[Azure Services Retirement] Incorrect early sentinel (-9999) causes unreachable conditions and prevent retirement mappings

[juyamagu]

The base query uses case(...) blocks that include the sentinel value -9999 inside nested condition groups. This makes later rules for the same resource type unreachable and forces a single ServiceID-per-resource assumption, causing "dead" conditions which will be never evaluated and missed retirement mappings for some resource types (e.g. VMs, Cognitive Services).

Problem

• Multiple nested case usages insert -9999 mid-block. Once a row hits that sentinel, later conditions for the same type never run.
• This implicitly assumes a resource can only map to one retirement ServiceID.
• The pattern makes it easy to accidentally add unreachable rules and creates maintenance risk.

Recommended fix

Only place the sentinel (-9999) at the end of each top-level case that defines ServiceID — not inside nested sub-cases.

Example

NOTE: The actual query implementation can be found here, but I'd rather would like to use resource_list.kql in Azure/EOL repository for the visibility sake.

Problematic VM block:
https://github.com/Azure/EOL/blob/93fa17d8df787061f7384273a4447094be4700bf/resource_list.kql#L58-L83

Dead / unreachable rules later:

• https://github.com/Azure/EOL/blob/93fa17d8df787061f7384273a4447094be4700bf/resource_list.kql#L116
• https://github.com/Azure/EOL/blob/93fa17d8df787061f7384273a4447094be4700bf/resource_list.kql#L119
• https://github.com/Azure/EOL/blob/93fa17d8df787061f7384273a4447094be4700bf/resource_list.kql#L120
• https://github.com/Azure/EOL/blob/93fa17d8df787061f7384273a4447094be4700bf/resource_list.kql#L128

Real-world example

I have 36 virtual machines associated with the retirement of service id 503, however, the service retirements workbook doesn't show them up.