Upgrade front-door WAF policy commands to API version 2025-11-01

- Updated AAZ-generated code for waf-policy create/delete/list/show/update/wait
- Updated managed-rule-definition list
- New enum values: JA4 (MatchVariable), AsnMatch/ClientFingerprint (Operator)
- New ManagedRuleSetException model with exceptionsList support
- LRO final-state-via changed from azure-async-operation to location
- Updated test recordings

Author: JingnanXu

src/front-door/HISTORY.rst

@@ -3,6 +3,14 @@
 Release History
 ===============
 
+2.2.0
+++++++
+* Bump swagger version to 2025-11-01
+* Add new `JA4` match variable and `AsnMatch`/`ClientFingerprint` operators
+* Add `ManagedRuleSetException` support with `exceptionsList` in managed rules
+* Add subscription-level WAF policy list
+* LRO polling changed from azure-async-operation to location
+
 2.1.0
 ++++++
 * Add `--sensitivity` parameter to `az network front-door waf-policy managed-rules override add` for DDoS rule set support.

src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_create.py

@@ -22,9 +22,9 @@ class Delete(AAZCommand):
     """
 
     _aaz_info = {
-        "version": "2025-10-01",
+        "version": "2025-11-01",
         "resources": [
-            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-10-01"],
+            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-11-01"],
         ]
     }
 
@@ -84,7 +84,7 @@ def __call__(self, *args, **kwargs):
                     session,
                     self.on_200,
                     self.on_error,
-                    lro_options={"final-state-via": "azure-async-operation"},
+                    lro_options={"final-state-via": "location"},
                     path_format_arguments=self.url_parameters,
                 )
             if session.http_response.status_code in [200]:
@@ -93,7 +93,7 @@ def __call__(self, *args, **kwargs):
                     session,
                     self.on_200,
                     self.on_error,
-                    lro_options={"final-state-via": "azure-async-operation"},
+                    lro_options={"final-state-via": "location"},
                     path_format_arguments=self.url_parameters,
                 )
             if session.http_response.status_code in [204]:
@@ -102,7 +102,7 @@ def __call__(self, *args, **kwargs):
                     session,
                     self.on_204,
                     self.on_error,
-                    lro_options={"final-state-via": "azure-async-operation"},
+                    lro_options={"final-state-via": "location"},
                     path_format_arguments=self.url_parameters,
                 )
 
@@ -121,7 +121,7 @@ def method(self):
 
         @property
         def error_format(self):
-            return "MgmtErrorFormat"
+            return "ODataV4Format"
 
         @property
         def url_parameters(self):
@@ -145,7 +145,7 @@ def url_parameters(self):
         def query_parameters(self):
             parameters = {
                 **self.serialize_query_param(
-                    "api-version", "2025-10-01",
+                    "api-version", "2025-11-01",
                     required=True,
                 ),
             }

src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_delete.py

@@ -22,9 +22,9 @@ class List(AAZCommand):
     """
 
     _aaz_info = {
-        "version": "2025-10-01",
+        "version": "2025-11-01",
         "resources": [
-            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies", "2025-10-01"],
+            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies", "2025-11-01"],
         ]
     }
 
@@ -82,7 +82,7 @@ def __call__(self, *args, **kwargs):
         @property
         def url(self):
             return self.client.format_url(
-                "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies",
+                "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies",
                 **self.url_parameters
             )
 
@@ -112,7 +112,7 @@ def url_parameters(self):
         def query_parameters(self):
             parameters = {
                 **self.serialize_query_param(
-                    "api-version", "2025-10-01",
+                    "api-version", "2025-11-01",
                     required=True,
                 ),
             }
@@ -276,18 +276,86 @@ def _build_schema_on_200(cls):
             transforms.Element = AAZStrType()
 
             frontend_endpoint_links = cls._schema_on_200.value.Element.properties.frontend_endpoint_links
-            frontend_endpoint_links.Element = AAZObjectType(
-                flags={"read_only": True},
-            )
+            frontend_endpoint_links.Element = AAZObjectType()
 
             _element = cls._schema_on_200.value.Element.properties.frontend_endpoint_links.Element
             _element.id = AAZStrType()
 
             managed_rules = cls._schema_on_200.value.Element.properties.managed_rules
+            managed_rules.exceptions_list = AAZObjectType(
+                serialized_name="exceptionsList",
+            )
             managed_rules.managed_rule_sets = AAZListType(
                 serialized_name="managedRuleSets",
             )
 
