From 0ec535d56a3210c2d026744d15e6b69f088e8050 Mon Sep 17 00:00:00 2001 From: JingnanXu Date: Thu, 2 Jul 2026 14:14:05 +1000 Subject: [PATCH 1/5] Add Front Door WAF managed rule exception commands --- .../waf_policy/managed_rules/__cmd_group.py | 23 + .../waf_policy/managed_rules/__init__.py | 11 + .../managed_rules/exception/__cmd_group.py | 23 + .../managed_rules/exception/__init__.py | 15 + .../managed_rules/exception/_add.py | 835 ++++++++++++++++++ .../managed_rules/exception/_list.py | 555 ++++++++++++ .../managed_rules/exception/_remove.py | 701 +++++++++++++++ .../managed_rules/exception/_wait.py | 543 ++++++++++++ ...t_waf_policy_managed_rules_exceptions.yaml | 560 ++++++++++++ .../tests/latest/test_waf_scenarios.py | 44 + 10 files changed, 3310 insertions(+) create mode 100644 src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/__cmd_group.py create mode 100644 src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/__init__.py create mode 100644 src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/__cmd_group.py create mode 100644 src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/__init__.py create mode 100644 src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_add.py create mode 100644 src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_list.py create mode 100644 src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_remove.py create mode 100644 src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_wait.py create mode 100644 src/front-door/azext_front_door/tests/latest/recordings/test_waf_policy_managed_rules_exceptions.yaml diff --git a/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/__cmd_group.py b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/__cmd_group.py new file mode 100644 index 00000000000..b85cbab7761 --- /dev/null +++ b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/__cmd_group.py @@ -0,0 +1,23 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command_group( + "network front-door waf-policy managed-rules", +) +class __CMDGroup(AAZCommandGroup): + """Manage Managed Rules + """ + pass + + +__all__ = ["__CMDGroup"] diff --git a/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/__init__.py b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/__init__.py new file mode 100644 index 00000000000..5a9d61963d6 --- /dev/null +++ b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/__init__.py @@ -0,0 +1,11 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from .__cmd_group import * diff --git a/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/__cmd_group.py b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/__cmd_group.py new file mode 100644 index 00000000000..5762dbe3b29 --- /dev/null +++ b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/__cmd_group.py @@ -0,0 +1,23 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command_group( + "network front-door waf-policy managed-rules exception", +) +class __CMDGroup(AAZCommandGroup): + """Manage Exception + """ + pass + + +__all__ = ["__CMDGroup"] diff --git a/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/__init__.py b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/__init__.py new file mode 100644 index 00000000000..d4895df0486 --- /dev/null +++ b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/__init__.py @@ -0,0 +1,15 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from .__cmd_group import * +from ._add import * +from ._list import * +from ._remove import * +from ._wait import * diff --git a/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_add.py b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_add.py new file mode 100644 index 00000000000..64bcf720099 --- /dev/null +++ b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_add.py @@ -0,0 +1,835 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network front-door waf-policy managed-rules exception add", +) +class Add(AAZCommand): + """Create Exception + """ + + _aaz_info = { + "version": "2025-11-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-11-01", "properties.managedRules.exceptionsList.exceptions[]"], + ] + } + + AZ_SUPPORT_NO_WAIT = True + + def _handler(self, command_args): + super()._handler(command_args) + self.SubresourceSelector(ctx=self.ctx, name="subresource") + return self.build_lro_poller(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.policy_name = AAZStrArg( + options=["--policy-name"], + help="The name of the Web Application Firewall Policy.", + required=True, + fmt=AAZStrArgFormat( + max_length=128, + ), + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.exception_index = AAZIntArg( + options=["--exception-index"], + help="Index of the exception. If omitted, the exception is appended.", + ) + + # define Arg Group "Parameters.properties.managedRules.exceptionsList.exceptions[]" + + _args_schema = cls._args_schema + _args_schema.match_values = AAZListArg( + options=["--match-values"], + arg_group="Parameters.properties.managedRules.exceptionsList.exceptions[]", + help="List of values to be matched with.", + required=True, + ) + _args_schema.match_variable = AAZStrArg( + options=["--match-variable"], + arg_group="Parameters.properties.managedRules.exceptionsList.exceptions[]", + help="The variable to be evaluated for excluding the request.", + required=True, + enum={"RequestHeaderNames": "RequestHeaderNames", "RequestUri": "RequestUri", "SocketAddr": "SocketAddr"}, + ) + _args_schema.scopes = AAZListArg( + options=["--scopes"], + arg_group="Parameters.properties.managedRules.exceptionsList.exceptions[]", + help="Scope(s) of the exception.", + required=True, + ) + _args_schema.selector = AAZStrArg( + options=["--selector"], + arg_group="Parameters.properties.managedRules.exceptionsList.exceptions[]", + help="When matchVariable is a collection, operator used to specify which elements in the collection this exception applies to. Currently supported only for RequestHeaderNames.", + ) + _args_schema.selector_match_operator = AAZStrArg( + options=["--selector-operator", "--selector-match-operator"], + arg_group="Parameters.properties.managedRules.exceptionsList.exceptions[]", + help="Comparison operator to apply to the selector when specifying which elements in the collection this exception applies to.", + enum={"Equals": "Equals"}, + ) + _args_schema.value_match_operator = AAZStrArg( + options=["--value-match-operator"], + arg_group="Parameters.properties.managedRules.exceptionsList.exceptions[]", + help="Comparison operator to apply to the value to be matched.", + required=True, + enum={"Contains": "Contains", "EndsWith": "EndsWith", "Equals": "Equals", "EqualsAny": "EqualsAny", "IPMatch": "IPMatch", "StartsWith": "StartsWith"}, + ) + + match_values = cls._args_schema.match_values + match_values.Element = AAZStrArg() + + scopes = cls._args_schema.scopes + scopes.Element = AAZObjectArg() + + _element = cls._args_schema.scopes.Element + _element.rule_group_scopes = AAZListArg( + options=["rule-group-scopes"], + help="List of rule group scopes.", + ) + _element.rule_set_type = AAZStrArg( + options=["rule-set-type"], + help="Defines the rule set type. Examples: DefaultRuleSet, Microsoft_DefaultRuleSet, Microsoft_BotManagerRuleSet, Microsoft_HTTPDDoSRuleSet, BotProtection", + required=True, + ) + _element.rule_set_version = AAZStrArg( + options=["rule-set-version"], + help="Defines the version of the rule set.", + required=True, + ) + + rule_group_scopes = cls._args_schema.scopes.Element.rule_group_scopes + rule_group_scopes.Element = AAZObjectArg() + + _element = cls._args_schema.scopes.Element.rule_group_scopes.Element + _element.rule_group_name = AAZStrArg( + options=["rule-group-name"], + help="Defines the rule group name.", + required=True, + ) + _element.rule_scopes = AAZListArg( + options=["rule-scopes"], + help="List of rule scopes.", + ) + + rule_scopes = cls._args_schema.scopes.Element.rule_group_scopes.Element.rule_scopes + rule_scopes.Element = AAZObjectArg() + + _element = cls._args_schema.scopes.Element.rule_group_scopes.Element.rule_scopes.Element + _element.rule_id = AAZStrArg( + options=["rule-id"], + help="Defines the rule id.", + required=True, + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.PoliciesGet(ctx=self.ctx)() + self.pre_instance_create() + self.InstanceCreateByJson(ctx=self.ctx)() + self.post_instance_create(self.ctx.selectors.subresource.get()) + yield self.PoliciesCreateOrUpdate(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + @register_callback + def pre_instance_create(self): + pass + + @register_callback + def post_instance_create(self, instance): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.selectors.subresource.get(), client_flatten=True) + return result + + class SubresourceSelector(AAZJsonSelector): + + def _get(self): + result = self.ctx.vars.instance + result = result.properties.managedRules.exceptionsList.exceptions + filters = enumerate(result) + filters = filter( + lambda e: e[0] == self.ctx.args.exception_index, + filters + ) + idx = next(filters)[0] + return result[idx] + + def _set(self, value): + result = self.ctx.vars.instance + result = result.properties.managedRules.exceptionsList.exceptions + filters = enumerate(result) + filters = filter( + lambda e: e[0] == self.ctx.args.exception_index, + filters + ) + idx = next(filters, [len(result)])[0] + self.ctx.args.exception_index = idx + result[idx] = value + return + + class PoliciesGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "policyName", self.ctx.args.policy_name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2025-11-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + _AddHelper._build_schema_web_application_firewall_policy_read(cls._schema_on_200) + + return cls._schema_on_200 + + class PoliciesCreateOrUpdate(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [202]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200_201, + self.on_error, + lro_options={"final-state-via": "location"}, + path_format_arguments=self.url_parameters, + ) + if session.http_response.status_code in [200, 201]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200_201, + self.on_error, + lro_options={"final-state-via": "location"}, + path_format_arguments=self.url_parameters, + ) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}", + **self.url_parameters + ) + + @property + def method(self): + return "PUT" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "policyName", self.ctx.args.policy_name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2025-11-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Content-Type", "application/json", + ), + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + @property + def content(self): + _content_value, _builder = self.new_content_builder( + self.ctx.args, + value=self.ctx.vars.instance, + ) + + return self.serialize_content(_content_value) + + def on_200_201(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200_201 + ) + + _schema_on_200_201 = None + + @classmethod + def _build_schema_on_200_201(cls): + if cls._schema_on_200_201 is not None: + return cls._schema_on_200_201 + + cls._schema_on_200_201 = AAZObjectType() + _AddHelper._build_schema_web_application_firewall_policy_read(cls._schema_on_200_201) + + return cls._schema_on_200_201 + + class InstanceCreateByJson(AAZJsonInstanceCreateOperation): + + def __call__(self, *args, **kwargs): + self.ctx.selectors.subresource.set(self._create_instance()) + + def _create_instance(self): + _instance_value, _builder = self.new_content_builder( + self.ctx.args, + typ=AAZObjectType + ) + _builder.set_prop("matchValues", AAZListType, ".match_values", typ_kwargs={"flags": {"required": True}}) + _builder.set_prop("matchVariable", AAZStrType, ".match_variable", typ_kwargs={"flags": {"required": True}}) + _builder.set_prop("scopes", AAZListType, ".scopes", typ_kwargs={"flags": {"required": True}}) + _builder.set_prop("selector", AAZStrType, ".selector") + _builder.set_prop("selectorMatchOperator", AAZStrType, ".selector_match_operator") + _builder.set_prop("valueMatchOperator", AAZStrType, ".value_match_operator", typ_kwargs={"flags": {"required": True}}) + + match_values = _builder.get(".matchValues") + if match_values is not None: + match_values.set_elements(AAZStrType, ".") + + scopes = _builder.get(".scopes") + if scopes is not None: + scopes.set_elements(AAZObjectType, ".") + + _elements = _builder.get(".scopes[]") + if _elements is not None: + _elements.set_prop("ruleGroupScopes", AAZListType, ".rule_group_scopes") + _elements.set_prop("ruleSetType", AAZStrType, ".rule_set_type", typ_kwargs={"flags": {"required": True}}) + _elements.set_prop("ruleSetVersion", AAZStrType, ".rule_set_version", typ_kwargs={"flags": {"required": True}}) + + rule_group_scopes = _builder.get(".scopes[].ruleGroupScopes") + if rule_group_scopes is not None: + rule_group_scopes.set_elements(AAZObjectType, ".") + + _elements = _builder.get(".scopes[].ruleGroupScopes[]") + if _elements is not None: + _elements.set_prop("ruleGroupName", AAZStrType, ".rule_group_name", typ_kwargs={"flags": {"required": True}}) + _elements.set_prop("ruleScopes", AAZListType, ".rule_scopes") + + rule_scopes = _builder.get(".scopes[].ruleGroupScopes[].ruleScopes") + if rule_scopes is not None: + rule_scopes.set_elements(AAZObjectType, ".") + + _elements = _builder.get(".scopes[].ruleGroupScopes[].ruleScopes[]") + if _elements is not None: + _elements.set_prop("ruleId", AAZStrType, ".rule_id", typ_kwargs={"flags": {"required": True}}) + + return _instance_value + + +class _AddHelper: + """Helper class for Add""" + + _schema_managed_rule_exclusion_read = None + + @classmethod + def _build_schema_managed_rule_exclusion_read(cls, _schema): + if cls._schema_managed_rule_exclusion_read is not None: + _schema.match_variable = cls._schema_managed_rule_exclusion_read.match_variable + _schema.selector = cls._schema_managed_rule_exclusion_read.selector + _schema.selector_match_operator = cls._schema_managed_rule_exclusion_read.selector_match_operator + return + + cls._schema_managed_rule_exclusion_read = _schema_managed_rule_exclusion_read = AAZObjectType() + + managed_rule_exclusion_read = _schema_managed_rule_exclusion_read + managed_rule_exclusion_read.