Skip to content

Add Front Door WAF managed rule exception commands#10062

Merged
necusjz merged 5 commits into
Azure:mainfrom
Ptnan7:frontdoor-waf-managed-rule-exceptions
Jul 2, 2026
Merged

Add Front Door WAF managed rule exception commands#10062
necusjz merged 5 commits into
Azure:mainfrom
Ptnan7:frontdoor-waf-managed-rule-exceptions

Conversation

@Ptnan7

@Ptnan7 Ptnan7 commented Jul 2, 2026

Copy link
Copy Markdown
Member

Summary:

  • Add generated Front Door WAF managed-rules exception add, list, and remove commands.
  • Add scenario coverage and recording for exception add/list/remove.

Related:

Validation:

  • azdev linter front-door -t command_groups commands params
  • azdev test test_waf_policy_managed_rules_exceptions --profile latest --discover
  • python -m py_compile extension\src\front-door\azext_front_door\tests\latest\test_waf_scenarios.py

Copilot AI review requested due to automatic review settings July 2, 2026 04:19
@azure-client-tools-bot-prd

azure-client-tools-bot-prd Bot commented Jul 2, 2026

Copy link
Copy Markdown
⚠️Azure CLI Extensions Breaking Change Test
⚠️front-door
rule cmd_name rule_message suggest_message
⚠️ 1011 - SubgroupAdd network front-door waf-policy managed-rules exception sub group network front-door waf-policy managed-rules exception added

@azure-client-tools-bot-prd

Copy link
Copy Markdown

Hi @Ptnan7,
Please write the description of changes which can be perceived by customers into HISTORY.rst.
If you want to release a new extension version, please update the version in setup.py as well.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds new Front Door WAF policy managed rule exception subcommands (generated AAZ) and validates them with a new end-to-end scenario test plus recording.

Changes:

  • Add generated az network front-door waf-policy managed-rules exception commands: add, list, remove, and wait.
  • Add a scenario test covering exception add/list/remove.
  • Add a new VCR recording for the scenario test.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
src/front-door/azext_front_door/tests/latest/test_waf_scenarios.py Adds a scenario test for managed rule exception add/list/remove.
src/front-door/azext_front_door/tests/latest/recordings/test_waf_policy_managed_rules_exceptions.yaml Adds the recorded HTTP interactions for the new scenario test.
src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_add.py Implements the generated exception add command and argument schema.
src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_list.py Implements the generated exception list command.
src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_remove.py Implements the generated exception remove command and LRO behavior.
src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_wait.py Implements the generated exception wait command.
src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/__cmd_group.py Registers the new exception command group.
src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/init.py Exposes the new exception command group modules.
src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/__cmd_group.py Registers the managed-rules command group (AAZ side).
src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/init.py Exposes the new managed-rules command group module.

Comment on lines +57 to +59
_args_schema.exception_index = AAZIntArg(
options=["--exception-index"],
)
Comment on lines +58 to +61
_args_schema.exception_index = AAZIntArg(
options=["--exception-index"],
required=True,
)
Comment on lines +18 to +19
"""Manage Exception
"""
Comment on lines +18 to +19
"""List Exception
"""
Comment on lines +18 to +19
"""Create Exception
"""
Comment on lines +19 to +20
"""Delete Exception
"""
@Ptnan7 Ptnan7 force-pushed the frontdoor-waf-managed-rule-exceptions branch from bc8f2f8 to 0ec535d Compare July 2, 2026 04:35
@Ptnan7

Ptnan7 commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

Updated to address CI linter findings: added help for --exception-index on generated add/remove commands and added --selector-operator as a shorter alias for --selector-match-operator.

Validation rerun:

  • azdev linter front-door -t help_entries command_groups commands params
  • azdev test test_waf_policy_managed_rules_exceptions --profile latest

@Ptnan7

Ptnan7 commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

Updated to address the Verify Extensions Index failure. The referenced aks_preview-21.0.0b8 wheel currently hashes to aa39868b5441c659afc11d069ef42bd48dbbd86d257058a76dfb552dc2748763, while src/index.json had the stale a57ebbc8241821e86168dca4066065bcb9fa13085d32eacc1aa26c4cc1aa4972 value.

I pushed a separate commit that updates only that digest in src/index.json.

Validation:

  • Downloaded https://azcliprod.blob.core.windows.net/cli-extensions/aks_preview-21.0.0b8-py2.py3-none-any.whl and verified SHA256 = aa39868b5441c659afc11d069ef42bd48dbbd86d257058a76dfb552dc2748763.
  • Started local scripts/ci/test_index.py -v; it was still running the full wheel sweep after several minutes, so I stopped it after confirming the failed checksum item directly.

@Ptnan7

Ptnan7 commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

Updated to address the diff-aware missing_command_example failure for network front-door waf-policy managed-rules exception add.

Changes:

  • Added an AAZ command example in Commands/network/front-door/waf-policy/managed-rules/exception/_add.md.
  • Regenerated the extension so _add.py includes the generated :example: docstring.

Validation:

  • AAZ markdown parser now reads the example from _add.md.
  • azdev linter front-door -t help_entries command_groups commands params passes.
  • azdev linter front-door --repo ./ --src frontdoor-waf-managed-rule-exceptions --tgt e144618cd9cb940f8e925157c14a523a0d9b060c --rules missing_command_example passes locally, though local azdev reports no commands selected for that diff-aware invocation.

@necusjz necusjz merged commit 9f26b0d into Azure:main Jul 2, 2026
24 checks passed
@azclibot

azclibot commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator

[Release] Update index.json for extension [ front-door-2.3.0 ] : https://dev.azure.com/msazure/One/_build/results?buildId=170669213&view=results

@yonzhan

yonzhan commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator

Front Door WAF

@Ptnan7 Ptnan7 deleted the frontdoor-waf-managed-rule-exceptions branch July 3, 2026 04:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants