[AppConfig] az appconfig create\update\network-security-perimeter-configuration: Add NSP support#33301
Open
ChristineWanjau wants to merge 10 commits intoAzure:devfrom
Open
[AppConfig] az appconfig create\update\network-security-perimeter-configuration: Add NSP support#33301ChristineWanjau wants to merge 10 commits intoAzure:devfrom
az appconfig create\update\network-security-perimeter-configuration: Add NSP support#33301ChristineWanjau wants to merge 10 commits intoAzure:devfrom
Conversation
added 3 commits
April 17, 2026 08:50
️✔️AzureCLI-FullTest
|
|
| rule | cmd_name | rule_message | suggest_message |
|---|---|---|---|
| appconfig create | cmd appconfig create added parameter public_network_access |
||
| appconfig create | cmd appconfig create update parameter enable_public_network: added property deprecate_info_redirect=--public-network-access |
||
| appconfig create | cmd appconfig create update parameter enable_public_network: added property deprecate_info_target=enable_public_network |
||
| appconfig network-security-perimeter-configuration | sub group appconfig network-security-perimeter-configuration added |
||
| appconfig update | cmd appconfig update added parameter public_network_access |
||
| appconfig update | cmd appconfig update update parameter enable_public_network: added property deprecate_info_redirect=--public-network-access |
||
| appconfig update | cmd appconfig update update parameter enable_public_network: added property deprecate_info_target=enable_public_network |
microsoft-github-policy-service
Bot
requested review from
avanigupta,
jsntcy,
kairu-ms,
yanzhudd,
yonzhan and
zhoxing-ms
Collaborator
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
ChristineWanjau
requested review from
DanielMicrosoft,
Pan-Qi,
ReaNAiveD,
VeryEarly and
necusjz
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR adds Network Security Perimeter (NSP) support to az appconfig by introducing a new network-security-perimeter-configuration command group and adding a new --public-network-access argument (with SecuredByPerimeter) that supersedes the deprecated --enable-public-network flag.
Changes:
- Added
az appconfig network-security-perimeter-configuration {list,show,reconcile}commands and wiring (client factory, command registration, help). - Added
--public-network-accessand validation to prevent using it with deprecated--enable-public-network; updated create/update logic accordingly. - Updated the management SDK dependency and added/updated scenario tests + recordings.
Reviewed changes
Copilot reviewed 17 out of 45 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/azure-cli/setup.py | Bumps azure-mgmt-appconfiguration to a newer beta needed for NSP support. |
| src/azure-cli/requirements.py3.windows.txt | Keeps Windows pinned requirements in sync with the updated App Configuration management SDK. |
| src/azure-cli/requirements.py3.Linux.txt | Keeps Linux pinned requirements in sync with the updated App Configuration management SDK. |
| src/azure-cli/requirements.py3.Darwin.txt | Keeps macOS pinned requirements in sync with the updated App Configuration management SDK. |
| src/azure-cli/azure/cli/command_modules/appconfig/network_security_perimeter.py | Implements list/show/reconcile handlers for NSP configurations. |
| src/azure-cli/azure/cli/command_modules/appconfig/_client_factory.py | Adds a client factory for NSP configuration operations. |
| src/azure-cli/azure/cli/command_modules/appconfig/commands.py | Registers the new NSP configuration command group. |
| src/azure-cli/azure/cli/command_modules/appconfig/_params.py | Adds --public-network-access, deprecates --enable-public-network, and defines args for new NSP commands. |
| src/azure-cli/azure/cli/command_modules/appconfig/_validators.py | Adds mutual-exclusion validation for public network args. |
| src/azure-cli/azure/cli/command_modules/appconfig/custom.py | Updates create/update to use the new public_network_access input (while keeping backwards compat). |
| src/azure-cli/azure/cli/command_modules/appconfig/_help.py | Adds help entries for the new NSP configuration command group. |
| src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/test_appconfig_nsp_commands.py | Adds live scenario coverage for NSP configuration list/show/reconcile flows. |
| src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/test_appconfig_mgmt_commands.py | Adds scenario coverage for --public-network-access and mutual-exclusion behavior. |
| src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/test_appconfig_kv_import_export_commands.py | Adjusts AKS test inputs (name length / node RG) for reliability. |
| src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_public_network_access_new_param.yaml | Adds recordings for the new public network access parameter scenario test. |
| src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_appinsights.yaml | Updates existing recordings due to API version/CLI changes. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ChristineWanjau
changed the title
az appconfig create\network-security-perimeter-configuration : Add NSP support az appconfig create\network-security-perimeter-configuration : Add NSP support
ChristineWanjau
changed the title
az appconfig create\network-security-perimeter-configuration : Add NSP supportaz appconfig create\network-security-perimeter-configuration: Added NSP support
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
ChristineWanjau
changed the title
az appconfig create\network-security-perimeter-configuration: Added NSP supportaz appconfig create\network-security-perimeter-configuration : Add NSP support
ChristineWanjau
changed the title
az appconfig create\network-security-perimeter-configuration : Add NSP support az appconfig create\network-security-perimeter-configuration: Add NSP support
ChristineWanjau
changed the title
az appconfig create\network-security-perimeter-configuration: Add NSP support az appconfig create\update\network-security-perimeter-configuration: Add NSP support
mrm9084
suggested changes
May 7, 2026
| ) | ||
| except ResourceNotFoundError: | ||
| raise ResourceNotFoundError( | ||
| "The network security perimeter configuration '{}' for App Configuration '{}' not found.".format( |
Member
There was a problem hiding this comment.
Suggested change
| "The network security perimeter configuration '{}' for App Configuration '{}' not found.".format( | |
| "The network security perimeter configuration '{}' for App Configuration '{}' was not found.".format( |
Copilot suggested this, seems to have been missed.
Member
|
In your screenshot the deprecation warning for --enable-public-network is shown even though the invocation doesn't include that parameter. Is that the intended behavior? Edit: Oh wait, |
jimmyca15
reviewed
May 8, 2026
| config_store_name=store_name, | ||
| network_security_perimeter_configuration_name=name | ||
| ) | ||
| except ResourceNotFoundError: |
Member
There was a problem hiding this comment.
I notice that when we do a show for a configuration store, we let this error go unhandled (link).
So is error handling missing there, or is this unnecessary?
jimmyca15
reviewed
May 8, 2026
| @@ -56,6 +56,11 @@ def load_command_table(self, _): | |||
| table_transformer=configstore_snapshot_output_format | |||
| ) | |||
|
|
|||
| configstore_nsp_util = CliCommandType( | |||
Member
There was a problem hiding this comment.
Every other command seems to have table_transformer specified. How come nsp doesn't need it?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related command
az appconfig create\update
az appconfig network-security-perimeter-configuration
Description
This PR introduces Network Security Perimeter (NSP) support for Azure App Configuration stores in the Azure CLI, along with a new --public-network-access argument that supersedes --enable-public-network to enable the new SecuredByPerimeter access mode.
New command group: az appconfig network-security-perimeter-configuration
az appconfig create / az appconfig update
Added --public-network-access with allowed values Enabled, Disabled, SecuredByPerimeter.
Deprecated --enable-public-network / -e (redirects to --public-network-access). The flag remains functional for backward compatibility
Deprecation message:
Testing Guide
History Notes
[AppConfig]
az appconfig create\update: Add NSP support[AppConfig]
az appconfig network-security-perimeter-configuration: Add NSP supportThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.