microsoft · raffertyuy · May 30, 2025 · May 26, 2025 · May 26, 2025 · May 26, 2025
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -19,7 +19,7 @@
         "ghcr.io/azure/azure-dev/azd:latest": {},
         "ghcr.io/devcontainers/features/azure-cli:1": {},
         "ghcr.io/devcontainers/features/terraform:1": {
-            "terraformVersion": "1.11.3",
+            "terraformVersion": "1.12.1",
             "installTFsec": true,
             "tflint": "0.53.0",
             "installTerraformDocs": true

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -2,7 +2,7 @@
 
 ## Quick Reference Summary
 
-- **Provider:** AzureRM v4.26 only
+- **Provider:** AzAPI v2.4.0 only
 - **Run Location:** Always from project root
 - **Sensitive Data:** Never hardcode credentials or subscription IDs
 - **Module Verification:** Always check resource arguments against latest provider docs
@@ -13,7 +13,7 @@
 ---
 
 ## DO
-- Use only AzureRM provider version 4.26
+- Use only AzAPI provider version 2.4.0
 - Place all resource modules in `/modules/` and examples in `/examples/`
 - Use dynamic blocks for optional/flexible config
 - Use nested maps and strongly-typed objects for variables
@@ -24,14 +24,15 @@
 - Add input validation in `variables.tf`
 - Add a working example for every resource/module
 - Update module README.md with usage and examples
-- Reference provider docs for every resource: https://registry.terraform.io/providers/hashicorp/azurerm/4.26.0/docs/resources/<resource>
+- Reference provider docs for every resource: https://registry.terraform.io/providers/Azure/azapi/2.4.0/docs/resources/<resource>
+- Use the Azure MCP server to find the latest API version, detailed schema, and attributes for each resource implemented.
 
 ## DO NOT
 - Do not embed subscription IDs or credentials in code/config
 - Do not use untyped or weakly-typed variables
 - Do not skip example creation for new/changed resources
 - Do not commit without running `terraform fmt` and `terraform validate`
-- Do not use provider versions other than 4.26
+- Do not use provider versions other than 2.4.0
 
 ---
 
@@ -62,21 +63,23 @@
 
 **Resource Creation:**
 ```hcl
-resource "azurecaf_name" "name" {
+resource "azurecaf_name" "this" {
   name          = var.name
-  resource_type = "azurerm_resource_type"
+  resource_type = "general"
   prefixes      = var.global_settings.prefixes
   random_length = var.global_settings.random_length
   clean_input   = true
   passthrough   = var.global_settings.passthrough
   use_slug      = var.global_settings.use_slug
 }
 
-resource "azurerm_resource" "resource" {
-  name                = azurecaf_name.name.result
-  location            = var.location
-  resource_group_name = var.resource_group_name
-  tags                = local.tags
+resource "azapi_resource" "this" {
+  name        = azurecaf_name.this.result
+  location    = var.location
+  parent_id   = var.parent_id
+  type        = var.resource_type
+  api_version = var.api_version
+  tags        = local.tags
   # Resource-specific properties
 }
 ```
@@ -221,6 +224,56 @@ resource "azurerm_key_vault" "kv" {
 
 ---
 
+## Azure API Property Naming and Data Type Conventions
+
+### DevCenter API Specifics (API Version 2025-04-01-preview)
+When working with Azure DevCenter resources, be aware of these critical naming and data type requirements:
+
+**Property Naming Convention:**
+- Azure DevCenter API requires camelCase property names in the request body
+- Terraform variables use snake_case for consistency
+- Always map snake_case variable names to camelCase API properties
+
+**Common Property Mappings:**
+```hcl
+# Variable (snake_case) → API Property (camelCase)
+install_azure_monitor_agent_enable_installation → installAzureMonitorAgentEnableStatus
+microsoft_hosted_network_enable_status → microsoftHostedNetworkEnableStatus
+catalog_item_sync_enable_status → catalogItemSyncEnableStatus
+```
+
+**Data Type Requirements:**
+- Many DevCenter "enable" properties expect string values, not booleans
+- Use `"Enabled"` or `"Disabled"` instead of `true`/`false`
+- Always verify expected data types in Azure API documentation
+
+**Example Implementation:**
+```hcl
+# Variable definition (snake_case, string type)
+variable "dev_box_provisioning_settings" {
+  type = object({
+    install_azure_monitor_agent_enable_installation = optional(string, "Enabled")
+  })
+}
+
+# API body mapping (camelCase)
+body = {
+  properties = {
+    devBoxProvisioningSettings = {
+      installAzureMonitorAgentEnableStatus = try(var.settings.dev_box_provisioning_settings.install_azure_monitor_agent_enable_installation, "Enabled")
+    }
+  }
+}
+```
+
+**Validation Approach:**
+- Always run `terraform plan` to validate API compatibility
+- Check Azure API documentation for exact property names and types
+- Use Azure MCP server tools to verify latest API schemas
+- Test with actual API calls when implementing new resource properties
+
+---
+
 ## Security Best Practices
 - Use `sensitive = true` for secret variables
 - Never hardcode credentials
@@ -236,13 +289,13 @@ resource "azurerm_key_vault" "kv" {
 - See `/examples/` for implementation
 - See `docs/conventions.md` for standards
 - See `docs/module_guide.md` for module development
-- Always verify resource arguments at: https://registry.terraform.io/providers/hashicorp/azurerm/4.26.0/docs/resources/<resource>
+- Always verify resource arguments at: https://registry.terraform.io/providers/Azure/azapi/2.4.0/docs/resources/<resource>
 
