exec.azurerm.network.virtual_network_gateway

Azure Resource Manager (ARM) Virtual Network Gateway Execution Module

New in version 1.0.0.

maintainer:

<devops@eitr.tech>

configuration:

This module requires Azure Resource Manager credentials to be passed as keyword arguments to every function or via acct in order to work properly.

Required provider parameters:

if using username and password:
  • subscription_id
  • username
  • password
if using a service principal:
  • subscription_id
  • tenant
  • client_id
  • secret

Optional provider parameters:

cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:

  • AZURE_PUBLIC_CLOUD (default)
  • AZURE_CHINA_CLOUD
  • AZURE_US_GOV_CLOUD
  • AZURE_GERMAN_CLOUD
idem_azurerm.exec.azurerm.network.virtual_network_gateway.connection_create_or_update(hub, ctx, name, resource_group, virtual_network_gateway, connection_type, **kwargs)

New in version 1.0.0.

Changed in version 4.0.0.

Creates or updates a virtual network gateway connection.

Parameters:
  • name – The name of the virtual network gateway connection to create or update.
  • resource_group – The name of the resource group.
  • virtual_network_gateway – The name of the virtual network gateway that will be the first endpoint of the connection. This is immutable once set.
  • connection_type – Gateway connection type. Possible values include: ‘IPsec’, ‘Vnet2Vnet’, and ‘ExpressRoute’. This is immutable once set.

A second endpoint must be passed as a keyword argument. The second endpoint will be immutable once set. The following are possible second endpoints for the connection:

  • If the connection type is “Vnet2Vnet”, then the name of a second virtual network gateway must be passed as the virtual_network_gateway2 kwarg. If that second gateway has a different resource group than the resource group specified within the resource_group parameter, then it must be specified within vgw2_group kwarg. Otherwise, the resource_group within the resource_group parameter will be used.
  • If the connection type is “IPSec”, then the name of a local network gateway must be passed within the local_network_gateway2 kwarg. If that gateway has a different resource group than the resource group specified within the resource_group parameter, then it must be specified within lgw2_group kwarg. Otherwise, the resource_group within the resource_group parameter will be used.
  • If the connection type is “ExpressRoute”, then a valid Resource ID representing an ExpressRouteCircuit Object must be passed as the peer kwarg.

The second endpoint is immutable once set.

CLI Example:

azurerm.network.virtual_network_gateway.connection_create_or_update test_name test_group test_vgw test_type
idem_azurerm.exec.azurerm.network.virtual_network_gateway.connection_delete(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Deletes the specified virtual network gateway connection.

Parameters:
  • name – The name of the virtual network gateway connection that will be deleted.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.connection_delete test_name test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.connection_get(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Gets the details of a specified virtual network gateway connection.

Parameters:
  • name – The name of the virtual network gateway connection to query.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.connection_get test_name test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.connection_get_shared_key(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Gets information about the specified virtual network gateway connection shared key through the Network resource provider.

Parameters:
  • name – The virtual network gateway connection shared key name.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.connection_get_shared_key test_name test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.connection_reset_shared_key(hub, ctx, name, resource_group, key_length=128, **kwargs)

New in version 1.0.0.

Resets the virtual network gateway connection shared key for passed virtual network gateway connection in the specified resource group through Network resource provider.

Parameters:
  • name – The name of the virtual network gateway connection that will have its shared key reset.
  • resource_group – The name of the resource group.
  • key_length – The virtual network connection reset shared key length, should between 1 and 128. Defaults to 128.

CLI Example:

azurerm.network.virtual_network_gateway.connection_set_shared_key test_name test_group test_key_length
idem_azurerm.exec.azurerm.network.virtual_network_gateway.connection_set_shared_key(hub, ctx, name, resource_group, value, **kwargs)

New in version 1.0.0.

Sets the shared key for a virtual network gateway connection object.

