Add new ChangeAnalysis /resourceChange and /changes API version 2021-04-01

[yantang-msft]

MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow.

Changelog

Please ensure to add changelog with this PR by answering the following questions.

1. What's the purpose of the update?
   • new service onboarding
   • new API version
   • update existing version for new feature
   • update existing version to fix swagger quality issue in s360
   • Other, please clarify
2. When you are targeting to deploy new service/feature to public regions? Please provide date, or month to public if date is not available yet.
3. When you expect to publish swagger? Please provide date, or month to public if date is not available yet.
4. If it's an update to existing version, please select SDKs of specific language and CLIs that require refresh after swagger is published.
   • SDK of .NET (need service team to ensure code readiness)
   • SDK of Python
   • SDK of Java
   • SDK of Js
   • SDK of Go
   • PowerShell
   • CLI
   • Terraform
   • No, no need to refresh for updates in this PR

Contribution checklist:

• I commit to follow the Breaking Change Policy of "no breaking changes"
• I have reviewed the documentation for the workflow.
• Validation tools were run on swagger spec(s) and errors have all been fixed in this PR. How to fix?

If any further question about AME onboarding or validation tools, please view the FAQ.

ARM API Review Checklist

• Ensure to check this box if one of the following scenarios meet updates in the PR, so that label “WaitForARMFeedback” will be added automatically to involve ARM API Review. Failure to comply may result in delays for manifest application. Note this does not apply to data plane APIs, all “removals” and “adding a new property” no more require ARM API review.

  • Adding new API(s)
  • Adding a new API version
  • Adding a new service

• Please ensure you've reviewed following guidelines including ARM resource provider contract and REST guidelines. Estimated time (4 hours). This is required before you can request review from ARM API Review board.

• If you are blocked on ARM review and want to get the PR merged with urgency, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.

Breaking Change Review Checklist

If there are following updates in the PR, ensure to request an approval from Breaking Change Review Board as defined in the Breaking Change Policy.

• Removing API(s) in stable version
• Removing properties in stable version
• Removing API version(s) in stable version
• Updating API in stable or public preview version with Breaking Change Validation errors
• Updating API(s) in public preview over 1 year (refer to Retirement of Previews)

Action: to initiate an evaluation of the breaking change, create a new intake using the template for breaking changes. Addition details on the process and office hours are on the Breaking change Wiki.

Please follow the link to find more details on PR review process.

[openapi-workflow-bot]

Hi, @yantang-msft Thanks for your PR. I am workflow bot for review process. Here are some small tips.

Please ensure to do self-check against checklists in first PR comment.

PR assignee is the person auto-assigned and responsible for your current PR reviewing and merging.

For specs comparison cross API versions, Use API Specs Comparison Report Generator

If there is CI failure(s), to fix CI error(s) is mandatory for PR merging; or you need to provide justification in PR comment for explanation. How to fix?

Any feedback about review process or workflow bot, pls contact swagger and tools team. vsswagger@microsoft.com

[openapi-pipeline-app]

Swagger Validation Report

️️✔️BreakingChange succeeded [Detail] [Expand]

There are no breaking changes.

️⚠️LintDiff: 11 Warnings warning [Detail]

Only 10 items are listed, please refer to log for more details.

• Linted configuring files (Based on source branch, openapi-validator v1.9.0 , classic-openapi-validator v1.1.6 )
  • changeanalysis/resource-manager/readme.md tag:package-2021-04-01
• Linted configuring files (Based on target branch, openapi-validator v1.9.0 , classic-openapi-validator v1.1.6 )
  • changeanalysis/resource-manager/readme.md tag:default

