Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add firewallsku as ManagedNetwork property #37885

Merged
merged 18 commits into from
Nov 5, 2024
Merged
Show file tree
Hide file tree
Changes from 9 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion sdk/ml/azure-ai-ml/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@
## 1.22.0 (unreleased)

### Features Added

- Added support to select firewall sku to used for provisioning azure firewall when FQDN rules are added in
AllowOnlyApprovedOutbound mode. FirewallSku options are `Standard` or `Basic`, defaults to `Strandard`
Nethracs marked this conversation as resolved.
Show resolved Hide resolved
### Bugs Fixed

## 1.21.0 (2024-09-30)
Expand Down
14 changes: 11 additions & 3 deletions sdk/ml/azure-ai-ml/azure/ai/ml/_ml_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
from azure.ai.ml._restclient.v2024_01_01_preview import AzureMachineLearningWorkspaces as ServiceClient012024Preview
from azure.ai.ml._restclient.v2024_04_01_preview import AzureMachineLearningWorkspaces as ServiceClient042024Preview
from azure.ai.ml._restclient.v2024_07_01_preview import AzureMachineLearningWorkspaces as ServiceClient072024Preview
from azure.ai.ml._restclient.v2024_10_01_preview import AzureMachineLearningWorkspaces as ServiceClient102024Preview
from azure.ai.ml._restclient.workspace_dataplane import (
AzureMachineLearningWorkspaces as ServiceClientWorkspaceDataplane,
)
Expand Down Expand Up @@ -381,6 +382,13 @@ def __init__(
**kwargs,
)

self._service_client_10_2024_preview = ServiceClient102024Preview(
credential=self._credential,
subscription_id=self._operation_scope._subscription_id,
Nethracs marked this conversation as resolved.
Show resolved Hide resolved
base_url=base_url,
**kwargs,
)

# A general purpose, user-configurable pipeline for making
# http requests
self._requests_pipeline = HttpPipeline(**kwargs)
Expand Down Expand Up @@ -478,7 +486,7 @@ def __init__(

self._workspaces = WorkspaceOperations(
self._ws_operation_scope if registry_reference else self._operation_scope,
self._service_client_07_2024_preview,
self._service_client_10_2024_preview,
self._operation_container,
self._credential,
requests_pipeline=self._requests_pipeline,
Expand All @@ -489,7 +497,7 @@ def __init__(

self._workspace_outbound_rules = WorkspaceOutboundRuleOperations(
self._operation_scope,
self._service_client_07_2024_preview,
self._service_client_10_2024_preview,
self._operation_container,
self._credential,
**kwargs,
Expand Down Expand Up @@ -706,7 +714,7 @@ def __init__(

self._featurestores = FeatureStoreOperations(
self._operation_scope,
self._service_client_07_2024_preview,
self._service_client_10_2024_preview,
self._operation_container,
self._credential,
**app_insights_handler_kwargs, # type: ignore[arg-type]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28025,8 +28025,6 @@ def __init__(
class ServiceTagDestination(msrest.serialization.Model):
"""Service Tag destination for a Service Tag Outbound Rule for the managed network of a machine learning workspace.

Variables are only populated by the server, and will be ignored when sending a request.
Nethracs marked this conversation as resolved.
Show resolved Hide resolved

:ivar action: The action enum for networking rule. Possible values include: "Allow", "Deny".
:vartype action: str or ~azure.mgmt.machinelearningservices.models.RuleAction
:ivar address_prefixes: Optional, if provided, the ServiceTag property will be ignored.
Expand All @@ -28039,10 +28037,6 @@ class ServiceTagDestination(msrest.serialization.Model):
:vartype service_tag: str
"""

