Buckets - Get

Service:: Azure NetApp Files

API Version:: 2026-01-01

Get the details of the specified volume's bucket. A bucket allows additional services, such as AI services, connect to the volume data contained in those buckets.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.NetApp/netAppAccounts/{accountName}/capacityPools/{poolName}/volumes/{volumeName}/buckets/{bucketName}?api-version=2026-01-01

URI Parameters

Name	In	Required	Type	Description
accountName	path	True	string pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]{0,127}$	The name of the NetApp account
bucketName	path	True	string minLength: 3 maxLength: 63 pattern: ^([a-z]\|(\d(?!\d{0,2}\.\d{1,3}\.\d{1,3}\.\d{1,3})))([a-z\d]\|(\.(?!(\.\|-)))\|(-(?!\.))){1,61}[a-z\d]$	The name of the bucket
poolName	path	True	string minLength: 1 maxLength: 64 pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]{0,63}$	The name of the capacity pool
resourceGroupName	path	True	string minLength: 1 maxLength: 90	The name of the resource group. The name is case insensitive.
subscriptionId	path	True	string (uuid)	The ID of the target subscription. The value must be an UUID.
volumeName	path	True	string minLength: 1 maxLength: 64 pattern: ^[a-zA-Z][a-zA-Z0-9\-_]{0,63}$	The name of the volume
api-version	query	True	string minLength: 1	The API version to use for this operation.

Responses

Name	Type	Description
200 OK	Bucket	Azure operation completed successfully.
Other Status Codes	ErrorResponse	An unexpected error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Buckets_Get

Sample request

GET https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1?api-version=2026-01-01


/**
 * Samples for Buckets Get.
 */
public final class Main {
    /*
     * x-ms-original-file: 2026-01-01/Buckets_Get.json
     */
    /**
     * Sample code: Buckets_Get.
     * 
     * @param manager Entry point to NetAppFilesManager.
     */
    public static void bucketsGet(com.azure.resourcemanager.netapp.NetAppFilesManager manager) {
        manager.buckets().getWithResponse("myRG", "account1", "pool1", "volume1", "bucket1",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.netapp import NetAppManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-netapp
# USAGE
    python buckets_get.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetAppManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.buckets.get(
        resource_group_name="myRG",
        account_name="account1",
        pool_name="pool1",
        volume_name="volume1",
        bucket_name="bucket1",
    )
    print(response)


# x-ms-original-file: 2026-01-01/Buckets_Get.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetapp_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/netapp/armnetapp/v10"
)

// Generated from example definition: 2026-01-01/Buckets_Get.json
func ExampleBucketsClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetapp.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewBucketsClient().Get(ctx, "myRG", "account1", "pool1", "volume1", "bucket1", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armnetapp.BucketsClientGetResponse{
	// 	Bucket: &armnetapp.Bucket{
	// 		ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1"),
	// 		Name: to.Ptr("account1/pool1/volume1/bucket1"),
	// 		Type: to.Ptr("Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets"),
	// 		Properties: &armnetapp.BucketProperties{
	// 			Path: to.Ptr("/path"),
	// 			ProvisioningState: to.Ptr(armnetapp.ProvisioningStateSucceeded),
	// 			FileSystemUser: &armnetapp.FileSystemUser{
	// 				NfsUser: &armnetapp.NfsUser{
	// 					UserID: to.Ptr[int64](1001),
	// 					GroupID: to.Ptr[int64](1000),
	// 				},
	// 			},
	// 			Status: to.Ptr(armnetapp.CredentialsStatusCredentialsExpired),
	// 			Server: &armnetapp.BucketServerProperties{
	// 				Fqdn: to.Ptr("fullyqualified.domainname.com"),
	// 				CertificateCommonName: to.Ptr("www.example.com"),
	// 				CertificateExpiryDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2027-08-15T13:23:32Z"); return t}()),
	// 				IPAddress: to.Ptr("1.2.3.4"),
	// 			},
	// 			AkvDetails: &armnetapp.AzureKeyVaultDetails{
	// 				CertificateAkvDetails: &armnetapp.CertificateAkvDetails{
	// 					CertificateKeyVaultURI: to.Ptr("https://REDACTED.vault.azure.net/"),
	// 					CertificateName: to.Ptr("my-certificate"),
	// 				},
	// 				CredentialsAkvDetails: &armnetapp.CredentialsAkvDetails{
	// 					CredentialsKeyVaultURI: to.Ptr("https://REDACTED.vault.azure.net/"),
	// 					SecretName: to.Ptr("my-secret"),
	// 				},
	// 			},
	// 			Permissions: to.Ptr(armnetapp.BucketPermissionsReadOnly),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetAppManagementClient } = require("@azure/arm-netapp");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to get the details of the specified volume's bucket. A bucket allows additional services, such as AI services, connect to the volume data contained in those buckets.
 *
 * @summary get the details of the specified volume's bucket. A bucket allows additional services, such as AI services, connect to the volume data contained in those buckets.
 * x-ms-original-file: 2026-01-01/Buckets_Get.json
 */
async function bucketsGet() {
  const credential = new DefaultAzureCredential();
  const subscriptionId = "00000000-0000-0000-0000-000000000000";
  const client = new NetAppManagementClient(credential, subscriptionId);
  const result = await client.buckets.get("myRG", "account1", "pool1", "volume1", "bucket1");
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.NetApp.Models;
using Azure.ResourceManager.NetApp;