Rule	Message
⚠️ R1001 - OperationIdNounVerb	Per the Noun_Verb convention for Operation Ids, the noun 'Changes' should not appear after the underscore. Note: If you have already shipped an SDK on top of this spec, fixing this warning may introduce a breaking change. Location: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L111
⚠️ R1001 - OperationIdNounVerb	Per the Noun_Verb convention for Operation Ids, the noun 'Changes' should not appear after the underscore. Note: If you have already shipped an SDK on top of this spec, fixing this warning may introduce a breaking change. Location: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L162
⚠️ R2001 - AvoidNestedProperties	Consider using x-ms-client-flatten to provide a better end user experience Location: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L372
⚠️ R2066 - PostOperationIdContainsUrlVerb	OperationId should contain the verb: 'resourcechanges' in:'ResourceChanges_List'. Consider updating the operationId Location: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L63
⚠️ R3018 - EnumInsteadOfBoolean	Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: isDataMasked Location: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L325
⚠️ R4014 - AllResourcesMustHaveGetOperation	The resource 'Change' does not have get operation, please add it. Location: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L363
⚠️ R4021 - DescriptionAndTitleMissing	'Level' model/property lacks 'description' and 'title' property. Consider adding a 'description'/'title' element. Accurate description/title is essential for maintaining reference documentation. Location: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L271
⚠️ R4021 - DescriptionAndTitleMissing	'changeType' model/property lacks 'description' and 'title' property. Consider adding a 'description'/'title' element. Accurate description/title is essential for maintaining reference documentation. Location: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L287
⚠️ R4021 - DescriptionAndTitleMissing	'level' model/property lacks 'description' and 'title' property. Consider adding a 'description'/'title' element. Accurate description/title is essential for maintaining reference documentation. Location: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L310
⚠️ R4021 - DescriptionAndTitleMissing	'changeType' model/property lacks 'description' and 'title' property. Consider adding a 'description'/'title' element. Accurate description/title is essential for maintaining reference documentation. Location: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L351

️️✔️Avocado succeeded [Detail] [Expand]

Validation passes for Avocado.

️️✔️ModelValidation succeeded [Detail] [Expand]

Validation passes for ModelValidation.

️️✔️SemanticValidation succeeded [Detail] [Expand]

Validation passes for SemanticValidation.

️⚠️[Staging] Cross Version BreakingChange (Base on preview version): 9 Warnings warning [Detail]

• Compared Swaggers (Based on Oad v0.8.7)
  • original: preview/2020-04-01-preview/changeanalysis.json <---> new: stable/2021-04-01/changeanalysis.json

Rule	Message
⚠️ 1005 - RemovedPath	The new version is missing a path that was found in the old version. Was path '/subscriptions/{subscriptionId}/providers/Microsoft.ChangeAnalysis/profile/{profileName}' removed or restructured? Old: Microsoft.ChangeAnalysis/preview/2020-04-01-preview/changeanalysis.json#L12:5
⚠️ 1006 - RemovedDefinition	The new version is missing a definition that was found in the old version. Was 'ResourceIdentity' removed or renamed? New: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L205:3 Old: Microsoft.ChangeAnalysis/preview/2020-04-01-preview/changeanalysis.json#L252:3
⚠️ 1006 - RemovedDefinition	The new version is missing a definition that was found in the old version. Was 'AzureMonitorWorkspaceProperties' removed or renamed? New: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L205:3 Old: Microsoft.ChangeAnalysis/preview/2020-04-01-preview/changeanalysis.json#L252:3
⚠️ 1006 - RemovedDefinition	The new version is missing a definition that was found in the old version. Was 'NotificationsState' removed or renamed? New: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L205:3 Old: Microsoft.ChangeAnalysis/preview/2020-04-01-preview/changeanalysis.json#L252:3
⚠️ 1006 - RemovedDefinition	The new version is missing a definition that was found in the old version. Was 'NotificationSettings' removed or renamed? New: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L205:3 Old: Microsoft.ChangeAnalysis/preview/2020-04-01-preview/changeanalysis.json#L252:3
⚠️ 1006 - RemovedDefinition	The new version is missing a definition that was found in the old version. Was 'ConfigurationProfileResourceProperties' removed or renamed? New: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L205:3 Old: Microsoft.ChangeAnalysis/preview/2020-04-01-preview/changeanalysis.json#L252:3
⚠️ 1006 - RemovedDefinition	The new version is missing a definition that was found in the old version. Was 'SystemData' removed or renamed? New: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L205:3 Old: Microsoft.ChangeAnalysis/preview/2020-04-01-preview/changeanalysis.json#L252:3
⚠️ 1006 - RemovedDefinition	The new version is missing a definition that was found in the old version. Was 'ConfigurationProfileResource' removed or renamed? New: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L205:3 Old: Microsoft.ChangeAnalysis/preview/2020-04-01-preview/changeanalysis.json#L252:3
⚠️ 1007 - RemovedClientParameter	The new version is missing a client parameter that was found in the old version. Was 'ProfileNameParameter' removed or renamed? New: Microsoft.ChangeAnalysis/stable/2021-04-01/changeanalysis.json#L395:3 Old: Microsoft.ChangeAnalysis/preview/2020-04-01-preview/changeanalysis.json#L454:3

