azure.azcollection.azure_rm_storageaccount_info module – Get storage account facts
Note
This module is part of the azure.azcollection collection (version 2.7.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install azure.azcollection
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: azure.azcollection.azure_rm_storageaccount_info
.
New in azure.azcollection 0.1.2
Synopsis
Get facts for one storage account or all storage accounts within a resource group.
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.7
The host that executes this module must have the azure.azcollection collection installed via galaxy
All python packages listed in collection’s requirements.txt must be installed via pip on the host that executes modules from azure.azcollection
Full installation instructions may be found https://galaxy.ansible.com/azure/azcollection
Parameters
Parameter |
Comments |
---|---|
Active Directory username. Use when authenticating with an Active Directory user rather than service principal. |
|
Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. |
|
Selects an API profile to use when communicating with Azure services. Default value of Default: |
|
Controls the source of the credentials to use for authentication. Can also be set via the When set to When set to When set to When set to When set to The Choices:
|
|
Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing Choices:
|
|
Azure client ID. Use when authenticating with a Service Principal or Managed Identity (msi). Can also be set via the |
|
For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, Default: |
|
Determines whether or not instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By setting this to **True**, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy. Set via credential file profile or the Choices:
|
|
Parent argument. |
|
Parent argument. |
|
Only show results for a specific account. |
|
Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. |
|
Security profile found in ~/.azure/credentials file. |
|
Limit results to a resource group. Required when filtering by name. |
|
Azure client secret. Use when authenticating with a Service Principal. |
|
Show the blob CORS settings for each blob related to the storage account. Querying all storage accounts will take a long time. Choices:
|
|
Show the connection string for each of the storageaccount’s endpoints. For convenient usage, show_connection_string will also show the access keys for each of the storageaccount’s endpoints. Note that it will cost a lot of time when list all storageaccount rather than query a single one. Choices:
|
|
Show the Geo Replication Stats for each storage account. Using this option on an account that does not support georeplication will cause a delay in getting results. Choices:
|
|
Your Azure subscription Id. |
|
Limit results by providing a list of tags. Format tags as ‘key’ or ‘key:value’. |
|
Azure tenant ID. Use when authenticating with a Service Principal. |
|
The thumbprint of the private key specified in x509_certificate_path. Use when authenticating with a Service Principal. Required if x509_certificate_path is defined. |
|
Path to the X509 certificate used to create the service principal in PEM format. The certificate must be appended to the private key. Use when authenticating with a Service Principal. |
Notes
Note
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
az login
.Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
See Also
See also
- Sign in with Azure CLI
How to authenticate using the
az login
command.
Examples
- name: Get facts for one account
azure_rm_storageaccount_info:
resource_group: myResourceGroup
name: clh0002
- name: Get facts for all accounts in a resource group
azure_rm_storageaccount_info:
resource_group: myResourceGroup
- name: Get facts for all accounts by tags
azure_rm_storageaccount_info:
tags:
- testing
- foo:bar
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
List of storage account dicts. Returned: always Sample: |
|
List of storage account dicts in resource module’s parameter format. Returned: always |
|
The access tier for this storage account. Returned: always Sample: |
|
Type of storage account.
