azure
azure copied to clipboard
ansible-collections
Feature Proposal: Eventgrid Subscriptions
SUMMARY
(I'm partway through writing this - this is the pre-PR Issue as requested in your docs, and also a query)
azure_rm_eventgridsubscription module to allow for the management of Event subscriptions on various Azure objects that support them.
ISSUE TYPE
- Feature Idea
COMPONENT NAME
azure_rm_eventgridsubscription
ADDITIONAL INFORMATION
Eventgrid subscriptions allow event-driven automation between Azure components, including Key Vaults, Storage Accounts, and also general create/delete/failure events from Resource Groups or Subscriptions. My initial-use case is to add expiry events to our key vaults as they are created, so that the vault will raise an event when it is time to renew certs, tokens etc. However, it would be very useful for any process using a storage account as a queue or a BLOB dropbox too.
There are several other destination types, but my initial need is for webhooks. I'm intending to make the task parameters take into account the extension for the other destination types though.
- name: Create an event subscription on the Key Vault
azure_rm_eventgridsubscription:
name: "event{{ rpfx }}"
scope: "/subscriptions/{{azure_subscription_id}}/resourceGroups/{{ resource_group }}/providers/Microsoft.KeyVault/vaults/vault{{rpfx}}"
state: present
destination_type: webhook
webhook_url: https://listener.contoso.local/events
event_types:
- Microsoft.KeyVault.SecretExpired
- Microsoft.KeyVault.SecretNearExpiry
The query that goes with this: I have written a test playbook, but you can't actually create a webhook event subscription without an active web application running - Azure calls out to the webhook and expects a correct response, not just 200, from the far end. What should I do to make a test that works? It wouldn't be so hard to make a really small container that answers these requests, but where would it go? The URL for it would need to be known to the test playbook.