salt.states.azurearm_network

Azure (ARM) Network State Module

New in version 2019.2.0.

Warning

This cloud provider will be removed from Salt in version 3007 in favor of the saltext.azurerm Salt Extension

maintainer:

<devops@eitr.tech>

maturity:

new

depends:
platform:

linux

configuration:

This module requires Azure Resource Manager credentials to be passed as a dictionary of keyword arguments to the connection_auth parameter in order to work properly. Since the authentication parameters are sensitive, it's recommended to pass them to the states via pillar.

Required provider parameters:

if using username and password:
  • subscription_id

  • username

  • password

if using a service principal:
  • subscription_id

  • tenant

  • client_id

  • secret

Optional provider parameters:

cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:
  • AZURE_PUBLIC_CLOUD (default)

  • AZURE_CHINA_CLOUD

  • AZURE_US_GOV_CLOUD

  • AZURE_GERMAN_CLOUD

Example Pillar for Azure Resource Manager authentication:

azurearm:
    user_pass_auth:
        subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
        username: fletch
        password: 123pass
    mysubscription:
        subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
        tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
        client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
        secret: XXXXXXXXXXXXXXXXXXXXXXXX
        cloud_environment: AZURE_PUBLIC_CLOUD

Example states using Azure Resource Manager authentication:

{% set profile = salt['pillar.get']('azurearm:mysubscription') %}
Ensure virtual network exists:
    azurearm_network.virtual_network_present:
        - name: my_vnet
        - resource_group: my_rg
        - address_prefixes:
            - '10.0.0.0/8'
            - '192.168.0.0/16'
        - dns_servers:
            - '8.8.8.8'
        - tags:
            how_awesome: very
            contact_name: Elmer Fudd Gantry
        - connection_auth: {{ profile }}

Ensure virtual network is absent:
    azurearm_network.virtual_network_absent:
        - name: other_vnet
        - resource_group: my_rg
        - connection_auth: {{ profile }}
salt.states.azurearm_network.load_balancer_absent(name, resource_group, connection_auth=None)

New in version 2019.2.0.

Ensure a load balancer does not exist in the resource group.

Parameters:
  • name -- Name of the load balancer.

  • resource_group -- The resource group assigned to the load balancer.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

salt.states.azurearm_network.load_balancer_present(name, resource_group, sku=None, frontend_ip_configurations=None, backend_address_pools=None, load_balancing_rules=None, probes=None, inbound_nat_rules=None, inbound_nat_pools=None, outbound_nat_rules=None, tags=None, connection_auth=None, **kwargs)

New in version 2019.2.0.

Ensure a load balancer exists.

Parameters:
  • name -- Name of the load balancer.

  • resource_group -- The resource group assigned to the load balancer.

  • sku -- The load balancer SKU, which can be 'Basic' or 'Standard'.

  • tags -- A dictionary of strings can be passed as tag metadata to the load balancer object.

  • frontend_ip_configurations --

    An optional list of dictionaries representing valid FrontendIPConfiguration objects. A frontend IP configuration can be either private (using private IP address and subnet parameters) or public (using a reference to a public IP address object). Valid parameters are:

    • name: The name of the resource that is unique within a resource group.

    • private_ip_address: The private IP address of the IP configuration. Required if 'private_ip_allocation_method' is 'Static'.

    • private_ip_allocation_method: The Private IP allocation method. Possible values are: 'Static' and 'Dynamic'.

    • subnet: Name of an existing subnet inside of which the frontend IP will reside.

    • public_ip_address: Name of an existing public IP address which will be assigned to the frontend IP object.

  • backend_address_pools -- An optional list of dictionaries representing valid BackendAddressPool objects. Only the 'name' parameter is valid for a BackendAddressPool dictionary. All other parameters are read-only references from other objects linking to the backend address pool. Inbound traffic is randomly load balanced across IPs in the backend IPs.

  • probes --

    An optional list of dictionaries representing valid Probe objects. Valid parameters are:

    • name: The name of the resource that is unique within a resource group.

