golden hour
/opt/saltstack/salt/lib/python3.10/site-packages/salt/states
⬆️ Go Up
Upload
File/Folder
Size
Actions
__init__.py
25 B
Del
OK
__pycache__
-
Del
OK
acme.py
5.08 KB
Del
OK
alias.py
2.49 KB
Del
OK
alternatives.py
6.75 KB
Del
OK
ansiblegate.py
7.93 KB
Del
OK
apache.py
3.95 KB
Del
OK
apache_conf.py
2.72 KB
Del
OK
apache_module.py
2.73 KB
Del
OK
apache_site.py
2.66 KB
Del
OK
aptpkg.py
1.42 KB
Del
OK
archive.py
68.24 KB
Del
OK
artifactory.py
6.84 KB
Del
OK
at.py
7.48 KB
Del
OK
augeas.py
10.57 KB
Del
OK
aws_sqs.py
2.59 KB
Del
OK
azurearm_compute.py
11.78 KB
Del
OK
azurearm_dns.py
26.05 KB
Del
OK
azurearm_network.py
89.12 KB
Del
OK
azurearm_resource.py
28.23 KB
Del
OK
beacon.py
7.58 KB
Del
OK
bigip.py
96.63 KB
Del
OK
blockdev.py
5.13 KB
Del
OK
boto3_elasticache.py
48.01 KB
Del
OK
boto3_elasticsearch.py
32.58 KB
Del
OK
boto3_route53.py
37.54 KB
Del
OK
boto3_sns.py
12.69 KB
Del
OK
boto_apigateway.py
82.83 KB
Del
OK
boto_asg.py
31.93 KB
Del
OK
boto_cfn.py
11.53 KB
Del
OK
boto_cloudfront.py
6.01 KB
Del
OK
boto_cloudtrail.py
13.18 KB
Del
OK
boto_cloudwatch_alarm.py
6.4 KB
Del
OK
boto_cloudwatch_event.py
12.33 KB
Del
OK
boto_cognitoidentity.py
13.69 KB
Del
OK
boto_datapipeline.py
18.5 KB
Del
OK
boto_dynamodb.py
29.32 KB
Del
OK
boto_ec2.py
71.98 KB
Del
OK
boto_elasticache.py
16.75 KB
Del
OK
boto_elasticsearch_domain.py
12.27 KB
Del
OK
boto_elb.py
55.1 KB
Del
OK
boto_elbv2.py
12.19 KB
Del
OK
boto_iam.py
69.16 KB
Del
OK
boto_iam_role.py
27.12 KB
Del
OK
boto_iot.py
25.33 KB
Del
OK
boto_kinesis.py
16.69 KB
Del
OK
boto_kms.py
12.11 KB
Del
OK
boto_lambda.py
35.52 KB
Del
OK
boto_lc.py
11.04 KB
Del
OK
boto_rds.py
26 KB
Del
OK
boto_route53.py
19.49 KB
Del
OK
boto_s3.py
9.32 KB
Del
OK
boto_s3_bucket.py
24.67 KB
Del
OK
boto_secgroup.py
32.62 KB
Del
OK
boto_sns.py
8.92 KB
Del
OK
boto_sqs.py
7.97 KB
Del
OK
boto_vpc.py
62.23 KB
Del
OK
bower.py
8.26 KB
Del
OK
btrfs.py
10.34 KB
Del
OK
cabal.py
5.73 KB
Del
OK
ceph.py
1.9 KB
Del
OK
chef.py
3.76 KB
Del
OK
chocolatey.py
16.15 KB
Del
OK
chronos_job.py
4.6 KB
Del
OK
cimc.py
14.32 KB
Del
OK
cisconso.py
3.14 KB
Del
OK
cloud.py
14.4 KB
Del
OK
cmd.py
40.92 KB
Del
OK
composer.py
8.38 KB
Del
OK
consul.py
5.4 KB
Del
OK
cron.py
23.39 KB
Del
OK
cryptdev.py
6.17 KB
Del
OK
csf.py
9.98 KB
Del
OK
cyg.py
7.05 KB
Del
OK
ddns.py
4.2 KB
Del
OK
debconfmod.py
6.33 KB
Del
OK
dellchassis.py
24.49 KB
Del
OK
disk.py
6.49 KB
Del
OK
docker_container.py
85.27 KB
Del
OK
docker_image.py
16.7 KB
Del
OK
docker_network.py
36.78 KB
Del
OK
docker_volume.py
6.72 KB
Del
OK
drac.py
4.17 KB
Del
OK
dvs.py
26.29 KB
Del
OK
elasticsearch.py
20.38 KB
Del
OK
elasticsearch_index.py
3.25 KB
Del
OK
elasticsearch_index_template.py
3.67 KB
Del
OK
environ.py
5.81 KB
Del
OK
eselect.py
2.27 KB
Del
OK
esxcluster.py
22.4 KB
Del
OK
esxdatacenter.py
4.44 KB
Del
OK
esxi.py
63.07 KB
Del
OK
esxvm.py
20.11 KB
Del
OK
etcd_mod.py
11 KB
Del
OK
ethtool.py
9.88 KB
Del
OK
event.py
2.48 KB
Del
OK
file.py
316.7 KB
Del
OK
firewall.py
1.33 KB
Del
OK
firewalld.py
26.08 KB
Del
OK
gem.py
7.13 KB
Del
OK
git.py
123.85 KB
Del
OK
github.py
27.25 KB
Del
OK
glance_image.py
2.26 KB
Del
OK
glassfish.py
21.47 KB
Del
OK
glusterfs.py
12.21 KB
Del
OK
gnomedesktop.py
7.47 KB
Del
OK
gpg.py
5.28 KB
Del
OK
grafana.py
12.11 KB
Del
OK
grafana4_dashboard.py
17.31 KB
Del
OK
grafana4_datasource.py
6.15 KB
Del
OK
grafana4_org.py
7.73 KB
Del
OK
grafana4_user.py
5.52 KB
Del
OK
grafana_dashboard.py
17.74 KB
Del
OK
grafana_datasource.py
5.31 KB
Del
OK
grains.py
15.57 KB
Del
OK
group.py
9.84 KB
Del
OK
heat.py
9.69 KB
Del
OK
helm.py
10.39 KB
Del
OK
hg.py
6.33 KB
Del
OK
highstate_doc.py
1.41 KB
Del
OK
host.py
8.64 KB
Del
OK
http.py
7.46 KB
Del
OK
icinga2.py
9.07 KB
Del
OK
idem.py
3.91 KB
Del
OK
ifttt.py
2.12 KB
Del
OK
incron.py
5.71 KB
Del
OK
influxdb08_database.py
2.85 KB
Del
OK
influxdb08_user.py
3.39 KB
Del
OK
influxdb_continuous_query.py
2.83 KB
Del
OK
influxdb_database.py
2.11 KB
Del
OK
influxdb_retention_policy.py
4.82 KB
Del
OK
influxdb_user.py
4.84 KB
Del
OK
infoblox_a.py
4.24 KB
Del
OK
infoblox_cname.py
4.19 KB
Del
OK
infoblox_host_record.py
6.59 KB
Del
OK
infoblox_range.py
6.85 KB
Del
OK
ini_manage.py
12.67 KB
Del
OK
ipmi.py
8.42 KB
