states.azurerm.network.virtual_network_gateway¶
Azure Resource Manager (ARM) Virtual Network Gateway State Module
New in version 1.0.0.
Changed in version 3.0.0,: 4.0.0
maintainer: | |
---|---|
configuration: | This module requires Azure Resource Manager credentials to be passed via acct. Note that the authentication parameters are case sensitive. Required provider parameters:
Optional provider parameters: cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:
Example acct setup for Azure Resource Manager authentication: azurerm:
default:
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
secret: XXXXXXXXXXXXXXXXXXXXXXXX
cloud_environment: AZURE_PUBLIC_CLOUD
user_pass_auth:
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
username: fletch
password: 123pass
The authentication parameters can also be passed as a dictionary of keyword arguments to the |
-
idem_azurerm.states.azurerm.network.virtual_network_gateway.
absent
(hub, ctx, name, resource_group, connection_auth=None, **kwargs)¶ New in version 1.0.0.
Ensure a virtual network gateway object does not exist in the specified resource group.
Parameters: - name – Name of the virtual network gateway object.
- resource_group – The resource group associated with the virtual network gateway.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure virtual network gateway absent: azurerm.network.virtual_network_gateway.absent: - name: gateway1 - resource_group: group1
-
idem_azurerm.states.azurerm.network.virtual_network_gateway.
connection_absent
(hub, ctx, name, resource_group, connection_auth=None, **kwargs)¶ New in version 1.0.0.
Ensure a virtual network gateway connection does not exist in the specified resource group.
Parameters: - name – Name of the virtual network gateway connection.
- resource_group – The resource group associated with the virtual network gateway connection.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure virtual network gateway connection absent: azurerm.network.virtual_network_gateway.connection_absent: - name: connection1 - resource_group: group1
-
idem_azurerm.states.azurerm.network.virtual_network_gateway.
connection_present
(hub, ctx, name, resource_group, virtual_network_gateway, connection_type, virtual_network_gateway2=None, vgw2_group=None, local_network_gateway2=None, lgw2_group=None, peer=None, connection_protocol=None, shared_key=None, enable_bgp=None, ipsec_policy=None, use_policy_based_traffic_selectors=None, routing_weight=None, express_route_gateway_bypass=None, authorization_key=None, use_local_azure_ip_address=None, tags=None, connection_auth=None, **kwargs)¶ New in version 1.0.0.
Changed in version 4.0.0.
Ensure a virtual network gateway connection exists.
Parameters: - name – The name of the virtual network gateway connection.
- resource_group – The name of the resource group associated with the virtual network gateway connection.
- virtual_network_gateway – The name of the virtual network gateway that will be the first endpoint of the connection. This value is immutable once set.
- connection_type – The gateway connection type. Possible values include: “IPsec”, “Vnet2Vnet”, “ExpressRoute”. This value is immutable once set.
- virtual_network_gateway2 – The name of the virtual network gateway that will be used as the second endpoint for the connection. Required for a connection type of “Vnet2Vnet”. This value is immutable once set.
- vgw2_group – The resource group for the virtual network gateway passed as the
virtual_network_gateway2
parameter. If this parameter is not specified it will default to the same resource group as the virtual network gateway specified in thevirtual_network_gateway
parameter. - local_network_gateway2 – The valid Resource ID representing a LocalNetworkGateway Object that will be used as the second endpoint for the connection. Required for a connection type of “IPSec”. This value is immutable once set.
- lgw2_group – The resource group for the local network gateway passed as the
local_network_gateway2
parameter. If this parameter is not specified it will default to the same resource group as the virtual network gateway specified in thevirtual_network_gateway
parameter. - peer – The valid Resource ID representing a ExpressRouteCircuit Object that will be used as the second endpoint for the connection. Required for a connection type of “ExpressRoute”. This value is immutable once set.
- shared_key – The shared key for the connection. Required for a connection type of “IPsec” or “Vnet2Vnet”. Defaults to a randomly generated key.
