Implement Azure IaC generator with Bicep and diagram support#2053
Implement Azure IaC generator with Bicep and diagram support#2053Ba4bes wants to merge 6 commits intomicrosoft:mainfrom
Conversation
Co-authored-by: Copilot <copilot@github.com>
There was a problem hiding this comment.
Pull request overview
Adds a new azure-iac-generator skill to generate modular Bicep templates from either (1) a live Azure environment or (2) a Draw.io diagram, along with unit/trigger/integration tests and supporting reference docs.
Changes:
- Introduces the
azure-iac-generatorskill with routing and required guidance for Azure→Bicep and Diagram→Bicep workflows. - Adds a comprehensive reference set (resource extraction maps, workflows, verification rules, diagram parsing, etc.).
- Adds unit tests, trigger tests (with snapshots), and integration tests; registers the skill in
tests/skills.json.
Reviewed changes
Copilot reviewed 23 out of 23 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/skills.json | Registers the new skill and includes it in the integration test schedule. |
| tests/azure-iac-generator/unit.test.ts | Validates SKILL.md metadata/frontmatter and required content expectations for the new skill. |
| tests/azure-iac-generator/triggers.test.ts | Adds trigger coverage for positive/negative prompts plus snapshot assertions. |
| tests/azure-iac-generator/integration.test.ts | Adds end-to-end integration coverage for invocation rate and basic output artifacts. |
| tests/azure-iac-generator/snapshots/triggers.test.ts.snap | Snapshots expected extracted keywords/description keyword extraction for routing stability. |
| plugin/skills/azure-iac-generator/SKILL.md | New skill definition, routing, required references, output structure, and error handling. |
| plugin/skills/azure-iac-generator/references/version-currency.md | Rules for API/runtime version currency in generated IaC. |
| plugin/skills/azure-iac-generator/references/resource-configs-platform.md | Platform/integration resource property extraction mapping. |
| plugin/skills/azure-iac-generator/references/resource-configs-network.md | Network resource property extraction mapping. |
| plugin/skills/azure-iac-generator/references/resource-configs-data.md | Data/storage resource property extraction mapping. |
| plugin/skills/azure-iac-generator/references/resource-configs-compute.md | Compute/container resource property extraction mapping. |
| plugin/skills/azure-iac-generator/references/procedures/resource-filtering.md | Filtering rules for excluding non-deployable/auto-generated resources. |
| plugin/skills/azure-iac-generator/references/procedures/diagram-parsing.md | Procedure to parse Draw.io XML into a resource model. |
| plugin/skills/azure-iac-generator/references/procedures/bicep-parsing.md | Procedure to parse Bicep + modules into a comparable resource model. |
| plugin/skills/azure-iac-generator/references/procedures/azure-authentication.md | Hard-gate authentication procedure for live-Azure extraction. |
| plugin/skills/azure-iac-generator/references/diagram-to-bicep-workflow.md | Diagram-driven workflow steps and param merge rules. |
| plugin/skills/azure-iac-generator/references/bicep-best-practices.md | Bicep generation rules + param commenting/secrets guidance. |
| plugin/skills/azure-iac-generator/references/azure-to-bicep-workflow.md | Live-Azure reverse-engineering workflow steps and hard gates. |
| plugin/skills/azure-iac-generator/references/azure-stencil-mapping.json | Draw.io azure2 stencil imagePath → resource type mapping. |
| plugin/skills/azure-iac-generator/references/azure-resource-model.md | Canonical intermediate resource model schema used across workflows. |
| plugin/skills/azure-iac-generator/references/azure-resource-configs.md | Index document linking to per-category resource config maps + rules. |
| plugin/skills/azure-iac-generator/references/azure-deployment-verification.md | Pre-deployment verification rules (SKU dependencies, networking constraints, etc.). |
| plugin/skills/azure-iac-generator/references/auto-detection-rules.md | Topology-driven auto-settings applied during generation. |
|
@jongio @tmeschter And... I did it again. Created this to replace #1892 Previous comments as far as I can see were resolved, found a few bugs myself and will wait for copilot for extra feedback :) |
Co-authored-by: Copilot <copilot@github.com>
…rator; enhance error handling and resource filtering guidelines. Co-authored-by: Copilot <copilot@github.com>
|
Fixed some incosistencies in the skill-files as well |
jongio
left a comment
jongio
left a comment
There was a problem hiding this comment.
