c7n_azure.resources package¶
Submodules¶
c7n_azure.resources.access_control module¶
-
class
c7n_azure.resources.access_control.DeleteAssignmentAction(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_azure.actions.AzureBaseAction-
schema= {'additionalProperties': False, 'properties': {'type': {'enum': ['delete']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'delete'¶
-
-
class
c7n_azure.resources.access_control.DescribeSource(manager)[source]¶ Bases:
c7n_azure.query.DescribeSource-
type= 'describe-azure-roledefinition'¶
-
-
class
c7n_azure.resources.access_control.ResourceAccessFilter(data, manager=None)[source]¶ Bases:
c7n.filters.related.RelatedResourceFilterFilters role assignments that have access to a certain type of azure resource.
- Example
policies: - name: assignments-by-azure-resource resource: azure.roleassignment filters: - type: resource-access relatedResource: azure.vm
-
schema= {'additionalProperties': False, 'properties': {'default': {'type': 'object'}, 'key': {'type': 'string'}, 'op': {'$ref': '#/definitions/filters_common/comparison_operators'}, 'relatedResource': {'type': 'string'}, 'type': {'enum': ['resource-access']}, 'value': {'$ref': '#/definitions/filters_common/value'}, 'value_from': {'$ref': '#/definitions/filters_common/value_from'}, 'value_type': {'$ref': '#/definitions/filters_common/value_types'}}, 'required': ['relatedResource', 'type'], 'type': 'object'}¶
-
type= 'resource-access'¶
-
class
c7n_azure.resources.access_control.RoleAssignment(data, options)[source]¶ Bases:
c7n_azure.query.QueryResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
object-
client= 'AuthorizationManagementClient'¶
-
default_report_fields= ('principalName', 'displayName', 'aadType', 'name', 'type', 'properties.scope', 'properties.roleDefinitionId')¶
-
enum_spec= ('role_assignments', 'list', None)¶
-
get_spec= ('role_assignments', 'get_by_id', None)¶
-
id= 'id'¶
-
service= 'azure.mgmt.authorization'¶
-
-
type= 'roleassignment'¶
-
-
class
c7n_azure.resources.access_control.RoleDefinition(data, options)[source]¶ Bases:
c7n_azure.query.QueryResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
object-
client= 'AuthorizationManagementClient'¶
-
default_report_fields= ('properties.roleName', 'properties.description', 'id', 'name', 'typeproperties.type', 'properties.permissions')¶
-
get_spec= ('role_definitions', 'get_by_id', None)¶
-
id= 'id'¶
-
service= 'azure.mgmt.authorization'¶
-
type= 'roleDefinition'¶
-
-
source_type¶
-
type= 'roledefinition'¶
-
-
class
c7n_azure.resources.access_control.RoleFilter(data, manager=None)[source]¶ Bases:
c7n.filters.related.RelatedResourceFilterFilters role assignments based on role definitions
- Example
policies: - name: assignments-by-role-definition resource: azure.roleassignment filters: - type: role key: properties.roleName op: in value: Owner
-
RelatedIdsExpression= 'properties.roleDefinitionId'¶
-
RelatedResource= 'c7n_azure.resources.access_control.RoleDefinition'¶
-
schema= {'additionalProperties': False, 'properties': {'default': {'type': 'object'}, 'key': {'type': 'string'}, 'op': {'$ref': '#/definitions/filters_common/comparison_operators'}, 'type': {'enum': ['role']}, 'value': {'$ref': '#/definitions/filters_common/value'}, 'value_from': {'$ref': '#/definitions/filters_common/value_from'}, 'value_type': {'$ref': '#/definitions/filters_common/value_types'}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'role'¶
-
class
c7n_azure.resources.access_control.ScopeFilter(data, manager=None)[source]¶ Bases:
c7n.filters.core.FilterFilters role assignments that have subscription level scope access
- Example
policies: - name: assignments-with-subscription-scope resource: azure.roleassignment filters: - type: scope value: subscription
-
schema= {'additionalProperties': False, 'properties': {'type': {'enum': ['scope']}, 'value': {'enum': ['subscription', 'resource-group'], 'type': 'string'}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'scope'¶
