states.azurerm.containerregistry.registry

Azure Resource Manager (ARM) Container Registry State Module

New in version 3.0.0.

Changed in version 4.0.0.

maintainer:

<devops@eitr.tech>
configuration:

This module requires Azure Resource Manager credentials to be passed via acct. Note that the authentication parameters are case sensitive.

Required provider parameters:

if using username and password:
  • subscription_id
  • username
  • password
if using a service principal:
  • subscription_id
  • tenant
  • client_id
  • secret

Optional provider parameters:

cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:

  • AZURE_PUBLIC_CLOUD (default)
  • AZURE_CHINA_CLOUD
  • AZURE_US_GOV_CLOUD
  • AZURE_GERMAN_CLOUD

Example configuration for Azure Resource Manager authentication:

azurerm:
    default:
        subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
        tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
        client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
        secret: XXXXXXXXXXXXXXXXXXXXXXXX
        cloud_environment: AZURE_PUBLIC_CLOUD
    user_pass_auth:
        subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
        username: fletch
        password: 123pass

The authentication parameters can also be passed as a dictionary of keyword arguments to the connection_auth parameter of each state, but this is not preferred and could be deprecated in the future.
idem_azurerm.states.azurerm.containerregistry.registry.absent(hub, ctx, name, resource_group, connection_auth=None, **kwargs)

New in version 3.0.0.

Ensure a container registry does not exist in a resource group.

Parameters:
  • name – Name of the container registry.
  • resource_group – The name of the resource group to which the container registry belongs.
 
Ensure container registry is absent:
    azurerm.containerregistry.registry.absent:
        - name: other_repo
        - resource_group: testgroup
idem_azurerm.states.azurerm.containerregistry.registry.present(hub, ctx, name, resource_group, sku='Basic', replica_locations=None, admin_user_enabled=False, default_action=None, virtual_network_rules=None, ip_rules=None, trust_policy=None, quarantine_policy=None, retention_policy=None, retention_days=None, tags=None, connection_auth=None, **kwargs)

New in version 3.0.0.

Changed in version 4.0.0.

Ensure a container registry exists.

Parameters:
  • name – The name of the container registry.
  • resource_group – The name of the resource group to which the container registry belongs.
  • sku – The SKU name of the container registry. Required for registry creation. Possible values include: ‘Basic’, ‘Standard’, ‘Premium’
  • replica_locations – A list of valid Azure regions can be provided in order to enable replication to locations other than the location in which the repository was configured.
  • admin_user_enabled – This value that indicates whether the admin user is enabled.
  • default_action – The default action of allow or deny when no other rules match. Possible values include: ‘Allow’, ‘Deny’. Only available for the ‘Premium’ tier.
  • virtual_network_rules – A list of virtual network rule dictionaries where one key is the “action” of the rule (Allow/Deny) and the other key is the “virtual_network_resource_id” which is the full resource ID path of a subnet. Only available for the ‘Premium’ tier.
  • ip_rules – A list of IP rule dictionaries where one key is the “action” of the rule (Allow/Deny) and the other key is the “ip_address_or_range” which specifies the IP or IP range in CIDR format. Only IPV4 addresses are allowed. Only available for the ‘Premium’ tier.
  • trust_policy – Accepts boolean True/False or string “enabled”/”disabled” to configure. Image publishers can sign their container images and image consumers can verify their integrity. Container Registry supports both by implementing Docker’s content trust model. Only available for the ‘Premium’ tier.
  • quarantine_policy – Accepts boolean True/False or string “enabled”/”disabled” to configure. To assure a registry only contains images that have been vulnerability scanned, ACR introduces the Quarantine pattern. When a registries policy is set to Quarantine Enabled, all images pushed to that registry are put in quarantine by default. Only after the image has been verifed, and the quarantine flag removed may a subsequent pull be completed. Only available for the ‘Premium’ tier.
  • retention_policy – Accepts boolean True/False or string “enabled”/”disabled” to configure. Indicates whether retention policy is enabled. Only available for the ‘Premium’ tier.
  • tags – A dictionary of strings can be passed as tag metadata to the object.

Example usage:

Ensure container registry exists:
    azurerm.containerregistry.registry.present:
        - name: testrepo
        - resource_group: testgroup
        - sku: Premium
        - location: eastus
        - replica_locations:
            - westus
        - admin_user_enabled: True
        - default_action: Deny
        - ip_rules:
            - action: Allow
              ip_address_or_range: 8.8.8.8/32
        - quarantine_policy: Enabled
        - retention_policy: Enabled
        - retention_days: 7
        - tags:
            how_awesome: very
            contact_name: Elmer Fudd Gantry