Del
OK
ipset.py
9.66 KB
Del
OK
iptables.py
27.65 KB
Del
OK
jboss7.py
23.95 KB
Del
OK
jenkins.py
3.36 KB
Del
OK
junos.py
17.78 KB
Del
OK
kapacitor.py
6.46 KB
Del
OK
kernelpkg.py
6.42 KB
Del
OK
keyboard.py
2.01 KB
Del
OK
keystone.py
27.12 KB
Del
OK
keystone_domain.py
2.81 KB
Del
OK
keystone_endpoint.py
4.69 KB
Del
OK
keystone_group.py
3.25 KB
Del
OK
keystone_project.py
3.36 KB
Del
OK
keystone_role.py
2.33 KB
Del
OK
keystone_role_grant.py
4.08 KB
Del
OK
keystone_service.py
2.89 KB
Del
OK
keystone_user.py
3.47 KB
Del
OK
keystore.py
5.67 KB
Del
OK
kmod.py
8.59 KB
Del
OK
kubernetes.py
24.87 KB
Del
OK
layman.py
2.44 KB
Del
OK
ldap.py
19.78 KB
Del
OK
libcloud_dns.py
5.7 KB
Del
OK
libcloud_loadbalancer.py
5.66 KB
Del
OK
libcloud_storage.py
5.13 KB
Del
OK
linux_acl.py
24.42 KB
Del
OK
locale.py
2.52 KB
Del
OK
logadm.py
4.67 KB
Del
OK
logrotate.py
3.86 KB
Del
OK
loop.py
7.74 KB
Del
OK
lvm.py
13.33 KB
Del
OK
lvs_server.py
6.28 KB
Del
OK
lvs_service.py
4.38 KB
Del
OK
lxc.py
22.17 KB
Del
OK
lxd.py
7.88 KB
Del
OK
lxd_container.py
22.25 KB
Del
OK
lxd_image.py
10.59 KB
Del
OK
lxd_profile.py
7.11 KB
Del
OK
mac_assistive.py
1.55 KB
Del
OK
mac_keychain.py
5.59 KB
Del
OK
mac_xattr.py
3.15 KB
Del
OK
macdefaults.py
2.65 KB
Del
OK
macpackage.py
6.76 KB
Del
OK
makeconf.py
6.87 KB
Del
OK
marathon_app.py
4.45 KB
Del
OK
mdadm_raid.py
6.41 KB
Del
OK
memcached.py
3.95 KB
Del
OK
modjk.py
2.84 KB
Del
OK
modjk_worker.py
6.49 KB
Del
OK
module.py
18.64 KB
Del
OK
mongodb_database.py
1.65 KB
Del
OK
mongodb_user.py
6.26 KB
Del
OK
monit.py
2.68 KB
Del
OK
mount.py
50.32 KB
Del
OK
mssql_database.py
3 KB
Del
OK
mssql_login.py
3.64 KB
Del
OK
mssql_role.py
2.37 KB
Del
OK
mssql_user.py
3.51 KB
Del
OK
msteams.py
2.53 KB
Del
OK
mysql_database.py
6.05 KB
Del
OK
mysql_grants.py
8.49 KB
Del
OK
mysql_query.py
13.07 KB
Del
OK
mysql_user.py
9.51 KB
Del
OK
net_napalm_yang.py
9.15 KB
Del
OK
netacl.py
31.92 KB
Del
OK
netconfig.py
33.42 KB
Del
OK
netntp.py
12.51 KB
Del
OK
netsnmp.py
11.33 KB
Del
OK
netusers.py
16.1 KB
Del
OK
network.py
23.97 KB
Del
OK
neutron_network.py
3.96 KB
Del
OK
neutron_secgroup.py
4 KB
Del
OK
neutron_secgroup_rule.py
4.75 KB
Del
OK
neutron_subnet.py
4.29 KB
Del
OK
nexus.py
4.97 KB
Del
OK
nfs_export.py
4.92 KB
Del
OK
nftables.py
19.5 KB
Del
OK
npm.py
11.21 KB
Del
OK
ntp.py
2.12 KB
Del
OK
nxos.py
10.37 KB
Del
OK
nxos_upgrade.py
3.5 KB
Del
OK
openstack_config.py
3.26 KB
Del
OK
openvswitch_bridge.py
4.36 KB
Del
OK
openvswitch_db.py
2.24 KB
Del
OK
openvswitch_port.py
17.24 KB
Del
OK
opsgenie.py
4.07 KB
Del
OK
pagerduty.py
1.89 KB
Del
OK
pagerduty_escalation_policy.py
5.42 KB
Del
OK
pagerduty_schedule.py
6.09 KB
Del
OK
pagerduty_service.py
3.93 KB
Del
OK
pagerduty_user.py
1.18 KB
Del
OK
panos.py
48.13 KB
Del
OK
pbm.py
20.46 KB
Del
OK
pcs.py
36.46 KB
Del
OK
pdbedit.py
3.43 KB
Del
OK
pecl.py
3.65 KB
Del
OK
pip_state.py
38.55 KB
Del
OK
pkg.py
138.08 KB
Del
OK
pkgbuild.py
11.37 KB
Del
OK
pkgng.py
685 B
Del
OK
pkgrepo.py
27.53 KB
Del
OK
portage_config.py
5.01 KB
Del
OK
ports.py
5.65 KB
Del
OK
postgres_cluster.py
4.19 KB
Del
OK
postgres_database.py
6.08 KB
Del
OK
postgres_extension.py
5.68 KB
Del
OK
postgres_group.py
8.52 KB
Del
OK
postgres_initdb.py
2.84 KB
Del
OK
postgres_language.py
3.94 KB
Del
OK
postgres_privileges.py
7.86 KB
Del
OK
postgres_schema.py
4.34 KB
Del
OK
postgres_tablespace.py
6.62 KB
Del
OK
postgres_user.py
9.49 KB
Del
OK
powerpath.py
2.34 KB
Del
OK
probes.py
15.06 KB
Del
OK
process.py
1.32 KB
Del
OK
proxy.py
4.94 KB
Del
OK
pushover.py
3.13 KB
Del
OK
pyenv.py
6.07 KB
Del
OK
pyrax_queues.py
2.97 KB
Del
OK
quota.py
1.4 KB
Del
OK
rabbitmq_cluster.py
1.84 KB
Del
OK
rabbitmq_plugin.py
2.77 KB
Del
OK
rabbitmq_policy.py
4.59 KB
Del
OK
rabbitmq_upstream.py
7.9 KB
Del
OK
rabbitmq_user.py
8.89 KB
Del
OK
rabbitmq_vhost.py
3.04 KB
Del
OK
rbac_solaris.py
6.67 KB
Del
OK
rbenv.py
7.36 KB
Del
OK
rdp.py
1.28 KB
Del
OK
redismod.py
4.76 KB
Del
OK
reg.py
19.22 KB
Del
OK
restconf.py
6.41 KB
Del
OK
rsync.py
4.45 KB
Del
OK
rvm.py
6.56 KB
Del
OK
salt_proxy.py
1.34 KB
Del
OK
saltmod.py
33.12 KB
Del
OK
saltutil.py
8.91 KB
Del
OK
schedule.py
12.47 KB
Del
OK
selinux.py
18.61 KB
Del
OK
serverdensity_device.py
6.41 KB
