Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2023-05-01
URI Parameters
| Name |
In |
Required |
Type |
Description |
|
accountName
|
path |
True
|
string
|
The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
Regex pattern: ^[a-z0-9]+$
|
|
resourceGroupName
|
path |
True
|
string
|
The name of the resource group within the user's subscription. The name is case insensitive.
Regex pattern: ^[-\w\._\(\)]+$
|
|
subscriptionId
|
path |
True
|
string
|
The ID of the target subscription.
|
|
api-version
|
query |
True
|
string
|
The API version to use for this operation.
|
Request Body
| Name |
Required |
Type |
Description |
|
kind
|
True
|
Kind
|
Required. Indicates the type of storage account.
|
|
location
|
True
|
string
|
Required. Gets or sets the location of the resource. This will be one of the supported and registered Azure Geo Regions (e.g. West US, East US, Southeast Asia, etc.). The geo region of a resource cannot be changed once it is created, but if an identical geo region is specified on update, the request will succeed.
|
|
sku
|
True
|
Sku
|
Required. Gets or sets the SKU name.
|
|
extendedLocation
|
|
ExtendedLocation
|
Optional. Set the extended location of the resource. If not set, the storage account will be created in Azure main region. Otherwise it will be created in the specified extended location
|
|
identity
|
|
Identity
|
The identity of the resource.
|
|
properties.accessTier
|
|
AccessTier
|
Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.
|
|
properties.allowBlobPublicAccess
|
|
boolean
|
Allow or disallow public access to all blobs or containers in the storage account. The default interpretation is false for this property.
|
|
properties.allowCrossTenantReplication
|
|
boolean
|
Allow or disallow cross AAD tenant object replication. Set this property to true for new or existing accounts only if object replication policies will involve storage accounts in different AAD tenants. The default interpretation is false for new accounts to follow best security practices by default.
|
|
properties.allowSharedKeyAccess
|
|
boolean
|
Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.
|
|
properties.allowedCopyScope
|
|
AllowedCopyScope
|
Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.
|
|
properties.azureFilesIdentityBasedAuthentication
|
|
AzureFilesIdentityBasedAuthentication
|
Provides the identity based authentication settings for Azure Files.
|
|
properties.customDomain
|
|
CustomDomain
|
User domain assigned to the storage account. Name is the CNAME source. Only one custom domain is supported per storage account at this time. To clear the existing custom domain, use an empty string for the custom domain name property.
|
|
properties.defaultToOAuthAuthentication
|
|
boolean
|
A boolean flag which indicates whether the default authentication is OAuth or not. The default interpretation is false for this property.
|
|
properties.dnsEndpointType
|
|
DnsEndpointType
|
Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.
|
|
properties.enableExtendedGroups
|
|
boolean
|
Enables extended group support with local users feature, if set to true
|
|
properties.encryption
|
|
Encryption
|
Encryption settings to be used for server-side encryption for the storage account.
|
|
properties.immutableStorageWithVersioning
|
|
ImmutableStorageAccount
|
The property is immutable and can only be set to true at the account creation time. When set to true, it enables object level immutability for all the new containers in the account by default.
|
|
properties.isHnsEnabled
|
|
boolean
|
Account HierarchicalNamespace enabled if sets to true.
|
|
properties.isLocalUserEnabled
|
|
boolean
|
Enables local users feature, if set to true
|
|
properties.isNfsV3Enabled
|
|
boolean
|
NFS 3.0 protocol support enabled if set to true.
|
|
properties.isSftpEnabled
|
|
boolean
|
Enables Secure File Transfer Protocol, if set to true
|
|
properties.keyPolicy
|
|
KeyPolicy
|
KeyPolicy assigned to the storage account.
|
|
properties.largeFileSharesState
|
|
LargeFileSharesState
|
Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.
|
|
properties.minimumTlsVersion
|
|
MinimumTlsVersion
|
Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.
|
|
properties.networkAcls
|
|
NetworkRuleSet
|
Network rule set
|
|
properties.publicNetworkAccess
|
|
PublicNetworkAccess
|
Allow, disallow, or let Network Security Perimeter configuration to evaluate public network access to Storage Account. Value is optional but if passed in, must be 'Enabled', 'Disabled' or 'SecuredByPerimeter'.
|
|
properties.routingPreference
|
|
RoutingPreference
|
Maintains information about the network routing choice opted by the user for data transfer
|
|
properties.sasPolicy
|
|
SasPolicy
|
SasPolicy assigned to the storage account.
|
|
properties.supportsHttpsTrafficOnly
|
|
boolean
|
Allows https traffic only to storage service if sets to true. The default value is true since API version 2019-04-01.
|
|
tags
|
|
object
|
Gets or sets a list of key value pairs that describe the resource. These tags can be used for viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key with a length no greater than 128 characters and a value with a length no greater than 256 characters.
|
Responses
| Name |
Type |
Description |
|
200 OK
|
StorageAccount
|
OK -- returned when the storage account was already created from a previous request with the same properties specified in the request body.
|
|
202 Accepted
|
|
Accepted -- Create or update request accepted; operation will complete asynchronously.
|
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name |
Description |
|
user_impersonation
|
impersonate your user account
|
Examples
NfsV3AccountCreate
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"sku": {
"name": "Premium_LRS"
},
"kind": "BlockBlobStorage",
"location": "eastus",
"properties": {
"isHnsEnabled": true,
"isNfsV3Enabled": true,
"enableExtendedGroups": true,
"supportsHttpsTrafficOnly": false,
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": [
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12"
}
]
}
}
}
import com.azure.resourcemanager.storage.models.Bypass;
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import com.azure.resourcemanager.storage.models.VirtualNetworkRule;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/NfsV3AccountCreate.json
*/
/**
* Sample code: NfsV3AccountCreate.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void nfsV3AccountCreate(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.PREMIUM_LRS))
.withKind(Kind.BLOCK_BLOB_STORAGE).withLocation("eastus")
.withNetworkRuleSet(new NetworkRuleSet().withBypass(Bypass.AZURE_SERVICES)
.withVirtualNetworkRules(Arrays.asList(new VirtualNetworkRule().withVirtualNetworkResourceId(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12")))
.withIpRules(Arrays.asList()).withDefaultAction(DefaultAction.ALLOW))
.withEnableHttpsTrafficOnly(false).withEnableExtendedGroups(true).withIsHnsEnabled(true)
.withEnableNfsV3(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python nfs_v3_account_create.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"kind": "BlockBlobStorage",
"location": "eastus",
"properties": {
"enableExtendedGroups": True,
"isHnsEnabled": True,
"isNfsV3Enabled": True,
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": [
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12"
}
],
},
"supportsHttpsTrafficOnly": False,
},
"sku": {"name": "Premium_LRS"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/NfsV3AccountCreate.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/NfsV3AccountCreate.json
func ExampleAccountsClient_BeginCreate_nfsV3AccountCreate() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
Kind: to.Ptr(armstorage.KindBlockBlobStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
EnableExtendedGroups: to.Ptr(true),
IsHnsEnabled: to.Ptr(true),
EnableNfsV3: to.Ptr(true),
NetworkRuleSet: &armstorage.NetworkRuleSet{
Bypass: to.Ptr(armstorage.BypassAzureServices),
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
IPRules: []*armstorage.IPRule{},
VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
{
VirtualNetworkResourceID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12"),
}},
},
EnableHTTPSTrafficOnly: to.Ptr(false),
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNamePremiumLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Kind: to.Ptr(armstorage.KindBlockBlobStorage),
// Properties: &armstorage.AccountProperties{
// EnableExtendedGroups: to.Ptr(true),
// IsHnsEnabled: to.Ptr(true),
// EnableNfsV3: to.Ptr(true),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// {
// VirtualNetworkResourceID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12"),
// }},
// },
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNamePremiumLRS),
// Tier: to.Ptr(armstorage.SKUTierPremium),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/NfsV3AccountCreate.json
*/
async function nfsV3AccountCreate() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
enableExtendedGroups: true,
isHnsEnabled: true,
enableNfsV3: true,
kind: "BlockBlobStorage",
location: "eastus",
networkRuleSet: {
bypass: "AzureServices",
defaultAction: "Allow",
ipRules: [],
virtualNetworkRules: [
{
virtualNetworkResourceId:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12",
},
],
},
sku: { name: "Premium_LRS" },
enableHttpsTrafficOnly: false,
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/NfsV3AccountCreate.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.PremiumLrs), StorageKind.BlockBlobStorage, new AzureLocation("eastus"))
{
NetworkRuleSet = new StorageAccountNetworkRuleSet(StorageNetworkDefaultAction.Allow)
{
Bypass = StorageNetworkBypass.AzureServices,
VirtualNetworkRules =
{
new StorageAccountVirtualNetworkRule(new ResourceIdentifier("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12"))
},
IPRules =
{
},
},
EnableHttpsTrafficOnly = false,
IsExtendedGroupEnabled = true,
IsHnsEnabled = true,
IsNfsV3Enabled = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "BlockBlobStorage",
"location": "eastus",
"name": "sto4445",
"properties": {
"isHnsEnabled": true,
"isNfsV3Enabled": true,
"enableExtendedGroups": true,
"supportsHttpsTrafficOnly": false,
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": [
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12"
}
]
}
},
"sku": {
"name": "Premium_LRS",
"tier": "Premium"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountCreate
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"sku": {
"name": "Standard_GRS"
},
"kind": "Storage",
"location": "eastus",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"isHnsEnabled": true,
"isSftpEnabled": true,
"allowBlobPublicAccess": false,
"defaultToOAuthAuthentication": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
}
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreate.json
*/
/**
* Sample code: StorageAccountCreate.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountCreate(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withTags(
mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsSftpEnabled(true).withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withDefaultToOAuthAuthentication(false),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"defaultToOAuthAuthentication": False,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"isSftpEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreate.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreate.json
func ExampleAccountsClient_BeginCreate_storageAccountCreate() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
DefaultToOAuthAuthentication: to.Ptr(false),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
IsSftpEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// IsSftpEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreate.json
*/
async function storageAccountCreate() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
