vault#

States module for managing Key Vault.

async idem_azure.states.azure.key_vault.vault.present(hub, ctx, name: str, location: str, resource_group_name: str, vault_name: str, sku: sku = None, tenant_id: str = None, soft_delete_retention_days: int = None, subscription_id: str = None, resource_id: str = None, tags: Dict = None, enabled_for_deployment: bool = None, enabled_for_disk_encryption: bool = None, enabled_for_template_deployment: bool = None, enable_rbac_authorization: bool = None, public_network_access_enabled: str = None, purge_protection_enabled: bool = None, access_policies: List[accessPolicies] = None, network_acls: networkAcls = None) Dict[source]#

Create or update key vault.

Parameters:

  • name (str) – The identifier for this state.

  • location (str) – Resource location. Changing this forces a new resource to be created.

  • resource_group_name (str) – The name of the resource group.

  • vault_name (str) – The name of the key vault.

  • subscription_id (str, Optional) – Subscription Unique id.

  • resource_id (str, Optional) – Key vault resource id on Azure

  • sku (Dict, Optional) – The SKU of the key vault.

  • tags (Dict, Optional) – Resource tags.

  • tenant_id (str, Optional) – Tenant id of azure account.

  • enabled_for_deployment (bool, Optional) – Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

  • enabled_for_disk_encryption (bool, Optional) – Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

  • enabled_for_template_deployment (bool, Optional) – Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

  • enable_rbac_authorization (bool, Optional) – Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions.

  • public_network_access_enabled (str, Optional) – Whether public network access is allowed for this Key Vault. Defaults to true

  • soft_delete_retention_days (int, Optional) – The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 (the default) days.

  • purge_protection_enabled (bool, Optional) – Is Purge Protection enabled for this Key Vault?

  • access_policies (List[Dict[str, Any]], Optional) – Key vault access policies.

  • network_acls (Dict[str, Any], Optional) – Key vault Network Acl.

Returns:

Dict

Examples

resource_is_present:
   test-azure-key-vault:
      azure.key_vault.vault.present:
          - name: test-key-vault
          - vault_name: test-key-vault
          - resource_group_name: azure-resource-group
          - location: eastus
          - sku:
              family: A
              name: Premium
          - soft_delete_retention_days: 8
          - tags:
              test: test-Ashu
          - enabled_for_deployment: false
          - enabled_for_disk_encryption: true
          - enabled_for_template_deployment: true
          - enable_rbac_authorization: true
          - public_network_access_enabled: Enabled
          - purge_protection_enabled: true
          - access_policies:
              - object_id: 00000000-0000-0000-0000-000000000000
                certificate_permissions:
                  - Get
                  - List
                  - Update
                  - Create
                  - Import
                  - Delete
                  - Recover
                  - Backup
                  - Restore
                  - ManageContacts
                  - ManageIssuers
                  - GetIssuers
                  - ListIssuers
                  - SetIssuers
                  - DeleteIssuers
                key_permissions:
                  - Get
                  - List
                  - Update
                  - Create
                  - Import
                  - Delete
                  - Recover
                  - Backup
                  - Restore
                  - GetRotationPolicy
                  - SetRotationPolicy
                  - Rotate
                secret_permissions:
                  - Get
                  - List
                  - Set
                  - Delete
                  - Recover
                  - Backup
                  - Restore
                tenant_id: 00000000-0000-0000-0000-000000000000
          - network_acls:
              bypass: AzureServices
              default_action: Deny
              ip_rules: []
              virtual_network_subnet_ids: []
async idem_azure.states.azure.key_vault.vault.absent(hub, ctx, name: str, resource_group_name: str, vault_name: str, subscription_id: str = None) dict[source]#

Delete a key vault.

Parameters:

  • name (str) – The identifier for this state.

  • resource_group_name (str) – The name of the resource group.

  • vault_name (str) – The name of the key vault.

  • subscription_id (str, Optional) – Subscription Unique id.

Returns:

Dict

Examples

resource_is_absent:
  azure.key_vault.vault.absent:
    - name: my-kv
    - subscription_id: my-subscription
    - resource_group_name: my-resource-group
    - vault_name: my-fp
async idem_azure.states.azure.key_vault.vault.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function.

Lists all key vault under the same subscription.

Returns:

Dict[str, Any]

Examples

$ idem describe azure.key_vault.vault