- Frontmatter version is
0.0.0-placeholder- should be1.0.0per repo conventions for new skills. - Stencil mapping JSON is missing 7 resource types that the resource model lists. Diagrams with those icons won't parse correctly.
version.jsonisn't referenced by any build tooling in this repo and can be removed.- Trigger tests need boundary prompts that route to other skills to catch routing conflicts.
azure-authentication.md and bicep-parsing.md are missing trailing newlines.
…ew Azure resource types to stencil mapping Co-authored-by: Copilot <copilot@github.com>
jongio
left a comment
jongio
left a comment
There was a problem hiding this comment.
Three items the existing reviews didn't cover - all related to correctness of generated Bicep when the skill runs.
- Storage private endpoint group IDs default to blob only - won't produce correct Bicep for file/queue/table endpoints
- Diagram edge parsing has no fallback when edges don't carry an explicit stroke color
- Function App type key mismatch between resource-configs-compute.md and the stencil mapping
| | Resource has a Private Endpoint connection | Set `publicNetworkAccess: 'Disabled'` on target resource | | ||
| | App Service connected to a Subnet | Set `vnetIntegrationSubnet` to the subnet reference | | ||
| | Private Endpoint connected to SQL Server | Set `groupIds: ['sqlServer']` | | ||
| | Private Endpoint connected to Storage Account | Set `groupIds: ['blob']` | |
There was a problem hiding this comment.
Storage accounts support multiple private endpoint group IDs: blob, file, queue, table, web, dfs. Hardcoding ['blob'] here means any PE targeting file shares, queues, or tables will get incorrect Bicep. Consider making this conditional on the connection target, or at minimum document this as a blob-only default.
| | `strokeColor=#0078D4` | `connects` (data flow) | | ||
| | `strokeColor=#E81123` | `secures` (security / private link) | | ||
| | `strokeColor=#999999` + `dashed=1` | `depends` (dependency) | | ||
| | `strokeColor=#00A4EF` + `dashed=1` | `peers` (network link) | |
There was a problem hiding this comment.
This color-based mapping works when users follow the convention, but most Draw.io edges use the default style with no explicit strokeColor. What relationship type gets assigned when an edge has no matching color? A default (e.g., fall back to connects for unmatched edges) would prevent silent drops or errors on real-world diagrams.
| | publicNetworkAccess | `properties.publicNetworkAccess` | | | ||
| | vnetIntegrationSubnet | `properties.virtualNetworkSubnetId` | | | ||
|
|
||
| ### Microsoft.Web/sites/functions |
There was a problem hiding this comment.
Type mismatch: Microsoft.Web/sites/functions in ARM refers to an individual function within a function app (a child resource). The function app itself is Microsoft.Web/sites with kind containing functionapp - which the stencil mapping represents as Microsoft.Web/sites[functionapp]. The az functionapp show fallback is correct for the app-level resource, but this heading should align with the stencil mapping's discriminator pattern to avoid confusion during diagram-to-model resolution.
| license: MIT | ||
| metadata: | ||
| author: Microsoft | ||
| version: "1.0.0" |
There was a problem hiding this comment.
You'll need to update this to "0.0.0-placeholder" and create a version.json file with the initial major.minor version. After that, versions numbers are updated automatically.
See other skills for examples.
Description
Created to replace #1892 was messed up with some creative use of git.
Adds azure-iac-generator, to create bicep templates based on either draw.io diagrams or based on the live Azure environment
Checklist
cd tests && npm test)npm run test:skills:integration -- <skill>)USE FOR/DO NOT USE FOR/PREFER OVERclauses: confirmed no routing regressions for competing skillsRelated Issues