Update specs for November TypeSpec release

package.json

@@ -1,41 +1,41 @@
 {
   "name": "azure-rest-api-specs",
   "devDependencies": {
     "@azure-tools/spec-gen-sdk": "~0.9.1",
     "@azure-tools/specs-shared": "file:.github/shared",
     "@azure-tools/typespec-apiview": "0.7.2",
-    "@azure-tools/typespec-autorest": "0.61.1",
-    "@azure-tools/typespec-azure-core": "0.61.0",
-    "@azure-tools/typespec-azure-portal-core": "0.61.0",
-    "@azure-tools/typespec-azure-resource-manager": "0.61.1",
-    "@azure-tools/typespec-azure-rulesets": "0.61.0",
+    "@azure-tools/typespec-autorest": "0.62.0",
+    "@azure-tools/typespec-azure-core": "0.62.0",
+    "@azure-tools/typespec-azure-portal-core": "0.62.0",
+    "@azure-tools/typespec-azure-resource-manager": "0.62.0",
+    "@azure-tools/typespec-azure-rulesets": "0.62.0",
     "@azure-tools/typespec-client-generator-cli": "0.30.0",
-    "@azure-tools/typespec-client-generator-core": "0.61.3",
+    "@azure-tools/typespec-client-generator-core": "0.62.0",
     "@azure-tools/typespec-liftr-base": "0.10.0",
     "@autorest/openapi-to-typespec": "0.11.12",
     "@azure/avocado": "0.10.3",
     "@azure/oad": "0.12.3",
     "@microsoft.azure/openapi-validator": "2.2.4",
     "@microsoft.azure/openapi-validator-core": "1.0.7",
     "@microsoft.azure/openapi-validator-rulesets": "2.1.10",
-    "@typespec/compiler": "1.5.0",
-    "@typespec/http": "1.5.0",
-    "@typespec/sse": "0.75.0",
-    "@typespec/events": "0.75.0",
-    "@typespec/openapi": "1.5.0",
-    "@typespec/openapi3": "1.5.0",
-    "@typespec/prettier-plugin-typespec": "1.5.0",
-    "@typespec/rest": "0.75.0",
-    "@typespec/streams": "0.75.0",
-    "@typespec/versioning": "0.75.0",
-    "@typespec/xml": "0.75.0",
+    "@typespec/compiler": "1.6.0",
+    "@typespec/http": "1.6.0",
+    "@typespec/sse": "0.76.0",
+    "@typespec/events": "0.76.0",
+    "@typespec/openapi": "1.6.0",
+    "@typespec/openapi3": "1.6.0",
+    "@typespec/prettier-plugin-typespec": "1.6.0",
+    "@typespec/rest": "0.76.0",
+    "@typespec/streams": "0.76.0",
+    "@typespec/versioning": "0.76.0",
+    "@typespec/xml": "0.76.0",
     "azure-rest-api-specs-eng-tools": "file:eng/tools",
     "oav": "4.0.2",
     "prettier": "~3.6.2",
     "typescript": "~5.9.2"
   },
   "overrides": {
-    "@typespec/asset-emitter": "0.75.0",
+    "@typespec/asset-emitter": "0.76.0",
     "superagent": "^10.2.3"
   },
   "engines": {

specification/ai/Azure.AI.Agents/run_steps/routes.tsp

@@ -6,9 +6,7 @@ import "./models.tsp";
 import "../common/models.tsp";
 import "../servicepatterns.tsp";
 
-using TypeSpec.Rest;
 using TypeSpec.Http;
-using TypeSpec.Versioning;
 using Azure.Core.Foundations;
 
 namespace Azure.AI.Agents {

specification/appcomplianceautomation/AppComplianceAutomation.Management/models/models.tsp

@@ -1043,6 +1043,7 @@ model WebhookProperties {
   /**
    * webhook secret token. If not set, this field value is null; otherwise, please set a string value.
    */
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @pattern("^.{0,2048}$")
   webhookKey?: string;
 

specification/appconfiguration/resource-manager/Microsoft.AppConfiguration/AppConfiguration/models.tsp

@@ -4,11 +4,8 @@ import "@typespec/versioning";
 import "@azure-tools/typespec-azure-core";
 import "@azure-tools/typespec-azure-resource-manager";
 
-using TypeSpec.Rest;
-using TypeSpec.Http;
 using TypeSpec.Versioning;
 using Azure.ResourceManager;
-using Azure.ResourceManager.Foundations;
 
 namespace Microsoft.AppConfiguration;
 