_validation = {
'address_prefixes': {'readonly': True},
}

_attribute_map = {
'action': {'key': 'action', 'type': 'str'},
'address_prefixes': {'key': 'addressPrefixes', 'type': '[str]'},
Expand All @@ -28058,6 +28052,8 @@ def __init__(
"""
:keyword action: The action enum for networking rule. Possible values include: "Allow", "Deny".
:paramtype action: str or ~azure.mgmt.machinelearningservices.models.RuleAction
:keyword address_prefixes: Optional, if provided, the ServiceTag property will be ignored.
:paramtype address_prefixes: list[str]
:keyword port_ranges:
:paramtype port_ranges: str
:keyword protocol:
Expand All @@ -28067,7 +28063,7 @@ def __init__(
"""
super(ServiceTagDestination, self).__init__(**kwargs)
self.action = kwargs.get('action', None)
self.address_prefixes = None
self.address_prefixes = kwargs.get('address_prefixes', None)
self.port_ranges = kwargs.get('port_ranges', None)
self.protocol = kwargs.get('protocol', None)
self.service_tag = kwargs.get('service_tag', None)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30415,8 +30415,6 @@ def __init__(
class ServiceTagDestination(msrest.serialization.Model):
"""Service Tag destination for a Service Tag Outbound Rule for the managed network of a machine learning workspace.

Variables are only populated by the server, and will be ignored when sending a request.

:ivar action: The action enum for networking rule. Possible values include: "Allow", "Deny".
:vartype action: str or ~azure.mgmt.machinelearningservices.models.RuleAction
:ivar address_prefixes: Optional, if provided, the ServiceTag property will be ignored.
Expand All @@ -30429,10 +30427,6 @@ class ServiceTagDestination(msrest.serialization.Model):
:vartype service_tag: str
"""

_validation = {
'address_prefixes': {'readonly': True},
}

_attribute_map = {
'action': {'key': 'action', 'type': 'str'},
'address_prefixes': {'key': 'addressPrefixes', 'type': '[str]'},
Expand All @@ -30445,6 +30439,7 @@ def __init__(
self,
*,
action: Optional[Union[str, "RuleAction"]] = None,
address_prefixes: Optional[List[str]] = None,
port_ranges: Optional[str] = None,
protocol: Optional[str] = None,
service_tag: Optional[str] = None,
Expand All @@ -30453,6 +30448,8 @@ def __init__(
"""
:keyword action: The action enum for networking rule. Possible values include: "Allow", "Deny".
:paramtype action: str or ~azure.mgmt.machinelearningservices.models.RuleAction
:keyword address_prefixes: Optional, if provided, the ServiceTag property will be ignored.
:paramtype address_prefixes: list[str]
:keyword port_ranges:
:paramtype port_ranges: str
:keyword protocol:
Expand All @@ -30462,7 +30459,7 @@ def __init__(
"""
super(ServiceTagDestination, self).__init__(**kwargs)
self.action = action
self.address_prefixes = None
self.address_prefixes = address_prefixes
self.port_ranges = port_ranges
self.protocol = protocol
self.service_tag = service_tag
Expand Down Expand Up @@ -34879,6 +34876,9 @@ def __init__(
the workspace. Possible values include: "AccessKey", "Identity", "UserDelegationSAS".
:paramtype system_datastores_auth_mode: str or
~azure.mgmt.machinelearningservices.models.SystemDatastoresAuthMode
:keyword system_datastores_auth_mode: The auth mode used for accessing the system datastores of
the workspace.
:paramtype system_datastores_auth_mode: str
:keyword v1_legacy_mode: Enabling v1_legacy_mode may prevent you from using features provided
by the v2 API.
:paramtype v1_legacy_mode: bool
Expand Down
35 changes: 27 additions & 8 deletions sdk/ml/azure-ai-ml/azure/ai/ml/_schema/workspace/networking.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,19 @@