- ipsec_policy –
A dictionary representing an IpsecPolicy object that is considered by this connection as the IPSec Policy. Required for a connection type of “IPSec”. Valid parameters include:
sa_life_time_seconds
: (Optional) The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.sa_data_size_kilobytes
: (Optional) The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.ipsec_encryption
: (Required) The IPSec encryption algorithm (IKE phase 1). Possible values include: ‘None’, ‘DES’, ‘DES3’, ‘AES128’, ‘AES192’, ‘AES256’, ‘GCMAES128’, ‘GCMAES192’, ‘GCMAES256’.ipsec_integrity
: (Required) The IPSec integrity algorithm (IKE phase 1). Possible values include: ‘MD5’, ‘SHA1’, ‘SHA256’, ‘GCMAES128’, ‘GCMAES192’, ‘GCMAES256’.ike_encryption
: (Required) The IKE encryption algorithm (IKE phase 2). Possible values include: ‘DES’, ‘DES3’, ‘AES128’, ‘AES192’, ‘AES256’, ‘GCMAES256’, ‘GCMAES128’ike_integrity
: (Required) The IKE integrity algorithm (IKE phase 2). Possible values include: ‘MD5’, ‘SHA1’, ‘SHA256’, ‘SHA384’, ‘GCMAES256’, ‘GCMAES128’.dh_group
: (Required) The DH Group used in IKE Phase 1 for initial SA. Possible values include: ‘None’, ‘DHGroup1’, ‘DHGroup2’, ‘DHGroup14’, ‘DHGroup2048’, ‘ECP256’, ‘ECP384’, ‘DHGroup24’.pfs_group
: (Required) The Pfs Group used in IKE Phase 2 for new child SA. Possible values include: ‘None’, ‘PFS1’, ‘PFS2’, ‘PFS2048’, ‘ECP256’, ‘ECP384’, ‘PFS24’, ‘PFS14’, ‘PFSMM’.
- connection_protocol – The connection protocol used for this connection. Possible values include: “IKEv2” and “IKEv1”.
- enable_bgp – A boolean representing whether BGP is enabled for this virtual network gateway connection. Both endpoints of the connection must have BGP enabled and may not have the same ASN values. Cannot be enabled while use_policy_based_traffic_selectors is enabled. Defaults to False.
- use_policy_based_traffic_selectors – A boolean value representing whether to enable policy-based traffic selectors for a connection. Cannot be enabled at the same time as BGP. Requires that IPSec policies for the gateway connection are defined. Can only be used with a connction type of “IPSec”.
- routing_weight – An integer representing the routing weight.
- express_route_gateway_bypass – A boolean value representing whether or not to bypass the ExpressRoute Gateway for data forwarding. Can only be used with a connection type of “ExpressRoute”.
- authorization_key – The ExpressRoute Circuit authorization key. Required for a connection type of “ExpressRoute”.
- use_local_azure_ip_address – A boolean value specifying whether or not to use a private local Azure IP for the connection.
- tags – A dictionary of strings can be passed as tag metadata to the virtual network gateway connection object.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure virtual network gateway Vnet2Vnet connection exists: azurerm.network.virtual_network_gateway.connection_present: - name: connection1 - resource_group: group1 - virtual_network_gateway: virtual_gateway1 - connection_type: 'Vnet2Vnet' - virtual_network_gateway2: virtual_gateway2 - enable_bgp: False - shared_key: 'key' - tags: contact_name: Elmer Fudd Gantry Ensure virtual network gateway IPSec connection exists: azurerm.network.virtual_network_gateway.connection_present: - name: connection1 - resource_group: group1 - virtual_network_gateway: virtual_gateway - connection_type: 'IPSec' - local_network_gateway2: local_gateway - enable_bgp: False - shared_key: 'key' - use_policy_based_traffic_selectors: True - ipsec_policy: sa_life_time_seconds: 300 sa_data_size_kilobytes: 1024 ipsec_encryption: 'DES' ipsec_integrity: 'SHA256' ike_encryption: 'DES' ike_integrity: 'SHA256' dh_group: 'None' pfs_group: 'None' - tags: contact_name: Elmer Fudd Gantry
-
idem_azurerm.states.azurerm.network.virtual_network_gateway.
present
(hub, ctx, name, resource_group, virtual_network, ip_configurations, gateway_type, sku, vpn_type=None, enable_bgp=None, active_active=None, bgp_settings=None, address_prefixes=None, generation=None, enable_dns_forwarding=None, enable_private_ip_address=None, polling=True, tags=None, connection_auth=None, **kwargs)¶ New in version 1.0.0.
Changed in version 3.0.0,: 4.0.0
Ensure a virtual network gateway exists.