Parameters:
  • name – The virtual network gateway connection name.
  • resource_group – The name of the resource group.
  • value – The new virtual network connection shared key value.

CLI Example:

azurerm.network.virtual_network_gateway.connection_set_shared_key test_name test_group test_value
idem_azurerm.exec.azurerm.network.virtual_network_gateway.connection_update_tags(hub, ctx, name, resource_group, tags=None, **kwargs)

New in version 4.0.0.

Updates virtual network gateway connection tags with specified values.

Parameters:
  • name – The name of the virtual network gateway connection.
  • resource_group – The name of the resource group to which the virtual network gateway belongs.
  • tags – The tags of the resource.

CLI Example:

azurerm.network.virtual_network_gateway.connection_update_tags test_name test_group tags='{"owner": "me"}'
idem_azurerm.exec.azurerm.network.virtual_network_gateway.connections_list(hub, ctx, resource_group, **kwargs)

New in version 1.0.0.

Lists all the virtual network gateway connections within a specified resource group.

Parameters:resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.connections_list test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.create_or_update(hub, ctx, name, resource_group, virtual_network, ip_configurations, gateway_type, sku, polling=True, **kwargs)

New in version 1.0.0.

Changed in version 3.0.0,: 4.0.0

Creates or updates a virtual network gateway in the specified resource group.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group.
  • virtual_network – The name of the virtual network associated with the virtual network gateway.
  • ip_configurations

    A list of dictionaries representing valid VirtualNetworkGatewayIPConfiguration objects. It is important to note that if the active_active key word argument is specified and active_active is disabled, then only one IP configuration dictionary is permitted. If active_active is enabled, then two IP configuration dictionaries are required. Valid parameters for a VirtualNetworkGatewayIPConfiguration object are:

    • name: The name of the VirtualNetworkGatewayIPConfiguration object that is unique within the resource group.
    • public_ip_address: The name of an existing public IP address that will be assigned to the object.
    • private_ip_allocation_method: The private IP allocation method. Possible values are: “Static” and “Dynamic”.
    • subnet: The name of an existing subnet inside of which the IP configuration will reside.
  • gateway_type – The type of this virtual network gateway. Possible values include: “Vpn” and “ExpressRoute”. The gateway type is immutable once set.
  • sku – The name of the Gateway SKU. Possible values include: ‘Basic’, ‘HighPerformance’, ‘Standard’, ‘UltraPerformance’, ‘VpnGw1’, ‘VpnGw2’, ‘VpnGw3’, ‘VpnGw4’, ‘VpnGw5’, ‘VpnGw1AZ’, ‘VpnGw2AZ’, ‘VpnGw3AZ’, ‘VpnGw4AZ’, ‘VpnGw5AZ’, ‘ErGw1AZ’, ‘ErGw2AZ’, and ‘ErGw3AZ’.
  • polling – An optional boolean flag representing whether a Poller will be used during the creation of the Virtual Network Gateway. If set to True, a Poller will be used by this operation and the module will not return until the Virtual Network Gateway has completed its creation process and has been successfully provisioned. If set to False, the module will return once the Virtual Network Gateway has successfully begun its creation process. Defaults to True.

CLI Example:

azurerm.network.virtual_network_gateway.create_or_update test_name test_group test_vnet test_ip_configs
idem_azurerm.exec.azurerm.network.virtual_network_gateway.delete(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Deletes the specified virtual network gateway.

Parameters:
  • name – The name of the virtual network gateway that will be deleted.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.delete test_name test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.generate_vpn_profile(hub, ctx, name, resource_group, processor_architecture, authentication_method, radius_server_auth_certificate=None, client_root_certificates=None, **kwargs)

New in version 1.0.0.

