From b1f295ce4dcce7e407f415a661d3b5fa4bbb5d19 Mon Sep 17 00:00:00 2001 From: Mark Cowlishaw Date: Fri, 12 Jun 2026 23:29:30 -0700 Subject: [PATCH 1/2] Hide CustomerManagedKeyEncryption types as internal; add V4 Foundations replacements Mark CustomerManagedKeyEncryption, KeyEncryptionKeyIdentity, and KeyEncryptionKeyIdentityType as internal in the CommonTypes namespace, preventing direct use in service specifications. Add CustomerManagedKeyEncryptionV4, KeyEncryptionKeyIdentityV4, and KeyEncryptionKeyIdentityTypeV4 in Azure.ResourceManager.Foundations as public replacement types. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../hide-cmk-internal-2026-6-12-17-1-0.md | 14 +++ .../common-types/customer-managed-keys.tsp | 6 +- .../lib/foundations/arm.foundations.tsp | 1 + .../lib/foundations/encryption.tsp | 41 +++++++ .../test/foundations-encryption.test.ts | 110 ++++++++++++++++++ .../reference/data-types.md | 104 ++++++++--------- .../reference/index.mdx | 4 +- 7 files changed, 223 insertions(+), 57 deletions(-) create mode 100644 .chronus/changes/hide-cmk-internal-2026-6-12-17-1-0.md create mode 100644 packages/typespec-azure-resource-manager/lib/foundations/encryption.tsp create mode 100644 packages/typespec-azure-resource-manager/test/foundations-encryption.test.ts diff --git a/.chronus/changes/hide-cmk-internal-2026-6-12-17-1-0.md b/.chronus/changes/hide-cmk-internal-2026-6-12-17-1-0.md new file mode 100644 index 0000000000..8bf3b6f6ed --- /dev/null +++ b/.chronus/changes/hide-cmk-internal-2026-6-12-17-1-0.md @@ -0,0 +1,14 @@ +--- +changeKind: feature +packages: + - "@azure-tools/typespec-azure-resource-manager" +--- + +Hide `CustomerManagedKeyEncryption`, `KeyEncryptionKeyIdentity`, and `KeyEncryptionKeyIdentityType` common types by marking them `internal`. Add public replacement types `CustomerManagedKeyEncryptionV4`, `KeyEncryptionKeyIdentityV4`, and `KeyEncryptionKeyIdentityTypeV4` in the `Azure.ResourceManager.Foundations` namespace. + +```tsp +// Use the new Foundations types instead of the internal CommonTypes types: +model EncryptionConfig { + customerManagedKey?: Azure.ResourceManager.Foundations.CustomerManagedKeyEncryptionV4; +} +``` diff --git a/packages/typespec-azure-resource-manager/lib/common-types/customer-managed-keys.tsp b/packages/typespec-azure-resource-manager/lib/common-types/customer-managed-keys.tsp index fc310b23f6..80651ef917 100644 --- a/packages/typespec-azure-resource-manager/lib/common-types/customer-managed-keys.tsp +++ b/packages/typespec-azure-resource-manager/lib/common-types/customer-managed-keys.tsp @@ -17,7 +17,7 @@ union InfrastructureEncryption { /** The type of identity to use. */ @added(Versions.v4) -union KeyEncryptionKeyIdentityType { +internal union KeyEncryptionKeyIdentityType { /** System assigned identity */ SystemAssignedIdentity: "systemAssignedIdentity", @@ -32,7 +32,7 @@ union KeyEncryptionKeyIdentityType { /** All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. */ @added(Versions.v4) -model KeyEncryptionKeyIdentity { +internal model KeyEncryptionKeyIdentity { /** The type of identity to use. Values can be systemAssignedIdentity, userAssignedIdentity, or delegatedResourceIdentity. */ identityType?: KeyEncryptionKeyIdentityType; @@ -49,7 +49,7 @@ model KeyEncryptionKeyIdentity { /** Customer-managed key encryption properties for the resource. */ @added(Versions.v4) -model CustomerManagedKeyEncryption { +internal model CustomerManagedKeyEncryption { /** All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. */ keyEncryptionKeyIdentity?: KeyEncryptionKeyIdentity; diff --git a/packages/typespec-azure-resource-manager/lib/foundations/arm.foundations.tsp b/packages/typespec-azure-resource-manager/lib/foundations/arm.foundations.tsp index 