c7n_azure.resources.appserviceplan module¶
-
class
c7n_azure.resources.appserviceplan.AppServicePlan(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'WebSiteManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup', 'kind')¶
-
enum_spec= ('app_service_plans', 'list', None)¶
-
service= 'azure.mgmt.web'¶
-
-
type= 'appserviceplan'¶
-
-
class
c7n_azure.resources.appserviceplan.ResizePlan(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_azure.actions.AzureBaseActionResize App Service Plans
policies: - name: azure-resize-plan resource: azure.appserviceplan actions: - type: resize-plan size: F1 count: 1
-
schema= {'additionalProperties': False, 'properties': {'count': {'type': 'integer'}, 'size': {'enum': ['F1', 'B1', 'B2', 'B3', 'D1', 'S1', 'S2', 'S3', 'P1', 'P2', 'P3', 'P1V2', 'P2V2', 'P3v2', 'PC2', 'PC3', 'PC4'], 'type': 'string'}, 'type': {'enum': ['resize-plan']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'resize-plan'¶
-
c7n_azure.resources.arm module¶
-
class
c7n_azure.resources.arm.ArmResourceManager(data, options)[source]¶ Bases:
c7n_azure.query.QueryResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.ArmTypeInfo-
client= 'ResourceManagementClient'¶
-
enum_spec= ('resources', 'list', None)¶
-
service= 'azure.mgmt.resource'¶
-
-
type= 'armresource'¶
-
-
class
c7n_azure.resources.arm.ArmTypeInfo[source]¶ Bases:
c7n_azure.query.TypeInfo-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
diagnostic_settings_enabled= True¶
-
id= 'id'¶
-
name= 'name'¶
-
-
class
c7n_azure.resources.arm.ChildArmResourceManager(data, options)[source]¶ Bases:
c7n_azure.query.ChildResourceManager,c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.query.ChildTypeInfo,c7n_azure.resources.arm.ArmTypeInfo
-
c7n_azure.resources.batch module¶
-
class
c7n_azure.resources.batch.Batch(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'BatchManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('batch_account', 'list', None)¶
-
service= 'azure.mgmt.batch'¶
-
-
type= 'batch'¶
-
c7n_azure.resources.cdn module¶
-
class
c7n_azure.resources.cdn.CdnProfile(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'CdnManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('profiles', 'list', None)¶
-
service= 'azure.mgmt.cdn'¶
-
-
type= 'cdnprofile'¶
-
c7n_azure.resources.cognitive_service module¶
-
class
c7n_azure.resources.cognitive_service.CognitiveService(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'CognitiveServicesManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('accounts', 'list', None)¶
-
service= 'azure.mgmt.cognitiveservices'¶
-
-
type= 'cognitiveservice'¶
-
c7n_azure.resources.container_registry module¶
-
class
c7n_azure.resources.container_registry.ContainerRegistry(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'ContainerRegistryManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('registries', 'list', None)¶
-
service= 'azure.mgmt.containerregistry'¶
-
-
type= 'containerregistry'¶
-
c7n_azure.resources.container_service module¶
-
class
c7n_azure.resources.container_service.ContainerService(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'ContainerServiceClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('container_services', 'list', None)¶
-
service= 'azure.mgmt.containerservice'¶
-
-
type= 'containerservice'¶
-
c7n_azure.resources.cosmos_db module¶
-
class
c7n_azure.resources.cosmos_db.CosmosDB(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'CosmosDB'¶
-
default_report_fields= ('name', 'location', 'resourceGroup', 'kind')¶
-
enum_spec= ('database_accounts', 'list', None)¶
-
service= 'azure.mgmt.cosmosdb'¶
-
-
type= 'cosmosdb'¶
-
c7n_azure.resources.data_factory module¶
-
class
c7n_azure.resources.data_factory.DataFactory(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'DataFactoryManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('factories', 'list', None)¶