Generates VPN profile for P2S client of the virtual network gateway in the specified resource group. Used for IKEV2 and radius based authentication.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group.
  • processor_architecture – VPN client Processor Architecture. Possible values include: ‘Amd64’ and ‘X86’.
  • authentication_method – VPN client authentication method. Possible values include: ‘EAPTLS’ and ‘EAPMSCHAPv2’.
  • radius_server_auth_certificate – The public certificate data for the radius server authentication certificate as a Base-64 encoded string. Required only if external radius authentication has been configured with EAPTLS authentication.
  • client_root_certificates – A list of client root certificates public certificate data encoded as Base-64 strings. This is an optional parameter for external radius based authentication with EAPTLS.

CLI Example:

azurerm.network.virtual_network_gateway.generate_vpn_profile test_name test_group test_params
idem_azurerm.exec.azurerm.network.virtual_network_gateway.generatevpnclientpackage(hub, ctx, name, resource_group, processor_architecture, authentication_method, radius_server_auth_certificate=None, client_root_certificates=None, **kwargs)

New in version 1.0.0.

Generates VPN client package for P2S client of the virtual network gateway in the specified resource group.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group.
  • processor_architecture – VPN client Processor Architecture. Possible values include: ‘Amd64’, ‘X86’
  • authentication_method – VPN client authentication method. Possible values include: ‘EAPTLS’, ‘EAPMSCHAPv2’
  • radius_server_auth_certificate – The public certificate data for the radius server authentication certificate as a Base-64 encoded string. Required only if external radius authentication has been configured with EAPTLS authentication.
  • client_root_certificates – A list of client root certificates public certificate data encoded as Base-64 strings. Optional parameter for external radius based authentication with EAPTLS.

CLI Example:

azurerm.network.virtual_network_gateway.generatevpnclientpackage test_name test_group test_params
idem_azurerm.exec.azurerm.network.virtual_network_gateway.get(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Gets the details of a specific virtual network gateway within a specified resource group.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.get test_name test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.get_advertised_routes(hub, ctx, name, resource_group, peer, **kwargs)

New in version 1.0.0.

Gets a list of routes the virtual network gateway is advertising to a specified peer.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group.
  • peer – The IP address of the peer.

CLI Example:

azurerm.network.virtual_network_gateway.get_learned_routes test_name test_group test_peer
idem_azurerm.exec.azurerm.network.virtual_network_gateway.get_bgp_peer_status(hub, ctx, name, resource_group, peer=None, **kwargs)

New in version 1.0.0.

Gets the status of all BGP peers.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group.
  • peer – The IP address of the peer to retrieve the status of.

CLI Example:

azurerm.network.virtual_network_gateway.get_bgp_peer_status test_name test_group test_peer
idem_azurerm.exec.azurerm.network.virtual_network_gateway.get_learned_routes(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Gets a list of routes that the virtual network gateway has learned, including routes learned from BGP peers.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.get_learned_routes test_name test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.get_vpn_profile_package_url(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Gets pre-generated VPN profile for P2S client of the virtual network gateway in the specified resource group.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.get_vpn_profile_package_url test_name test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.get_vpnclient_ipsec_parameters(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Gets information about the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.

Parameters:
  • name – The virtual network gateway name.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.get_vpnclient_ipsec_parameters test_name test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.list_(hub, ctx, resource_group, **kwargs)

New in version 1.0.0.

Lists all virtual network gateways within a resource group.

Parameters:resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.list test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.list_connections(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Lists all connections associated with a virtual network gateway.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.list_connections test_name test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.reset(hub, ctx, name, resource_group, gateway_vip=None, **kwargs)

New in version 1.0.0.

Resets the virtual network gateway in the specified resource group.

Parameters:
  • name – The name of the virtual network gateway to reset.
  • resource_group – The name of the resource group.
  • gateway_vip – Virtual network gateway vip address supplied to the begin reset of the active-active feature enabled gateway.

