File Manager

003 File Manager

Current Path: /usr/local/lib/python3.8/site-packages/salt/states

usr / local / lib / python3.8 / site-packages / salt / states /

📁 ..
📄 __init__.py(25 B)
📁 __pycache__
📄 acme.py(5.08 KB)
📄 alias.py(2.49 KB)
📄 alternatives.py(6.75 KB)
📄 ansiblegate.py(7.61 KB)
📄 apache.py(3.95 KB)
📄 apache_conf.py(2.72 KB)
📄 apache_module.py(2.73 KB)
📄 apache_site.py(2.66 KB)
📄 aptpkg.py(1.42 KB)
📄 archive.py(67.76 KB)
📄 artifactory.py(6.84 KB)
📄 at.py(7.54 KB)
📄 augeas.py(10.57 KB)
📄 aws_sqs.py(2.59 KB)
📄 azurearm_compute.py(10.86 KB)
📄 azurearm_dns.py(25.09 KB)
📄 azurearm_network.py(87.86 KB)
📄 azurearm_resource.py(27.22 KB)
📄 beacon.py(7.58 KB)
📄 bigip.py(96.63 KB)
📄 blockdev.py(5.13 KB)
📄 boto3_elasticache.py(48.01 KB)
📄 boto3_elasticsearch.py(32.6 KB)
📄 boto3_route53.py(37.54 KB)
📄 boto3_sns.py(12.69 KB)
📄 boto_apigateway.py(82.78 KB)
📄 boto_asg.py(31.93 KB)
📄 boto_cfn.py(11.53 KB)
📄 boto_cloudfront.py(6.01 KB)
📄 boto_cloudtrail.py(13.18 KB)
📄 boto_cloudwatch_alarm.py(6.4 KB)
📄 boto_cloudwatch_event.py(12.33 KB)
📄 boto_cognitoidentity.py(13.69 KB)
📄 boto_datapipeline.py(18.5 KB)
📄 boto_dynamodb.py(29.32 KB)
📄 boto_ec2.py(71.98 KB)
📄 boto_elasticache.py(16.75 KB)
📄 boto_elasticsearch_domain.py(12.27 KB)
📄 boto_elb.py(55.1 KB)
📄 boto_elbv2.py(12.19 KB)
📄 boto_iam.py(69.16 KB)
📄 boto_iam_role.py(27.12 KB)
📄 boto_iot.py(25.33 KB)
📄 boto_kinesis.py(16.69 KB)
📄 boto_kms.py(12.11 KB)
📄 boto_lambda.py(35.52 KB)
📄 boto_lc.py(11.04 KB)
📄 boto_rds.py(26 KB)
📄 boto_route53.py(19.38 KB)
📄 boto_s3.py(9.32 KB)
📄 boto_s3_bucket.py(24.67 KB)
📄 boto_secgroup.py(32.62 KB)
📄 boto_sns.py(8.92 KB)
📄 boto_sqs.py(7.97 KB)
📄 boto_vpc.py(61.77 KB)
📄 bower.py(8.26 KB)
📄 btrfs.py(10.31 KB)
📄 cabal.py(5.73 KB)
📄 ceph.py(1.9 KB)
📄 chef.py(3.68 KB)
📄 chocolatey.py(17.33 KB)
📄 chronos_job.py(4.6 KB)
📄 cimc.py(14.32 KB)
📄 cisconso.py(3.14 KB)
📄 cloud.py(14.4 KB)
📄 cmd.py(41.24 KB)
📄 composer.py(8.38 KB)
📄 cron.py(23.39 KB)
📄 cryptdev.py(6.17 KB)
📄 csf.py(9.98 KB)
📄 cyg.py(7.05 KB)
📄 ddns.py(4.2 KB)
📄 debconfmod.py(6.33 KB)
📄 dellchassis.py(24.49 KB)
📄 disk.py(6.49 KB)
📄 docker_container.py(85.27 KB)
📄 docker_image.py(16.38 KB)
📄 docker_network.py(36.34 KB)
📄 docker_volume.py(6.72 KB)
📄 drac.py(4.17 KB)
📄 dvs.py(26.29 KB)
📄 elasticsearch.py(20.38 KB)
📄 elasticsearch_index.py(3.25 KB)
📄 elasticsearch_index_template.py(3.67 KB)
📄 environ.py(5.81 KB)
📄 eselect.py(2.27 KB)
📄 esxcluster.py(21.16 KB)
📄 esxdatacenter.py(3.24 KB)
📄 esxi.py(61.77 KB)
📄 esxvm.py(18.86 KB)
📄 etcd_mod.py(8.36 KB)
📄 ethtool.py(7.84 KB)
📄 event.py(2.48 KB)
📄 file.py(299.79 KB)
📄 firewall.py(1.33 KB)
📄 firewalld.py(26.08 KB)
📄 gem.py(7.13 KB)
📄 git.py(124.23 KB)
📄 github.py(27.25 KB)
📄 glance_image.py(2.26 KB)
📄 glassfish.py(21.47 KB)
📄 glusterfs.py(12.12 KB)
📄 gnomedesktop.py(7.47 KB)
📄 gpg.py(5.28 KB)
📄 grafana.py(12.11 KB)
📄 grafana4_dashboard.py(17.31 KB)
📄 grafana4_datasource.py(6.15 KB)
📄 grafana4_org.py(7.73 KB)
📄 grafana4_user.py(5.52 KB)
📄 grafana_dashboard.py(17.74 KB)
