Skip to content

⭐ Azure: Add 79 new fields in 17 resources#6627

Merged
tas50 merged 5 commits intomainfrom
tas50/more_azure
Feb 19, 2026
Merged

⭐ Azure: Add 79 new fields in 17 resources#6627
tas50 merged 5 commits intomainfrom
tas50/more_azure

Conversation

@tas50
Copy link
Copy Markdown
Member

@tas50 tas50 commented Feb 14, 2026
edited
Loading

Extend existing Azure resources with additional fields that surface important security and configuration properties directly, without requiring users to dig into the raw properties dict.

azure.subscription.computeService.disk

  • networkAccessPolicy - Disk network access policy (AllowAll, AllowPrivate, DenyAll)
  • publicNetworkAccess - Whether public network access is enabled for the disk

azure.subscription.networkService.subnet

  • privateEndpointNetworkPolicies - Whether network policies are applied to private endpoints in the subnet
  • privateLinkServiceNetworkPolicies - Whether network policies are applied to private link services in the subnet
  • defaultOutboundAccess - Whether default outbound access is enabled for VMs in the subnet

azure.subscription.networkService.frontendIpConfig

  • isPublic - Whether this frontend IP configuration uses a public IP address
  • publicIpAddressId - Resource ID of the associated public IP address (empty if private)
  • privateIpAddress - Private IP address (empty if public)

azure.subscription.networkService.interface

  • enableIPForwarding - Whether IP forwarding is enabled on the network interface
  • enableAcceleratedNetworking - Whether accelerated networking is enabled on the network interface
  • primary - Whether this is a primary network interface on a VM

azure.subscription.networkService.securityrule

  • protocol - Security rule protocol (Tcp, Udp, Icmp, Esp, Ah, or *)
  • access - Security rule access (Allow or Deny)
  • priority - Security rule priority (100-4096, lower is higher priority)
  • sourcePortRange - Security rule source port range
  • sourceAddressPrefix - Security rule source address prefix (CIDR or *)
  • destinationAddressPrefix - Security rule destination address prefix (CIDR or *)
  • description - Security rule description

azure.subscription.storageService.account

  • minimumTlsVersion - Minimum TLS version enforced on the storage account
  • allowBlobPublicAccess - Whether blob containers can be configured for public access
  • enableHttpsTrafficOnly - Whether only HTTPS traffic is allowed
  • publicNetworkAccess - Whether public network access is allowed
  • allowSharedKeyAccess - Whether shared key access is allowed
  • allowCrossTenantReplication - Whether cross-tenant replication is allowed
  • isLocalUserEnabled - Whether local user accounts are enabled for SFTP/SSH
  • isSftpEnabled - Whether SFTP is enabled
  • isHnsEnabled - Whether hierarchical namespace (Data Lake Storage) is enabled
  • networkRuleDefaultAction - Default action for network rule set (Allow or Deny)
  • networkRuleBypass - Services that bypass the network rules (e.g. AzureServices, Logging, Metrics)
  • networkRuleIpRanges - IP address or CIDR ranges allowed by network rules
  • networkRuleVirtualNetworkSubnetIds - Virtual network subnet resource IDs allowed by network rules

azure.subscription.webService.appsite

  • httpsOnly - Whether the app requires HTTPS only
  • clientCertEnabled - Whether client certificate authentication is enabled
  • clientCertMode - Client certificate mode (Required, Optional, OptionalInteractiveUser)
  • enabled - Whether the app is enabled
  • state - Current state of the app

azure.subscription.webService.appsiteconfig

  • minTlsVersion - Minimum TLS version for the site (1.0, 1.1, 1.2)
  • ftpsState - FTP state for the site (AllAllowed, FtpsOnly, Disabled)
  • remoteDebuggingEnabled - Whether remote debugging is enabled
  • http20Enabled - Whether HTTP 2.0 is enabled
  • alwaysOn - Whether the app should always be loaded

azure.subscription.sqlService.server

  • minimalTlsVersion - SQL Database server minimum TLS version
  • publicNetworkAccess - Whether public network access is enabled
  • restrictOutboundNetworkAccess - Whether outbound network access is restricted
  • version - SQL server version
  • state - SQL server state
  • fullyQualifiedDomainName - SQL server fully qualified domain name

azure.subscription.postgreSqlService.flexibleServer

  • version - PostgreSQL flexible server engine version

azure.subscription.postgreSqlService.server

  • sslEnforcement - Whether SSL enforcement is enabled
  • minimalTlsVersion - Minimum TLS version enforced on the server
  • publicNetworkAccess - Whether public network access is enabled
  • infrastructureEncryption - Whether infrastructure encryption is enabled (double encryption)
  • version - PostgreSQL server engine version

azure.subscription.mySqlService.server

  • sslEnforcement - Whether SSL enforcement is enabled
  • minimalTlsVersion - Minimum TLS version enforced on the server
  • publicNetworkAccess - Whether public network access is enabled
  • infrastructureEncryption - Whether infrastructure encryption is enabled (double encryption)
  • version - MySQL server engine version

