tessl/pypi-azure-mgmt-network
Microsoft Azure Network Management Client Library for Python
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
network-security.mddocs/
Network Security
Azure network security services provide comprehensive protection for network resources through Network Security Groups (NSGs), security rules, Application Security Groups (ASGs), and advanced Network Security Perimeter features.
Capabilities
Network Security Groups
Network Security Groups (NSGs) contain security rules that allow or deny network traffic to resources connected to Azure Virtual Networks.
class NetworkSecurityGroupsOperations:
def begin_create_or_update(self, resource_group_name: str, network_security_group_name: str, parameters: NetworkSecurityGroup, **kwargs) -> LROPoller[NetworkSecurityGroup]:
"""
Creates or updates a network security group in the specified resource group.
Args:
resource_group_name (str): The name of the resource group
network_security_group_name (str): The name of the network security group
parameters (NetworkSecurityGroup): Parameters supplied to create or update network security group
Returns:
LROPoller[NetworkSecurityGroup]: A poller object for the long-running operation
"""
def get(self, resource_group_name: str, network_security_group_name: str, *, expand: Optional[str] = None, **kwargs) -> NetworkSecurityGroup:
"""
Gets the specified network security group.
Args:
resource_group_name (str): The name of the resource group
network_security_group_name (str): The name of the network security group
expand (str, optional): Expands referenced resources
Returns:
NetworkSecurityGroup: The network security group resource
"""
def begin_delete(self, resource_group_name: str, network_security_group_name: str, **kwargs) -> LROPoller[None]:
"""
Deletes the specified network security group.
Args:
resource_group_name (str): The name of the resource group
network_security_group_name (str): The name of the network security group
Returns:
LROPoller[None]: A poller object for the long-running operation
"""
def list(self, resource_group_name: str, **kwargs) -> Iterable[NetworkSecurityGroup]:
"""
Gets all network security groups in a resource group.
Args:
resource_group_name (str): The name of the resource group
Returns:
Iterable[NetworkSecurityGroup]: Iterator of network security groups
"""
def list_all(self, **kwargs) -> Iterable[NetworkSecurityGroup]:
"""
Gets all network security groups in a subscription.
Returns:
Iterable[NetworkSecurityGroup]: Iterator of network security groups
"""Security Rules
Security rules define the network traffic filtering rules within Network Security Groups.
class SecurityRulesOperations:
def begin_create_or_update(self, resource_group_name: str, network_security_group_name: str, security_rule_name: str, security_rule_parameters: SecurityRule, **kwargs) -> LROPoller[SecurityRule]:
"""
Creates or updates a security rule in the specified network security group.
Args:
resource_group_name (str): The name of the resource group
network_security_group_name (str): The name of the network security group
security_rule_name (str): The name of the security rule
security_rule_parameters (SecurityRule): Parameters supplied to create or update security rule
Returns:
LROPoller[SecurityRule]: A poller object for the long-running operation
"""
def get(self, resource_group_name: str, network_security_group_name: str, security_rule_name: str, **kwargs) -> SecurityRule:
"""
Get the specified network security rule.
Args:
resource_group_name (str): The name of the resource group
network_security_group_name (str): The name of the network security group
security_rule_name (str): The name of the security rule
Returns:
SecurityRule: The security rule resource
"""
def begin_delete(self, resource_group_name: str, network_security_group_name: str, security_rule_name: str, **kwargs) -> LROPoller[None]:
"""
Deletes the specified network security rule.
Args:
resource_group_name (str): The name of the resource group
network_security_group_name (str): The name of the network security group
security_rule_name (str): The name of the security rule
Returns:
LROPoller[None]: A poller object for the long-running operation
"""
def list(self, resource_group_name: str, network_security_group_name: str, **kwargs) -> Iterable[SecurityRule]:
"""
Gets all security rules in a network security group.
Args:
resource_group_name (str): The name of the resource group
network_security_group_name (str): The name of the network security group
Returns:
Iterable[SecurityRule]: Iterator of security rules
"""Application Security Groups
Application Security Groups (ASGs) enable you to group virtual machines and define network security policies based on those groups.
class ApplicationSecurityGroupsOperations:
def begin_create_or_update(self, resource_group_name: str, application_security_group_name: str, parameters: ApplicationSecurityGroup, **kwargs) -> LROPoller[ApplicationSecurityGroup]:
"""
Creates or updates an application security group.