@@ -720,7 +717,7 @@ model OperationDefinitionListResult {
   /**
    * The collection value.
    */
-  @OpenAPI.extension("x-ms-identifiers", #["name"])
+  @identifiers(#["name"])
   @pageItems
   value?: OperationDefinition[];
 
@@ -739,13 +736,13 @@ model ServiceSpecification {
   /**
    * Specifications of the Log for Azure Monitoring
    */
-  @OpenAPI.extension("x-ms-identifiers", #["name"])
+  @identifiers(#["name"])
   logSpecifications?: LogSpecification[];
 
   /**
    * Specifications of the Metrics for Azure Monitoring
    */
-  @OpenAPI.extension("x-ms-identifiers", #["name"])
+  @identifiers(#["name"])
   metricSpecifications?: MetricSpecification[];
 }
 
@@ -806,7 +803,7 @@ model MetricSpecification {
   /**
    * Dimensions of the metric
    */
-  @OpenAPI.extension("x-ms-identifiers", #["name"])
+  @identifiers(#["name"])
   dimensions?: MetricDimension[];
 
   /**
@@ -868,6 +865,7 @@ model KeyValueProperties {
    * The primary identifier of a key-value.
    * The key is used in unison with the label to uniquely identify a key-value.
    */
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @visibility(Lifecycle.Read)
   key?: string;
 
@@ -997,7 +995,7 @@ model SnapshotProperties {
   /**
    * A list of filters used to filter the key-values included in the snapshot.
    */
-  @OpenAPI.extension("x-ms-identifiers", #[])
+  @identifiers(#[])
   @minItems(1)
   @maxItems(3)
   filters: KeyValueFilter[];
@@ -1061,6 +1059,7 @@ model KeyValueFilter {
   /**
    * Filters key-values by their key field.
    */
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   key: string;
 
   /**

specification/attestation/data-plane/Attestation/models.tsp

@@ -2,8 +2,6 @@ import "@typespec/rest";
 import "@typespec/http";
 import "@azure-tools/typespec-client-generator-core";
 
-using Azure.ClientGenerator.Core;
-
 namespace AttestationService;
 
 /**
@@ -489,7 +487,6 @@ model JsonWebKeySet {
    * can choose to assign a meaning to the order for their purposes, if
    * desired.
    */
-  @OpenAPI.extension("x-ms-identifiers", #[])
   keys?: JsonWebKey[];
 }
 

specification/attestation/data-plane/Attestation/stable/2025-06-01/attestation.json

@@ -1531,8 +1531,7 @@
           "description": "The value of the \"keys\" parameter is an array of JWK values.  By\ndefault, the order of the JWK values within the array does not imply\nan order of preference among them, although applications of JWK Sets\ncan choose to assign a meaning to the order for their purposes, if\ndesired.",
           "items": {
             "$ref": "#/definitions/JsonWebKey"
-          },
-          "x-ms-identifiers": []
+          }
         }
       }
     },

specification/awsconnector/ApiGatewayRestApi.Management/main.tsp

@@ -130,6 +130,7 @@ model S3Location {
   @doc("The Amazon S3 ETag (a file checksum) of the OpenAPI file. If you don't specify a value, API Gateway skips ETag validation of your OpenAPI file.")
   eTag?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("The file name of the OpenAPI file (Amazon S3 object name).")
   key?: string;
 

specification/awsconnector/AutoScalingAutoScalingGroup.Management/main.tsp

@@ -270,6 +270,7 @@ model NotificationConfiguration {
 #suppress "@azure-tools/typespec-client-generator-core/property-name-conflict" "AWSConnector will not generate SDK. So, supressing this error"
 @doc("Definition of TagProperty")
 model TagProperty {
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("The tag key.")
   key?: string;
 

specification/awsconnector/CloudFormationStack.Management/main.tsp

@@ -163,6 +163,7 @@ model Output {
   @doc("Property exportName")
   exportName?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("Property outputKey")
   outputKey?: string;
 

specification/awsconnector/CloudFormationStackSet.Management/main.tsp

@@ -207,6 +207,7 @@ union OperationPreferencesRegionConcurrencyType {
 #suppress "@azure-tools/typespec-client-generator-core/property-name-conflict" "AWSConnector will not generate SDK. So, supressing this error"
 @doc("Definition of Parameter")
 model Parameter {
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("The key associated with the parameter. If you don't specify a key and value for a particular parameter, AWS CloudFormation uses the default value that is specified in your template.")
   parameterKey?: string;
 

specification/awsconnector/CodeBuildProject.Management/main.tsp

@@ -89,6 +89,7 @@ model AwsCodeBuildProjectProperties {
   @doc("<p>A description that makes the build project easy to identify.</p>")
   description?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("<p>The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.</p> <note> <p>You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key. </p> </note> <p>You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format <code>alias/&lt;alias-name&gt;</code>). If you don't specify a value, CodeBuild uses the managed CMK for Amazon Simple Storage Service (Amazon S3). </p>")
   encryptionKey?: string;
 