📄 grafana_datasource.py(5.31 KB)
📄 grains.py(15.57 KB)
📄 group.py(9.57 KB)
📄 heat.py(9.69 KB)
📄 helm.py(10.39 KB)
📄 hg.py(6.33 KB)
📄 highstate_doc.py(1.41 KB)
📄 host.py(8.64 KB)
📄 http.py(7.43 KB)
📄 icinga2.py(9.07 KB)
📄 idem.py(3.91 KB)
📄 ifttt.py(2.12 KB)
📄 incron.py(5.71 KB)
📄 influxdb08_database.py(2.85 KB)
📄 influxdb08_user.py(3.39 KB)
📄 influxdb_continuous_query.py(2.81 KB)
📄 influxdb_database.py(2.11 KB)
📄 influxdb_retention_policy.py(4.82 KB)
📄 influxdb_user.py(4.84 KB)
📄 infoblox_a.py(4.24 KB)
📄 infoblox_cname.py(4.19 KB)
📄 infoblox_host_record.py(6.59 KB)
📄 infoblox_range.py(6.85 KB)
📄 ini_manage.py(12.67 KB)
📄 ipmi.py(8.39 KB)
📄 ipset.py(9.66 KB)
📄 iptables.py(25.96 KB)
📄 jboss7.py(23.95 KB)
📄 jenkins.py(3.36 KB)
📄 junos.py(17.78 KB)
📄 kapacitor.py(6.46 KB)
📄 kernelpkg.py(6.42 KB)
📄 keyboard.py(2.01 KB)
📄 keystone.py(27.12 KB)
📄 keystone_domain.py(2.81 KB)
📄 keystone_endpoint.py(4.69 KB)
📄 keystone_group.py(3.25 KB)
📄 keystone_project.py(3.36 KB)
📄 keystone_role.py(2.33 KB)
📄 keystone_role_grant.py(4.08 KB)
📄 keystone_service.py(2.89 KB)
📄 keystone_user.py(3.47 KB)
📄 keystore.py(5.29 KB)
📄 kmod.py(8.38 KB)
📄 kubernetes.py(24.87 KB)
📄 layman.py(2.44 KB)
📄 ldap.py(19.78 KB)
📄 libcloud_dns.py(5.7 KB)
📄 libcloud_loadbalancer.py(5.66 KB)
📄 libcloud_storage.py(5.13 KB)
📄 linux_acl.py(24.43 KB)
📄 locale.py(2.52 KB)
📄 logadm.py(4.73 KB)
📄 logrotate.py(3.86 KB)
📄 loop.py(7.74 KB)
📄 lvm.py(13.33 KB)
📄 lvs_server.py(6.28 KB)
📄 lvs_service.py(4.38 KB)
📄 lxc.py(22.17 KB)
📄 lxd.py(7.88 KB)
📄 lxd_container.py(22.25 KB)
📄 lxd_image.py(10.59 KB)
📄 lxd_profile.py(7.11 KB)
📄 mac_assistive.py(1.59 KB)
📄 mac_keychain.py(5.59 KB)
📄 mac_xattr.py(3.15 KB)
📄 macdefaults.py(2.65 KB)
📄 macpackage.py(6.76 KB)
📄 makeconf.py(6.87 KB)
📄 marathon_app.py(4.45 KB)
📄 mdadm_raid.py(6.41 KB)
📄 memcached.py(3.95 KB)
📄 modjk.py(2.84 KB)
📄 modjk_worker.py(6.49 KB)
📄 module.py(17.99 KB)
📄 mongodb_database.py(1.65 KB)
📄 mongodb_user.py(6.26 KB)
📄 monit.py(2.68 KB)
📄 mount.py(49.55 KB)
📄 mssql_database.py(3 KB)
📄 mssql_login.py(3.64 KB)
📄 mssql_role.py(2.37 KB)
📄 mssql_user.py(3.51 KB)
📄 msteams.py(2.53 KB)
📄 mysql_database.py(6.05 KB)
📄 mysql_grants.py(8.49 KB)
📄 mysql_query.py(13.07 KB)
📄 mysql_user.py(9.51 KB)
📄 net_napalm_yang.py(9.15 KB)
📄 netacl.py(31.92 KB)
📄 netconfig.py(33.42 KB)
📄 netntp.py(12.48 KB)
📄 netsnmp.py(11.33 KB)
📄 netusers.py(16.1 KB)
📄 network.py(23.7 KB)
📄 neutron_network.py(3.96 KB)
📄 neutron_secgroup.py(4 KB)
📄 neutron_secgroup_rule.py(4.75 KB)
📄 neutron_subnet.py(4.29 KB)
📄 nexus.py(4.97 KB)
📄 nfs_export.py(4.92 KB)
📄 nftables.py(19.5 KB)
📄 npm.py(11.21 KB)
📄 ntp.py(2.12 KB)
📄 nxos.py(10.67 KB)
📄 nxos_upgrade.py(3.5 KB)
📄 openstack_config.py(3.26 KB)
📄 openvswitch_bridge.py(3.13 KB)
📄 openvswitch_port.py(17.25 KB)
📄 opsgenie.py(4.07 KB)
📄 pagerduty.py(1.89 KB)
📄 pagerduty_escalation_policy.py(5.42 KB)
📄 pagerduty_schedule.py(6.09 KB)
📄 pagerduty_service.py(3.93 KB)
📄 pagerduty_user.py(1.18 KB)
📄 panos.py(48.13 KB)
📄 pbm.py(20.46 KB)
📄 pcs.py(36.46 KB)