Other account types cannot be changed to Returned: always Sample: |
|
Public access to all blobs or containers in the storage account allowed or disallowed. Returned: always Sample: |
|
Allow or disallow cross AAD tenant object replication. Returned: always Sample: |
|
Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. Returned: always Sample: |
|
User domain assigned to the storage account. Must be a dictionary with name and use_sub_domain keys where name is the CNAME source. Returned: always |
|
CNAME source. Returned: always Sample: |
|
Whether to use sub domain. Returned: always Sample: |
|
A boolean flag which indicates whether the default authentication is OAuth or not. The default interpretation is false for this property. Returned: always Sample: |
|
NFS 3.0 protocol. Returned: always Sample: |
|
The encryption settings on the storage account. Returned: always |
|
The encryption keySource (provider). Returned: always Sample: |
|
A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. Returned: always Sample: |
|
List of services which support encryption. Returned: always |
|
The encryption function of the blob storage service. Returned: always Sample: |
|
The encryption function of the file storage service. Returned: always Sample: |
|
The encryption function of the queue storage service. Returned: always Sample: |
|
The encryption function of the table storage service. Returned: always Sample: |
|
Status indicating the storage account is currently failing over to its secondary location. Returned: always Sample: |
|
Parameters related to the status of geo-replication. This will be null on accounts that don’t support geo-replication. Returned: always |
|
Property indicating if fail over is supported by the account. Returned: success Sample: |
|
Writes to the primary before this time are guaranteed to be replicated to the secondary. Returned: success Sample: |
|
Property showing status of the secondary region. Known values are “Live”, “Bootstrap”, and “Unavailable”. Returned: success Sample: |
|
Allows https traffic only to storage service when set to Returned: always Sample: |
|
Resource ID. Returned: always Sample: |
|
Account HierarchicalNamespace enabled if sets to true. Returned: always Sample: |
|
The kind of storage. Returned: always Sample: |
|
Allow large file shares if sets to Enabled. Returned: always Sample: |
|
Valid Azure location. Defaults to location of the resource group. Returned: always Sample: |
|
The minimum TLS version permitted on requests to storage. Returned: always Sample: |
|
Name of the storage account to update or create. Returned: always Sample: |
|
A set of firewall and virtual network rules Returned: always Sample: |
|
URLs to retrieve a public blob, file, queue, or table object. Note that Returned: always |
|
The primary blob endpoint and connection string. Returned: always |
|
Connectionstring of the blob endpoint. Returned: always Sample: |
|
The primary blob endpoint. Returned: always Sample: |
|
The primary file endpoint and connection string. Returned: always |
|
Connectionstring of the file endpoint. Returned: always Sample: |
|
The primary file endpoint. Returned: always Sample: |
|
The account key for the primary_endpoints Returned: always Sample: |
|
The primary queue endpoint and connection string. Returned: always |
|
Connectionstring of the queue endpoint. Returned: always Sample: |
|
The primary queue endpoint. Returned: always Sample: |
|
The primary table endpoint and connection string. Returned: always |
|
Connectionstring of the table endpoint. Returned: always Sample: |
|
The primary table endpoint. Returned: always Sample: |
|
The location of the primary data center for the storage account. Returned: always Sample: |
|
The status of the storage account at the time the operation was called. Possible values include Returned: always Sample: |
|
Public network access to Storage Account allowed or disallowed. Returned: always Sample: |
|
The URLs to retrieve a public blob, file, queue, or table object from the secondary location. Only available if the SKU name=Standard_RAGRS. Returned: always |
|
The secondary blob endpoint and connection string. Returned: always |
|
Connectionstring of the blob endpoint. Returned: always Sample: |
|
The secondary blob endpoint. Returned: always Sample: |
|
The secondary file endpoint and connection string. Returned: always |
|
Connectionstring of the file endpoint. Returned: always Sample: |
|
The secondary file endpoint. Returned: always Sample: |
|
The account key for the secondary_endpoints Returned: success Sample: |
|
The secondary queue endpoint and connection string. Returned: always |
|
Connectionstring of the queue endpoint. Returned: always Sample: |
|
The secondary queue endpoint. Returned: always Sample: |
|
The secondary table endpoint and connection string. Returned: always |
|
Connectionstring of the table endpoint. Returned: always Sample: |
|
The secondary table endpoint. Returned: always Sample: |
|
The location of the geo-replicated secondary for the storage account. Only available if the account_type=Standard_GRS or account_type=Standard_RAGRS. Returned: always Sample: |
|
Static website configuration for the storage account. Returned: always |
|
Whether this account is hosting a static website. Returned: always Sample: |
|
The absolute path of the custom 404 page. Returned: always Sample: |
|
The default name of the index page under each directory. Returned: always Sample: |
|
Status of the primary location of the storage account; either Returned: always Sample: |
|
Status of the secondary location of the storage account; either Returned: always Sample: |
|
Resource tags. Returned: always Sample: |