[front door]Add support for captcha (#8694)

* captcha

* pass test

* add more test on update

* add change log

* merge main

* fix linter

* version change

* extension

* test

* runtest

* rerun test

---------

Co-authored-by: Jingnan <[email protected]>

Author: Ptnan7

linter_exclusions.yml

@@ -2092,6 +2092,9 @@ network front-door waf-policy create:
     custom_block_response_status_code:
       rule_exclusions:
       - option_length_too_long
+    captcha_expiration_in_minutes:
+      rule_exclusions:
+      - option_length_too_long
 network front-door waf-policy update:
   parameters:
     custom_block_response_body:
@@ -2100,6 +2103,9 @@ network front-door waf-policy update:
     custom_block_response_status_code:
       rule_exclusions:
       - option_length_too_long
+    captcha_expiration_in_minutes:
+      rule_exclusions:
+      - option_length_too_long
 network manager connect-config create:
   parameters:
     delete_existing_peering:

src/front-door/HISTORY.rst

@@ -2,6 +2,10 @@
 
 Release History
 ===============
+1.3.0
+++++++
+* Add support for captcha
+
 1.2.1
 ++++++
 * Update module documentation.

src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_create.py

@@ -19,9 +19,9 @@ class Create(AAZCommand):
     """
 
     _aaz_info = {
-        "version": "2024-02-01",
+        "version": "2025-03-01",
         "resources": [
-            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2024-02-01"],
+            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-03-01"],
         ]
     }
 
@@ -81,6 +81,15 @@ def _build_arguments_schema(cls, *args, **kwargs):
         # define Arg Group "PolicySettings"
 
         _args_schema = cls._args_schema
+        _args_schema.captcha_expiration_in_minutes = AAZIntArg(
+            options=["--captcha-expiration-in-minutes"],
+            arg_group="PolicySettings",
+            help="Defines the Captcha cookie validity lifetime in minutes. This setting is only applicable to Premium_AzureFrontDoor. Value must be an integer between 5 and 1440 with the default value being 30.",
+            fmt=AAZIntArgFormat(
+                maximum=1440,
+                minimum=5,
+            ),
+        )
         _args_schema.custom_block_response_body = AAZStrArg(
             options=["--custom-block-response-body"],
             arg_group="PolicySettings",
@@ -197,7 +206,7 @@ def _build_arguments_schema(cls, *args, **kwargs):
             options=["action"],
             help="Describes what action to be applied when rule matches.",
             required=True,
-            enum={"Allow": "Allow", "AnomalyScoring": "AnomalyScoring", "Block": "Block", "JSChallenge": "JSChallenge", "Log": "Log", "Redirect": "Redirect"},
+            enum={"Allow": "Allow", "AnomalyScoring": "AnomalyScoring", "Block": "Block", "CAPTCHA": "CAPTCHA", "JSChallenge": "JSChallenge", "Log": "Log", "Redirect": "Redirect"},
         )
         _element.enabled_state = AAZStrArg(
             options=["enabled-state"],
@@ -367,7 +376,7 @@ def _build_arguments_schema(cls, *args, **kwargs):
         _element.action = AAZStrArg(
             options=["action"],
             help="Describes the override action to be applied when rule matches.",
-            enum={"Allow": "Allow", "AnomalyScoring": "AnomalyScoring", "Block": "Block", "JSChallenge": "JSChallenge", "Log": "Log", "Redirect": "Redirect"},
+            enum={"Allow": "Allow", "AnomalyScoring": "AnomalyScoring", "Block": "Block", "CAPTCHA": "CAPTCHA", "JSChallenge": "JSChallenge", "Log": "Log", "Redirect": "Redirect"},
         )
         _element.enabled_state = AAZStrArg(
             options=["enabled-state"],
@@ -516,7 +525,7 @@ def url_parameters(self):
         def query_parameters(self):
             parameters = {
                 **self.serialize_query_param(
-                    "api-version", "2024-02-01",
+                    "api-version", "2025-03-01",
                     required=True,
                 ),
             }
@@ -653,11 +662,12 @@ def content(self):
 