Args:
resource_group_name (str): The name of the resource group
application_security_group_name (str): The name of the application security group
parameters (ApplicationSecurityGroup): Parameters supplied to create or update application security group
Returns:
LROPoller[ApplicationSecurityGroup]: A poller object for the long-running operation
"""
def get(self, resource_group_name: str, application_security_group_name: str, **kwargs) -> ApplicationSecurityGroup:
"""
Gets the specified application security group.
Args:
resource_group_name (str): The name of the resource group
application_security_group_name (str): The name of the application security group
Returns:
ApplicationSecurityGroup: The application security group resource
"""
def begin_delete(self, resource_group_name: str, application_security_group_name: str, **kwargs) -> LROPoller[None]:
"""
Deletes the specified application security group.
Args:
resource_group_name (str): The name of the resource group
application_security_group_name (str): The name of the application security group
Returns:
LROPoller[None]: A poller object for the long-running operation
"""
def list(self, resource_group_name: str, **kwargs) -> Iterable[ApplicationSecurityGroup]:
"""
Gets all the application security groups in a resource group.
Args:
resource_group_name (str): The name of the resource group
Returns:
Iterable[ApplicationSecurityGroup]: Iterator of application security groups
"""
def list_all(self, **kwargs) -> Iterable[ApplicationSecurityGroup]:
"""
Gets all application security groups in a subscription.
Returns:
Iterable[ApplicationSecurityGroup]: Iterator of application security groups
"""Network Security Perimeters
Network Security Perimeters provide advanced network security capabilities for securing access to Azure PaaS resources.
class NetworkSecurityPerimetersOperations:
def get(self, resource_group_name: str, network_security_perimeter_name: str, **kwargs) -> NetworkSecurityPerimeter:
"""
Gets the specified network security perimeter by the resource group.
Args:
resource_group_name (str): The name of the resource group
network_security_perimeter_name (str): The name of the network security perimeter
Returns:
NetworkSecurityPerimeter: The network security perimeter resource
"""
def begin_create_or_update(self, resource_group_name: str, network_security_perimeter_name: str, parameters: NetworkSecurityPerimeter, **kwargs) -> LROPoller[NetworkSecurityPerimeter]:
"""
Creates or updates a Network Security Perimeter.
Args:
resource_group_name (str): The name of the resource group
network_security_perimeter_name (str): The name of the network security perimeter
parameters (NetworkSecurityPerimeter): Parameters supplied to create or update network security perimeter
Returns:
LROPoller[NetworkSecurityPerimeter]: A poller object for the long-running operation
"""
def begin_delete(self, resource_group_name: str, network_security_perimeter_name: str, **kwargs) -> LROPoller[None]:
"""
Deletes a network security perimeter.
Args:
resource_group_name (str): The name of the resource group
network_security_perimeter_name (str): The name of the network security perimeter
Returns:
LROPoller[None]: A poller object for the long-running operation
"""
def list_by_subscription(self, **kwargs) -> Iterable[NetworkSecurityPerimeter]:
"""
List all network security perimeters in a subscription.
Returns:
Iterable[NetworkSecurityPerimeter]: Iterator of network security perimeters
"""
def list_by_resource_group(self, resource_group_name: str, **kwargs) -> Iterable[NetworkSecurityPerimeter]:
"""
List all network security perimeters in a resource group.