-
service= 'azure.mgmt.datafactory'¶
-
-
type= 'datafactory'¶
-
c7n_azure.resources.datalake_store module¶
-
class
c7n_azure.resources.datalake_store.DataLakeStore(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'DataLakeStoreAccountManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('accounts', 'list', None)¶
-
service= 'azure.mgmt.datalake.store'¶
-
-
type= 'datalake'¶
-
c7n_azure.resources.disk module¶
-
class
c7n_azure.resources.disk.Disk(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'ComputeManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('disks', 'list', None)¶
-
service= 'azure.mgmt.compute'¶
-
-
type= 'disk'¶
-
c7n_azure.resources.event_subscription module¶
-
class
c7n_azure.resources.event_subscription.Delete(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_azure.actions.AzureBaseAction-
schema= {'additionalProperties': False, 'properties': {'type': {'enum': ['delete']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'delete'¶
-
-
class
c7n_azure.resources.event_subscription.EventSubscription(data, options)[source]¶ Bases:
c7n_azure.query.QueryResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
object-
client= 'EventGridManagementClient'¶
-
default_report_fields= ('name', 'properties.destination.endpointType', 'properties.topic')¶
-
enum_spec= ('event_subscriptions', 'list_global_by_subscription', None)¶
-
service= 'azure.mgmt.eventgrid'¶
-
-
type= 'eventsubscription'¶
-
c7n_azure.resources.image module¶
-
class
c7n_azure.resources.image.Image(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'ComputeManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('images', 'list', None)¶
-
service= 'azure.mgmt.compute'¶
-
-
type= 'image'¶
-
c7n_azure.resources.iot_hub module¶
-
class
c7n_azure.resources.iot_hub.IoTHub(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'IotHubClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('iot_hub_resource', 'list_by_subscription', None)¶
-
service= 'azure.mgmt.iothub'¶
-
-
type= 'iothub'¶
-
c7n_azure.resources.key_vault module¶
-
class
c7n_azure.resources.key_vault.KeyVault(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'KeyVaultManagementClient'¶
-
enum_spec= ('vaults', 'list', None)¶
-
service= 'azure.mgmt.keyvault'¶
-
-
type= 'keyvault'¶
-
-
class
c7n_azure.resources.key_vault.KeyVaultUpdateAccessPolicyAction(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_azure.actions.AzureBaseActionAdds Get and List key access policy to all keyvaults
policies: - name: azure-keyvault-update-access-policies resource: azure.keyvault description: | Add key get and list to all keyvault access policies actions: - type: update-access-policy operation: add access-policies: - tenant-id: 00000000-0000-0000-0000-000000000000 object-id: 11111111-1111-1111-1111-111111111111 permissions: keys: - Get - List
-
schema= {'additionalProperties': False, 'properties': {'access-policies': {'items': {'object-id': {'type': 'string'}, 'permissions': {'certificates': {'items': {'type': 'string'}, 'type': 'array'}, 'keys': {'items': {'type': 'string'}, 'type': 'array'}, 'secrets': {'items': {'type': 'string'}, 'type': 'array'}, 'type': 'object'}, 'tenant-id': {'type': 'string'}, 'type': 'object'}, 'type': 'array'}, 'operation': {'enum': ['add', 'replace'], 'type': 'string'}, 'type': {'enum': ['update-access-policy']}}, 'required': ['operation', 'access-policies', 'type'], 'type': 'object'}¶
-
type= 'update-access-policy'¶
-
-
class
c7n_azure.resources.key_vault.WhiteListFilter(data, manager=None)[source]¶ Bases:
c7n.filters.core.Filter-
GRAPH_PROVIDED_KEYS= ['displayName', 'aadType', 'principalName']¶
-
graph_client= None¶
-
schema= {'additionalProperties': False, 'properties': {'key': {'type': 'string'}, 'permissions': {'certificates': {'type': 'array'}, 'keys': {'type': 'array'}, 'secrets': {'type': 'array'}}, 'type': {'enum': ['whitelist']}, 'users': {'type': 'array'}}, 'required': ['key', 'type'], 'type': 'object'}¶
