states.azurerm.storage.account

Azure Resource Manager (ARM) Storage Account State Module

New in version 2.0.0.

Changed in version 4.0.0.

maintainer:

<devops@eitr.tech>
configuration:

This module requires Azure Resource Manager credentials to be passed via acct. Note that the authentication parameters are case sensitive.

Required provider parameters:

if using username and password:
  • subscription_id
  • username
  • password
if using a service principal:
  • subscription_id
  • tenant
  • client_id
  • secret

Optional provider parameters:

cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:

  • AZURE_PUBLIC_CLOUD (default)
  • AZURE_CHINA_CLOUD
  • AZURE_US_GOV_CLOUD
  • AZURE_GERMAN_CLOUD

Example acct setup for Azure Resource Manager authentication:

azurerm:
    default:
        subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
        tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
        client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
        secret: XXXXXXXXXXXXXXXXXXXXXXXX
        cloud_environment: AZURE_PUBLIC_CLOUD
    user_pass_auth:
        subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
        username: fletch
        password: 123pass

The authentication parameters can also be passed as a dictionary of keyword arguments to the connection_auth parameter of each state, but this is not preferred and could be deprecated in the future.
idem_azurerm.states.azurerm.storage.account.absent(hub, ctx, name, resource_group, connection_auth=None, **kwargs)

New in version 2.0.0.

Ensure a storage account does not exist in the resource group.

Parameters:
  • name – The name of the storage account being deleted.
  • resource_group – The name of the resource group that the storage account belongs to.
  • connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure storage account does not exist:
    azurerm.storage.account.absent:
        - name: my_account
        - resource_group: my_rg
idem_azurerm.states.azurerm.storage.account.present(hub, ctx, name, resource_group, sku, kind, location, custom_domain=None, network_rule_set=None, access_tier=None, azure_files_identity_based_auth=None, https_traffic_only=None, hns_enabled=None, large_file_shares=None, routing_preference=None, blob_public_access=None, minimum_tls_version=None, tags=None, connection_auth=None, **kwargs)

New in version 2.0.0.

Changed in version 4.0.0.

Ensure a storage account exists in the resource group.

Parameters:
  • name – The name of the storage account being created. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
  • resource_group – The name of the resource group that the storage account belongs to.
  • sku – The name of the storage account SKU. Possible values include: ‘Standard_LRS’, ‘Standard_GRS’, ‘Standard_RAGRS’, ‘Standard_ZRS’, ‘Premium_LRS’, ‘Premium_ZRS’, ‘Standard_GZRS’, and ‘Standard_RAGZRS’.
  • kind – Indicates the type of storage account. Possible values include: ‘Storage’, ‘StorageV2’, ‘BlobStorage’, ‘FileStorage’, and ‘BlockBlobStorage’.
  • location – Gets or sets the location of the resource. This will be one of the supported and registered Azure Geo Regions (e.g. West US, East US, Southeast Asia, etc.). The geo region of a resource cannot be changed once it is created, but if an identical geo region is specified on update, the request will succeed.
  • custom_domain

    User domain assigned to the storage account. Valid parameters are:

    • name: Required. Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source. To clear the existing custom domain, use an empty string for this property.
    • use_sub_domain_name: Indicates whether indirect CName validation is enabled. Default value is False. This should only be set on updates.
  • network_rule_set – A dictionary representing a NetworkRuleSet object.
  • access_tier – The access tier is used for billing. Required when the kind parameter is set to “BlobStorage”. Possible values include: ‘Hot’ and ‘Cool’.
  • azure_files_identity_based_auth – A dictionary representing an AzureFilesIdentityBasedAuthentication object. Provides the identity based authentication settings for Azure Files.
  • https_traffic_only – Allows https traffic only to storage service if set to True. The default value is True.
  • hns_enabled – A boolean flag specifying whether theaccount hierarchical namespace is enabled.
  • large_file_shares – Allow large file shares if sets to ‘Enabled’. It cannot be disabled once it is enabled. Possible values include: ‘Disabled’, ‘Enabled’.
  • routing_preference – A dictionary representing a RoutingPreference object. Maintains information about the network routing choice opted by the user for data transfer.
  • blob_public_access – A boolean flag specifying whether public access is allowed to all blobs or containers in the storage account. The default value is True.
  • minimum_tls_version – Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property. Possible values include: ‘TLS1_0’, ‘TLS1_1’, ‘TLS1_2’.
  • tags – A dictionary of strings can be passed as metadata to the storage account.
  • connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure storage account exists:
    azurerm.storage.account.present:
        - name: my_account
        - resource_group: my_rg
        - sku: 'Standard_LRS'
        - kind: 'Storage'
        - location: 'eastus'
        - tags:
            contact_name: Elmer Fudd Gantry