azure.azcollection.azure_rm_lock – Manage Azure locks¶
This plugin is part of the azure.azcollection collection (version 1.7.0).
To install it use:
ansible-galaxy collection install azure.azcollection.
To use it in a playbook, specify:
New in version 0.1.2: of azure.azcollection
Create, delete an Azure lock.
To create or delete management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions.
Of the built-in roles, only Owner and User Access Administrator are granted those actions.
The below requirements are needed on the host that executes this module.
python >= 2.7
The host that executes this module must have the azure.azcollection collection installed via galaxy
All python packages listed in collection’s requirements-azure.txt must be installed via pip on the host that executes modules from azure.azcollection
Full installation instructions may be found https://galaxy.ansible.com/azure/azcollection
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
- name: Create a lock for a resource azure_rm_lock: managed_resource_id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM name: myLock level: read_only - name: Create a lock for a resource group azure_rm_lock: managed_resource_id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/myResourceGroup name: myLock level: read_only - name: Create a lock for a resource group azure_rm_lock: resource_group: myResourceGroup name: myLock level: read_only - name: Create a lock for a subscription azure_rm_lock: name: myLock level: read_only
Common return values are documented here, the following are the fields unique to this module:
Resource ID of the lock.