defaultToOAuthAuthentication: false,
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
isHnsEnabled: true,
isSftpEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreate.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation()
{
Name = "losangeles001",
},
Tags =
{
["key1"] = "value1",
["key2"] = "value2",
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsSftpEnabled = true,
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
IsDefaultToOAuthAuthentication = false,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"name": "sto4445",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"isSftpEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto4445-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto4445-internetrouting.web.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountCreateAllowedCopyScopeToAAD
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"sku": {
"name": "Standard_GRS"
},
"kind": "Storage",
"location": "eastus",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"allowedCopyScope": "AAD",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
}
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.AllowedCopyScope;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountCreateAllowedCopyScopeToAAD.json
*/
/**
* Sample code: StorageAccountCreateAllowedCopyScopeToAAD.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountCreateAllowedCopyScopeToAAD(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withTags(mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withAllowedCopyScope(
AllowedCopyScope.AAD)
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_allowed_copy_scope_to_aad.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"allowedCopyScope": "AAD",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateAllowedCopyScopeToAAD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateAllowedCopyScopeToAAD.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateAllowedCopyScopeToAad() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopeAAD),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopeAAD),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateAllowedCopyScopeToAAD.json
*/
async function storageAccountCreateAllowedCopyScopeToAad() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
allowedCopyScope: "AAD",
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
isHnsEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateAllowedCopyScopeToAAD.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
Tags =
{
["key1"] = "value1",
["key2"] = "value2",
},
AllowedCopyScope = AllowedCopyScope.Aad,
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"name": "sto4445",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto4445-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto4445-internetrouting.web.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true,
"allowedCopyScope": "AAD"
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountCreateAllowedCopyScopeToPrivateLink
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"sku": {
"name": "Standard_GRS"
},
"kind": "Storage",
"location": "eastus",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"allowedCopyScope": "PrivateLink",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
}
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.AllowedCopyScope;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountCreateAllowedCopyScopeToPrivateLink.json
*/
/**
* Sample code: StorageAccountCreateAllowedCopyScopeToPrivateLink.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreateAllowedCopyScopeToPrivateLink(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withTags(mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withAllowedCopyScope(
AllowedCopyScope.PRIVATE_LINK)
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_allowed_copy_scope_to_private_link.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"allowedCopyScope": "PrivateLink",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateAllowedCopyScopeToPrivateLink.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateAllowedCopyScopeToPrivateLink.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateAllowedCopyScopeToPrivateLink() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopePrivateLink),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopePrivateLink),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateAllowedCopyScopeToPrivateLink.json
*/
async function storageAccountCreateAllowedCopyScopeToPrivateLink() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
allowedCopyScope: "PrivateLink",
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
isHnsEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateAllowedCopyScopeToPrivateLink.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
Tags =
{
["key1"] = "value1",
["key2"] = "value2",
},
AllowedCopyScope = AllowedCopyScope.PrivateLink,
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"name": "sto4445",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto4445-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto4445-internetrouting.web.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true,
"allowedCopyScope": "PrivateLink"
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountCreateDisallowPublicNetworkAccess
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"sku": {
"name": "Standard_GRS"
},
"kind": "Storage",
"location": "eastus",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"publicNetworkAccess": "Disabled",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
}
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.PublicNetworkAccess;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountCreateDisallowPublicNetworkAccess.json
*/
/**
* Sample code: StorageAccountCreateDisallowPublicNetworkAccess.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreateDisallowPublicNetworkAccess(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withTags(mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withPublicNetworkAccess(
PublicNetworkAccess.DISABLED)
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_disallow_public_network_access.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"publicNetworkAccess": "Disabled",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateDisallowPublicNetworkAccess.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateDisallowPublicNetworkAccess.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateDisallowPublicNetworkAccess() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessDisabled),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessDisabled),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateDisallowPublicNetworkAccess.json
*/
async function storageAccountCreateDisallowPublicNetworkAccess() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
isHnsEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
publicNetworkAccess: "Disabled",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateDisallowPublicNetworkAccess.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation()
{
Name = "losangeles001",
},
Tags =
{
["key1"] = "value1",
["key2"] = "value2",
},
PublicNetworkAccess = StoragePublicNetworkAccess.Disabled,
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"name": "sto4445",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto4445-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto4445-internetrouting.web.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true,
"publicNetworkAccess": "Disabled"
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountCreateDnsEndpointTypeToAzureDnsZone
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"sku": {
"name": "Standard_GRS"
},
"kind": "Storage",
"location": "eastus",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"dnsEndpointType": "AzureDnsZone",
"isHnsEnabled": true,
"isSftpEnabled": true,
"allowBlobPublicAccess": false,
"defaultToOAuthAuthentication": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
}
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.DnsEndpointType;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountCreateDnsEndpointTypeToAzureDnsZone.json
*/
/**
* Sample code: StorageAccountCreateDnsEndpointTypeToAzureDnsZone.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreateDnsEndpointTypeToAzureDnsZone(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withTags(
mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsSftpEnabled(true).withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withDefaultToOAuthAuthentication(false)
.withDnsEndpointType(DnsEndpointType.AZURE_DNS_ZONE),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_dns_endpoint_type_to_azure_dns_zone.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"defaultToOAuthAuthentication": False,
"dnsEndpointType": "AzureDnsZone",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"isSftpEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateDnsEndpointTypeToAzureDnsZone.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateDnsEndpointTypeToAzureDnsZone.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateDnsEndpointTypeToAzureDnsZone() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
DefaultToOAuthAuthentication: to.Ptr(false),
DNSEndpointType: to.Ptr(armstorage.DNSEndpointTypeAzureDNSZone),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
IsSftpEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// DNSEndpointType: to.Ptr(armstorage.DNSEndpointTypeAzureDNSZone),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// IsSftpEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.z24.blob.storage.azure.net/"),
// Dfs: to.Ptr("https://sto4445.z24.dfs.storage.azure.net/"),
// File: to.Ptr("https://sto4445.z24.file.storage.azure.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.z24.blob.storage.azure.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.z24.dfs.storage.azure.net/"),
// File: to.Ptr("https://sto4445-internetrouting.z24.file.storage.azure.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.z24.web.storage.azure.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.z24.blob.storage.azure.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.z24.dfs.storage.azure.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.z24.file.storage.azure.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.z24.queue.storage.azure.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.z24.table.storage.azure.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.z24.web.storage.azure.net/"),
// },
// Queue: to.Ptr("https://sto4445.z24.queue.storage.azure.net/"),
// Table: to.Ptr("https://sto4445.z24.table.storage.azure.net/"),
// Web: to.Ptr("https://sto4445.z24.web.storage.azure.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateDnsEndpointTypeToAzureDnsZone.json
*/
async function storageAccountCreateDnsEndpointTypeToAzureDnsZone() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
defaultToOAuthAuthentication: false,
dnsEndpointType: "AzureDnsZone",
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
isHnsEnabled: true,
isSftpEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateDnsEndpointTypeToAzureDnsZone.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation()
{
Name = "losangeles001",
},
Tags =
{
["key1"] = "value1",
["key2"] = "value2",
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsSftpEnabled = true,
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
IsDefaultToOAuthAuthentication = false,
DnsEndpointType = StorageDnsEndpointType.AzureDnsZone,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"name": "sto4445",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"dnsEndpointType": "AzureDnsZone",
"isHnsEnabled": true,
"isSftpEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"primaryEndpoints": {
"web": "https://sto4445.z24.web.storage.azure.net/",
"dfs": "https://sto4445.z24.dfs.storage.azure.net/",
"blob": "https://sto4445.z24.blob.storage.azure.net/",
"file": "https://sto4445.z24.file.storage.azure.net/",
