updates azure/avm-res-storage-storageaccount/azurerm from 0.6.8 to 0.7.2

Release notes

Sourced from azure/avm-res-storage-storageaccount/azurerm's releases.

v0.7.2

What's Changed

• docs: align submodule docs with TFRMNFR1 independent consumability by @​jaredfholgate in Azure/terraform-azurerm-avm-res-storage-storageaccount#341

Full Changelog: Azure/terraform-azurerm-avm-res-storage-storageaccount@v0.7.1...v0.7.2

v0.7.1

What's Changed

• feat: service properties for blob, queue, file and table (#338) by @​kewalaka in Azure/terraform-azurerm-avm-res-storage-storageaccount#339

Full Changelog: Azure/terraform-azurerm-avm-res-storage-storageaccount@v0.7.0...v0.7.1

v0.7.0

Breaking Changes

This is a major re-write of the module to port to AzAPI bringing us closer to a V1 release.

There are multiple breaking changes, but we have tried to minimise the impact by keeping many legacy variables and including moved blocks to automatically migrate state where possible.

However, depending on your usage of the module you may need to include your own moved blocks to migrate state, review the Terraform plan carefully, and update some module inputs.

Specific breaking changes include:

• The storage account sku now uses a dedicated input that maps more closely to the ARM API. In order to use the legacy inputs this needs to be set to null, but we recommend just using the new single input instead.
• We no longer support data plane operations in the module.
• We no longer support outputting access keys from the module, we recommend using Entra ID auth and only falling back to access kays when there is no other option. We provide an example of the reading access keys with an ephemeral resource and storing them in a Key Vault with write only attributes.
• Diagnostic settings use the newer interface that supports all features.

What's Changed

• feat!: convert module to azapi by @​jaredfholgate in Azure/terraform-azurerm-avm-res-storage-storageaccount#334

Full Changelog: Azure/terraform-azurerm-avm-res-storage-storageaccount@v0.6.9...v0.7.0

v0.6.9

What's Changed

• fix: add missing properties to diagnostic settings for storage accoun… by @​chinthakaru in Azure/terraform-azurerm-avm-res-storage-storageaccount#332

Full Changelog: Azure/terraform-azurerm-avm-res-storage-storageaccount@v0.6.8...v0.6.9

Commits

• 929a235 docs: align submodule docs with TFRMNFR1 independent consumability (#341)
• 1685cbd feat: service properties for blob, queue, file and table (#338) (#339)
• e62ef09 feat!: convert module to azapi (#334)
• 83ceb97 fix: add missing properties to diagnostic settings for storage accoun… (#332)
• See full diff in compare view

Updates azure/azapi from 2.7.0 to 2.10.0

Release notes

Sourced from azure/azapi's releases.

v2.10.0

ENHANCEMENTS:

• azapi provider: Preflight validation is now enabled on resource update operations (previously only on create) (GH-1112).
• azapi provider: Preflight validation now requires only read permission instead of write permission (GH-1112).
• Bump Go version to 1.25.8 (GH-1082).
• Bump terraform-plugin-framework from v1.16.1 to v1.19.0 (GH-1081).
• Add example for Microsoft.RedHatOpenShift/openShiftClusters (GH-1083).

BUG FIXES:

• Fix a panic when comparing a non-empty configured list with an empty remote list during no-op change detection (GH-1125).

v2.9.0

ENHANCEMENTS:

• azapi_update_resource resource: Support replace_triggers_external_values argument to trigger resource replacement based on external values.
• azapi_data_plane_resource resource: Support sensitive_body and sensitive_body_version fields, which are used to specify the write-only properties in the request body.
• azapi_resource_action resource: Support updating api-version without recreating the resource.
• azapi_resource_action Support ignore_not_found argument to optionally suppress 404 errors and expose resource existence.
• azapi_resource, azapi_update_resource resources: Support list_unique_id_property and ignore_other_items_in_list fields, which are used to manage list properties with unique identifiers (GH-1033).
• azapi provider: Add Azure Government support for KeyVault resource manager audience endpoint (GH-996).
• azapi_data_plane_resource resource: Support importing existing data plane resources via terraform import (GH-1053).
• azapi_data_plane_resource resource: Add support for Microsoft.Foundry/agents (AI Foundry assistants) with customization and resource management (GH-1053).
• parse_resource_id function: Add resource_group_id to the function output (GH-1065).
• Update bicep types to ms-henglu/bicep-types-az@5c7a4c2