    • protocol: The protocol of the endpoint. Possible values are 'Http' or 'Tcp'. If 'Tcp' is specified, a received ACK is required for the probe to be successful. If 'Http' is specified, a 200 OK response from the specified URI is required for the probe to be successful.

    • port: The port for communicating the probe. Possible values range from 1 to 65535, inclusive.

    • interval_in_seconds: The interval, in seconds, for how frequently to probe the endpoint for health status. Typically, the interval is slightly less than half the allocated timeout period (in seconds) which allows two full probes before taking the instance out of rotation. The default value is 15, the minimum value is 5.

    • number_of_probes: The number of probes where if no response, will result in stopping further traffic from being delivered to the endpoint. This values allows endpoints to be taken out of rotation faster or slower than the typical times used in Azure.

    • request_path: The URI used for requesting health status from the VM. Path is required if a protocol is set to 'Http'. Otherwise, it is not allowed. There is no default value.

  • load_balancing_rules --

    An optional list of dictionaries representing valid LoadBalancingRule objects. Valid parameters are:

    • name: The name of the resource that is unique within a resource group.

    • load_distribution: The load distribution policy for this rule. Possible values are 'Default', 'SourceIP', and 'SourceIPProtocol'.

    • frontend_port: The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values are between 0 and 65534. Note that value 0 enables 'Any Port'.

    • backend_port: The port used for internal connections on the endpoint. Acceptable values are between 0 and 65535. Note that value 0 enables 'Any Port'.

    • idle_timeout_in_minutes: The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP.

    • enable_floating_ip: Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint.

    • disable_outbound_snat: Configures SNAT for the VMs in the backend pool to use the public IP address specified in the frontend of the load balancing rule.

    • frontend_ip_configuration: Name of the frontend IP configuration object used by the load balancing rule object.

    • backend_address_pool: Name of the backend address pool object used by the load balancing rule object. Inbound traffic is randomly load balanced across IPs in the backend IPs.

    • probe: Name of the probe object used by the load balancing rule object.

  • inbound_nat_rules --

    An optional list of dictionaries representing valid InboundNatRule objects. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. Valid parameters are:

    • name: The name of the resource that is unique within a resource group.

    • frontend_ip_configuration: Name of the frontend IP configuration object used by the inbound NAT rule object.

    • protocol: Possible values include 'Udp', 'Tcp', or 'All'.

    • frontend_port: The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534.

    • backend_port: The port used for the internal endpoint. Acceptable values range from 1 to 65535.

    • idle_timeout_in_minutes: The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP.

    • enable_floating_ip: Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint.

  • inbound_nat_pools --

    An optional list of dictionaries representing valid InboundNatPool objects. They define an external port range for inbound NAT to a single backend port on NICs associated with a load balancer. Inbound NAT rules are created automatically for each NIC associated with the Load Balancer using an external port from this range. Defining an Inbound NAT pool on your Load Balancer is mutually exclusive with defining inbound NAT rules. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an inbound NAT pool. They have to reference individual inbound NAT rules. Valid parameters are:

    • name: The name of the resource that is unique within a resource group.

    • frontend_ip_configuration: Name of the frontend IP configuration object used by the inbound NAT pool object.

    • protocol: Possible values include 'Udp', 'Tcp', or 'All'.

    • frontend_port_range_start: The first port number in the range of external ports that will be used to provide Inbound NAT to NICs associated with a load balancer. Acceptable values range between 1 and 65534.

    • frontend_port_range_end: The last port number in the range of external ports that will be used to provide Inbound NAT to NICs associated with a load balancer. Acceptable values range between 1 and 65535.

    • backend_port: The port used for internal connections to the endpoint. Acceptable values are between 1 and 65535.

  • outbound_nat_rules --

    An optional list of dictionaries representing valid OutboundNatRule objects. Valid parameters are:

    • name: The name of the resource that is unique within a resource group.

    • frontend_ip_configuration: Name of the frontend IP configuration object used by the outbound NAT rule object.