 ---
 
 ## AI Assistant Prompt Guidance
 - When asked to generate Terraform code, always:
-  - Use AzureRM provider v4.26
+  - Use AzAPI provider v2.4.0
   - Use strong typing and validation for variables
   - Add an example in `/examples/`
   - Reference provider documentation for all arguments

diff --git a/.github/workflows/terraform-lint.yml b/.github/workflows/terraform-lint.yml
@@ -19,6 +19,8 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup TFLint
         uses: terraform-linters/setup-tflint@v4

diff --git a/.github/workflows/terraform-security-msdo.yml b/.github/workflows/terraform-security-msdo.yml
@@ -19,6 +19,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
       - uses: microsoft/security-devops-action@v1.12.0
         id: msdo
         with:

diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml
@@ -5,7 +5,10 @@ on:
       - "**.tf"
       - "**.tfvars"
       - "**.tftest.hcl"
+      - "tests/run_test.sh"
+      - "tests/run_tests.sh"
       - ".github/workflows/terraform-tests.yml"
+  workflow_dispatch:
 
 permissions:
   contents: read
@@ -16,9 +19,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.11.4
+          terraform_version: 1.12.1
       - name: Terraform Init
         run: terraform init -backend=false
       - name: Terraform Format
@@ -31,9 +36,10 @@ jobs:
     outputs:
       unit_tests: ${{ steps.find-unit-tests.outputs.tests }}
       integration_tests: ${{ steps.find-integration-tests.outputs.tests }}
-      example_tests: ${{ steps.find-example-tests.outputs.tests }}
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
       - name: Find unit tests
         id: find-unit-tests
         run: |
@@ -44,11 +50,6 @@ jobs:
         run: |
           TESTS=$(find tests/integration -name "*_test.tftest.hcl" -type f | jq -R -s -c 'split("\n")[:-1]')
           echo "tests=$TESTS" >> $GITHUB_OUTPUT
-      - name: Find example tests
-        id: find-example-tests
-        run: |
-          TESTS=$(find tests/examples -name "*_test.tftest.hcl" -type f | jq -R -s -c 'split("\n")[:-1]')
-          echo "tests=$TESTS" >> $GITHUB_OUTPUT
 
   unit-tests:
     needs: [pre-check, discover-tests]
@@ -59,13 +60,19 @@ jobs:
         test: ${{fromJson(needs.discover-tests.outputs.unit_tests)}}
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.11.4
+          terraform_version: 1.12.1
       - name: Terraform Init
         run: terraform init -backend=false
-      - name: Run Test
-        run: terraform test -verbose "${{ matrix.test }}"
+      - name: Run Unit Test
+        run: |
+          TEST_DIR=$(dirname "${{ matrix.test }}")
+          cd $TEST_DIR
+          terraform init -input=false
+          terraform test -verbose $(basename "${{ matrix.test }}")
 
   integration-tests:
     needs: [pre-check, discover-tests]
@@ -76,27 +83,34 @@ jobs:
         test: ${{fromJson(needs.discover-tests.outputs.integration_tests)}}
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.11.4
+          terraform_version: 1.12.1
       - name: Terraform Init
         run: terraform init -backend=false
-      - name: Run Test
-        run: terraform test -verbose "${{ matrix.test }}"
+      - name: Run Integration Test
+        run: |
+          TEST_DIR=$(dirname "${{ matrix.test }}")
+          cd $TEST_DIR
+          terraform init -input=false
+          terraform test -verbose $(basename "${{ matrix.test }}")
 
-  example-tests:
-    needs: [pre-check, discover-tests]
-    if: needs.discover-tests.outputs.example_tests != '[]'
+  comprehensive-tests:
+    needs: [unit-tests, integration-tests]
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        test: ${{fromJson(needs.discover-tests.outputs.example_tests)}}
+    if: always()
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.11.4
-      - name: Terraform Init
-        run: terraform init -backend=false
-      - name: Run Test
-        run: terraform test -verbose "${{ matrix.test }}"
+          terraform_version: 1.12.1
+      - name: Make test scripts executable
+        run: |
+          chmod +x tests/run_test.sh
+          chmod +x tests/run_tests.sh
+      - name: Run All Tests
+        run: ./tests/run_tests.sh
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,7 +8,7 @@ repos:
     - id: terraform_docs
     - id: terraform_tflint
     - id: terraform_validate
-    - id: terraform_tfsec
+    - id: terraform_trivy
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v5.0.0
     hooks:

diff --git a/.vscode/tasks.json b/.vscode/tasks.json
@@ -91,6 +91,22 @@
             "group": {
                 "kind": "build"
             }
+        },
+        {
+            "label": "Terraform: Run All Tests",
+            "type": "shell",
+            "command": "/bin/bash",
+            "args": [
+                "-c",
+                "./tests/run_tests.sh"
+            ],
+            "options": {
+                "cwd": "${workspaceFolder}"
+            },
+            "problemMatcher": [],
+            "group": {
+                "kind": "test"
+            }
         }
     ],
     "inputs": [