"queue": "https://sto4445.z24.queue.storage.azure.net/",
"table": "https://sto4445.z24.table.storage.azure.net/",
"microsoftEndpoints": {
"web": "https://sto4445-microsoftrouting.z24.web.storage.azure.net/",
"dfs": "https://sto4445-microsoftrouting.z24.dfs.storage.azure.net/",
"blob": "https://sto4445-microsoftrouting.z24.blob.storage.azure.net/",
"file": "https://sto4445-microsoftrouting.z24.file.storage.azure.net/",
"queue": "https://sto4445-microsoftrouting.z24.queue.storage.azure.net/",
"table": "https://sto4445-microsoftrouting.z24.table.storage.azure.net/"
},
"internetEndpoints": {
"web": "https://sto4445-internetrouting.z24.web.storage.azure.net/",
"dfs": "https://sto4445-internetrouting.z24.dfs.storage.azure.net/",
"blob": "https://sto4445-internetrouting.z24.blob.storage.azure.net/",
"file": "https://sto4445-internetrouting.z24.file.storage.azure.net/"
}
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountCreateDnsEndpointTypeToStandard
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"sku": {
"name": "Standard_GRS"
},
"kind": "Storage",
"location": "eastus",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"dnsEndpointType": "Standard",
"isHnsEnabled": true,
"isSftpEnabled": true,
"allowBlobPublicAccess": false,
"defaultToOAuthAuthentication": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
}
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.DnsEndpointType;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountCreateDnsEndpointTypeToStandard.json
*/
/**
* Sample code: StorageAccountCreateDnsEndpointTypeToStandard.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreateDnsEndpointTypeToStandard(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withTags(
mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsSftpEnabled(true).withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withDefaultToOAuthAuthentication(false)
.withDnsEndpointType(DnsEndpointType.STANDARD),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_dns_endpoint_type_to_standard.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"defaultToOAuthAuthentication": False,
"dnsEndpointType": "Standard",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"isSftpEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateDnsEndpointTypeToStandard.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateDnsEndpointTypeToStandard.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateDnsEndpointTypeToStandard() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
DefaultToOAuthAuthentication: to.Ptr(false),
DNSEndpointType: to.Ptr(armstorage.DNSEndpointTypeStandard),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
IsSftpEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// DNSEndpointType: to.Ptr(armstorage.DNSEndpointTypeStandard),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// IsSftpEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateDnsEndpointTypeToStandard.json
*/
async function storageAccountCreateDnsEndpointTypeToStandard() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
defaultToOAuthAuthentication: false,
dnsEndpointType: "Standard",
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
isHnsEnabled: true,
isSftpEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateDnsEndpointTypeToStandard.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation()
{
Name = "losangeles001",
},
Tags =
{
["key1"] = "value1",
["key2"] = "value2",
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsSftpEnabled = true,
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
IsDefaultToOAuthAuthentication = false,
DnsEndpointType = StorageDnsEndpointType.Standard,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"name": "sto4445",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"dnsEndpointType": "Standard",
"isHnsEnabled": true,
"isSftpEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto4445-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto4445-internetrouting.web.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountCreateEnablePublicNetworkAccess
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"sku": {
"name": "Standard_GRS"
},
"kind": "Storage",
"location": "eastus",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"publicNetworkAccess": "Enabled",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
}
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.PublicNetworkAccess;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountCreateEnablePublicNetworkAccess.json
*/
/**
* Sample code: StorageAccountCreateEnablePublicNetworkAccess.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreateEnablePublicNetworkAccess(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withTags(mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withPublicNetworkAccess(
PublicNetworkAccess.ENABLED)
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_enable_public_network_access.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"publicNetworkAccess": "Enabled",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateEnablePublicNetworkAccess.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateEnablePublicNetworkAccess.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateEnablePublicNetworkAccess() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessEnabled),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessEnabled),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateEnablePublicNetworkAccess.json
*/
async function storageAccountCreateEnablePublicNetworkAccess() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
isHnsEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
publicNetworkAccess: "Enabled",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateEnablePublicNetworkAccess.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation()
{
Name = "losangeles001",
},
Tags =
{
["key1"] = "value1",
["key2"] = "value2",
},
PublicNetworkAccess = StoragePublicNetworkAccess.Enabled,
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"name": "sto4445",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto4445-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto4445-internetrouting.web.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true,
"publicNetworkAccess": "Enabled"
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountCreatePremiumBlockBlobStorage
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"sku": {
"name": "Premium_LRS"
},
"kind": "BlockBlobStorage",
"location": "eastus",
"properties": {
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
}
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountCreatePremiumBlockBlobStorage.json
*/
/**
* Sample code: StorageAccountCreatePremiumBlockBlobStorage.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreatePremiumBlockBlobStorage(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.PREMIUM_LRS))
.withKind(Kind.BLOCK_BLOB_STORAGE).withLocation("eastus")
.withTags(mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withMinimumTlsVersion(MinimumTlsVersion.TLS1_2).withAllowSharedKeyAccess(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_premium_block_blob_storage.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"kind": "BlockBlobStorage",
"location": "eastus",
"properties": {
"allowSharedKeyAccess": True,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"minimumTlsVersion": "TLS1_2",
},
"sku": {"name": "Premium_LRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreatePremiumBlockBlobStorage.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreatePremiumBlockBlobStorage.json
func ExampleAccountsClient_BeginCreate_storageAccountCreatePremiumBlockBlobStorage() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
Kind: to.Ptr(armstorage.KindBlockBlobStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowSharedKeyAccess: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNamePremiumLRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierPremium),
// AllowBlobPublicAccess: to.Ptr(false),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNamePremiumLRS),
// Tier: to.Ptr(armstorage.SKUTierPremium),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreatePremiumBlockBlobStorage.json
*/
async function storageAccountCreatePremiumBlockBlobStorage() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowSharedKeyAccess: true,
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
kind: "BlockBlobStorage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
sku: { name: "Premium_LRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreatePremiumBlockBlobStorage.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.PremiumLrs), StorageKind.BlockBlobStorage, new AzureLocation("eastus"))
{
Tags =
{
["key1"] = "value1",
["key2"] = "value2",
},
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"name": "sto4445",
"properties": {
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"creationTime": "2017-05-24T13:25:33.4863236Z",
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/"
},
"primaryLocation": "eastus2euap",
"accessTier": "Premium",
"provisioningState": "Succeeded",
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"requireInfrastructureEncryption": false,
"keySource": "Microsoft.Storage"
},
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Premium_LRS",
"tier": "Premium"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountCreateUserAssignedEncryptionIdentityWithCMK
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
}
},
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"location": "eastus",
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
},
"keySource": "Microsoft.Keyvault",
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionIdentity;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.Identity;
import com.azure.resourcemanager.storage.models.IdentityType;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import com.azure.resourcemanager.storage.models.UserAssignedIdentity;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json
*/
/**
* Sample code: StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountCreateUserAssignedEncryptionIdentityWithCMK(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_LRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withIdentity(new Identity().withType(IdentityType.USER_ASSIGNED).withUserAssignedIdentities(mapOf(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
new UserAssignedIdentity())))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))
.withEncryptionIdentity(new EncryptionIdentity().withEncryptionUserAssignedIdentity(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_user_assigned_encryption_identity_with_cmk.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
},
},
"kind": "Storage",
"location": "eastus",
"properties": {
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
},
"sku": {"name": "Standard_LRS"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateUserAssignedEncryptionIdentityWithCmk() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
Identity: &armstorage.Identity{
Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {},
},
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
Encryption: &armstorage.Encryption{
EncryptionIdentity: &armstorage.EncryptionIdentity{
EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
},
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
// "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": &armstorage.UserAssignedIdentity{
// ClientID: to.Ptr("fbaa6278-1ecc-415c-819f-6e2058d3acb5"),
// PrincipalID: to.Ptr("8d823284-1060-42a5-9ec4-ed3d831e24d7"),
// },
// },
// },
// Kind: to.Ptr(armstorage.KindStorageV2),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierHot),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.083Z"); return t}()),
// Encryption: &armstorage.Encryption{
// EncryptionIdentity: &armstorage.EncryptionIdentity{
// EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
// },
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// },
