lock function

Management locks

Management locks

Create, retrieve and delete locks. These are methods for the az_subscription, az_resource_group and az_resource classes.

Usage

create_lock(name, level = c("cannotdelete", "readonly"), notes = "")

get_lock(name)

delete_lock(name)

list_locks()

Arguments

  • name: The name of a lock.
  • level: The level of protection that the lock provides.
  • notes: An optional character string to describe the lock.

Details

Management locks in Resource Manager can be assigned at the subscription, resource group, or resource level. They serve to protect a resource against unwanted changes. A lock can either protect against deletion (level="cannotdelete") or against modification of any kind (level="readonly").

Locks assigned at parent scopes also apply to lower ones, recursively. The most restrictive lock in the inheritance takes precedence. To modify/delete a resource, any existing locks for its subscription and resource group must also be removed.

Note if you logged in via a custom service principal, it must have "Owner" or "User Access Administrator" access to manage locks.

Value

The create_lock and get_lock methods return a lock object, which is itself an Azure resource. The list_locks method returns a list of such objects. The delete_lock method returns NULL on a successful delete.

The get_role_definition method returns an object of class az_role_definition. This is a plain-old-data R6 class (no methods), which can be used as input for creating role assignments (see the examples below).

The list_role_definitions method returns a list of az_role_definition if the as_data_frame argument is FALSE. If this is TRUE, it instead returns a data frame containing the most broadly useful fields for each role definition: the definition ID and role name.

Examples

## Not run:

az <- get_azure_login("myaadtenant")
sub <- az$get_subscription("subscription_id")
rg <- sub$get_resource_group("rgname")
res <- rg$get_resource(type="provider_type", name="resname")

sub$create_lock("lock1", "cannotdelete")
rg$create_lock("lock2", "cannotdelete")

# error! resource is locked
res$delete()

# subscription level
rg$delete_lock("lock2")
sub$delete_lock("lock1")

# now it works
res$delete()
## End(Not run)

See Also

rbac

Overview of management locks

AzureRMR packageRead PDF manual
  • Maintainer: Hong Ooi
  • License: MIT + file LICENSE
  • Last published: 2023-09-21

Useful links