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + managed_rule_exclusion_read.selector = AAZStrType( + flags={"required": True}, + ) + managed_rule_exclusion_read.selector_match_operator = AAZStrType( + serialized_name="selectorMatchOperator", + flags={"required": True}, + ) + + _schema.match_variable = cls._schema_managed_rule_exclusion_read.match_variable + _schema.selector = cls._schema_managed_rule_exclusion_read.selector + _schema.selector_match_operator = cls._schema_managed_rule_exclusion_read.selector_match_operator + + _schema_web_application_firewall_policy_read = None + + @classmethod + def _build_schema_web_application_firewall_policy_read(cls, _schema): + if cls._schema_web_application_firewall_policy_read is not None: + _schema.etag = cls._schema_web_application_firewall_policy_read.etag + _schema.id = cls._schema_web_application_firewall_policy_read.id + _schema.location = cls._schema_web_application_firewall_policy_read.location + _schema.name = cls._schema_web_application_firewall_policy_read.name + _schema.properties = cls._schema_web_application_firewall_policy_read.properties + _schema.sku = cls._schema_web_application_firewall_policy_read.sku + _schema.tags = cls._schema_web_application_firewall_policy_read.tags + _schema.type = cls._schema_web_application_firewall_policy_read.type + return + + cls._schema_web_application_firewall_policy_read = _schema_web_application_firewall_policy_read = AAZObjectType() + + web_application_firewall_policy_read = _schema_web_application_firewall_policy_read + web_application_firewall_policy_read.etag = AAZStrType() + web_application_firewall_policy_read.id = AAZStrType( + flags={"read_only": True}, + ) + web_application_firewall_policy_read.location = AAZStrType() + web_application_firewall_policy_read.name = AAZStrType( + flags={"read_only": True}, + ) + web_application_firewall_policy_read.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + web_application_firewall_policy_read.sku = AAZObjectType() + web_application_firewall_policy_read.tags = AAZDictType() + web_application_firewall_policy_read.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = _schema_web_application_firewall_policy_read.properties + properties.custom_rules = AAZObjectType( + serialized_name="customRules", + ) + properties.frontend_endpoint_links = AAZListType( + serialized_name="frontendEndpointLinks", + flags={"read_only": True}, + ) + properties.managed_rules = AAZObjectType( + serialized_name="managedRules", + ) + properties.policy_settings = AAZObjectType( + serialized_name="policySettings", + ) + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.resource_state = AAZStrType( + serialized_name="resourceState", + flags={"read_only": True}, + ) + properties.routing_rule_links = AAZListType( + serialized_name="routingRuleLinks", + flags={"read_only": True}, + ) + properties.security_policy_links = AAZListType( + serialized_name="securityPolicyLinks", + flags={"read_only": True}, + ) + + custom_rules = _schema_web_application_firewall_policy_read.properties.custom_rules + custom_rules.rules = AAZListType() + + rules = _schema_web_application_firewall_policy_read.properties.custom_rules.rules + rules.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element + _element.action = AAZStrType( + flags={"required": True}, + ) + _element.enabled_state = AAZStrType( + serialized_name="enabledState", + ) + _element.group_by = AAZListType( + serialized_name="groupBy", + ) + _element.match_conditions = AAZListType( + serialized_name="matchConditions", + flags={"required": True}, + ) + _element.name = AAZStrType() + _element.priority = AAZIntType( + flags={"required": True}, + ) + _element.rate_limit_duration_in_minutes = AAZIntType( + serialized_name="rateLimitDurationInMinutes", + ) + _element.rate_limit_threshold = AAZIntType( + serialized_name="rateLimitThreshold", + ) + _element.rule_type = AAZStrType( + serialized_name="ruleType", + flags={"required": True}, + ) + + group_by = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.group_by + group_by.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.group_by.Element + _element.variable_name = AAZStrType( + serialized_name="variableName", + flags={"required": True}, + ) + + match_conditions = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions + match_conditions.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions.Element + _element.match_value = AAZListType( + serialized_name="matchValue", + flags={"required": True}, + ) + _element.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + _element.negate_condition = AAZBoolType( + serialized_name="negateCondition", + ) + _element.operator = AAZStrType( + flags={"required": True}, + ) + _element.selector = AAZStrType() + _element.transforms = AAZListType() + + match_value = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions.Element.match_value + match_value.Element = AAZStrType() + + transforms = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions.Element.transforms + transforms.Element = AAZStrType() + + frontend_endpoint_links = _schema_web_application_firewall_policy_read.properties.frontend_endpoint_links + frontend_endpoint_links.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.frontend_endpoint_links.Element + _element.id = AAZStrType() + + managed_rules = _schema_web_application_firewall_policy_read.properties.managed_rules + managed_rules.exceptions_list = AAZObjectType( + serialized_name="exceptionsList", + ) + managed_rules.managed_rule_sets = AAZListType( + serialized_name="managedRuleSets", + ) + + exceptions_list = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list + exceptions_list.exceptions = AAZListType() + + exceptions = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions + exceptions.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element + _element.match_values = AAZListType( + serialized_name="matchValues", + flags={"required": True}, + ) + _element.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + _element.scopes = AAZListType( + flags={"required": True}, + ) + _element.selector = AAZStrType() + _element.selector_match_operator = AAZStrType( + serialized_name="selectorMatchOperator", + ) + _element.value_match_operator = AAZStrType( + serialized_name="valueMatchOperator", + flags={"required": True}, + ) + + match_values = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.match_values + match_values.Element = AAZStrType() + + scopes = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes + scopes.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element + _element.rule_group_scopes = AAZListType( + serialized_name="ruleGroupScopes", + ) + _element.rule_set_type = AAZStrType( + serialized_name="ruleSetType", + flags={"required": True}, + ) + _element.rule_set_version = AAZStrType( + serialized_name="ruleSetVersion", + flags={"required": True}, + ) + + rule_group_scopes = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes + rule_group_scopes.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element + _element.rule_group_name = AAZStrType( + serialized_name="ruleGroupName", + flags={"required": True}, + ) + _element.rule_scopes = AAZListType( + serialized_name="ruleScopes", + ) + + rule_scopes = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element.rule_scopes + rule_scopes.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element.rule_scopes.Element + _element.rule_id = AAZStrType( + serialized_name="ruleId", + flags={"required": True}, + ) + + managed_rule_sets = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets + managed_rule_sets.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element + _element.exclusions = AAZListType() + _element.rule_group_overrides = AAZListType( + serialized_name="ruleGroupOverrides", + ) + _element.rule_set_action = AAZStrType( + serialized_name="ruleSetAction", + ) + _element.rule_set_type = AAZStrType( + serialized_name="ruleSetType", + flags={"required": True}, + ) + _element.rule_set_version = AAZStrType( + serialized_name="ruleSetVersion", + flags={"required": True}, + ) + + exclusions = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.exclusions + exclusions.Element = AAZObjectType() + cls._build_schema_managed_rule_exclusion_read(exclusions.Element) + + rule_group_overrides = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides + rule_group_overrides.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element + _element.exclusions = AAZListType() + _element.rule_group_name = AAZStrType( + serialized_name="ruleGroupName", + flags={"required": True}, + ) + _element.rules = AAZListType() + + exclusions = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.exclusions + exclusions.Element = AAZObjectType() + cls._build_schema_managed_rule_exclusion_read(exclusions.Element) + + rules = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.rules + rules.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.rules.Element + _element.action = AAZStrType() + _element.enabled_state = AAZStrType( + serialized_name="enabledState", + ) + _element.exclusions = AAZListType() + _element.rule_id = AAZStrType( + serialized_name="ruleId", + flags={"required": True}, + ) + _element.sensitivity = AAZStrType() + + exclusions = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.rules.Element.exclusions + exclusions.Element = AAZObjectType() + cls._build_schema_managed_rule_exclusion_read(exclusions.Element) + + policy_settings = _schema_web_application_firewall_policy_read.properties.policy_settings + policy_settings.captcha_expiration_in_minutes = AAZIntType( + serialized_name="captchaExpirationInMinutes", + ) + policy_settings.custom_block_response_body = AAZStrType( + serialized_name="customBlockResponseBody", + ) + policy_settings.custom_block_response_status_code = AAZIntType( + serialized_name="customBlockResponseStatusCode", + ) + policy_settings.enabled_state = AAZStrType( + serialized_name="enabledState", + ) + policy_settings.javascript_challenge_expiration_in_minutes = AAZIntType( + serialized_name="javascriptChallengeExpirationInMinutes", + ) + policy_settings.log_scrubbing = AAZObjectType( + serialized_name="logScrubbing", + flags={"client_flatten": True}, + ) + policy_settings.mode = AAZStrType() + policy_settings.redirect_url = AAZStrType( + serialized_name="redirectUrl", + ) + policy_settings.request_body_check = AAZStrType( + serialized_name="requestBodyCheck", + ) + + log_scrubbing = _schema_web_application_firewall_policy_read.properties.policy_settings.log_scrubbing + log_scrubbing.scrubbing_rules = AAZListType( + serialized_name="scrubbingRules", + ) + log_scrubbing.state = AAZStrType() + + scrubbing_rules = _schema_web_application_firewall_policy_read.properties.policy_settings.log_scrubbing.scrubbing_rules + scrubbing_rules.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.policy_settings.log_scrubbing.scrubbing_rules.Element + _element.