Parameters: - name – Name of the virtual network gateway.
- resource_group – The resource group associated with the virtual network gateway.
- virtual_network – The virtual network associated with the virtual network gateway.
- ip_configurations –
A list of dictionaries representing valid VirtualNetworkGatewayIPConfiguration objects. It is important to note that if the active_active key word argument is specified and active_active is disabled, then only one IP configuration object is permitted. If active_active is enabled, then at least two IP configuration dictionaries are required. Valid parameters for a VirtualNetworkGatewayIPConfiguration object are:
name
: The name of the VirtualNetworkGatewayIPConfiguration object that is unique within the resource group.public_ip_address
: The name of an existing public IP address that will be assigned to the object.private_ip_allocation_method
: The private IP allocation method. Possible values are: “Static” and “Dynamic”.subnet
: The name of an existing subnet inside of which the IP configuration will reside.
- gateway_type – The type of this virtual network gateway. Possible values include: “Vpn” and “ExpressRoute”. The gateway type is immutable once set.
- sku – The name of the Gateway SKU. Possible values include: ‘Basic’, ‘HighPerformance’, ‘Standard’, ‘UltraPerformance’, ‘VpnGw1’, ‘VpnGw2’, ‘VpnGw3’, ‘VpnGw4’, ‘VpnGw5’, ‘VpnGw1AZ’, ‘VpnGw2AZ’, ‘VpnGw3AZ’, ‘VpnGw4AZ’, ‘VpnGw5AZ’, ‘ErGw1AZ’, ‘ErGw2AZ’, and ‘ErGw3AZ’.
- vpn_type – The type of this virtual network gateway. Possible values include: “PolicyBased” and “RouteBased”. The vpn type is immutable once set.
- enable_bgp – A boolean value specifying whether BGP is enabled for this virtual network gateway.
- active_active – A boolean value specifying whether active-active mode is enabled for this virtual network gateway.
- bgp_settings –
A dictionary representing a valid BgpSettings object, which stores the virtual network gateway’s BGP speaker settings. Valid parameters include:
asn
: The BGP speaker’s Autonomous System Number.bgp_peering_address
: The BGP peering address and BGP identifier of this BGP speaker.peer_weight
: The weight added to routes learned from this BGP speaker.
- address_prefixes – A list of CIDR blocks which can be used by subnets within the virtual network. Represents the custom routes address space specified by the the customer for virtual network gateway and VpnClient.
- generation – The generation for this virtual network gateway. This parameter may only be set if the
gateway_type
parameter is set to “Vpn”. Possible values include: “None”, “Generation1”, and “Generation2”. - enable_dns_forwarding – A boolean value specifying whether DNS forwarding is enabled.
- enable_private_ip_address – A boolean value specifying whether a private IP needs to be enabled on this gateway for connections.
- polling – An optional boolean flag representing whether a Poller will be used during the creation of the Virtual Network Gateway. If set to True, a Poller will be used by this operation and the module will not return until the Virtual Network Gateway has completed its creation process and has been successfully provisioned. If set to False, the module will return once the Virtual Network Gateway has successfully begun its creation process. Defaults to True.
- tags – A dictionary of strings can be passed as tag metadata to the virtual network gateway object.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure virtual network gateway exists: azurerm.network.virtual_network_gateway.present: - name: gateway1 - resource_group: group1 - virtual_network: vnet1 - ip_configurations: - name: ip_config1 private_ip_allocation_method: 'Dynamic' public_ip_address: pub_ip1 - tags: contact_name: Elmer Fudd Gantry Ensure virtual network gateway exists: azurerm.network.virtual_network_gateway.present: - name: gateway1 - resource_group: group1 - virtual_network: vnet1 - ip_configurations: - name: ip_config1 private_ip_allocation_method: 'Dynamic' public_ip_address: pub_ip1 - name: ip_config2 private_ip_allocation_method: 'Dynamic' public_ip_address: pub_ip2 - tags: contact_name: Elmer Fudd Gantry - gateway_type: 'Vpn' - vpn_type: 'RouteBased' - active_active: True - enable_bgp: True - bgp_settings: asn: 65514 bgp_peering_address: 10.2.2.2 peering_weight: 0 - address_prefixes: - '10.0.0.0/8' - '192.168.0.0/16'