️️✔️[Staging] Cross Version BreakingChange (Base on stable version) succeeded [Detail] [Expand]

There are no breaking changes.

️️✔️CredScan succeeded [Detail] [Expand]

There is no credential detected.

️⚠️[Staging] SDK Track2 Validation: 6 Warnings warning [Detail]

• The following tags are being changed in this PR
• changeanalysis/resource-manager/readme.md#package-2021-04-01

Rule	Message
⚠️ PreCheck/SchemaMissingType	"readme":"changeanalysis/resource-manager/readme.md", "tag":"package-2021-04-01", "details":"The schema 'Resource' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'"
⚠️ PreCheck/SchemaMissingType	"readme":"changeanalysis/resource-manager/readme.md", "tag":"package-2021-04-01", "details":"The schema 'ProxyResource' with an undefined type and 'allOf'/'anyOf'/'oneOf' is a bit ambigious. This has been auto-corrected to 'type:object'"
⚠️ PreCheck/SchemaMissingType	"readme":"changeanalysis/resource-manager/readme.md", "tag":"package-2021-04-01", "details":"The schema 'ErrorDetail' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'"
⚠️ PreCheck/SchemaMissingType	"readme":"changeanalysis/resource-manager/readme.md", "tag":"package-2021-04-01", "details":"The schema 'ErrorResponse' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'"
⚠️ PreCheck/SchemaMissingType	"readme":"changeanalysis/resource-manager/readme.md", "tag":"package-2021-04-01", "details":"The schema 'ErrorAdditionalInfo' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'"
⚠️ PreCheck/CheckDuplicateSchemas	"readme":"changeanalysis/resource-manager/readme.md", "tag":"package-2021-04-01", "details":"Checking for duplicate schemas, this could take a (long) while. Run with --verbose for more detail."

️️✔️[Staging] PrettierCheck succeeded [Detail] [Expand]

Validation passes for PrettierCheck.

️️✔️[Staging] SpellCheck succeeded [Detail] [Expand]

Validation passes for SpellCheck.

_{Posted by Swagger Pipeline | How to fix these errors?}

[openapi-pipeline-app]

Swagger Generation Artifacts

️️✔️ azure-sdk-for-go succeeded [Detail] [Expand]

• ️✔️Succeeded [Logs]Release - Generate from 4b13173. SDK Automation 14.0.0

  command	sh ./initScript.sh ../../../../../azure-sdk-for-go_tmp/initInput.json ../../../../../azure-sdk-for-go_tmp/initOutput.json
  command	go run ./tools/generator/main.go ../../../../../azure-sdk-for-go_tmp/generateInput.json ../../../../../azure-sdk-for-go_tmp/generateOutput.json

• ️✔️preview/changeanalysis/mgmt/2020-04-01-preview/changeanalysis [View full logs]  [Release SDK Changes]

  info	[Changelog] This is a new package

️️✔️ azure-resource-manager-schemas succeeded [Detail] [Expand]

