provider - change resource_provider_registrations default to none in v5.0 (hashicorp#31679)

Author: katbyte

internal/provider/framework/config.go

@@ -538,7 +538,7 @@ func (p *ProviderConfig) Load(ctx context.Context, data *ProviderModel, tfVersio
 
 	client.StopContext = ctx
 
-	resourceProviderRegistrationSet := getEnvStringOrDefault(data.ResourceProviderRegistrations, "ARM_RESOURCE_PROVIDER_REGISTRATIONS", resourceproviders.ProviderRegistrationsCore)
+	resourceProviderRegistrationSet := getEnvStringOrDefault(data.ResourceProviderRegistrations, "ARM_RESOURCE_PROVIDER_REGISTRATIONS", resourceproviders.ProviderRegistrationsNone)
 	if !providerfeatures.FivePointOh() {
 		resourceProviderRegistrationSet = getEnvStringOrDefault(data.ResourceProviderRegistrations, "ARM_RESOURCE_PROVIDER_REGISTRATIONS", resourceproviders.ProviderRegistrationsLegacy)
 	}

internal/provider/provider.go

@@ -17,6 +17,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/features"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/resourceproviders"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/sdk"
 	"github.com/hashicorp/terraform-provider-azurerm/utils"
@@ -339,7 +340,7 @@ func azureProvider(supportLegacyTestSuite bool) *schema.Provider {
 			"resource_provider_registrations": {
 				Type:        schema.TypeString,
 				Optional:    true,
-				DefaultFunc: schema.EnvDefaultFunc("ARM_RESOURCE_PROVIDER_REGISTRATIONS", resourceproviders.ProviderRegistrationsLegacy),
+				DefaultFunc: schema.EnvDefaultFunc("ARM_RESOURCE_PROVIDER_REGISTRATIONS", resourceproviders.ProviderRegistrationsNone),
 				Description: "The set of Resource Providers which should be automatically registered for the subscription.",
 				ValidateFunc: validation.StringInSlice([]string{
 					resourceproviders.ProviderRegistrationsCore,
@@ -383,6 +384,10 @@ func azureProvider(supportLegacyTestSuite bool) *schema.Provider {
 
 	p.ConfigureContextFunc = providerConfigure(p)
 
+	if !features.FivePointOh() {
+		p.Schema["resource_provider_registrations"].DefaultFunc = schema.EnvDefaultFunc("ARM_RESOURCE_PROVIDER_REGISTRATIONS", resourceproviders.ProviderRegistrationsLegacy)
+	}
+
 	return p
 }
 

website/docs/5.0-upgrade-guide.html.markdown

@@ -10,19 +10,83 @@ Azure Resource Manager: 5.0 Upgrade Guide
 
 ## Azure Provider Version 5.0
 
-TODO
+Version 5.0 of the Azure Provider is a major release that includes breaking changes and behavioural differences. This guide covers the most significant changes and explains how to upgrade from v4.x to v5.0.
 
 ### Pinning your Provider Version
 
-TODO
+We recommend pinning the version of each Provider you use in Terraform. You can do this using the `version` attribute within the `required_providers` block:
+
+```hcl
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "=5.0.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
+```
+
+More information on [how to pin the version of a Terraform Provider being used can be found on the Terraform Website](https://developer.hashicorp.com/terraform/language/providers/requirements#require-providers).
+
+---
 
 ## What's available in Version 5.0 of the Azure Provider?
 
+* [Resource Provider Registration Changes](#resource-provider-registration-changes)
 * [Removed Resources](#removed-resources)
 * [Removed Data Sources](#removed-data-sources)
 * [Breaking Changes in Resources](#breaking-changes-in-resources)
 * [Breaking Changes in Data Sources](#breaking-changes-in-data-sources)
 
+## Resource Provider Registration Changes
+
+In version 5.0, the default behaviour for Resource Provider registration has changed. The `resource_provider_registrations` property now defaults to `none` instead of `legacy`.
+
+### What this means
+
+Previously, the provider would automatically attempt to register a large set of Azure Resource Providers (~60 RPs) when initializing. This could:
+
+* Add delay to provider startup due to sequential RP registration checks
+* Cause permission errors for users with restricted access to their subscription
+* Register RPs that users may not need or want
+
+In v5.0, no Resource Providers are registered by default. This gives users full control over RP registration and avoids potential permission issues.
+
+### Registering specific Resource Providers
+
+The recommendation is to only register the specific Resource Providers that your configuration requires, using the `resource_providers_to_register` property:
+
+```hcl
+provider "azurerm" {
+  resource_providers_to_register = [
+    "Microsoft.Compute",
+    "Microsoft.Network",
+    "Microsoft.Storage",
+  ]
+
+  features {}
+}
+```
+### How to replicate the previous behaviour
+
+If you want to maintain the v4.x behaviour and automatically register the same set of Resource Providers as before, explicitly set `resource_provider_registrations` to the `legacy` resource provider set in your provider block:
+
+```hcl
+provider "azurerm" {
+  resource_provider_registrations = "legacy"
+  features {}
+}
+```
+
+For more information, see the [Resource Provider Registrations](index.html#resource-provider-registrations) section in the provider documentation.
+
+---
+
 
 ## Removed Resources
 

website/docs/index.html.markdown

@@ -197,11 +197,11 @@ For some advanced scenarios, such as where more granular permissions are necessa
 
 * `auxiliary_tenant_ids` - (Optional) Contains a list of (up to 3) other Tenant IDs used for cross-tenant and multi-tenancy scenarios with multiple AzureRM provider definitions. The list of `auxiliary_tenant_ids` in a given AzureRM provider definition contains the other, remote Tenants and should not include its own `subscription_id` (or `ARM_SUBSCRIPTION_ID` Environment Variable).
 
-* `resource_provider_registrations` - (Optional) Specifies a pre-determined set of [Azure Resource Providers](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types) to automatically register when initializing the AzureRM Provider. Allowed values for this property are `core`, `extended`, `all`, or `none`. This can also be sourced from the `ARM_RESOURCE_PROVIDER_REGISTRATIONS` environment variable. For more information about which resource providers each set contains, see the [Resource Provider Registrations](#resource-provider-registrations) section below.
+* `resource_provider_registrations` - (Optional) Specifies a pre-determined set of [Azure Resource Providers](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types) to automatically register when initializing the AzureRM Provider. Allowed values for this property are `core`, `extended`, `all`, `legacy`, or `none`. This can also be sourced from the `ARM_RESOURCE_PROVIDER_REGISTRATIONS` environment variable. For more information about which resource providers each set contains, see the [Resource Provider Registrations](#resource-provider-registrations) section below. Defaults to `legacy` in v4.x and `none` in v5.0+.
 
 * `resource_providers_to_register` - (Optional) A list of arbitrary [Azure Resource Providers](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types) to automatically register when initializing the AzureRM Provider. Can be used in combination with the `resource_provider_registrations` property. For more information, see the [Resource Provider Registrations](#resource-provider-registrations) section below.
 
--> **Note:** By default, Terraform will attempt to register any Resource Providers that it supports, even if they're not used in your configurations, to be able to display more helpful error messages. If you're running in an environment with restricted permissions, or wish to manage Resource Provider Registration outside of Terraform you may wish to disable this by setting `resource_provider_registrations` to `none`; however, please note that the error messages returned from Azure may be confusing as a result.
+-> **Note:** In version 5.0 and later, the default value for `resource_provider_registrations` is `none`, meaning no Resource Providers will be automatically registered. If you're upgrading from v4.x and want to maintain the previous behaviour, set `resource_provider_registrations = "legacy"` in your provider block. If you're running in an environment with restricted permissions, or wish to manage Resource Provider Registration outside of Terraform, `none` is the recommended setting.
 
 * `storage_use_azuread` - (Optional) Should the AzureRM Provider use AzureAD to connect to the Storage Blob & Queue APIs, rather than the SharedKey from the Storage Account? This can also be sourced from the `ARM_STORAGE_USE_AZUREAD` Environment Variable. Defaults to `false`.