Azure
diff --git a/‎.github/copilot-instructions.md‎
Lines changed: 1 addition & 0 deletions b/‎.github/copilot-instructions.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/aks-preview/HISTORY.rst‎
Lines changed: 5 additions & 1 deletion b/‎src/aks-preview/HISTORY.rst‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎src/aks-preview/azext_aks_preview/_consts.py‎
Lines changed: 5 additions & 0 deletions b/‎src/aks-preview/azext_aks_preview/_consts.py‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/aks-preview/azext_aks_preview/_help.py‎
Lines changed: 6 additions & 0 deletions b/‎src/aks-preview/azext_aks_preview/_help.py‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/aks-preview/azext_aks_preview/_params.py‎
Lines changed: 18 additions & 0 deletions b/‎src/aks-preview/azext_aks_preview/_params.py‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎src/aks-preview/azext_aks_preview/custom.py‎
Lines changed: 2 additions & 0 deletions b/‎src/aks-preview/azext_aks_preview/custom.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/aks-preview/azext_aks_preview/managed_cluster_decorator.py‎
Lines changed: 31 additions & 1 deletion b/‎src/aks-preview/azext_aks_preview/managed_cluster_decorator.py‎
Lines changed: 31 additions & 1 deletion
@@ -0,0 +1 @@
+- @azure Rule - Use Azure Best Practices: When generating code for Azure, running terminal commands for Azure, or performing operations related to Azure, invoke your `azure_development-get_best_practices` tool if available.
@@ -12,10 +12,14 @@ To release a new version, please select a new version number (usually plus 1 to
 Pending
 +++++++
 
-14.0.0b6
+14.0.0b7
 ++++++++
 * Add `az aks create/update --enable-retina-flow-logs` and `az aks update --disable-retina-flow-logs` commands.
 
+14.0.0b6
++++++++
+* Add option `--acns-advanced-networkpolicies <None|FQDN|L7>` to `az aks create/update`
+
 14.0.0b5
 ++++++++
 * Re-generate the SDK for API version 2025-02-02-preview with @autorest/python@6.32.3 to fix `\#31345 <https://github.com/Azure/azure-cli/issues/31345>`_.
 
@@ -125,6 +125,11 @@
 CONST_NETWORK_POLICY_CILIUM = "cilium"
 CONST_NETWORK_POLICY_NONE = "none"
 
+# ACNS advanced network policies
+CONST_ADVANCED_NETWORKPOLICIES_NONE = "None"
+CONST_ADVANCED_NETWORKPOLICIES_FQDN = "FQDN"
+CONST_ADVANCED_NETWORKPOLICIES_L7 = "L7"
+
 # network pod ip allocation mode
 CONST_NETWORK_POD_IP_ALLOCATION_MODE_DYNAMIC_INDIVIDUAL = "DynamicIndividual"
 CONST_NETWORK_POD_IP_ALLOCATION_MODE_STATIC_BLOCK = "StaticBlock"
 
@@ -228,6 +228,9 @@
         - name: --disable-acns-security
           type: bool
           short-summary: Used to disable advanced networking security features on a clusters when enabling advanced networking features with "--enable-acns".
+        - name: --acns-advanced-networkpolicies
+          type: string
+          short-summary: Used to enable advanced network policies (None, FQDN or L7) on a cluster when enabling advanced networking features with "--enable-acns".
         - name: --enable-retina-flow-logs
           type: bool
           short-summary: Enable advanced network flow log collection functionalities on a cluster.
@@ -1217,6 +1220,9 @@
         - name: --disable-acns-security
           type: bool
           short-summary: Used to disable advanced networking security features on a clusters when enabling advanced networking features with "--enable-acns".
+        - name: --acns-advanced-networkpolicies
+          type: string
+          short-summary: Used to enable advanced network policies (None, FQDN or L7) on a cluster when enabling advanced networking features with "--enable-acns".
         - name: --enable-retina-flow-logs
           type: bool
           short-summary: Enable advanced network flow log collection functionalities on a cluster.
 
@@ -130,6 +130,9 @@
     CONST_APP_ROUTING_NONE_NGINX,
     CONST_GPU_DRIVER_TYPE_CUDA,
     CONST_GPU_DRIVER_TYPE_GRID,
+    CONST_ADVANCED_NETWORKPOLICIES_NONE,
+    CONST_ADVANCED_NETWORKPOLICIES_FQDN,
+    CONST_ADVANCED_NETWORKPOLICIES_L7,
 )
 from azext_aks_preview._validators import (
     validate_acr,
@@ -277,6 +280,11 @@
     CONST_NETWORK_PLUGIN_NONE,
 ]
 network_plugin_modes = [CONST_NETWORK_PLUGIN_MODE_OVERLAY]
+advanced_networkpolicies = [
+    CONST_ADVANCED_NETWORKPOLICIES_NONE,
+    CONST_ADVANCED_NETWORKPOLICIES_FQDN,
+    CONST_ADVANCED_NETWORKPOLICIES_L7,
+]
 network_dataplanes = [CONST_NETWORK_DATAPLANE_AZURE, CONST_NETWORK_DATAPLANE_CILIUM]
 disk_driver_versions = [CONST_DISK_DRIVER_V1, CONST_DISK_DRIVER_V2]
 outbound_types = [
@@ -825,6 +833,11 @@ def load_arguments(self, _):
             "disable_acns_security",
             action="store_true",
         )
+        c.argument(
+            "acns_advanced_networkpolicies",
+            is_preview=True,
+            arg_type=get_enum_type(advanced_networkpolicies),
+        )
         c.argument(
             "enable_retina_flow_logs",
             action="store_true",
@@ -1307,6 +1320,11 @@ def load_arguments(self, _):
             "disable_acns_security",
             action="store_true",
         )
+        c.argument(
+            "acns_advanced_networkpolicies",
+            is_preview=True,
+            arg_type=get_enum_type(advanced_networkpolicies),
+        )
         c.argument(
             "enable_retina_flow_logs",
             action="store_true",
 