// Generated from example definition: specification/netapp/resource-manager/Microsoft.NetApp/NetApp/stable/2026-01-01/examples/Buckets_Get.json
// this example is just showing the usage of "Buckets_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this NetAppVolumeResource created on azure
// for more information of creating NetAppVolumeResource, please refer to the document of NetAppVolumeResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "myRG";
string accountName = "account1";
string poolName = "pool1";
string volumeName = "volume1";
ResourceIdentifier netAppVolumeResourceId = NetAppVolumeResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName, poolName, volumeName);
NetAppVolumeResource netAppVolume = client.GetNetAppVolumeResource(netAppVolumeResourceId);

// get the collection of this NetAppBucketResource
NetAppBucketCollection collection = netAppVolume.GetNetAppBuckets();

// invoke the operation
string bucketName = "bucket1";
NullableResponse<NetAppBucketResource> response = await collection.GetIfExistsAsync(bucketName);
NetAppBucketResource result = response.HasValue ? response.Value : null;

if (result == null)
{
    Console.WriteLine("Succeeded with null as result");
}
else
{
    // the variable result is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    NetAppBucketData resourceData = result.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1",
  "name": "account1/pool1/volume1/bucket1",
  "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets",
  "properties": {
    "path": "/path",
    "provisioningState": "Succeeded",
    "fileSystemUser": {
      "nfsUser": {
        "userId": 1001,
        "groupId": 1000
      }
    },
    "status": "CredentialsExpired",
    "server": {
      "fqdn": "fullyqualified.domainname.com",
      "certificateCommonName": "www.example.com",
      "certificateExpiryDate": "2027-08-15T13:23:32Z",
      "ipAddress": "1.2.3.4"
    },
    "akvDetails": {
      "certificateAkvDetails": {
        "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/",
        "certificateName": "my-certificate"
      },
      "credentialsAkvDetails": {
        "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/",
        "secretName": "my-secret"
      }
    },
    "permissions": "ReadOnly"
  }
}

