Summary
Deprecate the SQL Data Sync related fluent APIs in azure-resourcemanager-sql, including (but not limited to):
com.azure.resourcemanager.sql.models.SqlSyncGroup (and its SqlSyncGroupOperations, SqlSyncGroupActionsDefinition)com.azure.resourcemanager.sql.models.SqlSyncMember (and its SqlSyncMemberOperations, SqlSyncMemberActionsDefinition)- Related entry points on
SqlDatabase (getSyncGroups(), syncGroups()).
Background
Azure SQL Data Sync is scheduled for retirement. In addition, SQL Data Sync only supports SQL authentication (static username/password) for connections to the hub and member databases — it does not support Microsoft Entra (Azure AD) authentication or managed identities. This conflicts with modern security guidance (MFA, Conditional Access, managed identities, password rotation policies).
Context: this was raised during PR review #49163 (comment), where tests for SqlSyncGroup / SqlSyncMember still require SQL authentication and could not be migrated to Entra-only authentication.
Proposed action
- Mark the SQL Data Sync related classes/methods listed above as
@Deprecated in azure-resourcemanager-sql, with Javadoc explaining:
- SQL Data Sync is scheduled for retirement by Azure.
- These APIs require SQL authentication and do not support Microsoft Entra ID / managed identity.
- Users should migrate to an alternative that aligns with their organization's security standards.
- Recommend alternatives in the Javadoc / changelog, such as:
- Azure SQL Managed Instance link feature or failover groups / geo-replication for HA/DR scenarios.
- Azure Data Factory / Synapse pipelines for data movement / replication scenarios.
- Change Data Capture (CDC) / Change Tracking combined with the above for incremental sync.
- Transactional replication for on-prem ⇄ Azure SQL DB scenarios.
- Update
CHANGELOG.md of azure-resourcemanager-sql to call out the deprecation and recommended alternatives.
- Add a comment to the existing tests (
SqlServerOperationsTests#canCRUDSqlSyncMember, etc.) noting that SQL Data Sync requires SQL authentication, which is why those tests cannot use Entra-only auth.
References
/cc @weidongxu-microsoft
Summary
Deprecate the SQL Data Sync related fluent APIs in
azure-resourcemanager-sql, including (but not limited to):com.azure.resourcemanager.sql.models.SqlSyncGroup(and itsSqlSyncGroupOperations,SqlSyncGroupActionsDefinition)com.azure.resourcemanager.sql.models.SqlSyncMember(and itsSqlSyncMemberOperations,SqlSyncMemberActionsDefinition)SqlDatabase(getSyncGroups(),syncGroups()).Background
Azure SQL Data Sync is scheduled for retirement. In addition, SQL Data Sync only supports SQL authentication (static username/password) for connections to the hub and member databases — it does not support Microsoft Entra (Azure AD) authentication or managed identities. This conflicts with modern security guidance (MFA, Conditional Access, managed identities, password rotation policies).
Context: this was raised during PR review #49163 (comment), where tests for
SqlSyncGroup/SqlSyncMemberstill require SQL authentication and could not be migrated to Entra-only authentication.Proposed action
@Deprecatedinazure-resourcemanager-sql, with Javadoc explaining:CHANGELOG.mdofazure-resourcemanager-sqlto call out the deprecation and recommended alternatives.SqlServerOperationsTests#canCRUDSqlSyncMember, etc.) noting that SQL Data Sync requires SQL authentication, which is why those tests cannot use Entra-only auth.References
/cc @weidongxu-microsoft