# pylint: disable=unused-argument,no-else-return

from marshmallow import fields, EXCLUDE
from marshmallow import EXCLUDE, fields
from marshmallow.decorators import post_load, pre_dump

from azure.ai.ml._schema.core.fields import NestedField, StringTransformedEnum, UnionField
from azure.ai.ml._schema.core.schema_meta import PatchedSchemaMeta
from azure.ai.ml._schema.core.fields import StringTransformedEnum, NestedField, UnionField
from azure.ai.ml._utils.utils import _snake_to_camel, camel_to_snake
from azure.ai.ml.constants._workspace import FirewallSku, IsolationMode, OutboundRuleCategory
from azure.ai.ml.entities._workspace.networking import (
ManagedNetwork,
FqdnDestination,
ServiceTagDestination,
ManagedNetwork,
PrivateEndpointDestination,
ServiceTagDestination,
)
from azure.ai.ml.constants._workspace import IsolationMode, OutboundRuleCategory
from azure.ai.ml._utils.utils import camel_to_snake, _snake_to_camel


class ManagedNetworkStatusSchema(metaclass=PatchedSchemaMeta):
Expand Down Expand Up @@ -184,13 +185,31 @@ class ManagedNetworkSchema(metaclass=PatchedSchemaMeta):
),
allow_none=True,
)
firewall_sku = StringTransformedEnum(
allowed_values=[
FirewallSku.STANDARD,
FirewallSku.BASIC,
],
casing_transform=camel_to_snake,
metadata={"description": "Firewall sku for FQDN rules in AllowOnlyApprovedOutbound mode"},
)
network_id = fields.Str(required=False, dump_only=True)
status = NestedField(ManagedNetworkStatusSchema, allow_none=False, unknown=EXCLUDE)

@post_load
def make(self, data, **kwargs):
outbound_rules = data.get("outbound_rules", False)

firewall_sku = data.get("firewall_sku", False)
firewall_sku_value = _snake_to_camel(data["firewall_sku"]) if firewall_sku else None
Nethracs marked this conversation as resolved.
Show resolved Hide resolved

if outbound_rules:
return ManagedNetwork(isolation_mode=_snake_to_camel(data["isolation_mode"]), outbound_rules=outbound_rules)
return ManagedNetwork(
isolation_mode=_snake_to_camel(data["isolation_mode"]),
outbound_rules=outbound_rules,
firewall_sku=firewall_sku_value,
)
else:
return ManagedNetwork(isolation_mode=_snake_to_camel(data["isolation_mode"]))
return ManagedNetwork(
isolation_mode=_snake_to_camel(data["isolation_mode"]), firewall_sku=firewall_sku_value
)
7 changes: 7 additions & 0 deletions sdk/ml/azure-ai-ml/azure/ai/ml/constants/_workspace.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,13 @@ class IsolationMode:
ALLOW_ONLY_APPROVED_OUTBOUND = "AllowOnlyApprovedOutbound"


class FirewallSku:
"""Firewall Sku for FQDN rules in AllowOnlyApprovedOutbound."""

STANDARD = "Standard"
BASIC = "Basic"


class OutboundRuleCategory:
"""Category for a managed network outbound rule."""

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,17 @@
from pathlib import Path
from typing import Any, Dict, Optional, Union

from azure.ai.ml._restclient.v2024_07_01_preview.models import Workspace as RestWorkspace
from azure.ai.ml._restclient.v2024_10_01_preview.models import Workspace as RestWorkspace
from azure.ai.ml._schema._feature_store.feature_store_schema import FeatureStoreSchema
from azure.ai.ml.constants._common import BASE_PATH_CONTEXT_KEY, PARAMS_OVERRIDE_KEY
from azure.ai.ml.constants._common import BASE_PATH_CONTEXT_KEY, PARAMS_OVERRIDE_KEY, WorkspaceKind
from azure.ai.ml.entities._credentials import IdentityConfiguration, ManagedIdentityConfiguration
from azure.ai.ml.entities._util import load_from_dict
from azure.ai.ml.entities._workspace.compute_runtime import ComputeRuntime
from azure.ai.ml.entities._workspace.customer_managed_key import CustomerManagedKey
from azure.ai.ml.entities._workspace.feature_store_settings import FeatureStoreSettings
from azure.ai.ml.entities._workspace.networking import ManagedNetwork
from azure.ai.ml.entities._workspace.workspace import Workspace
from azure.ai.ml.constants._common import WorkspaceKind

from ._constants import DEFAULT_SPARK_RUNTIME_VERSION
from .materialization_store import MaterializationStore