📄 pdbedit.py(3.48 KB)
📄 pecl.py(3.65 KB)
📄 pip_state.py(37.55 KB)
📄 pkg.py(127.05 KB)
📄 pkgbuild.py(11.37 KB)
📄 pkgng.py(685 B)
📄 pkgrepo.py(23.59 KB)
📄 portage_config.py(5.01 KB)
📄 ports.py(5.65 KB)
📄 postgres_cluster.py(4.19 KB)
📄 postgres_database.py(6.08 KB)
📄 postgres_extension.py(5.68 KB)
📄 postgres_group.py(8.52 KB)
📄 postgres_initdb.py(2.84 KB)
📄 postgres_language.py(3.94 KB)
📄 postgres_privileges.py(7.86 KB)
📄 postgres_schema.py(4.34 KB)
📄 postgres_tablespace.py(6.62 KB)
📄 postgres_user.py(9.49 KB)
📄 powerpath.py(2.34 KB)
📄 probes.py(15.06 KB)
📄 process.py(1.32 KB)
📄 proxy.py(4.94 KB)
📄 pushover.py(3.13 KB)
📄 pyenv.py(6.07 KB)
📄 pyrax_queues.py(2.97 KB)
📄 quota.py(1.4 KB)
📄 rabbitmq_cluster.py(1.84 KB)
📄 rabbitmq_plugin.py(2.77 KB)
📄 rabbitmq_policy.py(4.58 KB)
📄 rabbitmq_upstream.py(7.9 KB)
📄 rabbitmq_user.py(8.89 KB)
📄 rabbitmq_vhost.py(3.04 KB)
📄 rbac_solaris.py(6.67 KB)
📄 rbenv.py(7.36 KB)
📄 rdp.py(1.28 KB)
📄 redismod.py(4.76 KB)
📄 reg.py(19.22 KB)
📄 rsync.py(4.45 KB)
📄 rvm.py(6.56 KB)
📄 salt_proxy.py(1.34 KB)
📄 saltmod.py(30.88 KB)
📄 saltutil.py(8.91 KB)
📄 schedule.py(11.89 KB)
📄 selinux.py(18.61 KB)
📄 serverdensity_device.py(6.41 KB)
📄 service.py(37.06 KB)
📄 slack.py(4.98 KB)
📄 smartos.py(44.89 KB)
📄 smtp.py(2.3 KB)
📄 snapper.py(7.24 KB)
📄 solrcloud.py(4.48 KB)
📄 splunk.py(4.32 KB)
📄 splunk_search.py(3.17 KB)
📄 sqlite3.py(14.7 KB)
📄 ssh_auth.py(19.1 KB)
📄 ssh_known_hosts.py(7.87 KB)
📄 stateconf.py(494 B)
📄 status.py(2.21 KB)
📄 statuspage.py(17.29 KB)
📄 supervisord.py(10.48 KB)
📄 svn.py(8.14 KB)
📄 sysctl.py(3.82 KB)
📄 syslog_ng.py(2.97 KB)
📄 sysrc.py(2.82 KB)
📄 telemetry_alert.py(7.04 KB)
📄 test.py(13.09 KB)
📄 testinframod.py(1.35 KB)
📄 timezone.py(3.42 KB)
📄 tls.py(1.81 KB)
📄 tomcat.py(9.72 KB)
📄 trafficserver.py(8.82 KB)
📄 tuned.py(3.32 KB)
📄 uptime.py(1.87 KB)
📄 user.py(35.43 KB)
📄 vagrant.py(11.4 KB)
📄 vault.py(3.28 KB)
📄 vbox_guest.py(4.05 KB)
📄 victorops.py(3.32 KB)
📄 virt.py(80.06 KB)
📄 virtualenv_mod.py(11.21 KB)
📄 webutil.py(3.78 KB)
📄 win_certutil.py(2.88 KB)
📄 win_dacl.py(7.96 KB)
📄 win_dism.py(13.02 KB)
📄 win_dns_client.py(8.32 KB)
📄 win_firewall.py(6.87 KB)
📄 win_iis.py(31.56 KB)
📄 win_lgpo.py(25.41 KB)
📄 win_license.py(1.6 KB)
📄 win_network.py(14.18 KB)
📄 win_path.py(6.39 KB)
📄 win_pki.py(5.56 KB)
📄 win_powercfg.py(3.79 KB)
📄 win_servermanager.py(10.4 KB)
📄 win_smtp_server.py(10.01 KB)
📄 win_snmp.py(6.64 KB)
📄 win_system.py(13.78 KB)
📄 win_wua.py(14.47 KB)
📄 win_wusa.py(3.53 KB)
📄 winrepo.py(2.74 KB)
📄 wordpress.py(4.82 KB)
📄 x509.py(26.98 KB)
📄 xml.py(1.75 KB)
📄 xmpp.py(2.61 KB)
📄 zabbix_action.py(9.35 KB)
📄 zabbix_host.py(27.25 KB)
📄 zabbix_hostgroup.py(5.64 KB)
📄 zabbix_mediatype.py(16.89 KB)
📄 zabbix_template.py(35.14 KB)
📄 zabbix_user.py(15.76 KB)
📄 zabbix_usergroup.py(9.64 KB)
📄 zabbix_usermacro.py(9.69 KB)
📄 zabbix_valuemap.py(8.11 KB)
📄 zcbuildout.py(5.16 KB)
📄 zenoss.py(2.89 KB)
📄 zfs.py(34.27 KB)
📄 zk_concurrency.py(5.81 KB)
📄 zone.py(46.49 KB)
📄 zookeeper.py(11.53 KB)
📄 zpool.py(13.08 KB)

