One immediate error I get is the following:

│ ERROR: Please run ‘az login’ to setup account.
│
│ with provider[“Terraform Registry”],
│ on cdk.tf.json line 16, in provider.azurerm[0]:
│ 16: }

cdk.tf.json contains the following:

  "provider": {
    "azurerm": [
      {
        "features": {
        }
      }
    ]
  }

Any help is appreciated!

Since everything the provider does involves reading or writing via the Azure API, how could it do anything useful without logging in?

A mock plan would have been nice, just to get an impression of what might get planned

Oh right, I see - a comparison between new Terraform source files and pre-existing Terraform state. Yes, that theoretically ought to be possible without talking to the API.

Are you using the -refresh=false flag? Without that, Terraform will attempt to check its state is accurate even when just doing a plan.

Even with that, it’s possible the provider is being overly up-front in its validation and it will still fail. (I don’t use Azure, so I can’t easily check.) If that’s the case, it’s possible figuring out some dummy configuration good enough to placate the validation might be successful.

I tried using the -refresh=false flag, sadly, that did not fix it. Could you elaborate a bit more regarding the dummy configuration? I’m not that familiar with Terraform… yet

I’m not really familiar with Azure, myself

I had speculated that it might be enough to fill in some placeholder credentials, that wouldn’t actually be used.

However, playing around with terraform-provider-azurerm a bit, it appears it absolutely insists on contacting the Azure API even to plan a simple addition of a single resource.

So, I guess, with the way the provider is written, what you’re looking for isn’t possible.