Definitions

Name	Description
AzureKeyVaultDetails	Specifies the Azure Key Vault settings. These are used when a) retrieving the bucket server certificate, and b) storing the bucket credentials Notes: If a bucket certificate was previously provided directly using the certificateObject property, it is possible to subsequently use the Azure Key Vault for certificate management by using these 'akvDetails' properties. However, once Azure Key Vault is configured, it is no longer possible to provide the certificate directly via the certificateObject property. These properties are mutually exclusive with the server.certificateObject property.
Bucket	Bucket resource
BucketPermissions	Access permissions for the bucket. Either ReadOnly or ReadWrite. The default is ReadOnly if no value is provided during bucket creation.
BucketServerProperties	Properties of the server managing the lifecycle of volume buckets
CertificateAkvDetails	Specifies the Azure Key Vault settings for retrieving the bucket server certificate.
CifsUser	The effective CIFS username when accessing the volume data.
createdByType	The type of identity that created the resource.
CredentialsAkvDetails	Specifies the Azure Key Vault settings for storing the bucket credentials.
CredentialsStatus	The bucket credentials status. There states: "NoCredentialsSet": Access and Secret key pair have not been generated. "CredentialsExpired": Access and Secret key pair have expired. "Active": The certificate has been installed and credentials are unexpired.
ErrorAdditionalInfo	The resource management error additional info.
ErrorDetail	The error detail.
ErrorResponse	Error response
FileSystemUser	File System user having access to volume data. For Unix, this is the user's uid and gid. For Windows, this is the user's username. Note that the Unix and Windows user details are mutually exclusive, meaning one or other must be supplied, but not both.
NetAppProvisioningState	Gets the status of the VolumeQuotaRule at the time the operation was called.
NfsUser	The effective NFS User ID and Group ID when accessing the volume data.
OnCertificateConflictAction	This action is triggered when a certificate conflict occurs. A conflict arises if you try to create a new bucket while one or more already exist on the server, or if you update a bucket when multiple buckets are present. This happens because a single certificate is shared among all buckets on the same server. Note: This applies both to certificates provided directly via the certificateObject property and to those retrieved from Azure Key Vault. Details for the latter case are specified in the akvDetails.certificateAkvDetails section.
systemData	Metadata pertaining to creation and last modification of the resource.

AzureKeyVaultDetails

Object

Specifies the Azure Key Vault settings. These are used when a) retrieving the bucket server certificate, and b) storing the bucket credentials

Notes:

If a bucket certificate was previously provided directly using the certificateObject property, it is possible to subsequently use the Azure Key Vault for certificate management by using these 'akvDetails' properties. However, once Azure Key Vault is configured, it is no longer possible to provide the certificate directly via the certificateObject property.
These properties are mutually exclusive with the server.certificateObject property.

Name	Type	Description
certificateAkvDetails	CertificateAkvDetails	Specifies the Azure Key Vault settings for retrieving the bucket server certificate.
credentialsAkvDetails	CredentialsAkvDetails	Specifies the Azure Key Vault settings for storing the bucket credentials.

Bucket

Object

Bucket resource

Name	Type	Default value	Description
id	string (arm-id)		Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
name	string		The name of the resource
properties.akvDetails	AzureKeyVaultDetails		Specifies the Azure Key Vault settings. These are used when a) retrieving the bucket server certificate, and b) storing the bucket credentials Notes: If a bucket certificate was previously provided directly using the certificateObject property, it is possible to subsequently use the Azure Key Vault for certificate management by using these 'akvDetails' properties. However, once Azure Key Vault is configured, it is no longer possible to provide the certificate directly via the certificateObject property. These properties are mutually exclusive with the server.certificateObject property.
properties.fileSystemUser	FileSystemUser		File System user having access to volume data. For Unix, this is the user's uid and gid. For Windows, this is the user's username. Note that the Unix and Windows user details are mutually exclusive, meaning one or other must be supplied, but not both.
properties.path	string	/	The volume path mounted inside the bucket. The default is the root path '/' if no value is provided when the bucket is created.
properties.permissions	BucketPermissions	ReadOnly	Access permissions for the bucket. Either ReadOnly or ReadWrite. The default is ReadOnly if no value is provided during bucket creation.
properties.provisioningState	NetAppProvisioningState		Provisioning state of the resource
properties.server	BucketServerProperties		Properties of the server managing the lifecycle of volume buckets
properties.status	CredentialsStatus		The bucket credentials status. There states: "NoCredentialsSet": Access and Secret key pair have not been generated. "CredentialsExpired": Access and Secret key pair have expired. "Active": The certificate has been installed and credentials are unexpired.
systemData	systemData		Azure Resource Manager metadata containing createdBy and modifiedBy information.
type	string		The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

BucketPermissions

Enumeration

Access permissions for the bucket. Either ReadOnly or ReadWrite. The default is ReadOnly if no value is provided during bucket creation.

Value	Description
ReadOnly	Read-only access to bucket.
ReadWrite	Read-write access to bucket.

