Merge pull request #2 from mattgotteiner/matt/acl

ACL Quickstarts

Author: mattgotteiner

Quickstart-ACL/acl.ipynb

@@ -0,0 +1,228 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "id": "810ce279",
+   "metadata": {},
+   "source": [
+    "## ACL Quickstart for Azure AI Search"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "b6585426",
+   "metadata": {},
+   "source": [
+    "## 1. Load Connections"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "id": "2975a7f5",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from dotenv import load_dotenv\n",
+    "from azure.identity import DefaultAzureCredential, get_bearer_token_provider\n",
+    "import os\n",
+    "\n",
+    "load_dotenv(override=True) # take environment variables from .env.\n",
+    "\n",
+    "# The following variables from your .env file are used in this notebook\n",
+    "endpoint = os.environ[\"AZURE_SEARCH_ENDPOINT\"]\n",
+    "credential = DefaultAzureCredential()\n",
+    "index_name = os.getenv(\"AZURE_SEARCH_INDEX\", \"acl-sample\")\n",
+    "token_provider = get_bearer_token_provider(credential, \"https://search.azure.com/.default\")\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "9327cf01",
+   "metadata": {},
+   "source": [
+    "## 2. Create Sample Index"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "id": "9863061f",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Index 'acl-sample' created with permission filter option enabled.\n"
+     ]
+    }
+   ],
+   "source": [
+    "from azure.search.documents.indexes.models import SearchField, SearchIndex, PermissionFilter, SearchIndexPermissionFilterOption\n",
+    "from azure.search.documents.indexes import SearchIndexClient\n",
+    "\n",
+    "index_client = SearchIndexClient(endpoint=endpoint, credential=credential)\n",
+    "index = SearchIndex(\n",
+    "    name=index_name,\n",
+    "    fields=[\n",
+    "        SearchField(name=\"id\", type=\"Edm.String\", key=True, filterable=True, sortable=True),\n",
+    "        SearchField(name=\"oid\", type=\"Collection(Edm.String)\", filterable=True, permission_filter=PermissionFilter.USER_IDS),\n",
+    "        SearchField(name=\"group\", type=\"Collection(Edm.String)\", filterable=True, permission_filter=PermissionFilter.GROUP_IDS),\n",
+    "        SearchField(name=\"name\", type=\"Edm.String\", searchable=True)\n",
+    "    ],\n",
+    "    permission_filter_option=SearchIndexPermissionFilterOption.ENABLED\n",
+    ")\n",
+    "\n",
+    "index_client.create_index(index=index)\n",
+    "print(f\"Index '{index_name}' created with permission filter option enabled.\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "f5cf4169",
+   "metadata": {},
+   "source": [
+    "## 3. Connect to Graph to find your oid and groups"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "id": "63904f09",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msgraph import GraphServiceClient\n",
+    "client = GraphServiceClient(credentials=credential, scopes=[\"https://graph.microsoft.com/.default\"])\n",
+    "\n",
+    "groups = await client.me.member_of.get()\n",
+    "me = await client.me.get()\n",
+    "oid = me.id"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "a9ce6d0f",
+   "metadata": {},
+   "source": [
+    "## 4. Upload Sample Data"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "id": "8fb830a1",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Documents uploaded to the index.\n"
+     ]
+    }
+   ],
+   "source": [
+    "from azure.search.documents import SearchClient\n",
+    "search_client = SearchClient(endpoint=endpoint, index_name=index_name, credential=credential)\n",
+    "\n",
+    "documents = [\n",
+    "    { \"id\": \"1\", \"oid\": [oid], \"group\": [groups.value[0].id], \"name\": \"Document 1\" },\n",
+    "    { \"id\": \"2\", \"oid\": [\"all\"], \"group\": [groups.value[0].id], \"name\": \"Document 2\" },\n",
+    "    { \"id\": \"3\", \"oid\": [oid], \"group\": [\"all\"], \"name\": \"Document 3\" },\n",
+    "    { \"id\": \"4\", \"oid\": [\"none\"], \"group\": [\"none\"], \"name\": \"Document 4\" },\n",
+    "    { \"id\": \"5\", \"oid\": [\"none\"], \"group\": [groups.value[0].id], \"name\": \"Document 5\" },\n",
+    "]\n",
+    "search_client.upload_documents(documents=documents)\n",
+    "print(\"Documents uploaded to the index.\")\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "e5c93f76",
+   "metadata": {},
+   "source": [
+    "## 5. Search sample data with x-ms-query-source-authorization"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "id": "cd872e8c",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Name: Document 1, OID: ['44e5f686-35a1-4e2c-9ff3-7b6adafcd3c3'], Group: ['ec5aece9-33fc-4b2e-abe1-aedf771357a3']\n",
+      "Name: Document 2, OID: ['all'], Group: ['ec5aece9-33fc-4b2e-abe1-aedf771357a3']\n",
+      "Name: Document 3, OID: ['44e5f686-35a1-4e2c-9ff3-7b6adafcd3c3'], Group: ['all']\n",
+      "Name: Document 5, OID: ['none'], Group: ['ec5aece9-33fc-4b2e-abe1-aedf771357a3']\n"
+     ]
+    }
+   ],
+   "source": [
+    "results = search_client.search(search_text=\"*\", x_ms_query_source_authorization=token_provider(), select=\"name,oid,group\", order_by=\"id asc\")\n",
+    "\n",
+    "for result in results:\n",
+    "    print(f\"Name: {result['name']}, OID: {result['oid']}, Group: {result['group']}\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "d31b67d8",
+   "metadata": {},
+   "source": [
+    "## 6. Search sample data without x-ms-query-source-authorization"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 17,
+   "id": "a1f2f2a0",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Name: Document 1, OID: ['44e5f686-35a1-4e2c-9ff3-7b6adafcd3c3'], Group: ['ec5aece9-33fc-4b2e-abe1-aedf771357a3']\n",
+      "Name: Document 2, OID: ['all'], Group: ['ec5aece9-33fc-4b2e-abe1-aedf771357a3']\n",
+      "Name: Document 3, OID: ['44e5f686-35a1-4e2c-9ff3-7b6adafcd3c3'], Group: ['all']\n",
+      "Name: Document 4, OID: ['none'], Group: ['none']\n",
+      "Name: Document 5, OID: ['none'], Group: ['ec5aece9-33fc-4b2e-abe1-aedf771357a3']\n"
+     ]
+    }
+   ],
+   "source": [
+    "results = search_client.search(search_text=\"*\", x_ms_query_source_authorization=None, select=\"name,oid,group\", order_by=\"id asc\")\n",
+    "\n",
+    "for result in results:\n",
+    "    print(f\"Name: {result['name']}, OID: {result['oid']}, Group: {result['group']}\")"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": ".venv",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.12.10"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}

Quickstart-ACL/requirements.txt

@@ -0,0 +1,9 @@
+azure-identity
+aiohttp
+ipykernel
+dotenv
+requests
+msgraph-sdk
+
+--extra-index-url https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-python/pypi/simple/
+azure-search-documents==11.6.0a20250507002

Quickstart-ACL/sample.env

@@ -0,0 +1,2 @@
+AZURE_SEARCH_ENDPOINT=https://your-search-service.search.windows.net
+AZURE_SEARCH_INDEX_NAME=acl-sample