    • backend_address_pool: Name of the backend address pool object used by the outbound NAT rule object. Outbound traffic is randomly load balanced across IPs in the backend IPs.

    • allocated_outbound_ports: The number of outbound ports to be used for NAT.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure load balancer exists:
    azurearm_network.load_balancer_present:
        - name: lb1
        - resource_group: group1
        - location: eastus
        - frontend_ip_configurations:
          - name: lb1_feip1
            public_ip_address: pub_ip1
        - backend_address_pools:
          - name: lb1_bepool1
        - probes:
          - name: lb1_webprobe1
            protocol: tcp
            port: 80
            interval_in_seconds: 5
            number_of_probes: 2
        - load_balancing_rules:
          - name: lb1_webprobe1
            protocol: tcp
            frontend_port: 80
            backend_port: 80
            idle_timeout_in_minutes: 4
            frontend_ip_configuration: lb1_feip1
            backend_address_pool: lb1_bepool1
            probe: lb1_webprobe1
        - tags:
            contact_name: Elmer Fudd Gantry
        - connection_auth: {{ profile }}
        - require:
          - azurearm_resource: Ensure resource group exists
          - azurearm_network: Ensure public IP exists
salt.states.azurearm_network.network_interface_absent(name, resource_group, connection_auth=None)

New in version 2019.2.0.

Ensure a network interface does not exist in the resource group.

Parameters:
  • name -- Name of the network interface.

  • resource_group -- The resource group assigned to the network interface.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

salt.states.azurearm_network.network_interface_present(name, ip_configurations, subnet, virtual_network, resource_group, tags=None, virtual_machine=None, network_security_group=None, dns_settings=None, mac_address=None, primary=None, enable_accelerated_networking=None, enable_ip_forwarding=None, connection_auth=None, **kwargs)

New in version 2019.2.0.

Ensure a network interface exists.

Parameters:
  • name -- Name of the network interface.

  • ip_configurations -- A list of dictionaries representing valid NetworkInterfaceIPConfiguration objects. The 'name' key is required at minimum. At least one IP Configuration must be present.

  • subnet -- Name of the existing subnet assigned to the network interface.

  • virtual_network -- Name of the existing virtual network containing the subnet.

  • resource_group -- The resource group assigned to the virtual network.

  • tags -- A dictionary of strings can be passed as tag metadata to the network interface object.

  • network_security_group -- The name of the existing network security group to assign to the network interface.

  • virtual_machine -- The name of the existing virtual machine to assign to the network interface.

  • dns_settings --

    An optional dictionary representing a valid NetworkInterfaceDnsSettings object. Valid parameters are:

    • dns_servers: List of DNS server IP addresses. Use 'AzureProvidedDNS' to switch to Azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dns_servers collection.

    • internal_dns_name_label: Relative DNS name for this NIC used for internal communications between VMs in the same virtual network.

    • internal_fqdn: Fully qualified DNS name supporting internal communications between VMs in the same virtual network.

    • internal_domain_name_suffix: Even if internal_dns_name_label is not specified, a DNS entry is created for the primary NIC of the VM. This DNS name can be constructed by concatenating the VM name with the value of internal_domain_name_suffix.

  • mac_address -- Optional string containing the MAC address of the network interface.

  • primary -- Optional boolean allowing the interface to be set as the primary network interface on a virtual machine with multiple interfaces attached.

  • enable_accelerated_networking -- Optional boolean indicating whether accelerated networking should be enabled for the interface.

  • enable_ip_forwarding -- Optional boolean indicating whether IP forwarding should be enabled for the interface.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure network interface exists:
    azurearm_network.network_interface_present:
        - name: iface1
        - subnet: vnet1_sn1
        - virtual_network: vnet1
        - resource_group: group1
        - ip_configurations:
          - name: iface1_ipc1
            public_ip_address: pub_ip2
        - dns_settings:
            internal_dns_name_label: decisionlab-int-test-label
        - primary: True
        - enable_accelerated_networking: True
        - enable_ip_forwarding: False
        - network_security_group: nsg1
        - connection_auth: {{ profile }}
        - require:
          - azurearm_network: Ensure subnet exists
          - azurearm_network: Ensure network security group exists
          - azurearm_network: Ensure another public IP exists
salt.states.azurearm_network.network_security_group_absent(name, resource_group, connection_auth=None)

New in version 2019.2.0.

