Skip to content

Update example for Replica Switchover in PostgreSQL#44102

Merged
nasc17 merged 4 commits into
Azure:mainfrom
nasc17:nasc/updateExampleSwitchOver
Jun 29, 2026
Merged

Update example for Replica Switchover in PostgreSQL#44102
nasc17 merged 4 commits into
Azure:mainfrom
nasc17:nasc/updateExampleSwitchOver

Conversation

@nasc17

@nasc17 nasc17 commented Jun 19, 2026

Copy link
Copy Markdown
Member

ARM (Control Plane) API Specification Update Pull Request

Tip

Overwhelmed by all this guidance? See the Getting help section at the bottom of this PR description.

PR review workflow diagram

Please understand this diagram before proceeding. It explains how to get your PR approved & merged.

spec_pr_review_workflow_diagram

Purpose of this PR

What's the purpose of this PR? Check the specific option that applies. This is mandatory!

  • New resource provider.
  • New API version for an existing resource provider. (If API spec is not defined in TypeSpec, the PR should have been created in adherence to OpenAPI specs PR creation guidance).
  • Update existing version for a new feature. (This is applicable only when you are revising a private preview API version.)
  • [X ] Update existing version to fix OpenAPI spec quality issues in S360.
  • Convert existing OpenAPI spec to TypeSpec spec (do not combine this with implementing changes for a new API version).
  • Other, please clarify:
    Update example to show preferred optional property use.
    This is an MSRC vulnerability security issue: The Azure Database for PostgreSQL Flexible Server control-plane action that promotes a read replica (Properties.Replica.PromoteMode = SwitchOver, PromoteOption = Forced) is reported to allow an authorization bypass: a caller can force a replica switchover without holding the required authorization on the linked primary/replica pair.

Due diligence checklist

To merge this PR, you must go through the following checklist and confirm you understood
and followed the instructions by checking all the boxes:

  • I confirm this PR is modifying Azure Resource Manager (ARM) related specifications, and not data plane related specifications.
  • I have reviewed following Resource Provider guidelines, including
    ARM resource provider contract and
    REST guidelines (estimated time: 4 hours).
    I understand this is required before I can proceed to the diagram Step 2, "ARM API changes review", for this PR.
  • A release plan has been created. If not, please create one as it will help guide you through the REST API and SDK creation process.

Additional information

Viewing API changes

For convenient view of the API changes made by this PR, refer to the URLs provided in the table
in the Generated ApiView comment added to this PR. You can use ApiView to show API versions diff.

Suppressing failures

If one or multiple validation error/warning suppression(s) is detected in your PR, please follow the
suppressions guide to get approval.

Getting help

  • First, please carefully read through this PR description, from top to bottom. Please fill out the Purpose of this PR and Due diligence checklist.
  • If you don't have permissions to remove or add labels to the PR, request write access per aka.ms/azsdk/access#request-access-to-rest-api-or-sdk-repositories
  • To understand what you must do next to merge this PR, see the Next Steps to Merge comment. It will appear within few minutes of submitting this PR and will continue to be up-to-date with current PR state.
  • For guidance on fixing this PR CI check failures, see the hyperlinks provided in given failure
    and https://aka.ms/ci-fix.
  • For help with ARM review (PR workflow diagram Step 2), see https://aka.ms/azsdk/pr-arm-review.
  • If the PR CI checks appear to be stuck in queued state, please add a comment with contents /azp run.
    This should result in a new comment denoting a PR validation pipeline has started and the checks should be updated after few minutes.
  • If the help provided by the previous points is not enough, post to https://aka.ms/azsdk/support/specreview-channel and link to this PR.
  • For guidance on SDK breaking change review, refer to https://aka.ms/ci-fix.

@nasc17 nasc17 requested a review from a team as a code owner June 19, 2026 16:44
@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

Next Steps to Merge

✅ All automated merging requirements have been met! To get your PR merged, see aka.ms/azsdk/specreview/merge.

Comment generated by summarize-checks workflow run.

