azure.azcollection.azure_rm_managementgroup_info module – Get Azure Management Group facts
Note
This module is part of the azure.azcollection collection (version 3.1.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install azure.azcollection
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: azure.azcollection.azure_rm_managementgroup_info
.
New in azure.azcollection 1.5.0
Synopsis
Get facts for a specific Management Group or all Management Groups.
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.7
The host that executes this module must have the azure.azcollection collection installed via galaxy
All python packages listed in collection’s requirements.txt must be installed via pip on the host that executes modules from azure.azcollection
Full installation instructions may be found https://galaxy.ansible.com/azure/azcollection
Parameters
Parameter |
Comments |
---|---|
Active Directory username. Use when authenticating with an Active Directory user rather than service principal. |
|
Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. |
|
Selects an API profile to use when communicating with Azure services. Default value of Default: |
|
Controls the source of the credentials to use for authentication. Can also be set via the When set to When set to When set to When set to When set to The Choices:
|
|
Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing Choices:
|
|
If c(False), then only name or id group will be fetched, or only the list of root groups. If c(True), then the children groups will also be returned. Choices:
|
|
Azure client ID. Use when authenticating with a Service Principal or Managed Identity (msi). Can also be set via the |
|
For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, Default: |
|
Determines whether or not instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By setting this to **True**, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy. Set via credential file profile or the Choices:
|
|
If c(True) then child management_groups and subscriptions will be copied to the root of the management_groups and subscriptions return list respectively. By default c(False), child elements will only apear in the nested complex. Option only matters when children is c(True), and will otherwise be silently ignored. Choices:
|
|
Limit results to a specific management group by id. Mutually exclusive with name. |
|
Parent argument. |
|
Parent argument. |
|
Limit results to a specific management group by name. Mutually exclusive with id. |
|
Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. |
|
Security profile found in ~/.azure/credentials file. |
|
By default, c(False), only the direct children are returned if children is c(True). If c(True), then all descendants of the heirarchy are returned. Option only matters when children is c(True), and will otherwise be silently ignored. Choices:
|
|
Azure client secret. Use when authenticating with a Service Principal. |
|
Your Azure subscription Id. |
|
Azure tenant ID. Use when authenticating with a Service Principal. |
|
The thumbprint of the private key specified in x509_certificate_path. Use when authenticating with a Service Principal. Required if x509_certificate_path is defined. |
|
Path to the X509 certificate used to create the service principal in PEM format. The certificate must be appended to the private key. Use when authenticating with a Service Principal. |
Notes
Note
azure_rm_managementgroup_info - The roles assigned to the principal executing the playbook will determine what is a root management_group. You may also be able to request the details of a parent management group, but unable to fetch that group. It is highly recommended that if children is set c(True) that specific management groups are requested since a list of all groups will require an additional Azure API call for each returned group.
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
az login
.Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
See Also
See also
- azure_rm_subscription_info
module to look up more in depth information on subscriptions; for example tags.
- azure_rm_roleassignment_info
module to look up RBAC role assignments, which can use management group id as scope.
- Sign in with Azure CLI
How to authenticate using the
az login
command.
Examples
- name: Get facts for all root management groups for authenticated principal
azure_rm_managementgroup_info:
- name: Get facts for one management group by id with direct children
azure_rm_managementgroup_info:
id: /providers/Microsoft.Management/managementGroups/contoso-group
children: true
- name: Get facts for one management group by name with all children, flattened into top list
azure_rm_managementgroup_info:
name: "contoso-group"
children: true
recurse: true
flatten: true
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
List of Management Group dicts. Returned: always |
|
Child management groups or subscriptions. Returned: if children is c(True) Sample: |
|
Management Group display name. Returned: always Sample: |
|
Management Group fully qualified id. Returned: always Sample: |
|
Management Group display name. Returned: always Sample: |
|
Management Group tenant id Returned: always Sample: |
|
Management Group type Returned: always Sample: |
|
List of subscription objects. Returned: if children and flatten are both c(True) |
|
subscription display name. Returned: always Sample: |
|
subscription fully qualified id. Returned: always Sample: |
|
subscription guid. Returned: always Sample: |
|
Management Group type Returned: always Sample: |