Skip to content

Update Terraform samples with deprecation notes and security improvements #136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
anthony-c-martin merged 2 commits into from
Nov 14, 2025
Merged

Update Terraform samples with deprecation notes and security improvements #136

anthony-c-martin merged 2 commits into from
Nov 14, 2025

Conversation

@ms-henglu
Copy link
Member

@ms-henglu ms-henglu commented Nov 13, 2025

Description

This PR updates Terraform samples with important deprecation notices, security improvements, and new resource examples.

Changes

Deprecation Notices

  • Azure Spring Apps: Added deprecation notices to all Azure Spring Apps resources (Microsoft.AppPlatform/Spring) indicating retirement on 2028-05-31
    • Affected resources: Spring services, DevToolPortals, apiPortals, applicationAccelerators, apps, buildServices, configServers, configurationServices, gateways, monitoringSettings, and storages

Informational Notes

  • Redis Enterprise: Added note explaining Redis Enterprise (Microsoft.Cache/redisEnterprise) is also known as Azure Managed Redis and requires a databases child resource
  • Cognitive Services: Updated description from "AI Services Account" to "Cognitive Services Account"

Security Improvements

Replaced hardcoded passwords with sensitive variables in multiple samples:

  • Virtual Machines (Microsoft.Compute)
  • SQL Servers and databases (Microsoft.Sql)
  • MySQL Flexible Servers (Microsoft.DBforMySQL)
  • PostgreSQL Flexible Servers (Microsoft.DBforPostgreSQL)
  • MongoDB clusters and user definitions (Microsoft.DocumentDB)
  • Container Registry credentials (Microsoft.ContainerRegistry)
  • Network packet captures (Microsoft.Network)
  • Recovery Services (Microsoft.RecoveryServices)
  • Security assessments (Microsoft.Security)
  • Synapse workspaces and SQL pools (Microsoft.Synapse)
  • Qumulo file systems

New Samples

  • Cognitive Services:
    • Accounts/connections - OAuth2, API Key, AAD, and Custom Keys authentication
    • Accounts/projects - Project management
  • Cosmos DB MongoDB vCore:
    • mongoClusters - Main cluster with geo-replication and point-in-time restore
    • mongoClusters/firewallRules - Firewall configuration
    • mongoClusters/users - User management with Entra ID

API Version Updates

  • Updated Redis Enterprise samples from 2022-01-01/2024-10-01 to 2025-04-01

Testing

All samples have been validated for:

  • Proper variable declarations with sensitive flags
  • Correct API versions
  • Schema validation compatibility

@ms-henglu
Update Terraform samples with deprecation notes and security improvem…
7a1a44a 
…ents

- Add deprecation notices for Azure Spring Apps resources (retirement 2028-05-31)
- Add informational notes for Redis Enterprise and Cognitive Services
- Replace hardcoded passwords with sensitive variables in VM, SQL, MySQL, PostgreSQL, and other samples
- Add new samples for Cognitive Services connections and projects
- Add new samples for Cosmos DB MongoDB vCore clusters, firewall rules, and users
- Update Redis Enterprise samples to latest API version (2025-04-01)
anthony-c-martin
anthony-c-martin reviewed Nov 13, 2025
View reviewed changes
settings/remarks/microsoft.cache/remarks.json Outdated
"ResourceType": "Microsoft.Cache/redisEnterprise",
"Path": "samples/redisenterprise/main.tf",
"Description": "A basic example of deploying Redis Enterprise Cluster."
"Description": "A basic example of deploying Redis Enterprise Cluster.\n\nNote: Redis Enterprise (Microsoft.Cache/redisEnterprise) is also known as Azure Managed Redis. It requires a Microsoft.Cache/redisEnterprise/databases child resource to function properly. See https://learn.microsoft.com/azure/redis/overview for more information."
Copy link
Member

@anthony-c-martin anthony-c-martin Nov 13, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you break out the general resource info / deprecation notes into a separate PR? We have a specific place to put them, separate from the samples - see here for example:

template-reference-generator/settings/remarks/microsoft.authorization/remarks.json

Lines 3 to 11 in 1979a35

"ResourceRemarks": [
{
"Description": "For guidance on creating role assignments and definitions, see [Create Azure RBAC resources by using Bicep](/azure/azure-resource-manager/bicep/scenarios-rbac).",
"ResourceTypes": [
"microsoft.authorization/roleassignments",
"microsoft.authorization/roledefinitions"
]
}
],

There's some info on the dfiferent fields written up here: https://github.com/Azure/template-reference-generator/blob/main/docs/configuration.md#remarks

Copy link
Member Author

@ms-henglu ms-henglu Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure! I removed these changes, and will open another PR for that. Thanks!

@anthony-c-martin anthony-c-martin merged commit 9b59224 into Azure:main Nov 14, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anthony-c-martin anthony-c-martin anthony-c-martin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ms-henglu @anthony-c-martin