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + _element.selector = AAZStrType() + _element.selector_match_operator = AAZStrType( + serialized_name="selectorMatchOperator", + flags={"required": True}, + ) + _element.state = AAZStrType() + + routing_rule_links = _schema_web_application_firewall_policy_read.properties.routing_rule_links + routing_rule_links.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.routing_rule_links.Element + _element.id = AAZStrType() + + security_policy_links = _schema_web_application_firewall_policy_read.properties.security_policy_links + security_policy_links.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.security_policy_links.Element + _element.id = AAZStrType() + + sku = _schema_web_application_firewall_policy_read.sku + sku.name = AAZStrType() + + tags = _schema_web_application_firewall_policy_read.tags + tags.Element = AAZStrType() + + _schema.etag = cls._schema_web_application_firewall_policy_read.etag + _schema.id = cls._schema_web_application_firewall_policy_read.id + _schema.location = cls._schema_web_application_firewall_policy_read.location + _schema.name = cls._schema_web_application_firewall_policy_read.name + _schema.properties = cls._schema_web_application_firewall_policy_read.properties + _schema.sku = cls._schema_web_application_firewall_policy_read.sku + _schema.tags = cls._schema_web_application_firewall_policy_read.tags + _schema.type = cls._schema_web_application_firewall_policy_read.type + + +__all__ = ["Add"] diff --git a/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_list.py b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_list.py new file mode 100644 index 00000000000..22ad7a7c8c0 --- /dev/null +++ b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_list.py @@ -0,0 +1,555 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network front-door waf-policy managed-rules exception list", +) +class List(AAZCommand): + """List Exception + """ + + _aaz_info = { + "version": "2025-11-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-11-01", "properties.managedRules.exceptionsList.exceptions"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self.SubresourceSelector(ctx=self.ctx, name="subresource") + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.policy_name = AAZStrArg( + options=["--policy-name"], + help="The name of the Web Application Firewall Policy.", + required=True, + fmt=AAZStrArgFormat( + max_length=128, + ), + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.PoliciesGet(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.selectors.subresource.get(), client_flatten=True) + return result + + class SubresourceSelector(AAZJsonSelector): + + def _get(self): + result = self.ctx.vars.instance + return result.properties.managedRules.exceptionsList.exceptions + + def _set(self, value): + result = self.ctx.vars.instance + result.properties.managedRules.exceptionsList.exceptions = value + return + + class PoliciesGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "policyName", self.ctx.args.policy_name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2025-11-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + _ListHelper._build_schema_web_application_firewall_policy_read(cls._schema_on_200) + + return cls._schema_on_200 + + +class _ListHelper: + """Helper class for List""" + + _schema_managed_rule_exclusion_read = None + + @classmethod + def _build_schema_managed_rule_exclusion_read(cls, _schema): + if cls._schema_managed_rule_exclusion_read is not None: + _schema.match_variable = cls._schema_managed_rule_exclusion_read.match_variable + _schema.selector = cls._schema_managed_rule_exclusion_read.selector + _schema.selector_match_operator = cls._schema_managed_rule_exclusion_read.selector_match_operator + return + + cls._schema_managed_rule_exclusion_read = _schema_managed_rule_exclusion_read = AAZObjectType() + + managed_rule_exclusion_read = _schema_managed_rule_exclusion_read + managed_rule_exclusion_read.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + managed_rule_exclusion_read.selector = AAZStrType( + flags={"required": True}, + ) + managed_rule_exclusion_read.selector_match_operator = AAZStrType( + serialized_name="selectorMatchOperator", + flags={"required": True}, + ) + + _schema.match_variable = cls._schema_managed_rule_exclusion_read.match_variable + _schema.selector = cls._schema_managed_rule_exclusion_read.selector + _schema.selector_match_operator = cls._schema_managed_rule_exclusion_read.selector_match_operator + + _schema_web_application_firewall_policy_read = None + + @classmethod + def _build_schema_web_application_firewall_policy_read(cls, _schema): + if cls._schema_web_application_firewall_policy_read is not None: + _schema.etag = cls._schema_web_application_firewall_policy_read.etag + _schema.id = cls._schema_web_application_firewall_policy_read.id + _schema.location = cls._schema_web_application_firewall_policy_read.location + _schema.name = cls._schema_web_application_firewall_policy_read.name + _schema.properties = cls._schema_web_application_firewall_policy_read.properties + _schema.sku = cls._schema_web_application_firewall_policy_read.sku + _schema.tags = cls._schema_web_application_firewall_policy_read.tags + _schema.type = cls._schema_web_application_firewall_policy_read.type + return + + cls._schema_web_application_firewall_policy_read = _schema_web_application_firewall_policy_read = AAZObjectType() + + web_application_firewall_policy_read = _schema_web_application_firewall_policy_read + web_application_firewall_policy_read.etag = AAZStrType() + web_application_firewall_policy_read.id = AAZStrType( + flags={"read_only": True}, + ) + web_application_firewall_policy_read.location = AAZStrType() + web_application_firewall_policy_read.name = AAZStrType( + flags={"read_only": True}, + ) + web_application_firewall_policy_read.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + web_application_firewall_policy_read.sku = AAZObjectType() + web_application_firewall_policy_read.tags = AAZDictType() + web_application_firewall_policy_read.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = _schema_web_application_firewall_policy_read.properties + properties.custom_rules = AAZObjectType( + serialized_name="customRules", + ) + properties.frontend_endpoint_links = AAZListType( + serialized_name="frontendEndpointLinks", + flags={"read_only": True}, + ) + properties.managed_rules = AAZObjectType( + serialized_name="managedRules", + ) + properties.policy_settings = AAZObjectType( + serialized_name="policySettings", + ) + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.resource_state = AAZStrType( + serialized_name="resourceState", + flags={"read_only": True}, + ) + properties.routing_rule_links = AAZListType( + serialized_name="routingRuleLinks", + flags={"read_only": True}, + ) + properties.security_policy_links = AAZListType( + serialized_name="securityPolicyLinks", + flags={"read_only": True}, + ) + + custom_rules = _schema_web_application_firewall_policy_read.properties.custom_rules + custom_rules.rules = AAZListType() + + rules = _schema_web_application_firewall_policy_read.properties.custom_rules.rules + rules.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element + _element.action = AAZStrType( + flags={"required": True}, + ) + _element.enabled_state = AAZStrType( + serialized_name="enabledState", + ) + _element.group_by = AAZListType( + serialized_name="groupBy", + ) + _element.match_conditions = AAZListType( + serialized_name="matchConditions", + flags={"required": True}, + ) + _element.name = AAZStrType() + _element.priority = AAZIntType( + flags={"required": True}, + ) + _element.rate_limit_duration_in_minutes = AAZIntType( + serialized_name="rateLimitDurationInMinutes", + ) + _element.rate_limit_threshold = AAZIntType( + serialized_name="rateLimitThreshold", + ) + _element.rule_type = AAZStrType( + serialized_name="ruleType", + flags={"required": True}, + ) + + group_by = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.group_by + group_by.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.group_by.Element + _element.variable_name = AAZStrType( + serialized_name="variableName", + flags={"required": True}, + ) + + match_conditions = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions + match_conditions.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions.Element + _element.match_value = AAZListType( + serialized_name="matchValue", + flags={"required": True}, + ) + _element.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + _element.negate_condition = AAZBoolType( + serialized_name="negateCondition", + ) + _element.operator = AAZStrType( + flags={"required": True}, + ) + _element.selector = AAZStrType() + _element.transforms = AAZListType() + + match_value = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions.Element.match_value + match_value.Element = AAZStrType() + + transforms = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions.Element.transforms + transforms.Element = AAZStrType() + + frontend_endpoint_links = _schema_web_application_firewall_policy_read.properties.frontend_endpoint_links + frontend_endpoint_links.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.frontend_endpoint_links.Element + _element.id = AAZStrType() + + managed_rules = _schema_web_application_firewall_policy_read.properties.managed_rules + managed_rules.exceptions_list = AAZObjectType( + serialized_name="exceptionsList", + ) + managed_rules.managed_rule_sets = AAZListType( + serialized_name="managedRuleSets", + ) + + exceptions_list = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list + exceptions_list.exceptions = AAZListType() + + exceptions = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions + exceptions.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element + _element.match_values = AAZListType( + serialized_name="matchValues", + flags={"required": True}, + ) + _element.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + _element.scopes = AAZListType( + flags={"required": True}, + ) + _element.selector = AAZStrType() + _element.selector_match_operator = AAZStrType( + serialized_name="selectorMatchOperator", + ) + _element.value_match_operator = AAZStrType( + serialized_name="valueMatchOperator", + flags={"required": True}, + ) + + match_values = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.match_values + match_values.Element = AAZStrType() + + scopes = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes + scopes.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element + _element.rule_group_scopes = AAZListType( + serialized_name="ruleGroupScopes", + ) + _element.rule_set_type = AAZStrType( + serialized_name="ruleSetType", + flags={"required": True}, + ) + _element.rule_set_version = AAZStrType( + serialized_name="ruleSetVersion", + flags={"required": True}, + ) + + rule_group_scopes = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes + rule_group_scopes.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element + _element.rule_group_name = AAZStrType( + serialized_name="ruleGroupName", + flags={"required": True}, + ) + _element.rule_scopes = AAZListType( + serialized_name="ruleScopes", + ) + + rule_scopes = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element.rule_scopes + rule_scopes.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element.rule_scopes.Element + _element.rule_id = AAZStrType( + serialized_name="ruleId", + flags={"required": True}, + ) + + managed_rule_sets = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets + managed_rule_sets.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element + _element.exclusions = AAZListType() + _element.rule_group_overrides = AAZListType( + serialized_name="ruleGroupOverrides", + ) + _element.rule_set_action = AAZStrType( + serialized_name="ruleSetAction", + ) + _element.rule_set_type = AAZStrType( + serialized_name="ruleSetType", + flags={"required": True}, + ) + _element.rule_set_version = AAZStrType( + serialized_name="ruleSetVersion", + flags={"required": True}, + ) + + exclusions = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.exclusions + exclusions.Element = AAZObjectType() + cls._build_schema_managed_rule_exclusion_read(exclusions.Element) + + rule_group_overrides = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides + rule_group_overrides.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element + _element.exclusions = AAZListType() + _element.rule_group_name = AAZStrType( + serialized_name="ruleGroupName", + flags={"required": True}, + ) + _element.rules = AAZListType() + + exclusions = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.exclusions + exclusions.Element = AAZObjectType() + cls._build_schema_managed_rule_exclusion_read(exclusions.Element) + + rules = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.rules + rules.