Batch Mangement Plane 2025-06-01

[wiboris]

ARM (Control Plane) API Specification Update Pull Request

Tip

Overwhelmed by all this guidance? See the Getting help section at the bottom of this PR description.

PR review workflow diagram

Please understand this diagram before proceeding. It explains how to get your PR approved & merged.

Purpose of this PR

What's the purpose of this PR? Check the specific option that applies. This is mandatory!

• New resource provider.
• New API version for an existing resource provider. (If API spec is not defined in TypeSpec, the PR should have been created in adherence to OpenAPI specs PR creation guidance).
• Update existing version for a new feature. (This is applicable only when you are revising a private preview API version.)
• Update existing version to fix OpenAPI spec quality issues in S360.
• Convert existing OpenAPI spec to TypeSpec spec (do not combine this with implementing changes for a new API version).
• Other, please clarify:
  • edit this with your clarification

Due diligence checklist

To merge this PR, you must go through the following checklist and confirm you understood
and followed the instructions by checking all the boxes:

• I confirm this PR is modifying Azure Resource Manager (ARM) related specifications, and not data plane related specifications.
• I have reviewed following Resource Provider guidelines, including
  ARM resource provider contract and
  REST guidelines (estimated time: 4 hours).
  I understand this is required before I can proceed to the diagram Step 2, "ARM API changes review", for this PR.
• A release plan has been created. If not, please create one as it will help guide you through the REST API and SDK creation process.

Additional information

Viewing API changes

For convenient view of the API changes made by this PR, refer to the URLs provided in the table
in the Generated ApiView comment added to this PR. You can use ApiView to show API versions diff.

Suppressing failures

If one or multiple validation error/warning suppression(s) is detected in your PR, please follow the
suppressions guide to get approval.

Getting help

• First, please carefully read through this PR description, from top to bottom. Please fill out the Purpose of this PR and Due diligence checklist.
• If you don't have permissions to remove or add labels to the PR, request write access per aka.ms/azsdk/access#request-access-to-rest-api-or-sdk-repositories
• To understand what you must do next to merge this PR, see the Next Steps to Merge comment. It will appear within few minutes of submitting this PR and will continue to be up-to-date with current PR state.
• For guidance on fixing this PR CI check failures, see the hyperlinks provided in given failure
  and https://aka.ms/ci-fix.
• For help with ARM review (PR workflow diagram Step 2), see https://aka.ms/azsdk/pr-arm-review.
• If the PR CI checks appear to be stuck in queued state, please add a comment with contents /azp run.
  This should result in a new comment denoting a PR validation pipeline has started and the checks should be updated after few minutes.
• If the help provided by the previous points is not enough, post to https://aka.ms/azsdk/support/specreview-channel and link to this PR.
• For guidance on SDK breaking change review, refer to https://aka.ms/ci-fix.

[openapi-pipeline-app]

Next Steps to Merge

Next steps that must be taken to merge this PR:

• ❌ This PR is in purview of the ARM review (label: ARMReview). This PR must get ARMSignedOff label from an ARM reviewer.
  This PR has ARMChangesRequested label. Please address or respond to feedback from the ARM API reviewer.
  When you are ready to continue the ARM API review, please remove the ARMChangesRequested label.
  Automation should then add WaitForARMFeedback label.
  ❗If you don't have permissions to remove the label, request write access per aka.ms/azsdk/access#request-access-to-rest-api-or-sdk-repositories.
  For details of the ARM review, see aka.ms/azsdk/pr-arm-review
  
• ❌ The required check named Automated merging requirements met has failed. This is the final check that must pass. Refer to the check in the PR's 'Checks' tab for details on how to fix it and consult the aka.ms/ci-fix guide. In addition, refer to step 4 in the PR workflow diagram

[openapi-pipeline-app]

PR validation pipeline restarted successfully. If there is ApiView generated, it will be updated in this comment.

[github-actions]

API Change Check

APIView identified API level changes in this PR and created the following API reviews

Language	API Review for Package
Swagger	Microsoft.Batch
Go	sdk/resourcemanager/batch/armbatch
Java	com.azure.resourcemanager:azure-resourcemanager-batch
JavaScript	@azure/arm-batch
Python	azure-mgmt-batch

[rkmanda]

  "type": "object",

pl follow the quidance for CMK described here - https://github.com/cloud-and-ai-microsoft/resource-provider-contract/blob/b32b6e22b3a151049fdfd5275eb0c748185a94bc/v1.0/common-api-contracts.md?plain=1#L198

---

Refers to: specification/batch/resource-manager/Microsoft.Batch/stable/2025-06-01/BatchManagement.json:6543 in 13f5ea6. [](commit_id = 13f5ea6, deletion_comment = False)

[wiboris]

@rkmanda The removal of default value for jobDefaultOrder was due to a LintDiff failure saying that "Properties of a PATCH request body must not have default value, property:jobDefaultOrder
https://github.com/Azure/azure-rest-api-specs/pull/35105/checks?check_run_id=43499834040

[mentat9]

@wiboris - I didn't see anything addressing this comment: #35105 (comment). Please take a look.

[mentat9]

@wiboris - I didn't see anything addressing this comment: #35105 (comment). Please take a look.

This link might render better: https://github.com/cloud-and-ai-microsoft/resource-provider-contract/blob/b32b6e22b3a151049fdfd5275eb0c748185a94bc/v1.0/common-api-contracts.md#customer-managed-key-encryption.

[wenxiangMS]

Thanks for your comments, @mentat9 , @rkmanda

In my understanding to the infrastructureEncryption , this property should be added when we allow customer to disable infrastructure encryption, and it is preferred to make infrastructure (aka platform) encryption mandatory. So this property is related to how we behave on the platform-level encryption.

However, supporting CustomerManagedKey in Batch does not affect the platform-level encryption, and the setting on platform-level encryption did not ever change. Besides, we always use the server-side encryption (https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption) to encrypt disks, no matter if CustomerManagedKey or other encryption methods are enabled. So I think we do not need to add this property.

[rkmanda]

Thanks for your comments, @mentat9 , @rkmanda

In my understanding to the infrastructureEncryption , this property should be added when we allow customer to disable infrastructure encryption, and it is preferred to make infrastructure (aka platform) encryption mandatory. So this property is related to how we behave on the platform-level encryption.

However, supporting CustomerManagedKey in Batch does not affect the platform-level encryption, and the setting on platform-level encryption did not ever change. Besides, we always use the server-side encryption (https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption) to encrypt disks, no matter if CustomerManagedKey or other encryption methods are enabled. So I think we do not need to add this property.

Thats fair but how about the rest of the property structure?

the recommendation is to use the payload structure as defined in the RPC

encryption
customerManagedKeyEncryption
keyEncryptionKeyUrl

etc.