Del
OK
service.py
37.89 KB
Del
OK
slack.py
4.98 KB
Del
OK
smartos.py
44.83 KB
Del
OK
smtp.py
2.3 KB
Del
OK
snapper.py
7.24 KB
Del
OK
solrcloud.py
4.48 KB
Del
OK
splunk.py
4.32 KB
Del
OK
splunk_search.py
3.17 KB
Del
OK
sqlite3.py
14.7 KB
Del
OK
ssh_auth.py
19.57 KB
Del
OK
ssh_known_hosts.py
7.92 KB
Del
OK
stateconf.py
494 B
Del
OK
status.py
2.21 KB
Del
OK
statuspage.py
17.29 KB
Del
OK
supervisord.py
10.48 KB
Del
OK
svn.py
8.14 KB
Del
OK
sysctl.py
4.11 KB
Del
OK
sysfs.py
2.13 KB
Del
OK
syslog_ng.py
2.97 KB
Del
OK
sysrc.py
2.82 KB
Del
OK
telemetry_alert.py
7.04 KB
Del
OK
test.py
13.09 KB
Del
OK
testinframod.py
1.35 KB
Del
OK
timezone.py
3.42 KB
Del
OK
tls.py
1.81 KB
Del
OK
tomcat.py
9.72 KB
Del
OK
trafficserver.py
8.82 KB
Del
OK
tuned.py
3.32 KB
Del
OK
uptime.py
1.87 KB
Del
OK
user.py
38.63 KB
Del
OK
vagrant.py
11.4 KB
Del
OK
vault.py
3.28 KB
Del
OK
vbox_guest.py
4.05 KB
Del
OK
victorops.py
3.32 KB
Del
OK
virt.py
80.41 KB
Del
OK
virtualenv_mod.py
11.21 KB
Del
OK
webutil.py
3.89 KB
Del
OK
win_certutil.py
4.8 KB
Del
OK
win_dacl.py
7.96 KB
Del
OK
win_dism.py
14.97 KB
Del
OK
win_dns_client.py
8.32 KB
Del
OK
win_firewall.py
6.87 KB
Del
OK
win_iis.py
31.56 KB
Del
OK
win_lgpo.py
24.99 KB
Del
OK
win_lgpo_reg.py
10.96 KB
Del
OK
win_license.py
1.6 KB
Del
OK
win_network.py
14.18 KB
Del
OK
win_path.py
6.39 KB
Del
OK
win_pki.py
5.56 KB
Del
OK
win_powercfg.py
3.79 KB
Del
OK
win_servermanager.py
10.4 KB
Del
OK
win_shortcut.py
7.81 KB
Del
OK
win_smtp_server.py
10.01 KB
Del
OK
win_snmp.py
6.64 KB
Del
OK
win_system.py
13.78 KB
Del
OK
win_wua.py
16.27 KB
Del
OK
win_wusa.py
3.53 KB
Del
OK
winrepo.py
2.74 KB
Del
OK
wordpress.py
4.82 KB
Del
OK
x509.py
27.86 KB
Del
OK
x509_v2.py
64.78 KB
Del
OK
xml.py
1.75 KB
Del
OK
xmpp.py
2.61 KB
Del
OK
zabbix_action.py
9.35 KB
Del
OK
zabbix_host.py
27.25 KB
Del
OK
zabbix_hostgroup.py
5.64 KB
Del
OK
zabbix_mediatype.py
16.89 KB
Del
OK
zabbix_template.py
35.14 KB
Del
OK
zabbix_user.py
17.6 KB
Del
OK
zabbix_usergroup.py
9.64 KB
Del
OK
zabbix_usermacro.py
9.69 KB
Del
OK
zabbix_valuemap.py
8.11 KB
Del
OK
zcbuildout.py
5.16 KB
Del
OK
zenoss.py
2.89 KB
Del
OK
zfs.py
34.48 KB
Del
OK
zk_concurrency.py
5.81 KB
Del
OK
zone.py
46.48 KB
Del
OK
zookeeper.py
11.55 KB
Del
OK
zpool.py
13.4 KB
Del
OK
Edit: azurearm_resource.py
""" Azure (ARM) Resource State Module .. versionadded:: 2019.2.0 .. warning:: This cloud provider will be removed from Salt in version 3007 in favor of the `saltext.azurerm Salt Extension <https://github.com/salt-extensions/saltext-azurerm>`_ :maintainer: <devops@eitr.tech> :maturity: new :depends: * `azure <https://pypi.python.org/pypi/azure>`_ >= 2.0.0 * `azure-common <https://pypi.python.org/pypi/azure-common>`_ >= 1.1.8 * `azure-mgmt <https://pypi.python.org/pypi/azure-mgmt>`_ >= 1.0.0 * `azure-mgmt-compute <https://pypi.python.org/pypi/azure-mgmt-compute>`_ >= 1.0.0 * `azure-mgmt-network <https://pypi.python.org/pypi/azure-mgmt-network>`_ >= 1.7.1 * `azure-mgmt-resource <https://pypi.python.org/pypi/azure-mgmt-resource>`_ >= 1.1.0 * `azure-mgmt-storage <https://pypi.python.org/pypi/azure-mgmt-storage>`_ >= 1.0.0 * `azure-mgmt-web <https://pypi.python.org/pypi/azure-mgmt-web>`_ >= 0.32.0 * `azure-storage <https://pypi.python.org/pypi/azure-storage>`_ >= 0.34.3 * `msrestazure <https://pypi.python.org/pypi/msrestazure>`_ >= 0.4.21 :platform: linux :configuration: This module requires Azure Resource Manager credentials to be passed as a dictionary of keyword arguments to the ``connection_auth`` parameter in order to work properly. Since the authentication parameters are sensitive, it's recommended to pass them to the states via pillar. Required provider parameters: if using username and password: * ``subscription_id`` * ``username`` * ``password`` if using a service principal: * ``subscription_id`` * ``tenant`` * ``client_id`` * ``secret`` Optional provider parameters: **cloud_environment**: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values: * ``AZURE_PUBLIC_CLOUD`` (default) * ``AZURE_CHINA_CLOUD`` * ``AZURE_US_GOV_CLOUD`` * ``AZURE_GERMAN_CLOUD`` Example Pillar for Azure Resource Manager authentication: .. code-block:: yaml azurearm: user_pass_auth: subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617 username: fletch password: 123pass mysubscription: subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617 tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF secret: XXXXXXXXXXXXXXXXXXXXXXXX cloud_environment: AZURE_PUBLIC_CLOUD Example states using Azure Resource Manager authentication: .. code-block:: jinja {% set profile = salt['pillar.get']('azurearm:mysubscription') %} Ensure resource group exists: azurearm_resource.resource_group_present: - name: my_rg - location: westus - tags: how_awesome: very contact_name: Elmer Fudd Gantry - connection_auth: {{ profile }} Ensure resource group is absent: azurearm_resource.resource_group_absent: - name: other_rg - connection_auth: {{ profile }} """ import json import logging from functools import wraps import salt.utils.azurearm import salt.utils.files __virtualname__ = "azurearm_resource" log = logging.getLogger(__name__) def __virtual__(): """ Only make this state available if the azurearm_resource module is available. """ if "azurearm_resource.resource_group_check_existence" in __salt__: return __virtualname__ return (False, "azurearm_resource module could not be loaded") def _deprecation_message(function): """ Decorator wrapper to warn about azurearm deprecation """ @wraps(function) def wrapped(*args, **kwargs): salt.utils.versions.warn_until( "Chlorine", "The 'azurearm' functionality in Salt has been deprecated and its " "functionality will be removed in version 3007 in favor of the " "saltext.azurerm Salt Extension. " "(https://github.com/salt-extensions/saltext-azurerm)", category=FutureWarning, ) ret = function(*args, **salt.utils.args.clean_kwargs(**kwargs)) return ret return wrapped @_deprecation_message def resource_group_present( name, location, managed_by=None, tags=None, connection_auth=None, **kwargs ): """ .. versionadded:: 2019.2.0 Ensure a resource group exists. :param name: Name of the resource group. :param location: The Azure location in which to create the resource group. This value cannot be updated once the resource group is created. :param managed_by: The ID of the resource that manages this resource group. This value cannot be updated once the resource group is created. :param tags: A dictionary of strings can be passed as tag metadata to the resource group object. :param connection_auth: A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API. Example usage: .. code-block:: yaml Ensure resource group exists: azurearm_resource.resource_group_present: - name: group1 - location: eastus - tags: contact_name: Elmer Fudd Gantry - connection_auth: {{ profile }} """ ret = {"name": name, "result": False, "comment": "", "changes": {}} if not isinstance(connection_auth, dict): ret[ "comment" ] = "Connection information must be specified via connection_auth dictionary!" return ret group = {} present = __salt__["azurearm_resource.resource_group_check_existence"]( name, **connection_auth ) if present: group = __salt__["azurearm_resource.resource_group_get"]( name, **connection_auth ) ret["changes"] = __utils__["dictdiffer.deep_diff"]( group.get("tags", {}), tags or {} ) if not ret["changes"]: ret["result"] = True ret["comment"] = "Resource group {} is already present.".format(name) return ret if __opts__["test"]: ret["comment"] = "Resource group {} tags would be updated.".format(name) ret["result"] = None ret["changes"] = {"old": group.get("tags", {}), "new": tags} return ret elif __opts__["test"]: ret["comment"] = "Resource group {} would be created.".format(name) ret["result"] = None ret["changes"] = { "old": {}, "new": { "name": name, "location": location, "managed_by": managed_by, "tags": tags, }, } return ret group_kwargs = kwargs.copy() group_kwargs.update(connection_auth) group = __salt__["azurearm_resource.resource_group_create_or_update"]( name, location, managed_by=managed_by, tags=tags, **group_kwargs ) present = __salt__["azurearm_resource.resource_group_check_existence"]( name, **connection_auth ) if present: ret["result"] = True ret["comment"] = "Resource group {} has been created.".format(name) ret["changes"] = {"old": {}, "new": group} return