azurerm_resource
#
Azure Resource Manager Resource State Module
New in version 2019.2.0.
- maintainer:
- maturity:
new
- platform:
linux
- configuration:
This module requires Azure Resource Manager credentials to be passed as a dictionary of keyword arguments to the
connection_auth
parameter in order to work properly. Since the authentication parameters are sensitive, it’s recommended to pass them to the states via pillar.Required provider parameters:
- if using username and password:
subscription_id
username
password
- if using a service principal:
subscription_id
tenant
client_id
secret
Optional provider parameters:
- cloud_environment:
- Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:
AZURE_PUBLIC_CLOUD
(default)AZURE_CHINA_CLOUD
AZURE_US_GOV_CLOUD
AZURE_GERMAN_CLOUD
Example Pillar for Azure Resource Manager authentication:
azurerm: user_pass_auth: subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617 username: fletch password: 123pass mysubscription: subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617 tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF secret: XXXXXXXXXXXXXXXXXXXXXXXX cloud_environment: AZURE_PUBLIC_CLOUD
Example states using Azure Resource Manager authentication:
{% set profile = salt['pillar.get']('azurerm:mysubscription') %} Ensure resource group exists: azurerm_resource.resource_group_present: - name: my_rg - location: westus - tags: how_awesome: very contact_name: Elmer Fudd Gantry - connection_auth: {{ profile }} Ensure resource group is absent: azurerm_resource.resource_group_absent: - name: other_rg - connection_auth: {{ profile }}
- saltext.azurerm.states.azurerm_resource.__virtual__()[source]#
Only make this state available if the azurerm_resource module is available.
- saltext.azurerm.states.azurerm_resource.resource_group_present(name, location, managed_by=None, tags=None, connection_auth=None, **kwargs)[source]#
New in version 2019.2.0.
Ensure a resource group exists.
- Parameters:
name – Name of the resource group.
location – The Azure location in which to create the resource group. This value cannot be updated once the resource group is created.
managed_by – The ID of the resource that manages this resource group. This value cannot be updated once the resource group is created.
tags – A dictionary of strings can be passed as tag metadata to the resource group object.
connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure resource group exists: azurerm_resource.resource_group_present: - name: group1 - location: eastus - tags: contact_name: Elmer Fudd Gantry - connection_auth: {{ profile }}
- saltext.azurerm.states.azurerm_resource.resource_group_absent(name, connection_auth=None)[source]#
New in version 2019.2.0.
Ensure a resource group does not exist in the current subscription.
- Parameters:
name – Name of the resource group.
connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
- saltext.azurerm.states.azurerm_resource.policy_definition_present(name, policy_rule=None, policy_type=None, mode=None, display_name=None, description=None, metadata=None, parameters=None, policy_rule_json=None, policy_rule_file=None, template='jinja', source_hash=None, source_hash_name=None, skip_verify=False, connection_auth=None, **kwargs)[source]#
New in version 2019.2.0.
Ensure a security policy definition exists.
- Parameters:
name – Name of the policy definition.
policy_rule – A YAML dictionary defining the policy rule. See Azure Policy Definition documentation for details on the structure. One of
policy_rule
,policy_rule_json
, orpolicy_rule_file
is required, in that order of precedence for use if multiple parameters are used.policy_rule_json –
A text field defining the entirety of a policy definition in JSON. See Azure Policy Definition documentation for details on the structure. One of
policy_rule
,policy_rule_json
, orpolicy_rule_file
is required, in that order of precedence for use if multiple parameters are used. Note that the name field in the JSON will override thename
parameter in the state.policy_rule_file –
The source of a JSON file defining the entirety of a policy definition. See Azure Policy Definition documentation for details on the structure. One of
policy_rule
,policy_rule_json
, orpolicy_rule_file
is required, in that order of precedence for use if multiple parameters are used. Note that the name field in the JSON will override thename
parameter in the state.skip_verify – Used for the
policy_rule_file
parameter. IfTrue
, hash verification of remote file sources (http://
,https://
,ftp://
) will be skipped, and thesource_hash
argument will be ignored.source_hash – This can be a source hash string or the URI of a file that contains source hash strings.
source_hash_name – When
source_hash
refers to a hash file, Salt will try to find the correct hash by matching the filename/URI associated with that hash.policy_type – The type of policy definition. Possible values are NotSpecified, BuiltIn, and Custom. Only used with the
policy_rule
parameter.mode – The policy definition mode. Possible values are NotSpecified, Indexed, and All. Only used with the
policy_rule
parameter.display_name – The display name of the policy definition. Only used with the
policy_rule
parameter.description – The policy definition description. Only used with the
policy_rule
parameter.metadata – The policy definition metadata defined as a dictionary. Only used with the
policy_rule
parameter.parameters – Required dictionary if a parameter is used in the policy rule. Only used with the
policy_rule
parameter.connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure policy definition exists: azurerm_resource.policy_definition_present: - name: testpolicy - display_name: Test Policy - description: Test policy for testing policies. - policy_rule: if: allOf: - equals: Microsoft.Compute/virtualMachines/write source: action - field: location in: - eastus - eastus2 - centralus then: effect: deny - connection_auth: {{ profile }}
- saltext.azurerm.states.azurerm_resource.policy_definition_absent(name, connection_auth=None)[source]#
New in version 2019.2.0.
Ensure a policy definition does not exist in the current subscription.
- Parameters:
name – Name of the policy definition.
connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
- saltext.azurerm.states.azurerm_resource.policy_assignment_present(name, scope, definition_name, display_name=None, description=None, assignment_type=None, parameters=None, connection_auth=None, **kwargs)[source]#
New in version 2019.2.0.
Ensure a security policy assignment exists.
- Parameters:
name – Name of the policy assignment.
scope – The scope of the policy assignment.
definition_name – The name of the policy definition to assign.
display_name – The display name of the policy assignment.
description – The policy assignment description.
assignment_type – The type of policy assignment.
parameters – Required dictionary if a parameter is used in the policy rule.
connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure policy assignment exists: azurerm_resource.policy_assignment_present: - name: testassign - scope: /subscriptions/bc75htn-a0fhsi-349b-56gh-4fghti-f84852 - definition_name: testpolicy - display_name: Test Assignment - description: Test assignment for testing assignments. - connection_auth: {{ profile }}
- saltext.azurerm.states.azurerm_resource.policy_assignment_absent(name, scope, connection_auth=None)[source]#
New in version 2019.2.0.
Ensure a policy assignment does not exist in the provided scope.
- Parameters:
name – Name of the policy assignment.
scope – The scope of the policy assignment.
- connection_auth
A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.