@github-actions github-actions Bot added ARMReview resource-manager WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required labels Jun 19, 2026
@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

API Change Check

APIView identified API level changes in this PR and created the following API reviews

Language API Review for Package
Swagger Microsoft.DBforPostgreSQL
Python azure-mgmt-postgresqlflexibleservers
TypeSpec Microsoft.DBforPostgreSQL
Go sdk/resourcemanager/postgresql/armpostgresqlflexibleservers
JavaScript @azure/arm-postgresql-flexible
C# Azure.ResourceManager.PostgreSql
Java com.azure.resourcemanager:azure-resourcemanager-postgresqlflexibleserver

Comment generated by After APIView workflow run.

@nasc17 nasc17 added NotReadyForARMReview and removed WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required labels Jun 19, 2026
@github-actions github-actions Bot added WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required and removed NotReadyForARMReview labels Jun 19, 2026
@gary-x-li

Copy link
Copy Markdown
Contributor

Please fix Swagger ModelValidation

@gary-x-li gary-x-li added ARMChangesRequested and removed WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required labels Jun 19, 2026
@nasc17 nasc17 added the Versioning-Approved-BugFix https://github.com/Azure/azure-sdk-tools/issues/6374 label Jun 22, 2026
@nasc17 nasc17 added Approved-BreakingChange DO NOT USE! OBSOLETE label. See https://github.com/Azure/azure-sdk-tools/issues/6374 BreakingChange-Approved-BugFix Changes are to correct the REST API definition to correctly describe service behavior and removed Versioning-Approved-BugFix https://github.com/Azure/azure-sdk-tools/issues/6374 Approved-BreakingChange DO NOT USE! OBSOLETE label. See https://github.com/Azure/azure-sdk-tools/issues/6374 ARMChangesRequested labels Jun 22, 2026
@github-actions github-actions Bot added the WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required label Jun 22, 2026
@ravimeda ravimeda added ARMChangesRequested and removed WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required labels Jun 23, 2026
@github-actions github-actions Bot added TypeSpec Authored with TypeSpec VersioningReviewRequired <valid label in PR review process>add this label when versioning review is required NotReadyForARMReview and removed ARMChangesRequested labels Jun 23, 2026
@nasc17 nasc17 added Versioning-Approved-BugFix https://github.com/Azure/azure-sdk-tools/issues/6374 and removed BreakingChange-Approved-BugFix Changes are to correct the REST API definition to correctly describe service behavior NotReadyForARMReview labels Jun 24, 2026
@github-actions github-actions Bot added the WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required label Jun 24, 2026
@nasc17

nasc17 commented Jun 24, 2026

Copy link
Copy Markdown
Member Author

@ravimeda we are updating patch model to show a missing property that is supported in our backend. This property will have to be used for switchover operation to resolve MSRC vulnerability security issue: The Azure Database for PostgreSQL Flexible Server control-plane action that promotes a read replica (Properties.Replica.PromoteMode = SwitchOver, PromoteOption = Forced) is reported to allow an authorization bypass: a caller can force a replica switchover without holding the required authorization on the linked primary/replica pair. We need to have this be visible to customers.

@ravimeda ravimeda left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ARM API Review

Posting findings from the ARM API Reviewer agent (critic-verified, 2 iterations, converged) against commit aa87e4f. See inline comments for finding 1.

Comment thread specification/postgresql/DBforPostgreSQL.Management/models.tsp Outdated
@ravimeda ravimeda added ARMChangesRequested and removed WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required labels Jun 24, 2026
@github-actions github-actions Bot added the WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required label Jun 24, 2026
@ravimeda ravimeda added Approved-Avocado ARMSignedOff <valid label in PR review process>add this label when ARM approve updates after review and removed WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required labels Jun 25, 2026
@nasc17 nasc17 added the PublishToCustomers Acknowledgement the changes will be published to Azure customers. label Jun 26, 2026
@nasc17 nasc17 enabled auto-merge (squash) June 26, 2026 17:30
@nasc17 nasc17 merged commit d4b1d2c into Azure:main Jun 29, 2026
115 of 117 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Approved-Avocado ARMAutoSignedOff-IncrementalTSP ARMReview ARMSignedOff <valid label in PR review process>add this label when ARM approve updates after review PostgreSQL PublishToCustomers Acknowledgement the changes will be published to Azure customers. resource-manager TypeSpec Authored with TypeSpec Versioning-Approved-BugFix https://github.com/Azure/azure-sdk-tools/issues/6374 VersioningReviewRequired <valid label in PR review process>add this label when versioning review is required

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants