tessl/pypi-azure-mgmt-search
Microsoft Azure Search Management Client Library for Python
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
network-security.mddocs/
Network Security
Management of network security perimeter configurations for enhanced security and compliance in enterprise environments. Network Security Perimeters provide advanced network isolation and access control for Azure Search services.
Capabilities
Network Security Perimeter Configuration Management
Manage network security perimeter configurations that define advanced network isolation rules and access policies for search services in enterprise environments.
def list_by_service(
resource_group_name: str,
search_service_name: str,
**kwargs
) -> ItemPaged[NetworkSecurityPerimeterConfiguration]:
"""
List all network security perimeter configurations for a search service.
Parameters:
resource_group_name (str): Resource group name
search_service_name (str): Search service name
Returns:
ItemPaged[NetworkSecurityPerimeterConfiguration]: All NSP configurations for the service
Raises:
ResourceNotFoundError: Service does not exist
HttpResponseError: Access denied or service error
"""
def get(
resource_group_name: str,
search_service_name: str,
nsp_config_name: str,
**kwargs
) -> NetworkSecurityPerimeterConfiguration:
"""
Get a specific network security perimeter configuration.
Parameters:
resource_group_name (str): Resource group name
search_service_name (str): Search service name
nsp_config_name (str): Network security perimeter configuration name
Returns:
NetworkSecurityPerimeterConfiguration: The NSP configuration details
Raises:
ResourceNotFoundError: Service or configuration does not exist
HttpResponseError: Access denied or invalid configuration name
"""
def begin_reconcile(
resource_group_name: str,
search_service_name: str,
nsp_config_name: str,
**kwargs
) -> LROPoller[NetworkSecurityPerimeterConfiguration]:
"""
Reconcile a network security perimeter configuration to ensure compliance.
Parameters:
resource_group_name (str): Resource group name
search_service_name (str): Search service name
nsp_config_name (str): Configuration name to reconcile
Returns:
LROPoller[NetworkSecurityPerimeterConfiguration]: Long-running reconciliation operation
Raises:
ResourceNotFoundError: Service or configuration does not exist
HttpResponseError: Access denied or reconciliation failed
"""Usage Example:
# List all network security perimeter configurations
nsp_configs = client.network_security_perimeter_configurations.list_by_service(
resource_group_name="my-resource-group",
search_service_name="my-search-service"
)
for config in nsp_configs:
print(f"NSP Config: {config.name}")
print(f"Provisioning State: {config.properties.provisioning_state}")
print(f"Network Security Perimeter: {config.properties.network_security_perimeter.id}")
# Check for any provisioning issues
if config.properties.provisioning_issues:
for issue in config.properties.provisioning_issues:
print(f"Issue: {issue.properties.issue_type} - {issue.properties.description}")
# Get specific configuration details
specific_config = client.network_security_perimeter_configurations.get(
resource_group_name="my-resource-group",
search_service_name="my-search-service",
nsp_config_name="default-nsp-config"
)
print(f"Configuration: {specific_config.name}")
print(f"Profile: {specific_config.properties.profile.name}")
# Reconcile configuration if needed
if specific_config.properties.provisioning_state != "Succeeded":
reconcile_op = client.network_security_perimeter_configurations.begin_reconcile(
resource_group_name="my-resource-group",
search_service_name="my-search-service",
nsp_config_name="default-nsp-config"
)
# Wait for reconciliation to complete
reconciled_config = reconcile_op.result()
print(f"Reconciliation completed: {reconciled_config.properties.provisioning_state}")Data Models
NetworkSecurityPerimeterConfiguration
Configuration defining network security perimeter rules and access policies for a search service.
class NetworkSecurityPerimeterConfiguration:
"""
Network security perimeter configuration for enhanced network isolation.
Attributes:
id (str): Configuration resource ID
name (str): Configuration name
type (str): Resource type
properties (NetworkSecurityPerimeterConfigurationProperties): Configuration properties
"""
class NetworkSecurityPerimeterConfigurationProperties:
"""
Properties of a network security perimeter configuration.
Attributes:
provisioning_state (NetworkSecurityPerimeterConfigurationProvisioningState): Configuration provisioning state
provisioning_issues (List[ProvisioningIssue]): Any provisioning issues encountered
network_security_perimeter (NetworkSecurityPerimeter): Associated network security perimeter
resource_association (ResourceAssociation): Resource association details
profile (NetworkSecurityProfile): Network security profile configuration
"""NetworkSecurityPerimeter
Represents the network security perimeter that defines the security boundary.
class NetworkSecurityPerimeter:
"""
Network security perimeter defining security boundaries.
Attributes:
id (str): Perimeter resource ID
perimeter_guid (str): Unique perimeter identifier
location (str): Perimeter location
"""NetworkSecurityProfile
Defines the security profile and access rules for the perimeter.
class NetworkSecurityProfile:
"""
Network security profile containing access rules and policies.
Attributes:
name (str): Profile name
access_rules_version (int): Version of the access rules
access_rules (List[AccessRule]): Network access rules
diagnostic_settings_version (int): Diagnostic settings version
"""AccessRule
Defines specific network access rules within the security perimeter.
class AccessRule:
"""
Network access rule defining allowed or denied traffic.
Attributes:
name (str): Rule name
properties (AccessRuleProperties): Rule properties and conditions
"""
class AccessRuleProperties:
"""
Properties of a network access rule.
Attributes:
direction (AccessRuleDirection): Traffic direction (inbound/outbound)
address_prefixes (List[str]): Address prefixes affected by the rule
subscriptions (List[AccessRulePropertiesSubscriptionsItem]): Subscription-based rules
network_security_perimeters (List[NetworkSecurityPerimeter]): Associated perimeters
fully_qualified_domain_names (List[str]): FQDN-based rules
email_addresses (List[str]): Email-based access rules
phone_numbers (List[str]): Phone-based access rules
"""ResourceAssociation
Defines how the search service is associated with the network security perimeter.
class ResourceAssociation:
"""
Association between the search service and network security perimeter.
Attributes:
name (str): Association name
access_mode (ResourceAssociationAccessMode): Access mode for the association
"""ProvisioningIssue
Represents issues encountered during network security perimeter provisioning.
class ProvisioningIssue:
"""
Provisioning issue encountered during NSP configuration.
Attributes:
name (str): Issue name
properties (ProvisioningIssueProperties): Issue details
"""
class ProvisioningIssueProperties:
"""
Properties of a provisioning issue.
Attributes:
issue_type (IssueType): Type of the provisioning issue
severity (Severity): Issue severity level
description (str): Detailed issue description
suggested_resource_ids (List[str]): Suggested resources to resolve the issue
suggested_access_rules (List[AccessRule]): Suggested access rules
"""Network Security Enums
class NetworkSecurityPerimeterConfigurationProvisioningState(str, Enum):
"""Network security perimeter configuration provisioning states."""
SUCCEEDED = "succeeded"
FAILED = "failed"
CANCELED = "canceled"
CREATING = "creating"
UPDATING = "updating"
DELETING = "deleting"
class AccessRuleDirection(str, Enum):
"""Access rule direction values."""
INBOUND = "inbound"
OUTBOUND = "outbound"
class ResourceAssociationAccessMode(str, Enum):
"""Resource association access modes."""
ENFORCED = "enforced"
LEARNING = "learning"
AUDIT = "audit"
class IssueType(str, Enum):
"""Provisioning issue types."""
UNKNOWN = "unknown"
CONFIGURATION_PROPAGATION_FAILURE = "configuration_propagation_failure"
MISSING_PERIMETER_CONFIGURATION = "missing_perimeter_configuration"
MISSING_IDENTITY_CONFIGURATION = "missing_identity_configuration"
class Severity(str, Enum):
"""Issue severity levels."""
WARNING = "warning"
ERROR = "error"Network Security Scenarios
Monitor Network Security Configuration
# Check all NSP configurations for compliance
def monitor_nsp_compliance(resource_group: str, service_name: str):
configs = client.network_security_perimeter_configurations.list_by_service(
resource_group, service_name
)
compliance_issues = []
for config in configs:
print(f"Checking configuration: {config.name}")
# Check provisioning state
if config.properties.provisioning_state != "Succeeded":
compliance_issues.append(f"Configuration {config.name} not fully provisioned")
# Check for provisioning issues
if config.properties.provisioning_issues:
for issue in config.properties.provisioning_issues:
issue_msg = f"Issue in {config.name}: {issue.properties.issue_type} - {issue.properties.description}"
compliance_issues.append(issue_msg)
# Log severity
if issue.properties.severity == "error":
print(f"ERROR: {issue_msg}")
else:
print(f"WARNING: {issue_msg}")
return compliance_issues
# Run compliance check
issues = monitor_nsp_compliance("my-rg", "my-search-service")
if not issues:
print("All NSP configurations are compliant")
else:
print(f"Found {len(issues)} compliance issues")Reconcile Network Security Configuration
# Reconcile configurations that have issues
def reconcile_nsp_issues(resource_group: str, service_name: str):
configs = client.network_security_perimeter_configurations.list_by_service(
resource_group, service_name
)
reconciliation_operations = []
for config in configs:
needs_reconciliation = (
config.properties.provisioning_state != "Succeeded" or
config.properties.provisioning_issues
)
if needs_reconciliation:
print(f"Starting reconciliation for {config.name}")
reconcile_op = client.network_security_perimeter_configurations.begin_reconcile(
resource_group, service_name, config.name
)
reconciliation_operations.append((config.name, reconcile_op))
# Wait for all reconciliations to complete
for config_name, operation in reconciliation_operations:
try:
result = operation.result()
print(f"Reconciliation completed for {config_name}: {result.properties.provisioning_state}")
except Exception as e:
print(f"Reconciliation failed for {config_name}: {e}")
# Run reconciliation
reconcile_nsp_issues("my-rg", "my-search-service")Analyze Network Security Rules
# Analyze access rules in NSP configurations
def analyze_access_rules(resource_group: str, service_name: str):
configs = client.network_security_perimeter_configurations.list_by_service(
resource_group, service_name
)
for config in configs:
print(f"\nAnalyzing access rules for {config.name}:")
if config.properties.profile and config.properties.profile.access_rules:
for rule in config.properties.profile.access_rules:
print(f" Rule: {rule.name}")
print(f" Direction: {rule.properties.direction}")
if rule.properties.address_prefixes:
print(f" Address Prefixes: {rule.properties.address_prefixes}")
if rule.properties.fully_qualified_domain_names:
print(f" FQDNs: {rule.properties.fully_qualified_domain_names}")
if rule.properties.subscriptions:
print(f" Subscriptions: {len(rule.properties.subscriptions)} defined")
else:
print(" No access rules defined")
# Analyze current rules
analyze_access_rules("my-rg", "my-search-service")Install with Tessl CLI
npx tessl i tessl/pypi-azure-mgmt-search