or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

device-operations.mdevent-hub-consumer-groups.mdfailover-operations.mdindex.mdmessage-routing.mdmonitoring-quotas.mdprivate-networking.mdresource-management.mdsecurity-management.mdutility-operations.md

private-networking.mddocs/

0
# Private Networking
1


2
Private endpoint and private link connectivity management for secure IoT Hub access through virtual networks, enabling isolated network communication and enhanced security for enterprise IoT deployments with controlled access patterns and network segmentation.
3


4
## Capabilities
5


6
### Private Endpoint Connections
7


8
Manage private endpoint connections that enable secure, private connectivity to IoT Hub through Azure Virtual Networks without exposing traffic to the public internet.
9


10
```python { .api }
11
def list(resource_group_name: str, resource_name: str, **kwargs) -> List[PrivateEndpointConnection]:
12
    """
13
    List all private endpoint connections for the IoT hub.
14
    
15
    Args:
16
        resource_group_name: Name of the resource group
17
        resource_name: Name of the IoT hub resource
18
        
19
    Returns:
20
        List[PrivateEndpointConnection]: All private endpoint connections with status and configuration
21
    """
22


23
def get(
24
    resource_group_name: str, 
25
    resource_name: str, 
26
    private_endpoint_connection_name: str, 
27
    **kwargs
28
) -> PrivateEndpointConnection:
29
    """
30
    Get details of a specific private endpoint connection.
31
    
32
    Args:
33
        resource_group_name: Name of the resource group
34
        resource_name: Name of the IoT hub resource
35
        private_endpoint_connection_name: Name of the private endpoint connection
36
        
37
    Returns:
38
        PrivateEndpointConnection: Connection details including status and private endpoint information
39
    """
40


41
def begin_update(
42
    resource_group_name: str, 
43
    resource_name: str, 
44
    private_endpoint_connection_name: str, 
45
    private_endpoint_connection: PrivateEndpointConnection, 
46
    **kwargs
47
) -> LROPoller[PrivateEndpointConnection]:
48
    """
49
    Update private endpoint connection configuration and approval status.
50
    
51
    Args:
52
        resource_group_name: Name of the resource group
53
        resource_name: Name of the IoT hub resource
54
        private_endpoint_connection_name: Name of the private endpoint connection
55
        private_endpoint_connection: Updated connection configuration
56
        
57
    Returns:
58
        LROPoller[PrivateEndpointConnection]: Long-running operation for connection update
59
    """
60


61
def begin_delete(
62
    resource_group_name: str, 
63
    resource_name: str, 
64
    private_endpoint_connection_name: str, 
65
    **kwargs
66
) -> LROPoller[PrivateEndpointConnection]:
67
    """
68
    Delete a private endpoint connection from the IoT hub.
69
    
70
    Args:
71
        resource_group_name: Name of the resource group
72
        resource_name: Name of the IoT hub resource
73
        private_endpoint_connection_name: Name of the private endpoint connection to delete
74
        
75
    Returns:
76
        LROPoller[PrivateEndpointConnection]: Long-running operation for connection deletion
77
    """
78
```
79


80
### Private Link Resources
81


82
Discover and manage private link resources that define the available connection targets and group IDs for private endpoint configuration.
83


84
```python { .api }
85
def list(resource_group_name: str, resource_name: str, **kwargs) -> PrivateLinkResources:
86
    """
87
    List all available private link resources for the IoT hub.
88
    
89
    Args:
90
        resource_group_name: Name of the resource group
91
        resource_name: Name of the IoT hub resource
92
        
93
    Returns:
94
        PrivateLinkResources: Available private link resources and supported group IDs
95
    """
96


97
def get(
98
    resource_group_name: str, 
99
    resource_name: str, 
100
    group_id: str, 
101
    **kwargs
102
) -> GroupIdInformation:
103
    """
104
    Get information about a specific private link resource group.
105
    
106
    Args:
107
        resource_group_name: Name of the resource group
108
        resource_name: Name of the IoT hub resource
109
        group_id: Private link resource group identifier
110
        
111
    Returns:
112
        GroupIdInformation: Details about the private link resource group and requirements
113
    """
114
```
115