Ensure a network security group does not exist in the resource group.

Parameters:
  • name -- Name of the network security group.

  • resource_group -- The resource group assigned to the network security group.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

salt.states.azurearm_network.network_security_group_present(name, resource_group, tags=None, security_rules=None, connection_auth=None, **kwargs)

New in version 2019.2.0.

Ensure a network security group exists.

Parameters:
  • name -- Name of the network security group.

  • resource_group -- The resource group assigned to the network security group.

  • tags -- A dictionary of strings can be passed as tag metadata to the network security group object.

  • security_rules -- An optional list of dictionaries representing valid SecurityRule objects. See the documentation for the security_rule_present state or security_rule_create_or_update execution module for more information on required and optional parameters for security rules. The rules are only managed if this parameter is present. When this parameter is absent, implemented rules will not be removed, and will merely become unmanaged.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure network security group exists:
    azurearm_network.network_security_group_present:
        - name: nsg1
        - resource_group: group1
        - security_rules:
          - name: nsg1_rule1
            priority: 100
            protocol: tcp
            access: allow
            direction: outbound
            source_address_prefix: virtualnetwork
            destination_address_prefix: internet
            source_port_range: '*'
            destination_port_range: '*'
          - name: nsg1_rule2
            priority: 101
            protocol: tcp
            access: allow
            direction: inbound
            source_address_prefix: internet
            destination_address_prefix: virtualnetwork
            source_port_range: '*'
            destination_port_ranges:
              - '80'
              - '443'
        - tags:
            contact_name: Elmer Fudd Gantry
        - connection_auth: {{ profile }}
        - require:
          - azurearm_resource: Ensure resource group exists
salt.states.azurearm_network.public_ip_address_absent(name, resource_group, connection_auth=None)

New in version 2019.2.0.

Ensure a public IP address does not exist in the resource group.

Parameters:
  • name -- Name of the public IP address.

  • resource_group -- The resource group assigned to the public IP address.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

salt.states.azurearm_network.public_ip_address_present(name, resource_group, tags=None, sku=None, public_ip_allocation_method=None, public_ip_address_version=None, dns_settings=None, idle_timeout_in_minutes=None, connection_auth=None, **kwargs)

New in version 2019.2.0.

Ensure a public IP address exists.

Parameters:
  • name -- Name of the public IP address.

  • resource_group -- The resource group assigned to the public IP address.

  • dns_settings -- An optional dictionary representing a valid PublicIPAddressDnsSettings object. Parameters include 'domain_name_label' and 'reverse_fqdn', which accept strings. The 'domain_name_label' parameter is concatenated with the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. The 'reverse_fqdn' parameter is a user-visible, fully qualified domain name that resolves to this public IP address. If the reverse FQDN is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN.

  • sku -- The public IP address SKU, which can be 'Basic' or 'Standard'.

  • public_ip_allocation_method -- The public IP allocation method. Possible values are: 'Static' and 'Dynamic'.

  • public_ip_address_version -- The public IP address version. Possible values are: 'IPv4' and 'IPv6'.

  • idle_timeout_in_minutes -- An integer representing the idle timeout of the public IP address.

  • tags -- A dictionary of strings can be passed as tag metadata to the public IP address object.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure public IP exists:
    azurearm_network.public_ip_address_present:
        - name: pub_ip1
        - resource_group: group1
        - dns_settings:
            domain_name_label: decisionlab-ext-test-label
        - sku: basic
        - public_ip_allocation_method: static
        - public_ip_address_version: ipv4
        - idle_timeout_in_minutes: 4
        - tags:
            contact_name: Elmer Fudd Gantry
        - connection_auth: {{ profile }}
        - require:
          - azurearm_resource: Ensure resource group exists
salt.states.azurearm_network.route_absent(name, route_table, resource_group, connection_auth=None)

New in version 2019.2.0.