Editing: azurearm_resource.py

"""
Azure (ARM) Resource State Module

.. versionadded:: 2019.2.0

:maintainer: <devops@decisionlab.io>
:maturity: new
:depends:
    * `azure <https://pypi.python.org/pypi/azure>`_ >= 2.0.0
    * `azure-common <https://pypi.python.org/pypi/azure-common>`_ >= 1.1.8
    * `azure-mgmt <https://pypi.python.org/pypi/azure-mgmt>`_ >= 1.0.0
    * `azure-mgmt-compute <https://pypi.python.org/pypi/azure-mgmt-compute>`_ >= 1.0.0
    * `azure-mgmt-network <https://pypi.python.org/pypi/azure-mgmt-network>`_ >= 1.7.1
    * `azure-mgmt-resource <https://pypi.python.org/pypi/azure-mgmt-resource>`_ >= 1.1.0
    * `azure-mgmt-storage <https://pypi.python.org/pypi/azure-mgmt-storage>`_ >= 1.0.0
    * `azure-mgmt-web <https://pypi.python.org/pypi/azure-mgmt-web>`_ >= 0.32.0
    * `azure-storage <https://pypi.python.org/pypi/azure-storage>`_ >= 0.34.3
    * `msrestazure <https://pypi.python.org/pypi/msrestazure>`_ >= 0.4.21
:platform: linux

:configuration: This module requires Azure Resource Manager credentials to be passed as a dictionary of
    keyword arguments to the ``connection_auth`` parameter in order to work properly. Since the authentication
    parameters are sensitive, it's recommended to pass them to the states via pillar.

Required provider parameters:

if using username and password:
      * ``subscription_id``
      * ``username``
      * ``password``

if using a service principal:
      * ``subscription_id``
      * ``tenant``
      * ``client_id``
      * ``secret``

Optional provider parameters:

**cloud_environment**: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:
      * ``AZURE_PUBLIC_CLOUD`` (default)
      * ``AZURE_CHINA_CLOUD``
      * ``AZURE_US_GOV_CLOUD``
      * ``AZURE_GERMAN_CLOUD``

Example Pillar for Azure Resource Manager authentication:

.. code-block:: yaml

azurearm:
            user_pass_auth:
                subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
                username: fletch
                password: 123pass
            mysubscription:
                subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
                tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
                client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
                secret: XXXXXXXXXXXXXXXXXXXXXXXX
                cloud_environment: AZURE_PUBLIC_CLOUD

Example states using Azure Resource Manager authentication:

.. code-block:: jinja

{% set profile = salt['pillar.get']('azurearm:mysubscription') %}
        Ensure resource group exists:
            azurearm_resource.resource_group_present:
                - name: my_rg
                - location: westus
                - tags:
                    how_awesome: very
                    contact_name: Elmer Fudd Gantry
                - connection_auth: {{ profile }}

Ensure resource group is absent:
            azurearm_resource.resource_group_absent:
                - name: other_rg
                - connection_auth: {{ profile }}

"""

import json
import logging

import salt.utils.files

__virtualname__ = "azurearm_resource"

log = logging.getLogger(__name__)

def __virtual__():
    """
    Only make this state available if the azurearm_resource module is available.
    """
    if "azurearm_resource.resource_group_check_existence" in __salt__:
        return __virtualname__
    return (False, "azurearm_resource module could not be loaded")

def resource_group_present(
    name, location, managed_by=None, tags=None, connection_auth=None, **kwargs
):
    """
    .. versionadded:: 2019.2.0

Ensure a resource group exists.