BUG FIXES:

• Fix Missing Resource Identity After Update error for Terraform versions below 1.12 (GH-1023).
• azapi_resource_action: Fix inconsistent result error when updating query_parameters with when = "destroy" (GH-1028).
• azapi_resource resource: Fix embedded schema validation failure when the discriminator property is unknown (GH-1038).
• azapi_data_plane_resource resource: Fix a bug that 204 status code is not supported as a success response (GH-1055).
• Fix inconsistent result after apply when lastConnectivityTime field changes between create/update and read (GH-1062).
• Fix a bug that auxiliary_tenant_ids are not passed to ARM client options for cross-tenant authentication (GH-1046).
• Fix azapi_update_resource state migration missing replace_triggers_external_values field (GH-1071).
• Fix RequiresReplaceIfNotNull plan modifier not handling typed null from HCL conditional expressions (GH-1070).

v2.8.0

FEATURES:

• New Provider Function: snake2camel
• New Action: azapi_resource_action - Perform stateless actions on Azure resources that can be invoked via Terraform action triggers

ENHANCEMENTS:

• azapi_resource resource: Add support for identity-based import, enabling import via resource ID and type from list resource protocol.
• azapi_resource resource: Support listing resources via new ListResource protocol.
• azapi_resource resource: Support listing all resources in a resource group when type is omitted. Uses ARM API /subscriptions/{sub}/resourceGroups/{rg}/resources to enumerate all resources.
• azapi_resource resource: Refactor import logic to support identity block and multiple import scenarios (ID only, ID with API version, ID and type).
• azapi_data_plane_resource resource: Adds a customization layer which allows custom CRUD operations for resources that don't follow standard patterns.
• azapi_data_plane_resource resource: Support Microsoft.KeyVault/vaults/keys type.
• azapi_data_plane_resource resource: Support Microsoft.KeyVault/vaults/secrets type.
• azapi_data_plane_resource resource: Support Microsoft.Search/searchServices/datasources type.

... (truncated)

Changelog

Sourced from azure/azapi's changelog.

v2.10.0

ENHANCEMENTS:

• azapi provider: Preflight validation is now enabled on resource update operations (previously only on create) (GH-1112).
• azapi provider: Preflight validation now requires only read permission instead of write permission (GH-1112).
• Bump Go version to 1.25.8 (GH-1082).
• Bump terraform-plugin-framework from v1.16.1 to v1.19.0 (GH-1081).
• Add example for Microsoft.RedHatOpenShift/openShiftClusters (GH-1083).

BUG FIXES:

• Fix a panic when comparing a non-empty configured list with an empty remote list during no-op change detection (GH-1125).

v2.9.0

ENHANCEMENTS:

• azapi_update_resource resource: Support replace_triggers_external_values argument to trigger resource replacement based on external values.
• azapi_data_plane_resource resource: Support sensitive_body and sensitive_body_version fields, which are used to specify the write-only properties in the request body.
• azapi_resource_action resource: Support updating api-version without recreating the resource.
• azapi_resource_action Support ignore_not_found argument to optionally suppress 404 errors and expose resource existence.
• azapi_resource, azapi_update_resource resources: Support list_unique_id_property and ignore_other_items_in_list fields, which are used to manage list properties with unique identifiers (GH-1033).
• azapi provider: Add Azure Government support for KeyVault resource manager audience endpoint (GH-996).
• azapi_data_plane_resource resource: Support importing existing data plane resources via terraform import (GH-1053).
• azapi_data_plane_resource resource: Add support for Microsoft.Foundry/agents (AI Foundry assistants) with customization and resource management (GH-1053).
• parse_resource_id function: Add resource_group_id to the function output (GH-1065).
• Update bicep types to ms-henglu/bicep-types-az@5c7a4c2

BUG FIXES:

• Fix Missing Resource Identity After Update error for Terraform versions below 1.12 (GH-1023).
• azapi_resource_action: Fix inconsistent result error when updating query_parameters with when = "destroy" (GH-1028).
• azapi_resource resource: Fix embedded schema validation failure when the discriminator property is unknown (GH-1038).
• azapi_data_plane_resource resource: Fix a bug that 204 status code is not supported as a success response (GH-1055).
• Fix inconsistent result after apply when lastConnectivityTime field changes between create/update and read (GH-1062).
• Fix a bug that auxiliary_tenant_ids are not passed to ARM client options for cross-tenant authentication (GH-1046).
• Fix azapi_update_resource state migration missing replace_triggers_external_values field (GH-1071).
• Fix RequiresReplaceIfNotNull plan modifier not handling typed null from HCL conditional expressions (GH-1070).

v2.8.0

FEATURES:

• New Provider Function: snake2camel
• New Action: azapi_resource_action - Perform stateless actions on Azure resources that can be invoked via Terraform action triggers

ENHANCEMENTS:

• azapi_resource resource: Add support for identity-based import, enabling import via resource ID and type from list resource protocol.