Ensure a route table does not exist in the resource group.

Parameters:
  • name -- Name of the route table.

  • route_table -- The name of the existing route table containing the route.

  • resource_group -- The resource group assigned to the route table.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

salt.states.azurearm_network.route_present(name, address_prefix, next_hop_type, route_table, resource_group, next_hop_ip_address=None, connection_auth=None, **kwargs)

New in version 2019.2.0.

Ensure a route exists within a route table.

Parameters:
  • name -- Name of the route.

  • address_prefix -- The destination CIDR to which the route applies.

  • next_hop_type -- The type of Azure hop the packet should be sent to. Possible values are: 'VirtualNetworkGateway', 'VnetLocal', 'Internet', 'VirtualAppliance', and 'None'.

  • next_hop_ip_address -- The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is 'VirtualAppliance'.

  • route_table -- The name of the existing route table which will contain the route.

  • resource_group -- The resource group assigned to the route table.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure route exists:
    azurearm_network.route_present:
        - name: rt1_route2
        - route_table: rt1
        - resource_group: group1
        - address_prefix: '192.168.0.0/16'
        - next_hop_type: vnetlocal
        - connection_auth: {{ profile }}
        - require:
          - azurearm_network: Ensure route table exists
salt.states.azurearm_network.route_table_absent(name, resource_group, connection_auth=None)

New in version 2019.2.0.

Ensure a route table does not exist in the resource group.

Parameters:
  • name -- Name of the route table.

  • resource_group -- The resource group assigned to the route table.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

salt.states.azurearm_network.route_table_present(name, resource_group, tags=None, routes=None, disable_bgp_route_propagation=None, connection_auth=None, **kwargs)

New in version 2019.2.0.

Ensure a route table exists.

Parameters:
  • name -- Name of the route table.

  • resource_group -- The resource group assigned to the route table.

  • routes -- An optional list of dictionaries representing valid Route objects contained within a route table. See the documentation for the route_present state or route_create_or_update execution module for more information on required and optional parameters for routes. The routes are only managed if this parameter is present. When this parameter is absent, implemented routes will not be removed, and will merely become unmanaged.

  • disable_bgp_route_propagation -- An optional boolean parameter setting whether to disable the routes learned by BGP on the route table.

  • tags -- A dictionary of strings can be passed as tag metadata to the route table object.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure route table exists:
    azurearm_network.route_table_present:
        - name: rt1
        - resource_group: group1
        - routes:
          - name: rt1_route1
            address_prefix: '0.0.0.0/0'
            next_hop_type: internet
          - name: rt1_route2
            address_prefix: '192.168.0.0/16'
            next_hop_type: vnetlocal
        - tags:
            contact_name: Elmer Fudd Gantry
        - connection_auth: {{ profile }}
        - require:
          - azurearm_resource: Ensure resource group exists
salt.states.azurearm_network.security_rule_absent(name, security_group, resource_group, connection_auth=None)

New in version 2019.2.0.

Ensure a security rule does not exist in the network security group.

Parameters:
  • name -- Name of the security rule.

  • security_group -- The network security group containing the security rule.

  • resource_group -- The resource group assigned to the network security group.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

salt.states.azurearm_network.security_rule_present(name, access, direction, priority, protocol, security_group, resource_group, destination_address_prefix=None, destination_port_range=None, source_address_prefix=None, source_port_range=None, description=None, destination_address_prefixes=None, destination_port_ranges=None, source_address_prefixes=None, source_port_ranges=None, connection_auth=None, **kwargs)

New in version 2019.2.0.

Ensure a security rule exists.

Parameters:
  • name -- Name of the security rule.

  • access -- 'allow' or 'deny'

  • direction -- 'inbound' or 'outbound'

  • priority -- Integer between 100 and 4096 used for ordering rule application.

  • protocol -- 'tcp', 'udp', or '*'

  • security_group -- The name of the existing network security group to contain the security rule.

  • resource_group -- The resource group assigned to the network security group.