Args:
resource_group_name (str): The name of the resource group
Returns:
Iterable[NetworkSecurityPerimeter]: Iterator of network security perimeters
"""Usage Examples
Creating a Network Security Group with Rules
from azure.mgmt.network.models import (
NetworkSecurityGroup, SecurityRule, SecurityRuleAccess,
SecurityRuleDirection, SecurityRuleProtocol
)
# Define security rules
security_rules = [
SecurityRule(
name="AllowSSH",
protocol=SecurityRuleProtocol.TCP,
source_port_range="*",
destination_port_range="22",
source_address_prefix="*",
destination_address_prefix="*",
access=SecurityRuleAccess.ALLOW,
direction=SecurityRuleDirection.INBOUND,
priority=1000
),
SecurityRule(
name="AllowHTTP",
protocol=SecurityRuleProtocol.TCP,
source_port_range="*",
destination_port_range="80",
source_address_prefix="*",
destination_address_prefix="*",
access=SecurityRuleAccess.ALLOW,
direction=SecurityRuleDirection.INBOUND,
priority=1010
),
SecurityRule(
name="AllowHTTPS",
protocol=SecurityRuleProtocol.TCP,
source_port_range="*",
destination_port_range="443",
source_address_prefix="*",
destination_address_prefix="*",
access=SecurityRuleAccess.ALLOW,
direction=SecurityRuleDirection.INBOUND,
priority=1020
)
]
# Create NSG with rules
nsg_params = NetworkSecurityGroup(
location="East US",
security_rules=security_rules,
tags={"Environment": "Production", "Purpose": "WebTier"}
)
# Create the NSG
operation = client.network_security_groups.begin_create_or_update(
resource_group_name="my-resource-group",
network_security_group_name="web-nsg",
parameters=nsg_params
)
nsg = operation.result()
print(f"Created NSG: {nsg.name} with {len(nsg.security_rules)} rules")Creating Application Security Groups
from azure.mgmt.network.models import ApplicationSecurityGroup
# Create web tier ASG
web_asg_params = ApplicationSecurityGroup(
location="East US",
tags={"Tier": "Web"}
)
web_asg_operation = client.application_security_groups.begin_create_or_update(
resource_group_name="my-resource-group",
application_security_group_name="web-asg",
parameters=web_asg_params
)
web_asg = web_asg_operation.result()
# Create app tier ASG
app_asg_params = ApplicationSecurityGroup(
location="East US",
tags={"Tier": "Application"}
)
app_asg_operation = client.application_security_groups.begin_create_or_update(
resource_group_name="my-resource-group",
application_security_group_name="app-asg",
parameters=app_asg_params
)
app_asg = app_asg_operation.result()
print(f"Created ASGs: {web_asg.name} and {app_asg.name}")Using ASGs in Security Rules
# Create security rule using ASGs
asg_rule = SecurityRule(
name="WebToApp",
protocol=SecurityRuleProtocol.TCP,
source_port_range="*",
destination_port_ranges=["80", "443"],
source_application_security_groups=[
{"id": web_asg.id}
],
destination_application_security_groups=[
{"id": app_asg.id}
],
access=SecurityRuleAccess.ALLOW,
direction=SecurityRuleDirection.INBOUND,
priority=1100
)
# Add rule to existing NSG
rule_operation = client.security_rules.begin_create_or_update(
resource_group_name="my-resource-group",
network_security_group_name="web-nsg",
security_rule_name="WebToApp",
security_rule_parameters=asg_rule
)
rule = rule_operation.result()
print(f"Created security rule: {rule.name}")Types
class NetworkSecurityGroup(Resource):
def __init__(self, **kwargs): ...
security_rules: Optional[List[SecurityRule]]
default_security_rules: Optional[List[SecurityRule]] # Read-only
network_interfaces: Optional[List[NetworkInterface]] # Read-only
subnets: Optional[List[Subnet]] # Read-only
flow_logs: Optional[List[FlowLog]] # Read-only
resource_guid: Optional[str] # Read-only
provisioning_state: Optional[ProvisioningState] # Read-only
class SecurityRule(SubResource):
def __init__(self, **kwargs): ...
description: Optional[str]
protocol: Optional[SecurityRuleProtocol]
source_port_range: Optional[str]
destination_port_range: Optional[str]
source_address_prefix: Optional[str]
source_address_prefixes: Optional[List[str]]
source_application_security_groups: Optional[List[ApplicationSecurityGroup]]
destination_address_prefix: Optional[str]
destination_address_prefixes: Optional[List[str]]
destination_application_security_groups: Optional[List[ApplicationSecurityGroup]]
source_port_ranges: Optional[List[str]]
destination_port_ranges: Optional[List[str]]
access: Optional[SecurityRuleAccess]
priority: Optional[int]
direction: Optional[SecurityRuleDirection]
provisioning_state: Optional[ProvisioningState] # Read-only
class ApplicationSecurityGroup(Resource):
def __init__(self, **kwargs): ...
resource_guid: Optional[str] # Read-only
provisioning_state: Optional[ProvisioningState] # Read-only
class NetworkSecurityPerimeter(Resource):
def __init__(self, **kwargs): ...
perimeter_guid: Optional[str] # Read-only
description: Optional[str]
provisioning_state: Optional[ProvisioningState] # Read-only
# Enumerations
class SecurityRuleAccess(str, Enum):
ALLOW = "Allow"
DENY = "Deny"
class SecurityRuleDirection(str, Enum):
INBOUND = "Inbound"
OUTBOUND = "Outbound"
class SecurityRuleProtocol(str, Enum):
TCP = "Tcp"
UDP = "Udp"
ICMP = "Icmp"
ESP = "Esp"
AH = "Ah"
ASTERISK = "*"Install with Tessl CLI
npx tessl i tessl/pypi-azure-mgmt-network