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.rules.Element + _element.action = AAZStrType() + _element.enabled_state = AAZStrType( + serialized_name="enabledState", + ) + _element.exclusions = AAZListType() + _element.rule_id = AAZStrType( + serialized_name="ruleId", + flags={"required": True}, + ) + _element.sensitivity = AAZStrType() + + exclusions = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.rules.Element.exclusions + exclusions.Element = AAZObjectType() + cls._build_schema_managed_rule_exclusion_read(exclusions.Element) + + policy_settings = _schema_web_application_firewall_policy_read.properties.policy_settings + policy_settings.captcha_expiration_in_minutes = AAZIntType( + serialized_name="captchaExpirationInMinutes", + ) + policy_settings.custom_block_response_body = AAZStrType( + serialized_name="customBlockResponseBody", + ) + policy_settings.custom_block_response_status_code = AAZIntType( + serialized_name="customBlockResponseStatusCode", + ) + policy_settings.enabled_state = AAZStrType( + serialized_name="enabledState", + ) + policy_settings.javascript_challenge_expiration_in_minutes = AAZIntType( + serialized_name="javascriptChallengeExpirationInMinutes", + ) + policy_settings.log_scrubbing = AAZObjectType( + serialized_name="logScrubbing", + flags={"client_flatten": True}, + ) + policy_settings.mode = AAZStrType() + policy_settings.redirect_url = AAZStrType( + serialized_name="redirectUrl", + ) + policy_settings.request_body_check = AAZStrType( + serialized_name="requestBodyCheck", + ) + + log_scrubbing = _schema_web_application_firewall_policy_read.properties.policy_settings.log_scrubbing + log_scrubbing.scrubbing_rules = AAZListType( + serialized_name="scrubbingRules", + ) + log_scrubbing.state = AAZStrType() + + scrubbing_rules = _schema_web_application_firewall_policy_read.properties.policy_settings.log_scrubbing.scrubbing_rules + scrubbing_rules.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.policy_settings.log_scrubbing.scrubbing_rules.Element + _element.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + _element.selector = AAZStrType() + _element.selector_match_operator = AAZStrType( + serialized_name="selectorMatchOperator", + flags={"required": True}, + ) + _element.state = AAZStrType() + + routing_rule_links = _schema_web_application_firewall_policy_read.properties.routing_rule_links + routing_rule_links.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.routing_rule_links.Element + _element.id = AAZStrType() + + security_policy_links = _schema_web_application_firewall_policy_read.properties.security_policy_links + security_policy_links.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.security_policy_links.Element + _element.id = AAZStrType() + + sku = _schema_web_application_firewall_policy_read.sku + sku.name = AAZStrType() + + tags = _schema_web_application_firewall_policy_read.tags + tags.Element = AAZStrType() + + _schema.etag = cls._schema_web_application_firewall_policy_read.etag + _schema.id = cls._schema_web_application_firewall_policy_read.id + _schema.location = cls._schema_web_application_firewall_policy_read.location + _schema.name = cls._schema_web_application_firewall_policy_read.name + _schema.properties = cls._schema_web_application_firewall_policy_read.properties + _schema.sku = cls._schema_web_application_firewall_policy_read.sku + _schema.tags = cls._schema_web_application_firewall_policy_read.tags + _schema.type = cls._schema_web_application_firewall_policy_read.type + + +__all__ = ["List"] diff --git a/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_remove.py b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_remove.py new file mode 100644 index 00000000000..900ef96863f --- /dev/null +++ b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_remove.py @@ -0,0 +1,701 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network front-door waf-policy managed-rules exception remove", + confirmation="Are you sure you want to perform this operation?", +) +class Remove(AAZCommand): + """Delete Exception + """ + + _aaz_info = { + "version": "2025-11-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-11-01", "properties.managedRules.exceptionsList.exceptions[]"], + ] + } + + AZ_SUPPORT_NO_WAIT = True + + def _handler(self, command_args): + super()._handler(command_args) + self.SubresourceSelector(ctx=self.ctx, name="subresource") + return self.build_lro_poller(self._execute_operations, None) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.policy_name = AAZStrArg( + options=["--policy-name"], + help="The name of the Web Application Firewall Policy.", + required=True, + fmt=AAZStrArgFormat( + max_length=128, + ), + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.exception_index = AAZIntArg( + options=["--exception-index"], + help="Index of the exception to remove.", + required=True, + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.PoliciesGet(ctx=self.ctx)() + self.pre_instance_delete() + self.InstanceDeleteByJson(ctx=self.ctx)() + self.post_instance_delete() + yield self.PoliciesCreateOrUpdate(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + @register_callback + def pre_instance_delete(self): + pass + + @register_callback + def post_instance_delete(self): + pass + + class SubresourceSelector(AAZJsonSelector): + + def _get(self): + result = self.ctx.vars.instance + result = result.properties.managedRules.exceptionsList.exceptions + filters = enumerate(result) + filters = filter( + lambda e: e[0] == self.ctx.args.exception_index, + filters + ) + idx = next(filters)[0] + return result[idx] + + def _set(self, value): + result = self.ctx.vars.instance + result = result.properties.managedRules.exceptionsList.exceptions + filters = enumerate(result) + filters = filter( + lambda e: e[0] == self.ctx.args.exception_index, + filters + ) + idx = next(filters, [len(result)])[0] + self.ctx.args.exception_index = idx + result[idx] = value + return + + class PoliciesGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "policyName", self.ctx.args.policy_name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2025-11-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + _RemoveHelper._build_schema_web_application_firewall_policy_read(cls._schema_on_200) + + return cls._schema_on_200 + + class PoliciesCreateOrUpdate(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [202]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200_201, + self.on_error, + lro_options={"final-state-via": "location"}, + path_format_arguments=self.url_parameters, + ) + if session.http_response.status_code in [200, 201]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200_201, + self.on_error, + lro_options={"final-state-via": "location"}, + path_format_arguments=self.url_parameters, + ) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}", + **self.url_parameters + ) + + @property + def method(self): + return "PUT" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "policyName", self.ctx.args.policy_name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2025-11-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Content-Type", "application/json", + ), + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + @property + def content(self): + _content_value, _builder = self.new_content_builder( + self.ctx.args, + value=self.ctx.vars.instance, + ) + + return self.serialize_content(_content_value) + + def on_200_201(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200_201 + ) + + _schema_on_200_201 = None + + @classmethod + def _build_schema_on_200_201(cls): + if cls._schema_on_200_201 is not None: + return cls._schema_on_200_201 + + cls._schema_on_200_201 = AAZObjectType() + _RemoveHelper._build_schema_web_application_firewall_policy_read(cls._schema_on_200_201) + + return cls._schema_on_200_201 + + class InstanceDeleteByJson(AAZJsonInstanceDeleteOperation): + + def __call__(self, *args, **kwargs): + self.ctx.selectors.subresource.set(self._delete_instance()) + + +class _RemoveHelper: + """Helper class for Remove""" + + _schema_managed_rule_exclusion_read = None + + @classmethod + def _build_schema_managed_rule_exclusion_read(cls, _schema): + if cls._schema_managed_rule_exclusion_read is not None: + _schema.match_variable = cls._schema_managed_rule_exclusion_read.match_variable + _schema.selector = cls._schema_managed_rule_exclusion_read.selector + _schema.selector_match_operator = cls._schema_managed_rule_exclusion_read.selector_match_operator + return + + cls._schema_managed_rule_exclusion_read = _schema_managed_rule_exclusion_read = AAZObjectType() + + managed_rule_exclusion_read = _schema_managed_rule_exclusion_read + managed_rule_exclusion_read.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + managed_rule_exclusion_read.selector = AAZStrType( + flags={"required": True}, + ) + managed_rule_exclusion_read.selector_match_operator = AAZStrType( + serialized_name="selectorMatchOperator", + flags={"required": True}, + ) + + _schema.match_variable = cls._schema_managed_rule_exclusion_read.match_variable + _schema.selector = cls._schema_managed_rule_exclusion_read.selector + _schema.selector_match_operator = cls._schema_managed_rule_exclusion_read.selector_match_operator + + _schema_web_application_firewall_policy_read = None + + @classmethod + def _build_schema_web_application_firewall_policy_read(cls, _schema): + if cls._schema_web_application_firewall_policy_read is not None: + _schema.etag = cls._schema_web_application_firewall_policy_read.etag + _schema.id = cls._schema_web_application_firewall_policy_read.id + _schema.location = cls._schema_web_application_firewall_policy_read.location + _schema.name = cls._schema_web_application_firewall_policy_read.name + _schema.properties = cls._schema_web_application_firewall_policy_read.properties + _schema.sku = cls._schema_web_application_firewall_policy_read.sku + _schema.tags = cls._schema_web_application_firewall_policy_read.tags + _schema.type = cls._schema_web_application_firewall_policy_read.type + return + + cls._schema_web_application_firewall_policy_read = _schema_web_application_firewall_policy_read = AAZObjectType() + + web_application_firewall_policy_read = _schema_web_application_firewall_policy_read + web_application_firewall_policy_read.etag = AAZStrType() + web_application_firewall_policy_read.id = AAZStrType( + flags={"read_only": True}, + ) + web_application_firewall_policy_read.location = AAZStrType() + web_application_firewall_policy_read.name = AAZStrType( + flags={"read_only": True}, + ) + web_application_firewall_policy_read.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + web_application_firewall_policy_read.sku = AAZObjectType() + web_application_firewall_policy_read.tags = AAZDictType() + web_application_firewall_policy_read.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = _schema_web_application_firewall_policy_read.properties + properties.custom_rules = AAZObjectType( + serialized_name="customRules", + ) + properties.frontend_endpoint_links = AAZListType( + serialized_name="frontendEndpointLinks", + flags={"read_only": True}, + ) + properties.managed_rules = AAZObjectType( + serialized_name="managedRules", + ) + properties.policy_settings = AAZObjectType( + serialized_name="policySettings", + ) + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.resource_state = AAZStrType( + serialized_name="resourceState", + flags={"read_only": True}, + ) + properties.routing_rule_links = AAZListType( + serialized_name="routingRuleLinks", + flags={"read_only": True}, + ) + properties.security_policy_links = AAZListType( + serialized_name="securityPolicyLinks", + flags={"read_only": True}, + ) + + custom_rules = _schema_web_application_firewall_policy_read.properties.custom_rules + custom_rules.rules = AAZListType() + + rules = _schema_web_application_firewall_policy_read.properties.custom_rules.rules + rules.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element + _element.action = AAZStrType( + flags={"required": True}, + ) + _element.enabled_state = AAZStrType( + serialized_name="enabledState", + ) + _element.group_by = AAZListType( + serialized_name="groupBy", + ) + _element.match_conditions = AAZListType( + serialized_name="matchConditions", + flags={"required": True}, + ) + _element.name = AAZStrType() + _element.priority = AAZIntType( + flags={"required": True}, + ) + _element.rate_limit_duration_in_minutes = AAZIntType( + serialized_name="rateLimitDurationInMinutes", + ) + _element.rate_limit_threshold = AAZIntType( + serialized_name="rateLimitThreshold", + ) + _element.rule_type = AAZStrType( + serialized_name="ruleType", + flags={"required": True}, + ) + + group_by = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.group_by + group_by.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.group_by.Element + _element.variable_name = AAZStrType( + serialized_name="variableName", + flags={"required": True}, + ) + + match_conditions = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions + match_conditions.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions.Element + _element.match_value = AAZListType( + serialized_name="matchValue", + flags={"required": True}, + ) + _element.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + _element.negate_condition = AAZBoolType( + serialized_name="negateCondition", + ) + _element.operator = AAZStrType( + flags={"required": True}, + ) + _element.selector = AAZStrType() + _element.transforms = AAZListType() + + match_value = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions.Element.match_value + match_value.Element = AAZStrType() + + transforms = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions.Element.transforms + transforms.Element = AAZStrType() + + frontend_endpoint_links = _schema_web_application_firewall_policy_read.properties.frontend_endpoint_links + frontend_endpoint_links.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.frontend_endpoint_links.Element + _element.id = AAZStrType() + + managed_rules = _schema_web_application_firewall_policy_read.properties.managed_rules + managed_rules.exceptions_list = AAZObjectType( + serialized_name="exceptionsList", + ) + managed_rules.managed_rule_sets = AAZListType( + serialized_name="managedRuleSets", + ) + + exceptions_list = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list + exceptions_list.exceptions = AAZListType() + + exceptions = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions + exceptions.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element + _element.match_values = AAZListType( + serialized_name="matchValues", + flags={"required": True}, + ) + _element.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + _element.scopes = AAZListType( + flags={"required": True}, + ) + _element.selector = AAZStrType() + _element.selector_match_operator = AAZStrType( + serialized_name="selectorMatchOperator", + ) + _element.value_match_operator = AAZStrType( + serialized_name="valueMatchOperator", + flags={"required": True}, + ) + + match_values = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.match_values + match_values.Element = AAZStrType() + + scopes = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes + scopes.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element + _element.rule_group_scopes = AAZListType( + serialized_name="ruleGroupScopes", + ) + _element.rule_set_type = AAZStrType( + serialized_name="ruleSetType", + flags={"required": True}, + ) + _element.rule_set_version = AAZStrType( + serialized_name="ruleSetVersion", + flags={"required": True}, + ) + + rule_group_scopes = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes + rule_group_scopes.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element + _element.rule_group_name = AAZStrType( + serialized_name="ruleGroupName", + flags={"required": True}, + ) + _element.rule_scopes = AAZListType( + serialized_name="ruleScopes", + ) + + rule_scopes = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element.rule_scopes + rule_scopes.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element.rule_scopes.Element + _element.rule_id = AAZStrType( + serialized_name="ruleId", + flags={"required": True}, + ) + + managed_rule_sets = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets + managed_rule_sets.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element + _element.exclusions = AAZListType() + _element.rule_group_overrides = AAZListType( + serialized_name="ruleGroupOverrides", + ) + _element.rule_set_action = AAZStrType( + serialized_name="ruleSetAction", + ) + _element.rule_set_type = AAZStrType( + serialized_name="ruleSetType", + flags={"required": True}, + ) + _element.rule_set_version = AAZStrType( + serialized_name="ruleSetVersion", + flags={"required": True}, + ) + + exclusions = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.exclusions + exclusions.Element = AAZObjectType() + cls._build_schema_managed_rule_exclusion_read(exclusions.Element) + + rule_group_overrides = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides + rule_group_overrides.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element + _element.exclusions = AAZListType() + _element.rule_group_name = AAZStrType( + serialized_name="ruleGroupName", + flags={"required": True}, + ) + _element.rules = AAZListType() + + exclusions = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.exclusions + exclusions.Element = AAZObjectType() + cls._build_schema_managed_rule_exclusion_read(exclusions.Element) + + rules = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.rules + rules.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.rules.Element + _element.action = AAZStrType() + _element.enabled_state = AAZStrType( + serialized_name="enabledState", + ) + _element.exclusions = AAZListType() + _element.rule_id = AAZStrType( + serialized_name="ruleId", + flags={"required": True}, + ) + _element.sensitivity = AAZStrType() + + exclusions = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.rules.Element.exclusions + exclusions.Element = AAZObjectType() + cls._build_schema_managed_rule_exclusion_read(exclusions.Element) + + policy_settings = _schema_web_application_firewall_policy_read.properties.policy_settings + policy_settings.captcha_expiration_in_minutes = AAZIntType( + serialized_name="captchaExpirationInMinutes", + ) + policy_settings.custom_block_response_body = AAZStrType( + serialized_name="customBlockResponseBody", + ) + policy_settings.custom_block_response_status_code = AAZIntType( + serialized_name="customBlockResponseStatusCode", + ) + policy_settings.enabled_state = AAZStrType( + serialized_name="enabledState", + ) + policy_settings.javascript_challenge_expiration_in_minutes = AAZIntType( + serialized_name="javascriptChallengeExpirationInMinutes", + ) + policy_settings.log_scrubbing = AAZObjectType( + serialized_name="logScrubbing", + flags={"client_flatten": True}, + ) + policy_settings.mode = AAZStrType() + policy_settings.redirect_url = AAZStrType( + serialized_name="redirectUrl", + ) + policy_settings.request_body_check = AAZStrType( + serialized_name="requestBodyCheck", + ) + + log_scrubbing = _schema_web_application_firewall_policy_read.properties.policy_settings.log_scrubbing + log_scrubbing.scrubbing_rules = AAZListType( + serialized_name="scrubbingRules", + ) + log_scrubbing.state = AAZStrType() + + scrubbing_rules = _schema_web_application_firewall_policy_read.properties.policy_settings.log_scrubbing.scrubbing_rules + scrubbing_rules.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.policy_settings.log_scrubbing.scrubbing_rules.Element + _element.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + _element.selector = AAZStrType() + _element.selector_match_operator = AAZStrType( + serialized_name="selectorMatchOperator", + flags={"required": True}, + ) + _element.state = AAZStrType() + + routing_rule_links = _schema_web_application_firewall_policy_read.properties.routing_rule_links + routing_rule_links.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.routing_rule_links.Element + _element.id = AAZStrType() + + security_policy_links = _schema_web_application_firewall_policy_read.properties.security_policy_links + security_policy_links.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.security_policy_links.Element + _element.id = AAZStrType() + + sku = _schema_web_application_firewall_policy_read.sku + sku.name = AAZStrType() + + tags = _schema_web_application_firewall_policy_read.tags + tags.Element = AAZStrType() + + _schema.etag = cls._schema_web_application_firewall_policy_read.etag + _schema.id = cls._schema_web_application_firewall_policy_read.id + _schema.location = cls._schema_web_application_firewall_policy_read.location + _schema.name = cls._schema_web_application_firewall_policy_read.name + _schema.properties = cls._schema_web_application_firewall_policy_read.properties + _schema.sku = cls._schema_web_application_firewall_policy_read.sku + _schema.tags = cls._schema_web_application_firewall_policy_read.tags + _schema.type = cls._schema_web_application_firewall_policy_read.type + + +__all__ = ["Remove"] diff --git a/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_wait.py b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_wait.py new file mode 100644 index 00000000000..0ddf71fe35a --- /dev/null +++ b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_wait.py @@ -0,0 +1,543 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network front-door waf-policy managed-rules exception wait", +) +class Wait(AAZWaitCommand): + """Place the CLI in a waiting state until a condition is met. + """ + + _aaz_info = { + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-11-01", "properties.managedRules.exceptionsList.exceptions[]"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.policy_name = AAZStrArg( + options=["--policy-name"], + help="The name of the Web Application Firewall Policy.", + required=True, + id_part="name", + fmt=AAZStrArgFormat( + max_length=128, + ), + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.PoliciesGet(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=False) + return result + + class PoliciesGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "policyName", self.ctx.args.policy_name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2025-11-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + _WaitHelper._build_schema_web_application_firewall_policy_read(cls._schema_on_200) + + return cls._schema_on_200 + + +class _WaitHelper: + """Helper class for Wait""" + + _schema_managed_rule_exclusion_read = None + + @classmethod + def _build_schema_managed_rule_exclusion_read(cls, _schema): + if cls._schema_managed_rule_exclusion_read is not None: + _schema.match_variable = cls._schema_managed_rule_exclusion_read.match_variable + _schema.selector = cls._schema_managed_rule_exclusion_read.selector + _schema.selector_match_operator = cls._schema_managed_rule_exclusion_read.selector_match_operator + return + + cls._schema_managed_rule_exclusion_read = _schema_managed_rule_exclusion_read = AAZObjectType() + + managed_rule_exclusion_read = _schema_managed_rule_exclusion_read + managed_rule_exclusion_read.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + managed_rule_exclusion_read.selector = AAZStrType( + flags={"required": True}, + ) + managed_rule_exclusion_read.selector_match_operator = AAZStrType( + serialized_name="selectorMatchOperator", + flags={"required": True}, + ) + + _schema.match_variable = cls._schema_managed_rule_exclusion_read.match_variable + _schema.selector = cls._schema_managed_rule_exclusion_read.selector + _schema.selector_match_operator = cls._schema_managed_rule_exclusion_read.selector_match_operator + + _schema_web_application_firewall_policy_read = None + + @classmethod + def _build_schema_web_application_firewall_policy_read(cls, _schema): + if cls._schema_web_application_firewall_policy_read is not None: + _schema.etag = cls._schema_web_application_firewall_policy_read.etag + _schema.id = cls._schema_web_application_firewall_policy_read.id + _schema.location = cls._schema_web_application_firewall_policy_read.location + _schema.name = cls._schema_web_application_firewall_policy_read.name + _schema.properties = cls._schema_web_application_firewall_policy_read.properties + _schema.sku = cls._schema_web_application_firewall_policy_read.sku + _schema.tags = cls._schema_web_application_firewall_policy_read.tags + _schema.type = cls._schema_web_application_firewall_policy_read.type + return + + cls._schema_web_application_firewall_policy_read = _schema_web_application_firewall_policy_read = AAZObjectType() + + web_application_firewall_policy_read = _schema_web_application_firewall_policy_read + web_application_firewall_policy_read.etag = AAZStrType() + web_application_firewall_policy_read.id = AAZStrType( + flags={"read_only": True}, + ) + web_application_firewall_policy_read.location = AAZStrType() + web_application_firewall_policy_read.name = AAZStrType( + flags={"read_only": True}, + ) + web_application_firewall_policy_read.