:param name:
        Name of the resource group.

:param location:
        The Azure location in which to create the resource group. This value cannot be updated once
        the resource group is created.

:param managed_by:
        The ID of the resource that manages this resource group. This value cannot be updated once
        the resource group is created.

:param tags:
        A dictionary of strings can be passed as tag metadata to the resource group object.

:param connection_auth:
        A dict with subscription and authentication parameters to be used in connecting to the
        Azure Resource Manager API.

Example usage:

.. code-block:: yaml

Ensure resource group exists:
            azurearm_resource.resource_group_present:
                - name: group1
                - location: eastus
                - tags:
                    contact_name: Elmer Fudd Gantry
                - connection_auth: {{ profile }}

"""
    ret = {"name": name, "result": False, "comment": "", "changes": {}}

if not isinstance(connection_auth, dict):
        ret[
            "comment"
        ] = "Connection information must be specified via connection_auth dictionary!"
        return ret

group = {}

present = __salt__["azurearm_resource.resource_group_check_existence"](
        name, **connection_auth
    )

if present:
        group = __salt__["azurearm_resource.resource_group_get"](
            name, **connection_auth
        )
        ret["changes"] = __utils__["dictdiffer.deep_diff"](
            group.get("tags", {}), tags or {}
        )

if not ret["changes"]:
            ret["result"] = True
            ret["comment"] = "Resource group {} is already present.".format(name)
            return ret

if __opts__["test"]:
            ret["comment"] = "Resource group {} tags would be updated.".format(name)
            ret["result"] = None
            ret["changes"] = {"old": group.get("tags", {}), "new": tags}
            return ret

elif __opts__["test"]:
        ret["comment"] = "Resource group {} would be created.".format(name)
        ret["result"] = None
        ret["changes"] = {
            "old": {},
            "new": {
                "name": name,
                "location": location,
                "managed_by": managed_by,
                "tags": tags,
            },
        }
        return ret

group_kwargs = kwargs.copy()
    group_kwargs.update(connection_auth)

group = __salt__["azurearm_resource.resource_group_create_or_update"](
        name, location, managed_by=managed_by, tags=tags, **group_kwargs
    )
    present = __salt__["azurearm_resource.resource_group_check_existence"](
        name, **connection_auth
    )

if present:
        ret["result"] = True
        ret["comment"] = "Resource group {} has been created.".format(name)
        ret["changes"] = {"old": {}, "new": group}
        return ret

ret["comment"] = "Failed to create resource group {}! ({})".format(
        name, group.get("error")
    )
    return ret

def resource_group_absent(name, connection_auth=None):
    """
    .. versionadded:: 2019.2.0

Ensure a resource group does not exist in the current subscription.

:param name:
        Name of the resource group.

:param connection_auth:
        A dict with subscription and authentication parameters to be used in connecting to the
        Azure Resource Manager API.
    """
    ret = {"name": name, "result": False, "comment": "", "changes": {}}

if not isinstance(connection_auth, dict):
        ret[
            "comment"
        ] = "Connection information must be specified via connection_auth dictionary!"
        return ret

group = {}

present = __salt__["azurearm_resource.resource_group_check_existence"](
        name, **connection_auth
    )

if not present:
        ret["result"] = True
        ret["comment"] = "Resource group {} is already absent.".format(name)
        return ret

elif __opts__["test"]:
        group = __salt__["azurearm_resource.resource_group_get"](
            name, **connection_auth
        )

ret["comment"] = "Resource group {} would be deleted.".format(name)
        ret["result"] = None
        ret["changes"] = {
            "old": group,
            "new": {},
        }
        return ret

group = __salt__["azurearm_resource.resource_group_get"](name, **connection_auth)
    deleted = __salt__["azurearm_resource.resource_group_delete"](
        name, **connection_auth
    )

if deleted:
        present = False
    else:
        present = __salt__["azurearm_resource.resource_group_check_existence"](
            name, **connection_auth
        )

if not present:
        ret["result"] = True
        ret["comment"] = "Resource group {} has been deleted.".format(name)
        ret["changes"] = {"old": group, "new": {}}
        return ret

ret["comment"] = "Failed to delete resource group {}!".format(name)
    return ret

def policy_definition_present(
    name,
    policy_rule=None,
    policy_type=None,
    mode=None,
    display_name=None,
    description=None,
    metadata=None,
    parameters=None,
    policy_rule_json=None,
    policy_rule_file=None,
    template="jinja",
    source_hash=None,
    source_hash_name=None,
    skip_verify=False,
    connection_auth=None,
    **kwargs
):
    """
    .. versionadded:: 2019.2.0

Ensure a security policy definition exists.

:param name:
        Name of the policy definition.

