azapi provider sends invalid ‘identity’ field for resourceGroups #110
Description
When using the resources.azapi.upbound.io/v1beta1 Resource to create a Microsoft.Resources/resourceGroups@2024-07-01 resource, adding an identity field under forProvider causes the request to fail with a 400 Bad Request.
The provider appears to inject the identity block into the request payload even though resource groups in Azure do not support identity. This leads to a deserialization failure from Azure.
steps to reproduce
apiVersion: resources.azapi.upbound.io/v1beta1
kind: Resource
metadata:
name: azapiresourcegroup
spec:
providerConfigRef:
name: default
forProvider:
type: "Microsoft.Resources/resourceGroups@2024-07-01"
parentId: "/subscriptions/<subscription-id>/"
location: "westeurope"
name: "rg-crossplane-with-vimal"
schemaValidationEnabled: false
identity:
- type: <UserAssigned/SystemAssigned>
body: |-
{
"properties": {}
}
Expected Behavior
• The identity field should not be included in the request payload to Azure for resource types that do not support it (like resourceGroups).
• The resource should be created successfully.
The API call fails with :
Suggested Fix
The provider should validate or omit the identity field when the target resource type does not support it (e.g., Microsoft.Resources/resourceGroups).
for example :
identity:
- type: "None"