ret ret["comment"] = "Failed to create resource group {}! ({})".format( name, group.get("error") ) return ret @_deprecation_message def resource_group_absent(name, connection_auth=None): """ .. versionadded:: 2019.2.0 Ensure a resource group does not exist in the current subscription. :param name: Name of the resource group. :param connection_auth: A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API. """ ret = {"name": name, "result": False, "comment": "", "changes": {}} if not isinstance(connection_auth, dict): ret[ "comment" ] = "Connection information must be specified via connection_auth dictionary!" return ret group = {} present = __salt__["azurearm_resource.resource_group_check_existence"]( name, **connection_auth ) if not present: ret["result"] = True ret["comment"] = "Resource group {} is already absent.".format(name) return ret elif __opts__["test"]: group = __salt__["azurearm_resource.resource_group_get"]( name, **connection_auth ) ret["comment"] = "Resource group {} would be deleted.".format(name) ret["result"] = None ret["changes"] = { "old": group, "new": {}, } return ret group = __salt__["azurearm_resource.resource_group_get"](name, **connection_auth) deleted = __salt__["azurearm_resource.resource_group_delete"]( name, **connection_auth ) if deleted: present = False else: present = __salt__["azurearm_resource.resource_group_check_existence"]( name, **connection_auth ) if not present: ret["result"] = True ret["comment"] = "Resource group {} has been deleted.".format(name) ret["changes"] = {"old": group, "new": {}} return ret ret["comment"] = "Failed to delete resource group {}!".format(name) return ret @_deprecation_message def policy_definition_present( name, policy_rule=None, policy_type=None, mode=None, display_name=None, description=None, metadata=None, parameters=None, policy_rule_json=None, policy_rule_file=None, template="jinja", source_hash=None, source_hash_name=None, skip_verify=False, connection_auth=None, **kwargs ): """ .. versionadded:: 2019.2.0 Ensure a security policy definition exists. :param name: Name of the policy definition. :param policy_rule: A YAML dictionary defining the policy rule. See `Azure Policy Definition documentation <https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition#policy-rule>`_ for details on the structure. One of ``policy_rule``, ``policy_rule_json``, or ``policy_rule_file`` is required, in that order of precedence for use if multiple parameters are used. :param policy_rule_json: A text field defining the entirety of a policy definition in JSON. See `Azure Policy Definition documentation <https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition#policy-rule>`_ for details on the structure. One of ``policy_rule``, ``policy_rule_json``, or ``policy_rule_file`` is required, in that order of precedence for use if multiple parameters are used. Note that the `name` field in the JSON will override the ``name`` parameter in the state. :param policy_rule_file: The source of a JSON file defining the entirety of a policy definition. See `Azure Policy Definition documentation <https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition#policy-rule>`_ for details on the structure. One of ``policy_rule``, ``policy_rule_json``, or ``policy_rule_file`` is required, in that order of precedence for use if multiple parameters are used. Note that the `name` field in the JSON will override the ``name`` parameter in the state. :param skip_verify: Used for the ``policy_rule_file`` parameter. If ``True``, hash verification of remote file sources (``http://``, ``https://``, ``ftp://``) will be skipped, and the ``source_hash`` argument will be ignored. :param source_hash: This can be a source hash string or the URI of a file that contains source hash strings. :param source_hash_name: When ``source_hash`` refers to a hash file, Salt will try to find the correct hash by matching the filename/URI associated with that hash. :param policy_type: The type of policy definition. Possible values are NotSpecified, BuiltIn, and Custom. Only used with the ``policy_rule`` parameter. :param mode: The policy definition mode. Possible values are NotSpecified, Indexed, and All. Only used with the ``policy_rule`` parameter. :param display_name: The display name of the policy definition. Only used with the ``policy_rule`` parameter. :param description: The policy definition description. Only used with the ``policy_rule`` parameter. :param metadata: The policy definition metadata defined as a dictionary. Only used with the ``policy_rule`` parameter. :param parameters: Required dictionary if a parameter is used in the policy rule. Only used with the ``policy_rule`` parameter. :param connection_auth: A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API. Example usage: .. code-block:: yaml Ensure policy definition exists: azurearm_resource.policy_definition_present: - name: testpolicy - display_name: Test Policy - description: Test policy for testing policies. - policy_rule: if: allOf: - equals: Microsoft.Compute/virtualMachines/write source: action - field: location in: - eastus - eastus2 - centralus then: effect: deny - connection_auth: {{ profile }} """ ret = {"name": name, "result": False, "comment": "", "changes": {}} if not isinstance(connection_auth, dict): ret[ "comment" ] = "Connection information must be specified via connection_auth dictionary!" return ret if not policy_rule and not policy_rule_json and not policy_rule_file: ret["comment"] = ( 'One of "policy_rule", "policy_rule_json", or "policy_rule_file" is' " required!" ) return ret if ( sum(x is not None for x in [policy_rule, policy_rule_json, policy_rule_file]) > 1 ): ret["comment"] = ( 'Only one of "policy_rule", "policy_rule_json", or "policy_rule_file" is' " allowed!" ) return ret if (policy_rule_json or policy_rule_file) and ( policy_type or mode or display_name or description or metadata or parameters ): ret["comment"] = ( 'Policy definitions cannot be passed when "policy_rule_json" or' ' "policy_rule_file" is defined!' ) return ret temp_rule = {} if policy_rule_json: try: temp_rule = json.loads(policy_rule_json) except Exception as exc: # pylint: disable=broad-except ret["comment"] = "Unable to load policy rule json! ({})".format(exc) return ret elif policy_rule_file: try: # pylint: disable=unused-variable sfn, source_sum, comment_ = __salt__["file.get_managed"]( None, template, policy_rule_file, source_hash, source_hash_name, None, None, None, __env__, None, None, skip_verify=skip_verify, **kwargs ) except Exception as exc: # pylint: disable=broad-except ret["comment"] = 'Unable to locate policy rule file "{}"! ({})'.format( policy_rule_file, exc ) return ret if not sfn: ret["comment"] = 'Unable to locate policy rule file "{}"!)'.format( policy_rule_file ) return ret try: with salt.utils.files.fopen(sfn, "r") as prf: temp_rule = json.load(prf) except Exception as exc: # pylint: disable=broad-except ret["comment"] = 'Unable to load policy rule file "{}"! ({})'.format( policy_rule_file, exc ) return ret if sfn: salt.utils.files.remove(sfn) policy_name = name if policy_rule_json or policy_rule_file: if temp_rule.get("name"): policy_name = temp_rule.get("name") policy_rule = temp_rule.get("properties", {}).get("policyRule") policy_type = temp_rule.get("properties", {}).get("policyType") mode = temp_rule.get("properties", {}).get("mode") display_name = temp_rule.get("properties", {}).get("displayName") description = temp_rule.get("properties", {}).get("description") metadata = temp_rule.get("properties", {}).get("metadata") parameters = temp_rule.get("properties", {}).get("parameters") policy = __salt__["azurearm_resource.policy_definition_get"]( name, azurearm_log_level="info", **connection_auth ) if "error" not in policy: if policy_type and policy_type.lower() != policy.get("policy_type", "").lower(): ret["changes"]["policy_type"] = { "old": policy.get("policy_type"), "new": policy_type, } if (mode or "").lower() != policy.get("mode", "").lower(): ret["changes"]["mode"] = {"old": policy.get("mode"), "new": mode} if (display_name or "").lower() != policy.get("display_name", "").lower(): ret["changes"]["display_name"] = { "old": policy.get("display_name"), "new": display_name, } if (description