-
type= 'whitelist'¶
-
c7n_azure.resources.key_vault_keys module¶
-
class
c7n_azure.resources.key_vault_keys.KeyTypeFilter(data, manager=None)[source]¶ Bases:
c7n.filters.core.Filter-
schema= {'additionalProperties': False, 'properties': {'key-types': {'items': {'enum': ['EC', 'EC-HSM', 'RSA', 'RSA-HSM']}, 'type': 'array'}, 'type': {'enum': ['key-type']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'key-type'¶
-
-
class
c7n_azure.resources.key_vault_keys.KeyVaultFilter(data, manager=None)[source]¶ Bases:
c7n.filters.core.Filter-
schema= {'additionalProperties': False, 'properties': {'type': {'enum': ['keyvault']}, 'vaults': {'items': {'type': 'string'}, 'type': 'array'}}, 'required': ['vaults', 'type'], 'type': 'object'}¶
-
type= 'keyvault'¶
-
-
class
c7n_azure.resources.key_vault_keys.KeyVaultKeys(data, options)[source]¶ Bases:
c7n_azure.query.ChildResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.query.ChildTypeInfo-
client= 'KeyVaultClient'¶
-
enum_spec= (None, 'get_keys', None)¶
-
parent_manager_name= 'keyvault'¶
-
raise_on_exception= False¶
-
resource= 'https://vault.azure.net'¶
-
service= 'azure.keyvault'¶
-
-
type= 'keyvault-keys'¶
-
c7n_azure.resources.load_balancer module¶
-
class
c7n_azure.resources.load_balancer.FrontEndIp(data, manager=None)[source]¶ Bases:
c7n.filters.related.RelatedResourceFilterFilters load balancers by frontend public ip.
- Example
policies: - name: loadbalancer-with-ipv6-frontend resource: azure.loadbalancer filters: - type: frontend-public-ip key: properties.publicIPAddressVersion op: in value_type: normalize value: "ipv6"
-
RelatedIdsExpression= 'properties.frontendIPConfigurations[].properties.publicIPAddress.id'¶
-
RelatedResource= 'c7n_azure.resources.public_ip.PublicIPAddress'¶
-
schema= {'additionalProperties': False, 'properties': {'default': {'type': 'object'}, 'key': {'type': 'string'}, 'op': {'$ref': '#/definitions/filters_common/comparison_operators'}, 'type': {'enum': ['frontend-public-ip']}, 'value': {'$ref': '#/definitions/filters_common/value'}, 'value_from': {'$ref': '#/definitions/filters_common/value_from'}, 'value_type': {'$ref': '#/definitions/filters_common/value_types'}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'frontend-public-ip'¶
-
class
c7n_azure.resources.load_balancer.LoadBalancer(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'NetworkManagementClient'¶
-
enum_spec= ('load_balancers', 'list_all', None)¶
-
service= 'azure.mgmt.network'¶
-
type= 'loadbalancer'¶
-
-
type= 'loadbalancer'¶
-
c7n_azure.resources.network_interface module¶
-
class
c7n_azure.resources.network_interface.EffectiveRouteTableFilter(data, manager=None)[source]¶ Bases:
c7n.filters.core.ValueFilter-
schema= {'additionalProperties': False, 'properties': {'default': {'type': 'object'}, 'key': {'type': 'string'}, 'op': {'$ref': '#/definitions/filters_common/comparison_operators'}, 'type': {'enum': ['effective-route-table']}, 'value': {'$ref': '#/definitions/filters_common/value'}, 'value_from': {'$ref': '#/definitions/filters_common/value_from'}, 'value_type': {'$ref': '#/definitions/filters_common/value_types'}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'effective-route-table'¶
-
-
class
c7n_azure.resources.network_interface.NetworkInterface(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
object-
client= 'NetworkManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('network_interfaces', 'list_all', None)¶
-
id= 'id'¶
-
name= 'name'¶
-
service= 'azure.mgmt.network'¶
-
-
type= 'networkinterface'¶
-
c7n_azure.resources.network_security_group module¶
-
class
c7n_azure.resources.network_security_group.CloseRules(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_azure.resources.network_security_group.NetworkSecurityGroupPortsActionDeny access to Security Rule
-
access_action= 'Deny'¶
-
