1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
|
# coding: utf-8
# -------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
# --------------------------------------------------------------------------
"""
FILE: ml_samples_workspace.py
DESCRIPTION:
These samples demonstrate different ways to configure Workspace and related objects.
USAGE:
python ml_samples_workspace.py
"""
import os
from ml_samples_compute import handle_resource_exists_error
from azure.ai.ml import MLClient
from azure.identity import DefaultAzureCredential
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
resource_group = os.environ["RESOURCE_GROUP_NAME"]
credential = DefaultAzureCredential()
ml_client = MLClient(credential, subscription_id, resource_group)
ml_client_ws = MLClient(credential, subscription_id, resource_group, workspace_name="test-ws1")
class WorkspaceConfigurationOptions(object):
def ml_workspace_config_sample_snippets_entities(self):
# [START load_workspace]
from azure.ai.ml import load_workspace
ws = load_workspace(
"../tests/test_configs/workspace/workspace_min.yaml",
params_override=[{"description": "loaded from workspace_min.yaml"}],
)
# [END load_workspace]
# [START load_workspace_connection]
from azure.ai.ml import load_connection
wps_connection = load_connection(source="../tests/test_configs/connection/snowflake_user_pwd.yaml")
# [END load_workspace_connection]
# [START customermanagedkey]
from azure.ai.ml.entities import CustomerManagedKey, Workspace
cmk = CustomerManagedKey(
key_vault="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/vault-name",
key_uri="https://vault-name.vault.azure.net/keys/key-name/key-version",
)
# special bring your own scenario
byo_cmk = CustomerManagedKey(
key_vault="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/vault-name",
key_uri="https://vault-name.vault.azure.net/keys/key-name/key-version",
cosmosdb_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.DocumentDB/databaseAccounts/cosmos-name",
storage_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/storage-name",
search_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.Search/searchServices/search-name",
)
ws = Workspace(name="ws-name", location="eastus", display_name="My workspace", customer_managed_key=cmk)
# [END customermanagedkey]
# [START workspace_managed_network]
from azure.ai.ml.constants._workspace import FirewallSku
from azure.ai.ml.entities import (
FqdnDestination,
IsolationMode,
ManagedNetwork,
PrivateEndpointDestination,
ServiceTagDestination,
Workspace,
)
# Example private endpoint outbound to a blob
blobrule = PrivateEndpointDestination(
name="blobrule",
service_resource_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/storage-name",
subresource_target="blob",
spark_enabled=False,
)
# Example service tag rule
datafactoryrule = ServiceTagDestination(
name="datafactory", service_tag="DataFactory", protocol="TCP", port_ranges="80, 8080-8089"
)
# Example FQDN rule
pypirule = FqdnDestination(name="pypirule", destination="pypi.org")
# Example FirewallSku
# FirewallSku is an optional parameter, when unspecified this will default to FirewallSku.Standard
firewallSku = FirewallSku.BASIC
network = ManagedNetwork(
isolation_mode=IsolationMode.ALLOW_ONLY_APPROVED_OUTBOUND,
outbound_rules=[blobrule, datafactoryrule, pypirule],
firewall_sku=firewallSku,
)
# Workspace configuration
ws = Workspace(name="ws-name", location="eastus", managed_network=network)
# [END workspace_managed_network]
# [START workspace_managed_network_provision_now]
from azure.ai.ml.entities import IsolationMode, ManagedNetwork, Workspace
managed_net = ManagedNetwork(isolation_mode=IsolationMode.ALLOW_INTERNET_OUTBOUND)
ws = Workspace(name="ws-name", location="eastus", managed_network=managed_net, provision_network_now=True)
# [END workspace_managed_network_provision_now]
# [START fqdn_outboundrule]
from azure.ai.ml.entities import FqdnDestination
# Example FQDN rule
pypirule = FqdnDestination(name="rulename", destination="pypi.org")
# [END fqdn_outboundrule]
# [START private_endpoint_outboundrule]
from azure.ai.ml.entities import PrivateEndpointDestination