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,8 @@
# pylint: disable=too-many-instance-attributes,protected-access
from typing import Any, Dict, List, Optional

from azure.ai.ml._restclient.v2024_07_01_preview.models import (
Workspace as RestWorkspace,
WorkspaceHubConfig as RestWorkspaceHubConfig,
)
from azure.ai.ml._restclient.v2024_10_01_preview.models import Workspace as RestWorkspace
from azure.ai.ml._restclient.v2024_10_01_preview.models import WorkspaceHubConfig as RestWorkspaceHubConfig
from azure.ai.ml._schema.workspace import HubSchema
from azure.ai.ml._utils._experimental import experimental
from azure.ai.ml.constants._common import WorkspaceKind
Expand Down
12 changes: 8 additions & 4 deletions sdk/ml/azure-ai-ml/azure/ai/ml/entities/_workspace/diagnose.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,17 @@
# ---------------------------------------------------------

import json
from typing import Any, Dict, Optional, List
from typing import Any, Dict, List, Optional

from azure.ai.ml._restclient.v2024_07_01_preview.models import (
from azure.ai.ml._restclient.v2024_10_01_preview.models import (
DiagnoseRequestProperties as RestDiagnoseRequestProperties,
DiagnoseResponseResult as RestDiagnoseResponseResult,
)
from azure.ai.ml._restclient.v2024_10_01_preview.models import DiagnoseResponseResult as RestDiagnoseResponseResult
from azure.ai.ml._restclient.v2024_10_01_preview.models import (
DiagnoseResponseResultValue as RestDiagnoseResponseResultValue,
DiagnoseResult as RestDiagnoseResult,
)
from azure.ai.ml._restclient.v2024_10_01_preview.models import DiagnoseResult as RestDiagnoseResult
from azure.ai.ml._restclient.v2024_10_01_preview.models import (
DiagnoseWorkspaceParameters as RestDiagnoseWorkspaceParameters,
)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

from typing import Optional

from azure.ai.ml._restclient.v2024_07_01_preview.models import FeatureStoreSettings as RestFeatureStoreSettings
from azure.ai.ml._restclient.v2024_10_01_preview.models import FeatureStoreSettings as RestFeatureStoreSettings
from azure.ai.ml.entities._mixins import RestTranslatableMixin

from .compute_runtime import ComputeRuntime
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,21 @@
from abc import ABC
from typing import Any, Dict, List, Optional

from azure.ai.ml._restclient.v2024_07_01_preview.models import (
FqdnOutboundRule as RestFqdnOutboundRule,
from azure.ai.ml._restclient.v2024_10_01_preview.models import FqdnOutboundRule as RestFqdnOutboundRule
from azure.ai.ml._restclient.v2024_10_01_preview.models import (
ManagedNetworkProvisionStatus as RestManagedNetworkProvisionStatus,
ManagedNetworkSettings as RestManagedNetwork,
)
from azure.ai.ml._restclient.v2024_10_01_preview.models import ManagedNetworkSettings as RestManagedNetwork
from azure.ai.ml._restclient.v2024_10_01_preview.models import (
PrivateEndpointDestination as RestPrivateEndpointOutboundRuleDestination,
)
from azure.ai.ml._restclient.v2024_10_01_preview.models import (
PrivateEndpointOutboundRule as RestPrivateEndpointOutboundRule,
)
from azure.ai.ml._restclient.v2024_10_01_preview.models import (
ServiceTagDestination as RestServiceTagOutboundRuleDestination,
ServiceTagOutboundRule as RestServiceTagOutboundRule,
)
from azure.ai.ml._restclient.v2024_10_01_preview.models import ServiceTagOutboundRule as RestServiceTagOutboundRule
from azure.ai.ml.constants._workspace import IsolationMode, OutboundRuleCategory, OutboundRuleType


