ansible / ansible.builtin / v2.9.7 / module / azure_rm_storageaccount Manage Azure storage accounts | "added in version" 2.1 of ansible.builtin" Authors: Chris Houseknecht (@chouseknecht), Matt Davis (@nitzmahone) preview | supported by communityansible.builtin.azure_rm_storageaccount (v2.9.7) — module
pip
Install with pip install ansible==2.9.7
Create, update or delete a storage account.
- name: remove account, if it exists azure_rm_storageaccount: resource_group: myResourceGroup name: clh0002 state: absent
- name: create an account azure_rm_storageaccount: resource_group: myResourceGroup name: clh0002 type: Standard_RAGRS tags: testing: testing delete: on-exit
- name: create an account with blob CORS azure_rm_storageaccount: resource_group: myResourceGroup name: clh002 type: Standard_RAGRS blob_cors: - allowed_origins: - http://www.example.com/ allowed_methods: - GET - POST allowed_headers: - x-ms-meta-data* - x-ms-meta-target* - x-ms-meta-abc exposed_headers: - x-ms-meta-* max_age_in_seconds: 200
kind: choices: - Storage - StorageV2 - BlobStorage default: Storage description: - The kind of storage. version_added: '2.2' version_added_collection: ansible.builtin name: description: - Name of the storage account to update or create. tags: description: - Dictionary of string:string pairs to assign as metadata to the object. - Metadata tags on the object will be updated with any provided values. - To remove tags set append_tags option to false. - Currently, Azure DNS zones and Traffic Manager services also don't allow the use of spaces in the tag. - Azure Front Door doesn't support the use of - Azure Automation and Azure CDN only support 15 tags on resources. type: dict state: choices: - absent - present default: present description: - State of the storage account. Use C(present) to create or update a storage account and use C(absent) to delete an account. secret: description: - Azure client secret. Use when authenticating with a Service Principal. type: str tenant: description: - Azure tenant ID. Use when authenticating with a Service Principal. type: str ad_user: description: - Active Directory username. Use when authenticating with an Active Directory user rather than service principal. type: str profile: description: - Security profile found in ~/.azure/credentials file. type: str location: description: - Valid Azure location. Defaults to location of the resource group. log_mode: description: - Parent argument. type: str log_path: description: - Parent argument. type: str password: description: - Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. type: str blob_cors: description: - Specifies CORS rules for the Blob service. - You can include up to five CorsRule elements in the request. - If no blob_cors elements are included in the argument list, nothing about CORS will be changed. - If you want to delete all CORS rules and disable CORS for the Blob service, explicitly set I(blob_cors=[]). suboptions: allowed_headers: description: - A list of headers allowed to be part of the cross-origin request. required: true type: list allowed_methods: description: - A list of HTTP methods that are allowed to be executed by the origin. required: true type: list allowed_origins: description: - A list of origin domains that will be allowed via CORS, or "*" to allow all domains. required: true type: list exposed_headers: description: - A list of response headers to expose to CORS clients. required: true type: list max_age_in_seconds: description: - The number of seconds that the client/browser should cache a preflight response. required: true type: int type: list version_added: '2.8' version_added_collection: ansible.builtin client_id: description: - Azure client ID. Use when authenticating with a Service Principal. type: str https_only: description: - Allows https traffic only to storage service when set to C(true). type: bool version_added: '2.8' version_added_collection: ansible.builtin thumbprint: description: - The thumbprint of the private key specified in I(x509_certificate_path). - Use when authenticating with a Service Principal. - Required if I(x509_certificate_path) is defined. type: str version_added: 1.14.0 version_added_collection: azure.azcollection access_tier: choices: - Hot - Cool description: - The access tier for this storage account. Required when I(kind=BlobStorage). version_added: '2.4' version_added_collection: ansible.builtin api_profile: default: latest description: - Selects an API profile to use when communicating with Azure services. Default value of C(latest) is appropriate for public clouds; future values will allow use with Azure Stack. type: str version_added: 0.0.1 version_added_collection: azure.azcollection append_tags: default: true description: - Use to control if tags field is canonical or just appends to existing tags. - When canonical, any tags not found in the tags parameter will be removed from the object's metadata. type: bool auth_source: choices: - auto - cli - credential_file - env - msi default: auto description: - Controls the source of the credentials to use for authentication. - Can also be set via the C(ANSIBLE_AZURE_AUTH_SOURCE) environment variable. - When set to C(auto) (the default) the precedence is module parameters -> C(env) -> C(credential_file) -> C(cli). - When set to C(env), the credentials will be read from the environment variables - When set to C(credential_file), it will read the profile from C(~/.azure/credentials). - When set to C(cli), the credentials will be sources from the Azure CLI profile. C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID) can