... (truncated)

Commits

• 2ac202c Fix UpdateObject empty array handling (#1125)
• 892dd17 Upgrade tffwdocs to v0.3.0 and adjust the document sources accordingly (#1124)
• 5236c51 changelog: fill v2.10.0 and fix all markdownlint violations (#1123)
• 399619c Bump github.com/go-git/go-git/v5 in the gomod-dependencies group (#1114)
• 784a31d acctest & nightly pipeline improvement and simplification (#1113)
• bf552c3 preflight: enabled on update & require read instead of write permission (#1112)
• c25faaf Bump the gomod-dependencies group across 1 directory with 5 updates (#1108)
• 47dc72b Auto trigger acctests and acceptance tests fix (#1103)
• 37686df Fix dependabot.yml syntax error (#1100)
• e14fdaf Bump google.golang.org/grpc from v1.79.2 to v1.79.3 plus other direct deps an...
• Additional commits viewable in compare view

Updates azure/modtm from 0.3.5 to 0.4.0

Release notes

Sourced from azure/modtm's releases.

v0.4.0

What's Changed

• add acceptance test with real avm modules by @​lonegunmanb in Azure/terraform-provider-modtm#64
• Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @​dependabot[bot] in Azure/terraform-provider-modtm#54
• Bump github.com/hashicorp/terraform-plugin-testing from 1.7.0 to 1.11.0 by @​lonegunmanb in Azure/terraform-provider-modtm#66
• Bump github.com/hashicorp/terraform-plugin-framework-validators by @​lonegunmanb in Azure/terraform-provider-modtm#67
• Bump github.com/hashicorp/terraform-plugin-docs from 0.18.0 to 0.21.0 by @​lonegunmanb in Azure/terraform-provider-modtm#68
• add coverage bar by @​lonegunmanb in Azure/terraform-provider-modtm#71
• Bump golang.org/x/net from 0.35.0 to 0.36.0 by @​lonegunmanb in Azure/terraform-provider-modtm#73
• Bump github.com/hashicorp/terraform-plugin-framework by @​lonegunmanb in Azure/terraform-provider-modtm#74
• Bump github.com/Shopify/toxiproxy/v2 from 2.8.0 to 2.11.0 by @​lonegunmanb in Azure/terraform-provider-modtm#75
• Bump github.com/Shopify/toxiproxy/v2 from 2.11.0 to 2.12.0 by @​lonegunmanb in Azure/terraform-provider-modtm#77
• Bump github.com/hashicorp/terraform-plugin-testing from 1.11.0 to 1.12.0 by @​lonegunmanb in Azure/terraform-provider-modtm#80
• bump dep by @​lonegunmanb in Azure/terraform-provider-modtm#88
• include terraform 1.12.* in test by @​lonegunmanb in Azure/terraform-provider-modtm#89
• Bump github.com/hashicorp/terraform-plugin-testing from 1.13.1 to 1.13.2 by @​lonegunmanb in Azure/terraform-provider-modtm#91
• fix broken module script by @​lonegunmanb in Azure/terraform-provider-modtm#102
• bump go dep, add terraform 1.13 into test matrix by @​lonegunmanb in Azure/terraform-provider-modtm#103
• Replace blob storage endpoint with direct URL and add 301 redirect support by @​lonegunmanb in Azure/terraform-provider-modtm#106
• Use miniblue for module acceptance tests without Azure credentials by @​lonegunmanb in Azure/terraform-provider-modtm#112
• Remove module-test id-token permission and bump Terraform plugin deps by @​lonegunmanb in Azure/terraform-provider-modtm#113
• Bump github.com/hashicorp/terraform-plugin-testing from 1.14.0 to 1.16.0 by @​dependabot[bot] in Azure/terraform-provider-modtm#108
• Align Azure DevOps GoTool version with go.mod by @​lonegunmanb in Azure/terraform-provider-modtm#114
• Add ESRP variable group to Azure DevOps release pipeline by @​lonegunmanb in Azure/terraform-provider-modtm#115

