states.azurerm.resource.management_lock¶
Azure Resource Manager (ARM) Management Lock State Module
New in version 2.0.0.
Changed in version 4.0.0.
maintainer: | |
---|---|
configuration: | This module requires Azure Resource Manager credentials to be passed via acct. Note that the authentication parameters are case sensitive. Required provider parameters:
Optional provider parameters: cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:
Example configuration for Azure Resource Manager authentication: azurerm:
default:
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
secret: XXXXXXXXXXXXXXXXXXXXXXXX
cloud_environment: AZURE_PUBLIC_CLOUD
user_pass_auth:
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
username: fletch
password: 123pass
The authentication parameters can also be passed as a dictionary of keyword arguments to the |
-
idem_azurerm.states.azurerm.resource.management_lock.
absent
(hub, ctx, name, resource_group=None, connection_auth=None, **kwargs)¶ New in version 2.0.0.
Ensure a management lock does not exist. By default this module ensures that the management lock does not exist at the subscription level. If you would like to ensure that the management lock does not exist at the resource group level instead, you can specify a resource group using the resource_group parameter.
Parameters: - name – The name of the lock. The lock name can be a maximum of 260 characters. It cannot contain <, > %, &, :, ?, /, or any control characters.
- resource_group – The name of the resource group.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure management lock is absent: azurerm.resource.management_lock.absent: - name: my_lock
-
idem_azurerm.states.azurerm.resource.management_lock.
absent_at_resource_level
(hub, ctx, name, resource_group, resource, resource_type, resource_provider_namespace, parent_resource_path=None, connection_auth=None, **kwargs)¶ New in version 2.0.0.
Ensure a management lock does not exist at the resource level.
Parameters: - name – The name of the lock. The lock name can be a maximum of 260 characters. It cannot contain <, > %, &, :, ?, /, or any control characters.
- resource_group – The name of the resource group containing the resource with the lock to delete.
- resource – The name of the resource with the lock to delete.
- resource_type – The resource type of the resource with the lock to delete.
- resource_provider_namespace – The resource provider namespace of the resource with the lock to delete.
- parent_resource_path – The parent resource identity.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure management lock absent at resource level: azurerm.resource.management_lock.absent_at_resource_level: - name: my_lock - resource_group: my_rg - resource: my_resource - resource_type: my_type - resource_provider_namespace: my_namespace
-
idem_azurerm.states.azurerm.resource.management_lock.
absent_by_scope
(hub, ctx, name, scope, connection_auth=None, **kwargs)¶ New in version 2.0.0.
Ensure a management lock does not exist by scope.
Parameters: - name – The name of the lock. The lock name can be a maximum of 260 characters. It cannot contain <, > %, &, :, ?, /, or any control characters.
- scope – The scope for the lock. When providing a scope for the assignment, use ‘/subscriptions/{subscriptionId}’ for subscriptions, ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}’ for resource groups, and ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePathIfPresent}/{resourceType}/{resourceName}’ for resources.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure management lock absent by scope: azurerm.resource.management_lock.absent_by_scope: - name: my_lock - scope: my_scope
-
idem_azurerm.states.azurerm.resource.management_lock.
present
(hub, ctx, name, lock_level, resource_group=None, notes=None, owners=None, connection_auth=None, **kwargs)¶ New in version 2.0.0.
Changed in version 4.0.0.
Ensure a management lock exists. By default this module ensures that the management lock exists at the subscription level. If you would like to ensure that the management lock exists at the resource group level instead, you can specify a resource group using the resource_group parameter.
Parameters: - name – The name of the lock. The lock name can be a maximum of 260 characters. It cannot contain <, > %, &, :, ?, /, or any control characters.
- lock_level – The level of the lock. Possible values are: ‘CanNotDelete’ and ‘ReadOnly’. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can’t modify or delete it.
- resource_group – The name of the resource group.
- notes – A string representing notes about the lock. Maximum of 512 characters.
- owners – A list of strings representing owners of the lock. Each string represents the application id of the lock owner.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure management lock exists: azurerm.resource.management_lock.present: - name: my_lock - lock_level: 'ReadOnly'
-
idem_azurerm.states.azurerm.resource.management_lock.
present_at_resource_level
(hub, ctx, name, lock_level, resource_group, resource, resource_type, resource_provider_namespace, parent_resource_path=None, notes=None, owners=None, connection_auth=None, **kwargs)¶ New in version 2.0.0.
Changed in version 4.0.0.
Ensure a management lock exists at resource level.
Parameters: - name – The name of the lock. The lock name can be a maximum of 260 characters. It cannot contain<, > %, &, :, ?, /, or any control characters.
- lock_level – The level of the lock. Possible values are: ‘CanNotDelete’ and ‘ReadOnly’. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can’t modify or delete it.
- resource_group – The name of the resource group containing the resource to lock.
- resource – The name of the resource to lock.
- resource_type – The resource type of the resource to lock.
- resource_provider_namespace – The resource provider namespace of the resource to lock.
- parent_resource_path – The parent resource identity.
- notes – A string representing notes about the lock. Maximum of 512 characters.
- owners – A list of strings representing owners of the lock. Each string represents the application id of the lock owner.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure management lock exists at resource level: azurerm.resource.management_lock.present_at_resource_level: - name: my_lock - resource_group: my_rg - resource: my_resource - resource_type: my_type - resource_provider_namespace: my_namespace - lock_level: 'ReadOnly'
-
idem_azurerm.states.azurerm.resource.management_lock.
present_by_scope
(hub, ctx, name, scope, lock_level, notes=None, owners=None, connection_auth=None, **kwargs)¶ New in version 2.0.0.
Changed in version 4.0.0.
Ensure a management lock exists by scope.
Parameters: - name – The name of the lock. The lock name can be a maximum of 260 characters. It cannot contain <, > %, &, :, ?, /, or any control characters.
- scope – The scope for the lock. When providing a scope for the assignment, use ‘/subscriptions/{subscriptionId}’ for subscriptions, ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}’ for resource groups, and ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePathIfPresent}/{resourceType}/{resourceName}’ for resources.
- lock_level – The level of the lock. Possible values are: ‘CanNotDelete’ and ‘ReadOnly’. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can’t modify or delete it.
- notes – A string representing notes about the lock. Maximum of 512 characters.
- owners – A list of strings representing owners of the lock. Each string represents the application id of the lock owner.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure management lock exists by scope: azurerm.resource.management_lock.present_by_scope: - name: my_lock - scope: my_scope - lock_level: 'ReadOnly'