Expand Down Expand Up @@ -253,6 +259,8 @@ class ManagedNetwork:

:param isolation_mode: Isolation of the managed network, defaults to Disabled.
:type isolation_mode: str
:param firewall_sku: Firewall Sku for FQDN rules in AllowOnlyApprovedOutbound..
:type firewall_sku: str
:param outbound_rules: List of outbound rules for the managed network.
:type outbound_rules: List[~azure.ai.ml.entities.OutboundRule]
:param network_id: Network id for the managed network, not meant to be set by user.
Expand All @@ -271,10 +279,12 @@ def __init__(
*,
isolation_mode: str = IsolationMode.DISABLED,
outbound_rules: Optional[List[OutboundRule]] = None,
firewall_sku: Optional[str] = None,
network_id: Optional[str] = None,
**kwargs: Any,
) -> None:
self.isolation_mode = isolation_mode
self.firewall_sku = firewall_sku
self.network_id = network_id
self.outbound_rules = outbound_rules
self.status = kwargs.pop("status", None)
Expand All @@ -289,7 +299,9 @@ def _to_rest_object(self) -> RestManagedNetwork:
if self.outbound_rules
else {}
)
return RestManagedNetwork(isolation_mode=self.isolation_mode, outbound_rules=rest_outbound_rules)
return RestManagedNetwork(
isolation_mode=self.isolation_mode, outbound_rules=rest_outbound_rules, firewall_sku=self.firewall_sku
)

@classmethod
def _from_rest_object(cls, obj: RestManagedNetwork) -> "ManagedNetwork":
Expand All @@ -306,6 +318,7 @@ def _from_rest_object(cls, obj: RestManagedNetwork) -> "ManagedNetwork":
outbound_rules=from_rest_outbound_rules, # type: ignore[arg-type]
network_id=obj.network_id,
status=obj.status,
firewall_sku=obj.firewall_sku,
)


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

from marshmallow.exceptions import ValidationError

from azure.ai.ml._restclient.v2024_07_01_preview.models import (
from azure.ai.ml._restclient.v2024_10_01_preview.models import (
ServerlessComputeSettings as RestServerlessComputeSettings,
)
from azure.ai.ml._schema._utils.utils import ArmId
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@
from pathlib import Path
from typing import IO, Any, AnyStr, Dict, List, Optional, Tuple, Type, Union

from azure.ai.ml._restclient.v2024_07_01_preview.models import (
FeatureStoreSettings as RestFeatureStoreSettings,
ManagedNetworkSettings as RestManagedNetwork,
ManagedServiceIdentity as RestManagedServiceIdentity,
from azure.ai.ml._restclient.v2024_10_01_preview.models import FeatureStoreSettings as RestFeatureStoreSettings
from azure.ai.ml._restclient.v2024_10_01_preview.models import ManagedNetworkSettings as RestManagedNetwork
from azure.ai.ml._restclient.v2024_10_01_preview.models import ManagedServiceIdentity as RestManagedServiceIdentity
from azure.ai.ml._restclient.v2024_10_01_preview.models import (
ServerlessComputeSettings as RestServerlessComputeSettings,
Workspace as RestWorkspace,
)
from azure.ai.ml._restclient.v2024_10_01_preview.models import Workspace as RestWorkspace
from azure.ai.ml._schema.workspace.workspace import WorkspaceSchema
from azure.ai.ml._utils.utils import dump_yaml_to_file
from azure.ai.ml.constants._common import (
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

from typing import List, Optional

from azure.ai.ml._restclient.v2024_07_01_preview.models import ListWorkspaceKeysResult
from azure.ai.ml._restclient.v2024_10_01_preview.models import ListWorkspaceKeysResult


class ContainerRegistryCredential:
Expand Down
Loading