:param policy_rule:
        A YAML dictionary defining the policy rule. See `Azure Policy Definition documentation
        <https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition#policy-rule>`_ for details on the
        structure. One of ``policy_rule``, ``policy_rule_json``, or ``policy_rule_file`` is required, in that order of
        precedence for use if multiple parameters are used.

:param policy_rule_json:
        A text field defining the entirety of a policy definition in JSON. See `Azure Policy Definition documentation
        <https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition#policy-rule>`_ for details on the
        structure. One of ``policy_rule``, ``policy_rule_json``, or ``policy_rule_file`` is required, in that order of
        precedence for use if multiple parameters are used. Note that the `name` field in the JSON will override the
        ``name`` parameter in the state.

:param policy_rule_file:
        The source of a JSON file defining the entirety of a policy definition. See `Azure Policy Definition
        documentation <https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition#policy-rule>`_ for
        details on the structure. One of ``policy_rule``, ``policy_rule_json``, or ``policy_rule_file`` is required,
        in that order of precedence for use if multiple parameters are used. Note that the `name` field in the JSON
        will override the ``name`` parameter in the state.

:param skip_verify:
        Used for the ``policy_rule_file`` parameter. If ``True``, hash verification of remote file sources
        (``http://``, ``https://``, ``ftp://``) will be skipped, and the ``source_hash`` argument will be ignored.

:param source_hash:
        This can be a source hash string or the URI of a file that contains source hash strings.

:param source_hash_name:
        When ``source_hash`` refers to a hash file, Salt will try to find the correct hash by matching the
        filename/URI associated with that hash.

:param policy_type:
        The type of policy definition. Possible values are NotSpecified, BuiltIn, and Custom. Only used with the
        ``policy_rule`` parameter.

:param mode:
        The policy definition mode. Possible values are NotSpecified, Indexed, and All. Only used with the
        ``policy_rule`` parameter.

:param display_name:
        The display name of the policy definition. Only used with the ``policy_rule`` parameter.

:param description:
        The policy definition description. Only used with the ``policy_rule`` parameter.

:param metadata:
        The policy definition metadata defined as a dictionary. Only used with the ``policy_rule`` parameter.

:param parameters:
        Required dictionary if a parameter is used in the policy rule. Only used with the ``policy_rule`` parameter.

:param connection_auth:
        A dict with subscription and authentication parameters to be used in connecting to the
        Azure Resource Manager API.

Example usage:

.. code-block:: yaml

Ensure policy definition exists:
            azurearm_resource.policy_definition_present:
                - name: testpolicy
                - display_name: Test Policy
                - description: Test policy for testing policies.
                - policy_rule:
                    if:
                      allOf:
                        - equals: Microsoft.Compute/virtualMachines/write
                          source: action
                        - field: location
                          in:
                            - eastus
                            - eastus2
                            - centralus
                    then:
                      effect: deny
                - connection_auth: {{ profile }}

"""
    ret = {"name": name, "result": False, "comment": "", "changes": {}}

if not isinstance(connection_auth, dict):
        ret[
            "comment"
        ] = "Connection information must be specified via connection_auth dictionary!"
        return ret

if not policy_rule and not policy_rule_json and not policy_rule_file:
        ret["comment"] = (
            'One of "policy_rule", "policy_rule_json", or "policy_rule_file" is'
            " required!"
        )
        return ret

if (
        sum(x is not None for x in [policy_rule, policy_rule_json, policy_rule_file])
        > 1
    ):
        ret["comment"] = (
            'Only one of "policy_rule", "policy_rule_json", or "policy_rule_file" is'
            " allowed!"
        )
        return ret

if (policy_rule_json or policy_rule_file) and (
        policy_type or mode or display_name or description or metadata or parameters
    ):
        ret["comment"] = (
            'Policy definitions cannot be passed when "policy_rule_json" or'
            ' "policy_rule_file" is defined!'
        )
        return ret

temp_rule = {}
    if policy_rule_json:
        try:
            temp_rule = json.loads(policy_rule_json)
        except Exception as exc:  # pylint: disable=broad-except
            ret["comment"] = "Unable to load policy rule json! ({})".format(exc)
            return ret
    elif policy_rule_file:
        try:
            # pylint: disable=unused-variable
            sfn, source_sum, comment_ = __salt__["file.get_managed"](
                None,
                template,
                policy_rule_file,
                source_hash,
                source_hash_name,
                None,
                None,
                None,
                __env__,
                None,
                None,
                skip_verify=skip_verify,
                **kwargs
            )
        except Exception as exc:  # pylint: disable=broad-except
            ret["comment"] = 'Unable to locate policy rule file "{}"! ({})'.format(
                policy_rule_file, exc
            )
            return ret

if not sfn:
            ret["comment"] = 'Unable to locate policy rule file "{}"!)'.format(
                policy_rule_file
            )
            return ret

