ansible / ansible.builtin / v2.9.7 / module / azure_rm_lock Manage Azure locks | "added in version" 2.9 of ansible.builtin" Authors: Yuwei Zhou (@yuwzho) preview | supported by communityansible.builtin.azure_rm_lock (v2.9.7) — module
pip
Install with pip install ansible==2.9.7
Create, delete an Azure lock.
To create or delete management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions.
Of the built-in roles, only Owner and User Access Administrator are granted those actions.
- name: Create a lock for a resource azure_rm_lock: managed_resource_id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM name: myLock level: read_only
- name: Create a lock for a resource group azure_rm_lock: managed_resource_id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/myResourceGroup name: myLock level: read_only
- name: Create a lock for a resource group azure_rm_lock: resource_group: myResourceGroup name: myLock level: read_only
- name: Create a lock for a subscription azure_rm_lock: name: myLock level: read_only
name: description: - Name of the lock. required: true type: str level: choices: - can_not_delete - read_only description: - The lock level type. type: str state: choices: - absent - present default: present description: - State of the lock. - Use C(present) to create or update a lock and C(absent) to delete a lock. type: str secret: description: - Azure client secret. Use when authenticating with a Service Principal. type: str tenant: description: - Azure tenant ID. Use when authenticating with a Service Principal. type: str ad_user: description: - Active Directory username. Use when authenticating with an Active Directory user rather than service principal. type: str profile: description: - Security profile found in ~/.azure/credentials file. type: str log_mode: description: - Parent argument. type: str log_path: description: - Parent argument. type: str password: description: - Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. type: str client_id: description: - Azure client ID. Use when authenticating with a Service Principal. type: str thumbprint: description: - The thumbprint of the private key specified in I(x509_certificate_path). - Use when authenticating with a Service Principal. - Required if I(x509_certificate_path) is defined. type: str version_added: 1.14.0 version_added_collection: azure.azcollection api_profile: default: latest description: - Selects an API profile to use when communicating with Azure services. Default value of C(latest) is appropriate for public clouds; future values will allow use with Azure Stack. type: str version_added: 0.0.1 version_added_collection: azure.azcollection auth_source: choices: - auto - cli - credential_file - env - msi default: auto description: - Controls the source of the credentials to use for authentication. - Can also be set via the C(ANSIBLE_AZURE_AUTH_SOURCE) environment variable. - When set to C(auto) (the default) the precedence is module parameters -> C(env) -> C(credential_file) -> C(cli). - When set to C(env), the credentials will be read from the environment variables - When set to C(credential_file), it will read the profile from C(~/.azure/credentials). - When set to C(cli), the credentials will be sources from the Azure CLI profile. C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID) can be used to identify the subscription ID if more than one is present otherwise the default az cli subscription is used. - When set to C(msi), the host machine must be an azure resource with an enabled MSI extension. C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID) can be used to identify the subscription ID if the resource is granted access to more than one subscription, otherwise the first subscription is chosen. - The C(msi) was added in Ansible 2.6. type: str version_added: 0.0.1 version_added_collection: azure.azcollection resource_group: description: - Manage a lock for the named resource group. - Mutually exclusive with I(managed_resource_id). - If neither I(managed_resource_id) or I(resource_group) are specified, manage a lock for the current subscription. type: str subscription_id: description: - Your Azure subscription Id. type: str cloud_environment: default: AzureCloud description: - For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, C(AzureChinaCloud), C(AzureUSGovernment)), or a metadata discovery endpoint URL (required for Azure Stack). Can also be set via credential file profile or the C(AZURE_CLOUD_ENVIRONMENT) environment variable. type: str version_added: 0.0.1 version_added_collection: azure.azcollection adfs_authority_url: description: - Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. type: str version_added: 0.0.1 version_added_collection: azure.azcollection managed_resource_id: description: - Manage a lock for the specified resource ID. - Mutually exclusive with I(resource_group). - If neither I(managed_resource_id) or I(resource_group) are specified, manage a lock for the current subscription. - '''/subscriptions/{subscriptionId}'' for subscriptions.' - '''/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}'' for resource groups.' - '''/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{namespace}/{resourceType}/{resourceName}'' for resources.' type: str cert_validation_mode: choices: - ignore - validate description: - Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing C(ignore). Can also be set via credential file profile or the C(AZURE_CERT_VALIDATION) environment variable. type: str version_added: 0.0.1 version_added_collection: azure.azcollection x509_certificate_path: description: - Path to the X509 certificate used to create the service principal in PEM format. - The certificate must be appended to the private key. - Use when authenticating with a Service Principal. type: path version_added: 1.14.0 version_added_collection: azure.azcollection
id: description: - Resource ID of the lock. returned: success sample: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Authorization/locks/keep type: str