4b369ab268..55afe73933 100644 --- a/packages/typespec-azure-resource-manager/lib/foundations/arm.foundations.tsp +++ b/packages/typespec-azure-resource-manager/lib/foundations/arm.foundations.tsp @@ -3,6 +3,7 @@ import "@typespec/rest"; import "./backcompat.tsp"; import "./deprecation.tsp"; +import "./encryption.tsp"; import "../common-types/common-types.tsp"; import "../decorators.tsp"; import "../responses.tsp"; diff --git a/packages/typespec-azure-resource-manager/lib/foundations/encryption.tsp b/packages/typespec-azure-resource-manager/lib/foundations/encryption.tsp new file mode 100644 index 0000000000..8c41c26ce3 --- /dev/null +++ b/packages/typespec-azure-resource-manager/lib/foundations/encryption.tsp @@ -0,0 +1,41 @@ +using Azure.Core; + +namespace Azure.ResourceManager.Foundations; + +/** The type of identity to use. */ +union KeyEncryptionKeyIdentityTypeV4 { + /** System assigned identity */ + SystemAssignedIdentity: "systemAssignedIdentity", + + /** User assigned identity */ + UserAssignedIdentity: "userAssignedIdentity", + + /** Delegated identity */ + DelegatedResourceIdentity: "delegatedResourceIdentity", + + string, +} + +/** All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. */ +model KeyEncryptionKeyIdentityV4 { + /** The type of identity to use. Values can be systemAssignedIdentity, userAssignedIdentity, or delegatedResourceIdentity. */ + identityType?: KeyEncryptionKeyIdentityTypeV4; + + /** User assigned identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups//providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity. */ + userAssignedIdentityResourceId?: Azure.Core.armResourceIdentifier; + + /** application client identity to use for accessing key encryption key Url in a different tenant. Ex: f83c6b1b-4d34-47e4-bb34-9d83df58b540 */ + federatedClientId?: uuid; + + /** delegated identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups//providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and userAssignedIdentity - internal use only. */ + delegatedIdentityClientId?: uuid; +} + +/** Customer-managed key encryption properties for the resource. */ +model CustomerManagedKeyEncryptionV4 { + /** All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. */ + keyEncryptionKeyIdentity?: KeyEncryptionKeyIdentityV4; + + /** key encryption key Url, versioned or non-versioned. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 or https://contosovault.vault.azure.net/keys/contosokek. */ + keyEncryptionKeyUrl?: string; +} diff --git a/packages/typespec-azure-resource-manager/test/foundations-encryption.test.ts b/packages/typespec-azure-resource-manager/test/foundations-encryption.test.ts new file mode 100644 index 0000000000..e301740773 --- /dev/null +++ b/packages/typespec-azure-resource-manager/test/foundations-encryption.test.ts @@ -0,0 +1,110 @@ +import { Tester } from "#test/tester.js"; +import { TesterInstance } from "@typespec/compiler/testing"; +import { beforeEach, describe, it } from "vitest"; + +let runner: TesterInstance; + +beforeEach(async () => { + runner = await Tester.createInstance(); +}); + +describe("CustomerManagedKeyEncryptionV4 foundations type", () => { + it("can be used in a service spec as a property type", async () => { + const diagnostics = await runner.diagnose( + ` + @armProviderNamespace + @service + namespace Microsoft.Contoso; + + model EncryptionConfig { + customerManagedKey?: Azure.ResourceManager.Foundations.CustomerManagedKeyEncryptionV4; + } + `, + ); + expectDiagnosticEmpty(diagnostics); + }); + + it("exposes keyEncryptionKeyIdentity and keyEncryptionKeyUrl properties", async () => { + const diagnostics = await runner.diagnose( + ` + @armProviderNamespace + @service + namespace Microsoft.Contoso; + + model EncryptionConfig { + customerManagedKey?: Azure.ResourceManager.Foundations.CustomerManagedKeyEncryptionV4; + } + + model UsesIdentity { + identity?: Azure.ResourceManager.Foundations.KeyEncryptionKeyIdentityV4; + } + `, + ); + expectDiagnosticEmpty(diagnostics); + }); + + it("KeyEncryptionKeyIdentityTypeV4 union can be referenced", async () => { + const diagnostics = await runner.diagnose( + ` + @armProviderNamespace + @service + namespace Microsoft.Contoso; + + model IdentityConfig { + identityType?: Azure.ResourceManager.Foundations.KeyEncryptionKeyIdentityTypeV4; + } + `, + ); + expectDiagnosticEmpty(diagnostics); + }); + + it("CustomerManagedKeyEncryption is internal and cannot be used outside Azure.ResourceManager", async () => { + const diagnostics = await runner.diagnose( + ` + @armProviderNamespace + @service + namespace Microsoft.Contoso; + + model EncryptionConfig { + customerManagedKey?: Azure.ResourceManager.CommonTypes.CustomerManagedKeyEncryption; + } + `, + ); + expectDiagnosticNotEmpty(diagnostics); + }); + + it("Encryption wrapper type remains public and usable", async () => { + const diagnostics = await runner.diagnose( + ` + @service(#{ title: "Test" }) + @versioned(Microsoft.Contoso.Versions) + @armProviderNamespace + namespace Microsoft.Contoso; + + enum Versions { + @armCommonTypesVersion(Azure.ResourceManager.CommonTypes.Versions.v4) + v4; + } + + model ResourceProperties { + encryption?: Azure.ResourceManager.CommonTypes.Encryption; + } + `, + ); + expectDiagnosticEmpty(diagnostics); + }); +}); + +function expectDiagnosticEmpty(diagnostics: readonly any[]) { + if (diagnostics.length > 0) { + throw new Error( + `Expected no diagnostics but got ${diagnostics.length}: ${diagnostics.map((d) => `${d.code}: ${d.message}`).join(", ")}`, + ); + } +} + +function expectDiagnosticNotEmpty(diagnostics: readonly any[]) { + if (diagnostics.length === 0) { + throw new Error("Expected diagnostics but got none"); + } +} diff --git a/website/src/content/docs/docs/libraries/azure-resource-manager/reference/data-types.md b/website/src/content/docs/docs/libraries/azure-resource-manager/reference/data-types.md index ec870090b1..c6bd04a75f 100644 --- a/website/src/content/docs/docs/libraries/azure-resource-manager/reference/data-types.md +++ b/website/src/content/docs/docs/libraries/azure-resource-manager/reference/data-types.md @@ -1605,21 +1605,6 @@ model Azure.ResourceManager.CommonTypes.CheckNameAvailabilityResponse | reason? | [`CheckNameAvailabilityReason`](./data-types.md#Azure.ResourceManager.CommonTypes.CheckNameAvailabilityReason) | The reason why the given name is not available. | | message? | `string` | Detailed reason why the given name is not available. | -### `CustomerManagedKeyEncryption` {#Azure.ResourceManager.CommonTypes.CustomerManagedKeyEncryption} - -Customer-managed key encryption properties for the resource. - -```typespec -model Azure.ResourceManager.CommonTypes.CustomerManagedKeyEncryption -``` - -#### Properties - -| Name | Type | Description | -| ------------------------- | -------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| keyEncryptionKeyIdentity? | [`KeyEncryptionKeyIdentity`](./data-types.md#Azure.ResourceManager.CommonTypes.KeyEncryptionKeyIdentity) | All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. | -| keyEncryptionKeyUrl? | `string` | key encryption key Url, versioned or non-versioned. