When attempting to update powerplatform_environment_settings to configure product.features (such as enable_powerapps_maker_bot) on a Standard (Non-Managed) Environment, the apply fails with a fatal 0x190 error: Cannot update IPFirewall Settings as it is a non-managed environment.
This occurs even if the security block is entirely omitted, explicitly set to null, or added to ignore_changes. The provider appears to be serializing and sending empty premium/security objects in the underlying JSON payload. The Power Platform API catches this payload and immediately rejects the request because the environment is not a Managed Environment, blocking all other valid updates.
Sample Terraform Code
resource "powerplatform_environment_settings" "example" {
environment_id = "00000000-0000-0000-0000-000000000000"
audit_and_logs = {
audit_settings = {
is_audit_enabled = true
is_read_audit_enabled = true
is_user_access_audit_enabled = true
log_retention_period_in_days = 31
}
plugin_trace_log_setting = "Off"
}
product = {
features = {
enable_powerapps_maker_bot = true
}
behavior_settings = {
show_dashboard_cards_in_expanded_state = true
}
# Attempting to explicitly omit or nullify security still triggers the 0x190 error
security = null
}
lifecycle {
ignore_changes = [
product.security
]
}
}Expected behavior
The provider should process updates to the product.features and product.behavior_settings blocks without implicitly sending Managed Environment security/IPFirewall payloads that trigger the API rejection. Updates to a Standard Environment should succeed without triggering a Managed Environment firewall check.
System Information
- Provider Version: 3.9.1 (also impacts v4.x)
- OS & Version: MacOS (darwin_arm64)
- Terraform Version: v1.14.8
Additional context
- The provider currently lacks a mechanism to prevent these Managed-only payload keys from being submitted against Standard environments, forcing users to either purchase Managed Environment licenses or drop the Terraform resource entirely.
When attempting to update
powerplatform_environment_settingsto configureproduct.features(such asenable_powerapps_maker_bot) on a Standard (Non-Managed) Environment, the apply fails with a fatal0x190error:Cannot update IPFirewall Settings as it is a non-managed environment.This occurs even if the
securityblock is entirely omitted, explicitly set tonull, or added toignore_changes. The provider appears to be serializing and sending empty premium/security objects in the underlying JSON payload. The Power Platform API catches this payload and immediately rejects the request because the environment is not a Managed Environment, blocking all other valid updates.Sample Terraform Code
Expected behavior
The provider should process updates to the
product.featuresandproduct.behavior_settingsblocks without implicitly sending Managed Environmentsecurity/IPFirewall payloads that trigger the API rejection. Updates to a Standard Environment should succeed without triggering a Managed Environment firewall check.System Information
Additional context