Power Platform Provider
The Power Platform provider allows managing environments and other resources within Power Platform.
!> This code is experimental and provided solely for evaluation purposes. It is NOT intended for production use and may contain bugs, incomplete features, or other issues. Use at your own risk, as it may undergo significant changes without notice, and no guarantees or support are provided. By using this code, you acknowledge and agree to these conditions. Consult the documentation or contact the maintainer if you have questions or concerns.
Requirements
This provider requires Terraform >= 0.12. For more information on provider installation and constraining provider versions, see the Provider Requirements documentation.
Installation
To use this provider, add the following to your Terraform configuration:
terraform {
required_providers {
powerplatform = {
source = "microsoft/power-platform"
version = "~> 1.0" # Replace with the latest version
}
}
}
See the official Terraform documentation for more information about requiring providers.
Authenticating to Power Platform
Terraform supports a number of different methods for authenticating to Power Platform.
- Authenticating to Power Platform using the Azure CLI
- Authenticating to Power Platform using a Service Principal with OIDC
- Authenticating to Power Platform using a Service Principal and a Client Secret
We recommend using either a Service Principal when running Terraform non-interactively (such as when running Terraform in a CI server) - and authenticating using the Azure CLI when running Terraform locally.
Important Notes about Authenticating using the Azure CLI:
- Terraform only supports authenticating using the az CLI (and this must be available on your PATH) - authenticating using the older azure CLI or PowerShell Cmdlets are not supported.
- Authenticating via the Azure CLI is only supported when using a User Account. If you're using a Service Principal (for example via az login --service-principal) you should instead authenticate via the Service Principal directly (either using a Client Secret or OIDC).
Authenticating to Power Platform using the Azure CLI
The Power Platform provider can use the Azure CLI to authenticate to Power Platform services. If you have the Azure CLI installed, you can use it to log in to your Microsoft Entra Id account and the Power Platform provider will use the credentials from the Azure CLI.
Prerequisites
- Install the Azure CLI
- Create an app registration for the Power Platform Terraform Provider
- Login using the scope as the "expose API" you configured when creating the app registration
az login --allow-no-subscriptions --scope api://powerplatform_provider_terraform/.default
Configure the provider to use the Azure CLI with the following code:
provider "powerplatform" {
use_cli = true
}
Authenticating to Power Platform using a Service Principal with OIDC
The Power Platform provider can use a Service Principal with OpenID Connect (OIDC) to authenticate to Power Platform services. By using Microsoft Entra's workload identity federation your CI/CD pipelines in GitHub or Azure DevOps can access Power Platform resources without needing to manage secrets.
- Create an app registration for the Power Platform Terraform Provider
- Register your app registration with Power Platform
- Create a trust relationship between your CI/CD pipeline and the app registration
- Configure the provider to use OIDC with the following code:
provider "powerplatform" {
use_oidc = true
}
Additional Resources about OIDC: * OpenID Connect authentication with Microsoft Entra ID * Configuring OpenID Connect for GitHub and Microsoft Entra ID
Authenticating to Power Platform using a Service Principal and a Client Secret
The Power Platform provider can use a Service Principal with Client Secret to authenticate to Power Platform services.
- Create an app registration for the Power Platform Terraform Provider
- Register your app registration with Power Platform
- Configure the provider to use a Service Principal with a Client Secret with either environment variables or using Terraform variables
Using Environment Variables
We recomend using Environment Variables to pass the credentials to the provider.
Name | Description | Default Value |
---|---|---|
POWER_PLATFORM_CLIENT_ID |
The service principal client id | |
POWER_PLATFORM_CLIENT_SECRET |
The service principal secret | |
POWER_PLATFORM_TENANT_ID |
The guid of the tenant |
-> Variables passed into the provider will override the environment variables.
Using Terraform Variables
Alternatively, you can configure the provider using variables in your Terraform configuration which can be passed in via command line parameters, a *.tfvars
file, or environment variables. If you choose to use variables, please be sure to protect sensitive input variables so that you do not expose your credentials in your Terraform configuration.
provider "powerplatform" {
# Use a service principal to authenticate with the Power Platform service
client_id = var.client_id
client_secret = var.client_secret
tenant_id = var.tenant_id
}
Additional configuration
In addition to the authentication options, the following options are also supported in the provider block:
Name | Description | Default Value |
---|---|---|
telemetry_optout |
Opting out of telemetry will remove the hostheader from the requests made to the Power Platform service. There is no other telemetry data collected by the provider. This may affect the ability to identify and troubleshoot issues with the provider. | false |
Resources and Data Sources
Use the navigation to the left to read about the available resources and data sources.
!> By calling terraform destroy
all the resources, that you've created, will be deleted permamently deleted. Please be careful with this command when working with production environments. You can use prevent-destory lifecycle argument in your resources to prevent accidental deletion.
Examples
More detailed examples can be found in the Power Platform Terraform Quickstarts repo. This repo contains a number of examples for using the Power Platform provider to manage environments and other resources within Power Platform along with Azure and Entra.
Contributing
Contributions to this provider are always welcome! Please see the Contribution Guidelines