Add blog post about ASO v2.17 features

jakjang · web-flow · commit f64fc43f8bc7 · 2025-12-09T17:50:16.000-08:00
This blog post discusses the upcoming features in ASO v2.17, including improved error handling for undeletable resources and the ability to specify role assignments using well-known names.
diff --git a/docs/hugo/content/blogs/v2.17-features-with-bevan.md b/docs/hugo/content/blogs/v2.17-features-with-bevan.md
@@ -0,0 +1,77 @@
+---
+title: "Developer Talks - 2.17 Features with Bevan"
+date: 2025-12-19
+draft: false
+description: "Bevan goes over some of the features that are coming out in ASO v2.17, and why they're exciting!"
+---
+
+With the release of ASO v2.17 coming soon, this felt like a great time to go behind the curtain and get a better idea of what us devs have been working on, and why they're excited for certain features to land.
+
+With 2.17, two exciting features that are landing revolve around quality. Along with the other features, we hope that they will make using ASO that much smoother for our users.
+
+## Improved error handling for resources that can't be deleted
+
+PR [#4987](https://github.com/Azure/azure-service-operator/pull/4987) landing in v2.17 helps with error handling for Azure resources that can not be deleted directly. Azure hosts a number of resource types that can not be deleted directly; instead, you would have to delete their parents.
+
+If a user does attempt to delete one of these resources directly, they'll be met with a number of noisy errors that will populate in their logs.
+
+A snippet of such an error would look like would look is below:
+
+```go
+test_logger.go:160: [2024-04-28T22:19:01Z] SqlDatabaseThroughputSettingController 
+    "msg"="Error during Delete" 
+    "err"="deleting resource "/subscriptions/<sub_id>/resourceGroups/<rg_name>/providers/Microsoft.DocumentDB/databaseAccounts/sample-sqldb-account/sqlDatabases/sample-sql-db/throughputSettings/default": DELETE https://management.azure.com/subscriptions/<sub_id>/resourceGroups/<rg_name>/providers/Microsoft.DocumentDB/databaseAccounts/sample-sqldb-account/sqlDatabases/sample-sql-db/throughputSettings/default
+    --------------------------------------------------------------------------------
+    RESPONSE 405: 405 Method Not Allowed
+    ERROR CODE: MethodNotAllowed
+    --------------------------------------------------------------------------------
+    {
+      "code": "MethodNotAllowed",
+      "message": "Message: The requested verb is not supported."
+    }
+    --------------------------------------------------------------------------------
+    " name="sample-sql-throughput" 
+    namespace="aso-test-samples-creationanddeletion-test-sqldatabase-v1a-7e1fc" 
+    azureName="default" 
+    action="BeginDelete"
+```
+
+With this new enhancement, the workflow in ASO is enhanced to detect when a resource can not be deleted directly, return a more informative error message than what you would see previously, and provides details on how to unblock the resource deletion.
+
+## Allowing specification of role assignments by using well-known names
+
+[This feature](https://github.com/Azure/azure-service-operator/pull/4923) builds upon the support of well-known names added in [#4922](https://github.com/Azure/azure-service-operator/pull/4922) and allows users to specify RoleAssignments using the well-known name of a [built-in RoleDefinition](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles) instead of the full ARM ID.
+
+Before this change if I wanted to assign the "Contributor" role, it would require something like this:
+
+```yaml
+apiVersion: authorization.azure.com/v1api20200801preview
+kind: RoleAssignment
+metadata:
+  name: aso-sample-contributor
+  namespace: default
+spec:
+  ...
+  roleDefinitionReference:
+    armId: /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c
+```
+
+Now, with this change, I'd be able to utilize the well known name instead of the full `armId`:
+
+```yaml
+apiVersion: authorization.azure.com/v1api20200801preview
+kind: RoleAssignment
+metadata:
+  name: aso-sample-contributor
+  namespace: default
+spec:
+  ...
+  roleDefinitionReference:
+    armName: Contributor
+```
+
+## v2.17 Release
+
+v2.17 introduces these features and more, as we continually strive to make ASO work better for our users! 
+
+While the release is already set, if you have an enhancement you would like to see to ASO, please [submit an issue](https://github.com/Azure/azure-service-operator/issues) or visit the [contributing guide](https://azure.github.io/azure-service-operator/contributing/). The fix might end up in a subsequent version!
