BUG using Azapi_resource for logic_app authsettingsv2

[JorgeFreitas5]

I am updating my logic_app code with azapi_resource in order to add identity provider and authentication_settings.
Everything went well until when I try to run the tf apply.

My code:

resource "azapi_resource" "logic_app_auth_setting" {

  name = "authsettingsV2"
  parent_id = example.logicapp.id
  location = "northeurope"
  schema_validation_enabled = false
  body = {
    kind = "string"
    name = "authsettingsV2"
    properties = {
      globalValidation = {
        requireAuthentication = true
        unauthenticatedClientAction = "Return401"
      }
      identityProviders = {
        azureActiveDirectory = {
          enabled = true
          registration = {
            clientId     = "example_client_id"           
            openIdIssuer = "https://sts.windows.net/example/v2.0" 
          }
          validation = {
            defaultAuthorizationPolicy = {
              allowedApplications = ["random_application"]
            }
          }
        }
      }
      login = {
        tokenStore = {
          enabled = true
        }
      }
      platform = {
        enabled        = true
        runtimeVersion = "~1"
      }
    }
  }
}

As you can see here I am using schema_validation_enabled = false because if the terraform does the validation we receive this error:

What I think is happening is the first location outside body is interfering somehow with the body validation returning that error.
I already tried to remove the location in order to test if the validation is correct but it tries to replace the config what is impossible to be destroyed

[ms-henglu]

Hi @JorgeFreitas5 ,

Thank you for taking time to report this issue.

The "Microsoft.Web/sites/config@2022-09-01" API doesn't support GET and DELETE methods, so it can't work well with the azapi_resource. Here's a workaround, hope it could help you.

https://github.com/Azure/terraform-provider-azapi/blob/main/examples/Microsoft.Web_sites_config%402022-09-01/main.tf#L95