             policy_settings = _builder.get(".properties.policySettings")
             if policy_settings is not None:
+                policy_settings.set_prop("captchaExpirationInMinutes", AAZIntType, ".captcha_expiration_in_minutes")
                 policy_settings.set_prop("customBlockResponseBody", AAZStrType, ".custom_block_response_body")
                 policy_settings.set_prop("customBlockResponseStatusCode", AAZIntType, ".custom_block_response_status_code")
                 policy_settings.set_prop("enabledState", AAZStrType, ".enabled_state")
                 policy_settings.set_prop("javascriptChallengeExpirationInMinutes", AAZIntType, ".javascript_challenge_expiration_in_minutes")
-                policy_settings.set_prop("logScrubbing", AAZObjectType, ".log_scrubbing")
+                policy_settings.set_prop("logScrubbing", AAZObjectType, ".log_scrubbing", typ_kwargs={"flags": {"client_flatten": True}})
                 policy_settings.set_prop("mode", AAZStrType, ".mode")
                 policy_settings.set_prop("redirectUrl", AAZStrType, ".redirect_url")
                 policy_settings.set_prop("requestBodyCheck", AAZStrType, ".request_body_check")
@@ -957,6 +967,9 @@ def _build_schema_web_application_firewall_policy_read(cls, _schema):
         cls._build_schema_managed_rule_exclusion_read(exclusions.Element)
 
         policy_settings = _schema_web_application_firewall_policy_read.properties.policy_settings
+        policy_settings.captcha_expiration_in_minutes = AAZIntType(
+            serialized_name="captchaExpirationInMinutes",
+        )
         policy_settings.custom_block_response_body = AAZStrType(
             serialized_name="customBlockResponseBody",
         )
@@ -971,6 +984,7 @@ def _build_schema_web_application_firewall_policy_read(cls, _schema):
         )
         policy_settings.log_scrubbing = AAZObjectType(
             serialized_name="logScrubbing",
+            flags={"client_flatten": True},
         )
         policy_settings.mode = AAZStrType()
         policy_settings.redirect_url = AAZStrType(

src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_delete.py

@@ -19,9 +19,9 @@ class Delete(AAZCommand):
     """
 
     _aaz_info = {
-        "version": "2024-02-01",
+        "version": "2025-03-01",
         "resources": [
-            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2024-02-01"],
+            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-03-01"],
         ]
     }
 
@@ -142,7 +142,7 @@ def url_parameters(self):
         def query_parameters(self):
             parameters = {
                 **self.serialize_query_param(
-                    "api-version", "2024-02-01",
+                    "api-version", "2025-03-01",
                     required=True,
                 ),
             }

src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_list.py

@@ -19,9 +19,9 @@ class List(AAZCommand):
     """
 
     _aaz_info = {
-        "version": "2024-02-01",
+        "version": "2025-03-01",
         "resources": [
-            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies", "2024-02-01"],
+            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies", "2025-03-01"],
         ]
     }
 
@@ -109,7 +109,7 @@ def url_parameters(self):
         def query_parameters(self):
             parameters = {
                 **self.serialize_query_param(
-                    "api-version", "2024-02-01",
+                    "api-version", "2025-03-01",
                     required=True,
                 ),
             }
@@ -343,6 +343,9 @@ def _build_schema_on_200(cls):
             _ListHelper._build_schema_managed_rule_exclusion_read(exclusions.Element)
 
             policy_settings = cls._schema_on_200.value.Element.properties.policy_settings
+            policy_settings.captcha_expiration_in_minutes = AAZIntType(
+                serialized_name="captchaExpirationInMinutes",
+            )
             policy_settings.custom_block_response_body = AAZStrType(
                 serialized_name="customBlockResponseBody",
             )

src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_show.py

@@ -19,9 +19,9 @@ class Show(AAZCommand):
     """
 
     _aaz_info = {
-        "version": "2024-02-01",
+        "version": "2025-03-01",
         "resources": [
-            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2024-02-01"],
+            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-03-01"],
         ]
     }
 