schema= {'additionalProperties': False, 'properties': {'direction': {'enum': ['Inbound', 'Outbound'], 'type': 'string'}, 'exceptPorts': {'type': 'string'}, 'ipProtocol': {'enum': ['TCP', 'UDP', '*'], 'type': 'string'}, 'ports': {'type': 'string'}, 'type': {'enum': ['close']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'close'¶
-
-
class
c7n_azure.resources.network_security_group.EgressFilter(data, manager=None)[source]¶ Bases:
c7n_azure.resources.network_security_group.NetworkSecurityGroupFilter-
direction_key= 'Outbound'¶
-
schema= {'additionalProperties': False, 'properties': {'access': {'enum': ['Allow', 'Deny'], 'type': 'string'}, 'exceptPorts': {'type': 'string'}, 'ipProtocol': {'enum': ['TCP', 'UDP', '*'], 'type': 'string'}, 'match': {'enum': ['all', 'any'], 'type': 'string'}, 'ports': {'type': 'string'}, 'type': {'enum': ['egress']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'egress'¶
-
-
class
c7n_azure.resources.network_security_group.IngressFilter(data, manager=None)[source]¶ Bases:
c7n_azure.resources.network_security_group.NetworkSecurityGroupFilter-
direction_key= 'Inbound'¶
-
schema= {'additionalProperties': False, 'properties': {'access': {'enum': ['Allow', 'Deny'], 'type': 'string'}, 'exceptPorts': {'type': 'string'}, 'ipProtocol': {'enum': ['TCP', 'UDP', '*'], 'type': 'string'}, 'match': {'enum': ['all', 'any'], 'type': 'string'}, 'ports': {'type': 'string'}, 'type': {'enum': ['ingress']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'ingress'¶
-
-
class
c7n_azure.resources.network_security_group.NetworkSecurityGroup(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
object-
client= 'NetworkManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('network_security_groups', 'list_all', None)¶
-
id= 'id'¶
-
name= 'name'¶
-
service= 'azure.mgmt.network'¶
-
-
type= 'networksecuritygroup'¶
-
-
class
c7n_azure.resources.network_security_group.NetworkSecurityGroupFilter(data, manager=None)[source]¶ Bases:
c7n.filters.core.FilterFilter Network Security Groups using opened/closed ports configuration
-
process(network_security_groups, event=None)[source]¶ Bulk process resources and return filtered set.
-
schema= {'properties': {'access': {'enum': ['Allow', 'Deny'], 'type': 'string'}, 'exceptPorts': {'type': 'string'}, 'ipProtocol': {'enum': ['TCP', 'UDP', '*'], 'type': 'string'}, 'match': {'enum': ['all', 'any'], 'type': 'string'}, 'ports': {'type': 'string'}, 'type': {'enum': []}}, 'required': ['type', 'access'], 'type': 'object'}¶
-
-
class
c7n_azure.resources.network_security_group.NetworkSecurityGroupPortsAction(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n.actions.core.ActionAction to perform on Network Security Groups
-
schema= {'properties': {'direction': {'enum': ['Inbound', 'Outbound'], 'type': 'string'}, 'exceptPorts': {'type': 'string'}, 'ipProtocol': {'enum': ['TCP', 'UDP', '*'], 'type': 'string'}, 'ports': {'type': 'string'}, 'type': {'enum': []}}, 'required': ['type', 'direction'], 'type': 'object'}¶
-
-
class
c7n_azure.resources.network_security_group.OpenRules(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_azure.resources.network_security_group.NetworkSecurityGroupPortsActionAllow access to Security Rule
-
access_action= 'Allow'¶
-
schema= {'additionalProperties': False, 'properties': {'direction': {'enum': ['Inbound', 'Outbound'], 'type': 'string'}, 'exceptPorts': {'type': 'string'}, 'ipProtocol': {'enum': ['TCP', 'UDP', '*'], 'type': 'string'}, 'ports': {'type': 'string'}, 'type': {'enum': ['open']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'open'¶
-
c7n_azure.resources.policy_assignments module¶
-
class
c7n_azure.resources.policy_assignments.PolicyAssignments(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'PolicyClient'¶
-
enum_spec= ('policy_assignments', 'list', None)¶
-
service= 'azure.mgmt.resource.policy'¶
-
type= 'policyassignments'¶
-
-
type= 'policyassignments'¶
-
c7n_azure.resources.public_ip module¶
