[CDS-112532] Azure connector support for terraform (#11488)

* [CDS-112532] Azure connector support for terraform

* update

* update

Author: vishal-av

docs/continuous-delivery/cd-infrastructure/terraform-infra/run-a-terraform-plan-with-the-terraform-apply-step.md

@@ -269,7 +269,13 @@ This allows you to specify a different workspace name each time the Pipeline is
 
 You can even set a Harness Trigger where you can set the workspace name used in **Workspace**.
 
-## AWS Connector Provider Credential Authentication for Terraform Plan and Apply Steps
+## Connector Credentials
+
+You can use a connector to authenticate with the target cloud provider. This is an optional configuration that takes the connector reference. The Terraform step uses this connector to authenticate with the cloud provider targeted for infrastructure provisioning.
+
+This connector configuration is available in the **Terraform Apply** step when the **Configuration Type** is set to **Inline**.
+
+### AWS Connector 
 
 :::note
 This feature requires Harness Delegate version 81202. This feature is available only to paid customers. Contact [Harness Support](mailto:[email protected]) to enable the feature.
@@ -281,6 +287,9 @@ By default, AWS assumes the role session duration as 900 seconds. To increase th
 
 When configured the optional configuration for AWS Connector these fields can be passed as a fixed value, runtime input, or an expression
 
+<details>
+<summary>Sample YAML</summary>
+
 ```YAML
 - step:
     type: TerraformApply
@@ -301,6 +310,7 @@ When configured the optional configuration for AWS Connector these fields can be
               roleArn: <+input>
     timeout: 10m
 ```
+</details>
 
 #### Terraform variable files
 
@@ -338,6 +348,49 @@ In **File Paths**, add one or more file paths from the root of the bucket to the
 
 Click **Submit**. The remote file(s) are added.
 
+### Azure Connector
+
+Harness Terraform steps now support authenticating with Azure using Azure connectors for target provisioning. This enables seamless integration with Azure infrastructure when running Terraform Plan, Apply, and Destroy steps with inline Terraform configuration.
+
+#### Key Features
+
+- **Azure Connector support:** Authenticate Terraform operations using Azure connectors configured in Harness.
+- **Authentication methods:** Manual credentials, Delegate-based credentials, OIDC token-based authentication are supported. Certificate-based authentication is **not supported** yet.
+- **Additional options:** Default configuration can be overridden with environment variables like ARM_TENANT_ID and ARM_MSI_ENDPOINT for advanced scenarios.
+
+For more information on how to setup an Azure connector, go to [Azure Connector Settings Reference](/docs/platform/connectors/cloud-providers/add-a-microsoft-azure-connector).
+
+#### YAML Configuration Example
+
+<details>
+<summary>Sample YAML</summary>
+
+```yaml
+- step:
+    type: TerraformPlan
+    name: TerraformPlan_1
+    identifier: TerraformPlan_1
+    spec:
+      provisionerIdentifier: planoidc
+      configuration:
+        command: Apply
+        configFiles:
+          store:
+            spec:
+              connectorRef: githubConnector
+              repoName: play
+              gitFetchType: Branch
+              branch: main
+              folderPath: tf/azure
+            type: Github
+        providerCredential:
+          type: Azure
+          spec:
+            connectorRef: AzureConnector
+            subscriptionId: 20xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+```
+</details>
+
 ## Backend configuration
 
 The **Backend Configuration** section contains the [remote state](https://www.terraform.io/docs/language/state/remote.html) values.

docs/continuous-delivery/cd-infrastructure/terraform-infra/run-a-terraform-plan-with-the-terraform-plan-step.md

@@ -272,20 +272,32 @@ This allows you to specify a different workspace name each time the Pipeline is
 
 You can even set a Harness Trigger where you can set the workspace name used in **Workspace**.
 
