Skip to content

Release Notes - v0.9.0 (Azure Full Support & Real-Time Enhancements)

Release Date: 2026-03-29 Status: Production Ready Breaking Changes: None

Major Release - Azure FullProvider & WebSocket v0.9.0

This release brings comprehensive Azure support to TFDrift-Falco, completing the multi-cloud trifecta (AWS + GCP + Azure). Azure now implements the full Provider interface including resource discovery and state comparison, alongside a new Azure Blob Storage Terraform backend and enhanced real-time WebSocket/SSE capabilities.

Highlights

  • Azure ResourceDiscoverer with 50+ ARM type mappings
  • Azure StateComparator with case-insensitive matching and tag filtering
  • Azure Blob Storage (azurerm) Terraform backend support
  • WebSocket provider-based filtering and new event types
  • Provider capabilities API endpoint

New Features

Azure Resource Discovery

Full Azure resource discovery through the ARM Resource Graph API with:

  • ResourceLister interface for testable Azure SDK abstraction
  • 50+ Azure ARM type mappings to Terraform resource types
  • Per-resource property extraction for VMs, VNets, Storage, AKS, SQL, KeyVault, and more
  • Subscription, region, and resource group scoping
  • Configurable via WithAzureSubscriptionID(), WithAzureRegions(), WithAzureResourceGroup()

Azure State Comparison

Comprehensive drift detection between Terraform state and actual Azure resources:

  • Three-way drift detection: unmanaged, missing, and modified resources
  • Name-based fallback matching for resources where ID format differs between Terraform and Azure
  • Case-insensitive comparison for Azure locations and resource names
  • Azure-managed tag filtering — automatically ignores hidden-* and ms-resource-usage tag prefixes
  • 25+ resource type field mappings for attribute comparison (VM size, SKU, location, etc.)

Azure Blob Storage Backend

New azurerm Terraform backend for reading state from Azure Blob Storage:

  • SAS token authentication
  • Access key authentication
  • Configurable storage account, container, and blob path
  • HTTP-based blob download (no Azure SDK dependency for state reading)

WebSocket Real-Time Updates (v0.9.0)

Enhanced real-time event streaming:

  • Provider-based filtering — clients can subscribe to events for specific providers only
  • New event types:
  • drift_result — full drift detection results
  • discovery_progress — resource discovery progress updates
  • provider_status — provider health and capability status
  • unmanaged_resource — individual unmanaged resource notifications
  • SSE stream automatically forwards all new event types

Provider Capabilities API

New REST endpoints for provider management:

  • GET /api/v1/providers — lists all registered providers with capabilities
  • GET /api/v1/providers/{name}/capabilities — detailed capabilities for a specific provider

Azure Event Parsing Refactor

  • Renamed AuditParser to ActivityParser for clarity (Azure uses "Activity Logs", not "Audit Logs")
  • Exported AWS CloudTrail event helpers for provider abstraction layer

Configuration

Azure Provider

providers:
  azure:
    enabled: true
    subscription_id: "your-subscription-id"
    regions:
      - eastus
      - westus2
    resource_group: ""  # optional: limit to specific resource group

Azure Blob Storage Backend

terraform:
  state:
    backend: azurerm
    azure_storage_account: "mystorageaccount"
    azure_container_name: "tfstate"
    azure_blob_name: "terraform.tfstate"
    azure_access_key: ""     # or use SAS token
    azure_sas_token: ""

Provider Interface

Azure now implements the full FullProvider interface:

var (
    _ Provider           = (*AzureProvider)(nil)
    _ ResourceDiscoverer = (*AzureProvider)(nil)
    _ StateComparator    = (*AzureProvider)(nil)
)
Capability AWS GCP Azure
Event Parsing Yes Yes Yes
Resource Mapping Yes Yes Yes
Discovery Yes Yes Yes
State Comparison Yes Yes Yes
Backend S3 GCS Blob

Testing

  • 12+ new Azure comparator tests
  • 6 new azurerm backend tests
  • All provider interface tests updated
  • Build verification: all packages compile
  • Pre-existing test failures (GCP dataproc, terraform approval) not introduced by this release

Files Changed

New Files

  • pkg/azure/discovery.go — Azure resource discovery client
  • pkg/azure/comparator.go — Azure state comparison
  • pkg/azure/comparator_test.go — 12+ comparator tests
  • pkg/terraform/backend/azurerm.go — Azure Blob Storage backend
  • pkg/terraform/backend/azurerm_test.go — Backend tests
  • pkg/api/handlers/providers.go — Provider capabilities API
  • pkg/falco/exported.go — Exported AWS event helpers

Modified Files

  • pkg/provider/azure.go — FullProvider implementation
  • pkg/config/config.go — Azure configuration
  • pkg/terraform/backend/factory.go — azurerm backend registration
  • pkg/api/broadcaster/broadcaster.go — New broadcast methods
  • pkg/api/websocket/client.go — Provider filtering
  • pkg/api/websocket/hub.go — Filter-aware broadcasting
  • pkg/api/websocket/handler.go — v0.9.0 welcome message
  • pkg/api/sse/stream.go — New event types

What's Next (v1.0.0 Preview)

  • Azure Activity Log Falco plugin integration
  • Cross-cloud drift correlation
  • Grafana dashboard for Azure resources
  • Policy-as-code integration for drift remediation