exec.azurerm.resource.management_lock

Azure Resource Manager (ARM) Management Lock Execution Module

New in version 1.0.0.

maintainer:

<devops@eitr.tech>
configuration:

This module requires Azure Resource Manager credentials to be passed as keyword arguments to every function or via acct in order to work properly.

Required provider parameters:

if using username and password:
  • subscription_id
  • username
  • password
if using a service principal:
  • subscription_id
  • tenant
  • client_id
  • secret

Optional provider parameters:

cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:

  • AZURE_PUBLIC_CLOUD (default)
  • AZURE_CHINA_CLOUD
  • AZURE_US_GOV_CLOUD
  • AZURE_GERMAN_CLOUD
idem_azurerm.exec.azurerm.resource.management_lock.create_or_update_at_resource_group_level(hub, ctx, name, resource_group, lock_level, notes=None, owners=None, **kwargs)

New in version 1.0.0.

Creates or updates a management lock at the resource group level. When you apply a lock at a parent scope, all child resources inherit the same lock. To create management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions.

Parameters:
  • name – The name of the lock. The lock name can be a maximum of 260 characters. It cannot contain <, > %, &, :, ?, /, or any control characters.
  • resource_group – The name of the resource group.
  • lock_level – The level of the lock. Possible values are: ‘NotSpecified’, ‘CanNotDelete’, & ‘ReadOnly’. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can’t modify or delete it.
  • notes – An optional string representing notes about the lock. Maximum of 512 characters.
  • owners – An optional list of strings representing owners of the lock. Each string represents the application id of the lock owner.

CLI Example:

azurerm.resource.management_lock.create_or_update_at_resource_group_level test_name test_group test_level
idem_azurerm.exec.azurerm.resource.management_lock.create_or_update_at_resource_level(hub, ctx, name, lock_level, resource_group, resource, resource_type, resource_provider_namespace, parent_resource_path=None, notes=None, owners=None, **kwargs)

New in version 1.0.0.

Creates or updates a management lock at the resource level or any level below the resource. When you apply a lock at a parent scope, all child resources inherit the same lock. To create management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions.

Parameters:
  • name – The name of the lock. The lock name can be a maximum of 260 characters. It cannot contain <, > %, &, :, ?, /, or any control characters.
  • lock_level – The level of the lock. Possible values are: ‘NotSpecified’, ‘CanNotDelete’, & ‘ReadOnly’. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can’t modify or delete it.
  • resource_group – The name of the resource group containing the resource to lock.
  • resource – The name of the resource to lock.
  • resource_type – The resource type of the resource to lock.
  • resource_provider_namespace – The resource provider namespace of the resource to lock.
  • parent_resource_path – The parent resource identity.
  • notes – An optional string representing notes about the lock. Maximum of 512 characters.
  • owners – An optional list of strings representing owners of the lock. Each string represents the application id of the lock owner.

CLI Example:

azurerm.resource.management_lock.create_or_update_at_resource_level test_name test_level test_group
                                                                    test_resource test_type test_namespace
idem_azurerm.exec.azurerm.resource.management_lock.create_or_update_at_subscription_level(hub, ctx, name, lock_level, notes=None, owners=None, **kwargs)

New in version 1.0.0.

Creates or updates a management lock at the subscription level. When you apply a lock at a parent scope, all child resources inherit the same lock. To create management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions.

Parameters:
  • name – The name of the lock. The lock name can be a maximum of 260 characters. It cannot contain <, > %, &, :, ?, /, or any control characters.
  • lock_level – The level of the lock. Possible values are: ‘NotSpecified’, ‘CanNotDelete’, & ‘ReadOnly’. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can’t modify or delete it.
  • notes – An optional string representing notes about the lock. Maximum of 512 characters.
  • owners – An optional list of strings representing owners of the lock. Each string represents the application id of the lock owner.

CLI Example:

azurerm.resource.management_lock.create_or_update_at_subscription_level test_name test_level
idem_azurerm.exec.azurerm.resource.management_lock.create_or_update_by_scope(hub, ctx, name, scope, lock_level, notes=None, owners=None, **kwargs)

New in version 1.0.0.

Create or update a management lock by scope. When you apply a lock at a parent scope, all child resources inherit the same lock. To create management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions.

Parameters:
  • name – The name of the lock. The lock name can be a maximum of 260 characters. It cannot contain <, > %, &, :, ?, /, or any control characters.
  • scope – The scope for the lock. When providing a scope for the assignment, use ‘/subscriptions/{subscriptionId}’ for subscriptions, ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}’ for resource groups, and ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePathIfPresent}/{resourceType}/{resourceName}’ for resources.
  • lock_level – The level of the lock. Possible values are: ‘NotSpecified’, ‘CanNotDelete’, & ‘ReadOnly’. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can’t modify or delete it.
  • notes – An optional string representing notes about the lock. Maximum of 512 characters.
  • owners – An optional list of strings representing owners of the lock. Each string represents the application id of the lock owner.

CLI Example:

azurerm.resource.management_lock.create_or_update_by_scope test_name test_scope test_level
idem_azurerm.exec.azurerm.resource.management_lock.delete_at_resource_group_level(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Deletes a management lock at the resource group level. To delete management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions.

Parameters:
  • name – The name of the lock to be deleted.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.resource.management_lock.delete_at_resource_group_level test_name test_group
idem_azurerm.exec.azurerm.resource.management_lock.delete_at_resource_level(hub, ctx, name, resource_group, resource, resource_type, resource_provider_namespace, parent_resource_path=None, **kwargs)

New in version 1.0.0.

