Class NetworkingClient

Creates an IP access list for the account.

A list can be an allow list or a block list. See the top of this file for a description of how the server treats allow lists and block lists at runtime.

When creating or updating an IP access list:

• For all allow lists and block lists combined, the API supports a maximum of 1000 IP/CIDR values, where one CIDR counts as a single value. Attempts to exceed that number return error 400 with error_code value QUOTA_EXCEEDED.
• If the new list would block the calling user's current IP, error 400 is returned with error_code value INVALID_STATE.

It can take a few minutes for the changes to take effect.

Creates a new network connectivity endpoint that enables private connectivity between your network resources and services.

After creation, the endpoint is initially in the PENDING state. The endpoint service automatically reviews and approves the endpoint within a few minutes. Use the GET method to retrieve the latest endpoint state.

An endpoint can be used only after it reaches the APPROVED state.

Creates an IP access list for this workspace.

A list can be an allow list or a block list. See the top of this file for a description of how the server treats allow lists and block lists at runtime.

When creating or updating an IP access list:

• For all allow lists and block lists combined, the API supports a maximum of 1000 IP/CIDR values, where one CIDR counts as a single value. Attempts to exceed that number return error 400 with error_code value QUOTA_EXCEEDED.
• If the new list would block the calling user's current IP, error 400 is returned with error_code value INVALID_STATE.

It can take a few minutes for the changes to take effect. Note: Your new IP access list has no effect until you enable the feature. See :method:workspaceconf/setStatus

Create a private endpoint rule for the specified network connectivity config object. Once the object is created, asynchronously provisions a new Azure private endpoint to your specified Azure resource.

IMPORTANT: You must use Azure portal or other Azure tools to approve the private endpoint to complete the connection. To get the information of the private endpoint created, make a GET request on the new private endpoint rule. See serverless private link.

Creates a network connectivity configuration (NCC), which provides stable Azure service subnets when accessing your Azure Storage accounts. You can also use a network connectivity configuration to create managed private endpoints so that serverless compute resources privately access your resources.

IMPORTANT: After you create the network connectivity configuration, you must assign one or more workspaces to the new network connectivity configuration. You can share one network connectivity configuration with multiple workspaces from the same Azure region within the same account. See configure serverless secure connectivity.

Creates a new network policy to manage which network destinations can be accessed from the environment.

Creates a network configuration that represents an VPC and its resources. The VPC will be used for new clusters. This requires a pre-existing VPC and subnets.

Creates a private access settings configuration, which represents network access restrictions for workspace resources. Private access settings configure whether workspaces can be accessed from the public internet or only from private endpoints.

Creates a VPC endpoint configuration, which represents a VPC endpoint object in AWS used to communicate privately with over AWS PrivateLink.

After you create the VPC endpoint configuration, the endpoint service automatically accepts the VPC endpoint.

Before configuring PrivateLink, read the article about PrivateLink.

Deletes an IP access list, specified by its list ID.

Deletes a network endpoint. This will remove the endpoint configuration from . Depending on the endpoint type and use case, you may also need to delete corresponding network resources in your cloud provider account.

Deletes an IP access list, specified by its list ID.

Initiates deleting a private endpoint rule. If the connection state is PENDING or EXPIRED, the private endpoint is immediately deleted. Otherwise, the private endpoint is deactivated and will be deleted after one day of deactivation. When a private endpoint is deactivated, the deactivated field is set to true and the private endpoint is not available to your serverless compute resources.

Deletes a network connectivity configuration.

Deletes a network policy. Cannot be called on 'default-policy'.

Deletes a network configuration, which represents a cloud VPC and its resources. You cannot delete a network that is associated with a workspace.

This operation is available only if your account is on the E2 version of the platform.

Deletes a private access settings configuration, both specified by ID.

Deletes a Databricks VPC endpoint configuration. You cannot delete a VPC endpoint configuration that is associated with any workspace.

Gets an IP access list, specified by its list ID.

Gets details of a specific network endpoint.

Gets an IP access list, specified by its list ID.

Gets the private endpoint rule.