// },
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus"),
// PrivateEndpointConnections: []*armstorage.PrivateEndpointConnection{
// },
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardLRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json
*/
async function storageAccountCreateUserAssignedEncryptionIdentityWithCmk() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
encryption: {
encryptionIdentity: {
encryptionUserAssignedIdentity:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/{subscriptionId}/resourceGroups/res9101/providers/MicrosoftManagedIdentity/userAssignedIdentities/{managedIdentityName}":
{},
},
},
kind: "Storage",
location: "eastus",
sku: { name: "Standard_LRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardLrs), StorageKind.Storage, new AzureLocation("eastus"))
{
Identity = new ManagedServiceIdentity("UserAssigned")
{
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")] = new UserAssignedIdentity(),
},
},
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties()
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
EncryptionIdentity = new StorageAccountEncryptionIdentity()
{
EncryptionUserAssignedIdentity = "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
},
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"identity": {
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {
"principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7",
"clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5"
}
},
"type": "UserAssigned"
},
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"location": "eastus",
"tags": {},
"properties": {
"privateEndpointConnections": [],
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
},
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
}
},
"keySource": "Microsoft.Keyvault"
},
"accessTier": "Hot",
"provisioningState": "Succeeded",
"creationTime": "2020-12-15T00:43:14.0839093Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/"
},
"primaryLocation": "eastus",
"statusOfPrimary": "available"
}
}
StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res131918/providers/Microsoft.Storage/storageAccounts/sto131918?api-version=2023-05-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
}
},
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"location": "eastus",
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
},
"keySource": "Microsoft.Keyvault",
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
"federatedIdentityClientId": "f83c6b1b-4d34-47e4-bb34-9d83df58b540"
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionIdentity;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.Identity;
import com.azure.resourcemanager.storage.models.IdentityType;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import com.azure.resourcemanager.storage.models.UserAssignedIdentity;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.json
*/
/**
* Sample code: StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().create("res131918", "sto131918",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_LRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withIdentity(new Identity().withType(IdentityType.USER_ASSIGNED).withUserAssignedIdentities(mapOf(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
new UserAssignedIdentity())))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))
.withEncryptionIdentity(new EncryptionIdentity().withEncryptionUserAssignedIdentity(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")
.withEncryptionFederatedIdentityClientId("f83c6b1b-4d34-47e4-bb34-9d83df58b540"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_user_assigned_identity_with_federated_identity_client_id.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res131918",
account_name="sto131918",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
},
},
"kind": "Storage",
"location": "eastus",
"properties": {
"encryption": {
"identity": {
"federatedIdentityClientId": "f83c6b1b-4d34-47e4-bb34-9d83df58b540",
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
},
"sku": {"name": "Standard_LRS"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res131918", "sto131918", armstorage.AccountCreateParameters{
Identity: &armstorage.Identity{
Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {},
},
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
Encryption: &armstorage.Encryption{
EncryptionIdentity: &armstorage.EncryptionIdentity{
EncryptionFederatedIdentityClientID: to.Ptr("f83c6b1b-4d34-47e4-bb34-9d83df58b540"),
EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
},
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
// "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": &armstorage.UserAssignedIdentity{
// ClientID: to.Ptr("fbaa6278-1ecc-415c-819f-6e2058d3acb5"),
// PrincipalID: to.Ptr("8d823284-1060-42a5-9ec4-ed3d831e24d7"),
// },
// },
// },
// Kind: to.Ptr(armstorage.KindStorageV2),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierHot),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.083Z"); return t}()),
// Encryption: &armstorage.Encryption{
// EncryptionIdentity: &armstorage.EncryptionIdentity{
// EncryptionFederatedIdentityClientID: to.Ptr("f83c6b1b-4d34-47e4-bb34-9d83df58b540"),
// EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
// },
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// },
// },
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus"),
// PrivateEndpointConnections: []*armstorage.PrivateEndpointConnection{
// },
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardLRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.json
*/
async function storageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res131918";
const accountName = "sto131918";
const parameters = {
encryption: {
encryptionIdentity: {
encryptionFederatedIdentityClientId: "f83c6b1b-4d34-47e4-bb34-9d83df58b540",
encryptionUserAssignedIdentity:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/{subscriptionId}/resourceGroups/res9101/providers/MicrosoftManagedIdentity/userAssignedIdentities/{managedIdentityName}":
{},
},
},
kind: "Storage",
location: "eastus",
sku: { name: "Standard_LRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res131918";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto131918";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardLrs), StorageKind.Storage, new AzureLocation("eastus"))
{
Identity = new ManagedServiceIdentity("UserAssigned")
{
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")] = new UserAssignedIdentity(),
},
},
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties()
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
EncryptionIdentity = new StorageAccountEncryptionIdentity()
{
EncryptionUserAssignedIdentity = "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
EncryptionFederatedIdentityClientId = "f83c6b1b-4d34-47e4-bb34-9d83df58b540",
},
},
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"identity": {
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {
"principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7",
"clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5"
}
},
"type": "UserAssigned"
},
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"location": "eastus",
"tags": {},
"properties": {
"privateEndpointConnections": [],
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
"federatedIdentityClientId": "f83c6b1b-4d34-47e4-bb34-9d83df58b540"
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
},
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
}
},
"keySource": "Microsoft.Keyvault"
},
"accessTier": "Hot",
"provisioningState": "Succeeded",
"creationTime": "2020-12-15T00:43:14.0839093Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/"
},
"primaryLocation": "eastus",
"statusOfPrimary": "available"
}
}
StorageAccountCreateWithImmutabilityPolicy
Sample request
PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"sku": {
"name": "Standard_GRS"
},
"kind": "Storage",
"location": "eastus",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"immutableStorageWithVersioning": {
"immutabilityPolicy": {
"immutabilityPeriodSinceCreationInDays": 15,
"allowProtectedAppendWrites": true,
"state": "Unlocked"
},
"enabled": true
}
}
}
import com.azure.resourcemanager.storage.models.AccountImmutabilityPolicyProperties;
import com.azure.resourcemanager.storage.models.AccountImmutabilityPolicyState;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.ImmutableStorageAccount;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountCreateWithImmutabilityPolicy.json
*/
/**
* Sample code: StorageAccountCreateWithImmutabilityPolicy.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreateWithImmutabilityPolicy(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withImmutableStorageWithVersioning(new ImmutableStorageAccount().withEnabled(true)
.withImmutabilityPolicy(new AccountImmutabilityPolicyProperties()
.withImmutabilityPeriodSinceCreationInDays(15)
.withState(AccountImmutabilityPolicyState.UNLOCKED).withAllowProtectedAppendWrites(true))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_with_immutability_policy.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"immutableStorageWithVersioning": {
"enabled": True,
"immutabilityPolicy": {
"allowProtectedAppendWrites": True,
"immutabilityPeriodSinceCreationInDays": 15,
"state": "Unlocked",
},
}
},
"sku": {"name": "Standard_GRS"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateWithImmutabilityPolicy.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateWithImmutabilityPolicy.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateWithImmutabilityPolicy() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
ImmutableStorageWithVersioning: &armstorage.ImmutableStorageAccount{
Enabled: to.Ptr(true),
ImmutabilityPolicy: &armstorage.AccountImmutabilityPolicyProperties{
AllowProtectedAppendWrites: to.Ptr(true),
ImmutabilityPeriodSinceCreationInDays: to.Ptr[int32](15),
State: to.Ptr(armstorage.AccountImmutabilityPolicyStateUnlocked),
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// ImmutableStorageWithVersioning: &armstorage.ImmutableStorageAccount{
// Enabled: to.Ptr(true),
// ImmutabilityPolicy: &armstorage.AccountImmutabilityPolicyProperties{
// AllowProtectedAppendWrites: to.Ptr(true),
// ImmutabilityPeriodSinceCreationInDays: to.Ptr[int32](15),
// State: to.Ptr(armstorage.AccountImmutabilityPolicyStateUnlocked),
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateWithImmutabilityPolicy.json
*/
async function storageAccountCreateWithImmutabilityPolicy() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
immutableStorageWithVersioning: {
enabled: true,
immutabilityPolicy: {
allowProtectedAppendWrites: true,
immutabilityPeriodSinceCreationInDays: 15,
state: "Unlocked",
},
},
kind: "Storage",
location: "eastus",
sku: { name: "Standard_GRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountCreateWithImmutabilityPolicy.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation()
{
Name = "losangeles001",
},
ImmutableStorageWithVersioning = new ImmutableStorageAccount()
{
IsEnabled = true,
ImmutabilityPolicy = new AccountImmutabilityPolicy()
{
ImmutabilityPeriodSinceCreationInDays = 15,
State = AccountImmutabilityPolicyState.Unlocked,
AllowProtectedAppendWrites = true,
},
},
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"name": "sto4445",
"extendedLocation": {
"type": "EdgeZone",
"name": "losangeles001"
},
"properties": {
"creationTime": "2017-05-24T13:25:33.4863236Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/"
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"immutableStorageWithVersioning": {
"immutabilityPolicy": {
"immutabilityPeriodSinceCreationInDays": 15,
"allowProtectedAppendWrites": true,
"state": "Unlocked"
},
"enabled": true
}
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"type": "Microsoft.Storage/storageAccounts"
}
Definitions
| Name |
Description |
|
AccessTier
|
Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.