-## AWS Connector Provider Credential Authentication for Terraform Plan and Apply Steps
+## Connector Credentials
+
+You can use a connector to authenticate with the target cloud provider. This is an optional configuration that takes the connector reference. The Terraform step uses this connector to authenticate with the cloud provider targeted for infrastructure provisioning.
+
+This connector configuration is available in the **Terraform Plan** step. It also appears in the **Terraform Apply** and **Terraform Destroy** steps when the **Configuration Type** is set to **Inline**.
+
+<div align="center">
+  <DocImage path={require('./static/connector-credentials.png')} width="60%" height="60%" title="Click to view full size image" />
+</div>
+
+### AWS Connector 
 
 :::note
 This feature requires Harness Delegate version 81202. This feature is available only to paid customers. Contact [Harness Support](mailto:[email protected]) to enable the feature.
 :::
 
-
 You can use an AWS connector to have the Terraform Plan and Apply step assume a role to perform infrastructure provisioning. It's an optional configuration that takes the AWS connector, a region and Role ARN. The Terraform step uses these parameters to authenticate the AWS account targeted for infrastructure provisioning.
 
 By default, AWS assumes the role session duration as 900 seconds. To increase the AWS role session duration, a  built-in environment variable, `HARNESS_AWS_ASSUME_ROLE_DURATION` is introduced, which can be used to override the assume role session duration. `HARNESS_AWS_ASSUME_ROLE_DURATION` is designed for use in Terraform steps in the environment variable section. The value must be set in seconds. This new environment variable requires Harness Delegate version 82700.
 
-When configured the optional configuration for AWS Connector these fields can be passed as a fixed value, runtime input, or an expression
+When configured the optional configuration for AWS Connector these fields can be passed as a fixed value, runtime input, or an expression.
+
+<details>
+<summary>Sample YAML</summary>
 
-```YAML
+```yaml
 - step:
     type: TerraformApply
     name: Apply
@@ -305,6 +317,7 @@ When configured the optional configuration for AWS Connector these fields can be
               roleArn: <+input>
     timeout: 10m
 ```
+</details>
 
 #### Terraform variable files
 
@@ -325,6 +338,49 @@ See [Artifactory Connector Settings Reference](/docs/platform/connectors/cloud-p
 
 Click **Submit**. The remote file(s) are added.
 
+### Azure Connector
+
+Harness Terraform steps now support authenticating with Azure using Azure connectors for target provisioning. This enables seamless integration with Azure infrastructure when running Terraform Plan, Apply, and Destroy steps with inline Terraform configuration.
+
+#### Key Features
+
+- **Azure Connector support:** Authenticate Terraform operations using Azure connectors configured in Harness.
+- **Authentication methods:** Manual credentials, Delegate-based credentials, OIDC token-based authentication are supported. Certificate-based authentication is **not supported** yet.
+- **Additional options:** Default configuration can be overridden with environment variables like ARM_TENANT_ID and ARM_MSI_ENDPOINT for advanced scenarios.
+
+For more information on how to setup an Azure connector, go to [Azure Connector Settings Reference](/docs/platform/connectors/cloud-providers/add-a-microsoft-azure-connector).
+
+#### YAML Configuration Example
+
+<details>
+<summary>Sample YAML</summary>
+
+```yaml
+- step:
+    type: TerraformPlan
+    name: TerraformPlan_1
+    identifier: TerraformPlan_1
+    spec:
+      provisionerIdentifier: planoidc
+      configuration:
+        command: Apply
+        configFiles:
+          store:
+            spec:
+              connectorRef: githubConnector
+              repoName: play
+              gitFetchType: Branch
+              branch: main
+              folderPath: tf/azure
+            type: Github
+        providerCredential:
+          type: Azure
+          spec:
+            connectorRef: AzureConnector
+            subscriptionId: 20xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+```
+</details>
+
 ## Backend Configuration
 
 The **Backend Configuration** section contains the [remote state](https://www.terraform.io/docs/language/state/remote.html) values.