# Example private endpoint outbound to a blob
blobrule = PrivateEndpointDestination(
name="blobrule",
service_resource_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/storage-name",
subresource_target="blob",
spark_enabled=False,
)
# Example private endpoint outbound to an application gateway
appGwRule = PrivateEndpointDestination(
name="appGwRule",
service_resource_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-name", # cspell:disable-line
subresource_target="appGwPrivateFrontendIpIPv4",
spark_enabled=False,
fqdns=["contoso.com", "contoso2.com"],
)
# [END private_endpoint_outboundrule]
# [START service_tag_outboundrule]
from azure.ai.ml.entities import ServiceTagDestination
# Example service tag rule
datafactoryrule = ServiceTagDestination(
name="datafactory", service_tag="DataFactory", protocol="TCP", port_ranges="80, 8080-8089"
)
# Example service tag rule using custom address prefixes
customAddressPrefixesRule = ServiceTagDestination(
name="customAddressPrefixesRule",
address_prefixes=["168.63.129.16", "10.0.0.0/24"],
protocol="TCP",
port_ranges="80, 443, 8080-8089",
)
# [END service_tag_outboundrule]
# [START workspace]
from azure.ai.ml.entities import Workspace
ws = Workspace(name="sample-ws", location="eastus", description="a sample workspace object")
# [END workspace]
# [START workspace_hub]
from azure.ai.ml.entities import Hub
ws = Hub(name="sample-ws", location="eastus", description="a sample workspace hub object")
# [END workspace_hub]
# [START workspace_network_access_settings]
from azure.ai.ml.entities import DefaultActionType, IPRule, NetworkAcls
# Get existing workspace
ws = ml_client.workspaces.get("test-ws1")
# 1. Enabled from all networks
# Note: default_action should be set to 'Allow', allowing all access.
ws.public_network_access = "Enabled"
ws.network_acls = NetworkAcls(default_action=DefaultActionType.ALLOW, ip_rules=[])
updated_ws = ml_client.workspaces.begin_update(workspace=ws).result()
# 2. Enabled from selected IP addresses
# Note: default_action should be set to 'Deny', allowing only specified IPs/ranges
ws.public_network_access = "Enabled"
ws.network_acls = NetworkAcls(
default_action=DefaultActionType.DENY,
ip_rules=[IPRule(value="103.248.19.87/32"), IPRule(value="103.248.19.86/32")],
)
updated_ws = ml_client.workspaces.begin_update(workspace=ws).result()
# 3. Disabled
# NetworkAcls IP Rules will reset
ws.public_network_access = "Disabled"
updated_ws = ml_client.workspaces.begin_update(workspace=ws).result()
# [END workspace_network_access_settings]
@handle_resource_exists_error
def ml_workspace_config_sample_snippets_operations(self):
# [START workspace_list]
from azure.ai.ml.constants import Scope
# list workspaces in the resource group set in ml_client
workspaces = ml_client.workspaces.list()
workspaces = ml_client.workspaces.list(scope=Scope.RESOURCE_GROUP)
# list workspaces in the subscription set in ml_client
workspaces = ml_client.workspaces.list(scope=Scope.SUBSCRIPTION)
# [END workspace_list]
# [START workspace_get]
workspace = ml_client.workspaces.get(name="test-ws1")
# [END workspace_get]
# [START workspace_get_keys]
ws_keys = ml_client.workspaces.get_keys(name="test-ws1")
# [END workspace_get_keys]
# [START workspace_sync_keys]
ml_client.workspaces.begin_sync_keys(name="test-ws1")
# [END workspace_sync_keys]
# [START workspace_provision_network]
ml_client.workspaces.begin_provision_network(workspace_name="test-ws1", include_spark=False)
# [END workspace_provision_network]
# [START workspace_begin_create]
from azure.ai.ml.entities import Workspace
ws = Workspace(
name="test-ws1",
description="a test workspace",
tags={"purpose": "demo"},
location="eastus",
resource_group=resource_group,
)
ws = ml_client.workspaces.begin_create(workspace=ws).result()
# [END workspace_begin_create]
# [START workspace_begin_update]
ws = ml_client.workspaces.get(name="test-ws1")
ws.description = "a different description"
ws = ml_client.workspaces.begin_update(workspace=ws).result()
# [END workspace_begin_update]
# [START workspace_begin_delete]
ml_client.workspaces.begin_delete(name="test-ws", delete_dependent_resources=True, permanently_delete=True)