|
|
AccountImmutabilityPolicyProperties
|
This defines account-level immutability policy properties.
|
|
AccountImmutabilityPolicyState
|
The ImmutabilityPolicy state defines the mode of the policy. Disabled state disables the policy, Unlocked state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, Locked state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted.
|
|
AccountStatus
|
Gets the status indicating whether the primary location of the storage account is available or unavailable.
|
|
AccountType
|
Specifies the Active Directory account type for Azure Storage.
|
|
Action
|
The action of virtual network rule.
|
|
ActiveDirectoryProperties
|
Settings properties for Active Directory (AD).
|
|
AllowedCopyScope
|
Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.
|
|
AzureFilesIdentityBasedAuthentication
|
Settings for Azure Files identity based authentication.
|
|
BlobRestoreParameters
|
Blob restore parameters
|
|
BlobRestoreProgressStatus
|
The status of blob restore progress. Possible values are: - InProgress: Indicates that blob restore is ongoing. - Complete: Indicates that blob restore has been completed successfully. - Failed: Indicates that blob restore is failed.
|
|
BlobRestoreRange
|
Blob range
|
|
BlobRestoreStatus
|
Blob restore status.
|
|
Bypass
|
Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.
|
|
CustomDomain
|
The custom domain assigned to this storage account. This can be set via Update.
|
|
DefaultAction
|
Specifies the default action of allow or deny when no other rules match.
|
|
DefaultSharePermission
|
Default share permission for users using Kerberos authentication if RBAC role is not assigned.
|
|
DirectoryServiceOptions
|
Indicates the directory service used. Note that this enum may be extended in the future.
|
|
DnsEndpointType
|
Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.
|
|
Encryption
|
The encryption settings on the storage account.
|
|
EncryptionIdentity
|
Encryption identity for the storage account.
|
|
EncryptionService
|
A service that allows server-side encryption to be used.
|
|
EncryptionServices
|
A list of services that support encryption.
|
|
Endpoints
|
The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object.
|
|
ExpirationAction
|
The SAS Expiration Action defines the action to be performed when sasPolicy.sasExpirationPeriod is violated. The 'Log' action can be used for audit purposes and the 'Block' action can be used to block and deny the usage of SAS tokens that do not adhere to the sas policy expiration period.
|
|
ExtendedLocation
|
The complex type of the extended location.
|
|
ExtendedLocationTypes
|
The type of the extended location.
|
|
GeoReplicationStats
|
Statistics related to replication for storage account's Blob, Table, Queue and File services. It is only available when geo-redundant replication is enabled for the storage account.
|
|
GeoReplicationStatus
|
The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.
|
|
Identity
|
Identity for the resource.
|
|
IdentityType
|
The identity type.
|
|
ImmutableStorageAccount
|
This property enables and defines account-level immutability. Enabling the feature auto-enables Blob Versioning.
|
|
IPRule
|
IP rule with specific IP or IP range in CIDR format.
|
|
KeyCreationTime
|
Storage account keys creation time.
|
|
KeyPolicy
|
KeyPolicy assigned to the storage account.
|
|
KeySource
|
The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault
|
|
KeyType
|
Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped encryption key will be used. 'Service' key type implies that a default service key is used.
|
|
KeyVaultProperties
|
Properties of key vault.
|
|
Kind
|
Indicates the type of storage account.
|
|
LargeFileSharesState
|
Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.
|
|
MinimumTlsVersion
|
Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.
|
|
NetworkRuleSet
|
Network rule set
|
|
postFailoverRedundancy
|
The redundancy type of the account after an account failover is performed.
|
|
postPlannedFailoverRedundancy
|
The redundancy type of the account after a planned account failover is performed.
|
|
PrivateEndpoint
|
The Private Endpoint resource.
|
|
PrivateEndpointConnection
|
The Private Endpoint Connection resource.
|
|
PrivateEndpointConnectionProvisioningState
|
The current provisioning state.
|
|
PrivateEndpointServiceConnectionStatus
|
The private endpoint connection status.
|
|
PrivateLinkServiceConnectionState
|
A collection of information about the state of the connection between service consumer and provider.
|
|
ProvisioningState
|
Gets the status of the storage account at the time the operation was called.
|
|
PublicNetworkAccess
|
Allow, disallow, or let Network Security Perimeter configuration to evaluate public network access to Storage Account. Value is optional but if passed in, must be 'Enabled', 'Disabled' or 'SecuredByPerimeter'.
|
|
ResourceAccessRule
|
Resource Access Rule.
|
|
RoutingChoice
|
Routing Choice defines the kind of network routing opted by the user.
|
|
RoutingPreference
|
Routing preference defines the type of network, either microsoft or internet routing to be used to deliver the user data, the default option is microsoft routing
|
|
SasPolicy
|
SasPolicy assigned to the storage account.
|
|
Sku
|
The SKU of the storage account.
|
|
SkuConversionStatus
|
This property indicates the current sku conversion status.
|
|
SkuName
|
The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.
|
|
SkuTier
|
The SKU tier. This is based on the SKU name.
|
|
State
|
Gets the state of virtual network rule.
|
|
StorageAccount
|
The storage account.
|
|
StorageAccountCreateParameters
|
The parameters used when creating a storage account.
|
|
StorageAccountInternetEndpoints
|
The URIs that are used to perform a retrieval of a public blob, file, web or dfs object via a internet routing endpoint.
|
|
StorageAccountMicrosoftEndpoints
|
The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object via a microsoft routing endpoint.
|
|
StorageAccountSkuConversionStatus
|
This defines the sku conversion status object for asynchronous sku conversions.
|
|
UserAssignedIdentity
|
UserAssignedIdentity for the resource.
|
|
VirtualNetworkRule
|
Virtual Network rule.
|
AccessTier
Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.
| Name |
Type |
Description |
|
Cold
|
string
|
|
|
Cool
|
string
|
|
|
Hot
|
string
|
|
|
Premium
|
string
|
|
AccountImmutabilityPolicyProperties
This defines account-level immutability policy properties.
| Name |
Type |
Description |
|
allowProtectedAppendWrites
|
boolean
|
This property can only be changed for disabled and unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted.
|
|
immutabilityPeriodSinceCreationInDays
|
integer
|
The immutability period for the blobs in the container since the policy creation, in days.
|
|
state
|
AccountImmutabilityPolicyState
|
The ImmutabilityPolicy state defines the mode of the policy. Disabled state disables the policy, Unlocked state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, Locked state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted.
|
AccountImmutabilityPolicyState
The ImmutabilityPolicy state defines the mode of the policy. Disabled state disables the policy, Unlocked state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, Locked state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted.
| Name |
Type |
Description |
|
Disabled
|
string
|
|
|
Locked
|
string
|
|
|
Unlocked
|
string
|
|
AccountStatus
Gets the status indicating whether the primary location of the storage account is available or unavailable.
| Name |
Type |
Description |
|
available
|
string
|
|
|
unavailable
|
string
|
|
AccountType
Specifies the Active Directory account type for Azure Storage.
| Name |
Type |
Description |
|
Computer
|
string
|
|
|
User
|
string
|
|
Action
The action of virtual network rule.
| Name |
Type |
Description |
|
Allow
|
string
|
|
ActiveDirectoryProperties
Settings properties for Active Directory (AD).
| Name |
Type |
Description |
|
accountType
|
AccountType
|
Specifies the Active Directory account type for Azure Storage.
|
|
azureStorageSid
|
string
|
Specifies the security identifier (SID) for Azure Storage.
|
|
domainGuid
|
string
|
Specifies the domain GUID.
|
|
domainName
|
string
|
Specifies the primary domain that the AD DNS server is authoritative for.
|
|
domainSid
|
string
|
Specifies the security identifier (SID).
|
|
forestName
|
string
|
Specifies the Active Directory forest to get.
|
|
netBiosDomainName
|
string
|
Specifies the NetBIOS domain name.
|
|
samAccountName
|
string
|
Specifies the Active Directory SAMAccountName for Azure Storage.
|
AllowedCopyScope
Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.
| Name |
Type |
Description |
|
AAD
|
string
|
|
|
PrivateLink
|
string
|
|
AzureFilesIdentityBasedAuthentication
Settings for Azure Files identity based authentication.
| Name |
Type |
Description |
|
activeDirectoryProperties
|
ActiveDirectoryProperties
|
Required if directoryServiceOptions are AD, optional if they are AADKERB.
|
|
defaultSharePermission
|
DefaultSharePermission
|
Default share permission for users using Kerberos authentication if RBAC role is not assigned.
|
|
directoryServiceOptions
|
DirectoryServiceOptions
|
Indicates the directory service used. Note that this enum may be extended in the future.