+            exceptions_list = cls._schema_on_200.value.Element.properties.managed_rules.exceptions_list
+            exceptions_list.exceptions = AAZListType()
+
+            exceptions = cls._schema_on_200.value.Element.properties.managed_rules.exceptions_list.exceptions
+            exceptions.Element = AAZObjectType()
+
+            _element = cls._schema_on_200.value.Element.properties.managed_rules.exceptions_list.exceptions.Element
+            _element.match_values = AAZListType(
+                serialized_name="matchValues",
+                flags={"required": True},
+            )
+            _element.match_variable = AAZStrType(
+                serialized_name="matchVariable",
+                flags={"required": True},
+            )
+            _element.scopes = AAZListType(
+                flags={"required": True},
+            )
+            _element.selector = AAZStrType()
+            _element.selector_match_operator = AAZStrType(
+                serialized_name="selectorMatchOperator",
+            )
+            _element.value_match_operator = AAZStrType(
+                serialized_name="valueMatchOperator",
+                flags={"required": True},
+            )
+
+            match_values = cls._schema_on_200.value.Element.properties.managed_rules.exceptions_list.exceptions.Element.match_values
+            match_values.Element = AAZStrType()
+
+            scopes = cls._schema_on_200.value.Element.properties.managed_rules.exceptions_list.exceptions.Element.scopes
+            scopes.Element = AAZObjectType()
+
+            _element = cls._schema_on_200.value.Element.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element
+            _element.rule_group_scopes = AAZListType(
+                serialized_name="ruleGroupScopes",
+            )
+            _element.rule_set_type = AAZStrType(
+                serialized_name="ruleSetType",
+                flags={"required": True},
+            )
+            _element.rule_set_version = AAZStrType(
+                serialized_name="ruleSetVersion",
+                flags={"required": True},
+            )
+
+            rule_group_scopes = cls._schema_on_200.value.Element.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes
+            rule_group_scopes.Element = AAZObjectType()
+
+            _element = cls._schema_on_200.value.Element.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element
+            _element.rule_group_name = AAZStrType(
+                serialized_name="ruleGroupName",
+                flags={"required": True},
+            )
+            _element.rule_scopes = AAZListType(
+                serialized_name="ruleScopes",
+            )
+
+            rule_scopes = cls._schema_on_200.value.Element.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element.rule_scopes
+            rule_scopes.Element = AAZObjectType()
+
+            _element = cls._schema_on_200.value.Element.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element.rule_scopes.Element
+            _element.rule_id = AAZStrType(
+                serialized_name="ruleId",
+                flags={"required": True},
+            )
+
             managed_rule_sets = cls._schema_on_200.value.Element.properties.managed_rules.managed_rule_sets
             managed_rule_sets.Element = AAZObjectType()
 
@@ -396,17 +464,13 @@ def _build_schema_on_200(cls):
             _element.state = AAZStrType()
 
             routing_rule_links = cls._schema_on_200.value.Element.properties.routing_rule_links
-            routing_rule_links.Element = AAZObjectType(
-                flags={"read_only": True},
-            )
+            routing_rule_links.Element = AAZObjectType()
 
             _element = cls._schema_on_200.value.Element.properties.routing_rule_links.Element
             _element.id = AAZStrType()
 
             security_policy_links = cls._schema_on_200.value.Element.properties.security_policy_links
-            security_policy_links.Element = AAZObjectType(
-                flags={"read_only": True},
-            )
+            security_policy_links.Element = AAZObjectType()
 
             _element = cls._schema_on_200.value.Element.properties.security_policy_links.Element
             _element.id = AAZStrType()

src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_list.py

@@ -22,9 +22,9 @@ class Show(AAZCommand):
     """
 
     _aaz_info = {
-        "version": "2025-10-01",
+        "version": "2025-11-01",
         "resources": [
-            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-10-01"],
+            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-11-01"],
         ]
     }
 
