search

ansible-collections / azure

Development area for Azure Collections
https://galaxy.ansible.com/azure/azcollection
GNU General Public License v3.0
245 stars 327 forks source link

Feature Proposal: Eventgrid Subscriptions #703

Open howardjones opened 2 years ago

howardjones commented 2 years ago
SUMMARY

(I'm partway through writing this - this is the pre-PR Issue as requested in your docs, and also a query)

azure_rm_eventgridsubscription module to allow for the management of Event subscriptions on various Azure objects that support them.

ISSUE TYPE
COMPONENT NAME

azure_rm_eventgridsubscription

ADDITIONAL INFORMATION

Eventgrid subscriptions allow event-driven automation between Azure components, including Key Vaults, Storage Accounts, and also general create/delete/failure events from Resource Groups or Subscriptions. My initial-use case is to add expiry events to our key vaults as they are created, so that the vault will raise an event when it is time to renew certs, tokens etc. However, it would be very useful for any process using a storage account as a queue or a BLOB dropbox too.

There are several other destination types, but my initial need is for webhooks. I'm intending to make the task parameters take into account the extension for the other destination types though.


- name: Create an event subscription on the Key Vault
  azure_rm_eventgridsubscription:
    name: "event{{ rpfx }}"
    scope: "/subscriptions/{{azure_subscription_id}}/resourceGroups/{{ resource_group }}/providers/Microsoft.KeyVault/vaults/vault{{rpfx}}"
    state: present
    destination_type: webhook
    webhook_url: https://listener.contoso.local/events
    event_types:
      - Microsoft.KeyVault.SecretExpired
      - Microsoft.KeyVault.SecretNearExpiry
howardjones commented 2 years ago

The query that goes with this: I have written a test playbook, but you can't actually create a webhook event subscription without an active web application running - Azure calls out to the webhook and expects a correct response, not just 200, from the far end. What should I do to make a test that works? It wouldn't be so hard to make a really small container that answers these requests, but where would it go? The URL for it would need to be known to the test playbook.

howardjones commented 1 year ago

Any feedback on how the test could work?