docs(security/azure): fix post-apply recipe (Consumption SKU)

[cristim]

Summary

Fixes the post-apply verification command in the security header comment of scheduled-tasks.tf. The original comment (added in PR #74) told operators to use az logicapp show, but that subcommand targets Logic Apps Standard (Microsoft.Web/sites with kind=workflowapp); these workflows are Consumption-tier (Microsoft.Logic/workflows via azurerm_logic_app_workflow). Running az logicapp show -n <wf> against one returns ResourceNotFound.

The replacement uses az resource show --resource-type Microsoft.Logic/workflows --api-version 2019-05-01, which:

• Works against the right SKU.
• Needs no az cli extension. (az logic workflow show does, and the logic extension can fail to install on Python 3.12+ azure-cli builds — the standard install path on macOS Homebrew today, which is exactly when an operator would reach for the post-apply check.)

Closes #183.

Scope

Comment-only — no resource, state, output, or runtime change. terraform fmt -check and terraform validate both clean (the pre-commit hooks ran them).

The two other surfaces called out in #183 (issue #50 "Steps to reproduce" and PR #74 "Test plan") are historical text — both will be addressed via corrective comments on those threads, not via code.

Test plan

• terraform fmt -check clean (pre-commit Terraform format passed).
• terraform validate clean (pre-commit Terraform validate passed).
• CodeRabbit review with no actionable findings.

Summary by CodeRabbit

• Documentation
  • Updated infrastructure documentation clarifications regarding CLI command usage for Azure Logic Apps resource inspection and environment compatibility notes.

[cristim]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6d6e85e5-6255-4a6f-9796-8e142187a2b8

📥 Commits

Reviewing files that changed from the base of the PR and between 6fa6357 and 4b5ecba.

📒 Files selected for processing (1)

• terraform/modules/compute/azure/container-apps/scheduled-tasks.tf

---

📝 Walkthrough

Walkthrough

This change corrects Azure CLI command references in Terraform documentation comments for post-apply verification of Logic Apps Consumption tier deployments. The comments are updated to recommend az logic workflow show or az resource show instead of az logicapp show, and note CLI extension requirements.

Changes

Cohort / File(s)	Summary
Documentation & Security Commentary terraform/modules/compute/azure/container-apps/scheduled-tasks.tf	Updated comments to specify correct az CLI commands for Consumption-tier Logic Apps verification, noting that az logicapp targets Standard SKU instead. Added explicit note about az logic workflow show requiring the logic CLI extension and potential environment compatibility issues. No Terraform resource logic modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested labels

triaged, priority/p2, severity/medium, impact/few, effort/s, type/security

Poem

🐰 A comment fix hops into view,
Swapping commands—old SKU for new,
From logicapp to resource we go,
Now operators won't stumble below!
Azure CLI blooms in the light. 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'docs(security/azure): fix post-apply recipe (Consumption SKU)' directly and accurately summarizes the main change: correcting documentation/security commentary for the post-apply verification recipe to target Logic Apps Consumption SKU instead of Standard SKU.
Linked Issues check	✅ Passed	The pull request fully addresses the primary coding requirement from issue #183: updating the post-apply verification command in the scheduled-tasks.tf header comment from 'az logicapp show' to 'az resource show --resource-type Microsoft.Logic/workflows' with proper documentation.
Out of Scope Changes check	✅ Passed	All changes are scope-limited to updating the security header comment in scheduled-tasks.tf to correct the post-apply verification recipe. No Terraform logic, resources, variables, or data flow were modified—only explanatory comment text.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/azure-post-apply-recipe

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}