Is Move-AzureStorageAccount -Validate a read-only operation?

Kindred Dev 21 Reputation points
2020-12-07T21:03:01.077+00:00

I'm setting up scripts to migrate classic Azure storage accounts to ARM, along with various other tasks. I've written a read-only validation as part of this scripting, but I've been required to ensure that validation does not change these storage accounts in any way. The one command I can't verify is Move-AzureStorageAccount with the -Validate flag. I would assume that this operation performs no writes, but I haven't found any documentation to confirm that. Is the storage account in exactly the same state post-validation as it is pre? If not, what writes are performed?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
1,666 questions
No comments
{count} votes

Accepted answer
  1. Sumarigo-MSFT 31,991 Reputation points Microsoft Employee
    2020-12-09T10:42:27.91+00:00

    @Kindred Dev It doesn't do any write operation over the storage account or locks it.

    The validate operation only analyzes the state of the resources in the classic deployment model. It can check for all failures and unsupported scenarios due to various configurations in the classic deployment model. It is not possible to check for all issues that the Azure Resource Manager stack might impose on the resources during migration. These issues are only checked when the resources undergo a transformation in the next step of migration (the prepare operation). The following table lists all the issues not checked in the validate operation: For the deep drive from classic to ARM see here

    Once you commit the migration these resources will only be available in the Resource Manager deployment model, the classic resource(s) will be deleted.
    If you see any issues with the results of 'Prepare', you may abort and return to the prepare step.

    Storage Accounts with no associated disks or Virtual Machines data may be migrated independently.

    Note: The Resource Manager deployment model doesn't have the concept of Classic images and disks. When the storage account is migrated, Classic images and disks are not visible in the Resource Manager stack but the backing VHDs remain in the storage account.

    This article will help you in the Migration of storage accounts ( Classic -> ARM)

    Additional information: Once after migration, you set the policy, permission (only to read, write, and more for the storage account)
    ‘Storage Blob Data Reader’ may limit the ability to list the account (: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-blob-data-reader)

    You need to read permission or Reader role on the subscription to enumerate resources, including storage accounts.
    Storage Blob Data Reader role grants permissions for reading blob content and metadata in the storage account.

    Also, Let me explain how this role works and the definition of the RBAC, see here

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    ---------------------------------------------------------------------------------------------------------

    Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

0 additional answers

Sort by: Most helpful