-
class
c7n_azure.resources.public_ip.PublicIPAddress(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'NetworkManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup', 'properties.publicIPAddressVersion', 'properties.publicIPAllocationMethod', 'properties.ipAddress')¶
-
enum_spec= ('public_ip_addresses', 'list_all', None)¶
-
service= 'azure.mgmt.network'¶
-
type= 'publicip'¶
-
-
type= 'publicip'¶
-
c7n_azure.resources.redis module¶
-
class
c7n_azure.resources.redis.Redis(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'RedisManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('redis', 'list', None)¶
-
service= 'azure.mgmt.redis'¶
-
-
type= 'redis'¶
-
c7n_azure.resources.resourcegroup module¶
-
class
c7n_azure.resources.resourcegroup.DeleteResourceGroup(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n.actions.core.Action-
schema= {'additionalProperties': False, 'properties': {'type': {'enum': ['delete']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'delete'¶
-
-
class
c7n_azure.resources.resourcegroup.EmptyGroup(data, manager=None)[source]¶ Bases:
c7n.filters.core.Filter-
type= 'empty-group'¶
-
-
class
c7n_azure.resources.resourcegroup.ResourceGroup(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'ResourceManagementClient'¶
-
enum_spec= ('resource_groups', 'list', None)¶
-
service= 'azure.mgmt.resource'¶
-
-
type= 'resourcegroup'¶
-
c7n_azure.resources.route_table module¶
-
class
c7n_azure.resources.route_table.RouteTable(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'NetworkManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('route_tables', 'list_all', None)¶
-
service= 'azure.mgmt.network'¶
-
-
type= 'routetable'¶
-
c7n_azure.resources.sqldatabase module¶
-
class
c7n_azure.resources.sqldatabase.BackupRetentionPolicyFilter(operations_property, retention_limit, data, manager=None)[source]¶ Bases:
c7n.filters.core.Filter-
schema= {'additionalProperties': False, 'properties': {'op': {'enum': ['eq', 'equal', 'ne', 'not-equal', 'gt', 'greater-than', 'ge', 'gte', 'le', 'lte', 'lt', 'less-than']}, 'type': {'enum': ['backup-retention-policy']}}, 'required': ['type'], 'type': 'object'}¶
-
-
class
c7n_azure.resources.sqldatabase.LongTermBackupRetentionPolicyFilter(data, manager=None)[source]¶ Bases:
c7n_azure.resources.sqldatabase.BackupRetentionPolicyFilterFilter SQL Databases on the length of their long term backup retention policies.
There are 3 backup types for a sql database: weekly, monthly, and yearly. And, each of these backups has a retention period that can specified in units of days, weeks, months, or years.
- Example
Find all SQL Databases with weekly backup retentions longer than 1 month.
policies: - name: long-term-backup-retention-policy resource: azure.sqldatabase filters: - type: long-term-backup-retention-policy backup-type: weekly op: gt retention-period: 1 retention-period-units: months
-
class
BackupType(retention_property)[source]¶ Bases:
enum.EnumAn enumeration.
-
monthly= ('monthly_retention',)¶
-
weekly= ('weekly_retention',)¶
-
yearly= ('yearly_retention',)¶
-
-
schema= {'additionalProperties': False, 'properties': {'backup-type': {'enum': ['weekly', 'monthly', 'yearly']}, 'op': {'enum': ['eq', 'equal', 'ne', 'not-equal', 'gt', 'greater-than', 'ge', 'gte', 'le', 'lte', 'lt', 'less-than']}, 'retention-period': {'type': 'number'}, 'retention-period-units': {'enum': ['day', 'days', 'week', 'weeks', 'month', 'months', 'year', 'years']}, 'type': {'enum': ['long-term-backup-retention-policy']}}, 'required': ['backup-type', 'retention-period', 'retention-period-units', 'type'], 'type': 'object'}¶
-
type= 'long-term-backup-retention-policy'¶
-
class
c7n_azure.resources.sqldatabase.ShortTermBackupRetentionPolicyFilter(data, manager=None)[source]¶ Bases:
c7n_azure.resources.sqldatabase.BackupRetentionPolicyFilterFilter SQL Databases on the length of their short term backup retention policies.