116
## Usage Examples
117


118
### Setting up private endpoint connectivity
119


120
```python
121
from azure.identity import DefaultAzureCredential
122
from azure.mgmt.iothub import IotHubClient
123
from azure.mgmt.iothub.models import (
124
    PrivateEndpointConnection, 
125
    PrivateEndpointConnectionProperties,
126
    PrivateLinkServiceConnectionState
127
)
128


129
# Initialize client
130
credential = DefaultAzureCredential()
131
client = IotHubClient(credential, "subscription-id")
132


133
resource_group = "myResourceGroup"
134
hub_name = "myIoTHub"
135


136
# Discover available private link resources
137
print("Available private link resources:")
138
private_link_resources = client.private_link_resources.list(resource_group, hub_name)
139
for resource in private_link_resources.value:
140
    print(f"  - Group ID: {resource.group_id}")
141
    print(f"    Required members: {resource.required_members}")
142
    print(f"    Required zone names: {resource.required_zone_names}")
143


144
# Get details for IoT Hub private link resource
145
iot_hub_resource = client.private_link_resources.get(
146
    resource_group, hub_name, "iotHub"
147
)
148
print(f"IoT Hub private link resource: {iot_hub_resource.group_id}")
149
print(f"Required members: {iot_hub_resource.required_members}")
150
```
151


152
### Managing private endpoint connections
153


154
```python
155
# List all private endpoint connections
156
print("Current private endpoint connections:")
157
connections = client.private_endpoint_connections.list(resource_group, hub_name)
158
for connection in connections:
159
    print(f"  - Name: {connection.name}")
160
    print(f"    Status: {connection.properties.private_link_service_connection_state.status}")
161
    print(f"    Description: {connection.properties.private_link_service_connection_state.description}")
162
    if connection.properties.private_endpoint:
163
        print(f"    Private endpoint ID: {connection.properties.private_endpoint.id}")
164


165
# Approve a pending private endpoint connection
166
pending_connection_name = "hub-private-endpoint_12345"
167
try:
168
    connection = client.private_endpoint_connections.get(
169
        resource_group, hub_name, pending_connection_name
170
    )
171
    
172
    if connection.properties.private_link_service_connection_state.status == "Pending":
173
        # Approve the connection
174
        connection.properties.private_link_service_connection_state.status = "Approved"
175
        connection.properties.private_link_service_connection_state.description = "Approved for production use"
176
        
177
        update_operation = client.private_endpoint_connections.begin_update(
178
            resource_group, hub_name, pending_connection_name, connection
179
        )
180
        updated_connection = update_operation.result()
181
        print(f"Approved connection: {updated_connection.name}")
182
    else:
183
        print(f"Connection is already {connection.properties.private_link_service_connection_state.status}")
184
        
185
except Exception as e:
186
    print(f"Connection not found or error occurred: {e}")
187
```
188


189
### Rejecting and cleaning up private endpoints
190


191
```python
192
# Reject a private endpoint connection
193
def reject_private_endpoint(connection_name: str, reason: str):
194
    try:
195
        connection = client.private_endpoint_connections.get(
196
            resource_group, hub_name, connection_name
197
        )
198
        
199
        # Reject the connection
200
        connection.properties.private_link_service_connection_state.status = "Rejected"
201
        connection.properties.private_link_service_connection_state.description = reason
202
        
203
        update_operation = client.private_endpoint_connections.begin_update(
204
            resource_group, hub_name, connection_name, connection
205
        )
206
        updated_connection = update_operation.result()
207
        print(f"Rejected connection: {updated_connection.name}")
208
        print(f"Reason: {reason}")
209
        
210
    except Exception as e:
211
        print(f"Failed to reject connection {connection_name}: {e}")
212


213
# Reject unauthorized connection attempts
214
reject_private_endpoint(
215
    "unauthorized-endpoint_67890", 
216
    "Connection not authorized for this environment"
217
)
218


219
# Delete old or unused private endpoint connections
220
connections_to_delete = ["old-dev-endpoint_11111", "test-endpoint_22222"]
221


222
for connection_name in connections_to_delete:
223
    try:
224
        delete_operation = client.private_endpoint_connections.begin_delete(
225
            resource_group, hub_name, connection_name
226
        )
227
        delete_operation.result()  # Wait for completion
228
        print(f"Deleted private endpoint connection: {connection_name}")
229
        
230
    except Exception as e:
231
        print(f"Failed to delete connection {connection_name}: {e}")
232
```
233