@@ -120,7 +120,7 @@ def url_parameters(self):
         def query_parameters(self):
             parameters = {
                 **self.serialize_query_param(
-                    "api-version", "2024-02-01",
+                    "api-version", "2025-03-01",
                     required=True,
                 ),
             }
@@ -343,6 +343,9 @@ def _build_schema_on_200(cls):
             _ShowHelper._build_schema_managed_rule_exclusion_read(exclusions.Element)
 
             policy_settings = cls._schema_on_200.properties.policy_settings
+            policy_settings.captcha_expiration_in_minutes = AAZIntType(
+                serialized_name="captchaExpirationInMinutes",
+            )
             policy_settings.custom_block_response_body = AAZStrType(
                 serialized_name="customBlockResponseBody",
             )
@@ -357,6 +360,7 @@ def _build_schema_on_200(cls):
             )
             policy_settings.log_scrubbing = AAZObjectType(
                 serialized_name="logScrubbing",
+                flags={"client_flatten": True},
             )
             policy_settings.mode = AAZStrType()
             policy_settings.redirect_url = AAZStrType(

src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_update.py

@@ -24,9 +24,9 @@ class Update(AAZCommand):
     """
 
     _aaz_info = {
-        "version": "2024-02-01",
+        "version": "2025-03-01",
         "resources": [
-            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2024-02-01"],
+            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-03-01"],
         ]
     }
 
@@ -75,9 +75,6 @@ def _build_arguments_schema(cls, *args, **kwargs):
             arg_group="Parameters",
             help="Resource location.",
             nullable=True,
-            fmt=AAZResourceLocationArgFormat(
-                resource_group_arg="resource_group",
-            ),
         )
         _args_schema.tags = AAZDictArg(
             options=["--tags"],
@@ -94,6 +91,16 @@ def _build_arguments_schema(cls, *args, **kwargs):
         # define Arg Group "PolicySettings"
 
         _args_schema = cls._args_schema
+        _args_schema.captcha_expiration_in_minutes = AAZIntArg(
+            options=["--captcha-expiration-in-minutes"],
+            arg_group="PolicySettings",
+            help="Defines the Captcha cookie validity lifetime in minutes. This setting is only applicable to Premium_AzureFrontDoor. Value must be an integer between 5 and 1440 with the default value being 30.",
+            nullable=True,
+            fmt=AAZIntArgFormat(
+                maximum=1440,
+                minimum=5,
+            ),
+        )
         _args_schema.custom_block_response_body = AAZStrArg(
             options=["--custom-block-response-body"],
             arg_group="PolicySettings",
@@ -226,7 +233,7 @@ def _build_arguments_schema(cls, *args, **kwargs):
         _element.action = AAZStrArg(
             options=["action"],
             help="Describes what action to be applied when rule matches.",
-            enum={"Allow": "Allow", "AnomalyScoring": "AnomalyScoring", "Block": "Block", "JSChallenge": "JSChallenge", "Log": "Log", "Redirect": "Redirect"},
+            enum={"Allow": "Allow", "AnomalyScoring": "AnomalyScoring", "Block": "Block", "CAPTCHA": "CAPTCHA", "JSChallenge": "JSChallenge", "Log": "Log", "Redirect": "Redirect"},
         )
         _element.enabled_state = AAZStrArg(
             options=["enabled-state"],
@@ -418,7 +425,7 @@ def _build_arguments_schema(cls, *args, **kwargs):
             options=["action"],
             help="Describes the override action to be applied when rule matches.",
             nullable=True,
-            enum={"Allow": "Allow", "AnomalyScoring": "AnomalyScoring", "Block": "Block", "JSChallenge": "JSChallenge", "Log": "Log", "Redirect": "Redirect"},
+            enum={"Allow": "Allow", "AnomalyScoring": "AnomalyScoring", "Block": "Block", "CAPTCHA": "CAPTCHA", "JSChallenge": "JSChallenge", "Log": "Log", "Redirect": "Redirect"},
         )
         _element.enabled_state = AAZStrArg(
             options=["enabled-state"],
@@ -566,7 +573,7 @@ def url_parameters(self):
         def query_parameters(self):
             parameters = {
                 **self.serialize_query_param(
-                    "api-version", "2024-02-01",
+                    "api-version", "2025-03-01",
                     required=True,
                 ),
             }
@@ -665,7 +672,7 @@ def url_parameters(self):
         def query_parameters(self):
             parameters = {
                 **self.serialize_query_param(
-                    "api-version", "2024-02-01",
+                    "api-version", "2025-03-01",
                     required=True,
                 ),
             }
@@ -835,11 +842,12 @@ def _update_instance(self, instance):
 