or "").lower() != policy.get("description", "").lower(): ret["changes"]["description"] = { "old": policy.get("description"), "new": description, } rule_changes = __utils__["dictdiffer.deep_diff"]( policy.get("policy_rule", {}), policy_rule or {} ) if rule_changes: ret["changes"]["policy_rule"] = rule_changes meta_changes = __utils__["dictdiffer.deep_diff"]( policy.get("metadata", {}), metadata or {} ) if meta_changes: ret["changes"]["metadata"] = meta_changes param_changes = __utils__["dictdiffer.deep_diff"]( policy.get("parameters", {}), parameters or {} ) if param_changes: ret["changes"]["parameters"] = param_changes if not ret["changes"]: ret["result"] = True ret["comment"] = "Policy definition {} is already present.".format(name) return ret if __opts__["test"]: ret["comment"] = "Policy definition {} would be updated.".format(name) ret["result"] = None return ret else: ret["changes"] = { "old": {}, "new": { "name": policy_name, "policy_type": policy_type, "mode": mode, "display_name": display_name, "description": description, "metadata": metadata, "parameters": parameters, "policy_rule": policy_rule, }, } if __opts__["test"]: ret["comment"] = "Policy definition {} would be created.".format(name) ret["result"] = None return ret # Convert OrderedDict to dict if isinstance(metadata, dict): metadata = json.loads(json.dumps(metadata)) if isinstance(parameters, dict): parameters = json.loads(json.dumps(parameters)) policy_kwargs = kwargs.copy() policy_kwargs.update(connection_auth) policy = __salt__["azurearm_resource.policy_definition_create_or_update"]( name=policy_name, policy_rule=policy_rule, policy_type=policy_type, mode=mode, display_name=display_name, description=description, metadata=metadata, parameters=parameters, **policy_kwargs ) if "error" not in policy: ret["result"] = True ret["comment"] = "Policy definition {} has been created.".format(name) return ret ret["comment"] = "Failed to create policy definition {}! ({})".format( name, policy.get("error") ) return ret @_deprecation_message def policy_definition_absent(name, connection_auth=None): """ .. versionadded:: 2019.2.0 Ensure a policy definition does not exist in the current subscription. :param name: Name of the policy definition. :param connection_auth: A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API. """ ret = {"name": name, "result": False, "comment": "", "changes": {}} if not isinstance(connection_auth, dict): ret[ "comment" ] = "Connection information must be specified via connection_auth dictionary!" return ret policy = __salt__["azurearm_resource.policy_definition_get"]( name, azurearm_log_level="info", **connection_auth ) if "error" in policy: ret["result"] = True ret["comment"] = "Policy definition {} is already absent.".format(name) return ret elif __opts__["test"]: ret["comment"] = "Policy definition {} would be deleted.".format(name) ret["result"] = None ret["changes"] = { "old": policy, "new": {}, } return ret deleted = __salt__["azurearm_resource.policy_definition_delete"]( name, **connection_auth ) if deleted: ret["result"] = True ret["comment"] = "Policy definition {} has been deleted.".format(name) ret["changes"] = {"old": policy, "new": {}} return ret ret["comment"] = "Failed to delete policy definition {}!".format(name) return ret @_deprecation_message def policy_assignment_present( name, scope, definition_name, display_name=None, description=None, assignment_type=None, parameters=None, connection_auth=None, **kwargs ): """ .. versionadded:: 2019.2.0 Ensure a security policy assignment exists. :param name: Name of the policy assignment. :param scope: The scope of the policy assignment. :param definition_name: The name of the policy definition to assign. :param display_name: The display name of the policy assignment. :param description: The policy assignment description. :param assignment_type: The type of policy assignment. :param parameters: Required dictionary if a parameter is used in the policy rule. :param connection_auth: A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API. Example usage: .. code-block:: yaml Ensure policy assignment exists: azurearm_resource.policy_assignment_present: - name: testassign - scope: /subscriptions/bc75htn-a0fhsi-349b-56gh-4fghti-f84852 - definition_name: testpolicy - display_name: Test Assignment - description: Test assignment for testing assignments. - connection_auth: {{ profile }} """ ret = {"name": name, "result": False, "comment": "", "changes": {}} if not isinstance(connection_auth, dict): ret[ "comment" ] = "Connection information must be specified via connection_auth dictionary!" return ret policy = __salt__["azurearm_resource.policy_assignment_get"]( name, scope, azurearm_log_level="info", **connection_auth ) if "error" not in policy: if ( assignment_type and assignment_type.lower() != policy.get("type", "").lower() ): ret["changes"]["type"] = {"old": policy.get("type"), "new": assignment_type} if scope.lower() != policy["scope"].lower(): ret["changes"]["scope"] = {"old": policy["scope"], "new": scope} pa_name = policy["policy_definition_id"].split("/")[-1] if definition_name.lower() != pa_name.lower(): ret["changes"]["definition_name"] = {"old": pa_name, "new": definition_name} if (display_name or "").lower() != policy.get("display_name", "").lower(): ret["changes"]["display_name"] = { "old": policy.get("display_name"), "new": display_name, } if (description or "").lower() != policy.get("description", "").lower(): ret["changes"]["description"] = { "old": policy.get("description"), "new": description, } param_changes = __utils__["dictdiffer.deep_diff"]( policy.get("parameters", {}), parameters or {} ) if param_changes: ret["changes"]["parameters"] = param_changes if not ret["changes"]: ret["result"] = True ret["comment"] = "Policy assignment {} is already present.".format(name) return ret if __opts__["test"]: ret["comment"] = "Policy assignment {} would be updated.".format(name) ret["result"] = None return ret else: ret["changes"] = { "old": {}, "new": { "name": name, "scope": scope, "definition_name": definition_name, "type": assignment_type, "display_name": display_name, "description": description, "parameters": parameters, }, } if __opts__["test"]: ret["comment"] = "Policy assignment {} would be created.".format(name) ret["result"] = None return ret if isinstance(parameters, dict): parameters = json.loads(json.dumps(parameters)) policy_kwargs = kwargs.copy() policy_kwargs.update(connection_auth) policy = __salt__["azurearm_resource.policy_assignment_create"]( name=name, scope=scope, definition_name=definition_name, type=assignment_type, display_name=display_name, description=description, parameters=parameters, **policy_kwargs ) if "error" not in policy: ret["result"] = True ret["comment"] = "Policy assignment {} has been created.".format(name) return ret ret["comment"] = "Failed to create policy assignment {}! ({})".format( name, policy.get("error") ) return ret @_deprecation_message def policy_assignment_absent(name, scope, connection_auth=None): """ .. versionadded:: 2019.2.0 Ensure a policy assignment does not exist in the provided scope. :param name: Name of the policy assignment. :param scope: The scope of the policy assignment. connection_auth A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API. """ ret = {"name": name, "result": False, "comment": "", "changes": {}} if not isinstance(connection_auth, dict): ret[ "comment" ] = "Connection information must be specified via connection_auth dictionary!" return ret policy = __salt__["azurearm_resource.policy_assignment_get"]( name, scope, azurearm_log_level="info", **connection_auth ) if "error" in policy: ret["result"] = True ret["comment"] = "Policy assignment {} is already absent.".format(name) return ret elif __opts__["test"]: ret["comment"] = "Policy assignment {} would be deleted.".format(name) ret["result"] = None ret["changes"] = { "old": policy, "new": {}, } return ret deleted = __salt__["azurearm_resource.policy_assignment_delete"]( name, scope, **connection_auth ) if deleted: ret["result"] = True ret["comment"] = "Policy assignment {} has been deleted.".format(name) ret["changes"] = {"old": policy, "new": {}} return ret ret["comment"] = "Failed to delete policy assignment {}!".format(name) return ret
Save