If the database has no backup retention policies, the database is treated as if it has a backup retention of zero days.
- Example
Find all SQL Databases with a short term retention policy shorter than 2 weeks.
policies: - name: short-term-backup-retention-policy resource: azure.sqldatabase filters: - type: short-term-backup-retention-policy op: lt retention-period-days: 14
-
schema= {'additionalProperties': False, 'properties': {'op': {'enum': ['eq', 'equal', 'ne', 'not-equal', 'gt', 'greater-than', 'ge', 'gte', 'le', 'lte', 'lt', 'less-than']}, 'retention-period-days': {'type': 'number'}, 'type': {'enum': ['short-term-backup-retention-policy']}}, 'required': ['retention-period-days', 'type'], 'type': 'object'}¶
-
type= 'short-term-backup-retention-policy'¶
-
class
c7n_azure.resources.sqldatabase.SqlDatabase(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ChildArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'SqlManagementClient'¶
-
enum_spec= ('databases', 'list_by_server', None)¶
-
parent_manager_name= 'sqlserver'¶
-
service= 'azure.mgmt.sql'¶
-
-
type= 'sqldatabase'¶
-
c7n_azure.resources.sqlserver module¶
-
class
c7n_azure.resources.sqlserver.SqlServer(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'SqlManagementClient'¶
-
enum_spec= ('servers', 'list', None)¶
-
service= 'azure.mgmt.sql'¶
-
-
type= 'sqlserver'¶
-
-
class
c7n_azure.resources.sqlserver.SqlServerFirewallRulesFilter(data, manager=None)[source]¶ Bases:
c7n.filters.core.FilterFilters SQL servers by the firewall rules
- Example
policies: - name: servers-with-firewall resource: azure.sqlserver filters: - type: firewall-rules include: - '131.107.160.2-131.107.160.3' - 10.20.20.0/24
-
schema= {'additionalProperties': False, 'properties': {'equal': {'items': {'type': 'string'}, 'type': 'array'}, 'include': {'items': {'type': 'string'}, 'type': 'array'}, 'type': {'enum': ['firewall-rules']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'firewall-rules'¶
c7n_azure.resources.storage module¶
-
class
c7n_azure.resources.storage.Storage(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'StorageManagementClient'¶
-
diagnostic_settings_enabled= False¶
-
enum_spec= ('storage_accounts', 'list', None)¶
-
service= 'azure.mgmt.storage'¶
-
-
type= 'storage'¶
-
-
class
c7n_azure.resources.storage.StorageSetNetworkRulesAction(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_azure.actions.AzureBaseAction-
schema= {'additionalProperties': False, 'properties': {'bypass': {'items': {'enum': ['AzureServices', 'Logging', 'Metrics']}, 'type': 'array'}, 'default-action': {'enum': ['Allow', 'Deny']}, 'ip-rules': {'items': {'ip-address-or-range': {'type': 'string'}}, 'type': 'array'}, 'type': {'enum': ['set-network-rules']}, 'virtual-network-rules': {'items': {'virtual-network-resource-id': {'type': 'string'}}, 'type': 'array'}}, 'required': ['default-action', 'type'], 'type': 'object'}¶
-
type= 'set-network-rules'¶
-
c7n_azure.resources.subscription module¶
-
class
c7n_azure.resources.subscription.AddPolicy(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n.actions.core.Action-
policyDefinitionPrefix= '/providers/Microsoft.Authorization/policyDefinitions/'¶
-
schema= {'additionalProperties': False, 'properties': {'definition_name': {'type': 'string'}, 'display_name': {'type': 'string'}, 'name': {'type': 'string'}, 'scope': {'type': 'string'}, 'type': {'enum': ['add-policy']}}, 'required': ['name', 'display_name', 'definition_name', 'type'], 'type': 'object'}¶
-
type= 'add-policy'¶
-
-
class
c7n_azure.resources.subscription.Subscription(ctx, data)[source]¶ Bases:
c7n.manager.ResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
object-
filter_name= None¶
-
id= 'subscriptionId'¶
-
name= 'displayName'¶
-
-
type= 'subscription'¶
-
c7n_azure.resources.vm module¶
-
class
c7n_azure.resources.vm.InstanceViewFilter(data, manager=None)[source]¶ Bases:
