Azure (ARM) Resource State Module
New in version 2019.2.0.
Warning
This cloud provider will be removed from Salt in version 3007 in favor of the saltext.azurerm Salt Extension
new
azure >= 2.0.0
azure-common >= 1.1.8
azure-mgmt >= 1.0.0
azure-mgmt-compute >= 1.0.0
azure-mgmt-network >= 1.7.1
azure-mgmt-resource >= 1.1.0
azure-mgmt-storage >= 1.0.0
azure-mgmt-web >= 0.32.0
azure-storage >= 0.34.3
msrestazure >= 0.4.21
linux
This module requires Azure Resource Manager credentials to be passed as a dictionary of
keyword arguments to the connection_auth
parameter in order to work properly. Since the authentication
parameters are sensitive, it's recommended to pass them to the states via pillar.
Required provider parameters:
subscription_id
username
password
subscription_id
tenant
client_id
secret
Optional provider parameters:
AZURE_PUBLIC_CLOUD
(default)
AZURE_CHINA_CLOUD
AZURE_US_GOV_CLOUD
AZURE_GERMAN_CLOUD
Example Pillar for Azure Resource Manager authentication:
azurearm:
user_pass_auth:
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
username: fletch
password: 123pass
mysubscription:
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
secret: XXXXXXXXXXXXXXXXXXXXXXXX
cloud_environment: AZURE_PUBLIC_CLOUD
Example states using Azure Resource Manager authentication:
{% set profile = salt['pillar.get']('azurearm:mysubscription') %}
Ensure resource group exists:
azurearm_resource.resource_group_present:
- name: my_rg
- location: westus
- tags:
how_awesome: very
contact_name: Elmer Fudd Gantry
- connection_auth: {{ profile }}
Ensure resource group is absent:
azurearm_resource.resource_group_absent:
- name: other_rg
- connection_auth: {{ profile }}
salt.states.azurearm_resource.
policy_assignment_absent
(name, scope, connection_auth=None)¶New in version 2019.2.0.
Ensure a policy assignment does not exist in the provided scope.
name -- Name of the policy assignment.
scope -- The scope of the policy assignment.
A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
salt.states.azurearm_resource.
policy_assignment_present
(name, scope, definition_name, display_name=None, description=None, assignment_type=None, parameters=None, connection_auth=None, **kwargs)¶New in version 2019.2.0.
Ensure a security policy assignment exists.
name -- Name of the policy assignment.
scope -- The scope of the policy assignment.
definition_name -- The name of the policy definition to assign.
display_name -- The display name of the policy assignment.
description -- The policy assignment description.
assignment_type -- The type of policy assignment.
parameters -- Required dictionary if a parameter is used in the policy rule.
connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure policy assignment exists:
azurearm_resource.policy_assignment_present:
- name: testassign
- scope: /subscriptions/bc75htn-a0fhsi-349b-56gh-4fghti-f84852
- definition_name: testpolicy
- display_name: Test Assignment
- description: Test assignment for testing assignments.
- connection_auth: {{ profile }}
salt.states.azurearm_resource.
policy_definition_absent
(name, connection_auth=None)¶New in version 2019.2.0.
Ensure a policy definition does not exist in the current subscription.
name -- Name of the policy definition.
connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
salt.states.azurearm_resource.
policy_definition_present
(name, policy_rule=None, policy_type=None, mode=None, display_name=None, description=None, metadata=None, parameters=None, policy_rule_json=None, policy_rule_file=None, template='jinja', source_hash=None, source_hash_name=None, skip_verify=False, connection_auth=None, **kwargs)¶New in version 2019.2.0.
Ensure a security policy definition exists.
name -- Name of the policy definition.
policy_rule -- A YAML dictionary defining the policy rule. See Azure Policy Definition documentation for details on the
structure. One of policy_rule
, policy_rule_json
, or policy_rule_file
is required, in that order of
precedence for use if multiple parameters are used.
policy_rule_json --
A text field defining the entirety of a policy definition in JSON. See Azure Policy Definition documentation for details on the
structure. One of policy_rule
, policy_rule_json
, or policy_rule_file
is required, in that order of
precedence for use if multiple parameters are used. Note that the name field in the JSON will override the
name
parameter in the state.
policy_rule_file --
The source of a JSON file defining the entirety of a policy definition. See Azure Policy Definition
documentation for
details on the structure. One of policy_rule
, policy_rule_json
, or policy_rule_file
is required,
in that order of precedence for use if multiple parameters are used. Note that the name field in the JSON
will override the name
parameter in the state.
skip_verify -- Used for the policy_rule_file
parameter. If True
, hash verification of remote file sources
(http://
, https://
, ftp://
) will be skipped, and the source_hash
argument will be ignored.
source_hash -- This can be a source hash string or the URI of a file that contains source hash strings.
source_hash_name -- When source_hash
refers to a hash file, Salt will try to find the correct hash by matching the
filename/URI associated with that hash.
policy_type -- The type of policy definition. Possible values are NotSpecified, BuiltIn, and Custom. Only used with the
policy_rule
parameter.
mode -- The policy definition mode. Possible values are NotSpecified, Indexed, and All. Only used with the
policy_rule
parameter.
display_name -- The display name of the policy definition. Only used with the policy_rule
parameter.
description -- The policy definition description. Only used with the policy_rule
parameter.
metadata -- The policy definition metadata defined as a dictionary. Only used with the policy_rule
parameter.
parameters -- Required dictionary if a parameter is used in the policy rule. Only used with the policy_rule
parameter.
connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure policy definition exists:
azurearm_resource.policy_definition_present:
- name: testpolicy
- display_name: Test Policy
- description: Test policy for testing policies.
- policy_rule:
if:
allOf:
- equals: Microsoft.Compute/virtualMachines/write
source: action
- field: location
in:
- eastus
- eastus2
- centralus
then:
effect: deny
- connection_auth: {{ profile }}
salt.states.azurearm_resource.
resource_group_absent
(name, connection_auth=None)¶New in version 2019.2.0.
Ensure a resource group does not exist in the current subscription.
name -- Name of the resource group.
connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
salt.states.azurearm_resource.
resource_group_present
(name, location, managed_by=None, tags=None, connection_auth=None, **kwargs)¶New in version 2019.2.0.
Ensure a resource group exists.
name -- Name of the resource group.
location -- The Azure location in which to create the resource group. This value cannot be updated once the resource group is created.
managed_by -- The ID of the resource that manages this resource group. This value cannot be updated once the resource group is created.
tags -- A dictionary of strings can be passed as tag metadata to the resource group object.
connection_auth -- A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure resource group exists:
azurearm_resource.resource_group_present:
- name: group1
- location: eastus
- tags:
contact_name: Elmer Fudd Gantry
- connection_auth: {{ profile }}