@@ -756,6 +757,7 @@ model Webhook {
   @doc("<p>The CodeBuild endpoint where webhook events are sent.</p>")
   payloadUrl?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("<p>The secret token of the associated repository. </p> <note> <p>A Bitbucket webhook does not support <code>secret</code>. </p> </note>")
   secret?: string;
 
@@ -853,6 +855,7 @@ model ProjectFleet {
 #suppress "@azure-tools/typespec-client-generator-core/property-name-conflict" "AWSConnector will not generate SDK. So, supressing this error"
 @doc("Definition of RegistryCredential")
 model RegistryCredential {
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("<p> The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager. </p> <note> <p> The <code>credential</code> can use the name of the credentials only if they exist in your current Amazon Web Services Region. </p> </note>")
   credential?: string;
 

specification/awsconnector/Ec2Instance.Management/main.tsp

@@ -76,6 +76,7 @@ model AwsEc2InstanceProperties {
   @doc("<p>Information about the Capacity Reservation targeting option.</p>")
   capacityReservationSpecification?: CapacityReservationSpecificationResponse;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("<p>The idempotency token you provided when you launched the instance, if applicable.</p>")
   clientToken?: string;
 

specification/awsconnector/EcrRepository.Management/main.tsp

@@ -117,6 +117,7 @@ model EncryptionConfiguration {
   @doc("The encryption type to use. If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with KMSlong key stored in KMS. When you use KMS to encrypt your data, you can either use the default AWS managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see [Protecting data using server-side encryption with an key stored in (SSE-KMS)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html) in the *Amazon Simple Storage Service Console Developer Guide*. If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see [Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the *Ama The encryption type to use.")
   encryptionType?: EncryptionConfigurationEncryptionType;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("If you use the ``KMS`` encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used. If you use the KMS encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used.")
   kmsKey?: string;
 }

specification/awsconnector/EcsService.Management/main.tsp

@@ -573,6 +573,7 @@ model ServiceConnectTlsConfiguration {
   @doc("The signer certificate authority. An object that represents the AWS Private Certificate Authority certificate.")
   issuerCertificateAuthority?: ServiceConnectTlsCertificateAuthority;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("The AWS Key Management Service key.")
   kmsKey?: string;
 

specification/awsconnector/EksCluster.Management/main.tsp

@@ -66,6 +66,7 @@ model AwsEksClusterProperties {
   @doc("<p>The <code>certificate-authority-data</code> for your cluster.</p>")
   certificateAuthority?: Certificate;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>")
   clientRequestToken?: string;
 

specification/awsconnector/EksNodegroup.Management/main.tsp

@@ -149,6 +149,7 @@ model LaunchTemplateSpecification {
 #suppress "@azure-tools/typespec-client-generator-core/property-name-conflict" "AWSConnector will not generate SDK. So, supressing this error"
 @doc("Definition of RemoteAccess")
 model RemoteAccess {
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("Property ec2SshKey")
   ec2SshKey?: string;
 
@@ -181,6 +182,7 @@ model Taint {
   @doc("Property effect")
   effect?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("Property key")
   key?: string;
 

specification/awsconnector/ElasticLoadBalancingV2Listener.Management/main.tsp

@@ -206,6 +206,7 @@ model AuthenticateOidcConfig {
   @doc("The OAuth 2.0 client identifier.")
   clientId?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set ``UseExistingClientSecret`` to true.")
   clientSecret?: string;
 

specification/awsconnector/EmrCluster.Management/main.tsp

@@ -317,15 +317,18 @@ model Ec2InstanceAttributes {
 #suppress "@azure-tools/typespec-client-generator-core/property-name-conflict" "AWSConnector will not generate SDK. So, supressing this error"
 @doc("Definition of KerberosAttributes")
 model KerberosAttributes {
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("<p>The Active Directory password for <code>ADDomainJoinUser</code>.</p>")
   adDomainJoinPassword?: string;
 
