Skip to content

Fix SecurityInsights Swagger breaking-change compatibility regressions#43548

Open
AdiMegid wants to merge 39 commits into
mainfrom
securityinsights-add-versions
Open

Fix SecurityInsights Swagger breaking-change compatibility regressions#43548
AdiMegid wants to merge 39 commits into
mainfrom
securityinsights-add-versions

Conversation

@AdiMegid

@AdiMegid AdiMegid commented May 27, 2026

Copy link
Copy Markdown
Member

ARM (Control Plane) API Specification Update Pull Request

Tip

Overwhelmed by all this guidance? See the Getting help section at the bottom of this PR description.

PR review workflow diagram

Please understand this diagram before proceeding. It explains how to get your PR approved & merged.

spec_pr_review_workflow_diagram

Purpose of this PR

What's the purpose of this PR? Check the specific option that applies. This is mandatory!

  • New resource provider.
  • New API version for an existing resource provider. (If API spec is not defined in TypeSpec, the PR should have been created in adherence to OpenAPI specs PR creation guidance).
  • Update existing version for a new feature. (This is applicable only when you are revising a private preview API version.)
  • Update existing version to fix OpenAPI spec quality issues in S360.
  • Convert existing OpenAPI spec to TypeSpec spec (do not combine this with implementing changes for a new API version).
  • Other, please clarify:
    • Fix the failing Swagger BreakingChange - Analyze Code job for Microsoft.SecurityInsights by restoring schema compatibility in the generated ARM OpenAPI for stable/2025-09-01 and preview/2025-10-01-preview.

Due diligence checklist

To merge this PR, you must go through the following checklist and confirm you understood
and followed the instructions by checking all the boxes:

  • I confirm this PR is modifying Azure Resource Manager (ARM) related specifications, and not data plane related specifications.
  • I have reviewed following Resource Provider guidelines, including
    ARM resource provider contract and
    REST guidelines (estimated time: 4 hours).
    I understand this is required before I can proceed to the diagram Step 2, "ARM API changes review", for this PR.
  • A release plan has been created. If not, please create one as it will help guide you through the REST API and SDK creation process.

Additional information

This PR updates the SecurityInsights TypeSpec source and regenerated OpenAPI to remove breaking-change regressions introduced by the generated swagger shape.

Implemented fixes include:

  • restoring DataConnectorDefinitionArmCollectionWrapper compatibility so value is no longer newly required
  • restoring the named AvailabilityStatus schema reference for connector availability
  • making InstructionStepDetails.parameters an explicit object again
  • inlining Operation.display to match the previous stable contract

Validation performed:

  • npm exec -- tsp compile specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/main.tsp
  • npm exec --no -- openapi-diff-runner ... with errorCnt: 0 and oadViolationsCnt: 0
Viewing API changes

For convenient view of the API changes made by this PR, refer to the URLs provided in the table
in the Generated ApiView comment added to this PR. You can use ApiView to show API versions diff.

Suppressing failures

If one or multiple validation error/warning suppression(s) is detected in your PR, please follow the
suppressions guide to get approval.

Getting help

  • First, please carefully read through this PR description, from top to bottom. Please fill out the Purpose of this PR and Due diligence checklist.
  • If you don't have permissions to remove or add labels to the PR, request write access per aka.ms/azsdk/access#request-access-to-rest-api-or-sdk-repositories
  • To understand what you must do next to merge this PR, see the Next Steps to Merge comment. It will appear within few minutes of submitting this PR and will continue to be up-to-date with current PR state.
  • For guidance on fixing this PR CI check failures, see the hyperlinks provided in given failure
    and https://aka.ms/ci-fix.
  • For help with ARM review (PR workflow diagram Step 2), see https://aka.ms/azsdk/pr-arm-review.
  • If the PR CI checks appear to be stuck in queued state, please add a comment with contents /azp run.
    This should result in a new comment denoting a PR validation pipeline has started and the checks should be updated after few minutes.
  • If the help provided by the previous points is not enough, post to https://aka.ms/azsdk/support/specreview-channel and link to this PR.
  • For guidance on SDK breaking change review, refer to https://aka.ms/ci-fix.

