While both the azure.azcollection and community.azure Ansible collections have a number of modules, many Azure endpoints are not addressed directly in Ansible. In these scenarios, you have two options: wrap the az CLI or work directly with the Azure SDK. The latter is preferred, but to do so via Ansible takes a bit of understanding.
The modules azure.azcollection.azure_rm_resource and azure.azcollection.azure_rm_resource_info interact with adhoc Azure SDK endpoints. These modules takes care of authentication and endpoint exchange. To use the modules, check out the documentation for the appropriate Azure REST API endpoint and then assign the module parameters accordingly.
For example, to create or update a Managed Identity:
- name: Request creation of an Azure Managed Identity
azure.azcollection.azure_rm_resource:
resource_group: example-rg
provider: ManagedIdentity
resource_type: userAssignedIdentities
resource_name: example-audit-identity
idempotency: yes
state: present
body:
location: eastusThis task interacts with the Managed Identity API for User Assigned Identities. It is equivalent to the CLI call
az identity create -g example-rg -n example-audit-identityand the REST URL https://management.azure.com/subscriptions/{subscription ID from authentication token}/resourceGroups/example-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/example-audit-identity.
For nested or child resources, you need to add subresources to the module. For example:
- name: Get Azure NetApp NFS volume details
azure.azcollection.azure_rm_resource_info:
resource_group: example-rg
provider: NetApp
resource_type: netAppAccounts
resource_name: example-netapp-acct-name
subresource:
- type: capacityPools
name: example-netapp-pool-name
- type: volumes
name: example-netapp-volume-nameThis task works with the Azure NetApp Files Volumes API and is equivalent to the CLI call:
az netappfiles volume show -g example-rg --account-name example-netapp-acct-name --pool-name example-netapp-pool-name --name example-netapp-volume-nameand the REST URL https://management.azure.com/subscriptions/{subscription ID from authentication token}/resourceGroups/example-rg/providers/Microsoft.NetApp/netAppAccounts/example-netapp-acct-name/capacityPools/example-netapp-pool-name/volumes/example-netapp-volume-name.
Under the hood, these modules use the Azure SDK for Python msrestazure.tools library. If you want to deconstruct a given endpoint URL, you can use the parse_resource_id() function:
>>> from msrestazure.tools import parse_resource_id
>>> parse_resource_id("/subscriptions/{subscription ID from authentication token}/resourceGroups/example-rg/providers/Microsoft.NetApp/netAppAccounts/example-netapp-acct-name/capacityPools/example-netapp-pool-name/volumes/example-netapp-volume-name")
{'subscription': '{subscription ID from authentication token}', 'resource_group': 'example-rg', 'namespace': 'Microsoft.NetApp', 'type': 'netAppAccounts', 'name': 'example-netapp-acct-name', 'children': '/capacityPools/example-netapp-pool-name/volumes/example-netapp-volume-name', 'child_type_1': 'capacityPools', 'child_name_1': 'example-netapp-pool-name', 'child_type_2': 'volumes', 'child_name_2': 'example-netapp-volume-name', 'last_child_num': 2, 'child_parent_1': 'netAppAccounts/example-netapp-acct-name/', 'child_parent_2': 'netAppAccounts/example-netapp-acct-name/capacityPools/example-netapp-pool-name/', 'resource_parent': 'netAppAccounts/example-netapp-acct-name/capacityPools/example-netapp-pool-name/', 'resource_namespace': 'Microsoft.NetApp', 'resource_type': 'volumes', 'resource_name': 'example-netapp-volume-name'}