   @doc("<p>Required only when establishing a cross-realm trust with an Active Directory domain. A user with sufficient privileges to join resources to the domain.</p>")
   adDomainJoinUser?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("<p>Required only when establishing a cross-realm trust with a KDC in a different realm. The cross-realm principal password, which must be identical across realms.</p>")
   crossRealmTrustPrincipalPassword?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("<p>The password used within the cluster for the kadmin service on the cluster-dedicated KDC, which maintains Kerberos principals, password policies, and keytabs for the cluster.</p>")
   kdcAdminPassword?: string;
 

specification/awsconnector/IamServerCertificate.Management/main.tsp

@@ -77,6 +77,7 @@ model AwsIamServerCertificateProperties {
   @doc("Property path")
   path?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("Property privateKey")
   privateKey?: string;
 

specification/awsconnector/LambdaFunction.Management/main.tsp

@@ -172,6 +172,7 @@ model Code {
   @doc("An Amazon S3 bucket in the same AWS-Region as your function. The bucket can be in a different AWS-account.")
   s3Bucket?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("The Amazon S3 key of the deployment package.")
   s3Key?: string;
 

specification/awsconnector/MacieAllowList.Management/main.tsp

@@ -152,6 +152,7 @@ model S3WordsList {
   @doc("Property bucketName")
   bucketName?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("Property objectKey")
   objectKey?: string;
 }

specification/awsconnector/OpenSearchDomainStatus.Management/main.tsp

@@ -1089,12 +1089,14 @@ model SAMLOptionsOutput {
   @doc("<p>Describes the SAML identity provider's information.</p>")
   idp?: SAMLIdp;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("<p>The key used for matching the SAML roles attribute.</p>")
   rolesKey?: string;
 
   @doc("<p>The duration, in minutes, after which a user session becomes inactive.</p>")
   sessionTimeoutMinutes?: int32;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("<p>The key used for matching the SAML subject attribute.</p>")
   subjectKey?: string;
 }

specification/awsconnector/RdsDBCluster.Management/main.tsp

@@ -160,6 +160,7 @@ model AwsRdsDBClusterProperties {
   @doc("A value that indicates whether to manage the master user password with AWS Secrets Manager.")
   manageMasterUserPassword?: boolean;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("The master password for the DB instance.")
   masterUserPassword?: string;
 

specification/awsconnector/RdsDBInstance.Management/main.tsp

@@ -202,6 +202,7 @@ model AwsRdsDBInstanceProperties {
   @doc("Specifies whether to manage the master user password with AWS Secrets Manager. For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.*  Constraints:  +  Can't manage the master user password with AWS Secrets Manager if ``MasterUserPassword`` is specified.")
   manageMasterUserPassword?: boolean;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("The password for the master user. The password can include any printable ASCII character except '/', ''', or '@'.  *Amazon Aurora*  Not applicable. The password for the master user is managed by the DB cluster.  *RDS for Db2*  Must contain from 8 to 255 characters.  *RDS for MariaDB*  Constraints: Must contain from 8 to 41 characters.  *RDS for Microsoft SQL Server*  Constraints: Must contain from 8 to 128 characters.  *RDS for MySQL*  Constraints: Must contain from 8 to 41 characters.  *RDS for Oracle*  Constraints: Must contain from 8 to 30 characters.  *RDS for PostgreSQL*  Constraints: Must contain from 8 to 128 characters.")
   masterUserPassword?: string;
 
@@ -294,6 +295,7 @@ model AwsRdsDBInstanceProperties {
   @doc("Property tdeCredentialArn")
   tdeCredentialArn?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("Property tdeCredentialPassword")
   tdeCredentialPassword?: string;
 

specification/awsconnector/RedshiftCluster.Management/main.tsp

@@ -170,6 +170,7 @@ model AwsRedshiftClusterProperties {
   @doc("The ID of the Key Management Service (KMS) key used to encrypt and store the cluster's admin user credentials secret.")
   masterPasswordSecretKmsKeyId?: string;
 
+  #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason"
   @doc("The password associated with the master user account for the cluster that is being created. You can't use MasterUserPassword if ManageMasterPassword is true. Password must be between 8 and 64 characters in length, should have at least one uppercase letter.Must contain at least one lowercase letter.Must contain one number.Can be any printable ASCII character.")
   masterUserPassword?: string;