Deletes the management lock of a resource or any level below the resource. When you apply a lock at a parent scope, all child resources inherit the same lock. To delete management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions.

Parameters:
  • name – The name of the lock to delete.
  • resource_group – The name of the resource group containing the resource with the lock to delete.
  • resource – The name of the resource with the lock to delete.
  • resource_type – The resource type of the resource with the lock to delete.
  • resource_provider_namespace – The resource provider namespace of the resource with the lock to delete.
  • parent_resource_path – The parent resource identity.

CLI Example:

azurerm.resource.management_lock.delete_at_resource_level test_name test_group test_resource
                                                          test_type test_namespace
idem_azurerm.exec.azurerm.resource.management_lock.delete_at_subscription_level(hub, ctx, name, **kwargs)

New in version 1.0.0.

Deletes the management lock at the subscription level. To delete management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions.

Parameters:name – The name of the lock to be deleted.

CLI Example:

azurerm.resource.management_lock.delete_at_subscription_level test_name
idem_azurerm.exec.azurerm.resource.management_lock.delete_by_scope(hub, ctx, name, scope, **kwargs)

New in version 1.0.0.

Delete a management lock by scope. To delete management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions.

Parameters:
  • name – The name of the lock to be deleted.
  • scope – The scope for the lock. When providing a scope for the assignment, use ‘/subscriptions/{subscriptionId}’ for subscriptions, ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}’ for resource groups, and ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePathIfPresent}/{resourceType}/{resourceName}’ for resources.

CLI Example:

azurerm.resource.management_lock.delete_by_scope test_name test_scope
idem_azurerm.exec.azurerm.resource.management_lock.get_at_resource_group_level(hub, ctx, name, resource_group, **kwargs)

New in version 1.0.0.

Gets a management lock at the resource group level.

Parameters:
  • name – The name of the lock to get.
  • resource_group – The name of the resource group.

CLI Example:

azurerm.resource.management_lock.get_at_resource_group_level test_name test_group
idem_azurerm.exec.azurerm.resource.management_lock.get_at_resource_level(hub, ctx, name, resource_group, resource, resource_type, resource_provider_namespace, parent_resource_path=None, **kwargs)

New in version 1.0.0.

Get the management lock of a resource or any level below resource.

Parameters:
  • name – The name of the lock.
  • resource_group – The name of the resource group.
  • resource – The name of the resource.
  • resource_type – The type of the resource.
  • resource_provider_namespace – The namespace of the resource provider.
  • parent_resource_path – The parent resource identity.

CLI Example:

azurerm.resource.management_lock.get_at_resource_level test_name test_group test_resource test_type
                                                       test_namespace
idem_azurerm.exec.azurerm.resource.management_lock.get_at_subscription_level(hub, ctx, name, **kwargs)

New in version 1.0.0.

Gets a management lock at the subscription level.

Parameters:name – The name of the lock to get.

CLI Example:

azurerm.resource.management_lock.get_at_subscription_level test_name
idem_azurerm.exec.azurerm.resource.management_lock.get_by_scope(hub, ctx, name, scope, **kwargs)

New in version 1.0.0.

Get a management lock by scope.

Parameters:
  • name – The name of the lock to get.
  • scope – The scope for the lock. When providing a scope for the assignment, use ‘/subscriptions/{subscriptionId}’ for subscriptions, ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}’ for resource groups, and ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePathIfPresent}/{resourceType}/{resourceName}’ for resources.

CLI Example:

azurerm.resource.management_lock.get_by_scope test_name test_scope
idem_azurerm.exec.azurerm.resource.management_lock.list_at_resource_group_level(hub, ctx, resource_group, **kwargs)

New in version 1.0.0.

Gets all the management locks for a resource group.

Parameters:resource_group – The name of the resource group containing the locks to get.

CLI Example:

azurerm.resource.management_lock.list_at_resource_group_level test_group
idem_azurerm.exec.azurerm.resource.management_lock.list_at_resource_level(hub, ctx, resource_group, resource, resource_type, resource_provider_namespace, parent_resource_path=None, **kwargs)

New in version 1.0.0.

Get the management lock of a resource or any level below resource.

Parameters:
  • resource_group – The name of the resource group.
  • resource – The name of the resource.
  • resource_type – The type of the resource.
  • resource_provider_namespace – The namespace of the resource provider.
  • parent_resource_path – The parent resource identity.

CLI Example:

azurerm.resource.management_lock.list_at_resource_level test_group test_resource test_type test_namespace
idem_azurerm.exec.azurerm.resource.management_lock.list_at_subscription_level(hub, ctx, **kwargs)

New in version 1.0.0.

Gets all the management locks for a subscription.

CLI Example:

azurerm.resource.management_lock.list_at_subscription_level
idem_azurerm.exec.azurerm.resource.management_lock.list_by_scope(hub, ctx, scope, **kwargs)

New in version 1.0.0.

Gets all the management locks for a scope.

Parameters:scope – The scope for the lock. When providing a scope for the assignment, use ‘/subscriptions/{subscriptionId}’ for subscriptions, ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}’ for resource groups, and ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePathIfPresent}/{resourceType}/{resourceName}’ for resources.

CLI Example:

azurerm.resource.management_lock.list_by_scope test_scope