|
BlobRestoreParameters
Blob restore parameters
| Name |
Type |
Description |
|
blobRanges
|
BlobRestoreRange[]
|
Blob ranges to restore.
|
|
timeToRestore
|
string
|
Restore blob to the specified time.
|
BlobRestoreProgressStatus
The status of blob restore progress. Possible values are: - InProgress: Indicates that blob restore is ongoing. - Complete: Indicates that blob restore has been completed successfully. - Failed: Indicates that blob restore is failed.
| Name |
Type |
Description |
|
Complete
|
string
|
|
|
Failed
|
string
|
|
|
InProgress
|
string
|
|
BlobRestoreRange
Blob range
| Name |
Type |
Description |
|
endRange
|
string
|
Blob end range. This is exclusive. Empty means account end.
|
|
startRange
|
string
|
Blob start range. This is inclusive. Empty means account start.
|
BlobRestoreStatus
Blob restore status.
| Name |
Type |
Description |
|
failureReason
|
string
|
Failure reason when blob restore is failed.
|
|
parameters
|
BlobRestoreParameters
|
Blob restore request parameters.
|
|
restoreId
|
string
|
Id for tracking blob restore request.
|
|
status
|
BlobRestoreProgressStatus
|
The status of blob restore progress. Possible values are: - InProgress: Indicates that blob restore is ongoing. - Complete: Indicates that blob restore has been completed successfully. - Failed: Indicates that blob restore is failed.
|
Bypass
Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.
| Name |
Type |
Description |
|
AzureServices
|
string
|
|
|
Logging
|
string
|
|
|
Metrics
|
string
|
|
|
None
|
string
|
|
CustomDomain
The custom domain assigned to this storage account. This can be set via Update.
| Name |
Type |
Description |
|
name
|
string
|
Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source.
|
|
useSubDomainName
|
boolean
|
Indicates whether indirect CName validation is enabled. Default value is false. This should only be set on updates.
|
DefaultAction
Specifies the default action of allow or deny when no other rules match.
| Name |
Type |
Description |
|
Allow
|
string
|
|
|
Deny
|
string
|
|
DefaultSharePermission
Default share permission for users using Kerberos authentication if RBAC role is not assigned.
| Name |
Type |
Description |
|
None
|
string
|
|
|
StorageFileDataSmbShareContributor
|
string
|
|
|
StorageFileDataSmbShareElevatedContributor
|
string
|
|
|
StorageFileDataSmbShareReader
|
string
|
|
DirectoryServiceOptions
Indicates the directory service used. Note that this enum may be extended in the future.
| Name |
Type |
Description |
|
AADDS
|
string
|
|
|
AADKERB
|
string
|
|
|
AD
|
string
|
|
|
None
|
string
|
|
DnsEndpointType
Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.
| Name |
Type |
Description |
|
AzureDnsZone
|
string
|
|
|
Standard
|
string
|
|
Encryption
The encryption settings on the storage account.
| Name |
Type |
Default value |
Description |
|
identity
|
EncryptionIdentity
|
|
The identity to be used with service-side encryption at rest.
|
|
keySource
|
KeySource
|
Microsoft.Storage
|
The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault
|
|
keyvaultproperties
|
KeyVaultProperties
|
|
Properties provided by key vault.
|
|
requireInfrastructureEncryption
|
boolean
|
|
A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
|
|
services
|
EncryptionServices
|
|
List of services which support encryption.
|
EncryptionIdentity
Encryption identity for the storage account.
| Name |
Type |
Description |
|
federatedIdentityClientId
|
string
|
ClientId of the multi-tenant application to be used in conjunction with the user-assigned identity for cross-tenant customer-managed-keys server-side encryption on the storage account.
|
|
userAssignedIdentity
|
string
|
Resource identifier of the UserAssigned identity to be associated with server-side encryption on the storage account.
|
EncryptionService
A service that allows server-side encryption to be used.
| Name |
Type |
Description |
|
enabled
|
boolean
|
A boolean indicating whether or not the service encrypts the data as it is stored. Encryption at rest is enabled by default today and cannot be disabled.
|
|
keyType
|
KeyType
|
Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped encryption key will be used. 'Service' key type implies that a default service key is used.
|
|
lastEnabledTime
|
string
|
Gets a rough estimate of the date/time when the encryption was last enabled by the user. Data is encrypted at rest by default today and cannot be disabled.
|
EncryptionServices
A list of services that support encryption.
Endpoints
The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object.
| Name |
Type |
Description |
|
blob
|
string
|
Gets the blob endpoint.
|
|
dfs
|
string
|
Gets the dfs endpoint.
|
|
file
|
string
|
Gets the file endpoint.
|
|
internetEndpoints
|
StorageAccountInternetEndpoints
|
Gets the internet routing storage endpoints
|
|
microsoftEndpoints
|
StorageAccountMicrosoftEndpoints
|
Gets the microsoft routing storage endpoints.
|
|
queue
|
string
|
Gets the queue endpoint.
|
|
table
|
string
|
Gets the table endpoint.
|
|
web
|
string
|
Gets the web endpoint.
|
ExpirationAction
The SAS Expiration Action defines the action to be performed when sasPolicy.sasExpirationPeriod is violated. The 'Log' action can be used for audit purposes and the 'Block' action can be used to block and deny the usage of SAS tokens that do not adhere to the sas policy expiration period.
| Name |
Type |
Description |
|
Block
|
string
|
|
|
Log
|
string
|
|
ExtendedLocation
The complex type of the extended location.
| Name |
Type |
Description |
|
name
|
string
|
The name of the extended location.
|
|
type
|
ExtendedLocationTypes
|
The type of the extended location.
|
ExtendedLocationTypes
The type of the extended location.
| Name |
Type |
Description |
|
EdgeZone
|
string
|
|
GeoReplicationStats
Statistics related to replication for storage account's Blob, Table, Queue and File services. It is only available when geo-redundant replication is enabled for the storage account.
| Name |
Type |
Description |
|
canFailover
|
boolean
|
A boolean flag which indicates whether or not account failover is supported for the account.
|
|
canPlannedFailover
|
boolean
|
A boolean flag which indicates whether or not planned account failover is supported for the account.
|
|
lastSyncTime
|
string
|
All primary writes preceding this UTC date/time value are guaranteed to be available for read operations. Primary writes following this point in time may or may not be available for reads. Element may be default value if value of LastSyncTime is not available, this can happen if secondary is offline or we are in bootstrap.
|
|
postFailoverRedundancy
|
postFailoverRedundancy
|
The redundancy type of the account after an account failover is performed.
|
|
postPlannedFailoverRedundancy
|
postPlannedFailoverRedundancy
|
The redundancy type of the account after a planned account failover is performed.
|
|
status
|
GeoReplicationStatus
|
The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.
|
GeoReplicationStatus
The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.
| Name |
Type |
Description |
|
Bootstrap
|
string
|
|
|
Live
|
string
|
|
|
Unavailable
|
string
|
|
Identity
Identity for the resource.
| Name |
Type |
Description |
|
principalId
|
string
|
The principal ID of resource identity.
|
|
tenantId
|
string
|
The tenant ID of resource.
|
|
type
|
IdentityType
|
The identity type.
|
|
userAssignedIdentities
|
<string,
UserAssignedIdentity>
|
Gets or sets a list of key value pairs that describe the set of User Assigned identities that will be used with this storage account. The key is the ARM resource identifier of the identity. Only 1 User Assigned identity is permitted here.
|
IdentityType
The identity type.
| Name |
Type |
Description |
|
None
|
string
|
|
|
SystemAssigned
|
string
|
|
|
SystemAssigned,UserAssigned
|
string
|
|
|
UserAssigned
|
string
|
|
ImmutableStorageAccount
This property enables and defines account-level immutability. Enabling the feature auto-enables Blob Versioning.
| Name |
Type |
Description |
|
enabled
|
boolean
|
A boolean flag which enables account-level immutability. All the containers under such an account have object-level immutability enabled by default.
|
|
immutabilityPolicy
|
AccountImmutabilityPolicyProperties
|
Specifies the default account-level immutability policy which is inherited and applied to objects that do not possess an explicit immutability policy at the object level. The object-level immutability policy has higher precedence than the container-level immutability policy, which has a higher precedence than the account-level immutability policy.
|
IPRule
IP rule with specific IP or IP range in CIDR format.
| Name |
Type |
Default value |
Description |
|
action
|
Action
|
Allow
|
The action of IP ACL rule.
|
|
value
|
string
|
|
Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.
|
KeyCreationTime
Storage account keys creation time.
| Name |
Type |
Description |
|
key1
|
string
|
|
|
key2
|
string
|
|
KeyPolicy
KeyPolicy assigned to the storage account.
| Name |
Type |
Description |
|
keyExpirationPeriodInDays
|
integer
|
The key expiration period in days.