• ️✔️Succeeded [Logs]Release - Generate from 4b13173. Schema Automation 14.0.0

  warn	Skip initScript due to not configured
  command	npx n 12
  command	autorest --use=@autorest/azureresourceschema@3.0.92 --version=3.0.6374 --azureresourceschema --multiapi --title=none --pass-thru:subset-reducer --azureresourceschema-folder=/home/vsts/work/1/s/azure-resource-manager-schemas/azure-resource-manager-schemas ../../azure-rest-api-specs/specification/changeanalysis/resource-manager/readme.md

• ️✔️changeanalysis [View full logs]  [Release Schema Changes]

  cmderr	[resource-manager] node-pre-gyp
  cmderr	[resource-manager] WARN Using request for node-pre-gyp https download
  cmderr	[resource-manager] npm WARN template-schema-validation-tools@1.0.0 No repository field.
  cmderr	[resource-manager] npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules/fsevents):
  cmderr	[resource-manager] npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

️⚠️ azure-sdk-for-python warning [Detail]

• ⚠️Warning [Logs]Release - Generate from 4b13173. SDK Automation 14.0.0

  command	sh scripts/automation_init.sh ../azure-sdk-for-python_tmp/initInput.json ../azure-sdk-for-python_tmp/initOutput.json
  cmderr	[automation_init.sh] WARNING: Skipping azure-nspkg as it is not installed.
  command	sh scripts/automation_generate.sh ../azure-sdk-for-python_tmp/generateInput.json ../azure-sdk-for-python_tmp/generateOutput.json
  warn	No package detected after generation

️❌ azure-sdk-for-java failed [Detail]

• ❌Failed [Logs]Release - Generate from 4b13173. SDK Automation 14.0.0

  command	./eng/mgmt/automation/init.sh ../azure-sdk-for-java_tmp/initInput.json ../azure-sdk-for-java_tmp/initOutput.json
  command	./eng/mgmt/automation/generate.py ../azure-sdk-for-java_tmp/generateInput.json ../azure-sdk-for-java_tmp/generateOutput.json
  cmderr	[generate.py] 2021-03-12 02:32:21 INFO [VERSION][Not Found] cannot find version for "com.azure.resourcemanager:azure-resourcemanager-changeanalysis"
  cmderr	[generate.py] 2021-03-12 02:32:21 INFO [VERSION][Not Found] cannot find stable version, current version "1.0.0-beta.1"
  cmderr	[generate.py] 2021-03-12 02:32:21 INFO autorest --version=3.1.0 --use=@autorest/java@4.0.19 --java.azure-libraries-for-java-folder=/home/vsts/work/1/s/azure-sdk-for-java --java.output-folder=/home/vsts/work/1/s/azure-sdk-for-java/sdk/changeanalysis/azure-resourcemanager-changeanalysis --java.namespace=com.azure.resourcemanager.changeanalysis   --java --pipeline.modelerfour.additional-checks=false --pipeline.modelerfour.lenient-model-deduplication=true --azure-arm --verbose --sdk-integration --fluent=lite --java.fluent=lite --java.license-header=MICROSOFT_MIT_SMALL ../azure-rest-api-specs/specification/changeanalysis/resource-manager/readme.md
  cmderr	[generate.py] FATAL: Error: Not able to process media type default at this moment.
  cmderr	[generate.py]   Error: Plugin modelerfour reported failure.
  cmderr	[generate.py] 2021-03-12 02:32:42 ERROR [GENERATE] Autorest fail
  cmderr	[generate.py] 2021-03-12 02:32:49 ERROR [COMPILE] Maven build fail
  ENOENT: no such file or directory, stat 'azure-sdk-for-java/sdk/changeanalysis/azure-resourcemanager-changeanalysis/pom.xml'
  Error: ENOENT: no such file or directory, stat 'azure-sdk-for-java/sdk/changeanalysis/azure-resourcemanager-changeanalysis/pom.xml'

• ️✔️azure-resourcemanager-changeanalysis [View full logs] 

  error	Fatal error: ENOENT: no such file or directory, stat 'azure-sdk-for-java/sdk/changeanalysis/azure-resourcemanager-changeanalysis/pom.xml'
  error	The following packages are still pending:
  error		azure-resourcemanager-changeanalysis