@@ -493,6 +493,7 @@ def aks_create(
     enable_acns=None,
     disable_acns_observability=None,
     disable_acns_security=None,
+    acns_advanced_networkpolicies=None,
     enable_retina_flow_logs=None,
     # nodepool
     crg_id=None,
@@ -725,6 +726,7 @@ def aks_update(
     disable_acns=None,
     disable_acns_observability=None,
     disable_acns_security=None,
+    acns_advanced_networkpolicies=None,
     enable_retina_flow_logs=None,
     disable_retina_flow_logs=None,
     # metrics profile
 
@@ -763,6 +763,21 @@ def get_acns_security(self) -> Union[bool, None]:
             return not disable_acns_security
         return None
 
+    def get_acns_advanced_networkpolicies(self) -> Union[str, None]:
+        """Get the value of acns_advanced_networkpolicies
+
+        :return: str or None
+        """
+        disable_acns_security = self.raw_param.get("disable_acns_security")
+        disable_acns = self.raw_param.get("disable_acns")
+        acns_advanced_networkpolicies = self.raw_param.get("acns_advanced_networkpolicies")
+        if acns_advanced_networkpolicies is not None:
+            if disable_acns_security or disable_acns:
+                raise MutuallyExclusiveArgumentError(
+                    "--disable-acns-security and --disable-acns cannot be used with acns_advanced_networkpolicies."
+                )
+        return self.raw_param.get("acns_advanced_networkpolicies")
+
     def get_retina_flow_logs(self, mc: ManagedCluster) -> Union[bool, None]:
         """Get the enablement of retina flow logs
 
@@ -2968,6 +2983,7 @@ def set_up_network_profile(self, mc: ManagedCluster) -> ManagedCluster:
 
         acns = None
         (acns_enabled, acns_observability_enabled, acns_security_enabled) = self.context.get_acns_enablement()
+        acns_advanced_networkpolicies = self.context.get_acns_advanced_networkpolicies()
         if acns_enabled is not None:
             acns = self.models.AdvancedNetworking(
                 enabled=acns_enabled,
@@ -2980,8 +2996,14 @@ def set_up_network_profile(self, mc: ManagedCluster) -> ManagedCluster:
                 acns.security = self.models.AdvancedNetworkingSecurity(
                     enabled=acns_security_enabled,
                 )
+            if acns_advanced_networkpolicies is not None:
+                if acns.security is None:
+                    acns.security = self.models.AdvancedNetworkingSecurity(
+                        advanced_network_policies=acns_advanced_networkpolicies
+                    )
+                else:
+                    acns.security.advanced_network_policies = acns_advanced_networkpolicies
             network_profile.advanced_networking = acns
-
         return mc
 
     def set_up_api_server_access_profile(self, mc: ManagedCluster) -> ManagedCluster:
@@ -4063,6 +4085,7 @@ def update_acns_in_network_profile(self, mc: ManagedCluster) -> ManagedCluster:
 
         acns = None
         (acns_enabled, acns_observability_enabled, acns_security_enabled) = self.context.get_acns_enablement()
+        acns_advanced_networkpolicies = self.context.get_acns_advanced_networkpolicies()
         if acns_enabled is not None:
             acns = self.models.AdvancedNetworking(
                 enabled=acns_enabled,
@@ -4075,6 +4098,13 @@ def update_acns_in_network_profile(self, mc: ManagedCluster) -> ManagedCluster:
                 acns.security = self.models.AdvancedNetworkingSecurity(
                     enabled=acns_security_enabled,
                 )
+            if acns_advanced_networkpolicies is not None:
+                if acns.security is None:
+                    acns.security = self.models.AdvancedNetworkingSecurity(
+                        advanced_network_policies=acns_advanced_networkpolicies
+                    )
+                else:
+                    acns.security.advanced_network_policies = acns_advanced_networkpolicies
             mc.network_profile.advanced_networking = acns
         return mc
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+- @azure Rule - Use Azure Best Practices: When generating code for Azure, running terminal commands for Azure, or performing operations related to Azure, invoke your `azure_development-get_best_practices` tool if available.