|
KeySource
The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault
| Name |
Type |
Description |
|
Microsoft.Keyvault
|
string
|
|
|
Microsoft.Storage
|
string
|
|
KeyType
Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped encryption key will be used. 'Service' key type implies that a default service key is used.
| Name |
Type |
Description |
|
Account
|
string
|
|
|
Service
|
string
|
|
KeyVaultProperties
Properties of key vault.
| Name |
Type |
Description |
|
currentVersionedKeyExpirationTimestamp
|
string
|
This is a read only property that represents the expiration time of the current version of the customer managed key used for encryption.
|
|
currentVersionedKeyIdentifier
|
string
|
The object identifier of the current versioned Key Vault Key in use.
|
|
keyname
|
string
|
The name of KeyVault key.
|
|
keyvaulturi
|
string
|
The Uri of KeyVault.
|
|
keyversion
|
string
|
The version of KeyVault key.
|
|
lastKeyRotationTimestamp
|
string
|
Timestamp of last rotation of the Key Vault Key.
|
Kind
Indicates the type of storage account.
| Name |
Type |
Description |
|
BlobStorage
|
string
|
|
|
BlockBlobStorage
|
string
|
|
|
FileStorage
|
string
|
|
|
Storage
|
string
|
|
|
StorageV2
|
string
|
|
LargeFileSharesState
Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.
| Name |
Type |
Description |
|
Disabled
|
string
|
|
|
Enabled
|
string
|
|
MinimumTlsVersion
Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.
| Name |
Type |
Description |
|
TLS1_0
|
string
|
|
|
TLS1_1
|
string
|
|
|
TLS1_2
|
string
|
|
|
TLS1_3
|
string
|
|
NetworkRuleSet
Network rule set
| Name |
Type |
Default value |
Description |
|
bypass
|
Bypass
|
AzureServices
|
Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.
|
|
defaultAction
|
DefaultAction
|
Allow
|
Specifies the default action of allow or deny when no other rules match.
|
|
ipRules
|
IPRule[]
|
|
Sets the IP ACL rules
|
|
resourceAccessRules
|
ResourceAccessRule[]
|
|
Sets the resource access rules
|
|
virtualNetworkRules
|
VirtualNetworkRule[]
|
|
Sets the virtual network rules
|
postFailoverRedundancy
The redundancy type of the account after an account failover is performed.
| Name |
Type |
Description |
|
Standard_LRS
|
string
|
|
|
Standard_ZRS
|
string
|
|
postPlannedFailoverRedundancy
The redundancy type of the account after a planned account failover is performed.
| Name |
Type |
Description |
|
Standard_GRS
|
string
|
|
|
Standard_GZRS
|
string
|
|
|
Standard_RAGRS
|
string
|
|
|
Standard_RAGZRS
|
string
|
|
PrivateEndpoint
The Private Endpoint resource.
| Name |
Type |
Description |
|
id
|
string
|
The ARM identifier for Private Endpoint
|
PrivateEndpointConnection
The Private Endpoint Connection resource.
| Name |
Type |
Description |
|
id
|
string
|
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
name
|
string
|
The name of the resource
|
|
properties.privateEndpoint
|
PrivateEndpoint
|
The resource of private end point.
|
|
properties.privateLinkServiceConnectionState
|
PrivateLinkServiceConnectionState
|
A collection of information about the state of the connection between service consumer and provider.
|
|
properties.provisioningState
|
PrivateEndpointConnectionProvisioningState
|
The provisioning state of the private endpoint connection resource.
|
|
type
|
string
|
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
|
PrivateEndpointConnectionProvisioningState
The current provisioning state.
| Name |
Type |
Description |
|
Creating
|
string
|
|
|
Deleting
|
string
|
|
|
Failed
|
string
|
|
|
Succeeded
|
string
|
|
PrivateEndpointServiceConnectionStatus
The private endpoint connection status.
| Name |
Type |
Description |
|
Approved
|
string
|
|
|
Pending
|
string
|
|
|
Rejected
|
string
|
|
PrivateLinkServiceConnectionState
A collection of information about the state of the connection between service consumer and provider.
| Name |
Type |
Description |
|
actionRequired
|
string
|
A message indicating if changes on the service provider require any updates on the consumer.
|
|
description
|
string
|
The reason for approval/rejection of the connection.
|
|
status
|
PrivateEndpointServiceConnectionStatus
|
Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.
|
ProvisioningState
Gets the status of the storage account at the time the operation was called.
| Name |
Type |
Description |
|
Creating
|
string
|
|
|
ResolvingDNS
|
string
|
|
|
Succeeded
|
string
|
|
PublicNetworkAccess
Allow, disallow, or let Network Security Perimeter configuration to evaluate public network access to Storage Account. Value is optional but if passed in, must be 'Enabled', 'Disabled' or 'SecuredByPerimeter'.
| Name |
Type |
Description |
|
Disabled
|
string
|
|
|
Enabled
|
string
|
|
|
SecuredByPerimeter
|
string
|
|
ResourceAccessRule
Resource Access Rule.
| Name |
Type |
Description |
|
resourceId
|
string
|
Resource Id
|
|
tenantId
|
string
|
Tenant Id
|
RoutingChoice
Routing Choice defines the kind of network routing opted by the user.
| Name |
Type |
Description |
|
InternetRouting
|
string
|
|
|
MicrosoftRouting
|
string
|
|
RoutingPreference
Routing preference defines the type of network, either microsoft or internet routing to be used to deliver the user data, the default option is microsoft routing
| Name |
Type |
Description |
|
publishInternetEndpoints
|
boolean
|
A boolean flag which indicates whether internet routing storage endpoints are to be published
|
|
publishMicrosoftEndpoints
|
boolean
|
A boolean flag which indicates whether microsoft routing storage endpoints are to be published
|
|
routingChoice
|
RoutingChoice
|
Routing Choice defines the kind of network routing opted by the user.
|
SasPolicy
SasPolicy assigned to the storage account.
| Name |
Type |
Default value |
Description |
|
expirationAction
|
ExpirationAction
|
Log
|
The SAS Expiration Action defines the action to be performed when sasPolicy.sasExpirationPeriod is violated. The 'Log' action can be used for audit purposes and the 'Block' action can be used to block and deny the usage of SAS tokens that do not adhere to the sas policy expiration period.
|
|
sasExpirationPeriod
|
string
|
|
The SAS expiration period, DD.HH:MM:SS.
|
Sku
The SKU of the storage account.
| Name |
Type |
Description |
|
name
|
SkuName
|
The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.
|
|
tier
|
SkuTier
|
The SKU tier. This is based on the SKU name.
|
SkuConversionStatus
This property indicates the current sku conversion status.
| Name |
Type |
Description |
|
Failed
|
string
|
|
|
InProgress
|
string
|
|
|
Succeeded
|
string
|
|
SkuName
The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.
| Name |
Type |
Description |
|
Premium_LRS
|
string
|
|
|
Premium_ZRS
|
string
|
|
|
Standard_GRS
|
string
|
|
|
Standard_GZRS
|
string
|
|
|
Standard_LRS
|
string
|
|
|
Standard_RAGRS
|
string
|
|
|
Standard_RAGZRS
|
string
|
|
|
Standard_ZRS
|
string
|
|
SkuTier
The SKU tier. This is based on the SKU name.
| Name |
Type |
Description |
|
Premium
|
string
|
|
|
Standard
|
string
|
|
State
Gets the state of virtual network rule.
| Name |
Type |
Description |
|
Deprovisioning
|
string
|
|
|
Failed
|
string
|
|
|
NetworkSourceDeleted
|
string
|
|
|
Provisioning
|
string
|
|
|
Succeeded
|
string
|
|
StorageAccount
The storage account.
| Name |
Type |
Description |
|
extendedLocation
|
ExtendedLocation
|
The extendedLocation of the resource.
|
|
id
|
string
|
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
identity
|
Identity
|
The identity of the resource.
|
|
kind
|
Kind
|
Gets the Kind.
|
|
location
|
string
|
The geo-location where the resource lives
|
|
name
|
string
|
The name of the resource
|
|
properties.accessTier
|
AccessTier
|
Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.
|
|
properties.accountMigrationInProgress
|
boolean
|
If customer initiated account migration is in progress, the value will be true else it will be null.
|
|
properties.allowBlobPublicAccess
|
boolean
|
Allow or disallow public access to all blobs or containers in the storage account. The default interpretation is false for this property.
|
|
properties.allowCrossTenantReplication
|
boolean
|
Allow or disallow cross AAD tenant object replication. Set this property to true for new or existing accounts only if object replication policies will involve storage accounts in different AAD tenants. The default interpretation is false for new accounts to follow best security practices by default.
|
|
properties.allowSharedKeyAccess
|
boolean
|
Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Provides the identity based authentication settings for Azure Files.
|
|
properties.blobRestoreStatus
|
BlobRestoreStatus
|
Blob restore status
|
|
properties.creationTime
|
string
|
Gets the creation date and time of the storage account in UTC.
|
|
properties.customDomain
|
CustomDomain
|
Gets the custom domain the user assigned to this storage account.
