firewall_policies#

States module for managing Firewall Policy.

async idem_azure.states.azure.network.firewall_policies.present(hub, ctx, name: str, location: str, resource_group_name: str, firewall_policy_name: str, subscription_id: str = None, tags: Dict = None, base_policy_id: str = None, threat_intelligence_allow_list: threatIntelligenceAllowList = None, dns_settings: dnsSettings = None, sku: sku = None, intrusion_detection: intrusionDetection = None, threat_intelligence_mode: str = None, resource_id: str = None) Dict[source]#

Create or update Firewall Policy.

Parameters:

  • name (str) – The identifier for this state.

  • location (str) – Resource location. Changing this forces a new resource to be created.

  • resource_group_name (str) – The name of the resource group.

  • subscription_id (str, Optional) – Subscription Unique id.

  • resource_id (str, Optional) – Firewall Policy resource id on Azure

  • tags (dict[str, str], Optional) – Resource tags.

  • firewall_policy_name (str) – The name of the firewall policy.

  • base_policy_id (str, Optional) – The ID of the base Firewall Policy.

  • threat_intelligence_allow_list (dict[str, Any], Optional) –

    Specifies threat_intelligence_allowlist while creating the Firewall policy.

    • fqdns(list[str]):

      A list of FQDNs that will be skipped for threat detection.

    • ip_addresses(list[str]):

      A list of IP addresses or CIDR ranges that will be skipped for threat detection.

  • dns_settings (dict[str, Any], Optional) –

    Specifies dns setting while creating the Firewall policy.

    • proxy_enabled(bool):

      Whether to enable DNS proxy on Firewalls attached to this Firewall Policy.

    • servers(list[str]):

      A list of custom DNS servers’ IP addresses.

  • sku (dict[str, Any], Optional) –

    The SKU Tier of the Firewall Policy.

    • tier(str):

      Possible values are Standard, Premium and Basic. Changing this forces a new Firewall Policy to be created.

  • intrusion_detection (dict[str, Any], Optional) –

    A intrusion_detection block for Firewall policy.

    • mode(str):

      In which mode you want to run intrusion detection: Off, Alert or Deny.

  • threat_intelligence_mode (str, Optional) – The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.

Returns:

Dict

Examples

resource_is_present:
  azure.network.firewall_policies.present:
    - name: my_fp
    - subscription_id: my_sub_id
    - resource_group_name: my_rg-1
    - firewall_policy_name: my-fp
    - location: eastus
    - tags:
        key: value
    - sku:
        tier: Premium
    - base_policy_id: my_base_pol_id
    - threat_intelligence_allow_list:
        ip_addresses:
          - my_ip_address
        fqdns:
          - "*"
    - intrusion_detection:
        mode: Alert
    - threat_intelligence_mode: Alert
    - dns_settings:
        proxy_enabled: true
        servers:
          - my_server
async idem_azure.states.azure.network.firewall_policies.absent(hub, ctx, name: str, resource_group_name: str, firewall_policy_name: str, subscription_id: str = None) dict[source]#

Delete a firewall policy.

Parameters:

  • name (str) – The identifier for this state.

  • resource_group_name (str) – The name of the resource group.

  • firewall_policy_name (str) – The name of the firewall policy.

  • subscription_id (str, Optional) – Subscription Unique id.

Returns:

Dict

Examples

resource_is_absent:
  azure.network.firewall_policies.absent:
    - name: my-fp
    - subscription_id: my-subscription
    - resource_group_name: my-resource-group
    - firewall_policy_name: my-fp
async idem_azure.states.azure.network.firewall_policies.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function.

Lists all firewall policy under the same subscription.

Returns:

Dict[str, Any]

Examples

$ idem describe azure.network.firewall_policies