️⚠️ azure-sdk-for-js warning [Detail]

• ⚠️Warning [Logs]Release - Generate from 4b13173. SDK Automation 14.0.0

  warn	Skip initScript due to not configured
  command	autorest --version=V2 --typescript --license-header=MICROSOFT_MIT_NO_VERSION --use=@microsoft.azure/autorest.typescript@4.4.4 --typescript-sdks-folder=/home/vsts/work/1/s/azure-sdk-for-js/azure-sdk-for-js ../../azure-rest-api-specs/specification/changeanalysis/resource-manager/readme.md
  warn	No file changes detected after generation
  warn	No package detected after generation

️️✔️[Staging] ApiDocPreview succeeded [Detail] [Expand]

 Please click here to preview with your @microsoft account. 

_{Posted by Swagger Pipeline | How to fix these errors?}

[openapi-workflow-bot]

Hi, @yantang-msft your PR are labelled with WaitForARMFeedback. A notification email will be sent out shortly afterwards to notify ARM review board(armapireview@microsoft.com). cc @ruowan

[openapi-workflow-bot]

Hi @yantang-msft, Your PR has some issues. Please fix the CI sequentially by following the order of Avocado, semantic validation, model validation, breaking change, lintDiff.

Task	How to fix	Priority	Support (Microsoft alias)
Avocado	Fix-Avocado	High	ruowan
Semantic validation	Fix-SemanticValidation-Error	High	raychen, jianyxi
Model validation	Fix-ModelValidation-Error	High	raychen,jianyxi
LintDiff	Fix-LintDiff	high	jianyxi, ruoxuan

If you need further help, please feedback via swagger feedback."

[j5lim]

GET should not return a secret (e.g. connection string)

[yantang-msft]

@j5lim Is this a hard requirement that GET API should never return secret? Like ARM established the semantics that GET API means there is no secret data?
We set this API as Unauthorized in ARM manifest, and we do the RBAC check ourselves. As the description of the API said, the customer data will be masked if user doesn't have permission, but if they have permission, we will show them the value.

We definitely want to show the value to the customer if they have permission, if it's a hard requirement not to use GET, what do you recommend?

[yantang-msft]

Switched to POST method.

[j5lim]

Yes, it is a hard requirement. https://armwiki.azurewebsites.net/rp_onboarding/process/property_design_best_practices.html?q=secret#secrets

POST should be used to return secrets.

[yantang-msft]

@j5lim Thank for the link. I also added the x-ms-secret tag.

Only the resource level query (POST /resourceChanges) may contain secret value, subscription and resource group level query (GET /changes) guarantee the secret values are masked. While in the swagger, they share the same model.
Let me know if you think we should create a different model (e.g., PropertyChangeHasSecret and PropertyChangeNoSecret) just to differentiate the x-ms-secret tag.

[j5lim]

I think GET response won't allow x-ms-secret set to true, so you will need to have a different model.

[yantang-msft]

@j5lim The Swagger Model validation reports error even for the POST method: https://github.com/Azure/azure-rest-api-specs/pull/13285/checks?check_run_id=2072083599
Is there anything I missed or maybe it's a bug of the validation tool? It's asking me to remove those properties, while we do want to return it.

SECRET_PROPERTY
Output Message: Secret property {0} cannot be sent in the response.

Description: The secret is not allowed to return in response when it's annotated with x-ms-secret:true.

How to fix the violation: Remove this secret value from the response.

Or maybe I misunderstood this tag? i.e., it's meant for the properties that RP never want to return regardless the GET/POST methods? Any in our case since we do want to return them, we shouldn't add this tag? I'll remove this tag for now.

[yantang-msft]

I talked to Ray Chen, we can ignore the validation error on POST method. To be more specific, I can ping him to get it approved. So I'll add the x-ms-secret tag back and create different models.

[j5lim]

I think it's okay as it is. You can add x-ms-secret for POST but I think it's not necessary.

[j5lim]

Approved from ARM side.

[ruowan]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 2 pipeline(s).