azure.azcollection.azure_rm_lock – Manage Azure locks
This plugin is part of the azure.azcollection collection (version 1.10.0).
You might already have this collection installed if you are using the
It is not included in
To check whether it is installed, run
ansible-galaxy collection list.
To install it, use:
ansible-galaxy collection install azure.azcollection.
To use it in a playbook, specify:
New in version 0.1.2: of azure.azcollection
Create, delete an Azure lock.
To create or delete management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions.
Of the built-in roles, only Owner and User Access Administrator are granted those actions.
The below requirements are needed on the host that executes this module.
python >= 2.7
The host that executes this module must have the azure.azcollection collection installed via galaxy
All python packages listed in collection’s requirements-azure.txt must be installed via pip on the host that executes modules from azure.azcollection
Full installation instructions may be found https://galaxy.ansible.com/azure/azcollection
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
- name: Create a lock for a resource azure_rm_lock: managed_resource_id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM name: myLock level: read_only - name: Create a lock for a resource group azure_rm_lock: managed_resource_id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/myResourceGroup name: myLock level: read_only - name: Create a lock for a resource group azure_rm_lock: resource_group: myResourceGroup name: myLock level: read_only - name: Create a lock for a subscription azure_rm_lock: name: myLock level: read_only
Common return values are documented here, the following are the fields unique to this module:
Resource ID of the lock.