Azure Resource Manager (ARM) PostgreSQL Server Security Alert Policy Operations State Module

New in version 2.0.0.

Changed in version 4.0.0.




This module requires Azure Resource Manager credentials to be passed via acct. Note that the authentication parameters are case sensitive.

Required provider parameters:

if using username and password:
  • subscription_id
  • username
  • password
if using a service principal:
  • subscription_id
  • tenant
  • client_id
  • secret

Optional provider parameters:

cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:

  • AZURE_PUBLIC_CLOUD (default)

Example acct setup for Azure Resource Manager authentication:

        subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
        tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
        client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
        cloud_environment: AZURE_PUBLIC_CLOUD
        subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
        username: fletch
        password: 123pass

The authentication parameters can also be passed as a dictionary of keyword arguments to the connection_auth parameter of each state, but this is not preferred and could be deprecated in the future.

idem_azurerm.states.azurerm.postgresql.server_security_alert_policy.present(hub, ctx, server_name, resource_group, policy_state, disabled_alerts=None, email_addresses=None, email_account_admins=None, storage_endpoint=None, storage_account_access_key=None, retention_days=None, force_access_key=False, connection_auth=None, **kwargs)

New in version 2.0.0.

Changed in version 4.0.0.

Ensures that the specified server security alert policy exists within the given PostgreSQL server.

  • server_name – The name of the server.
  • resource_group – The name of the resource group. The name is case insensitive.
  • policy_state – Specifies the state of the policy, whether it is enabled or disabled. Possible values include: ‘Enabled’, ‘Disabled’.
  • disabled_alerts – Specifies an array of alerts that are disabled. Possible values are: ‘Sql_Injection’, ‘Sql_Injection_Vulnerability’, and ‘Access_Anomaly’.
  • email_addresses – Specifies an array of e-mail addresses to which the alert is sent.
  • email_account_admins – A boolean value that specifies whether the alert is sent to the account administrators or not.
  • storage_endpoint – Specifies the blob storage endpoint (e.g. This blob storage will hold all Threat Detection audit logs.
  • storage_account_access_key – Specifies the identifier key of the Threat Detection audit storage account.
  • retention_days – Specifies the number of days to keep in the Threat Detection audit logs.
  • force_access_key – An optional boolean flag that represents whether or not the storage account access key value should be updated. If it is set to True, then the password will be updated if the server already exists. If it is set to False, then the password will not be updated unless other parameters also need to be updated. Defaults to False.
  • connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure server security alert policy exists:
        - server_name: my_server
        - resource_group: my_rg
        - policy_state: 'Enabled'