try:
            with salt.utils.files.fopen(sfn, "r") as prf:
                temp_rule = json.load(prf)
        except Exception as exc:  # pylint: disable=broad-except
            ret["comment"] = 'Unable to load policy rule file "{}"! ({})'.format(
                policy_rule_file, exc
            )
            return ret

if sfn:
            salt.utils.files.remove(sfn)

policy_name = name
    if policy_rule_json or policy_rule_file:
        if temp_rule.get("name"):
            policy_name = temp_rule.get("name")
        policy_rule = temp_rule.get("properties", {}).get("policyRule")
        policy_type = temp_rule.get("properties", {}).get("policyType")
        mode = temp_rule.get("properties", {}).get("mode")
        display_name = temp_rule.get("properties", {}).get("displayName")
        description = temp_rule.get("properties", {}).get("description")
        metadata = temp_rule.get("properties", {}).get("metadata")
        parameters = temp_rule.get("properties", {}).get("parameters")

policy = __salt__["azurearm_resource.policy_definition_get"](
        name, azurearm_log_level="info", **connection_auth
    )

if "error" not in policy:
        if policy_type and policy_type.lower() != policy.get("policy_type", "").lower():
            ret["changes"]["policy_type"] = {
                "old": policy.get("policy_type"),
                "new": policy_type,
            }

if (mode or "").lower() != policy.get("mode", "").lower():
            ret["changes"]["mode"] = {"old": policy.get("mode"), "new": mode}

if (display_name or "").lower() != policy.get("display_name", "").lower():
            ret["changes"]["display_name"] = {
                "old": policy.get("display_name"),
                "new": display_name,
            }

if (description or "").lower() != policy.get("description", "").lower():
            ret["changes"]["description"] = {
                "old": policy.get("description"),
                "new": description,
            }

rule_changes = __utils__["dictdiffer.deep_diff"](
            policy.get("policy_rule", {}), policy_rule or {}
        )
        if rule_changes:
            ret["changes"]["policy_rule"] = rule_changes

meta_changes = __utils__["dictdiffer.deep_diff"](
            policy.get("metadata", {}), metadata or {}
        )
        if meta_changes:
            ret["changes"]["metadata"] = meta_changes

param_changes = __utils__["dictdiffer.deep_diff"](
            policy.get("parameters", {}), parameters or {}
        )
        if param_changes:
            ret["changes"]["parameters"] = param_changes

if not ret["changes"]:
            ret["result"] = True
            ret["comment"] = "Policy definition {} is already present.".format(name)
            return ret

if __opts__["test"]:
            ret["comment"] = "Policy definition {} would be updated.".format(name)
            ret["result"] = None
            return ret

else:
        ret["changes"] = {
            "old": {},
            "new": {
                "name": policy_name,
                "policy_type": policy_type,
                "mode": mode,
                "display_name": display_name,
                "description": description,
                "metadata": metadata,
                "parameters": parameters,
                "policy_rule": policy_rule,
            },
        }

if __opts__["test"]:
        ret["comment"] = "Policy definition {} would be created.".format(name)
        ret["result"] = None
        return ret

# Convert OrderedDict to dict
    if isinstance(metadata, dict):
        metadata = json.loads(json.dumps(metadata))
    if isinstance(parameters, dict):
        parameters = json.loads(json.dumps(parameters))

policy_kwargs = kwargs.copy()
    policy_kwargs.update(connection_auth)

policy = __salt__["azurearm_resource.policy_definition_create_or_update"](
        name=policy_name,
        policy_rule=policy_rule,
        policy_type=policy_type,
        mode=mode,
        display_name=display_name,
        description=description,
        metadata=metadata,
        parameters=parameters,
        **policy_kwargs
    )

if "error" not in policy:
        ret["result"] = True
        ret["comment"] = "Policy definition {} has been created.".format(name)
        return ret

ret["comment"] = "Failed to create policy definition {}! ({})".format(
        name, policy.get("error")
    )
    return ret

def policy_definition_absent(name, connection_auth=None):
    """
    .. versionadded:: 2019.2.0

Ensure a policy definition does not exist in the current subscription.

:param name:
        Name of the policy definition.

if not isinstance(connection_auth, dict):
        ret[
            "comment"
        ] = "Connection information must be specified via connection_auth dictionary!"
        return ret

policy = __salt__["azurearm_resource.policy_definition_get"](
        name, azurearm_log_level="info", **connection_auth
    )

if "error" in policy:
        ret["result"] = True
        ret["comment"] = "Policy definition {} is already absent.".format(name)
        return ret

elif __opts__["test"]:
        ret["comment"] = "Policy definition {} would be deleted.".format(name)
        ret["result"] = None
        ret["changes"] = {
            "old": policy,
            "new": {},
        }
        return ret

deleted = __salt__["azurearm_resource.policy_definition_delete"](
        name, **connection_auth
    )

if deleted:
        ret["result"] = True
        ret["comment"] = "Policy definition {} has been deleted.".format(name)
        ret["changes"] = {"old": policy, "new": {}}
        return ret

ret["comment"] = "Failed to delete policy definition {}!".format(name)
    return ret

def policy_assignment_present(
    name,
    scope,
    definition_name,
    display_name=None,
    description=None,
    assignment_type=None,
    parameters=None,
    connection_auth=None,
    **kwargs
):
    """
    .. versionadded:: 2019.2.0

Ensure a security policy assignment exists.

