`azurerm_kubernetes_cluster` - add `advanced_network_policies` property to `network_profile.advanced_networking` block by nddq · Pull Request #31506 · hashicorp/terraform-provider-azurerm

nddq · 2026-01-14T19:52:45Z

This change adds support for the advanced_network_policies property within the network_profile.advanced_networking block for Azure Kubernetes Service clusters.

Changes:

Add advanced_network_policies field with valid values: FQDN, L7, None
Add validation to ensure advanced_network_policies can only be set to FQDN or L7 when security_enabled is true
Upgrade managedclusters SDK from 2025-07-01 to 2025-10-01 API version to support the new field
Add tests for the new property and validation
Update documentation

Community Note

Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

PR Checklist

I have followed the guidelines in our Contributing Documentation.
I have checked to ensure there aren't other open Pull Requests for the same update/change.
I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
For example: “resource_name_here - description of change e.g. adding property new_property_name_here”

Changes to existing Resource / Data Source

I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
I have written new tests for my resource or datasource changes & updated any relevant documentation.
I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
[] (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

azurerm_resource - support for the thing1 property [GH-00000]

This is a (please select all that apply):

Bug Fix
New Feature (ie adding a service, resource, or data source)
Enhancement
Breaking Change

Related Issue(s)

Fixes #0000

AI Assistance Disclosure

AI Assisted - This contribution was made by, or with the assistance of, AI/LLMs

Rollback Plan

If a change needs to be reverted, we will publish an updated version of the provider.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

nddq · 2026-01-21T22:47:49Z

@rcskosir hello, when can I expect to get a review for this PR? Thanks!

ms-henglu · 2026-02-26T01:13:56Z

Hi @nddq ,

Normally we need to make the SDK upgrade in a separate PR, and I opened this PR to update the SDK to 2025-10-01: #31401

I think you can rebase the branch once above PR is merged.

ms-henglu · 2026-03-06T01:54:16Z

Hi @nddq ,

The PR is merged, you can rebase to main branch. I'm happy to take over this task if you're occupied, let me know if you need any help.

nddq · 2026-03-06T15:16:10Z

@ms-henglu Thanks! I have rebased this branch onto latest main

ms-henglu

Hi @nddq , it mostly LGTM, I just have minor comments, please check.

sf-msft · 2026-04-08T15:34:43Z

@magodo @WodansSon Any chance y'all can take a pass?

wuxu92

Thanks for the contribution! I left some comments otherwise look good!

wuxu92 · 2026-04-15T07:00:25Z

 										Default:      false,
 										AtLeastOneOf: []string{"network_profile.0.advanced_networking.0.observability_enabled", "network_profile.0.advanced_networking.0.security_enabled"},
 									},
+									"advanced_network_policies": {


as this in nest in the advanced_networking block and only one item is allowed, we may rename it to

Suggested change

"advanced_network_policies": {

"policy": {

this is the official name for this feature in the API, so I don't think we can change it

The field name in Terraform resource doesn't have to be the same as the API/official, we prefer to deliver a clear and easy to use schema

…ty to `advanced_networking` block This change adds support for the `advanced_network_policies` property within the `network_profile.advanced_networking` block for Azure Kubernetes Service clusters. Changes: - Add `advanced_network_policies` field with valid values `FQDN` and `L7` - Add validation to ensure `advanced_network_policies` can only be set when `security_enabled` is `true`, and that it cannot be combined with a service mesh profile in `Istio` mode - Expand/flatten maps the API's `None` value to/from the Terraform-idiomatic empty string so the field can be omitted to disable advanced network policies - Add tests for the new property and validation - Update documentation Signed-off-by: Quang Nguyen <nguyenquang@microsoft.com>

nddq requested review from a team, WodansSon and magodo as code owners January 14, 2026 19:52

github-actions Bot added documentation dependencies service/machine-learning size/L labels Jan 14, 2026

rcskosir added the service/kubernetes-cluster label Jan 15, 2026

github-actions Bot added the enhancement label Jan 15, 2026

nddq force-pushed the acnsL7Policy branch from 1bfd4af to 7c36c51 Compare February 24, 2026 03:59

nddq force-pushed the acnsL7Policy branch 2 times, most recently from 6dfbc10 to 6f3dcab Compare March 6, 2026 15:15

ms-henglu suggested changes Mar 9, 2026

View reviewed changes

nddq force-pushed the acnsL7Policy branch from 6f3dcab to 7195ebb Compare March 9, 2026 14:04

github-actions Bot added size/XL and removed size/L labels Mar 9, 2026

nddq force-pushed the acnsL7Policy branch from 7195ebb to c3bb2bc Compare March 9, 2026 14:08

sf-msft mentioned this pull request Apr 14, 2026

Azure CNI Powered by Cilium L7/CRD Network Policy Azure/AKS#3797

Closed

wuxu92 reviewed Apr 15, 2026

View reviewed changes

nddq force-pushed the acnsL7Policy branch from c3bb2bc to fe5a212 Compare April 21, 2026 13:14

Conversation

nddq commented Jan 14, 2026 • edited by rcskosir Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Community Note

Description

PR Checklist

Changes to existing Resource / Data Source

Testing

Change Log

Related Issue(s)

AI Assistance Disclosure

Rollback Plan

Changes to Security Controls

Uh oh!

nddq commented Jan 21, 2026

Uh oh!

ms-henglu commented Feb 26, 2026

Uh oh!

ms-henglu commented Mar 6, 2026

Uh oh!

nddq commented Mar 6, 2026

Uh oh!

ms-henglu left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sf-msft commented Apr 8, 2026

Uh oh!

wuxu92 left a comment

Choose a reason for hiding this comment

Uh oh!

wuxu92 Apr 15, 2026

Choose a reason for hiding this comment

Uh oh!

nddq Apr 21, 2026

Choose a reason for hiding this comment

Uh oh!

wuxu92 Apr 21, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

nddq commented Jan 14, 2026 •

edited by rcskosir

Loading