azure / azure.azcollection / 0.3.0 / module / azure_rm_storageaccount Manage Azure storage accounts | "added in version" 2.1 of azure.azcollection" Authors: Chris Houseknecht (@chouseknecht), Matt Davis (@nitzmahone) preview | supported by communityazure.azcollection.azure_rm_storageaccount (0.3.0) — module
Install with ansible-galaxy collection install azure.azcollection:==0.3.0
collections: - name: azure.azcollection version: 0.3.0
Create, update or delete a storage account.
- name: remove account, if it exists azure_rm_storageaccount: resource_group: myResourceGroup name: clh0002 state: absent
- name: create an account azure_rm_storageaccount: resource_group: myResourceGroup name: clh0002 type: Standard_RAGRS tags: testing: testing delete: on-exit
- name: Create an account with kind of FileStorage azure_rm_storageaccount: resource_group: myResourceGroup name: c1h0002 type: Premium_LRS kind: FileStorage tags: testing: testing
- name: configure firewall and virtual networks azure_rm_storageaccount: resource_group: myResourceGroup name: clh0002 type: Standard_RAGRS network_acls: bypass: AzureServices,Metrics default_action: Deny virtual_network_rules: - id: /subscriptions/mySubscriptionId/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVnet/subnets/mySubnet action: Allow ip_rules: - value: 1.2.3.4 action: Allow - value: 123.234.123.0/24 action: Allow
- name: create an account with blob CORS azure_rm_storageaccount: resource_group: myResourceGroup name: clh002 type: Standard_RAGRS blob_cors: - allowed_origins: - http://www.example.com/ allowed_methods: - GET - POST allowed_headers: - x-ms-meta-data* - x-ms-meta-target* - x-ms-meta-abc exposed_headers: - x-ms-meta-* max_age_in_seconds: 200
kind: choices: - Storage - StorageV2 - BlobStorage - BlockBlobStorage - FileStorage default: Storage description: - The kind of storage. - The C(FileStorage) and (BlockBlobStorage) only used when I(account_type=Premium_LRS). version_added: '2.2' version_added_collection: azure.azcollection name: description: - Name of the storage account to update or create. tags: description: - Dictionary of string:string pairs to assign as metadata to the object. - Metadata tags on the object will be updated with any provided values. - To remove tags set append_tags option to false. type: dict state: choices: - absent - present default: present description: - State of the storage account. Use C(present) to create or update a storage account and use C(absent) to delete an account. secret: description: - Azure client secret. Use when authenticating with a Service Principal. type: str tenant: description: - Azure tenant ID. Use when authenticating with a Service Principal. type: str ad_user: description: - Active Directory username. Use when authenticating with an Active Directory user rather than service principal. type: str profile: description: - Security profile found in ~/.azure/credentials file. type: str location: description: - Valid Azure location. Defaults to location of the resource group. password: description: - Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. type: str blob_cors: description: - Specifies CORS rules for the Blob service. - You can include up to five CorsRule elements in the request. - If no blob_cors elements are included in the argument list, nothing about CORS will be changed. - If you want to delete all CORS rules and disable CORS for the Blob service, explicitly set I(blob_cors=[]). suboptions: allowed_headers: description: - A list of headers allowed to be part of the cross-origin request. required: true type: list allowed_methods: description: - A list of HTTP methods that are allowed to be executed by the origin. required: true type: list allowed_origins: description: - A list of origin domains that will be allowed via CORS, or "*" to allow all domains. required: true type: list exposed_headers: description: - A list of response headers to expose to CORS clients. required: true type: list max_age_in_seconds: description: - The number of seconds that the client/browser should cache a preflight response. required: true type: int type: list version_added: '2.8' version_added_collection: azure.azcollection client_id: description: - Azure client ID. Use when authenticating with a Service Principal. type: str https_only: description: - Allows https traffic only to storage service when set to C(true). type: bool version_added: '2.8' version_added_collection: azure.azcollection access_tier: choices: - Hot - Cool description: - The access tier for this storage account. Required when I(kind=BlobStorage). version_added: '2.4' version_added_collection: azure.azcollection api_profile: default: latest description: - Selects an API profile to use when communicating with Azure services. Default value of C(latest) is appropriate for public clouds; future values will allow use with Azure Stack. type: str version_added: '2.5' version_added_collection: azure.azcollection append_tags: default: true description: - Use to control if tags field is canonical or just appends to existing tags. - When canonical, any tags not found in the tags parameter will be removed from the object's metadata. type: bool auth_source: choices: - auto - cli - credential_file - env - msi description: - Controls the source of the credentials to use for authentication. - If not specified, ANSIBLE_AZURE_AUTH_SOURCE environment variable will be used and default to C(auto) if variable is not defined. - C(auto) will follow the default precedence of module parameters -> environment variables -> default profile in credential file C(~/.azure/credentials). - When set to C(cli), the credentials will be sources from the default Azure CLI profile. - Can also be set via the C(ANSIBLE_AZURE_AUTH_SOURCE) environment variable. - When set to C(msi), the host machine must be an azure resource with an enabled MSI extension. C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID) can be used to identify the subscription ID if the resource is granted access to more than one subscription, otherwise the first subscription is chosen. - The C(msi) was added in Ansible 2.6. type: str version_added: '2.5' version_added_collection: azure.azcollection account_type: aliases: - type choices: - Premium_LRS - Standard_GRS - Standard_LRS - Standard_RAGRS - Standard_ZRS - Premium_ZRS description: - Type of storage account. Required when creating a storage account. - C(Standard_ZRS) and C(Premium_LRS) accounts cannot be changed to other account types. - Other account types cannot be changed to C(Standard_ZRS) or C(Premium_LRS). network_acls: description: - Manages the Firewall and virtual networks settings of the storage account. suboptions: bypass: default: AzureServices description: - When I(default_action=Deny) this controls which Azure components can still reach the Storage Account. - The list is comma separated. - It can be any combination of the example C(AzureServices), C(Logging), C(Metrics). - If no Azure components are allowed, explicitly set I(bypass=""). suboptions: ip_rules: description: - A list of IP addresses or ranges in CIDR format. suboptions: action: default: Allow description: - The only logical I(action=Allow) because this setting is only accessible when I(default_action=Deny). value: description: - The IP address or range. virtual_network_rules: description: - A list of subnets and their actions. suboptions: action: default: Allow description: - The only logical I(action=Allow) because this setting is only accessible when I(default_action=Deny). id: description: - The complete path to the subnet. default_action: choices: - Allow - Deny default: Allow description: - Default firewall traffic rule. - If I(default_action=Allow) no other settings have effect. type: dict version_added: '2.10' version_added_collection: azure.azcollection custom_domain: aliases: - custom_dns_domain_suffix description: - User domain assigned to the storage account. - Must be a dictionary with I(name) and I(use_sub_domain) keys where I(name) is the CNAME source. - Only one custom domain is supported per storage account at this time. - To clear the existing custom domain, use an empty string for the custom domain name property. - Can be added to an existing storage account. Will be ignored during storage account creation. resource_group: aliases: - resource_group_name description: - Name of the resource group to use. required: true subscription_id: description: - Your Azure subscription Id. type: str cloud_environment: default: AzureCloud description: - For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, C(AzureChinaCloud), C(AzureUSGovernment)), or a metadata discovery endpoint URL (required for Azure Stack). Can also be set via credential file profile or the C(AZURE_CLOUD_ENVIRONMENT) environment variable. type: str version_added: '2.4' version_added_collection: azure.azcollection adfs_authority_url: description: - Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. type: str version_added: '2.6' version_added_collection: azure.azcollection cert_validation_mode: choices: - ignore - validate description: - Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing C(ignore). Can also be set via credential file profile or the C(AZURE_CERT_VALIDATION) environment variable. type: str version_added: '2.5' version_added_collection: azure.azcollection force_delete_nonempty: aliases: - force description: - Attempt deletion if resource already exists and cannot be updated. type: bool
state: contains: account_type: description: - Type of storage account. returned: always sample: Standard_RAGRS type: str custom_domain: contains: name: description: - CNAME source. returned: always sample: testaccount type: str use_sub_domain: description: - Whether to use sub domain. returned: always sample: true type: bool description: - User domain assigned to the storage account. returned: always type: complex id: description: - Resource ID. returned: always sample: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/clh0003 type: str location: description: - Valid Azure location. Defaults to location of the resource group. returned: always sample: eastus2 type: str name: description: - Name of the storage account to update or create. returned: always sample: clh0003 type: str network_acls: description: - A set of firewall and virtual network rules returned: always sample: bypass: AzureServices default_action: Deny ip_rules: - action: Allow value: 1.2.3.4 - action: Allow value: 123.234.123.0/24 virtual_network_rules: - action: Allow id: /subscriptions/mySubscriptionId/resourceGroups/myResourceGroup/ providers/Microsoft.Network/virtualNetworks/myVnet/subnets/mySubnet type: dict primary_endpoints: description: - The URLs to retrieve the public I(blob), I(queue), or I(table) object from the primary location. returned: always sample: blob: https://clh0003.blob.core.windows.net/ queue: https://clh0003.queue.core.windows.net/ table: https://clh0003.table.core.windows.net/ type: dict primary_location: description: - The location of the primary data center for the storage account. returned: always sample: eastus2 type: str provisioning_state: description: - The status of the storage account. - Possible values include C(Creating), C(ResolvingDNS), C(Succeeded). returned: always sample: Succeeded type: str resource_group: description: - The resource group's name. returned: always sample: Testing type: str secondary_endpoints: description: - The URLs to retrieve the public I(blob), I(queue), or I(table) object from the secondary location. returned: always sample: blob: https://clh0003-secondary.blob.core.windows.net/ queue: https://clh0003-secondary.queue.core.windows.net/ table: https://clh0003-secondary.table.core.windows.net/ type: dict secondary_location: description: - The location of the geo-replicated secondary for the storage account. returned: always sample: centralus type: str status_of_primary: description: - The status of the primary location of the storage account; either C(available) or C(unavailable). returned: always sample: available type: str status_of_secondary: description: - The status of the secondary location of the storage account; either C(available) or C(unavailable). returned: always sample: available type: str tags: description: - Resource tags. returned: always sample: tags1: value1 type: dict type: description: - The storage account type. returned: always sample: Microsoft.Storage/storageAccounts type: str description: - Current state of the storage account. returned: always type: complex