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
A boolean flag which indicates whether the default authentication is OAuth or not. The default interpretation is false for this property.
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.
|
|
properties.enableExtendedGroups
|
boolean
|
Enables extended group support with local users feature, if set to true
|
|
properties.encryption
|
Encryption
|
Encryption settings to be used for server-side encryption for the storage account.
|
|
properties.failoverInProgress
|
boolean
|
If the failover is in progress, the value will be true, otherwise, it will be null.
|
|
properties.geoReplicationStats
|
GeoReplicationStats
|
Geo Replication Stats
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
The property is immutable and can only be set to true at the account creation time. When set to true, it enables object level immutability for all the containers in the account by default.
|
|
properties.isHnsEnabled
|
boolean
|
Account HierarchicalNamespace enabled if sets to true.
|
|
properties.isLocalUserEnabled
|
boolean
|
Enables local users feature, if set to true
|
|
properties.isNfsV3Enabled
|
boolean
|
NFS 3.0 protocol support enabled if set to true.
|
|
properties.isSftpEnabled
|
boolean
|
Enables Secure File Transfer Protocol, if set to true
|
|
properties.isSkuConversionBlocked
|
boolean
|
This property will be set to true or false on an event of ongoing migration. Default value is null.
|
|
properties.keyCreationTime
|
KeyCreationTime
|
Storage account keys creation time.
|
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy assigned to the storage account.
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.
|
|
properties.lastGeoFailoverTime
|
string
|
Gets the timestamp of the most recent instance of a failover to the secondary location. Only the most recent timestamp is retained. This element is not returned if there has never been a failover instance. Only available if the accountType is Standard_GRS or Standard_RAGRS.
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.
|
|
properties.networkAcls
|
NetworkRuleSet
|
Network rule set
|
|
properties.primaryEndpoints
|
Endpoints
|
Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object. Note that Standard_ZRS and Premium_LRS accounts only return the blob endpoint.
|
|
properties.primaryLocation
|
string
|
Gets the location of the primary data center for the storage account.
|
|
properties.privateEndpointConnections
|
PrivateEndpointConnection[]
|
List of private endpoint connection associated with the specified storage account
|
|
properties.provisioningState
|
ProvisioningState
|
Gets the status of the storage account at the time the operation was called.
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Allow, disallow, or let Network Security Perimeter configuration to evaluate public network access to Storage Account.
|
|
properties.routingPreference
|
RoutingPreference
|
Maintains information about the network routing choice opted by the user for data transfer
|
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy assigned to the storage account.
|
|
properties.secondaryEndpoints
|
Endpoints
|
Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object from the secondary location of the storage account. Only available if the SKU name is Standard_RAGRS.
|
|
properties.secondaryLocation
|
string
|
Gets the location of the geo-replicated secondary for the storage account. Only available if the accountType is Standard_GRS or Standard_RAGRS.
|
|
properties.statusOfPrimary
|
AccountStatus
|
Gets the status indicating whether the primary location of the storage account is available or unavailable.
|
|
properties.statusOfSecondary
|
AccountStatus
|
Gets the status indicating whether the secondary location of the storage account is available or unavailable. Only available if the SKU name is Standard_GRS or Standard_RAGRS.
|
|
properties.storageAccountSkuConversionStatus
|
StorageAccountSkuConversionStatus
|
This property is readOnly and is set by server during asynchronous storage account sku conversion operations.
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Allows https traffic only to storage service if sets to true.
|
|
sku
|
Sku
|
Gets the SKU.
|
|
tags
|
object
|
Resource tags.
|
|
type
|
string
|
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
|
StorageAccountCreateParameters
The parameters used when creating a storage account.
| Name |
Type |
Description |
|
extendedLocation
|
ExtendedLocation
|
Optional. Set the extended location of the resource. If not set, the storage account will be created in Azure main region. Otherwise it will be created in the specified extended location
|
|
identity
|
Identity
|
The identity of the resource.
|
|
kind
|
Kind
|
Required. Indicates the type of storage account.
|
|
location
|
string
|
Required. Gets or sets the location of the resource. This will be one of the supported and registered Azure Geo Regions (e.g. West US, East US, Southeast Asia, etc.). The geo region of a resource cannot be changed once it is created, but if an identical geo region is specified on update, the request will succeed.
|
|
properties.accessTier
|
AccessTier
|
Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.
|
|
properties.allowBlobPublicAccess
|
boolean
|
Allow or disallow public access to all blobs or containers in the storage account. The default interpretation is false for this property.
|
|
properties.allowCrossTenantReplication
|
boolean
|
Allow or disallow cross AAD tenant object replication. Set this property to true for new or existing accounts only if object replication policies will involve storage accounts in different AAD tenants. The default interpretation is false for new accounts to follow best security practices by default.
|
|
properties.allowSharedKeyAccess
|
boolean
|
Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Provides the identity based authentication settings for Azure Files.
|
|
properties.customDomain
|
CustomDomain
|
User domain assigned to the storage account. Name is the CNAME source. Only one custom domain is supported per storage account at this time. To clear the existing custom domain, use an empty string for the custom domain name property.
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
A boolean flag which indicates whether the default authentication is OAuth or not. The default interpretation is false for this property.
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.
|
|
properties.enableExtendedGroups
|
boolean
|
Enables extended group support with local users feature, if set to true
|
|
properties.encryption
|
Encryption
|
Encryption settings to be used for server-side encryption for the storage account.
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
The property is immutable and can only be set to true at the account creation time. When set to true, it enables object level immutability for all the new containers in the account by default.
|
|
properties.isHnsEnabled
|
boolean
|
Account HierarchicalNamespace enabled if sets to true.
|
|
properties.isLocalUserEnabled
|
boolean
|
Enables local users feature, if set to true
|
|
properties.isNfsV3Enabled
|
boolean
|
NFS 3.0 protocol support enabled if set to true.
|
|
properties.isSftpEnabled
|
boolean
|
Enables Secure File Transfer Protocol, if set to true
|
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy assigned to the storage account.
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.
|
|
properties.networkAcls
|
NetworkRuleSet
|
Network rule set
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Allow, disallow, or let Network Security Perimeter configuration to evaluate public network access to Storage Account. Value is optional but if passed in, must be 'Enabled', 'Disabled' or 'SecuredByPerimeter'.
|
|
properties.routingPreference
|
RoutingPreference
|
Maintains information about the network routing choice opted by the user for data transfer
|
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy assigned to the storage account.
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Allows https traffic only to storage service if sets to true. The default value is true since API version 2019-04-01.
|
|
sku
|
Sku
|
Required. Gets or sets the SKU name.
|
|
tags
|
object
|
Gets or sets a list of key value pairs that describe the resource. These tags can be used for viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key with a length no greater than 128 characters and a value with a length no greater than 256 characters.
|
StorageAccountInternetEndpoints
The URIs that are used to perform a retrieval of a public blob, file, web or dfs object via a internet routing endpoint.
| Name |
Type |
Description |
|
blob
|
string
|
Gets the blob endpoint.
|
|
dfs
|
string
|
Gets the dfs endpoint.
|
|
file
|
string
|
Gets the file endpoint.
|
|
web
|
string
|
Gets the web endpoint.
|
StorageAccountMicrosoftEndpoints
The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object via a microsoft routing endpoint.
| Name |
Type |
Description |
|
blob
|
string
|
Gets the blob endpoint.
|
|
dfs
|
string
|
Gets the dfs endpoint.
|
|
file
|
string
|
Gets the file endpoint.
|
|
queue
|
string
|
Gets the queue endpoint.
|
|
table
|
string
|
Gets the table endpoint.
|
|
web
|
string
|
Gets the web endpoint.
|
StorageAccountSkuConversionStatus
This defines the sku conversion status object for asynchronous sku conversions.
| Name |
Type |
Description |
|
endTime
|
string
|
This property represents the sku conversion end time.
|
|
skuConversionStatus
|
SkuConversionStatus
|
This property indicates the current sku conversion status.
|
|
startTime
|
string
|
This property represents the sku conversion start time.
|
|
targetSkuName
|
SkuName
|
This property represents the target sku name to which the account sku is being converted asynchronously.
|
UserAssignedIdentity
UserAssignedIdentity for the resource.
| Name |
Type |
Description |
|
clientId
|
string
|
The client ID of the identity.
|
|
principalId
|
string
|
The principal ID of the identity.
|
VirtualNetworkRule
Virtual Network rule.
| Name |
Type |
Default value |
Description |
|
action
|
Action
|
Allow
|
The action of virtual network rule.
|
|
id
|
string
|
|
Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.
|
|
state
|
State
|
|
Gets the state of virtual network rule.
|