@@ -123,7 +123,7 @@ def url_parameters(self):
         def query_parameters(self):
             parameters = {
                 **self.serialize_query_param(
-                    "api-version", "2025-10-01",
+                    "api-version", "2025-11-01",
                     required=True,
                 ),
             }
@@ -276,18 +276,86 @@ def _build_schema_on_200(cls):
             transforms.Element = AAZStrType()
 
             frontend_endpoint_links = cls._schema_on_200.properties.frontend_endpoint_links
-            frontend_endpoint_links.Element = AAZObjectType(
-                flags={"read_only": True},
-            )
+            frontend_endpoint_links.Element = AAZObjectType()
 
             _element = cls._schema_on_200.properties.frontend_endpoint_links.Element
             _element.id = AAZStrType()
 
             managed_rules = cls._schema_on_200.properties.managed_rules
+            managed_rules.exceptions_list = AAZObjectType(
+                serialized_name="exceptionsList",
+            )
             managed_rules.managed_rule_sets = AAZListType(
                 serialized_name="managedRuleSets",
             )
 
+            exceptions_list = cls._schema_on_200.properties.managed_rules.exceptions_list
+            exceptions_list.exceptions = AAZListType()
+
+            exceptions = cls._schema_on_200.properties.managed_rules.exceptions_list.exceptions
+            exceptions.Element = AAZObjectType()
+
+            _element = cls._schema_on_200.properties.managed_rules.exceptions_list.exceptions.Element
+            _element.match_values = AAZListType(
+                serialized_name="matchValues",
+                flags={"required": True},
+            )
+            _element.match_variable = AAZStrType(
+                serialized_name="matchVariable",
+                flags={"required": True},
+            )
+            _element.scopes = AAZListType(
+                flags={"required": True},
+            )
+            _element.selector = AAZStrType()
+            _element.selector_match_operator = AAZStrType(
+                serialized_name="selectorMatchOperator",
+            )
+            _element.value_match_operator = AAZStrType(
+                serialized_name="valueMatchOperator",
+                flags={"required": True},
+            )
+
+            match_values = cls._schema_on_200.properties.managed_rules.exceptions_list.exceptions.Element.match_values
+            match_values.Element = AAZStrType()
+
+            scopes = cls._schema_on_200.properties.managed_rules.exceptions_list.exceptions.Element.scopes
+            scopes.Element = AAZObjectType()
+
+            _element = cls._schema_on_200.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element
+            _element.rule_group_scopes = AAZListType(
+                serialized_name="ruleGroupScopes",
+            )
+            _element.rule_set_type = AAZStrType(
+                serialized_name="ruleSetType",
+                flags={"required": True},
+            )
+            _element.rule_set_version = AAZStrType(
+                serialized_name="ruleSetVersion",
+                flags={"required": True},
+            )
+
+            rule_group_scopes = cls._schema_on_200.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes
+            rule_group_scopes.Element = AAZObjectType()
+
+            _element = cls._schema_on_200.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element
+            _element.rule_group_name = AAZStrType(
+                serialized_name="ruleGroupName",
+                flags={"required": True},
+            )
+            _element.rule_scopes = AAZListType(
+                serialized_name="ruleScopes",
+            )
+
+            rule_scopes = cls._schema_on_200.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element.rule_scopes
+            rule_scopes.Element = AAZObjectType()
+
+            _element = cls._schema_on_200.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element.rule_scopes.Element
+            _element.rule_id = AAZStrType(
+                serialized_name="ruleId",
+                flags={"required": True},
+            )
+
             managed_rule_sets = cls._schema_on_200.properties.managed_rules.managed_rule_sets
             managed_rule_sets.Element = AAZObjectType()
 
@@ -396,17 +464,13 @@ def _build_schema_on_200(cls):
             _element.state = AAZStrType()
 
             routing_rule_links = cls._schema_on_200.properties.routing_rule_links
-            routing_rule_links.Element = AAZObjectType(
-                flags={"read_only": True},
-            )
+            routing_rule_links.Element = AAZObjectType()
 
             _element = cls._schema_on_200.properties.routing_rule_links.Element
             _element.id = AAZStrType()
 
             security_policy_links = cls._schema_on_200.properties.security_policy_links
-            security_policy_links.Element = AAZObjectType(
-                flags={"read_only": True},
-            )
+            security_policy_links.Element = AAZObjectType()
 
             _element = cls._schema_on_200.properties.security_policy_links.Element
             _element.id = AAZStrType()