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + web_application_firewall_policy_read.sku = AAZObjectType() + web_application_firewall_policy_read.tags = AAZDictType() + web_application_firewall_policy_read.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = _schema_web_application_firewall_policy_read.properties + properties.custom_rules = AAZObjectType( + serialized_name="customRules", + ) + properties.frontend_endpoint_links = AAZListType( + serialized_name="frontendEndpointLinks", + flags={"read_only": True}, + ) + properties.managed_rules = AAZObjectType( + serialized_name="managedRules", + ) + properties.policy_settings = AAZObjectType( + serialized_name="policySettings", + ) + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.resource_state = AAZStrType( + serialized_name="resourceState", + flags={"read_only": True}, + ) + properties.routing_rule_links = AAZListType( + serialized_name="routingRuleLinks", + flags={"read_only": True}, + ) + properties.security_policy_links = AAZListType( + serialized_name="securityPolicyLinks", + flags={"read_only": True}, + ) + + custom_rules = _schema_web_application_firewall_policy_read.properties.custom_rules + custom_rules.rules = AAZListType() + + rules = _schema_web_application_firewall_policy_read.properties.custom_rules.rules + rules.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element + _element.action = AAZStrType( + flags={"required": True}, + ) + _element.enabled_state = AAZStrType( + serialized_name="enabledState", + ) + _element.group_by = AAZListType( + serialized_name="groupBy", + ) + _element.match_conditions = AAZListType( + serialized_name="matchConditions", + flags={"required": True}, + ) + _element.name = AAZStrType() + _element.priority = AAZIntType( + flags={"required": True}, + ) + _element.rate_limit_duration_in_minutes = AAZIntType( + serialized_name="rateLimitDurationInMinutes", + ) + _element.rate_limit_threshold = AAZIntType( + serialized_name="rateLimitThreshold", + ) + _element.rule_type = AAZStrType( + serialized_name="ruleType", + flags={"required": True}, + ) + + group_by = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.group_by + group_by.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.group_by.Element + _element.variable_name = AAZStrType( + serialized_name="variableName", + flags={"required": True}, + ) + + match_conditions = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions + match_conditions.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions.Element + _element.match_value = AAZListType( + serialized_name="matchValue", + flags={"required": True}, + ) + _element.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + _element.negate_condition = AAZBoolType( + serialized_name="negateCondition", + ) + _element.operator = AAZStrType( + flags={"required": True}, + ) + _element.selector = AAZStrType() + _element.transforms = AAZListType() + + match_value = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions.Element.match_value + match_value.Element = AAZStrType() + + transforms = _schema_web_application_firewall_policy_read.properties.custom_rules.rules.Element.match_conditions.Element.transforms + transforms.Element = AAZStrType() + + frontend_endpoint_links = _schema_web_application_firewall_policy_read.properties.frontend_endpoint_links + frontend_endpoint_links.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.frontend_endpoint_links.Element + _element.id = AAZStrType() + + managed_rules = _schema_web_application_firewall_policy_read.properties.managed_rules + managed_rules.exceptions_list = AAZObjectType( + serialized_name="exceptionsList", + ) + managed_rules.managed_rule_sets = AAZListType( + serialized_name="managedRuleSets", + ) + + exceptions_list = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list + exceptions_list.exceptions = AAZListType() + + exceptions = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions + exceptions.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element + _element.match_values = AAZListType( + serialized_name="matchValues", + flags={"required": True}, + ) + _element.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + _element.scopes = AAZListType( + flags={"required": True}, + ) + _element.selector = AAZStrType() + _element.selector_match_operator = AAZStrType( + serialized_name="selectorMatchOperator", + ) + _element.value_match_operator = AAZStrType( + serialized_name="valueMatchOperator", + flags={"required": True}, + ) + + match_values = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.match_values + match_values.Element = AAZStrType() + + scopes = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes + scopes.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element + _element.rule_group_scopes = AAZListType( + serialized_name="ruleGroupScopes", + ) + _element.rule_set_type = AAZStrType( + serialized_name="ruleSetType", + flags={"required": True}, + ) + _element.rule_set_version = AAZStrType( + serialized_name="ruleSetVersion", + flags={"required": True}, + ) + + rule_group_scopes = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes + rule_group_scopes.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element + _element.rule_group_name = AAZStrType( + serialized_name="ruleGroupName", + flags={"required": True}, + ) + _element.rule_scopes = AAZListType( + serialized_name="ruleScopes", + ) + + rule_scopes = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element.rule_scopes + rule_scopes.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.exceptions_list.exceptions.Element.scopes.Element.rule_group_scopes.Element.rule_scopes.Element + _element.rule_id = AAZStrType( + serialized_name="ruleId", + flags={"required": True}, + ) + + managed_rule_sets = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets + managed_rule_sets.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element + _element.exclusions = AAZListType() + _element.rule_group_overrides = AAZListType( + serialized_name="ruleGroupOverrides", + ) + _element.rule_set_action = AAZStrType( + serialized_name="ruleSetAction", + ) + _element.rule_set_type = AAZStrType( + serialized_name="ruleSetType", + flags={"required": True}, + ) + _element.rule_set_version = AAZStrType( + serialized_name="ruleSetVersion", + flags={"required": True}, + ) + + exclusions = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.exclusions + exclusions.Element = AAZObjectType() + cls._build_schema_managed_rule_exclusion_read(exclusions.Element) + + rule_group_overrides = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides + rule_group_overrides.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element + _element.exclusions = AAZListType() + _element.rule_group_name = AAZStrType( + serialized_name="ruleGroupName", + flags={"required": True}, + ) + _element.rules = AAZListType() + + exclusions = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.exclusions + exclusions.Element = AAZObjectType() + cls._build_schema_managed_rule_exclusion_read(exclusions.Element) + + rules = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.rules + rules.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.rules.Element + _element.action = AAZStrType() + _element.enabled_state = AAZStrType( + serialized_name="enabledState", + ) + _element.exclusions = AAZListType() + _element.rule_id = AAZStrType( + serialized_name="ruleId", + flags={"required": True}, + ) + _element.sensitivity = AAZStrType() + + exclusions = _schema_web_application_firewall_policy_read.properties.managed_rules.managed_rule_sets.Element.rule_group_overrides.Element.rules.Element.exclusions + exclusions.Element = AAZObjectType() + cls._build_schema_managed_rule_exclusion_read(exclusions.Element) + + policy_settings = _schema_web_application_firewall_policy_read.properties.policy_settings + policy_settings.captcha_expiration_in_minutes = AAZIntType( + serialized_name="captchaExpirationInMinutes", + ) + policy_settings.custom_block_response_body = AAZStrType( + serialized_name="customBlockResponseBody", + ) + policy_settings.custom_block_response_status_code = AAZIntType( + serialized_name="customBlockResponseStatusCode", + ) + policy_settings.enabled_state = AAZStrType( + serialized_name="enabledState", + ) + policy_settings.javascript_challenge_expiration_in_minutes = AAZIntType( + serialized_name="javascriptChallengeExpirationInMinutes", + ) + policy_settings.log_scrubbing = AAZObjectType( + serialized_name="logScrubbing", + flags={"client_flatten": True}, + ) + policy_settings.mode = AAZStrType() + policy_settings.redirect_url = AAZStrType( + serialized_name="redirectUrl", + ) + policy_settings.request_body_check = AAZStrType( + serialized_name="requestBodyCheck", + ) + + log_scrubbing = _schema_web_application_firewall_policy_read.properties.policy_settings.log_scrubbing + log_scrubbing.scrubbing_rules = AAZListType( + serialized_name="scrubbingRules", + ) + log_scrubbing.state = AAZStrType() + + scrubbing_rules = _schema_web_application_firewall_policy_read.properties.policy_settings.log_scrubbing.scrubbing_rules + scrubbing_rules.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.policy_settings.log_scrubbing.scrubbing_rules.Element + _element.match_variable = AAZStrType( + serialized_name="matchVariable", + flags={"required": True}, + ) + _element.selector = AAZStrType() + _element.selector_match_operator = AAZStrType( + serialized_name="selectorMatchOperator", + flags={"required": True}, + ) + _element.state = AAZStrType() + + routing_rule_links = _schema_web_application_firewall_policy_read.properties.routing_rule_links + routing_rule_links.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.routing_rule_links.Element + _element.id = AAZStrType() + + security_policy_links = _schema_web_application_firewall_policy_read.properties.security_policy_links + security_policy_links.Element = AAZObjectType() + + _element = _schema_web_application_firewall_policy_read.properties.security_policy_links.Element + _element.id = AAZStrType() + + sku = _schema_web_application_firewall_policy_read.sku + sku.name = AAZStrType() + + tags = _schema_web_application_firewall_policy_read.tags + tags.Element = AAZStrType() + + _schema.etag = cls._schema_web_application_firewall_policy_read.etag + _schema.id = cls._schema_web_application_firewall_policy_read.id + _schema.location = cls._schema_web_application_firewall_policy_read.location + _schema.name = cls._schema_web_application_firewall_policy_read.name + _schema.properties = cls._schema_web_application_firewall_policy_read.properties + _schema.sku = cls._schema_web_application_firewall_policy_read.sku + _schema.tags = cls._schema_web_application_firewall_policy_read.tags + _schema.type = cls._schema_web_application_firewall_policy_read.type + + +__all__ = ["Wait"] diff --git a/src/front-door/azext_front_door/tests/latest/recordings/test_waf_policy_managed_rules_exceptions.yaml b/src/front-door/azext_front_door/tests/latest/recordings/test_waf_policy_managed_rules_exceptions.yaml new file mode 100644 index 00000000000..6234e95f03c --- /dev/null +++ b/src/front-door/azext_front_door/tests/latest/recordings/test_waf_policy_managed_rules_exceptions.yaml @@ -0,0 +1,560 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network front-door waf-policy create + Connection: + - keep-alive + ParameterSetName: + - -g -n --mode --sku + User-Agent: + - AZURECLI/2.87.0 azsdk-python-core/1.39.0 Python/3.13.14 (Windows-11-10.0.26200-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001?api-version=2024-11-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001","name":"clitest.rg000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"owner":"jingnanxu"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '258' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 02 Jul 2026 04:12:22 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-global-reads: + - '16499' + x-msedge-ref: + - 'Ref A: A7317061A20C4CD3905674EC9416D1A0 Ref B: SYD03EDGE2021 Ref C: 2026-07-02T04:12:22Z' + status: + code: 200 + message: OK +- request: + body: '{"location": "global", "properties": {"policySettings": {"enabledState": + "Enabled", "mode": "Prevention"}}, "sku": {"name": "Premium_AzureFrontDoor"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network front-door waf-policy create + Connection: + - keep-alive + Content-Length: + - '150' + Content-Type: + - application/json + ParameterSetName: + - -g -n --mode --sku + User-Agent: + - AZURECLI/2.87.0 azsdk-python-core/1.39.0 Python/3.13.14 (Windows-11-10.0.26200-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/cli000002?api-version=2025-11-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/cli000002","type":"Microsoft.Network/frontdoorwebapplicationfirewallpolicies","name":"cli000002","location":"Global","tags":{},"sku":{"name":"Premium_AzureFrontDoor"},"properties":{"policySettings":{"enabledState":"Enabled","mode":"Prevention","redirectUrl":null,"customBlockResponseStatusCode":null,"customBlockResponseBody":null,"requestBodyCheck":"Enabled","javascriptChallengeExpirationInMinutes":30,"captchaExpirationInMinutes":30,"logScrubbing":null},"customRules":{"rules":[]},"managedRules":{"managedRuleSets":[],"exceptionsList":{"exceptions":[]}},"frontendEndpointLinks":[],"securityPolicyLinks":[],"resourceState":"Enabled","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '827' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 02 Jul 2026 04:12:27 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-ms-operation-identifier: + - tenantId=72f988bf-86f1-41af-91ab-2d7cd011db47,objectId=2e396a67-4dc1-43ae-afcc-c6747d291866/westus/3b24e5c3-66c7-4640-99f8-0ef0fe2de9f0 + x-ms-ratelimit-remaining-subscription-global-writes: + - '11999' + x-ms-ratelimit-remaining-subscription-writes: + - '799' + x-msedge-ref: + - 'Ref A: AA6CECDFB4BC43B4BA91173F063DC6D2 Ref B: SYD03EDGE1910 Ref C: 2026-07-02T04:12:23Z' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network front-door waf-policy managed-rules add + Connection: + - keep-alive + ParameterSetName: + - -g --policy-name --type --version --action + User-Agent: + - AZURECLI/2.87.0 azsdk-python-core/1.39.0 Python/3.13.14 (Windows-11-10.0.26200-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/cli000002?api-version=2025-11-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/cli000002","type":"Microsoft.Network/frontdoorwebapplicationfirewallpolicies","name":"cli000002","location":"Global","tags":{},"sku":{"name":"Premium_AzureFrontDoor"},"properties":{"policySettings":{"enabledState":"Enabled","mode":"Prevention","redirectUrl":null,"customBlockResponseStatusCode":null,"customBlockResponseBody":null,"requestBodyCheck":"Enabled","javascriptChallengeExpirationInMinutes":30,"captchaExpirationInMinutes":30,"logScrubbing":null},"customRules":{"rules":[]},"managedRules":{"managedRuleSets":[],"exceptionsList":{"exceptions":[]}},"frontendEndpointLinks":[],"securityPolicyLinks":[],"resourceState":"Enabled","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '827' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 02 Jul 2026 04:12:29 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-global-reads: + - '16499' + x-msedge-ref: + - 'Ref A: 1E9780BF673E4555960A6E5EF46B8FCA Ref B: SYD03EDGE1711 Ref C: 2026-07-02T04:12:29Z' + status: + code: 200 + message: OK +- request: + body: '{"location": "Global", "properties": {"customRules": {"rules": []}, "managedRules": + {"exceptionsList": {"exceptions": []}, "managedRuleSets": [{"ruleSetAction": + "Block", "ruleSetType": "Microsoft_DefaultRuleSet", "ruleSetVersion": "2.0"}]}, + "policySettings": {"captchaExpirationInMinutes": 30, "enabledState": "Enabled", + "javascriptChallengeExpirationInMinutes": 30, "mode": "Prevention", "requestBodyCheck": + "Enabled"}}, "sku": {"name": "Premium_AzureFrontDoor"}, "tags": {}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network front-door waf-policy managed-rules add + Connection: + - keep-alive + Content-Length: + - '476' + Content-Type: + - application/json + ParameterSetName: + - -g --policy-name --type --version --action + User-Agent: + - AZURECLI/2.87.0 azsdk-python-core/1.39.0 Python/3.13.14 (Windows-11-10.0.26200-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/cli000002?api-version=2025-11-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/cli000002","type":"Microsoft.Network/frontdoorwebapplicationfirewallpolicies","name":"cli000002","location":"Global","tags":{},"sku":{"name":"Premium_AzureFrontDoor"},"properties":{"policySettings":{"enabledState":"Enabled","mode":"Prevention","redirectUrl":null,"customBlockResponseStatusCode":null,"customBlockResponseBody":null,"requestBodyCheck":"Enabled","javascriptChallengeExpirationInMinutes":30,"captchaExpirationInMinutes":30,"logScrubbing":null},"customRules":{"rules":[]},"managedRules":{"managedRuleSets":[{"ruleSetType":"Microsoft_DefaultRuleSet","ruleSetVersion":"2.0","ruleSetAction":"Block","ruleGroupOverrides":[],"exclusions":[]}],"exceptionsList":{"exceptions":[]}},"frontendEndpointLinks":[],"securityPolicyLinks":[],"resourceState":"Enabled","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '956' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 02 Jul 2026 04:12:32 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-ms-operation-identifier: + - tenantId=72f988bf-86f1-41af-91ab-2d7cd011db47,objectId=2e396a67-4dc1-43ae-afcc-c6747d291866/westus/c3dc6d0f-6914-4485-868a-84b492e6d53f + x-ms-ratelimit-remaining-subscription-global-writes: + - '11999' + x-ms-ratelimit-remaining-subscription-writes: + - '799' + x-msedge-ref: + - 'Ref A: 1B9CAA7124F24F9089A9896AFAF9A1F3 Ref B: SYD03EDGE2114 Ref C: 2026-07-02T04:12:31Z' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network front-door waf-policy managed-rules exception list + Connection: + - keep-alive + ParameterSetName: + - -g --policy-name + User-Agent: + - AZURECLI/2.87.0 azsdk-python-core/1.39.0 Python/3.13.14 (Windows-11-10.0.26200-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/cli000002?api-version=2025-11-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/cli000002","type":"Microsoft.Network/frontdoorwebapplicationfirewallpolicies","name":"cli000002","location":"Global","tags":{},"sku":{"name":"Premium_AzureFrontDoor"},"properties":{"policySettings":{"enabledState":"Enabled","mode":"Prevention","redirectUrl":null,"customBlockResponseStatusCode":null,"customBlockResponseBody":null,"requestBodyCheck":"Enabled","javascriptChallengeExpirationInMinutes":30,"captchaExpirationInMinutes":30,"logScrubbing":null},"customRules":{"rules":[]},"managedRules":{"managedRuleSets":[{"ruleSetType":"Microsoft_DefaultRuleSet","ruleSetVersion":"2.0","ruleSetAction":"Block","ruleGroupOverrides":[],"exclusions":[]}],"exceptionsList":{"exceptions":[]}},"frontendEndpointLinks":[],"securityPolicyLinks":[],"resourceState":"Enabled","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '956' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 02 Jul 2026 04:12:33 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-global-reads: + - '16499' + x-msedge-ref: + - 'Ref A: 0FB6602EAD7B4DF190330255BA08BF28 Ref B: SYD03EDGE1921 Ref C: 2026-07-02T04:12:33Z' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network front-door waf-policy managed-rules exception add + Connection: + - keep-alive + ParameterSetName: + - -g --policy-name --match-variable --match-values --value-match-operator --scopes + User-Agent: + - AZURECLI/2.87.0 azsdk-python-core/1.39.0 Python/3.13.14 (Windows-11-10.0.26200-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/cli000002?api-version=2025-11-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/cli000002","type":"Microsoft.Network/frontdoorwebapplicationfirewallpolicies","name":"cli000002","location":"Global","tags":{},"sku":{"name":"Premium_AzureFrontDoor"},"properties":{"policySettings":{"enabledState":"Enabled","mode":"Prevention","redirectUrl":null,"customBlockResponseStatusCode":null,"customBlockResponseBody":null,"requestBodyCheck":"Enabled","javascriptChallengeExpirationInMinutes":30,"captchaExpirationInMinutes":30,"logScrubbing":null},"customRules":{"rules":[]},"managedRules":{"managedRuleSets":[{"ruleSetType":"Microsoft_DefaultRuleSet","ruleSetVersion":"2.0","ruleSetAction":"Block","ruleGroupOverrides":[],"exclusions":[]}],"exceptionsList":{"exceptions":[]}},"frontendEndpointLinks":[],"securityPolicyLinks":[],"resourceState":"Enabled","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '956' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 02 Jul 2026 04:12:35 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-global-reads: + - '16499' + x-msedge-ref: + - 'Ref A: 976DA6A8085643929510800C9E3D7748 Ref B: SYD03EDGE2109 Ref C: 2026-07-02T04:12:35Z' + status: + code: 200 + message: OK +- request: + body: '{"location": "Global", "properties": {"customRules": {"rules": []}, "managedRules": + {"exceptionsList": {"exceptions": [{"matchValues": ["/login.php"], "matchVariable": + "RequestUri", "scopes": [{"ruleSetType": "Microsoft_DefaultRuleSet", "ruleSetVersion": + "2.0"}], "valueMatchOperator": "Equals"}]}, "managedRuleSets": [{"exclusions": + [], "ruleGroupOverrides": [], "ruleSetAction": "Block", "ruleSetType": "Microsoft_DefaultRuleSet", + "ruleSetVersion": "2.0"}]}, "policySettings": {"captchaExpirationInMinutes": + 30, "enabledState": "Enabled", "javascriptChallengeExpirationInMinutes": 30, + "mode": "Prevention", "requestBodyCheck": "Enabled"}}, "sku": {"name": "Premium_AzureFrontDoor"}, + "tags": {}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network front-door waf-policy managed-rules exception add + Connection: + - keep-alive + Content-Length: + - '696' + Content-Type: + - application/json + ParameterSetName: + - -g --policy-name --match-variable --match-values --value-match-operator --scopes + User-Agent: + - AZURECLI/2.87.0 azsdk-python-core/1.39.0 Python/3.13.14 (Windows-11-10.0.26200-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/cli000002?api-version=2025-11-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/cli000002","type":"Microsoft.Network/frontdoorwebapplicationfirewallpolicies","name":"cli000002","location":"Global","tags":{},"sku":{"name":"Premium_AzureFrontDoor"},"properties":{"policySettings":{"enabledState":"Enabled","mode":"Prevention","redirectUrl":null,"customBlockResponseStatusCode":null,"customBlockResponseBody":null,"requestBodyCheck":"Enabled","javascriptChallengeExpirationInMinutes":30,"captchaExpirationInMinutes":30,"logScrubbing":null},"customRules":{"rules":[]},"managedRules":{"managedRuleSets":[{"ruleSetType":"Microsoft_DefaultRuleSet","ruleSetVersion":"2.0","ruleSetAction":"Block","ruleGroupOverrides":[],"exclusions":[]}],"exceptionsList":{"exceptions":[{"matchVariable":"RequestUri","selectorMatchOperator":null,"selector":null,"valueMatchOperator":"Equals","matchValues":["/login.php"],"scopes":[{"ruleSetType":"Microsoft_DefaultRuleSet","ruleSetVersion":"2.0","ruleGroupScopes":[]}]}]}},"frontendEndpointLinks":[],"securityPolicyLinks":[],"resourceState":"Enabled","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '1188' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 02 Jul 2026 04:12:38 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-ms-operation-identifier: + - tenantId=72f988bf-86f1-41af-91ab-2d7cd011db47,objectId=2e396a67-4dc1-43ae-afcc-c6747d291866/westus/a5c0a709-0c02-47f9-8593-968578277c6e + x-ms-ratelimit-remaining-subscription-global-writes: + - '11999' + x-ms-ratelimit-remaining-subscription-writes: + - '799' + x-msedge-ref: + - 'Ref A: FF3E5543B1AB4A04A313F29D35D96EAC Ref B: SYD03EDGE2011 Ref C: 2026-07-02T04:12:36Z' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network front-door waf-policy managed-rules exception list + Connection: + - keep-alive + ParameterSetName: + - -g --policy-name + User-Agent: + - AZURECLI/2.87.0 azsdk-python-core/1.39.0 Python/3.13.14 (Windows-11-10.0.26200-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/cli000002?api-version=2025-11-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/cli000002","type":"Microsoft.Network/frontdoorwebapplicationfirewallpolicies","name":"cli000002","location":"Global","tags":{},"sku":{"name":"Premium_AzureFrontDoor"},"properties":{"policySettings":{"enabledState":"Enabled","mode":"Prevention","redirectUrl":null,"customBlockResponseStatusCode":null,"customBlockResponseBody":null,"requestBodyCheck":"Enabled","javascriptChallengeExpirationInMinutes":30,"captchaExpirationInMinutes":30,"logScrubbing":null},"customRules":{"rules":[]},"managedRules":{"managedRuleSets":[{"ruleSetType":"Microsoft_DefaultRuleSet","ruleSetVersion":"2.0","ruleSetAction":"Block","ruleGroupOverrides":[],"exclusions":[]}],"exceptionsList":{"exceptions":[{"matchVariable":"RequestUri","selectorMatchOperator":null,"selector":null,"valueMatchOperator":"Equals","matchValues":["/login.php"],"scopes":[{"ruleSetType":"Microsoft_DefaultRuleSet","ruleSetVersion":"2.0","ruleGroupScopes":[]}]}]}},"frontendEndpointLinks":[],"securityPolicyLinks":[],"resourceState":"Enabled","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '1188' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 