salt.states.azurearm_dns

Azure (ARM) DNS State Module

New in version 3000.

Warning

This cloud provider will be removed from Salt in version 3007 in favor of the saltext.azurerm Salt Extension

maintainer

<devops@eitr.tech>

maturity

new

depends
platform

linux

configuration

This module requires Azure Resource Manager credentials to be passed as a dictionary of keyword arguments to the connection_auth parameter in order to work properly. Since the authentication parameters are sensitive, it's recommended to pass them to the states via pillar.

Required provider parameters:

if using username and password:

  • subscription_id

  • username

  • password

if using a service principal:

  • subscription_id

  • tenant

  • client_id

  • secret

Optional provider parameters:

cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:

Possible values:

  • AZURE_PUBLIC_CLOUD (default)

  • AZURE_CHINA_CLOUD

  • AZURE_US_GOV_CLOUD

  • AZURE_GERMAN_CLOUD

Example Pillar for Azure Resource Manager authentication:

azurearm:
    user_pass_auth:
        subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
        username: fletch
        password: 123pass
    mysubscription:
        subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
        tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
        client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
        secret: XXXXXXXXXXXXXXXXXXXXXXXX
        cloud_environment: AZURE_PUBLIC_CLOUD

Example states using Azure Resource Manager authentication:

{% set profile = salt['pillar.get']('azurearm:mysubscription') %}
Ensure DNS zone exists:
    azurearm_dns.zone_present:
        - name: contoso.com
        - resource_group: my_rg
        - tags:
            how_awesome: very
            contact_name: Elmer Fudd Gantry
        - connection_auth: {{ profile }}

Ensure DNS record set exists:
    azurearm_dns.record_set_present:
        - name: web
        - zone_name: contoso.com
        - resource_group: my_rg
        - record_type: A
        - ttl: 300
        - arecords:
          - ipv4_address: 10.0.0.1
        - tags:
            how_awesome: very
            contact_name: Elmer Fudd Gantry
        - connection_auth: {{ profile }}

Ensure DNS record set is absent:
    azurearm_dns.record_set_absent:
        - name: web
        - zone_name: contoso.com
        - resource_group: my_rg
        - record_type: A
        - connection_auth: {{ profile }}

Ensure DNS zone is absent:
    azurearm_dns.zone_absent:
        - name: contoso.com
        - resource_group: my_rg
        - connection_auth: {{ profile }}
salt.states.azurearm_dns.record_set_absent(name, zone_name, resource_group, connection_auth=None)

New in version 3000.

Ensure a record set does not exist in the DNS zone.

Parameters
  • name -- Name of the record set.

  • zone_name -- Name of the DNS zone.

  • resource_group -- The resource group assigned to the DNS zone.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

salt.states.azurearm_dns.record_set_present(name, zone_name, resource_group, record_type, if_match=None, if_none_match=None, etag=None, metadata=None, ttl=None, arecords=None, aaaa_records=None, mx_records=None, ns_records=None, ptr_records=None, srv_records=None, txt_records=None, cname_record=None, soa_record=None, caa_records=None, connection_auth=None, **kwargs)

New in version 3000.

Ensure a record set exists in a DNS zone.

Parameters
  • name -- The name of the record set, relative to the name of the zone.

  • zone_name -- Name of the DNS zone (without a terminating dot).

  • resource_group -- The resource group assigned to the DNS zone.

  • record_type -- The type of DNS record in this record set. Record sets of type SOA can be updated but not created (they are created when the DNS zone is created). Possible values include: 'A', 'AAAA', 'CAA', 'CNAME', 'MX', 'NS', 'PTR', 'SOA', 'SRV', 'TXT'

  • if_match -- The etag of the record set. Omit this value to always overwrite the current record set. Specify the last-seen etag value to prevent accidentally overwritting any concurrent changes.

  • if_none_match -- Set to '*' to allow a new record set to be created, but to prevent updating an existing record set. Other values will be ignored.

  • etag -- The etag of the record set. Etags are used to handle concurrent changes to the same resource safely.