# [END workspace_begin_delete]
# [START workspace_begin_diagnose]
diagnose_result = ml_client.workspaces.begin_diagnose(name="test-ws1").result()
# [END workspace_begin_diagnose]
# [START get_connection]
from azure.ai.ml import MLClient
ml_client_ws = MLClient(credential, subscription_id, resource_group, workspace_name="test-ws1")
connection = ml_client.connections.get(name="test-ws1")
# [END get_connection]
# [START create_or_update_connection]
from azure.ai.ml import MLClient
from azure.ai.ml.entities import UsernamePasswordConfiguration, WorkspaceConnection
ml_client_ws = MLClient(credential, subscription_id, resource_group, workspace_name="test-ws")
wps_connection = WorkspaceConnection(
name="connection-1",
type="snowflake",
target="jdbc:snowflake://<myaccount>.snowflakecomputing.com/?db=<mydb>&warehouse=<mywarehouse>&role=<myrole>", # cspell:disable-line
credentials=UsernamePasswordConfiguration(username="XXXXX", password="XXXXXX"),
)
connection = ml_client_ws.connections.create_or_update(workspace_connection=wps_connection)
# [END create_or_update_connection]
# [START delete_connection]
from azure.ai.ml import MLClient
ml_client_ws = MLClient(credential, subscription_id, resource_group, workspace_name="test-ws")
ml_client_ws.connections.delete(name="connection-1")
# [END delete_connection]
# [START list_connection]
from azure.ai.ml import MLClient
ml_client_ws = MLClient(credential, subscription_id, resource_group, workspace_name="test-ws")
ml_client_ws.connections.list(connection_type="git")
# [END list_connection]
# [START hub_list]
from azure.ai.ml.constants import Scope
# list workspaces in the resource group set in ml_client
hubs = ml_client.workspace_hubs.list() # type:ignore
hubs = ml_client.workspace_hubs.list(scope=Scope.RESOURCE_GROUP) # type:ignore
# list workspaces in the subscription set in ml_client
hubs = ml_client.workspace_hubs.list(scope=Scope.SUBSCRIPTION) # type:ignore
# [END hub_list]
# [START hub_get]
workspace = ml_client.workspace_hubs.get(name="test-hub1") # type:ignore
# [END hub_get]
# [START hub_begin_create]
from azure.ai.ml.entities import Hub
hub = Hub(
name="test-hub1",
description="a test hub",
tags={"purpose": "demo"},
location="eastus",
resource_group=resource_group,
)
hub = ml_client.workspace_hubs.begin_create(workspace_hub=hub).result() # type:ignore
# [END hub_begin_create]
# [START hub_begin_update]
hub = ml_client.workspace_hubs.get(name="test-hub1") # type:ignore
hub.description = "a different description"
hub = ml_client.workspace_hubs.begin_update(workspace_hub=hub).result() # type:ignore
# [END hub_begin_update]
# [START hub_begin_delete]
ml_client.workspace_hubs.begin_delete( # type:ignore
name="test-hub1", delete_dependent_resources=True, permanently_delete=True
)
# [END hub_begin_delete]
# [START outbound_rule_list]
rules = ml_client.workspace_outbound_rules.list(workspace_name="test-ws")
# [END outbound_rule_list]
# [START outbound_rule_get]
rule = ml_client.workspace_outbound_rules.get(workspace_name="test-ws", outbound_rule_name="sample-rule")
# [END outbound_rule_get]
# [START outbound_rule_begin_create]
from azure.ai.ml.entities import FqdnDestination
fqdn_rule = FqdnDestination(name="rulename", destination="google.com")
rule = ml_client.workspace_outbound_rules.begin_create(workspace_name="test-ws", rule=fqdn_rule).result()
# [END outbound_rule_begin_create]
# [START outbound_rule_begin_update]
from azure.ai.ml.entities import FqdnDestination
fqdn_rule = FqdnDestination(name="rulename", destination="linkedin.com")
rule = ml_client.workspace_outbound_rules.begin_update(workspace_name="test-ws", rule=fqdn_rule).result()
# [END outbound_rule_begin_update]
# [START outbound_rule_begin_remove]
ml_client.workspace_outbound_rules.begin_remove(workspace_name="test-ws", outbound_rule_name="rulename")
# [END outbound_rule_begin_remove]
if __name__ == "__main__":
sample = WorkspaceConfigurationOptions()
sample.ml_workspace_config_sample_snippets_entities()
sample.ml_workspace_config_sample_snippets_operations()
|
