states.azurerm.resource.policy¶
Azure Resource Manager (ARM) Resource Policy State Module
New in version 1.0.0.
Changed in version 2.0.0,: 2.3.2, 4.0.0
maintainer: | |
---|---|
configuration: | This module requires Azure Resource Manager credentials to be passed via acct. Note that the authentication parameters are case sensitive. Required provider parameters:
Optional provider parameters: cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:
Example acct setup for Azure Resource Manager authentication: azurerm:
default:
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
secret: XXXXXXXXXXXXXXXXXXXXXXXX
cloud_environment: AZURE_PUBLIC_CLOUD
user_pass_auth:
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
username: fletch
password: 123pass
The authentication parameters can also be passed as a dictionary of keyword arguments to the |
-
idem_azurerm.states.azurerm.resource.policy.
assignment_absent
(hub, ctx, name, scope, connection_auth=None, **kwargs)¶ New in version 1.0.0.
Ensure a policy assignment does not exist in the provided scope.
Parameters: - name – Name of the policy assignment.
- scope – The scope of the policy assignment.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure assignment absent: azurerm.resource.policy.assignment_absent: - name: test_assign - scope: test_scope
-
idem_azurerm.states.azurerm.resource.policy.
assignment_present
(hub, ctx, name, scope, definition_name, display_name=None, description=None, parameters=None, enforcement_mode=None, connection_auth=None, **kwargs)¶ New in version 1.0.0.
Changed in version 2.3.2,: 4.0.0
Ensure a security policy assignment exists.
Parameters: - name – Name of the policy assignment.
- scope – The scope of the policy assignment.
- definition_name – The name of the policy definition to assign.
- display_name – The display name of the policy assignment.
- description – The policy assignment description.
- parameters – Required dictionary if a parameter is used in the policy rule. Note that parameters will require a “value” key underneath the actual parameter name before specifying the values being passed. See the example for details.
- enforcement_mode – The policy assignment enforcement mode. Possible values are “Default” and DoNotEnforce”.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Restrict Allowed Locations : azurerm.resource.policy.assignment_present : - name: AllowedLocations - scope: /subscriptions/bc75htn-a0fhsi-349b-56gh-4fghti-f84852 - definition_name: e56962a6-4747-49cd-b67b-bf8b01975c4c - display_name: Allowed Locations - description: This policy enables restriction of locations you can specify when deploying resources - parameters: listOfAllowedLocations: value: - centralus - eastus - eastus2 - northcentralus - southcentralus - westcentralus - westus - westus2
-
idem_azurerm.states.azurerm.resource.policy.
definition_absent
(hub, ctx, name, connection_auth=None, **kwargs)¶ New in version 1.0.0.
Ensure a policy definition does not exist in the current subscription.
Parameters: - name – Name of the policy definition.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure definition absent: azurerm.resource.policy.definition_absent: - name: test_def
-
idem_azurerm.states.azurerm.resource.policy.
definition_present
(hub, ctx, name, policy_rule=None, policy_type=None, mode=None, display_name=None, description=None, metadata=None, parameters=None, policy_rule_json=None, policy_rule_file=None, template='jinja', source_hash=None, source_hash_name=None, skip_verify=False, connection_auth=None, **kwargs)¶ New in version 1.0.0.
Changed in version 2.0.0,: 4.0.0
Ensure a security policy definition exists.
Parameters: - name – Name of the policy definition.
- policy_rule – A YAML dictionary defining the policy rule. See Azure Policy Definition documentation for details on the
structure. One of
policy_rule
,policy_rule_json
, orpolicy_rule_file
is required, in that order of precedence for use if multiple parameters are used. - policy_rule_json –
A text field defining the entirety of a policy definition in JSON. See Azure Policy Definition documentation for details on the structure. One of
policy_rule
,policy_rule_json
, orpolicy_rule_file
is required, in that order of precedence for use if multiple parameters are used. Note that the name field in the JSON will override thename
parameter in the state. - policy_rule_file –
The local source location of a JSON file defining the entirety of a policy definition. See Azure Policy Definition documentation for details on the structure. One of
policy_rule
,policy_rule_json
, orpolicy_rule_file
is required, in that order of precedence for use if multiple parameters are used. Note that the name field in the JSON will override thename
parameter in the state. - policy_type – The type of policy definition. Possible values are “NotSpecified”, “BuiltIn”, “Static”, and “Custom”. Only used
with the
policy_rule
parameter. - mode – The policy definition mode. Possible values include, but are not limited to, “NotSpecified”, “Indexed”, “All”, and “Microsoft.KeyVault.Data”. Only used with thev``policy_rule`` parameter.
- display_name – The display name of the policy definition. Only used with the
policy_rule
parameter. - description – The policy definition description. Only used with the
policy_rule
parameter. - metadata – The policy definition metadata defined as a dictionary. Only used with the
policy_rule
parameter. - parameters – Required dictionary if a parameter is used in the policy rule. Only used with the
policy_rule
parameter. - connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure policy definition exists: azurerm.resource.policy.definition_present: - name: testpolicy - display_name: Test Policy - description: Test policy for testing policies. - policy_rule: if: allOf: - equals: Microsoft.Compute/virtualMachines/write source: action - field: location in: - eastus - eastus2 - centralus then: effect: deny