BucketServerProperties

Object

Properties of the server managing the lifecycle of volume buckets

Name	Type	Description
certificateCommonName	string minLength: 1 maxLength: 64	Certificate Common Name taken from the certificate installed on the bucket server
certificateExpiryDate	string (date-time)	The bucket server's certificate expiry date.
certificateObject	string (password) minLength: 1 maxLength: 20480	The base64-encoded contents of a PEM file, which includes both the bucket server's certificate and private key. It is generated by the end user and allows the user to access volume data in a read-only manner. Note: This is only used when Azure Key Vault is not configured. This property is mutually exclusive with the Azure Key Vault 'akv' properties.
fqdn	string	The host part of the bucket URL, resolving to the bucket IP address and allowed by the server certificate.
ipAddress	string	The bucket server's IPv4 address
onCertificateConflictAction	OnCertificateConflictAction	Action to take when there is a certificate conflict. Possible values include: 'Update', 'Fail'

CertificateAkvDetails

Object

Specifies the Azure Key Vault settings for retrieving the bucket server certificate.

Name	Type	Description
certificateKeyVaultUri	string (uri)	The base URI of the Azure Key Vault that is used when retrieving the bucket certificate.
certificateName	string minLength: 1 maxLength: 127 pattern: ^[a-zA-Z0-9-]{1,127}$	The name of the bucket server certificate stored in the Azure Key Vault.

CifsUser

Object

The effective CIFS username when accessing the volume data.

Name	Type	Description
username	string	The CIFS user's username

createdByType

Enumeration

The type of identity that created the resource.

Value	Description
User
Application
ManagedIdentity
Key

CredentialsAkvDetails

Object

Specifies the Azure Key Vault settings for storing the bucket credentials.

Name

Type

Description

credentialsKeyVaultUri

string (uri)

The base URI of the Azure Key Vault that is used when storing the bucket credentials.

secretName

string

minLength: 1
maxLength: 127
pattern: ^[a-zA-Z0-9-]{1,127}$

The name of the secret stored in Azure Key Vault. The associated key pair has the following structure:

{ "access_key_id": "<REDACTED>", "secret_access_key": "<REDACTED>" }

CredentialsStatus

Enumeration

The bucket credentials status. There states:

"NoCredentialsSet": Access and Secret key pair have not been generated. "CredentialsExpired": Access and Secret key pair have expired. "Active": The certificate has been installed and credentials are unexpired.

Value	Description
NoCredentialsSet	Access and Secret key pair have not been generated.
CredentialsExpired	Access and Secret key pair have expired.
Active	The certificate has been installed on the bucket server and the bucket credentials are unexpired.

ErrorAdditionalInfo

Object

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorDetail

Object

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorDetail[]	The error details.
message	string	The error message.
target	string	The error target.

ErrorResponse

Object

Error response

Name	Type	Description
error	ErrorDetail	The error object.

FileSystemUser

Object

File System user having access to volume data. For Unix, this is the user's uid and gid. For Windows, this is the user's username. Note that the Unix and Windows user details are mutually exclusive, meaning one or other must be supplied, but not both.

Name	Type	Description
cifsUser	CifsUser	The effective CIFS username when accessing the volume data.
nfsUser	NfsUser	The effective NFS User ID and Group ID when accessing the volume data.

NetAppProvisioningState

Enumeration

Gets the status of the VolumeQuotaRule at the time the operation was called.

Value	Description
Accepted	Resource has been Accepted
Creating	Resource is being Created
Patching	Resource is being Patched
Updating	Resource is updating
Deleting	Resource is being Deleted
Moving	Resource is being Moved
Failed	Resource has Failed
Succeeded	Resource has Succeeded

NfsUser

Object

The effective NFS User ID and Group ID when accessing the volume data.

Name	Type	Description
groupId	integer (int64)	The NFS user's GID
userId	integer (int64)	The NFS user's UID

OnCertificateConflictAction

Enumeration

This action is triggered when a certificate conflict occurs. A conflict arises if you try to create a new bucket while one or more already exist on the server, or if you update a bucket when multiple buckets are present. This happens because a single certificate is shared among all buckets on the same server.

Note: This applies both to certificates provided directly via the certificateObject property and to those retrieved from Azure Key Vault. Details for the latter case are specified in the akvDetails.certificateAkvDetails section.

Value	Description
Update	Update the existing certificate regardless of whether there is a conflict or not. This means all buckets on the server will now use the new certificate.
Fail	Fail the operation if a conflict occurs, meaning the bucket operation will fail, and the existing certificate will continue to be in use.

systemData

Object

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string (date-time)	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string (date-time)	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.