Talvisbord/securityinsignts/source controls/add spn details 2026 01 01 preview

[visbord-tal]

ARM (Control Plane) API Specification Update Pull Request

Tip

Overwhelmed by all this guidance? See the Getting help section at the bottom of this PR description.

PR review workflow diagram

Please understand this diagram before proceeding. It explains how to get your PR approved & merged.

Purpose of this PR

What's the purpose of this PR? Check the specific option that applies. This is mandatory!

• New resource provider.
• New API version for an existing resource provider. (If API spec is not defined in TypeSpec, the PR should have been created in adherence to OpenAPI specs PR creation guidance).
• Update existing version for a new feature. (This is applicable only when you are revising a private preview API version.)
• Update existing version to fix OpenAPI spec quality issues in S360.
• Convert existing OpenAPI spec to TypeSpec spec (do not combine this with implementing changes for a new API version).
• Other, please clarify:
  • edit this with your clarification

Due diligence checklist

To merge this PR, you must go through the following checklist and confirm you understood
and followed the instructions by checking all the boxes:

• I confirm this PR is modifying Azure Resource Manager (ARM) related specifications, and not data plane related specifications.
• I have reviewed following Resource Provider guidelines, including
  ARM resource provider contract and
  REST guidelines (estimated time: 4 hours).
  I understand this is required before I can proceed to the diagram Step 2, "ARM API changes review", for this PR.
• A release plan has been created. If not, please create one as it will help guide you through the REST API and SDK creation process.

Additional information

Viewing API changes

For convenient view of the API changes made by this PR, refer to the URLs provided in the table
in the Generated ApiView comment added to this PR. You can use ApiView to show API versions diff.

Suppressing failures

If one or multiple validation error/warning suppression(s) is detected in your PR, please follow the
suppressions guide to get approval.

Getting help

• First, please carefully read through this PR description, from top to bottom. Please fill out the Purpose of this PR and Due diligence checklist.
• If you don't have permissions to remove or add labels to the PR, request write access per aka.ms/azsdk/access#request-access-to-rest-api-or-sdk-repositories
• To understand what you must do next to merge this PR, see the Next Steps to Merge comment. It will appear within few minutes of submitting this PR and will continue to be up-to-date with current PR state.
• For guidance on fixing this PR CI check failures, see the hyperlinks provided in given failure
  and https://aka.ms/ci-fix.
• For help with ARM review (PR workflow diagram Step 2), see https://aka.ms/azsdk/pr-arm-review.
• If the PR CI checks appear to be stuck in queued state, please add a comment with contents /azp run.
  This should result in a new comment denoting a PR validation pipeline has started and the checks should be updated after few minutes.
• If the help provided by the previous points is not enough, post to https://aka.ms/azsdk/support/specreview-channel and link to this PR.
• For guidance on SDK breaking change review, refer to https://aka.ms/ci-fix.

[github-actions]

Next Steps to Merge

Next steps that must be taken to merge this PR:

• ❌ The required check named Summarize PR Impact has failed. Refer to the check in the PR's 'Checks' tab for details on how to fix it and consult the aka.ms/ci-fix guide

Important checks have failed. As of today they are not blocking this PR, but in near future they may.
Addressing the following failures is highly recommended:

• ⚠️ The check named Swagger LintDiff has failed. Refer to the check in the PR's 'Checks' tab for details on how to fix it and consult the aka.ms/ci-fix guide

Comment generated by summarize-checks workflow run.

[github-actions]

API Change Check

APIView identified API level changes in this PR and created the following API reviews

Language	API Review for Package
Go	sdk/resourcemanager/securityinsights/armsecurityinsights
Java	com.azure.resourcemanager:azure-resourcemanager-securityinsights
Python	azure-mgmt-securityinsight
JavaScript	@azure/arm-securityinsight

[Copilot]

Pull Request Overview

This pull request introduces a new preview API version (2026-01-01-preview) for the SecurityInsights Source Controls feature, adding support for Service Principal and Workload Identity Federation metadata. The changes extend the existing source control functionality with enhanced authentication and identity management capabilities.

Key Changes:

• Adds new ServicePrincipal and WorkloadIdentityFederation schema definitions to track authentication metadata
• Introduces new API version 2026-01-01-preview with associated specification and example files
• Updates readme.md configuration to include the new API version

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 14 comments.

File	Description
specification/securityinsights/resource-manager/readme.md	Updates tag configuration to add package-2026-01-01-preview with SourceControls.json input file
specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2026-01-01-preview/SourceControls.json	New OpenAPI specification file defining source control operations with service principal and workload identity federation support
specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2026-01-01-preview/examples/sourcecontrols/CreateSourceControl.json	Example demonstrating create/update source control operation with new authentication fields

[Copilot]

The API version in the info section is "2025-09-01" but this is a 2026-01-01-preview specification. The version field should be "2026-01-01-preview" to match the file name and API version being defined.

Suggested change

	"version": "2025-09-01"
	"version": "2026-01-01-preview"

[Copilot]

There's a trailing comma after the closing brace which is invalid JSON syntax. Remove the comma at the end of this line.

Suggested change

	"$ref": "#/definitions/WorkloadIdentityFederation",
	"$ref": "#/definitions/WorkloadIdentityFederation"

[Copilot]

Inconsistent casing: "metadata of a repository" should follow sentence case style as used elsewhere in the file. It should be "Metadata of a repository." or "Metadata of a repository" (with capital M).

Suggested change

	"description": "metadata of a repository.",
	"description": "Metadata of a repository.",

[Copilot]

The code property type is incorrectly defined as type: "object" when it should be type: "string" since it references the WarningCode enum (which is a string type).

Suggested change

	"type": "object",
	"type": "string",

[Copilot]

Typo in the resource ID: "OperationalIinsights" should be "OperationalInsights" (only one 'I', not double 'I').

Suggested change

	"id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a",
	"id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a",

[Copilot]

The state property is incorrectly defined as type: "object" when it should be type: "string" since it references the PullRequestState enum (which is a string type).

Suggested change

"type": "object",

[Copilot]

The description "The type of repository." is incorrect for WarningCode enum. This should describe warning codes, not repository types. Consider: "Warning codes for source control operations."

Suggested change

	"description": "The type of repository.",
	"description": "Warning codes for source control operations.",

[Copilot]

The API version in the example is "2025-09-01" but this example is for the 2026-01-01-preview API version. The api-version parameter should be "2026-01-01-preview" to match the specification version.

Suggested change

	"api-version": "2025-09-01",
	"api-version": "2026-01-01-preview",

[Copilot]

Typo in the resource ID: "OperationalIinsights" should be "OperationalInsights" (only one 'I', not double 'I').

Suggested change

	"id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a",
	"id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a",

[Copilot]

Inconsistent casing: in the request body (line 12) the description is "This is a source control" but in the response (line 128) it's "this is a source control" (lowercase 't'). The response should match the request with capital 'T': "This is a source control".

Suggested change

	"description": "this is a source control",
	"description": "This is a source control",