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 or https://contosovault.vault.azure.net/keys/contosokek. | - ### `DelegatedResource` {#Azure.ResourceManager.CommonTypes.DelegatedResource} Delegated resource properties - internal use only. @@ -1661,10 +1646,10 @@ model Azure.ResourceManager.CommonTypes.Encryption #### Properties -| Name | Type | Description | -| ----------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------- | -| infrastructureEncryption? | [`InfrastructureEncryption`](./data-types.md#Azure.ResourceManager.CommonTypes.InfrastructureEncryption) | Values are enabled and disabled. | -| customerManagedKeyEncryption? | [`CustomerManagedKeyEncryption`](./data-types.md#Azure.ResourceManager.CommonTypes.CustomerManagedKeyEncryption) | All Customer-managed key encryption properties for the resource. | +| Name | Type | Description | +| ----------------------------- | -------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------- | +| infrastructureEncryption? | [`InfrastructureEncryption`](./data-types.md#Azure.ResourceManager.CommonTypes.InfrastructureEncryption) | Values are enabled and disabled. | +| customerManagedKeyEncryption? | `Azure.ResourceManager.CommonTypes.CustomerManagedKeyEncryption` | All Customer-managed key encryption properties for the resource. | ### `EncryptionProperties` {#Azure.ResourceManager.CommonTypes.EncryptionProperties} @@ -1799,23 +1784,6 @@ model Azure.ResourceManager.CommonTypes.IfNoneMatchHeader | ----------- | -------- | ---------------------------------------------------------- | | ifNoneMatch | `string` | The If-None-Match header that makes a request conditional. | -### `KeyEncryptionKeyIdentity` {#Azure.ResourceManager.CommonTypes.KeyEncryptionKeyIdentity} - -All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. - -```typespec -model Azure.ResourceManager.CommonTypes.KeyEncryptionKeyIdentity -``` - -#### Properties - -| Name | Type | Description | -| ------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| identityType? | [`KeyEncryptionKeyIdentityType`](./data-types.md#Azure.ResourceManager.CommonTypes.KeyEncryptionKeyIdentityType) | The type of identity to use. Values can be systemAssignedIdentity, userAssignedIdentity, or delegatedResourceIdentity. | -| userAssignedIdentityResourceId? | `Azure.Core.armResourceIdentifier` | User assigned identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups//providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity. | -| federatedClientId? | `Azure.Core.uuid` | application client identity to use for accessing key encryption key Url in a different tenant. Ex: f83c6b1b-4d34-47e4-bb34-9d83df58b540 | -| delegatedIdentityClientId? | `Azure.Core.uuid` | delegated identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups//providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and userAssignedIdentity - internal use only. | - ### `KeyVaultProperties` {#Azure.ResourceManager.CommonTypes.KeyVaultProperties} ```typespec @@ -2908,22 +2876,6 @@ union Azure.ResourceManager.CommonTypes.IssueType | MissingPerimeterConfiguration | `"MissingPerimeterConfiguration"` | A network connectivity issue is happening on the resource which could be addressed either by adding new resources to the network security perimeter (NSP) or by modifying access rules. | | MissingIdentityConfiguration | `"MissingIdentityConfiguration"` | An managed identity hasn't been associated with the resource. The resource will still be able to validate inbound traffic from the network security perimeter (NSP) or matching inbound access rules, but it won't be able to perform outbound access as a member of the NSP. | -### `KeyEncryptionKeyIdentityType` {#Azure.ResourceManager.CommonTypes.KeyEncryptionKeyIdentityType} - -The type of identity to use. - -```typespec -union Azure.ResourceManager.CommonTypes.KeyEncryptionKeyIdentityType -``` - -#### Variants - -| Name | Type | Description | -| ------------------------- | ----------------------------- | ------------------------ | -| SystemAssignedIdentity | `"systemAssignedIdentity"` | System assigned identity | -| UserAssignedIdentity | `"userAssignedIdentity"` | User assigned identity | -| DelegatedResourceIdentity | `"delegatedResourceIdentity"` | Delegated identity | - ### `ManagedServiceIdentityType` {#Azure.ResourceManager.CommonTypes.ManagedServiceIdentityType} Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). @@ -3418,6 +3370,21 @@ model Azure.ResourceManager.Foundations.ArmTagsProperty | ----- | ---------------- | -------------- | | tags? | `Record` | Resource tags. | +### `CustomerManagedKeyEncryptionV4` {#Azure.ResourceManager.Foundations.CustomerManagedKeyEncryptionV4} + +Customer-managed key encryption properties for the resource. + +```typespec +model Azure.ResourceManager.Foundations.CustomerManagedKeyEncryptionV4 +``` + +#### Properties + +| Name | Type | Description | +| ------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| keyEncryptionKeyIdentity? | [`KeyEncryptionKeyIdentityV4`](./data-types.md#Azure.ResourceManager.Foundations.KeyEncryptionKeyIdentityV4) | All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. | +| keyEncryptionKeyUrl? | `string` | key encryption key Url, versioned or non-versioned. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 or https://contosovault.vault.azure.net/keys/contosokek. | + ### `DefaultBaseParameters` {#Azure.ResourceManager.Foundations.DefaultBaseParameters} Base parameters for a resource. @@ -3479,6 +3446,23 @@ model Azure.ResourceManager.Foundations.ExtensionScope | resourceUri | `string` | The fully qualified Azure Resource manager identifier of the resource. | | provider | `"Microsoft.ThisWillBeReplaced"` | | +### `KeyEncryptionKeyIdentityV4` {#Azure.ResourceManager.Foundations.KeyEncryptionKeyIdentityV4} + +All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. + +```typespec +model Azure.ResourceManager.Foundations.KeyEncryptionKeyIdentityV4 +``` + +#### Properties + +| Name | Type | Description | +| ------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| identityType? | [`KeyEncryptionKeyIdentityTypeV4`](./data-types.md#Azure.ResourceManager.Foundations.KeyEncryptionKeyIdentityTypeV4) | The type of identity to use. Values can be systemAssignedIdentity, userAssignedIdentity, or delegatedResourceIdentity. | +| userAssignedIdentityResourceId? | `Azure.Core.armResourceIdentifier` | User assigned identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups//providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity. | +| federatedClientId? | `Azure.Core.uuid` | application client identity to use for accessing key encryption key Url in a different tenant. Ex: f83c6b1b-4d34-47e4-bb34-9d83df58b540 | +| delegatedIdentityClientId? | `Azure.Core.uuid` | delegated identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups//providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and userAssignedIdentity - internal use only. | + ### `LocationBaseParameters` {#Azure.ResourceManager.Foundations.LocationBaseParameters} The static parameters for a location-based resource @@ -3732,6 +3716,22 @@ model Azure.ResourceManager.Foundations.TenantScope | apiVersion | `string` | The API version to use for this operation. | | provider | `"Microsoft.ThisWillBeReplaced"` | | +### `KeyEncryptionKeyIdentityTypeV4` {#Azure.ResourceManager.Foundations.KeyEncryptionKeyIdentityTypeV4} + +The type of identity to use. + +```typespec +union Azure.ResourceManager.Foundations.KeyEncryptionKeyIdentityTypeV4 +``` + +#### Variants + +| Name | Type | Description | +| ------------------------- | ----------------------------- | ------------------------ | +| SystemAssignedIdentity | `"systemAssignedIdentity"` | System assigned identity | +| UserAssignedIdentity | `"userAssignedIdentity"` | User assigned identity | +| DelegatedResourceIdentity | `"delegatedResourceIdentity"` | Delegated identity | + ## Azure.ResourceManager.Legacy ### `ArmFeatureOptions` {#Azure.ResourceManager.Legacy.ArmFeatureOptions} diff --git a/website/src/content/docs/docs/libraries/azure-resource-manager/reference/index.mdx b/website/src/content/docs/docs/libraries/azure-resource-manager/reference/index.mdx index c9a007afd2..fd8c216a9f 100644 --- a/website/src/content/docs/docs/libraries/azure-resource-manager/reference/index.mdx +++ b/website/src/content/docs/docs/libraries/azure-resource-manager/reference/index.mdx @@ -194,7 +194,6 @@ npm install --save-peer @azure-tools/typespec-azure-resource-manager - [`AzureEntityResource`](./data-types.md#Azure.ResourceManager.CommonTypes.AzureEntityResource) - [`CheckNameAvailabilityRequest`](./data-types.md#Azure.ResourceManager.CommonTypes.CheckNameAvailabilityRequest) - [`CheckNameAvailabilityResponse`](./data-types.md#Azure.ResourceManager.CommonTypes.CheckNameAvailabilityResponse) -- [`CustomerManagedKeyEncryption`](./data-types.md#Azure.ResourceManager.CommonTypes.CustomerManagedKeyEncryption) - [`DelegatedResource`](./data-types.md#Azure.ResourceManager.CommonTypes.DelegatedResource) - [`DelegatedResources`](./data-types.md#Azure.ResourceManager.CommonTypes.DelegatedResources) - [`Encryption`](./data-types.md#Azure.ResourceManager.CommonTypes.Encryption) @@ -207,7 +206,6 @@ npm install --save-peer @azure-tools/typespec-azure-resource-manager - [`Identity`](./data-types.md#Azure.ResourceManager.CommonTypes.Identity) - [`IfMatchHeader`](./data-types.md#Azure.ResourceManager.CommonTypes.IfMatchHeader) - [`IfNoneMatchHeader`](./data-types.md#Azure.ResourceManager.CommonTypes.IfNoneMatchHeader) -- [`KeyEncryptionKeyIdentity`](./data-types.md#Azure.ResourceManager.CommonTypes.KeyEncryptionKeyIdentity) - [`KeyVaultProperties`](./data-types.md#Azure.ResourceManager.CommonTypes.KeyVaultProperties) - [`LocationData`](./data-types.md#Azure.ResourceManager.CommonTypes.LocationData) - [`LocationParameter`](./data-types.md#Azure.ResourceManager.CommonTypes.LocationParameter) @@ -311,9 +309,11 @@ npm install --save-peer @azure-tools/typespec-azure-resource-manager ### Models - [`ArmTagsProperty`](./data-types.md#Azure.ResourceManager.Foundations.ArmTagsProperty) +- [`CustomerManagedKeyEncryptionV4`](./data-types.md#Azure.ResourceManager.Foundations.CustomerManagedKeyEncryptionV4) - [`DefaultBaseParameters`](./data-types.md#Azure.ResourceManager.Foundations.DefaultBaseParameters) - [`ExtensionBaseParameters`](./data-types.md#Azure.ResourceManager.Foundations.ExtensionBaseParameters) - [`ExtensionScope`](./data-types.md#Azure.ResourceManager.Foundations.ExtensionScope) +- [`KeyEncryptionKeyIdentityV4`](./data-types.md#Azure.ResourceManager.Foundations.KeyEncryptionKeyIdentityV4) - [`LocationBaseParameters`](./data-types.md#Azure.ResourceManager.Foundations.LocationBaseParameters) - [`LocationScope`](./data-types.md#Azure.ResourceManager.Foundations.LocationScope) - [`ProxyResourceUpdateModel`](./data-types.md#Azure.ResourceManager.Foundations.ProxyResourceUpdateModel) From 8ba77fcba1bf0286e4a2e8adb3d25ac8559fb855 Mon Sep 17 00:00:00 2001 From: Mark Cowlishaw Date: Sun, 14 Jun 2026 00:10:48 -0700 Subject: [PATCH 2/2] Fix external integration: exclude typespec-vs from pack Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/external-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/external-integration.yml b/.github/workflows/external-integration.yml index e92d16e5cb..7a966b5fb5 100644 --- a/.github/workflows/external-integration.yml +++ b/.github/workflows/external-integration.yml @@ -39,7 +39,7 @@ jobs: # Also pack TypeSpec core packages cd core - pnpm chronus pack --pack-destination ../tgz-packages --exclude standalone + pnpm chronus pack --pack-destination ../tgz-packages --exclude standalone --exclude typespec-vs cd .. echo "Created tgz packages:"