  • metadata -- A dictionary of strings can be passed as tag metadata to the record set object.

  • ttl -- The TTL (time-to-live) of the records in the record set. Required when specifying record information.

  • arecords -- The list of A records in the record set. View the Azure SDK documentation to create a list of dictionaries representing the record objects.

  • aaaa_records -- The list of AAAA records in the record set. View the Azure SDK documentation to create a list of dictionaries representing the record objects.

  • mx_records -- The list of MX records in the record set. View the Azure SDK documentation to create a list of dictionaries representing the record objects.

  • ns_records -- The list of NS records in the record set. View the Azure SDK documentation to create a list of dictionaries representing the record objects.

  • ptr_records -- The list of PTR records in the record set. View the Azure SDK documentation to create a list of dictionaries representing the record objects.

  • srv_records -- The list of SRV records in the record set. View the Azure SDK documentation to create a list of dictionaries representing the record objects.

  • txt_records -- The list of TXT records in the record set. View the Azure SDK documentation to create a list of dictionaries representing the record objects.

  • cname_record -- The CNAME record in the record set. View the Azure SDK documentation to create a dictionary representing the record object.

  • soa_record -- The SOA record in the record set. View the Azure SDK documentation to create a dictionary representing the record object.

  • caa_records -- The list of CAA records in the record set. View the Azure SDK documentation to create a list of dictionaries representing the record objects.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure record set exists:
    azurearm_dns.record_set_present:
        - name: web
        - zone_name: contoso.com
        - resource_group: my_rg
        - record_type: A
        - ttl: 300
        - arecords:
          - ipv4_address: 10.0.0.1
        - metadata:
            how_awesome: very
            contact_name: Elmer Fudd Gantry
        - connection_auth: {{ profile }}
salt.states.azurearm_dns.zone_absent(name, resource_group, connection_auth=None)

New in version 3000.

Ensure a DNS zone does not exist in the resource group.

Parameters
  • name -- Name of the DNS zone.

  • resource_group -- The resource group assigned to the DNS zone.

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

salt.states.azurearm_dns.zone_present(name, resource_group, etag=None, if_match=None, if_none_match=None, registration_virtual_networks=None, resolution_virtual_networks=None, tags=None, zone_type='Public', connection_auth=None, **kwargs)

New in version 3000.

Ensure a DNS zone exists.

Parameters
  • name -- Name of the DNS zone (without a terminating dot).

  • resource_group -- The resource group assigned to the DNS zone.

  • etag -- The etag of the zone. Etags are used to handle concurrent changes to the same resource safely.

  • if_match -- The etag of the DNS zone. Omit this value to always overwrite the current zone. Specify the last-seen etag value to prevent accidentally overwritting any concurrent changes.

  • if_none_match -- Set to '*' to allow a new DNS zone to be created, but to prevent updating an existing zone. Other values will be ignored.

  • registration_virtual_networks --

    A list of references to virtual networks that register hostnames in this DNS zone. This is only when zone_type is Private. (requires azure-mgmt-dns >= 2.0.0rc1)

  • resolution_virtual_networks --

    A list of references to virtual networks that resolve records in this DNS zone. This is only when zone_type is Private. (requires azure-mgmt-dns >= 2.0.0rc1)

  • tags -- A dictionary of strings can be passed as tag metadata to the DNS zone object.

  • zone_type --

    The type of this DNS zone (Public or Private). Possible values include: 'Public', 'Private'. Default value: 'Public'

    (requires azure-mgmt-dns >= 2.0.0rc1)

  • connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure DNS zone exists:
    azurearm_dns.zone_present:
        - name: contoso.com
        - resource_group: my_rg
        - zone_type: Private
        - registration_virtual_networks:
          - /subscriptions/{{ sub }}/resourceGroups/my_rg/providers/Microsoft.Network/virtualNetworks/test_vnet
        - tags:
            how_awesome: very
            contact_name: Elmer Fudd Gantry
        - connection_auth: {{ profile }}