@github-actions

github-actions Bot commented May 27, 2026

Copy link
Copy Markdown

Next Steps to Merge

Next steps that must be taken to merge this PR:
  • ❌ This PR is in purview of the ARM review (label: ARMReview). This PR must get ARMSignedOff label from an ARM reviewer.
    This PR is not ready for ARM review (label: NotReadyForARMReview). This PR will not be reviewed by ARM until relevant problems are fixed. Consult the rest of this Next Steps to Merge comment for details.
    Once the blocking problems are addressed, add to the PR a comment with contents /azp run. Automation will re-evaluate this PR and if everything looks good, it will add WaitForARMFeedback label which will put this PR on the ARM review queue.
    For details of the ARM review, see aka.ms/azsdk/pr-arm-review
  • ❌ This PR is NotReadyForARMReview because it has the BreakingChangeReviewRequired label.
  • ❌ This PR has at least one breaking change (label: BreakingChangeReviewRequired).
    To unblock this PR, follow the process at aka.ms/brch.
  • ❌ The required check named Swagger BreakingChange has failed. To unblock this PR, follow the process at aka.ms/brch.


Comment generated by summarize-checks workflow run.

@github-actions github-actions Bot added ARMReview resource-manager TypeSpec Authored with TypeSpec WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required ARMAutoSignedOff-Trivial ARMSignedOff <valid label in PR review process>add this label when ARM approve updates after review and removed WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required labels May 27, 2026
@github-actions github-actions Bot added new-api-version WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required and removed ARMAutoSignedOff-Trivial ARMSignedOff <valid label in PR review process>add this label when ARM approve updates after review labels Jun 3, 2026
@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown

API Change Check

APIView identified API level changes in this PR and created the following API reviews

Language API Review for Package
Swagger Microsoft.SecurityInsights-SecurityInsights
TypeSpec Microsoft.SecurityInsights
Go sdk/resourcemanager/securityinsights/armsecurityinsights
JavaScript @azure/arm-securityinsight
Java com.azure.resourcemanager:azure-resourcemanager-securityinsights
Python azure-mgmt-securityinsight
C# Azure.ResourceManager.SecurityInsights

Comment generated by After APIView workflow run.

@github-actions github-actions Bot added the BreakingChangeReviewRequired <valid label in PR review process>add this label when breaking change review is required label Jun 3, 2026
@AdiMegid AdiMegid added NotReadyForReview <valid label in PR review process>It is in draft for swagger or not swagger PR and removed BreakingChangeReviewRequired <valid label in PR review process>add this label when breaking change review is required WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required labels Jun 3, 2026
@github-actions github-actions Bot added the WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required label Jun 3, 2026
@AdiMegid AdiMegid added PublishToCustomers Acknowledgement the changes will be published to Azure customers. and removed WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required labels Jun 3, 2026
@github-actions github-actions Bot added the WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required label Jun 3, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are many cases like this. Please check.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pshao25
Same pattern three distinct ProvisioningState enums in the old swagger with different value sets:

  • Watchlist.provisioningState - x-ms-enum.name: "ProvisioningState" with values New, InProgress, Uploading, Deleting, Succeeded, Failed, Canceled - defined in Watchlists.json (stable + preview)
  • TriggeredAnalyticsRuleRun.provisioningState - x-ms-enum.name: "ProvisioningState" with values Accepted, InProgress, Succeeded, Failed, Canceled - defined in TriggeredAnalyticsRuleRuns.json (preview-only)
  • WorkspaceManagerAssignment.lastJobProvisioningState - x-ms-enum.name: "provisioningState" with values Succeeded, InProgress, Canceled, Failed - defined inline in WorkspaceManagerAssignments.json (preview-only) - (change to JobProvisioningState)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need this change?

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the incident task list is not supporting all requirement that Azure.Core.Page has, for example it marks the "value" as required whereas it wasn't like that in the previous version

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we add finalresult to a delete operation?

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an async operation same as we have with createOrReplace few lines above
We did the change because the RetryAfterHeaders is not supported in the BE for this operation

@guywilfshukrun

Copy link
Copy Markdown
Member

/azp run

@azure-pipelines

Copy link
Copy Markdown
You have several pipelines (over 10) configured to build pull requests in this repository. Specify which pipelines you would like to run by using /azp run [pipelines] command. You can specify multiple pipelines using a comma separated list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ARMReview BreakingChangeReviewRequired <valid label in PR review process>add this label when breaking change review is required new-api-version NotReadyForARMReview PublishToCustomers Acknowledgement the changes will be published to Azure customers. resource-manager TypeSpec Authored with TypeSpec

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants