mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[new module] azure_rm_keyvault (#35150)
* updates to azure_rm_keyvault * updates to azure_rm_keyvault * updates to azure_rm_keyvault * updates to azure_rm_keyvault * updates to azure_rm_keyvault * updates to azure_rm_keyvault * updates to azure_rm_keyvault * updates to azure_rm_keyvault * updates to azure_rm_keyvault * updates to azure_rm_keyvault * updates to azure_rm_keyvault * updates to azure_rm_keyvault * updates to azure_rm_keyvault * fix update bugs, add update test
This commit is contained in:
parent
cee5d420de
commit
86c62e228d
4 changed files with 621 additions and 0 deletions
493
lib/ansible/modules/cloud/azure/azure_rm_keyvault.py
Normal file
493
lib/ansible/modules/cloud/azure/azure_rm_keyvault.py
Normal file
|
@ -0,0 +1,493 @@
|
|||
#!/usr/bin/python
|
||||
#
|
||||
# Copyright (c) 2017 Zim Kalinowski, <zikalino@microsoft.com>
|
||||
#
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
module: azure_rm_keyvault
|
||||
version_added: "2.5"
|
||||
short_description: Manage Key Vault instance.
|
||||
description:
|
||||
- Create, update and delete instance of Key Vault.
|
||||
|
||||
options:
|
||||
resource_group:
|
||||
description:
|
||||
- The name of the Resource Group to which the server belongs.
|
||||
required: True
|
||||
vault_name:
|
||||
description:
|
||||
- Name of the vault
|
||||
required: True
|
||||
location:
|
||||
description:
|
||||
- Resource location. If not set, location from the resource group will be used as default.
|
||||
vault_tenant:
|
||||
description:
|
||||
- The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
|
||||
sku:
|
||||
description:
|
||||
- SKU details
|
||||
suboptions:
|
||||
family:
|
||||
description:
|
||||
- SKU family name
|
||||
required: True
|
||||
name:
|
||||
description:
|
||||
- SKU name to specify whether the key vault is a standard vault or a premium vault.
|
||||
required: True
|
||||
choices:
|
||||
- 'standard'
|
||||
- 'premium'
|
||||
access_policies:
|
||||
description:
|
||||
- "An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's
|
||||
tenant ID."
|
||||
suboptions:
|
||||
tenant_id:
|
||||
description:
|
||||
- The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
|
||||
- Current keyvault C(tenant_id) value will be used if not specified.
|
||||
object_id:
|
||||
description:
|
||||
- "The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be
|
||||
unique for the list of access policies."
|
||||
- Please note this is not application id. Object id can be obtained by running "az ad show sp --id <application id>".
|
||||
required: True
|
||||
application_id:
|
||||
description:
|
||||
- Application ID of the client making request on behalf of a principal
|
||||
keys:
|
||||
description:
|
||||
- List of permissions to keys
|
||||
choices:
|
||||
- 'encrypt'
|
||||
- 'decrypt'
|
||||
- 'wrapkey'
|
||||
- 'unwrapkey'
|
||||
- 'sign'
|
||||
- 'verify'
|
||||
- 'get'
|
||||
- 'list'
|
||||
- 'create'
|
||||
- 'update'
|
||||
- 'import'
|
||||
- 'delete'
|
||||
- 'backup'
|
||||
- 'restore'
|
||||
- 'recover'
|
||||
- 'purge'
|
||||
secrets:
|
||||
description:
|
||||
- List of permissions to secrets
|
||||
choices:
|
||||
- 'get'
|
||||
- 'list'
|
||||
- 'set'
|
||||
- 'delete'
|
||||
- 'backup'
|
||||
- 'restore'
|
||||
- 'recover'
|
||||
- 'purge'
|
||||
certificates:
|
||||
description:
|
||||
- List of permissions to certificates
|
||||
choices:
|
||||
- 'get'
|
||||
- 'list'
|
||||
- 'delete'
|
||||
- 'create'
|
||||
- 'import'
|
||||
- 'update'
|
||||
- 'managecontacts'
|
||||
- 'getissuers'
|
||||
- 'listissuers'
|
||||
- 'setissuers'
|
||||
- 'deleteissuers'
|
||||
- 'manageissuers'
|
||||
- 'recover'
|
||||
- 'purge'
|
||||
storage:
|
||||
description:
|
||||
- List of permissions to storage accounts
|
||||
enabled_for_deployment:
|
||||
description:
|
||||
- Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
|
||||
type: bool
|
||||
enabled_for_disk_encryption:
|
||||
description:
|
||||
- Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
|
||||
type: bool
|
||||
enabled_for_template_deployment:
|
||||
description:
|
||||
- Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
|
||||
type: bool
|
||||
enable_soft_delete:
|
||||
description:
|
||||
- Property to specify whether the soft delete functionality is enabled for this key vault.
|
||||
type: bool
|
||||
recover_mode:
|
||||
description:
|
||||
- Create vault in recovery mode.
|
||||
type: bool
|
||||
state:
|
||||
description:
|
||||
- Assert the state of the KeyVault. Use 'present' to create or update an KeyVault and 'absent' to delete it.
|
||||
default: present
|
||||
choices:
|
||||
- absent
|
||||
- present
|
||||
|
||||
extends_documentation_fragment:
|
||||
- azure
|
||||
|
||||
author:
|
||||
- "Zim Kalinowski (@zikalino)"
|
||||
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
- name: Create instance of Key Vault
|
||||
azure_rm_keyvault:
|
||||
resource_group: myresourcegroup
|
||||
vault_name: samplekeyvault
|
||||
enabled_for_deployment: yes
|
||||
vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111
|
||||
sku:
|
||||
name: standard
|
||||
access_policies:
|
||||
- tenant_id: 72f98888-8666-4144-9199-2d7cd0111111
|
||||
object_id: 99998888-8666-4144-9199-2d7cd0111111
|
||||
keys:
|
||||
- get
|
||||
- list
|
||||
'''
|
||||
|
||||
RETURN = '''
|
||||
id:
|
||||
description:
|
||||
- The Azure Resource Manager resource ID for the key vault.
|
||||
returned: always
|
||||
type: str
|
||||
sample: id
|
||||
'''
|
||||
|
||||
import collections
|
||||
import time
|
||||
from ansible.module_utils.azure_rm_common import AzureRMModuleBase
|
||||
|
||||
try:
|
||||
from msrestazure.azure_exceptions import CloudError
|
||||
from msrestazure.azure_operation import AzureOperationPoller
|
||||
from azure.mgmt.keyvault import KeyVaultManagementClient
|
||||
from msrest.serialization import Model
|
||||
except ImportError:
|
||||
# This is handled in azure_rm_common
|
||||
pass
|
||||
|
||||
|
||||
class Actions:
|
||||
NoAction, Create, Update, Delete = range(4)
|
||||
|
||||
|
||||
class AzureRMVaults(AzureRMModuleBase):
|
||||
"""Configuration class for an Azure RM Key Vault resource"""
|
||||
|
||||
def __init__(self):
|
||||
self.module_arg_spec = dict(
|
||||
resource_group=dict(
|
||||
type='str',
|
||||
required=True
|
||||
),
|
||||
vault_name=dict(
|
||||
type='str',
|
||||
required=True
|
||||
),
|
||||
location=dict(
|
||||
type='str'
|
||||
),
|
||||
vault_tenant=dict(
|
||||
type='str'
|
||||
),
|
||||
sku=dict(
|
||||
type='dict'
|
||||
),
|
||||
access_policies=dict(
|
||||
type='list',
|
||||
elements='dict',
|
||||
options=dict(
|
||||
tenant_id=dict(type='str'),
|
||||
object_id=dict(type='str', required=True),
|
||||
application_id=dict(type='str'),
|
||||
# FUTURE: add `choices` support once choices supports lists of values
|
||||
keys=dict(type='list'),
|
||||
secrets=dict(type='list'),
|
||||
certificates=dict(type='list'),
|
||||
storage=dict(type='list')
|
||||
)
|
||||
),
|
||||
enabled_for_deployment=dict(
|
||||
type='bool'
|
||||
),
|
||||
enabled_for_disk_encryption=dict(
|
||||
type='bool'
|
||||
),
|
||||
enabled_for_template_deployment=dict(
|
||||
type='bool'
|
||||
),
|
||||
enable_soft_delete=dict(
|
||||
type='bool'
|
||||
),
|
||||
recover_mode=dict(
|
||||
type='bool'
|
||||
),
|
||||
state=dict(
|
||||
type='str',
|
||||
default='present',
|
||||
choices=['present', 'absent']
|
||||
)
|
||||
)
|
||||
|
||||
self.module_required_if = [['state', 'present', ['vault_tenant']]]
|
||||
|
||||
self.resource_group = None
|
||||
self.vault_name = None
|
||||
self.parameters = dict()
|
||||
|
||||
self.results = dict(changed=False)
|
||||
self.mgmt_client = None
|
||||
self.state = None
|
||||
self.to_do = Actions.NoAction
|
||||
|
||||
super(AzureRMVaults, self).__init__(derived_arg_spec=self.module_arg_spec,
|
||||
supports_check_mode=True,
|
||||
supports_tags=False,
|
||||
required_if=self.module_required_if)
|
||||
|
||||
def exec_module(self, **kwargs):
|
||||
"""Main module execution method"""
|
||||
|
||||
# translate Ansible input to SDK-formatted dict in self.parameters
|
||||
for key in list(self.module_arg_spec.keys()):
|
||||
if hasattr(self, key):
|
||||
setattr(self, key, kwargs[key])
|
||||
elif kwargs[key] is not None:
|
||||
if key == "location":
|
||||
self.parameters["location"] = kwargs[key]
|
||||
elif key == "vault_tenant":
|
||||
self.parameters.setdefault("properties", {})["tenant_id"] = kwargs[key]
|
||||
elif key == "sku":
|
||||
self.parameters.setdefault("properties", {})["sku"] = kwargs[key]
|
||||
elif key == "access_policies":
|
||||
access_policies = kwargs[key]
|
||||
for policy in access_policies:
|
||||
if 'keys' in policy:
|
||||
policy.setdefault("permissions", {})["keys"] = policy["keys"]
|
||||
policy.pop("keys", None)
|
||||
if 'secrets' in policy:
|
||||
policy.setdefault("permissions", {})["secrets"] = policy["secrets"]
|
||||
policy.pop("secrets", None)
|
||||
if 'certificates' in policy:
|
||||
policy.setdefault("permissions", {})["certificates"] = policy["certificates"]
|
||||
policy.pop("certificates", None)
|
||||
if 'storage' in policy:
|
||||
policy.setdefault("permissions", {})["storage"] = policy["storage"]
|
||||
policy.pop("storage", None)
|
||||
if policy.get('tenant_id') is None:
|
||||
# default to key vault's tenant, since that's all that's currently supported anyway
|
||||
policy['tenant_id'] = kwargs['vault_tenant']
|
||||
self.parameters.setdefault("properties", {})["access_policies"] = access_policies
|
||||
elif key == "enabled_for_deployment":
|
||||
self.parameters.setdefault("properties", {})["enabled_for_deployment"] = kwargs[key]
|
||||
elif key == "enabled_for_disk_encryption":
|
||||
self.parameters.setdefault("properties", {})["enabled_for_disk_encryption"] = kwargs[key]
|
||||
elif key == "enabled_for_template_deployment":
|
||||
self.parameters.setdefault("properties", {})["enabled_for_template_deployment"] = kwargs[key]
|
||||
elif key == "enable_soft_delete":
|
||||
self.parameters.setdefault("properties", {})["enable_soft_delete"] = kwargs[key]
|
||||
elif key == "recover_mode":
|
||||
self.parameters.setdefault("properties", {})["create_mode"] = 'recover' if kwargs[key] else 'default'
|
||||
|
||||
old_response = None
|
||||
response = None
|
||||
|
||||
self.mgmt_client = self.get_mgmt_svc_client(KeyVaultManagementClient,
|
||||
base_url=self._cloud_environment.endpoints.resource_manager)
|
||||
|
||||
resource_group = self.get_resource_group(self.resource_group)
|
||||
|
||||
if "location" not in self.parameters:
|
||||
self.parameters["location"] = resource_group.location
|
||||
|
||||
old_response = self.get_keyvault()
|
||||
|
||||
if not old_response:
|
||||
self.log("Key Vault instance doesn't exist")
|
||||
if self.state == 'absent':
|
||||
self.log("Old instance didn't exist")
|
||||
else:
|
||||
self.to_do = Actions.Create
|
||||
else:
|
||||
self.log("Key Vault instance already exists")
|
||||
if self.state == 'absent':
|
||||
self.to_do = Actions.Delete
|
||||
elif self.state == 'present':
|
||||
self.log("Need to check if Key Vault instance has to be deleted or may be updated")
|
||||
if ('location' in self.parameters) and (self.parameters['location'] != old_response['location']):
|
||||
self.to_do = Actions.Update
|
||||
elif ('tenant_id' in self.parameters) and (self.parameters['tenant_id'] != old_response['tenant_id']):
|
||||
self.to_do = Actions.Update
|
||||
elif ('enabled_for_deployment' in self.parameters) and (self.parameters['enabled_for_deployment'] != old_response['enabled_for_deployment']):
|
||||
self.to_do = Actions.Update
|
||||
elif (('enabled_for_disk_encryption' in self.parameters) and
|
||||
(self.parameters['enabled_for_deployment'] != old_response['enabled_for_deployment'])):
|
||||
self.to_do = Actions.Update
|
||||
elif (('enabled_for_template_deployment' in self.parameters) and
|
||||
(self.parameters['enabled_for_template_deployment'] != old_response['enabled_for_template_deployment'])):
|
||||
self.to_do = Actions.Update
|
||||
elif ('enable_soft_delete' in self.parameters) and (self.parameters['enabled_soft_delete'] != old_response['enable_soft_delete']):
|
||||
self.to_do = Actions.Update
|
||||
elif ('create_mode' in self.parameters) and (self.parameters['create_mode'] != old_response['create_mode']):
|
||||
self.to_do = Actions.Update
|
||||
elif 'access_policies' in self.parameters['properties']:
|
||||
if len(self.parameters['properties']['access_policies']) != len(old_response['properties']['access_policies']):
|
||||
self.to_do = Actions.Update
|
||||
else:
|
||||
# FUTURE: this list isn't really order-dependent- we should be set-ifying the rules list for order-independent comparison
|
||||
for i in range(len(old_response['properties']['access_policies'])):
|
||||
n = self.parameters['properties']['access_policies'][i]
|
||||
o = old_response['properties']['access_policies'][i]
|
||||
if n.get('tenant_id', False) != o.get('tenant_id', False):
|
||||
self.to_do = Actions.Update
|
||||
break
|
||||
if n.get('object_id', None) != o.get('object_id', None):
|
||||
self.to_do = Actions.Update
|
||||
break
|
||||
if n.get('application_id', None) != o.get('application_id', None):
|
||||
self.to_do = Actions.Update
|
||||
break
|
||||
if sorted(n.get('keys', [])) != sorted(o.get('keys', [])):
|
||||
self.to_do = Actions.Update
|
||||
break
|
||||
if sorted(n.get('secrets', [])) != sorted(o.get('secrets', [])):
|
||||
self.to_do = Actions.Update
|
||||
break
|
||||
if sorted(n.get('certificates', [])) != sorted(o.get('certificates', [])):
|
||||
self.to_do = Actions.Update
|
||||
break
|
||||
if sorted(n.get('storage', [])) != sorted(o.get('storage', [])):
|
||||
self.to_do = Actions.Update
|
||||
break
|
||||
|
||||
if (self.to_do == Actions.Create) or (self.to_do == Actions.Update):
|
||||
self.log("Need to Create / Update the Key Vault instance")
|
||||
|
||||
if self.check_mode:
|
||||
self.results['changed'] = True
|
||||
return self.results
|
||||
|
||||
response = self.create_update_keyvault()
|
||||
|
||||
if not old_response:
|
||||
self.results['changed'] = True
|
||||
else:
|
||||
self.results['changed'] = old_response.__ne__(response)
|
||||
self.log("Creation / Update done")
|
||||
elif self.to_do == Actions.Delete:
|
||||
self.log("Key Vault instance deleted")
|
||||
self.results['changed'] = True
|
||||
|
||||
if self.check_mode:
|
||||
return self.results
|
||||
|
||||
self.delete_keyvault()
|
||||
# make sure instance is actually deleted, for some Azure resources, instance is hanging around
|
||||
# for some time after deletion -- this should be really fixed in Azure
|
||||
while self.get_keyvault():
|
||||
time.sleep(20)
|
||||
else:
|
||||
self.log("Key Vault instance unchanged")
|
||||
self.results['changed'] = False
|
||||
response = old_response
|
||||
|
||||
if response:
|
||||
self.results["id"] = response["id"]
|
||||
|
||||
return self.results
|
||||
|
||||
def create_update_keyvault(self):
|
||||
'''
|
||||
Creates or updates Key Vault with the specified configuration.
|
||||
|
||||
:return: deserialized Key Vault instance state dictionary
|
||||
'''
|
||||
self.log("Creating / Updating the Key Vault instance {0}".format(self.vault_name))
|
||||
|
||||
try:
|
||||
response = self.mgmt_client.vaults.create_or_update(resource_group_name=self.resource_group,
|
||||
vault_name=self.vault_name,
|
||||
parameters=self.parameters)
|
||||
if isinstance(response, AzureOperationPoller):
|
||||
response = self.get_poller_result(response)
|
||||
|
||||
except CloudError as exc:
|
||||
self.log('Error attempting to create the Key Vault instance.')
|
||||
self.fail("Error creating the Key Vault instance: {0}".format(str(exc)))
|
||||
return response.as_dict()
|
||||
|
||||
def delete_keyvault(self):
|
||||
'''
|
||||
Deletes specified Key Vault instance in the specified subscription and resource group.
|
||||
|
||||
:return: True
|
||||
'''
|
||||
self.log("Deleting the Key Vault instance {0}".format(self.vault_name))
|
||||
try:
|
||||
response = self.mgmt_client.vaults.delete(resource_group_name=self.resource_group,
|
||||
vault_name=self.vault_name)
|
||||
except CloudError as e:
|
||||
self.log('Error attempting to delete the Key Vault instance.')
|
||||
self.fail("Error deleting the Key Vault instance: {0}".format(str(e)))
|
||||
|
||||
return True
|
||||
|
||||
def get_keyvault(self):
|
||||
'''
|
||||
Gets the properties of the specified Key Vault.
|
||||
|
||||
:return: deserialized Key Vault instance state dictionary
|
||||
'''
|
||||
self.log("Checking if the Key Vault instance {0} is present".format(self.vault_name))
|
||||
found = False
|
||||
try:
|
||||
response = self.mgmt_client.vaults.get(resource_group_name=self.resource_group,
|
||||
vault_name=self.vault_name)
|
||||
found = True
|
||||
self.log("Response : {0}".format(response))
|
||||
self.log("Key Vault instance : {0} found".format(response.name))
|
||||
except CloudError as e:
|
||||
self.log('Did not find the Key Vault instance.')
|
||||
if found is True:
|
||||
return response.as_dict()
|
||||
|
||||
return False
|
||||
|
||||
|
||||
def main():
|
||||
"""Main execution"""
|
||||
AzureRMVaults()
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
3
test/integration/targets/azure_rm_keyvault/aliases
Normal file
3
test/integration/targets/azure_rm_keyvault/aliases
Normal file
|
@ -0,0 +1,3 @@
|
|||
cloud/azure
|
||||
destructive
|
||||
posix/ci/cloud/group2/azure
|
2
test/integration/targets/azure_rm_keyvault/meta/main.yml
Normal file
2
test/integration/targets/azure_rm_keyvault/meta/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
dependencies:
|
||||
- setup_azure
|
123
test/integration/targets/azure_rm_keyvault/tasks/main.yml
Normal file
123
test/integration/targets/azure_rm_keyvault/tasks/main.yml
Normal file
|
@ -0,0 +1,123 @@
|
|||
- name: Prepare random number
|
||||
set_fact:
|
||||
rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}"
|
||||
run_once: yes
|
||||
|
||||
- name: Create instance of Key Vault -- check mode
|
||||
azure_rm_keyvault:
|
||||
resource_group: "{{ resource_group }}"
|
||||
vault_name: "vault{{ rpfx }}"
|
||||
vault_tenant: 11111111-1111-1111-1111-111122223333