234
### Monitoring private endpoint status
235


236
```python
237
def monitor_private_endpoints(resource_group: str, hub_name: str):
238
    """Monitor and report on all private endpoint connections."""
239
    
240
    connections = client.private_endpoint_connections.list(resource_group, hub_name)
241
    
242
    status_counts = {"Approved": 0, "Pending": 0, "Rejected": 0, "Disconnected": 0}
243
    connection_details = []
244
    
245
    for connection in connections:
246
        status = connection.properties.private_link_service_connection_state.status
247
        status_counts[status] = status_counts.get(status, 0) + 1
248
        
249
        connection_info = {
250
            "name": connection.name,
251
            "status": status,
252
            "description": connection.properties.private_link_service_connection_state.description,
253
            "endpoint_id": connection.properties.private_endpoint.id if connection.properties.private_endpoint else None
254
        }
255
        connection_details.append(connection_info)
256
    
257
    # Print summary
258
    print(f"Private Endpoint Connection Summary for {hub_name}:")
259
    print(f"  Total connections: {len(connection_details)}")
260
    for status, count in status_counts.items():
261
        if count > 0:
262
            print(f"  {status}: {count}")
263
    
264
    # Print details
265
    print("\nConnection Details:")
266
    for conn in connection_details:
267
        print(f"  - {conn['name']}")
268
        print(f"    Status: {conn['status']}")
269
        print(f"    Description: {conn['description']}")
270
        if conn['endpoint_id']:
271
            print(f"    Endpoint: {conn['endpoint_id']}")
272
    
273
    return connection_details
274


275
# Monitor connections
276
monitor_private_endpoints(resource_group, hub_name)
277
```
278


279
## Types
280


281
### PrivateEndpointConnection
282
Represents a private endpoint connection with status, configuration, and metadata for network isolation management.
283


284
```python
285
class PrivateEndpointConnection:
286
    """Private endpoint connection details."""
287
    name: str                                           # Connection name
288
    type: str                                           # Resource type
289
    properties: PrivateEndpointConnectionProperties     # Connection properties and status
290
```
291


292
### PrivateEndpointConnectionProperties
293
Configuration and status properties for private endpoint connections including approval state and network details.
294


295
```python
296
class PrivateEndpointConnectionProperties:
297
    """Private endpoint connection configuration."""
298
    private_endpoint: PrivateEndpoint                           # Private endpoint resource reference
299
    private_link_service_connection_state: PrivateLinkServiceConnectionState  # Connection approval status
300
    provisioning_state: str                                     # Provisioning status
301
```
302


303
### PrivateLinkServiceConnectionState
304
Connection approval status and description for managing private endpoint access control and lifecycle.
305


306
```python
307
class PrivateLinkServiceConnectionState:
308
    """Private link service connection state."""
309
    status: str         # Connection status: Pending, Approved, Rejected, Disconnected
310
    description: str    # Status description and approval reason
311
    actions_required: str  # Required actions for connection setup
312
```
313


314
### PrivateLinkResources
315
Collection of available private link resources and supported group identifiers for connection configuration.
316


317
```python
318
class PrivateLinkResources:
319
    """Available private link resources."""
320
    value: List[GroupIdInformation]  # List of available private link resource groups
321
```
322


323
### GroupIdInformation
324
Information about specific private link resource groups including required members and DNS zone configurations.
325


326
```python
327
class GroupIdInformation:
328
    """Private link resource group information."""
329
    group_id: str                    # Private link resource group identifier
330
    required_members: List[str]      # Required member names for the group
331
    required_zone_names: List[str]   # Required private DNS zone names
332
```