             policy_settings = _builder.get(".properties.policySettings")
             if policy_settings is not None:
+                policy_settings.set_prop("captchaExpirationInMinutes", AAZIntType, ".captcha_expiration_in_minutes")
                 policy_settings.set_prop("customBlockResponseBody", AAZStrType, ".custom_block_response_body")
                 policy_settings.set_prop("customBlockResponseStatusCode", AAZIntType, ".custom_block_response_status_code")
                 policy_settings.set_prop("enabledState", AAZStrType, ".enabled_state")
                 policy_settings.set_prop("javascriptChallengeExpirationInMinutes", AAZIntType, ".javascript_challenge_expiration_in_minutes")
-                policy_settings.set_prop("logScrubbing", AAZObjectType, ".log_scrubbing")
+                policy_settings.set_prop("logScrubbing", AAZObjectType, ".log_scrubbing", typ_kwargs={"flags": {"client_flatten": True}})
                 policy_settings.set_prop("mode", AAZStrType, ".mode")
                 policy_settings.set_prop("redirectUrl", AAZStrType, ".redirect_url")
                 policy_settings.set_prop("requestBodyCheck", AAZStrType, ".request_body_check")
@@ -1127,6 +1135,9 @@ def _build_schema_web_application_firewall_policy_read(cls, _schema):
         cls._build_schema_managed_rule_exclusion_read(exclusions.Element)
 
         policy_settings = _schema_web_application_firewall_policy_read.properties.policy_settings
+        policy_settings.captcha_expiration_in_minutes = AAZIntType(
+            serialized_name="captchaExpirationInMinutes",
+        )
         policy_settings.custom_block_response_body = AAZStrType(
             serialized_name="customBlockResponseBody",
         )
@@ -1141,6 +1152,7 @@ def _build_schema_web_application_firewall_policy_read(cls, _schema):
         )
         policy_settings.log_scrubbing = AAZObjectType(
             serialized_name="logScrubbing",
+            flags={"client_flatten": True},
         )
         policy_settings.mode = AAZStrType()
         policy_settings.redirect_url = AAZStrType(

src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_wait.py

@@ -20,7 +20,7 @@ class Wait(AAZWaitCommand):
 
     _aaz_info = {
         "resources": [
-            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2024-02-01"],
+            ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "2025-03-01"],
         ]
     }
 
@@ -119,7 +119,7 @@ def url_parameters(self):
         def query_parameters(self):
             parameters = {
                 **self.serialize_query_param(
-                    "api-version", "2024-02-01",
+                    "api-version", "2025-03-01",
                     required=True,
                 ),
             }
@@ -342,6 +342,9 @@ def _build_schema_on_200(cls):
             _WaitHelper._build_schema_managed_rule_exclusion_read(exclusions.Element)
 
             policy_settings = cls._schema_on_200.properties.policy_settings
+            policy_settings.captcha_expiration_in_minutes = AAZIntType(
+                serialized_name="captchaExpirationInMinutes",
+            )
             policy_settings.custom_block_response_body = AAZStrType(
                 serialized_name="customBlockResponseBody",
             )
@@ -356,6 +359,7 @@ def _build_schema_on_200(cls):
             )
             policy_settings.log_scrubbing = AAZObjectType(
                 serialized_name="logScrubbing",
+                flags={"client_flatten": True},
             )
             policy_settings.mode = AAZStrType()
             policy_settings.redirect_url = AAZStrType(

src/front-door/azext_front_door/azext_metadata.json

@@ -1,3 +1,3 @@
 {
-    "azext.minCliCoreVersion": "2.57.0"
+    "azext.minCliCoreVersion": "2.67.0"
 }