|
||||
enabled_for_deployment: yes
|
||||
sku:
|
||||
name: standard
|
||||
family: A
|
||||
access_policies:
|
||||
- object_id: 99998888-8666-4144-9199-2d7cd0111111
|
||||
keys:
|
||||
- get
|
||||
- list
|
||||
check_mode: yes
|
||||
register: output
|
||||
- name: Assert the resource instance is well created
|
||||
assert:
|
||||
that:
|
||||
- output.changed
|
||||
|
||||
- name: Create instance of Key Vault
|
||||
azure_rm_keyvault:
|
||||
resource_group: "{{ resource_group }}"
|
||||
vault_name: "vault{{ rpfx }}"
|
||||
vault_tenant: 11111111-1111-1111-1111-111122223333
|
||||
enabled_for_deployment: yes
|
||||
sku:
|
||||
name: standard
|
||||
family: A
|
||||
access_policies:
|
||||
- object_id: 99998888-8666-4144-9199-2d7cd0111111
|
||||
keys:
|
||||
- get
|
||||
- list
|
||||
register: output
|
||||
- name: Assert the resource instance is well created
|
||||
assert:
|
||||
that:
|
||||
- output.changed
|
||||
|
||||
- name: Create again instance of Key Vault
|
||||
azure_rm_keyvault:
|
||||
resource_group: "{{ resource_group }}"
|
||||
vault_name: "vault{{ rpfx }}"
|
||||
vault_tenant: 11111111-1111-1111-1111-111122223333
|
||||
enabled_for_deployment: yes
|
||||
sku:
|
||||
name: standard
|
||||
family: A
|
||||
access_policies:
|
||||
- object_id: 99998888-8666-4144-9199-2d7cd0111111
|
||||
keys:
|
||||
- get
|
||||
- list
|
||||
register: output
|
||||
- name: Assert the state has not changed
|
||||
assert:
|
||||
that:
|
||||
- output.changed == false
|
||||
|
||||
- name: Update existing Key Vault (add a rule)
|
||||
azure_rm_keyvault:
|
||||
resource_group: "{{ resource_group }}"
|
||||
vault_name: "vault{{ rpfx }}"
|
||||
vault_tenant: 11111111-1111-1111-1111-111122223333
|
||||
enabled_for_deployment: yes
|
||||
sku:
|
||||
name: standard
|
||||
family: A
|
||||
access_policies:
|
||||
- object_id: 99998888-8666-4144-9199-2d7cd0111111
|
||||
certificates:
|
||||
- get
|
||||
- list
|
||||
- object_id: 11112222-8666-4144-9199-2d7cd0111111
|
||||
keys:
|
||||
- get
|
||||
- list
|
||||
register: output
|
||||
- name: Assert the state has changed
|
||||
assert:
|
||||
that:
|
||||
- output.changed == true
|
||||
|
||||
- name: Delete instance of Key Vault -- check mode
|
||||
azure_rm_keyvault:
|
||||
resource_group: "{{ resource_group }}"
|
||||
vault_name: "vault{{ rpfx }}"
|
||||
state: absent
|
||||
check_mode: yes
|
||||
register: output
|
||||
- name: Assert the state has changed
|
||||
assert:
|
||||
that:
|
||||
- output.changed
|
||||
|
||||
- name: Delete instance of Key Vault
|
||||
azure_rm_keyvault:
|
||||
resource_group: "{{ resource_group }}"
|
||||
vault_name: "vault{{ rpfx }}"
|
||||
state: absent
|
||||
register: output
|
||||
- name: Assert the state has changed
|
||||
assert:
|
||||
that:
|
||||
- output.changed
|
||||
|
||||
- name: Delete unexisting instance of Key Vault
|
||||
azure_rm_keyvault:
|
||||
resource_group: "{{ resource_group }}"
|
||||
vault_name: "vault{{ rpfx }}"
|
||||
state: absent
|
||||
register: output
|
||||
- name: Assert the state has changed
|
||||
assert:
|
||||
that:
|
||||
- output.changed == false
|
Loading…
Reference in a new issue