Upgrade front-door WAF policy commands to API version 2025-11-01#9804
Merged
necusjz merged 1 commit intoAzure:mainfrom Apr 21, 2026
Merged
Upgrade front-door WAF policy commands to API version 2025-11-01#9804necusjz merged 1 commit intoAzure:mainfrom
necusjz merged 1 commit intoAzure:mainfrom
Conversation
️✔️Azure CLI Extensions Breaking Change Test
|
Collaborator
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
Contributor
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
Contributor
CodeGen Tools Feedback CollectionThank you for using our CodeGen tool. We value your feedback, and we would like to know how we can improve our product. Please take a few minutes to fill our codegen survey |
Contributor
|
Hi @Ptnan7
|
github-actions
Bot
added
the
release-version-block
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the front-door Azure CLI extension’s Front Door WAF policy commands and tests to align with the Microsoft.Network API version 2025-11-01, including new managed-rules capabilities.
Changes:
- Bump extension version to
2.2.0and add release notes for the API upgrade. - Update AAZ-generated WAF policy + managed rule definition command implementations to
2025-11-01(includingexceptionsList, new enum values, and LRO polling changes). - Refresh scenario test recordings to match the updated API behavior and responses.
Reviewed changes
Copilot reviewed 14 out of 16 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/front-door/setup.py | Bumps extension version to 2.2.0. |
| src/front-door/HISTORY.rst | Adds 2.2.0 changelog entries for the API upgrade and new features. |
| src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rule_definition/_list.py | Updates managed rule set definition listing command to 2025-11-01. |
| src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_wait.py | Updates wait command schema/API version; adds managed-rules exceptions schema. |
| src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_update.py | Updates update command API version, enums, exceptionsList support, and LRO polling mode. |
| src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_show.py | Updates show command schema/API version; adds exceptionsList support. |
| src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_list.py | Updates list command API version and response schema; adds exceptionsList support. |
| src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_delete.py | Updates delete command API version and LRO polling mode; updates error format. |
| src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_create.py | Updates create command API version, enums, exceptionsList support, and LRO polling mode. |
| src/front-door/azext_front_door/tests/latest/recordings/test_waf_policy_managed_rules_sensitivity.yaml | Re-recorded interactions for managed rules sensitivity scenarios against 2025-11-01. |
| src/front-door/azext_front_door/tests/latest/recordings/test_waf_policy_managed_rules.yaml | Re-recorded interactions for managed rules scenarios against 2025-11-01. |
| src/front-door/azext_front_door/tests/latest/recordings/test_waf_log_scrubbing.yaml | Re-recorded interactions for log scrubbing scenarios against 2025-11-01. |
| src/front-door/azext_front_door/tests/latest/recordings/test_waf_exclusions.yaml | Re-recorded interactions for exclusions scenarios against 2025-11-01. |
| src/front-door/azext_front_door/tests/latest/recordings/test_waf_captcha.yaml | Re-recorded interactions for captcha scenarios against 2025-11-01. |
Comment on lines
+10
to
+12
| * Add `ManagedRuleSetException` support with `exceptionsList` in managed rules | ||
| * Add subscription-level WAF policy list | ||
| * LRO polling changed from azure-async-operation to location |
There was a problem hiding this comment.
The changelog entry says “Add subscription-level WAF policy list”, but the PR changes shown only update the existing resource-group scoped waf-policy list command (it still requires --resource-group). Please either adjust this bullet to describe the actual change, or include the missing subscription-scope list implementation in this PR.
Comment on lines
18
to
22
| """List all available managed rule sets. | ||
|
|
||
| :example: List Policies ManagedRuleSets in a Resource Group | ||
| az network front-door waf-policy managed-rule-definition list | ||
| """ |
There was a problem hiding this comment.
This example/help text is inconsistent with the command behavior: managed-rule-definition list has no resource-group parameter and lists managed rule sets (not policies). Please update the example description so it reflects subscription-scope listing of managed rule sets.
|
|
||
| :example: Update specific policy | ||
| az network front-door waf-policy update --resource-group rg1 --policy-name Policy1 --location WestUs --enabled-state Enabled --mode Prevention --redirect-url http://www.bing.com --custom-block-response-status-code 429 --custom-block-response-body PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg== --request-body-check Disabled --javascript-challenge-expiration-in-minutes 30 --captcha-expiration-in-minutes 30 --log-scrubbing "{state:Enabled,scrubbing-rules:[{match-variable:RequestIPAddress,selector-match-operator:EqualsAny,selector:null,state:Enabled}]}" --custom-rules "{rules:[{name:Rule1,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:IPMatch,match-value:[192.168.1.0/24,10.0.0.0/24]}],action:Block},{name:Rule2,priority:2,rule-type:MatchRule,match-conditions:[{match-variable:RemoteAddr,operator:GeoMatch,match-value:[CH]},{match-variable:RequestHeader,operator:Contains,selector:UserAgent,match-value:[windows],transforms:[Lowercase]}],action:Block},{name:Rule3,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:ServiceTagMatch,match-value:[AzureBackup,AzureBotService]}],action:CAPTCHA}]}" --managed-rules "{managed-rule-sets:[{rule-set-type:DefaultRuleSet,rule-set-version:1.0,rule-set-action:Block,exclusions:[{matchVariable:RequestHeaderNames,selectorMatchOperator:Equals,selector:User-Agent}],rule-group-overrides:[{rule-group-name:SQLI,exclusions:[{matchVariable:RequestCookieNames,selectorMatchOperator:StartsWith,selector:token}],rules:[{rule-id:942100,enabled-state:Enabled,action:Redirect,exclusions:[{matchVariable:QueryStringArgNames,selectorMatchOperator:Equals,selector:query}]},{rule-id:942110,enabled-state:Disabled}]}]},{rule-set-type:Microsoft_HTTPDDoSRuleSet,rule-set-version:1.0,rule-group-overrides:[{rule-group-name:ExcessiveRequests,rules:[{rule-id:500100,enabled-state:Enabled,action:Block,sensitivity:High}]}]}]}" --sku Premium_AzureFrontDoor | ||
| :example: Creates specific policy |
There was a problem hiding this comment.
The update command’s docstring/example header says “Creates specific policy”, which is misleading for an update operation. Please change it to “Updates …” (and ensure the example still matches the update semantics).
Suggested change
| :example: Creates specific policy | |
| :example: Updates specific policy |
necusjz
added
skip-cal-version
act-quality-productivity-squad
and removed
release-version-block
Member
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
Ptnan7
force-pushed
the
front-door-2025-11-01
branch
from
9f72ba8 to
29a8d9d
Compare
Member
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
necusjz
approved these changes
Apr 21, 2026
Collaborator
|
[Release] Update index.json for extension [ front-door-2.2.0 ] : https://dev.azure.com/msazure/One/_build/results?buildId=161166679&view=results |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This checklist is used to make sure that common guidelines for a pull request are followed.
Related command
General Guidelines
azdev style <YOUR_EXT>locally? (pip install azdevrequired)python scripts/ci/test_index.py -qlocally? (pip install wheel==0.30.0required)For new extensions:
About Extension Publish
There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update
src/index.jsonautomatically.You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify
src/index.json.