Full Changelog: Azure/terraform-provider-modtm@v0.3.5...v0.4.0

Commits

• 1fe2fcd Add ESRP variable group to Azure DevOps pipeline
• 37ddfe2 Align Azure DevOps GoTool version with go.mod
• 3147356 Bump github.com/hashicorp/terraform-plugin-testing from 1.14.0 to 1.16.0
• d876356 Restore Go requirement and upgrade gosec action
• 76980e6 Lower go directive to 1.25.0 for CI compatibility
• 8f2dbf5 Remove module-test environment gate
• 19d5ffa Remove module-test OIDC permission and bump Terraform plugin deps
• 3441b02 Use miniblue for module acceptance tests
• 73bd0ab update endpoint
• 0f3adaf returm empty in max depth hit or timeout
• Additional commits viewable in compare view

Updates hashicorp/azurerm from 4.67.0 to 4.77.0

Release notes

Sourced from hashicorp/azurerm's releases.

v4.77.0

4.77.0 (June 11, 2026)

FEATURES:

• New List Resource: azurerm_key_vault (#32408)
• New List Resource: azurerm_web_pubsub_custom_domain (#32186)

ENHANCEMENTS:

• dependencies: go - update to 1.26.4 (#32539)
• dependencies: go-azure-sdk - update to v0.20260603.1074745 (#32503)
• Data Source: azurerm_storage_blob - the storage_account_name and storage_container_name properties have been deprecated in favour of the storage_container_id property (#32235)
• Data Source: azurerm_storage_table - the storage_account_name property has been deprecated in favour of the storage_account_id property (#32235)
• azurerm_machine_learning_workspace - add support for the storage_account_access_type property (#32514)
• azurerm_storage_blob - the storage_account_name and storage_container_name properties have been deprecated in favour of the storage_container_id property (#32235)
• azurerm_storage_container - the storage_account_name property has been deprecated in favour of the storage_account_id property (#32235)
• azurerm_storage_object_replication - add support for the metrics_enabled property (#32204)
• azurerm_storage_queue - the storage_account_name property has been deprecated in favour of the storage_account_id property (#32235)
• azurerm_storage_table - the storage_account_name property has been deprecated in favour of the storage_account_id property (#32235)

BUG FIXES:

• azurerm_mssql_managed_instance - fix an issue that caused an error when changing from a GP_* SKU to a BC_* SKU (#32560)
• azurerm_network_manager_deployment - add a custom poller to work around an API issue on creation (#32530)
• azurerm_recovery_services_vault_resource_guard_association - normalize resource_guard_id before persisting to state to work around an API issue (#32554)
• azurerm_subnet - fix an issue that incorrectly caused a validation error when increasing ip_address_pool.number_of_ip_addresses (#32500)
• azurerm_virtual_network - fix an issue that incorrectly caused a validation error when increasing ip_address_pool.number_of_ip_addresses (#32500)

v4.76.0

4.76.0 (June 04, 2026)

ENHANCEMENTS:

• Action: azurerm_virtual_machine_power - power_action now supports deallocate (#32492)
• azurerm_key_vault_key - add support for the release_policy block (#32478)

BUG FIXES:

• azurerm_federated_identity_credential - fix update logic, preventing import errors on updates (#32522)
• azurerm_netapp_account - the update function now uses the PUT operation to fix a removal issue with the active_directory property (#32494)
• azurerm_netapp_account - fix drift detection for the active_directory and identity properties (#32494)
• azurerm_netapp_volume_group_oracle - fix validation for the application_identifier property (#32499)
• azurerm_oracle_resource_anchor - fix validation for the name property to allow hyphens (#32481)

v4.75.0

4.75.0 (June 01, 2026)

FEATURES:

... (truncated)

Changelog

Sourced from

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[github-actions]

Terraform Validation Passed ✅

The Terraform provider update has been validated with:

• ✅ Terraform Init
• ✅ Terraform Format Check
• ✅ Terraform Validation
• ✅ TFLint Check
• ✅ Security Scanning

This PR can pass all the checks to be tested and then merged.

[ianjensenisme]

LGTM

[github-actions]

Terraform Validation Passed ✅

The Terraform provider update has been validated with:

• ✅ Terraform Init
• ✅ Terraform Format Check
• ✅ Terraform Validation
• ✅ TFLint Check
• ✅ Security Scanning

This PR can pass all the checks to be tested and then merged.