Gets a network connectivity configuration.

Gets a network policy.

Gets a network configuration, which represents a cloud VPC and its resources.

Gets a private access settings configuration, both specified by ID.

Gets a VPC endpoint configuration, which represents a VPC endpoint object in AWS used to communicate privately with over AWS PrivateLink.

Gets the network option for a workspace. Every workspace has exactly one network policy binding, with 'default-policy' used if no explicit assignment exists.

Gets all IP access lists for the specified account.

Lists all network connectivity endpoints for the account.

Gets all IP access lists for the specified workspace.

Gets an array of private endpoint rules.

Gets an array of network connectivity configurations.

Gets an array of network policies.

Lists network configurations for an account.

Lists private access settings for an account.

Lists Databricks VPC endpoint configurations for an account.

Replaces an IP access list, specified by its ID.

A list can include allow lists and block lists. See the top of this file for a description of how the server treats allow lists and block lists at run time. When replacing an IP access list:

• For all allow lists and block lists combined, the API supports a maximum of 1000 IP/CIDR values, where one CIDR counts as a single value. Attempts to exceed that number return error 400 with error_code value QUOTA_EXCEEDED.
• If the resulting list would block the calling user's current IP, error 400 is returned with error_code value INVALID_STATE. It can take a few minutes for the changes to take effect.

Replaces an IP access list, specified by its ID.

A list can include allow lists and block lists. See the top of this file for a description of how the server treats allow lists and block lists at run time. When replacing an IP access list:

• For all allow lists and block lists combined, the API supports a maximum of 1000 IP/CIDR values, where one CIDR counts as a single value. Attempts to exceed that number return error 400 with error_code value QUOTA_EXCEEDED.
• If the resulting list would block the calling user's current IP, error 400 is returned with error_code value INVALID_STATE. It can take a few minutes for the changes to take effect. Note that your resulting IP access list has no effect until you enable the feature. See :method:workspaceconf/setStatus.

Updates an existing IP access list, specified by its ID.

A list can include allow lists and block lists. See the top of this file for a description of how the server treats allow lists and block lists at run time.

When updating an IP access list:

• For all allow lists and block lists combined, the API supports a maximum of 1000 IP/CIDR values, where one CIDR counts as a single value. Attempts to exceed that number return error 400 with error_code value QUOTA_EXCEEDED.
• If the updated list would block the calling user's current IP, error 400 is returned with error_code value INVALID_STATE.

It can take a few minutes for the changes to take effect.

Updates an existing IP access list, specified by its ID.

A list can include allow lists and block lists. See the top of this file for a description of how the server treats allow lists and block lists at run time.

When updating an IP access list:

• For all allow lists and block lists combined, the API supports a maximum of 1000 IP/CIDR values, where one CIDR counts as a single value. Attempts to exceed that number return error 400 with error_code value QUOTA_EXCEEDED.
• If the updated list would block the calling user's current IP, error 400 is returned with error_code value INVALID_STATE.

It can take a few minutes for the changes to take effect. Note that your resulting IP access list has no effect until you enable the feature. See :method:workspaceconf/setStatus.

Updates a private endpoint rule. Currently only a private endpoint rule to customer-managed resources is allowed to be updated.

Updates a network policy. This allows you to modify the configuration of a network policy.

Updates an existing private access settings object, which specifies how your workspace is accessed over AWS PrivateLink. To use AWS PrivateLink, a workspace must have a private access settings object referenced by ID in the workspace's private_access_settings_id property. This operation completely overwrites your existing private access settings object attached to your workspaces. All workspaces attached to the private access settings are affected by any change. If public_access_enabled, private_access_level, or allowed_vpc_endpoint_ids are updated, effects of these changes might take several minutes to propagate to the workspace API. You can share one private access settings object with multiple workspaces in a single account. However, private access settings are specific to AWS regions, so only workspaces in the same AWS region can use a given private access settings object. Before configuring PrivateLink, read the article about PrivateLink.

Updates the network option for a workspace. This operation associates the workspace with the specified network policy. To revert to the default policy, specify 'default-policy' as the network_policy_id.