c7n.filters.core.ValueFilter-
schema= {'additionalProperties': False, 'properties': {'default': {'type': 'object'}, 'key': {'type': 'string'}, 'op': {'$ref': '#/definitions/filters_common/comparison_operators'}, 'type': {'enum': ['instance-view']}, 'value': {'$ref': '#/definitions/filters_common/value'}, 'value_from': {'$ref': '#/definitions/filters_common/value_from'}, 'value_type': {'$ref': '#/definitions/filters_common/value_types'}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'instance-view'¶
-
-
class
c7n_azure.resources.vm.NetworkInterfaceFilter(data, manager=None)[source]¶ Bases:
c7n.filters.related.RelatedResourceFilter-
RelatedIdsExpression= 'properties.networkProfile.networkInterfaces[0].id'¶
-
RelatedResource= 'c7n_azure.resources.network_interface.NetworkInterface'¶
-
schema= {'additionalProperties': False, 'properties': {'default': {'type': 'object'}, 'key': {'type': 'string'}, 'op': {'$ref': '#/definitions/filters_common/comparison_operators'}, 'type': {'enum': ['network-interface']}, 'value': {'$ref': '#/definitions/filters_common/value'}, 'value_from': {'$ref': '#/definitions/filters_common/value_from'}, 'value_type': {'$ref': '#/definitions/filters_common/value_types'}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'network-interface'¶
-
-
class
c7n_azure.resources.vm.VirtualMachine(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'ComputeManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup', 'properties.hardwareProfile.vmSize')¶
-
diagnostic_settings_enabled= False¶
-
enum_spec= ('virtual_machines', 'list_all', None)¶
-
service= 'azure.mgmt.compute'¶
-
-
type= 'vm'¶
-
-
class
c7n_azure.resources.vm.VmPowerOffAction(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_azure.actions.AzureBaseAction-
schema= {'additionalProperties': False, 'properties': {'type': {'enum': ['poweroff']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'poweroff'¶
-
-
class
c7n_azure.resources.vm.VmRestartAction(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_azure.actions.AzureBaseAction-
schema= {'additionalProperties': False, 'properties': {'type': {'enum': ['restart']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'restart'¶
-
-
class
c7n_azure.resources.vm.VmStartAction(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_azure.actions.AzureBaseAction-
schema= {'additionalProperties': False, 'properties': {'type': {'enum': ['start']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'start'¶
-
-
class
c7n_azure.resources.vm.VmStopAction(data=None, manager=None, log_dir=None)[source]¶ Bases:
c7n_azure.actions.AzureBaseAction-
schema= {'additionalProperties': False, 'properties': {'type': {'enum': ['stop']}}, 'required': ['type'], 'type': 'object'}¶
-
type= 'stop'¶
-
c7n_azure.resources.vmss module¶
-
class
c7n_azure.resources.vmss.VMScaleSet(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'ComputeManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup')¶
-
enum_spec= ('virtual_machine_scale_sets', 'list_all', None)¶
-
service= 'azure.mgmt.compute'¶
-
-
type= 'vmss'¶
-
c7n_azure.resources.vnet module¶
-
class
c7n_azure.resources.vnet.Vnet(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'NetworkManagementClient'¶
-
enum_spec= ('virtual_networks', 'list_all', None)¶
-
service= 'azure.mgmt.network'¶
-
-
type= 'vnet'¶
-
c7n_azure.resources.web_app module¶
-
class
c7n_azure.resources.web_app.WebApp(data, options)[source]¶ Bases:
c7n_azure.resources.arm.ArmResourceManager-
action_registry= <c7n.actions.core.ActionRegistry object>¶
-
filter_registry= <c7n.filters.core.FilterRegistry object>¶
-
class
resource_type[source]¶ Bases:
c7n_azure.resources.arm.resource_type-
client= 'WebSiteManagementClient'¶
-
default_report_fields= ('name', 'location', 'resourceGroup', 'kind', 'properties.hostNames[0]')¶
-
enum_spec= ('web_apps', 'list', None)¶
-
service= 'azure.mgmt.web'¶
-
-
type= 'webapp'¶
-