02 Jul 2026 04:12:39 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-global-reads: + - '16499' + x-msedge-ref: + - 'Ref A: 982A238A5F9C44ECB801F64B09E26EBD Ref B: SYD03EDGE2112 Ref C: 2026-07-02T04:12:39Z' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network front-door waf-policy managed-rules exception remove + Connection: + - keep-alive + ParameterSetName: + - -g --policy-name --exception-index --yes + User-Agent: + - AZURECLI/2.87.0 azsdk-python-core/1.39.0 Python/3.13.14 (Windows-11-10.0.26200-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/cli000002?api-version=2025-11-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/cli000002","type":"Microsoft.Network/frontdoorwebapplicationfirewallpolicies","name":"cli000002","location":"Global","tags":{},"sku":{"name":"Premium_AzureFrontDoor"},"properties":{"policySettings":{"enabledState":"Enabled","mode":"Prevention","redirectUrl":null,"customBlockResponseStatusCode":null,"customBlockResponseBody":null,"requestBodyCheck":"Enabled","javascriptChallengeExpirationInMinutes":30,"captchaExpirationInMinutes":30,"logScrubbing":null},"customRules":{"rules":[]},"managedRules":{"managedRuleSets":[{"ruleSetType":"Microsoft_DefaultRuleSet","ruleSetVersion":"2.0","ruleSetAction":"Block","ruleGroupOverrides":[],"exclusions":[]}],"exceptionsList":{"exceptions":[{"matchVariable":"RequestUri","selectorMatchOperator":null,"selector":null,"valueMatchOperator":"Equals","matchValues":["/login.php"],"scopes":[{"ruleSetType":"Microsoft_DefaultRuleSet","ruleSetVersion":"2.0","ruleGroupScopes":[]}]}]}},"frontendEndpointLinks":[],"securityPolicyLinks":[],"resourceState":"Enabled","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '1188' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 02 Jul 2026 04:12:41 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-global-reads: + - '16499' + x-msedge-ref: + - 'Ref A: 1C02A686245C49BDBC178E533C0BC6DC Ref B: SYD03EDGE2120 Ref C: 2026-07-02T04:12:41Z' + status: + code: 200 + message: OK +- request: + body: '{"location": "Global", "properties": {"customRules": {"rules": []}, "managedRules": + {"exceptionsList": {"exceptions": []}, "managedRuleSets": [{"exclusions": [], + "ruleGroupOverrides": [], "ruleSetAction": "Block", "ruleSetType": "Microsoft_DefaultRuleSet", + "ruleSetVersion": "2.0"}]}, "policySettings": {"captchaExpirationInMinutes": + 30, "enabledState": "Enabled", "javascriptChallengeExpirationInMinutes": 30, + "mode": "Prevention", "requestBodyCheck": "Enabled"}}, "sku": {"name": "Premium_AzureFrontDoor"}, + "tags": {}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network front-door waf-policy managed-rules exception remove + Connection: + - keep-alive + Content-Length: + - '520' + Content-Type: + - application/json + ParameterSetName: + - -g --policy-name --exception-index --yes + User-Agent: + - AZURECLI/2.87.0 azsdk-python-core/1.39.0 Python/3.13.14 (Windows-11-10.0.26200-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/cli000002?api-version=2025-11-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/cli000002","type":"Microsoft.Network/frontdoorwebapplicationfirewallpolicies","name":"cli000002","location":"Global","tags":{},"sku":{"name":"Premium_AzureFrontDoor"},"properties":{"policySettings":{"enabledState":"Enabled","mode":"Prevention","redirectUrl":null,"customBlockResponseStatusCode":null,"customBlockResponseBody":null,"requestBodyCheck":"Enabled","javascriptChallengeExpirationInMinutes":30,"captchaExpirationInMinutes":30,"logScrubbing":null},"customRules":{"rules":[]},"managedRules":{"managedRuleSets":[{"ruleSetType":"Microsoft_DefaultRuleSet","ruleSetVersion":"2.0","ruleSetAction":"Block","ruleGroupOverrides":[],"exclusions":[]}],"exceptionsList":{"exceptions":[]}},"frontendEndpointLinks":[],"securityPolicyLinks":[],"resourceState":"Enabled","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '956' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 02 Jul 2026 04:12:44 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-ms-operation-identifier: + - tenantId=72f988bf-86f1-41af-91ab-2d7cd011db47,objectId=2e396a67-4dc1-43ae-afcc-c6747d291866/westus/814c72e3-3ec6-49dc-b8d1-c3492f838285 + x-ms-ratelimit-remaining-subscription-global-writes: + - '11999' + x-ms-ratelimit-remaining-subscription-writes: + - '799' + x-msedge-ref: + - 'Ref A: 02D82CEA4AEB47FEA041BA7C6F18BDE7 Ref B: SYD03EDGE2009 Ref C: 2026-07-02T04:12:42Z' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network front-door waf-policy managed-rules exception list + Connection: + - keep-alive + ParameterSetName: + - -g --policy-name + User-Agent: + - AZURECLI/2.87.0 azsdk-python-core/1.39.0 Python/3.13.14 (Windows-11-10.0.26200-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/cli000002?api-version=2025-11-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/cli000002","type":"Microsoft.Network/frontdoorwebapplicationfirewallpolicies","name":"cli000002","location":"Global","tags":{},"sku":{"name":"Premium_AzureFrontDoor"},"properties":{"policySettings":{"enabledState":"Enabled","mode":"Prevention","redirectUrl":null,"customBlockResponseStatusCode":null,"customBlockResponseBody":null,"requestBodyCheck":"Enabled","javascriptChallengeExpirationInMinutes":30,"captchaExpirationInMinutes":30,"logScrubbing":null},"customRules":{"rules":[]},"managedRules":{"managedRuleSets":[{"ruleSetType":"Microsoft_DefaultRuleSet","ruleSetVersion":"2.0","ruleSetAction":"Block","ruleGroupOverrides":[],"exclusions":[]}],"exceptionsList":{"exceptions":[]}},"frontendEndpointLinks":[],"securityPolicyLinks":[],"resourceState":"Enabled","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '956' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 02 Jul 2026 04:12:45 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-cache: + - CONFIG_NOCACHE + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-global-reads: + - '16499' + x-msedge-ref: + - 'Ref A: 47B6F38AC4554337B9850B433C1E8AAE Ref B: SYD03EDGE1918 Ref C: 2026-07-02T04:12:45Z' + status: + code: 200 + message: OK +version: 1 diff --git a/src/front-door/azext_front_door/tests/latest/test_waf_scenarios.py b/src/front-door/azext_front_door/tests/latest/test_waf_scenarios.py index b8d4a3d96c5..5ff6c0fe4e2 100644 --- a/src/front-door/azext_front_door/tests/latest/test_waf_scenarios.py +++ b/src/front-door/azext_front_door/tests/latest/test_waf_scenarios.py @@ -601,3 +601,47 @@ def test_waf_exclusions(self, resource_group): result = self.cmd(cmd).get_output_in_json() exclusions = result self.assertEqual(len(exclusions), 0) + + @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'}) + def test_waf_policy_managed_rules_exceptions(self, resource_group): + policyName = self.create_random_name(prefix='cli', length=24) + cmd = 'az network front-door waf-policy create -g {resource_group} -n {policyName} --mode prevention --sku Premium_AzureFrontDoor'.format(**locals()) + result = self.cmd(cmd).get_output_in_json() + self.assertEqual(result['name'], policyName) + self.assertEqual(result['sku']['name'], "Premium_AzureFrontDoor") + + type = "Microsoft_DefaultRuleSet" + version = "2.0" + action = "Block" + cmd = 'az network front-door waf-policy managed-rules add -g {resource_group} --policy-name {policyName} --type {type} --version {version} --action {action}'.format(**locals()) + result = self.cmd(cmd).get_output_in_json() + self.assertEqual(result['managedRules']['managedRuleSets'][0]['ruleSetType'], type) + self.assertEqual(result['managedRules']['managedRuleSets'][0]['ruleSetVersion'], version) + + cmd = 'az network front-door waf-policy managed-rules exception list -g {resource_group} --policy-name {policyName}'.format(**locals()) + result = self.cmd(cmd).get_output_in_json() + self.assertEqual(len(result), 0) + + matchVariable = "RequestUri" + op = "Equals" + matchValue = "/login.php" + cmd = 'az network front-door waf-policy managed-rules exception add -g {resource_group} --policy-name {policyName} --match-variable {matchVariable} --match-values {matchValue} --value-match-operator {op} --scopes [0].rule-set-type={type} [0].rule-set-version={version}'.format(**locals()) + result = self.cmd(cmd).get_output_in_json() + self.assertEqual(result['matchVariable'], matchVariable) + self.assertEqual(result['matchValues'][0], matchValue) + self.assertEqual(result['valueMatchOperator'], op) + self.assertEqual(result['scopes'][0]['ruleSetType'], type) + self.assertEqual(result['scopes'][0]['ruleSetVersion'], version) + + cmd = 'az network front-door waf-policy managed-rules exception list -g {resource_group} --policy-name {policyName}'.format(**locals()) + result = self.cmd(cmd).get_output_in_json() + self.assertEqual(len(result), 1) + self.assertEqual(result[0]['matchVariable'], matchVariable) + self.assertEqual(result[0]['matchValues'][0], matchValue) + + cmd = 'az network front-door waf-policy managed-rules exception remove -g {resource_group} --policy-name {policyName} --exception-index 0 --yes'.format(**locals()) + self.cmd(cmd) + + cmd = 'az network front-door waf-policy managed-rules exception list -g {resource_group} --policy-name {policyName}'.format(**locals()) + result = self.cmd(cmd).get_output_in_json() + self.assertEqual(len(result), 0) From 69c96737388d0a40248ed1a0b67fd79bd0cd1029 Mon Sep 17 00:00:00 2001 From: JingnanXu Date: Thu, 2 Jul 2026 14:48:46 +1000 Subject: [PATCH 2/5] Fix aks-preview index checksum --- src/index.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/index.json b/src/index.json index 6f25ecaa1a9..9438794aef5 100644 --- a/src/index.json +++ b/src/index.json @@ -19023,7 +19023,7 @@ "summary": "Provides a preview for upcoming AKS features", "version": "21.0.0b8" }, - "sha256Digest": "a57ebbc8241821e86168dca4066065bcb9fa13085d32eacc1aa26c4cc1aa4972" + "sha256Digest": "aa39868b5441c659afc11d069ef42bd48dbbd86d257058a76dfb552dc2748763" } ], "aksarc": [ From dd655b43b85ba0b62d5879c1929a532d9b85c8dd Mon Sep 17 00:00:00 2001 From: JingnanXu Date: Thu, 2 Jul 2026 15:02:49 +1000 Subject: [PATCH 3/5] Add Front Door WAF exception add example --- .../front_door/waf_policy/managed_rules/exception/_add.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_add.py b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_add.py index 64bcf720099..2ecf7ece1a6 100644 --- a/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_add.py +++ b/src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/managed_rules/exception/_add.py @@ -16,6 +16,9 @@ ) class Add(AAZCommand): """Create Exception + + :example: Add a managed rule exception to a WAF policy. + az network front-door waf-policy managed-rules exception add --resource-group rg1 --policy-name Policy1 --match-variable RequestUri --match-values /login.php --value-match-operator Equals --scopes [0].rule-set-type=Microsoft_DefaultRuleSet [0].rule-set-version=2.0 """ _aaz_info = { From 1c2345ff6222142fc3636ea4485c89c1eb4fc283 Mon Sep 17 00:00:00 2001 From: JingnanXu Date: Thu, 2 Jul 2026 15:11:57 +1000 Subject: [PATCH 4/5] Revert "Fix aks-preview index checksum" This reverts commit 69c96737388d0a40248ed1a0b67fd79bd0cd1029. --- src/index.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/index.json b/src/index.json index 9438794aef5..6f25ecaa1a9 100644 --- a/src/index.json +++ b/src/index.json @@ -19023,7 +19023,7 @@ "summary": "Provides a preview for upcoming AKS features", "version": "21.0.0b8" }, - "sha256Digest": "aa39868b5441c659afc11d069ef42bd48dbbd86d257058a76dfb552dc2748763" + "sha256Digest": "a57ebbc8241821e86168dca4066065bcb9fa13085d32eacc1aa26c4cc1aa4972" } ], "aksarc": [ From c222eda23733f7cd65fc71db14b6b74d74135adc Mon Sep 17 00:00:00 2001 From: JingnanXu Date: Thu, 2 Jul 2026 16:03:07 +1000 Subject: [PATCH 5/5] Bump front-door extension version --- src/front-door/HISTORY.rst | 4 ++++ src/front-door/setup.py | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/front-door/HISTORY.rst b/src/front-door/HISTORY.rst index c2762234589..7f5e19c44d7 100644 --- a/src/front-door/HISTORY.rst +++ b/src/front-door/HISTORY.rst @@ -3,6 +3,10 @@ Release History =============== +2.3.0 +++++++ +* Add `az network front-door waf-policy managed-rules exception` commands for managed rule set exceptions. + 2.2.0 ++++++ * Bump swagger version to 2025-11-01 diff --git a/src/front-door/setup.py b/src/front-door/setup.py index 3ef7863e0f2..42006215d83 100644 --- a/src/front-door/setup.py +++ b/src/front-door/setup.py @@ -8,7 +8,7 @@ from codecs import open from setuptools import setup, find_packages -VERSION = "2.2.0" +VERSION = "2.3.0" CLASSIFIERS = [ 'Development Status :: 4 - Beta',