Provider Rendering
Specialized rendering for popular Terraform providers, automatically optimizing output for provider-specific resource types.
How Provider Rendering Works
tfplan2md automatically detects resource types and applies specialized built-in renderers when available.
Renderer Resolution
When rendering a resource change, tfplan2md follows this resolution order:
- Provider-specific renderer — e.g., AzureRM firewall or Azure DevOps build definition rendering
- Default renderer — Generic rendering for all resource types
This ensures specialized rendering is used when available, with graceful fallback to generic output.
Supported Providers
The following providers have specialized template support:
Azure (azurerm)
ImplementedComprehensive support for Azure resources with inline diffing, resource ID formatting, and role assignment enhancements.
Specialized Resources
- Firewall Application Rule Collections — FQDN and FQDN-tag aware tables for web access rules
- Firewall Network Rule Collections — Inline diff of rules (added/removed/unchanged)
- Network Security Groups — Rule-level diffing with priority awareness
- Role Assignments — Principal name mapping and readable scope display
Global Enhancements
- Resource ID Formatting — Long Azure IDs broken into readable scopes with subscription and resource-group context
- Parent-Child Grouping — Virtual networks, subnets, DNS records, routes, and NSG rules stay grouped together
- Semantic Icons — Visual indicators for IPs (🌐), ports (🔌), protocols (📨/🔗), principals (👤/👥/💻)
- Boolean Formatting — ✅/❌ for true/false values
Azure API (azapi)
ImplementedSpecialized support for Azure API resources with body-aware rendering, output value tables, and Azure REST documentation links.
Implemented Resources
- azapi_resource — Structured body rendering with semantic value formatting
- azapi_update_resource — Focused diffs for PATCH-style updates
- Output Values — Dedicated table for Azure API response fields separate from input body values
Global Enhancements
- Azure API Docs Links — Microsoft Learn REST API links for supported resource types
- Casing Noise Filter — Body-level Azure resource ID case-only changes filtered automatically
- Sensitive Handling — Known-after-apply and sensitive output values rendered safely
Azure DevOps
ImplementedStructured rendering for Azure DevOps variable groups and build definitions, with identity and repository mapping support.
Implemented Resources
- Variable Groups — Variable-level diffing with secret value protection
- Build Definitions — Structured tables for variables, triggers, repository settings, schedules, and jobs
Global Enhancements
- Principal Mapping — Azure DevOps users, groups, and projects resolved to display names
- Repository Mapping — Repository IDs render with mapped names and 🗃️ / ⎇ icons
- Outputs Support — Terraform outputs from Azure DevOps plans appear in the report output table
Status: Variable groups and build definitions are implemented and documented.
Azure AD (azuread)
ImplementedEnhanced support for Azure Active Directory resources with specialized rendering for Groups, Service Principals, Invitations, and App Roles.
Specialized Resources
- Groups — Member counts plus inline member tables with readable names
- Service Principals — App roles and OAuth2 permissions
- Invitations — Guest user invitation details
- Users — User profiles with attributes
Global Enhancements
- Principal Mapping — Resolves Object IDs to readable names in role assignments
- Group Hierarchies — Clear display of nested group memberships
- Application Integration — Links between applications and service principals
Microsoft Graph
PlannedPlanned support for Microsoft Graph resources including users, groups, and policies.
Planned Resources
- Users and user settings
- Groups and group settings
- Policies and policy assignments
Status: In planning phase. Contributions welcome!
Your Provider
We Need You!Need support for a different Terraform provider? We'd love to hear from you!
How to Help
- Request a provider — Open an issue describing which provider you need
- Contribute renderers — Submit provider-specific rendering improvements for your use case
- Share examples — Help us understand which resources need specialized rendering
Community-driven: Provider support grows based on user needs. Your input helps prioritize development!
What Specialized Rendering Adds
The built-in renderers focus on turning provider-specific nested data into reviewable markdown.
Examples
- AzureRM firewall and NSG rules render as semantic rule tables instead of raw index diffs
- Azure DevOps variable groups and build definitions expose metadata without leaking secrets
- Azure AD and AzureRM parent-child resources stay grouped with inline child tables
- AzAPI resources separate configured body values from API output values
For the current built-in rendering model, see Built-In Templates and Rendering.
Contributing Provider Support
We welcome contributions of new provider-specific renderers and examples.
Good Candidates for Templates
- Resources with complex nested structures (rules, policies, configurations)
- Resources where index-based diffs are confusing
- Resources with long IDs or references that need formatting
- Resources where semantic comparison adds value (e.g., firewall rules)
Contribution Process
- Identify — Find a resource that could benefit from specialized rendering
- Design — Define the renderer behavior and the view model shape that improves readability
- Test — Ensure it works with all actions (create, update, replace, delete)
- Document — Explain what improvements the template provides
- Submit — Follow the contribution guidelines
Template Design Guidelines
- Focus on showing what changed, not just the new state
- Use inline diffing when appropriate (added/removed/unchanged)
- Format complex values for readability (tables, lists, collapsible sections)
- Add visual icons for common value types (IPs, ports, protocols)
- Keep output concise; use collapsible sections for details
- Test with real-world Terraform plans