azure.subscription.mySqlService.flexibleServer

  • version - MySQL flexible server engine version

azure.subscription.cosmosDbService.account

  • publicNetworkAccess - Whether public network access is enabled
  • disableLocalAuth - Whether local authentication is disabled (requires Entra ID)
  • isVirtualNetworkFilterEnabled - Whether virtual network filtering is enabled
  • disableKeyBasedMetadataWriteAccess - Whether key-based metadata write access is disabled
  • enableAutomaticFailover - Whether automatic failover is enabled
  • enableMultipleWriteLocations - Whether multi-region write is enabled
  • ipRangeFilter - IP address or CIDR ranges allowed by IP firewall rules

azure.subscription.keyVaultService.vault

  • enableSoftDelete - Whether soft delete is enabled
  • enablePurgeProtection - Whether purge protection is enabled
  • softDeleteRetentionInDays - Number of days that deleted vaults and vault objects are retained
  • publicNetworkAccess - Whether the vault is accessible from public networks
  • enabledForDeployment - Whether the vault can be used for ARM deployment
  • enabledForDiskEncryption - Whether the vault can be used for Azure Disk Encryption
  • enabledForTemplateDeployment - Whether the vault can be used for ARM template deployment

azure.subscription.aksService.cluster

  • enablePrivateCluster - Whether the AKS cluster API server is a private cluster
  • enablePrivateClusterPublicFQDN - Whether the private cluster has a public FQDN
  • disableRunCommand - Whether run command is disabled on the AKS cluster
  • apiServerAuthorizedIPRanges - CIDR ranges authorized to access the AKS API server
  • privateDnsZone - Private DNS zone mode for the AKS cluster

azure.subscription.cacheService.redisInstance

  • minimumTlsVersion - Minimum TLS version required by the Redis cache

@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@tas50 tas50 marked this pull request as ready for review February 14, 2026 21:12
@tas50 tas50 changed the title ⭐ Extend the existing azure resources with additional fields ⭐ Azure: Add 79 new fields in 17 resources Feb 14, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 14, 2026
edited
Loading

Test Results

5 121 tests  ±0   5 117 ✅ ±0   2m 32s ⏱️ +9s
  418 suites ±0       4 💤 ±0 
   31 files   ±0       0 ❌ ±0 

Results for commit bf8b636. ± Comparison against base commit 51af60d.

♻️ This comment has been updated with latest results.

@tas50 tas50 requested review from arlimus and chris-rock February 15, 2026 06:43
czunker
czunker reviewed Feb 18, 2026
View reviewed changes
Comment thread providers/azure/resources/azure.lr Outdated
Comment thread providers/azure/resources/cosmosdb.go Outdated
Comment thread providers/azure/resources/cosmosdb.go Outdated
Comment thread providers/azure/resources/mysql.go Outdated
Comment thread providers/azure/resources/mysql.go Outdated
Comment thread providers/azure/resources/mysql.go Outdated
Comment thread providers/azure/resources/postgresql.go Outdated
Comment thread providers/azure/resources/postgresql.go Outdated
Comment thread providers/azure/resources/sql.go Outdated
Comment thread providers/azure/resources/storage.go Outdated
@tas50
Copy link
Copy Markdown
Member Author

tas50 commented Feb 18, 2026

@czunker let me know if there was other items here

czunker
czunker approved these changes Feb 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@czunker czunker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Thanks @tas50

tas50 and others added 5 commits February 19, 2026 11:59
@tas50
Extend the existing azure resources with additional fields
8bd050b 
Add all the security non-dict fields we can from the SDK

Signed-off-by: Tim Smith <tsmith84@gmail.com>
@tas50 @claude
🐛 Fix missing fields in Azure web app and CosmosDB resource creation
085bfbb 
createWebAppResourceFromSite was missing the new appsite fields (httpsOnly,
clientCertEnabled, clientCertMode, enabled, state), causing incomplete
resources when accessed via appslot.parent(). Also add default values for
new CosmosDB fields in fetchDbAccountsByType and fetchCosmosForPostgres.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@tas50 @claude
🐛 Guard new appsite fields in createWebAppResourceFromSite for appslot
ac094b8 
The shared helper is called for both appsite and appslot resource types,
but only appsite has the new fields (httpsOnly, clientCertEnabled, etc.).
Setting unknown fields on appslot would cause errors.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@tas50
Address review comments
bb2294b 
Signed-off-by: Tim Smith <tsmith84@gmail.com>
@tas50
Nudge claude a bit in the right direction
c8cfdc4 
Signed-off-by: Tim Smith <tsmith84@gmail.com>
@tas50 tas50 merged commit 75eea27 into main Feb 19, 2026
19 checks passed
@tas50 tas50 deleted the tas50/more_azure branch February 19, 2026 11:02
@github-actions github-actions Bot locked and limited conversation to collaborators Feb 19, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@czunker czunker czunker approved these changes

@chris-rock chris-rock Awaiting requested review from chris-rock

@arlimus arlimus Awaiting requested review from arlimus

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tas50 @czunker