be used to identify the subscription ID if more than one is present otherwise the default az cli subscription is used. - When set to C(msi), the host machine must be an azure resource with an enabled MSI extension. C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID) can be used to identify the subscription ID if the resource is granted access to more than one subscription, otherwise the first subscription is chosen. - The C(msi) was added in Ansible 2.6. type: str version_added: 0.0.1 version_added_collection: azure.azcollection account_type: aliases: - type choices: - Premium_LRS - Standard_GRS - Standard_LRS - StandardSSD_LRS - Standard_RAGRS - Standard_ZRS - Premium_ZRS description: - Type of storage account. Required when creating a storage account. - C(Standard_ZRS) and C(Premium_LRS) accounts cannot be changed to other account types. - Other account types cannot be changed to C(Standard_ZRS) or C(Premium_LRS). custom_domain: aliases: - custom_dns_domain_suffix description: - User domain assigned to the storage account. - Must be a dictionary with I(name) and I(use_sub_domain) keys where I(name) is the CNAME source. - Only one custom domain is supported per storage account at this time. - To clear the existing custom domain, use an empty string for the custom domain name property. - Can be added to an existing storage account. Will be ignored during storage account creation. resource_group: aliases: - resource_group_name description: - Name of the resource group to use. required: true subscription_id: description: - Your Azure subscription Id. type: str cloud_environment: default: AzureCloud description: - For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, C(AzureChinaCloud), C(AzureUSGovernment)), or a metadata discovery endpoint URL (required for Azure Stack). Can also be set via credential file profile or the C(AZURE_CLOUD_ENVIRONMENT) environment variable. type: str version_added: 0.0.1 version_added_collection: azure.azcollection adfs_authority_url: description: - Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. type: str version_added: 0.0.1 version_added_collection: azure.azcollection cert_validation_mode: choices: - ignore - validate description: - Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing C(ignore). Can also be set via credential file profile or the C(AZURE_CERT_VALIDATION) environment variable. type: str version_added: 0.0.1 version_added_collection: azure.azcollection force_delete_nonempty: aliases: - force description: - Attempt deletion if resource already exists and cannot be updated. type: bool x509_certificate_path: description: - Path to the X509 certificate used to create the service principal in PEM format. - The certificate must be appended to the private key. - Use when authenticating with a Service Principal. type: path version_added: 1.14.0 version_added_collection: azure.azcollection
state: contains: account_type: description: - Type of storage account. returned: always sample: Standard_RAGRS type: str custom_domain: contains: name: description: - CNAME source. returned: always sample: testaccount type: str use_sub_domain: description: - Whether to use sub domain. returned: always sample: true type: bool description: - User domain assigned to the storage account. returned: always type: complex id: description: - Resource ID. returned: always sample: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/clh0003 type: str location: description: - Valid Azure location. Defaults to location of the resource group. returned: always sample: eastus2 type: str name: description: - Name of the storage account to update or create. returned: always sample: clh0003 type: str primary_endpoints: description: - The URLs to retrieve the public I(blob), I(queue), or I(table) object from the primary location. returned: always sample: blob: https://clh0003.blob.core.windows.net/ queue: https://clh0003.queue.core.windows.net/ table: https://clh0003.table.core.windows.net/ type: dict primary_location: description: - The location of the primary data center for the storage account. returned: always sample: eastus2 type: str provisioning_state: description: - The status of the storage account. - Possible values include C(Creating), C(ResolvingDNS), C(Succeeded). returned: always sample: Succeeded type: str resource_group: description: - The resource group's name. returned: always sample: Testing type: str secondary_endpoints: description: - The URLs to retrieve the public I(blob), I(queue), or I(table) object from the secondary location. returned: always sample: blob: https://clh0003-secondary.blob.core.windows.net/ queue: https://clh0003-secondary.queue.core.windows.net/ table: https://clh0003-secondary.table.core.windows.net/ type: dict secondary_location: description: - The location of the geo-replicated secondary for the storage account. returned: always sample: centralus type: str status_of_primary: description: - The status of the primary location of the storage account; either C(available) or C(unavailable). returned: always sample: available type: str status_of_secondary: description: - The status of the secondary location of the storage account; either C(available) or C(unavailable). returned: always sample: available type: str tags: description: - Resource tags. returned: always sample: tags1: value1 type: dict type: description: - The storage account type. returned: always sample: Microsoft.Storage/storageAccounts type: str description: - Current state of the storage account. returned: always type: complex