CLI Example:

azurerm.network.virtual_network_gateway.reset test_name test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.reset_vpn_client_shared_key(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Resets the VPN client shared key of the virtual network gateway in the specified resource group.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.reset_vpn_client_shared_key test_name test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.set_vpnclient_ipsec_parameters(hub, ctx, name, resource_group, sa_life_time_seconds, sa_data_size_kilobytes, ipsec_encryption, ipsec_integrity, ike_encryption, ike_integrity, dh_group, pfs_group, **kwargs)

New in version 1.0.0.

Sets the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through the network resource provider.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group.

The following parameters are for creating a VpnClientIPsecParameters object:

Parameters:
  • sa_life_time_seconds – The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for P2S client. Must be between 300 - 172799 seconds.
  • sa_data_size_kilobytes – The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for P2S client. Must be between 1024 - 2147483647 kilobytes.
  • ipsec_encryption – The IPSec encryption algorithm (IKE phase 1). Possible values include: ‘None’, ‘DES’, ‘DES3’, ‘AES128’, ‘AES192’, ‘AES256’, ‘GCMAES128’, ‘GCMAES192’, ‘GCMAES256’
  • ipsec_integrity – The IPSec integrity algorithm (IKE phase 1). Possible values include: ‘MD5’, ‘SHA1’, ‘SHA256’, ‘GCMAES128’, ‘GCMAES192’, ‘GCMAES256’
  • ike_encryption – The IKE encryption algorithm (IKE phase 2). Possible values include: ‘DES’, ‘DES3’, ‘AES128’, ‘AES192’, ‘AES256’, ‘GCMAES256’, ‘GCMAES128’
  • ike_integrity – The IKE integrity algorithm (IKE phase 2). Possible values include: ‘MD5’, ‘SHA1’, ‘SHA256’, ‘SHA384’, ‘GCMAES256’, ‘GCMAES128’
  • dh_group – The DH Group used in IKE Phase 1 for initial SA. Possible values include: ‘None’, ‘DHGroup1’, ‘DHGroup2’, ‘DHGroup14’, ‘DHGroup2048’, ‘ECP256’, ‘ECP384’, ‘DHGroup24’
  • pfs_group – The Pfs Group used in IKE Phase 2 for new child SA. Possible values include: ‘None’, ‘PFS1’, ‘PFS2’, ‘PFS2048’, ‘ECP256’, ‘ECP384’, ‘PFS24’, ‘PFS14’, ‘PFSMM’

CLI Example:

azurerm.network.virtual_network_gateway.set_vpnclient_ipsec_parameters test_name test_group
                                                                       test_vpnclient_ipsec_params
idem_azurerm.exec.azurerm.network.virtual_network_gateway.supported_vpn_devices(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Gets a xml format representation for supported vpn devices.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.network.virtual_network_gateway.supported_vpn_devices test_name test_group
idem_azurerm.exec.azurerm.network.virtual_network_gateway.update_tags(hub, ctx, name, resource_group, tags=None, **kwargs)

New in version 4.0.0.

Updates virtual network gateway tags with specified values.

Parameters:
  • name – The name of the virtual network gateway.
  • resource_group – The name of the resource group to which the virtual network gateway belongs.
  • tags – The tags of the resource.

CLI Example:

azurerm.network.virtual_network_gateway.update_tags test_name test_group tags='{"owner": "me"}'
idem_azurerm.exec.azurerm.network.virtual_network_gateway.vpn_device_configuration_script(hub, ctx, name, resource_group, vendor, device_family, firmware_version, **kwargs)

New in version 1.0.0.

Gets a xml format representation for vpn device configuration script.

Parameters:
  • name – The name of the virtual network gateway connection for which the configuration script is generated.
  • resource_group – The name of the resource group.
  • vendor – The vendor for the vpn device.
  • device_family – The device family for the vpn device.
  • firmware_version – The firmware version for the vpn device.

CLI Example:

azurerm.network.virtual_network_gateway.vpn_device_configuration_script test_name test_group test_vendor
                                                                        test_device_fam test_version