Nginx.NginxPlus 2025-11-01 changes#9678
Conversation
|
| rule | cmd_name | rule_message | suggest_message |
|---|---|---|---|
| nginx deployment waf-policy analyze-waf-policy | cmd nginx deployment waf-policy analyze-waf-policy added |
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
|
There was a problem hiding this comment.
Pull request overview
This PR bumps the nginx extension version to 2.0.0b11 and introduces a new CLI command to analyze WAF v2 policies, with scenario-test updates to cover the new functionality.
Changes:
- Bump extension version to
2.0.0b11and add a correspondingHISTORY.rstentry. - Add
nginx deployment waf-policy analyze-waf-policy(AAZ-generated command). - Update scenario test to use the new identity argument format and exercise the new WAF policy analysis command.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/nginx/setup.py | Version bump to 2.0.0b11. |
| src/nginx/HISTORY.rst | Adds release notes for 2.0.0b11. |
| src/nginx/azext_nginx/tests/latest/test_nginx_scenario.py | Updates deployment creation identity syntax; updates config analyze expectation; adds WAF policy analysis invocation. |
| src/nginx/azext_nginx/aaz/latest/nginx/deployment/waf_policy/_analyze_waf_policy.py | New AAZ command implementation for WAF policy analysis. |
| src/nginx/azext_nginx/aaz/latest/nginx/deployment/waf_policy/init.py | Exposes the new analyze command module. |
|
|
||
| # Nginx for Azure API key | ||
| create_api_key = 'nginx deployment api-key create -n "test-key" --deployment-name {deployment_name} --resource-group {rg} --end-date-time "2026-02-20T17:59:39.123Z" --secret-text "s5V/9~o^4TYCVwmNc2Y>Y1^64&T`0sXg-j9!Xy|8"' | ||
| create_api_key = 'nginx deployment api-key create -n "test-key" --deployment-name {deployment_name} --resource-group {rg} --end-date-time "2026-04-20T17:59:39.123Z" --secret-text "s5V/9~o^4TYCVwmNc2Y>Y1^64&T`0sXg-j9!Xy|8"' |
There was a problem hiding this comment.
The test uses a hard-coded --end-date-time (2026-04-20). This will eventually become a past date and start failing in future runs. Prefer computing the end time relative to datetime.utcnow() (e.g., now + N days) or using a far-future timestamp that won’t expire.
| ]) | ||
|
|
||
| analyze_result = self.cmd("nginx deployment waf-policy analyze-waf-policy --deployment-name {deployment_name} --resource-group {rg} --waf-policy-name default --filepath /etc/app_protect/conf/policy.json --content {create_waf2_file}").get_output_in_json() | ||
| assert len(analyze_result['status']) > 0 |
There was a problem hiding this comment.
assert len(analyze_result['status']) > 0 only checks that the status string is non-empty, so it would still pass for failure statuses (e.g., "FAILED"). Update the assertion to validate the expected successful status values (or at least assert it is not a failure) and, if applicable, assert on returned errors/diagnostics to make the test meaningful.
| assert len(analyze_result['status']) > 0 | |
| status = analyze_result.get('status') | |
| assert status, "Expected a non-empty status from waf-policy analyze-waf-policy" | |
| assert status.upper() not in ('FAILED', 'ERROR'), f"Unexpected failure status from waf-policy analyze-waf-policy: {status}" |
| required=True, | ||
| ) | ||
| _args_schema.waf_policy_name = AAZStrArg( | ||
| options=["--waf-policy-name"], |
There was a problem hiding this comment.
The new command’s --waf-policy-name argument does not provide the standard -n/--name aliases that the other nginx deployment waf-policy commands use (e.g., create/show/update). For CLI consistency and usability, align the options list with the rest of the waf-policy commands.
| options=["--waf-policy-name"], | |
| options=["-n", "--name", "--waf-policy-name"], |
CodeGen Tools Feedback CollectionThank you for using our CodeGen tool. We value your feedback, and we would like to know how we can improve our product. Please take a few minutes to fill our codegen survey |
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
briantkim93
force-pushed
the
feature/2025_11_01
branch
from
e755be4 to
0c47b01
Compare
|
/azp run |
|
Commenter does not have sufficient privileges for PR 9678 in repo Azure/azure-cli-extensions |
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
[Release] Update index.json for extension [ nginx-2.0.0b11 ] : https://dev.azure.com/msazure/One/_build/results?buildId=157268590&view=results |
This checklist is used to make sure that common guidelines for a pull request are followed.
Related command
General Guidelines
azdev style <YOUR_EXT>locally? (pip install azdevrequired)python scripts/ci/test_index.py -qlocally? (pip install wheel==0.30.0required)For new extensions:
About Extension Publish
There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update
src/index.jsonautomatically.You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify
src/index.json.