:param name:
        Name of the policy assignment.

:param scope:
        The scope of the policy assignment.

:param definition_name:
        The name of the policy definition to assign.

:param display_name:
        The display name of the policy assignment.

:param description:
        The policy assignment description.

:param assignment_type:
        The type of policy assignment.

:param parameters:
        Required dictionary if a parameter is used in the policy rule.

:param connection_auth:
        A dict with subscription and authentication parameters to be used in connecting to the
        Azure Resource Manager API.

Example usage:

.. code-block:: yaml

Ensure policy assignment exists:
            azurearm_resource.policy_assignment_present:
                - name: testassign
                - scope: /subscriptions/bc75htn-a0fhsi-349b-56gh-4fghti-f84852
                - definition_name: testpolicy
                - display_name: Test Assignment
                - description: Test assignment for testing assignments.
                - connection_auth: {{ profile }}

"""
    ret = {"name": name, "result": False, "comment": "", "changes": {}}

if not isinstance(connection_auth, dict):
        ret[
            "comment"
        ] = "Connection information must be specified via connection_auth dictionary!"
        return ret

policy = __salt__["azurearm_resource.policy_assignment_get"](
        name, scope, azurearm_log_level="info", **connection_auth
    )

if "error" not in policy:
        if (
            assignment_type
            and assignment_type.lower() != policy.get("type", "").lower()
        ):
            ret["changes"]["type"] = {"old": policy.get("type"), "new": assignment_type}

if scope.lower() != policy["scope"].lower():
            ret["changes"]["scope"] = {"old": policy["scope"], "new": scope}

pa_name = policy["policy_definition_id"].split("/")[-1]
        if definition_name.lower() != pa_name.lower():
            ret["changes"]["definition_name"] = {"old": pa_name, "new": definition_name}

if not ret["changes"]:
            ret["result"] = True
            ret["comment"] = "Policy assignment {} is already present.".format(name)
            return ret

if __opts__["test"]:
            ret["comment"] = "Policy assignment {} would be updated.".format(name)
            ret["result"] = None
            return ret

else:
        ret["changes"] = {
            "old": {},
            "new": {
                "name": name,
                "scope": scope,
                "definition_name": definition_name,
                "type": assignment_type,
                "display_name": display_name,
                "description": description,
                "parameters": parameters,
            },
        }

if __opts__["test"]:
        ret["comment"] = "Policy assignment {} would be created.".format(name)
        ret["result"] = None
        return ret

if isinstance(parameters, dict):
        parameters = json.loads(json.dumps(parameters))

policy_kwargs = kwargs.copy()
    policy_kwargs.update(connection_auth)
    policy = __salt__["azurearm_resource.policy_assignment_create"](
        name=name,
        scope=scope,
        definition_name=definition_name,
        type=assignment_type,
        display_name=display_name,
        description=description,
        parameters=parameters,
        **policy_kwargs
    )

if "error" not in policy:
        ret["result"] = True
        ret["comment"] = "Policy assignment {} has been created.".format(name)
        return ret

ret["comment"] = "Failed to create policy assignment {}! ({})".format(
        name, policy.get("error")
    )
    return ret

def policy_assignment_absent(name, scope, connection_auth=None):
    """
    .. versionadded:: 2019.2.0

Ensure a policy assignment does not exist in the provided scope.

:param name:
        Name of the policy assignment.

:param scope:
        The scope of the policy assignment.

connection_auth
        A dict with subscription and authentication parameters to be used in connecting to the
        Azure Resource Manager API.
    """
    ret = {"name": name, "result": False, "comment": "", "changes": {}}

if not isinstance(connection_auth, dict):
        ret[
            "comment"
        ] = "Connection information must be specified via connection_auth dictionary!"
        return ret

policy = __salt__["azurearm_resource.policy_assignment_get"](
        name, scope, azurearm_log_level="info", **connection_auth
    )

if "error" in policy:
        ret["result"] = True
        ret["comment"] = "Policy assignment {} is already absent.".format(name)
        return ret

elif __opts__["test"]:
        ret["comment"] = "Policy assignment {} would be deleted.".format(name)
        ret["result"] = None
        ret["changes"] = {
            "old": policy,
            "new": {},
        }
        return ret

deleted = __salt__["azurearm_resource.policy_assignment_delete"](
        name, scope, **connection_auth
    )

if deleted:
        ret["result"] = True
        ret["comment"] = "Policy assignment {} has been deleted.".format(name)
        ret["changes"] = {"old": policy, "new": {}}
        return ret

ret["comment"] = "Failed to delete policy assignment {}!".format(name)
    return ret

003 File Manager

Editing: azurearm_resource.py

Upload File

Create Folder