While both the azure.azcollection
and community.azure
Ansible collections have a number of modules, many Azure endpoints are not addressed directly in Ansible. In these scenarios, you have two options: wrap the az
CLI or work directly with the Azure SDK. The latter is preferred, but to do so via Ansible takes a bit of understanding.
The modules azure.azcollection.azure_rm_resource
and azure.azcollection.azure_rm_resource_info
interact with adhoc Azure SDK endpoints. These modules takes care of authentication and endpoint exchange. To use the modules, check out the documentation for the appropriate Azure REST API endpoint and then assign the module parameters accordingly.
For example, to create or update a Managed Identity:
- name: Request creation of an Azure Managed Identity
azure.azcollection.azure_rm_resource:
resource_group: example-rg
provider: ManagedIdentity
resource_type: userAssignedIdentities
resource_name: example-audit-identity
idempotency: yes
state: present
body:
location: eastus
This task interacts with the Managed Identity API for User Assigned Identities. It is equivalent to the CLI call
az identity create -g example-rg -n example-audit-identity
and the REST URL https://management.azure.com/subscriptions/{subscription ID from authentication token}/resourceGroups/example-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/example-audit-identity
.
For nested or child resources, you need to add subresources
to the module. For example:
- name: Get Azure NetApp NFS volume details
azure.azcollection.azure_rm_resource_info:
resource_group: example-rg
provider: NetApp
resource_type: netAppAccounts
resource_name: example-netapp-acct-name
subresource:
- type: capacityPools
name: example-netapp-pool-name
- type: volumes
name: example-netapp-volume-name
This task works with the Azure NetApp Files Volumes API and is equivalent to the CLI call:
az netappfiles volume show -g example-rg --account-name example-netapp-acct-name --pool-name example-netapp-pool-name --name example-netapp-volume-name
and the REST URL https://management.azure.com/subscriptions/{subscription ID from authentication token}/resourceGroups/example-rg/providers/Microsoft.NetApp/netAppAccounts/example-netapp-acct-name/capacityPools/example-netapp-pool-name/volumes/example-netapp-volume-name
.
Under the hood, these modules use the Azure SDK for Python msrestazure.tools
library. If you want to deconstruct a given endpoint URL, you can use the parse_resource_id()
function:
>>> from msrestazure.tools import parse_resource_id
>>> parse_resource_id("/subscriptions/{subscription ID from authentication token}/resourceGroups/example-rg/providers/Microsoft.NetApp/netAppAccounts/example-netapp-acct-name/capacityPools/example-netapp-pool-name/volumes/example-netapp-volume-name")
{'subscription': '{subscription ID from authentication token}', 'resource_group': 'example-rg', 'namespace': 'Microsoft.NetApp', 'type': 'netAppAccounts', 'name': 'example-netapp-acct-name', 'children': '/capacityPools/example-netapp-pool-name/volumes/example-netapp-volume-name', 'child_type_1': 'capacityPools', 'child_name_1': 'example-netapp-pool-name', 'child_type_2': 'volumes', 'child_name_2': 'example-netapp-volume-name', 'last_child_num': 2, 'child_parent_1': 'netAppAccounts/example-netapp-acct-name/', 'child_parent_2': 'netAppAccounts/example-netapp-acct-name/capacityPools/example-netapp-pool-name/', 'resource_parent': 'netAppAccounts/example-netapp-acct-name/capacityPools/example-netapp-pool-name/', 'resource_namespace': 'Microsoft.NetApp', 'resource_type': 'volumes', 'resource_name': 'example-netapp-volume-name'}