  • description -- Optional description of the security rule.

  • destination_address_prefix -- The CIDR or destination IP range. Asterix '*' can also be used to match all destination IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.

  • destination_port_range -- The destination port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.

  • source_address_prefix -- The CIDR or source IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.

  • source_port_range -- The source port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.

  • destination_address_prefixes -- A list of destination_address_prefix values. This parameter overrides destination_address_prefix and will cause any value entered there to be ignored.

  • destination_port_ranges -- A list of destination_port_range values. This parameter overrides destination_port_range and will cause any value entered there to be ignored.

  • source_address_prefixes -- A list of source_address_prefix values. This parameter overrides source_address_prefix and will cause any value entered there to be ignored.

  • source_port_ranges -- A list of source_port_range values. This parameter overrides source_port_range and will cause any value entered there to be ignored.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure security rule exists:
    azurearm_network.security_rule_present:
        - name: nsg1_rule2
        - security_group: nsg1
        - resource_group: group1
        - priority: 101
        - protocol: tcp
        - access: allow
        - direction: inbound
        - source_address_prefix: internet
        - destination_address_prefix: virtualnetwork
        - source_port_range: '*'
        - destination_port_ranges:
          - '80'
          - '443'
        - connection_auth: {{ profile }}
        - require:
          - azurearm_network: Ensure network security group exists
salt.states.azurearm_network.subnet_absent(name, virtual_network, resource_group, connection_auth=None)

New in version 2019.2.0.

Ensure a virtual network does not exist in the virtual network.

Parameters:
  • name -- Name of the subnet.

  • virtual_network -- Name of the existing virtual network containing the subnet.

  • resource_group -- The resource group assigned to the virtual network.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

salt.states.azurearm_network.subnet_present(name, address_prefix, virtual_network, resource_group, security_group=None, route_table=None, connection_auth=None, **kwargs)

New in version 2019.2.0.

Ensure a subnet exists.

Parameters:
  • name -- Name of the subnet.

  • address_prefix -- A CIDR block used by the subnet within the virtual network.

  • virtual_network -- Name of the existing virtual network to contain the subnet.

  • resource_group -- The resource group assigned to the virtual network.

  • security_group -- The name of the existing network security group to assign to the subnet.

  • route_table -- The name of the existing route table to assign to the subnet.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure subnet exists:
    azurearm_network.subnet_present:
        - name: vnet1_sn1
        - virtual_network: vnet1
        - resource_group: group1
        - address_prefix: '192.168.1.0/24'
        - security_group: nsg1
        - route_table: rt1
        - connection_auth: {{ profile }}
        - require:
          - azurearm_network: Ensure virtual network exists
          - azurearm_network: Ensure network security group exists
          - azurearm_network: Ensure route table exists
salt.states.azurearm_network.virtual_network_absent(name, resource_group, connection_auth=None)

New in version 2019.2.0.

Ensure a virtual network does not exist in the resource group.

Parameters:
  • name -- Name of the virtual network.

  • resource_group -- The resource group assigned to the virtual network.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

salt.states.azurearm_network.virtual_network_present(name, address_prefixes, resource_group, dns_servers=None, tags=None, connection_auth=None, **kwargs)

New in version 2019.2.0.

Ensure a virtual network exists.

Parameters:
  • name -- Name of the virtual network.

  • resource_group -- The resource group assigned to the virtual network.

  • address_prefixes -- A list of CIDR blocks which can be used by subnets within the virtual network.

  • dns_servers -- A list of DNS server addresses.

  • tags -- A dictionary of strings can be passed as tag metadata to the virtual network object.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure virtual network exists:
    azurearm_network.virtual_network_present:
        - name: vnet1
        - resource_group: group1
        - address_prefixes:
            - '10.0.0.0/8'
            - '192.168.0.0/16'
        - dns_servers:
            - '8.8.8.8'
        - tags:
            contact_name: Elmer Fudd Gantry
        - connection_auth: {{ profile }}
        - require:
          - azurearm_resource: Ensure resource group exists